Файл: vxas.ru/diary/komm.php
Строк: 137
<?
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
if (isset($_GET['id']) && is_numeric($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `diary` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1"),0)!=0)
{
$diary=mysql_fetch_array(mysql_query("SELECT * FROM `diary` WHERE `id`='".intval($_GET['id'])."'"));
$us=get_user($diary['id_user']);
$set['title']=''.htmlspecialchars($diary['name']).' - Комментарии';
include_once '../sys/inc/thead.php';
title();
if (isset($_POST['msg']) && isset($user) && ($us['id']==$user['id'] || $user['level']>$us['level'] || $diary['readers']==0 || ($diary['readers']==1 || $diary['readers']==2) && mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '".mysql_real_escape_string($user[id])."' AND `frend` = '".mysql_real_escape_string($us[id])."') OR (`user` = '".mysql_real_escape_string($us[id])."' AND `frend` = '".mysql_real_escape_string($user[id])."')"),0)!=0))
{
$msg=esc(stripcslashes(htmlspecialchars($_POST['msg'])));
if (isset($_POST['translit']) && $_POST['translit']==1)$msg=translit($msg);
if (strlen2($msg)>1024){$err='Сообщение слишком длинное';}
elseif (strlen2($msg)<2){$err='Короткое сообщение';}
elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_komm` WHERE `id_diary` = '".mysql_real_escape_string($diary[id])."' AND `id_user` = '".mysql_real_escape_string($user[id])."' AND `msg` = '".mysql_real_escape_string($msg)."' LIMIT 1"),0)!=0){$err='Ваше сообщение повторяет предыдущее';}
else{
mysql_query("INSERT INTO `diary_komm` (`id_diary`, `id_user`, `time`, `msg`) values('".mysql_real_escape_string($diary[id])."', '".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($time)."', '".my_esc($msg)."')");
mysql_query("UPDATE `user` SET `balls` = '".mysql_real_escape_string($user['balls']+1)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
if($user['id']!=$us['id'])
{
if($user['pol']==1)$pol='оставил'; else $pol='оставила';
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '".mysql_real_escape_string($us[id])."', '[url=/info.php?id=$user[id]]$user[nick][/url] $pol комментарий к дневнику [url=/diary/$diary[name]/]$diary[name][/url]', '".mysql_real_escape_string($time)."')");
}
$q = mysql_query("SELECT * FROM `frends` WHERE `user` = '".mysql_real_escape_string($user[id])."' AND `lenta_blog` = '1' AND `i`='1'");
while ($f = mysql_fetch_array($q))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($f[frend])."' LIMIT 1"));
$msg_lenta = "Добавил комментарий в дневнике [url=/diary/$diary[name]/]$diary[name][/url]";
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($a[id])."', '".mysql_real_escape_string($msg_lenta)."', '".mysql_real_escape_string($time)."')");
}
msg('Комментарий успешно оставлен');
}
}
elseif (isset($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_komm` WHERE `id` = '".intval($_GET['del'])."' AND `id_diary` = '".mysql_real_escape_string($diary[id])."'"),0))
{
if (isset($user) && ($user['level']>=3 || $user['id']=$diary['id_user']))
{
mysql_query("DELETE FROM `diary_komm` WHERE `id` = '".intval($_GET['del'])."' LIMIT 1");
msg('Комментарий успешно удален');
}
}
err();
aut(); // форма авторизации
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_komm` WHERE `id_diary` = '".intval($_GET['id'])."'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q=mysql_query("SELECT * FROM `diary_komm` WHERE `id_diary` = '".intval($_GET['id'])."' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo'<table class="post">';
if ($k_post==0)
{
echo'<tr>';
echo'<td class="p_t">';
echo'Нет комментариев';
echo'</td>';
echo'</tr>';
}
while ($post = mysql_fetch_assoc($q))
{
$ank=get_user($post['id_user']);
echo'<tr>';
if ($set['set_show_icon']==2){
echo'<td class="icon48" rowspan="2">';
avatar($ank['id']);
echo'</td>';
}
elseif ($set['set_show_icon']==1)
{
echo'<td class="icon14">';
echo''.online($ank['id']).'';
echo'</td>';
}
echo'<td class="p_t">';
echo'<a href="/info.php?id='.htmlspecialchars($ank['id']).'"><span style="color:'.htmlspecialchars($ank['ncolor']).'">'.htmlspecialchars($ank['nick']).'</span></a> ('.vremja($post['time']).')';
echo'</td>';
echo'</tr>';
echo'<tr>';
if ($set['set_show_icon']==1)echo'<td class="p_m" colspan="2">'; else echo'<td class="p_m">';
echo output_text($post['msg'])."<br />n";
if (isset($user) && ($user['level']>=3 || $user['id'] == $diary['id_user']))
echo'<a href="?id='.htmlspecialchars($diary['id']).'&del='.htmlspecialchars($post['id']).'">Удалить</a><br />';
echo'</td>';
echo'</tr>';
}
echo'</table>';
if ($k_page>1)str("komm.php?id=$diary[id]&",$k_page,$page); // Вывод страниц
if (isset($user) && ($us['id']==$user['id'] || $user['level']>$us['level'] || $diary['readers']==0 || ($diary['readers']==1 || $diary['readers']==2) && mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '".mysql_real_escape_string($user[id])."' AND `frend` = '".mysql_real_escape_string($us[id])."') OR (`user` = '".mysql_real_escape_string($us[id])."' AND `frend` = '".mysql_real_escape_string($user[id])."')"),0)!=0))
{
echo'<form method="post" name="message" action="?id='.htmlspecialchars($diary['id']).'">';
if ($set['web'] && is_file(H.'style/themes/'.htmlspecialchars($set['set_them']).'/altername_post_form.php'))
include_once H.'style/themes/'.htmlspecialchars($set['set_them']).'/altername_post_form.php';
else
echo'Сообщение|<a href="/smiles/index.php">Смайлы</a>|<a href="/bb-code.php">BB-Code</a><br /><textarea name="msg"></textarea><br />';
if ($user['set_translit']==1)echo'<label><input type="checkbox" name="translit" value="1" /> Транслит</label><br />';
echo'<input value="Отправить" type="submit" />';
echo'</form>';
}
echo'<div class="foot">';
echo'<a href="/diary/'.htmlspecialchars($diary['name']).'/" title="Вернуться в дневник '.htmlspecialchars($diary['name']).'">Назад</a><br />';
echo'<a href="index.php" title="К категориям">Дневники</a><br />';
echo"</div>n";
}
else
{
header("Location: index.php?".SID);
exit;
}
include_once '../sys/inc/tfoot.php';
?>