Файл: group_forum/inc/set_them_act.php
Строк: 34
<?
if(!$user){ header("location: /"); }else
if (isset($_GET['act']) && isset($_GET['ok']) && $_GET['act']=='delete' && mysql_result(mysql_query("SELECT COUNT(*) FROM `group_user` WHERE `id_group` = '$group[id]' AND `id_user` = '$user[id]' AND `level` > '0'"), 0)==1 && ($ank2['level']<$user['level'] || $ank2['id']==$user['id']))
{
mysql_query("DELETE FROM `group_forum_t` WHERE `id` = '$them[id]'");
mysql_query("DELETE FROM `group_forum_p` WHERE `id_them` = '$them[id]'");
msg('Тема успешно удалена');
err();
aut();
echo "<div class='menu'>n";
echo "<a href="/group_forum/$group[id]/$razdel[id]/">В форум</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
}
if (isset($_GET['act']) && isset($_GET['ok']) && $_GET['act']=='set' && isset($_POST['name']) && (user_access('forum_them_edit') || mysql_result(mysql_query("SELECT COUNT(*) FROM `group_user` WHERE `id_group` = '$group[id]' AND `id_user` = '$user[id]' AND `level` > '0'"), 0)==1 && $ank2['level']<$user['level'] || $ank2['id']==$user['id']))
{
$name=mysql_real_escape_string($_POST['name']);
$opis=mysql_real_escape_string($_POST['opis']);
if (isset($_POST['translit1']) && $_POST['translit1']==1)$name=translit($name);
if (strlen2($name)<3)$err='Слишком короткое название';
if (strlen2($name)>50)$err='Слишком длинное название';
if (strlen2($opis)<3)$err='Слишком короткое название';
if (strlen2($opis)>20000)$err='Слишком длинное название';
if ($user['level']>0){
if (isset($_POST['up']) && $_POST['up']==1)
{
$up=1;
}
else $up=0;
$add_q=" `up` = '$up',";
}else $add_q=NULL;
if (isset($_POST['close']) && $_POST['close']==1 && $them['close']==0){
$close=1;
}
elseif ($them['close']==1 && (!isset($_POST['close']) || $_POST['close']==0))
{
$close=0;
}
else $close=$them['close'];
if (isset($_POST['autor']) && $_POST['autor']==1)$autor=$user['id'];else $autor=$ank2['id'];
/*if(isset($_POST['autor']) && $_POST['autor']==0){$avtor2=", `id_user2` = '$user[id]', `id_user` = '$ank2[id]'";}else{$autor=$user['id'];}*/
if (!isset($err)){
mysql_query("UPDATE `group_forum_t` SET `name` = '$name', `opis` = '$opis', `id_user` = '$autor',$add_q `close` = '$close', `kto` = '$user[id]' WHERE `id` = '$them[id]' AND `id_group` = '$group[id]' LIMIT 1");
$them=mysql_fetch_assoc(mysql_query("SELECT * FROM `group_forum_t` WHERE `id` = '$them[id]' AND `id_group` = '$group[id]' LIMIT 1"));
$ank2=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$them[id_user]' LIMIT 1"));
msg('Изменения успешно приняты');
}
}
?>