Файл: users/forum/s_t_ok.php
Строк: 40
<?
$name=$_POST['name'];
if (isset($_POST['translit_name']) && $_POST['translit_name']==1)$name=translit($name);
$name=htmlspecialchars($_POST['name']);
if(strlen2($name)<1)
{
$err[]="Введите название";
}
if(strlen2($name)>60)
{
$err[]="Название слишком длинное";
}
$name=my_esc($name);
$text=$_POST['text'];
$text=htmlspecialchars($_POST['text']);
if (isset($_POST['translit_text']) && $_POST['translit_text']==1)$text=translit($text);
if(strlen2($text)<1)
{
$err[]="Введите текст";
}
if(strlen2($text)>100000)
{
$err[]="Текст слишком длинный";
}
$text=my_esc($text);
if(!isset($err))
{
$_SESSION['time_c_t_forum']=$time;
mysql_query("INSERT INTO `forum` (`id_comm`, `mother`, `type`, `name`, `time`, `text`, `id_user`, `count`) values ('0', '$forum[id]', 'tema', '$name', '$time', '$text', '$user[id]', '$forum[count]/$forum[id]')");
$them['id']=mysql_insert_id();
//$q = mysql_query("SELECT * FROM `frends` WHERE `user` = '$user[id]' AND `lenta_forum` = '1' AND `i` = '1'");
$q = mysql_query("SELECT * FROM `readers` WHERE `user` = '$user[id]' AND `forum` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q))
{
/*
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[frend]' LIMIT 1"));
$msg_lenta="Создал тему [url=/users/forum/?id=$them[id]]$name [/url]";
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$a[id]', '$msg_lenta', '$time')");
*/
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[reader]' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`, `type`, `id_object`) values('$user[id]', '$a[id]', '$name', '$time', 'forum', '$them[id]')");
}
header("Location: /users/forum/?id=$them[id]");
}
err();
?>