Файл: public_html/news/post/index.php
Строк: 132
<?
include_once '../../core/system.php';
echo only_reg();
echo ban();
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."'"),0) == true){
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '".intval($_GET['id'])."'"));
}else{
$_SESSION['err'] = "Нет такой новости!";
header('Location: /news/');
exit();
}
if($user['prava'] == 5){
if(isset($_GET['kommd'])){
mysql_query("DELETE FROM `news_kom` where `id` = '".abs(intval($_GET['kommd']))."' limit 1");
}
}
$header = $news[title];
include_once '../../core/head.php';
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$news[id_user]'"));
echo "<div class='player Admin'>".BBcode($news[msg])."</div>";
echo "<div class='dot-line'></div>";
echo "<div class='player grey'> Оформил(а) ";
echo online($ank[id]);
echo " <a href='/user/$news[id_user]/'>$ank[nick]</a></div>";
echo "<div class='mini-line'></div>";
//Комментарии
if(isset($_POST['msg'])){
$msg = check($_POST['msg']);
if(strlen($msg) < 1 or strlen($msg) > 1000) $err = 'Длина сообщения должна быть в пределах 1 - 1000 символов';
if($user[level] < 9) $err = 'комментарий в новостях можно оставить достигнув 9-го уровня персонажа!';
if(!isset($err)) {
mysql_query("INSERT INTO `news_kom` SET `id_user` = '$user[id]', `id_news` = '$news[id]', `msg` = '$msg', `time` = '".time()."'");
header("Location: news.php?id=$news[id]");
$_SESSION['message'] = 'Сообщение добавлено!';
exit();
}else{
header("Location: news.php?id=$news[id]");
$_SESSION['err'] = $err;
// Вывод ошибки
exit();
}
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news_kom` WHERE `id_news` = '".intval($_GET['id'])."'"),0);
$k_page = k_page($k_post,$set['p_str']);
$page = page($k_page);
$start = $set['p_str']*$page-$set['p_str'];
if(isset($_GET['comm'])) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = $_GET[comm] LIMIT 1"));
echo '<form class="player" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" value="'.$ank[nick].', " type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить"></span></span>
</form>';
}else{
echo '<form class="player" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить"></span></span>
</form>';
}
$q = mysql_query("SELECT * FROM `news_kom` WHERE `id_news` = '$news[id]' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo "<div class='dot-line'></div>";
echo "<div class='player'>";
if($k_post == 0)echo "<span class='grey'>Нет комментарий</div>";
while($post = mysql_fetch_assoc($q)) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
if($ank[prava] == 245345 )$color = 'Razrab';
if($ank[prava] == 5 )$color = 'Admin';
if($ank[prava] == 4 )$color = 'Moder';
if($ank[prava] == 6)$color = 'Jurnalist';
if($ank[prava] == 0 )$color = 'user';
echo " ".($user['prava']>=5?'<a href="?kommd='.$post['id'].'"><img src="/images/icon/del.png"> </a>':null)."";
if($ank[ban] == 1){
echo online($ank[id]);
echo " <a href='/user/$ank[id]/'><b><tt><font size=4><span class='".$color."'>$ank[nick]</tt></b></font></a> ";
echo "<a href='?comm=$ank[id]&page=end'><font size=1 color=#DAA520>(отв.)</font></a> ";
echo "<span class='red'>Автор забанен!</span><br>";
}else{
echo online($ank[id]);
$pww = mysql_result(mysql_query("SELECT COUNT(*) FROM `vip` WHERE `usr` = '".$ank['nick']."'"),0);
if ($pww) {
echo ' <img src="/images/vip.png"> ';
}
echo " <a href='/user/$ank[id]/'><b><tt><font size=4><span class='".$color."'>$ank[nick]</tt></b></font></span></a> <a href='/news/post/$news[id]/?comm=$ank[id]'><font size=1 color=#DAA520>(отв.)</font></a>: ".smiles($post['msg'])."<br>";
}
}
echo "</div>";
if ($k_page>1)str('news.php?id=' . intval($_GET['id']) . '&',$k_page,$page); // Вывод страниц
echo "<div class='mini-line'></div>";
echo "<div class='player menuList'>";
echo "<li><a href='/news/'><img src='/images/icon/arrow.png'>Новости</a></li>";
echo "</div>";
include_once '../../core/foot.php';
?>