Файл: modules/videos/komm.php
Строк: 71
<?php
/* DCMS Special
* Дата последнего редактирования 16.01.2016
* Модифицировал densnet
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user') as $inc) {
require_once "../../sys/inc/$inc.php";
}
if (isset($_GET['id']) && is_numeric($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `videos` WHERE `id` = '" . intval($_GET['id']) . "' LIMIT 1"), 0) != 0) {
$videos = mysql_fetch_array(mysql_query("SELECT * FROM `videos` WHERE `id`='" . intval($_GET['id']) . "'"));
$us = get_user($videos['id_user']);
$set['title'] = '' . $videos['name'] . ' - ' . lang('Комментарии');
require_once H . 'sys/inc/thead.php';
$id = intval($_GET['id']);
if (isset($_POST['msg']) && isset($user)) {
$msg = esc(stripcslashes(htmlspecialchars($_POST['msg'])));
if (utf8_strlen($msg) > 1024) {
$err = lang('Сообщение слишком длинное');
} elseif (utf8_strlen($msg) < 2) {
$err = lang('Короткое сообщение');
} elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `videos_komm` WHERE `id_videos` = '$id' AND `id_user` = '$user[id]' AND `msg` = '" . mysql_real_escape_string($msg) . "' LIMIT 1"), 0) != 0) {
$err = lang('Ваше сообщение повторяет предыдущее');
} else {
mysql_query("INSERT INTO `videos_komm` (`id_videos`, `id_user`, `time`, `msg`) values('$id', '$user[id]', '$time', '" . mysql_real_escape_string($msg) . "')");
mysql_query("UPDATE `user` SET `money` = '" . ($user['money'] + 3) . "' AND `activity` = '" . ($user['activity'] + 3) . "' WHERE `id` = '$user[id]' LIMIT 1");
if ($user['id'] != $us['id']) {
if ($user['sex'] == 1) {
$sex = lang('оставил');
} else {
$sex = lang('оставила');
}
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$us[id]', '$sex " . lang('комментарий к видео') . " [url=/modules/videos/komm.php?id=" . $id . "]" . $videos['name'] . "[/url]', '$time')");
}
$_SESSION['message'] = lang('Комментарий успешно добавлен');
header("Location: komm.php?id=" . $id . "");
exit;
}
} elseif (isset($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `videos_komm` WHERE `id` = '" . intval($_GET['del']) . "' AND `id_videos` = '$videos[id]'"), 0)) {
if (isset($user) && ($user['level'] >= 3 || $user['id'] = $videos['id_user'])) {
mysql_query("DELETE FROM `videos_komm` WHERE `id` = '" . intval($_GET['del']) . "' LIMIT 1");
$_SESSION['message'] = lang('Комментарий успешно удален');
header("Location: komm.php?id=" . $id . "");
exit;
}
}
err();
aut();
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `videos_komm` WHERE `id_videos` = '$id'"), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
$q = mysql_query("SELECT * FROM `videos_komm` WHERE `id_videos` = '" . intval($_GET['id']) . "' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
if (!isset($_POST['msg']) && isset($user)) {
echo "<form method='post' class='list-group-item' name='message' action='?id=$videos[id]'>";
echo auto_bb("message", "msg");
echo "<textarea placeholder='" . lang('Введите сообщение') . "...' name='msg' class='form-control'></textarea><br />";
$doc->Button('btn btn-success btn-sm', null, 'pencil', 'Опубликовать');
echo '</form>';
}
if ($k_post == 0) {
$doc->NoResult();
}
while ($post = mysql_fetch_assoc($q)) {
$ank = get_user($post['id_user']);
echo "<table class='list-group-item-komm'><tr><td class = 'icon14'>";
avatar($ank['id'], '48', 'border-radius: 2px;');
echo "</td><td class='null'>";
echo "<span style='float:right;color: grey;'><small>" . date::timek($post['time']) . "</small></span>";
echo user($ank['id']) . " ";
echo "<br />n";
if (isset($user) && ($user['level'] >= 3 || $user['id'] == $videos['id_user'])) {
echo "<span style='float: right;' id='hides'>";
echo "<a href='?id=$videos[id]&del=$post[id]'><i class='fa fa-trash-o fa-fw'></i></a>";
echo "</span>";
}
echo toOutput($post['msg']) . "n";
echo "</td></tr></table>";
}
if ($k_page > 1) {
echo "<div class='list-group-item'>";
str("komm.php?id=$videos[id]&", $k_page, $page);
echo "</div>";
}
$doc->Link('list-group-item', "video.php?id=$id", 'arrow-left', 'К видео');
$doc->Link('list-group-item', "index.php", 'arrow-left', 'К разделам');
} else {
header("Location: index.php?" . SID);
exit;
}
require_once H . 'sys/inc/tfoot.php';