Файл: comm/inc/news.php
Строк: 155
<?php
/** Модуль Сообщества
* @author Kratos
* @email wssy@mail.ua
* ICQ: 845348
* @version 1.0.0
*/
// Новости сообществ!
$id_soo = (int)htmlspecialchars($_GET['id']);
//Действие
$do = htmlspecialchars($_GET['do']);
if(in_array($do, array("edit","del","new"))){
$do = htmlspecialchars($_GET['do']);
}else{
$do = null;
}
//Проверка на бан
$uban = func::banstat($id_soo, $user_id);
if($uban){
echo functions::display_error("Вас забанили!Осталось: " . functions::timecount($uban - time()) . "");
echo '<a href="index.php?id='.$row['cat'].'">Назад</a>';
require('../incfiles/end.php');
exit();
}
$urights = func::rightsUserComm($id_soo, $user_id);
switch($do){
case'edit':
if ($urights < 8){
header("Location: ?act=news&id=$id_soo");exit();
}
$idn = (int)htmlspecialchars($_GET['idn']);
if($_POST){
$name = isset($_POST['name']) ? functions::check($_POST['name']) : false;
$text = isset($_POST['text']) ? functions::check($_POST['text']) : false;
$error = array();
if (!$name)
$error[] = "Заполните поле Названия";
if (!$text)
$error[] = "Заполните поле текст!";
$flood = functions::antiflood();
if ($flood)
$error[] = $lng['error_flood'] . ' ' . $flood . ' ' . $lng['seconds'];
if (!$error) {
if(!func::newsUpComm($text, $name,$idn)){
echo "Системная ошибка!!!";exit();
}
header("Location:?act=news&id=$id_soo");
}else {
echo functions::display_error($error, '<a href="index.php">' . $lng_news['to_news'] . '</a>');
}
}
$up = mysqli_fetch_assoc(db::query("SELECT `id`,`title`,`text` FROM `comm_news` WHERE `id` = $idn"));
echo '<form action="?act=news&id='.$id_soo.'&idn='.$idn.'&do=edit" method="post"><div class="menu">' .
'<p><h3>Названия</h3>' .
'<input type="text" name="name" value="'.$up['title'].'"/></p>' .
'<p><h3>' . $lng['text'] . '</h3>' .
'<textarea rows="' . $set_user['field_h'] . '" name="text">'.$up['text'].'</textarea></p>';
echo '</p></div><div class="bmenu"><input type="submit" name="submit" value="' . $lng['save'] . '"/>' .
'</div></form>';
echo '<div class="list1"><a href="?act=news&id='.$id_soo.'">Назад</a></div>';
break;
//Удаления новостей
case'del':
if ($urights < 8){
header("Location: ?act=news&id=$id_soo");exit();
}
$idn = (int)htmlspecialchars($_GET['idn']);
if(!func::deleteNews($idn)){
die("Ошибка при удалении!");exit();
}
header("Location: ?act=news&id=$id_soo");exit();
break;
//Добавления новостей
case'new':
if ($urights < 8){
header("Location: ?act=news&id=$id_soo");exit();
}
if($_POST){
$name = isset($_POST['name']) ? functions::check($_POST['name']) : false;
$text = isset($_POST['text']) ? functions::check($_POST['text']) : false;
$error = array();
if (!$name)
$error[] = "Заполните поле Названия";
if (!$text)
$error[] = "Заволните поле текст!";
$flood = functions::antiflood();
if ($flood)
$error[] = $lng['error_flood'] . ' ' . $flood . ' ' . $lng['seconds'];
if (!$error) {
if(!func::newsInComm($id_soo, $text, $name, $user_login)){
echo "Системная ошибка!!!";exit();
}
header("Location:?act=news&id=$id_soo");
}else {
echo functions::display_error($error, '<a href="index.php">' . $lng_news['to_news'] . '</a>');
}
}
echo '<form action="?act=news&id='.$id_soo.'&do=new" method="post"><div class="menu">' .
'<p><h3>Названия</h3>' .
'<input type="text" name="name"/></p>' .
'<p><h3>' . $lng['text'] . '</h3>' .
'<textarea rows="' . $set_user['field_h'] . '" name="text"></textarea></p></div>';
echo '<div class="bmenu">' .
'<input type="submit" name="submit" value="' . $lng['save'] . '"/></div></form>';
echo '<div class="list1"><a href="?act=news&id='.$id_soo.'">Назад</a></div>';
break;
default:
$total = db::result(db::query("SELECT count(*) FROM `comm_news` WHERE `id_soo` = $id_soo"),0);
if ($start >= $total) {
// Исправляем запрос на несуществующую страницу
$start = max(0, $total - (($total % $kmess) == 0 ? $kmess : ($total % $kmess)));
}
$res = func::showNews($id_soo, $start, $kmess);
echo '<div class="phdr">Новости сообщества</div>';
if ($urights >= 8){
echo '<div class="topmenu"><a href="?act=news&id='.$id_soo.'&do=new">Написать</a></div>';
}
if($total){
$i = 0;
while($row = mysqli_fetch_assoc($res)){
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$text = functions::checkout($row['text'], 1, 1);
if ($set_user['smileys'])
$text = functions::smileys($text, 1);
echo '<h3>' . $row['title'] . '</h3>' .
'<span class="gray"><small>' . $lng['author'] . ': ' . $row['author'] . ' (' . functions::display_date($row['time']) . ')</small></span>' .
'<br />' . $text . '<div class="sub">';
if ($urights >= 8) {
echo '<a href="?act=news&do=edit&id='.$id_soo.'&idn=' . $row['id'] . '">' . $lng['edit'] . '</a> | ' .
'<a href="?act=news&do=del&id='.$id_soo.'&idn=' . $row['id'] . '">' . $lng['delete'] . '</a>';
}
echo '</div>';
++$i;
echo '</div>';
}
echo '<div class="list1"><a href="?act=comm&id='.$id_soo.'">Назад</a></div>';
echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
if ($total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination('?act=news&id='.$id_soo.'&', $start, $total, $kmess) . '</div>';
echo '<p><form action="?act=news&id='.$id_soo.'&" method="post"><input type="text" name="page" size="2"/><input type="submit" value="' . $lng['to_page'] . ' >>"/></form></p>';
}
}else{
echo '<p>Новостей нет!</p>';
echo '<div class="phdr"><a href="?act=comm&id='.$id_soo.'">Назад</a></div>';
}
break;
}
?>