Файл: www-1/forum.php
Строк: 115
<?php
define('cms', 1);
require_once 'core.php';
if ($user)
{
Error_Reporting(E_ALL & ~E_NOTICE);
$u = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$user."'"));
echo '<div class="menu">Форум</div>';
echo '<div class="pt">';
switch ($_GET['a'])
{
default:
echo '<b>Разделы: </b><br />';
$query_razdel = mysql_query("SELECT * FROM `forum_themes` order by `level`");
while ($res = mysql_fetch_assoc($query_razdel))
{
echo '<img src="../img/forum_new.png" alt=*> <a href="/view/'.$res['id'].'.html">'.$res['title'].'</a>';
if ($u['privilege'] == 2) echo ' <a href="forum.php?razdel_del='.$res['id'].'"><font color="red">[D]</font></a>';
echo '<br />';
}
if (isset($_GET['razdel_del']) AND $u['privilege'] == 2)
{
mysql_query("DELETE FROM `forum_themes` WHERE `id` = '".addslashes($_GET['razdel_del'])."'");
mysql_query("DELETE FROM `forum_topic` WHERE `theme` = '".addslashes($_GET['razdel_del'])."'");
echo 'Раздел удален, все вложенные темы также удалены!';
}
if ($u['privilege'] == 2) echo '<div class="lin"></div><a href="../forum.php?a=create_r">Создать раздел</a>';
break;
case 'add':
$last = time()-$u['last_forum_theme'];
if ($last > 600 OR $u['privilege'] == 2)
{
$max_theme = mysql_fetch_array(mysql_query("SELECT `id` FROM `forum_themes` order by `id` DESC"));
$min_theme = mysql_fetch_array(mysql_query("SELECT `id` FROM `forum_themes` order by `id` ASC"));
if (isset($_GET['theme']) AND abs(round($_GET['theme'])) !== 0 AND abs(round($_GET['theme'])) >= $min_theme['id'] AND abs(round($_GET['theme'])) <= $max_theme['id'])
{
if (isset($_POST['title']) AND isset($_POST['text']))
{
$error = '';
if (mb_strlen($_POST['title']) < 4 || mb_strlen($_POST['title']) > 30) $error .= 'Неверная длина заголовка<br/>';
if (mb_strlen($_POST['text']) < 4 || mb_strlen($_POST['text']) > 500) $error .= 'Неверная длина текста<br/>';
if (empty($error))
{
mysql_query("INSERT INTO `forum_topic` SET
`title` = '".htmlspecialchars($_POST['title'])."',
`time` = '".date('H:i')."',
`date` = '".date('d M')."',
`author` = '$user',
`theme` = '".abs(round($_GET['theme']))."';");
$id = mysql_insert_id();
mysql_query("INSERT INTO `forum_massages` SET
`text` = '".htmlspecialchars($_POST['text'])."',
`time` = '".date('H:i')."',
`date` = '".date('d M')."',
`author` = '$user',
`theme` = '".$id."'");
mysql_query("UPDATE `users` SET `last_forum_theme` = '".time()."' WHERE `id`='$user'");
echo 'Тема успешно создана. <br /><a href="./topic/'.$id.'.html">К теме</a><br />';
} else echo $error;
}
else{
echo '<form method="POST" action="">
Заголовок темы: <br /><input type="text" name="title" size=15><br />
Текст:<br /><textarea name="text" cols="15" rows="3""></textarea><br />
<input type="submit" value="Создать">
</form>';
echo 'Все поля обязательны к заполнению!<br />';
}
} else header('Location: ../forum.php');
} else echo 'Тему можно создавать раз в 10 минут.<br />'; echo '<a href="../forum.php">Форум</a>';
break;
case 'view':
if (isset($_GET['id']) AND abs(round($_GET['id'])) == 0) header('Location: ../forum.php');
$topic = mysql_fetch_array(mysql_query("SELECT * FROM `forum_themes` WHERE `id` = '".$_GET['id']."'"));
if (!empty($topic))
{
include('navigation.php');
$all = mysql_result(mysql_query("select count(*) FROM `forum_topic` WHERE `theme` = '".$_GET['id']."'"),0);
if($all > 0)
{
$newlist = new forum($all, 10, true);
$query = mysql_query("select * FROM `forum_topic` WHERE `theme` = '".$_GET['id']."' order by `id` AND `lvl` AND `lvl` DESC limit ". $newlist->limit().";");
while($res = mysql_fetch_assoc($query))
{
echo '<img src="../img/topic_close.png" alt=*>';
if ($res['lvl'] == 1) echo ' <font color="red">!</font>';
echo ' <a href="../topic/'.$res['id'].'.html">'.$res['title'].'</a>';
if ($u['privilege'] == 2)
{
echo ' <a href="../forum.php?a=view&id='.$_GET['id'].'&del_topic='.$res['id'].'"><font color="red">[D]</font></a> <a href="../forum.php?a=view&id='.$_GET['id'].'&zakr_topic='.$res['id'].'"><font color="red">[Z]</font></a>';
if ($res['close'] == 0) echo '<a href="../forum.php?a=view&id='.$_GET['id'].'&close='.$res['id'].'"><font color="red">[C]</font></a>';
else echo '<a href="../forum.php?a=view&id='.$_GET['id'].'&close_no='.$res['id'].'"><font color="red">[O]</font></a>';
if ($res['lvl'] == 1) echo '<a href="../forum.php?a=view&id='.$_GET['id'].'&otkr_topic='.$res['id'].'"><font color="red">[Z-NO]</font></a>';
}
if (isset($_GET['del_topic']) AND $u['privilege'] == 2)
{
mysql_query("DELETE FROM `forum_topic` WHERE `id` = '".addslashes($_GET['del_topic'])."'");
mysql_query("DELETE FROM `forum_massages` WHERE `theme` = '".addslashes($_GET['del_topic'])."'");
header('Location: /view/'.$_GET['id'].'.html');
}
if (isset($_GET['close_no']) AND $u['privilege'] == 2)
{
mysql_query("UPDATE `forum_topic` SET `close` = '0' WHERE `id` = '".addslashes($_GET['close_no'])."'");
header('Location: /view/'.$_GET['id'].'.html');
}
if (isset($_GET['close']) AND $u['privilege'] == 2)
{
mysql_query("UPDATE `forum_topic` SET `close` = '1' WHERE `id` = '".addslashes($_GET['close'])."'");
header('Location: /view/'.$_GET['id'].'.html');
}
if (isset($_GET['zakr_topic']) AND $u['privilege'] == 2)
{
mysql_query("UPDATE `forum_topic` SET `lvl` = '1' WHERE `id` = '".addslashes($_GET['zakr_topic'])."'");
header('Location: /view/'.$_GET['id'].'.html');
}
if (isset($_GET['otkr_topic']) AND $u['privilege'] == 2)
{
mysql_query("UPDATE `forum_topic` SET `lvl` = '0' WHERE `id` = '".addslashes($_GET['otkr_topic'])."'");
header('Location: /view/'.$_GET['id'].'.html');
}
echo '<br />';
} echo '';
if ($all >= 10) echo $newlist->back_forward_links();
} else echo 'Пустой раздел';
} else header('Location: ../forum.php');
echo '<br /><img src="../img/forum_scroll.png" alt=*> <a href="../forum.php?a=add&theme='.$_GET['id'].'">Новая тема</a>';
echo '<br /><img src="../img/portal.png" alt=*> <a href="../forum.php">Вернуться</a>';
break;
case 'create_r':
if ($u['privilege'] == 2)
{
if (isset($_POST['title']))
{
mysql_query("INSERT INTO `forum_themes` SET `title` = '".addslashes($_POST['title'])."'");
header('Location: ../forum.php');
} else {
echo '<form method="POST" action="">
Название раздела: <br /><input type="text" name="title" size=15><br />
<input type="submit" value="Создать">
</form>';
}
} else header('Location: ../forum.php');
break;
case 'topic':
if (isset($_GET['id']))
{
if (abs(round($_GET['id'])) == 0) header('Location: ../forum.php');
$topic = mysql_fetch_array(mysql_query("SELECT * FROM `forum_topic` WHERE `id` = '".$_GET['id']."'"));
if (!empty($topic))
{
if (isset($_POST['text']))
{
$last2 = time()-$u['last_m'];
if($last2 > 30 OR $u['privilege'] == 2)
{
if (mb_strlen($_POST['text']) > 4 AND mb_strlen($_POST['text']) <= 500)
{
if ($topic['close'] == 0)
{
mysql_query("INSERT INTO `forum_massages` SET
`author` = '$user',
`text` = '".htmlspecialchars($_POST['text'])."',
`time` = '".date('H:i')."',
`date` = '".date('d M')."',
`theme` = '".$_GET['id']."'");
mysql_query("UPDATE `users` SET `last_m` = '".time()."' WHERE `id`='$user'");
} else header('Location: ../topic/'.$topic['id'].'.html');
echo 'Сообщение добавлено.<br />';
} else echo 'Сообщение слишком короткое/длинное.<br />';
echo '<a href="../topic/'.$topic['id'].'.html">'.$topic['title'].'</a> | ';
} else {echo 'Сообщение можно оставлять раз в 30 секунд <br />'; echo '<a href="../topic/'.$topic['id'].'.html">'.$topic['title'].'</a> | ';}
}
else {
if ($topic['close'] == 0)
{
if (isset($_GET['to']))
{
$to = mysql_fetch_array(mysql_query("SELECT `login` FROM `users` WHERE `id`='".addslashes($_GET['to'])."'"));
if (!empty($to))
{
echo '<form method=POST action="">
<textarea name="text" cols="15" rows="3"">'.addslashes($to['login']).', </textarea><br /><input type="submit" value="Отправить">
</form>';
} else header('Location: ../forum.php');
}
else
{
echo '<form method=POST action="">
<textarea name="text" cols="15" rows="3"></textarea><br /><input type="submit" value="Отправить">
</form>';
}
} else echo 'Тема закрыта <br />';
include('navigation.php');
$all_topic = mysql_result(mysql_query("select count(*) FROM `forum_massages` WHERE `theme` = '".$_GET['id']."'"),0);
if ($all_topic > 0)
{
$newlist = new forum2($all_topic, 10, true);
$query = mysql_query("select * FROM `forum_massages` WHERE `theme` = '".$_GET['id']."' order by `id` DESC limit ". $newlist->limit().";");
while($res = mysql_fetch_assoc($query))
{
$author = mysql_fetch_array(mysql_query("SELECT `login`,`online`,`id` FROM `users` WHERE `id` = '".$res['author']."'"));
echo '<b>'.$author['login'].'</b>';
if ($author['online'] == 1) echo '<font color="green">(On)</font>';
if ($author['online'] == 0) echo '<font color="green">(Off)</font>';
echo '[<a href="../mail.php?a=create&to='.$author['id'].'">ЛС</a>] [<a href="../forum.php?a=topic&id='.$_GET['id'].'&to='.$author['id'].'">Отв</a>]';
if ($u['privilege'] == 2) echo '<a href="../forum.php?a=topic&id='.$_GET['id'].'&del_m='.$res['id'].'"><font color="red">[D]</font></a>';
if (isset($_GET['del_m']) AND $u['privilege'] == 2)
{
mysql_query("DELETE FROM `forum_massages` WHERE `id` = '".addslashes($_GET['del_m'])."'");
header('Location: ../forum.php?a=topic&id='.$_GET['id']);
}
echo '<br />'.$res['date'].', '.$res['time'].'';
echo '<br />'.htmlspecialchars($res['text']).'';
echo '<div class="lin"></div>';
} echo '<br />';
if ($all_topic >= 10) echo $newlist->back_forward_links().' | ';
} else echo 'Сообщений нет<br />';
}
} else header('Location: ../forum.php');
}
$back = mysql_fetch_array(mysql_query("SELECT `id`,`title` FROM `forum_themes` WHERE `id` = '".$topic['theme']."'"));
echo '<a href="../view/'.$back['id'].'.html">'.$back['title'].'</a>';
break;
}
echo '</div>';
}
else
{
header('Location: ../index.php');
}
include './include/foot.php';
?>