Просмотр файла file/loads/comm.php

Размер файла: 3.66Kb
<?php
Error_Reporting(E_ALL & ~E_NOTICE);
Error_Reporting (ERROR | WARNING);

extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
extract($HTTP_SERVER_VARS);
extract($HTTP_SESSION_VARS);

session_name("SESID");
session_start();
require ("../../mysql.php");
require ("../../config.php");
require ("../../themes/$themes.php");
include 'constant.php';
 @$cf = $_GET["cf"];
 @$lf = $_GET["lf"];
 @$br = $_GET["br"];
    if(preg_match("[http]",$lf)) exit(ERROR_MESAGE);
     if(preg_match("[\.\.]",$lf)) exit(ERROR_MESAGE);
	    if(preg_match("[http]",$cf)) exit(ERROR_MESAGE);
     if(preg_match("[\.\.]",$cf)) exit(ERROR_MESAGE);
$cf = str_replace('http://','',$_GET["cf"]);
 $lf = str_replace('http://','',$_GET["lf"]);
  $cf = str_replace('..','',$cf);
 $cf = str_replace('/','',$cf);
 echo '<small>Комментарии к: <a href="'.$lf.'">'.$cf.'</a></small><br />';
 if(!$_GET["sub"]) {
	echo '<div class=line><small>Прокомментировать:</small></div>
	      <form action="comm.php" method="GET">
		  <small>Имя:</small><br /><input type="text" name="name"><br />
		  <small>Комментарий:</small><br /><input type="text" name="mes"><br />
		  <input type="hidden" name="cf" value="'.$cf.'">
		  <input type="hidden" name="lf" value="'.$lf.'">
		  <input type="hidden" name="br" value="'.str_replace('..','',$br).'">
		  <input type="hidden" name="sub" value="1">
		  <input type="submit"><br /><hr>'; }
		  if($_GET["sub"])
		  {
		     if(strip_tags($_GET["name"]) == '') exit("Вы не ввели имя");
			 if(strip_tags($_GET["mes"]) == '') exit("Вы не ввели сообщение");
		   if(!empty($_GET["mes"]))
		    {
		   if(!empty($_GET["name"]))
		    {
		   if(trim($_GET["mes"]) != '')
		    {
		   if(trim($_GET["name"]) != '')
		    {
		   	  if($fp = @fopen("./comm/cm.".$cf.".cm","a+"))
			  {
			  $name = $_GET["name"];
			  $mes = $_GET["mes"];
			  $fp = @fputs($fp,time().'<br /><small><b>Имя: '.strip_tags(trim(substr($name,0,21))).'</b></small><br />'.'<small><b>Комментарий:</b></small><br /><small>'.strip_tags(trim(substr($mes,0,1000))).'</small><hr>'.''."\n");
			  @fclose($fp);

                                print "<b>Ok, <a href=\"comm.php?cf=$cf&lf=$lf&br=".str_replace('..','',$br)."\">Далее</a></b><br />";
								include('./lite/footer.inc.php');
								exit();
			  } else {
			  print "<b>Sorry, <a href=\"comm.php?cf=$cf&lf=$lf&br=".str_replace('..','',$br)."\">Далее</a></b><br />";
								include("../tel/footer.php");
								exit();
			  }
		    }
		    }
			}
			}
		  }
  if(file_exists("./comm/cm.".$cf.".cm"))
   {
    $cv = @file("./comm/cm.".$cf.".cm");
	 $klk = sizeof($cv);
	 if($fp = @fopen('ck/'.$cf.'.dat',"w+")) {
	     $fp = @fputs($fp,$klk);
			@fclose($fp);
	    }
	}
   elseif(!file_exists("./comm/cm.".$cf.".cm"))
     {
    echo 'Пока нету';
	 }
	 $cv = str_replace('%','',$cv);
	 	 $st = $_GET["st"];
  if(empty($st)) 
  { 
   $st = 0; 
  }
     $fn = $st + COMMENTS_COUNT;
    @rsort($cv,1);
	 for($i=$st;$i<$fn;$i++)
	{
	$cv[$i] = strstr($cv[$i],'<');
    echo ''.strip_tags($cv[$i],'<a>,<div>,<br>,<small>,<b><hr>').'';
	}
	if($st != 0) {
		 echo '<br /><small><a href="?st='.($st-COMMENTS_COUNT).'&cf='.$cf.'&lf='.$lf.'&br='.str_replace('..','',$br).'"><<-</a></small> |';  }
	if($fn < sizeof($cv)) {
	     echo ' <small><a href="?st='.($st+COMMENTS_COUNT).'&cf='.$cf.'&lf='.$lf.'&br='.str_replace('..','',$br).'">->></a></small>'; }
		 echo '<hr><small><a href="index.php?a='.str_replace('..','',$br).'">К разделам</a></small>';
include('../../foot.php');
?>