Просмотр файла forum/add_p.php

Размер файла: 9.01Kb
<?

include_once "../SYSTEM/include/functions.php";

include_once "../SYSTEM/include/mysql.php";

include_once "../SYSTEM/include/param.php";

include_once "../SYSTEM/include/ban.php";

include_once "../SYSTEM/include/sess.php";

include_once "../SYSTEM/include/ban_2.php";

include_once "../SYSTEM/include/theme.php";

$title='Ответить в тему';

$mesto='Пишет в форуме';

head();


if (!isset($_GET['id_razd']) || !isset($_GET['id_forum']) || !isset($_GET['id_them'])){

header ("Location: index.php?".SID."&");

exit;

}


if (isset($_GET['page'])){

$page=$_GET['page'];

}

else{

$page=1;

}

$id_forum=intval($_GET['id_forum']);

$id_razd=intval($_GET['id_razd']);

$id_them=intval($_GET['id_them']);


$q = mysql_query("SELECT * FROM `$mysql[pref]forum_f` WHERE `id` = '$id_forum';");

if(mysql_num_rows($q) != 0){

$forum = mysql_fetch_array($q);

}

else{

header ("Location: index.php?".SID."&");

exit;

}


$q = mysql_query("SELECT * FROM `$mysql[pref]forum_r` WHERE `id_f` = '$id_forum' AND `id` = '$id_razd';");

if(mysql_num_rows($q) != 0){

$razd = mysql_fetch_array($q);

}

else{

header ("Location: index.php?".SID."&id_forum=$id_forum");

exit;

}


$q = mysql_query("SELECT * FROM `$mysql[pref]forum_t` WHERE `id_f` = '$id_forum' AND `id_r` = '$id_razd' AND `id` = '$id_them';");

if(mysql_num_rows($q) != 0){

$thema = mysql_fetch_array($q);

}

else{

header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd");

exit;

}


if ($thema['close']==1){

header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");

exit;

}


if (!isset($user)){

header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");

exit;

}


if ($user['forum_post_t']>$time-30 && $user['level']==0){

echo "<div class=\"h\">Антифлуд</div><hr />\n";

if ($mail_in_new>0)echo "<div class=\"privat\"><img src=\"../SYSTEM/themes/$them/img/mail0.gif\" alt=\"\" /> <a href=\"../mail.php?act=in\">Приват</a> [$mail_in_new]</div><hr />\n";

echo "Время между сообщениями не менее 15-ти секунд<br />\n";

echo "<br /><div class=\"mess\">";

echo "<a href=\"index.php?id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them&amp;\">В тему</a>\n";

echo "<br /><a href=\"../index.php\">На главную</a></div>\n";

foot();

}




if (isset($_GET['act']) && $_GET['act']=='add' && isset($_POST['msg'])){

$msg=$_POST['msg'];

$msg = iconv('utf-8', 'windows-1251', $msg);

$msg = iconv('windows-1251', 'utf-8', $msg);

$msg=stripcslashes(htmlspecialchars($msg));

$msg=str_replace("\r\n","<br />",$msg);

$msg=str_replace("\r","<br />",$msg);

$msg=str_replace("\n","<br />",$msg);


if (isset($_POST['tr'])){

$msg=translit($msg);

}

$id=$thema['id'];

if ($msg==''){

header("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&msg=pust");

exit;

}

$ua_p=$ua;

$ip_p=$ip;

$msg_t=trim($msg);


$time_q=$time-30;

$q = mysql_query("SELECT COUNT(*) FROM `$mysql[pref]forum_p` WHERE `id_f` = '$id_forum' AND `id_r` = '$id_razd' AND `id_t` = '$id_them' AND `time` > '$time_q' AND `msg` = '$msg_t' AND `id_us` = '$user[id]';");

$repeat=mysql_result($q, 0);

if ($repeat==0){


for ($i=1;$i<=3;$i++){

if (isset($_FILES["file$i"]) && $_FILES["file$i"]['name']!=NULL && !eregi("\.(php|.{1,}ml|htm).{0,3}$",$_FILES["file$i"]['name'])){

$fname[$i]=$_FILES["file$i"]['name'];

if (ereg("=|\+|\{|\}|\(|\)|\^|\%|\\$|#|@|!|\~|'|\"|:|;|`|,|\?|<|>",$fname[$i])){header("Location: index.php?id_forum=$forum[id]&id_razd=$razdel[id]&id_them=$them[id]&page=$page&msg=fname_no_valid");exit;}

$rashs=explode('.',$fname[$i]);

$rashs_l=count($rashs);

$rashs_l=$rashs_l-1;

$rashs=$rashs[$rashs_l];

$name_id[$i]=uniqid('').'.'.$rashs;

copy($_FILES["file$i"]['tmp_name'], '../data/forum/'.$name_id[$i]);

chmod('../data/forum/'.$name_id[$i], 0644);

}

elseif (isset($_POST["file$i"])){

$file=explode('file=', $_POST["file$i"]);

if ($file[0]!=NULL && !eregi("\.(php|.{1,}ml|htm).{0,3}$",$file[0])){

if (ereg("=|\+|\{|\}|\(|\)|\^|\%|\\$|#|@|!|\~|'|\"|:|;|`|,|\?|<|>",$file[0])){header("Location: index.php?id_forum=$forum[id]&id_razd=$razdel[id]&id_them=$them[id]&page=$page&msg=fname_no_valid");exit;}

$fname[$i]=$file[0];

$rashs=explode('.',$fname[$i]);

$rashs_l=count($rashs);

$rashs_l=$rashs_l-1;

$rashs=$rashs[$rashs_l];

$name_id[$i]=uniqid('').'.'.$rashs;

$file[1]=$file[1];

$fsave=fopen('../data/forum/'.$name_id[$i],"wb");

flock ($fsave,LOCK_EX);

fputs($fsave,$file[1]);

flock ($fsave,LOCK_UN);

fclose($fsave);

chmod('../data/forum/'.$name_id[$i], 0644);

}}

$filesize[$i]=filesize('../data/forum/'.$name_id[$i]);

$filesize_ed='B';

if ($filesize[$i]>=1024){$filesize[$i]= round($filesize[$i]/1024 , 2);$filesize_ed='KB';}

if ($filesize[$i]>=1024){$filesize[$i]= round($filesize[$i]/1024 , 2);$filesize_ed='MB';}

$file_size[$i]=$filesize[$i].$filesize_ed;

}


if($_POST['kuda']!='forum' && is_numeric($_POST['kuda']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$mysql[pref]users` WHERE `id` = '".intval($_POST['kuda'])."' LIMIT 1;"),0)==1 && $_POST['kuda']!=$user['id']){

mysql_query("INSERT INTO `$mysql[pref]mail` (id_in_user, time, id_out_user, text, nick) values('".intval($_POST['kuda'])."', '$time', '$user[id]', '$msg_t', '$user[nickname]')");

}

else{

mysql_query("INSERT INTO `$mysql[pref]forum_p` (`id_f`, `id_r`, `id_t`, `nick`, `time`, `msg`, `ip`, `ua`, `id_us`, `file1`, `file2`, `file3`, `file_name1`, `file_name2`, `file_name3`, `file_size1`, `file_size2`, `file_size3`)

values('$id_forum', '$id_razd', '$id', '$user[nickname]', '$time', '$msg_t', '$ip_p', '$ua_p', '$user[id]', '$name_id[1]', '$name_id[2]', '$name_id[3]', '$fname[1]', '$fname[2]', '$fname[3]', '$file_size[1]', '$file_size[2]', '$file_size[3]')");

mysql_query("OPTIMIZE TABLE `$mysql[pref]forum_p`");

$user['forum_post_k']++;

mysql_query("UPDATE `$mysql[pref]forum_t` SET `time_last` = '$time' WHERE `id` = '$id_them';");

mysql_query("UPDATE `$mysql[pref]users` SET `forum_post_t` = '$time', `forum_post_k` = '$user[forum_post_k]' WHERE `id` = '".$user['id']."';");

ball_add();

}

}

header("Location: index.php?".SID."&act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");

exit;

}


echo "<div class=\"h\"><b>Добавить сообщение</b></div><hr />\n";

if ($mail_in_new>0)echo "<div class=\"title\"><img src=\"../SYSTEM/themes/$them/img/mail0.gif\" alt=\"\" /> <a href=\"../mail.php?act=in\">Приват</a> [$mail_in_new]</div>\n";


if (!isset($_SESSION['file_form']))$_SESSION['file_form']=0;

if (isset($_GET['file_form']) && $_GET['file_form']=='show')$_SESSION['file_form']=1;

if (isset($_GET['file_form']) && $_GET['file_form']=='hide')$_SESSION['file_form']=0;

if ($_SESSION['file_form']==1)echo "<form method=\"post\" enctype=\"multipart/form-data\" action=\"add_p.php?act=add&amp;id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them&amp;page=$page\">\n";

else 

echo "<form method=\"post\" action=\"add_p.php?act=add&amp;id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them&amp;page=$page\">\n";

echo "Сообщение:<br />\n<textarea name=\"msg\" class=\"form\" rows=\"4\" cols=\"50%\"></textarea><br />\n";

if ($user['translit']==1)echo "<input type=\"checkbox\" name=\"tr\" value=\"0\" /> Транслит<br />\n";


if (isset($_SERVER['HTTP_USER_AGENT'])){

if (!ereg('Opera Mini', "$_SERVER[HTTP_USER_AGENT]")){

if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file1\" /><br />\n";

if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file2\" /><br />\n";

if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file3\" /><br />\n";

}else{

if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file1\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";

if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file2\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";

if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file3\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";}}

if ($_SESSION['file_form']==0) echo "<a href=\"add_p.php?act=add&amp;id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them&amp;page=$page&amp;file_form=show\" title=\"Добавить файлы\">Добавить файлы</a><br />\n";

if ($_SESSION['file_form']==1) echo "<a href=\"add_p.php?act=add&amp;id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them&amp;page=$page&amp;file_form=hide\" title=\"Скрыть формы для добавления файлов\">Скрыть</a><br />\n";



echo "<input value=\"Добавить\" class=\"form\" type=\"submit\" />\n";

echo "</form>\n";

echo "<br />\n";

echo "<a href=\"index.php?id_forum=$id_forum&amp;id_razd=$id_razd&amp;id_them=$id_them\">В тему</a>\n";

echo "<br /><a href=\"../index.php\">На главную</a>\n";


foot();

?>