<?
include_once "../SYSTEM/include/functions.php";
include_once "../SYSTEM/include/mysql.php";
include_once "../SYSTEM/include/param.php";
include_once "../SYSTEM/include/ban.php";
include_once "../SYSTEM/include/sess.php";
include_once "../SYSTEM/include/ban_2.php";
include_once "../SYSTEM/include/theme.php";
$title='Ответить в тему';
$mesto='Пишет в форуме';
head();
if (!isset($_GET['id_razd']) || !isset($_GET['id_forum']) || !isset($_GET['id_them'])){
header ("Location: index.php?".SID."&");
exit;
}
if (isset($_GET['page'])){
$page=$_GET['page'];
}
else{
$page=1;
}
$id_forum=intval($_GET['id_forum']);
$id_razd=intval($_GET['id_razd']);
$id_them=intval($_GET['id_them']);
$q = mysql_query("SELECT * FROM `$mysql[pref]forum_f` WHERE `id` = '$id_forum';");
if(mysql_num_rows($q) != 0){
$forum = mysql_fetch_array($q);
}
else{
header ("Location: index.php?".SID."&");
exit;
}
$q = mysql_query("SELECT * FROM `$mysql[pref]forum_r` WHERE `id_f` = '$id_forum' AND `id` = '$id_razd';");
if(mysql_num_rows($q) != 0){
$razd = mysql_fetch_array($q);
}
else{
header ("Location: index.php?".SID."&id_forum=$id_forum");
exit;
}
$q = mysql_query("SELECT * FROM `$mysql[pref]forum_t` WHERE `id_f` = '$id_forum' AND `id_r` = '$id_razd' AND `id` = '$id_them';");
if(mysql_num_rows($q) != 0){
$thema = mysql_fetch_array($q);
}
else{
header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd");
exit;
}
if ($thema['close']==1){
header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");
exit;
}
if (!isset($user)){
header ("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");
exit;
}
if ($user['forum_post_t']>$time-30 && $user['level']==0){
echo "<div class=\"h\">Антифлуд</div><hr />\n";
if ($mail_in_new>0)echo "<div class=\"privat\"><img src=\"../SYSTEM/themes/$them/img/mail0.gif\" alt=\"\" /> <a href=\"../mail.php?act=in\">Приват</a> [$mail_in_new]</div><hr />\n";
echo "Время между сообщениями не менее 15-ти секунд<br />\n";
echo "<br /><div class=\"mess\">";
echo "<a href=\"index.php?id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&\">В тему</a>\n";
echo "<br /><a href=\"../index.php\">На главную</a></div>\n";
foot();
}
if (isset($_GET['act']) && $_GET['act']=='add' && isset($_POST['msg'])){
$msg=$_POST['msg'];
$msg = iconv('utf-8', 'windows-1251', $msg);
$msg = iconv('windows-1251', 'utf-8', $msg);
$msg=stripcslashes(htmlspecialchars($msg));
$msg=str_replace("\r\n","<br />",$msg);
$msg=str_replace("\r","<br />",$msg);
$msg=str_replace("\n","<br />",$msg);
if (isset($_POST['tr'])){
$msg=translit($msg);
}
$id=$thema['id'];
if ($msg==''){
header("Location: index.php?".SID."&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&msg=pust");
exit;
}
$ua_p=$ua;
$ip_p=$ip;
$msg_t=trim($msg);
$time_q=$time-30;
$q = mysql_query("SELECT COUNT(*) FROM `$mysql[pref]forum_p` WHERE `id_f` = '$id_forum' AND `id_r` = '$id_razd' AND `id_t` = '$id_them' AND `time` > '$time_q' AND `msg` = '$msg_t' AND `id_us` = '$user[id]';");
$repeat=mysql_result($q, 0);
if ($repeat==0){
for ($i=1;$i<=3;$i++){
if (isset($_FILES["file$i"]) && $_FILES["file$i"]['name']!=NULL && !eregi("\.(php|.{1,}ml|htm).{0,3}$",$_FILES["file$i"]['name'])){
$fname[$i]=$_FILES["file$i"]['name'];
if (ereg("=|\+|\{|\}|\(|\)|\^|\%|\\$|#|@|!|\~|'|\"|:|;|`|,|\?|<|>",$fname[$i])){header("Location: index.php?id_forum=$forum[id]&id_razd=$razdel[id]&id_them=$them[id]&page=$page&msg=fname_no_valid");exit;}
$rashs=explode('.',$fname[$i]);
$rashs_l=count($rashs);
$rashs_l=$rashs_l-1;
$rashs=$rashs[$rashs_l];
$name_id[$i]=uniqid('').'.'.$rashs;
copy($_FILES["file$i"]['tmp_name'], '../data/forum/'.$name_id[$i]);
chmod('../data/forum/'.$name_id[$i], 0644);
}
elseif (isset($_POST["file$i"])){
$file=explode('file=', $_POST["file$i"]);
if ($file[0]!=NULL && !eregi("\.(php|.{1,}ml|htm).{0,3}$",$file[0])){
if (ereg("=|\+|\{|\}|\(|\)|\^|\%|\\$|#|@|!|\~|'|\"|:|;|`|,|\?|<|>",$file[0])){header("Location: index.php?id_forum=$forum[id]&id_razd=$razdel[id]&id_them=$them[id]&page=$page&msg=fname_no_valid");exit;}
$fname[$i]=$file[0];
$rashs=explode('.',$fname[$i]);
$rashs_l=count($rashs);
$rashs_l=$rashs_l-1;
$rashs=$rashs[$rashs_l];
$name_id[$i]=uniqid('').'.'.$rashs;
$file[1]=$file[1];
$fsave=fopen('../data/forum/'.$name_id[$i],"wb");
flock ($fsave,LOCK_EX);
fputs($fsave,$file[1]);
flock ($fsave,LOCK_UN);
fclose($fsave);
chmod('../data/forum/'.$name_id[$i], 0644);
}}
$filesize[$i]=filesize('../data/forum/'.$name_id[$i]);
$filesize_ed='B';
if ($filesize[$i]>=1024){$filesize[$i]= round($filesize[$i]/1024 , 2);$filesize_ed='KB';}
if ($filesize[$i]>=1024){$filesize[$i]= round($filesize[$i]/1024 , 2);$filesize_ed='MB';}
$file_size[$i]=$filesize[$i].$filesize_ed;
}
if($_POST['kuda']!='forum' && is_numeric($_POST['kuda']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `$mysql[pref]users` WHERE `id` = '".intval($_POST['kuda'])."' LIMIT 1;"),0)==1 && $_POST['kuda']!=$user['id']){
mysql_query("INSERT INTO `$mysql[pref]mail` (id_in_user, time, id_out_user, text, nick) values('".intval($_POST['kuda'])."', '$time', '$user[id]', '$msg_t', '$user[nickname]')");
}
else{
mysql_query("INSERT INTO `$mysql[pref]forum_p` (`id_f`, `id_r`, `id_t`, `nick`, `time`, `msg`, `ip`, `ua`, `id_us`, `file1`, `file2`, `file3`, `file_name1`, `file_name2`, `file_name3`, `file_size1`, `file_size2`, `file_size3`)
values('$id_forum', '$id_razd', '$id', '$user[nickname]', '$time', '$msg_t', '$ip_p', '$ua_p', '$user[id]', '$name_id[1]', '$name_id[2]', '$name_id[3]', '$fname[1]', '$fname[2]', '$fname[3]', '$file_size[1]', '$file_size[2]', '$file_size[3]')");
mysql_query("OPTIMIZE TABLE `$mysql[pref]forum_p`");
$user['forum_post_k']++;
mysql_query("UPDATE `$mysql[pref]forum_t` SET `time_last` = '$time' WHERE `id` = '$id_them';");
mysql_query("UPDATE `$mysql[pref]users` SET `forum_post_t` = '$time', `forum_post_k` = '$user[forum_post_k]' WHERE `id` = '".$user['id']."';");
ball_add();
}
}
header("Location: index.php?".SID."&act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them");
exit;
}
echo "<div class=\"h\"><b>Добавить сообщение</b></div><hr />\n";
if ($mail_in_new>0)echo "<div class=\"title\"><img src=\"../SYSTEM/themes/$them/img/mail0.gif\" alt=\"\" /> <a href=\"../mail.php?act=in\">Приват</a> [$mail_in_new]</div>\n";
if (!isset($_SESSION['file_form']))$_SESSION['file_form']=0;
if (isset($_GET['file_form']) && $_GET['file_form']=='show')$_SESSION['file_form']=1;
if (isset($_GET['file_form']) && $_GET['file_form']=='hide')$_SESSION['file_form']=0;
if ($_SESSION['file_form']==1)echo "<form method=\"post\" enctype=\"multipart/form-data\" action=\"add_p.php?act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&page=$page\">\n";
else
echo "<form method=\"post\" action=\"add_p.php?act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&page=$page\">\n";
echo "Сообщение:<br />\n<textarea name=\"msg\" class=\"form\" rows=\"4\" cols=\"50%\"></textarea><br />\n";
if ($user['translit']==1)echo "<input type=\"checkbox\" name=\"tr\" value=\"0\" /> Транслит<br />\n";
if (isset($_SERVER['HTTP_USER_AGENT'])){
if (!ereg('Opera Mini', "$_SERVER[HTTP_USER_AGENT]")){
if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file1\" /><br />\n";
if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file2\" /><br />\n";
if ($_SESSION['file_form']==1) echo "<input type=\"file\" style=\"max-width: 100%;\" name=\"file3\" /><br />\n";
}else{
if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file1\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";
if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file2\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";
if ($_SESSION['file_form']==1) echo "<input type=\"text\" name=\"file3\" /><a href=\"op:fileselect\">ОБЗОР</a><br />\n";}}
if ($_SESSION['file_form']==0) echo "<a href=\"add_p.php?act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&page=$page&file_form=show\" title=\"Добавить файлы\">Добавить файлы</a><br />\n";
if ($_SESSION['file_form']==1) echo "<a href=\"add_p.php?act=add&id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them&page=$page&file_form=hide\" title=\"Скрыть формы для добавления файлов\">Скрыть</a><br />\n";
echo "<input value=\"Добавить\" class=\"form\" type=\"submit\" />\n";
echo "</form>\n";
echo "<br />\n";
echo "<a href=\"index.php?id_forum=$id_forum&id_razd=$id_razd&id_them=$id_them\">В тему</a>\n";
echo "<br /><a href=\"../index.php\">На главную</a>\n";
foot();
?>