Просмотр файла load/com.php

<?
Error_Reporting(E_ALL & ~E_NOTICE);
$root=$_SERVER['DOCUMENT_ROOT'];
include("func.php");
include("set.php");
include("start.php");

if($pgcom<1) $pgcom=1;
$pgcom_e=$pgcom*$set_comms_page;
$pgcom_b=$pgcom_e-$set_comms_page;
$pgcom_n=$pgcom+1;
$pgcom_p=$pgcom-1;

if(is_file("$dir_load/$did/$fid"))
{
  $nd=str_replace("/","_!+!_",$did);
  if($code!=base64_encode($uc)) Header("Location: com.php?did=$did&fid=$fid&pg=$pg&mode=error_code");
  elseif($mode=='add' && $fc=fopen("$dir_comm/$nd-+-$fid.dat","a+"))
  {
    $name=htmlspecialchars($name);
    $name=str_replace("|","!",$name);
    $ctext=htmlspecialchars($ctext);
    $ctext=str_replace("|","!",$ctext);
    $time=time();
    $fb=file("$dir_comm/$nd-+-$fid.dat");
    $fb_m=explode("|",$fb[count($fb)-1]);
    flock($fc,LOCK_EX);
    if($name!='' && $ctext!='' && $fb_m[1]!=$name && $fb_m[2]!=$ctext) fwrite($fc,"|$name|$ctext|$time|\r\n");
    flock($fc,LOCK_UN);
    fclose($fc);
    Header("Location: com.php?did=$did&fid=$fid&pg=$pg&mode=addok");
    exit;
  }
  
  include("modul/head.php");
  if($ver=='wml') print "<b>Комментарии</b><br/>---<br/>"; else print "<div class=\"c\">Комментарии<br/></div><br/>";
  if($mode=="error_code") print "Был введен неверный проверочный код.<br/><br/>";
  if(file_exists("$dir_comm/$nd-+-$fid.dat")) $f=@file("$dir_comm/$nd-+-$fid.dat"); else $f=array();
  $f_c=count($f);
  
  if($mode=="del_post" && $admin_ok)
  {
    if(isSet($f[$f_c-$cid-1]))
    {
      $fmc=explode("|",$f[$f_c-$cid-1]);
      if($pcode!=$fmc[3]);
      elseif($fwc=fopen("$dir_comm/$nd-+-$fid.dat","w+"))
      {
        unset($f[$f_c-$cid-1]);
        fwrite($fwc,implode("",$f));
        fclose($fwc);
      }
    }
  }
  elseif($mode=="del_post_q" && $admin_ok)
  {
    if($ver!='wml') print "<div class=\"d\">";
    print "<b>Удалить?</b><br/><a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;pgcom=$pgcom&amp;cid=$cid&amp;mode=del_post&amp;pcode=$pcode\">Да</a>|<a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;pgcom=$pgcom\">Нет</a><br/>";
    if($ver!='wml') print "</div><br/>";
  }
  elseif($mode=="clear" && $admin_ok)
  {
    @unlink("$dir_comm/$nd-+-$fid.dat");
    $f=array();
    $f_c=0;
  }
  
  for($i=$pgcom_b;$i<$pgcom_e && $f_c>0;$i++)
  {
    if(!isSet($f[$f_c-$i-1])) continue;
    $fm=explode("|",$f[$f_c-$i-1]);
    $date=date("d.m.y H:i",$fm[3]);
    if($ver!='wml') print "<div class=\"d\"><strong>$fm[2]</strong><br/>Добавил <u>$fm[1]</u>, $date<br/></div>"; else print "<b>$fm[2]</b><br/>Добавил <u>$fm[1]</u>, $date<br/>";
    if($admin_ok) print "<a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;mode=del_post_q&amp;cid=$i&amp;pcode=$fm[3]\">Удалить</a><br/>";
  }
  print "<br/>";
  if($f_c>$pgcom_e) print "<a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;pgcom=$pgcom_n\">След</a><br/>";
  if($pgcom>1) print "<a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;pgcom=$pgcom_p\">Пред</a><br/>";
  $rand=rand_id(4,2);
  $time=time();
  $md5=base64_encode($rand);
  /*if($fcd=fopen("$dir_temp/$md5.code","w+"))
  {
    fwrite($fcd,"|$time|$rand|");
    fclose($fcd);
  }*/
  if($ver!='wml') print "<form action=\"com.php\"><input name=\"mode\" type=\"hidden\" value=\"add\"/><input name=\"did\" type=\"hidden\" value=\"$did\"/><input name=\"fid\" type=\"hidden\" value=\"$fid\"/><input name=\"pg\" type=\"hidden\" value=\"$pg\"/><input name=\"code\" type=\"hidden\" value=\"$md5\"/>";
  print "Имя:<br/>
         <input name=\"name\" type=\"text\" class=\"itext\" maxlength=\"20\"/><br/>
         Комментарий:<br/>
         <input name=\"ctext\" type=\"text\" class=\"itext\" maxlength=\"180\"/><br/>
         Проверочное число:<br/>
         <img src=\"code.php?code=$md5\" alt=\"Код\"/><br/>
         <input name=\"uc\"/><br/>";
        
  if($ver!="wml") print "<input type=\"submit\" value=\"Добавить\"/><br/></form><br/>";
  else print "<anchor>Добавить<go href=\"com.php\">
              <postfield name=\"mode\" value=\"add\"/>
              <postfield name=\"did\" value=\"$did\"/>
              <postfield name=\"fid\" value=\"$fid\"/>
              <postfield name=\"pg\" value=\"$pg\"/>
              <postfield name=\"code\" value=\"$md5\"/>
              <postfield name=\"ctext\" value=\"$(ctext)\"/>
              <postfield name=\"name\" value=\"$(name)\"/>
              <postfield name=\"uc\" value=\"$(uc)\"/>
              </go></anchor><br/>
              ";
  
  print "<a href=\"info.php?did=$did&amp;fid=$fid&amp;pg=$pg\">Назад</a><br/>";
  if($admin_ok) print "<a href=\"com.php?did=$did&amp;fid=$fid&amp;pg=$pg&amp;mode=clear&amp;\">Очистить</a><br/>";
} else { include("modul/head.php"); print "Файл не найден,.<br/>"; }

include("modul/foot.php");
?>