Размер файла: 3.38Kb
<? php /********************************** * @package: PerfCMS * * @year: 2012 * * @author: Artas * * @link: http://perfcms.pp.ua * **********************************/ $locate = 'in_forum' ; $topic_id = abs ( intval ( $_GET [ 'topic_id' ])); if (! isset ( $user ) || ! isset ( $topic_id )) { header ( 'Location:/' ); } if ( $db -> query ( "SELECT * FROM `forum_t` WHERE `id` = '" . $topic_id . "'" )-> rowCount () == 0 ) { header ( 'Location:/forum/' ); } if ( isset ( $_POST [ 'create' ]) && $_GET [ 'act' ] == 'create' ) { if (! empty ( $_POST [ 'text' ])) { $text = substr ( input ( $_POST [ 'text' ]), 0 , 3500 );} else { $err = 'Message is empty' ; } if (! empty ( $_POST [ 'text' ])) { $db -> query ( "INSERT INTO `forum_pt` SET `text` = '" . $text . "', `time` = '" . time () . "', `user_id` = '" . $user [ 'id' ]. "', `topic_id` = '" . $topic_id . "'" ); $lastPostId = $db -> lastInsertId (); $db -> query ( "UPDATE `forum_t` SET `time_last_post` = '" . time () . "', `user_last_post` = '" . $user [ 'id' ] . "' WHERE `id` = '" . $topic_id . "'" ); $file_dir = ROOT . '/files/forum/' ; if ( $_FILES [ 'file' ][ 'tmp_name' ]) { $patch = pathinfo ( $_FILES [ 'file' ][ 'name' ]); if (! in_array ( $patch [ 'extension' ], explode ( ';' , $system [ 'files_types' ]))) { $err = 'File extention not allowed.<br />' ; } $name_start = cyrlat ( $patch [ 'filename' ]); $name_short = trim ( $name_start ). time (); $name_end = mb_convert_encoding ( $name_short , "UTF-8" ); $name = $name_end . '.' . $patch [ 'extension' ]; if ( file_exists ( $file_dir . $name )) { $err = 'This file exists<br />' ; } if (! isset ( $err )) { move_uploaded_file ( $_FILES [ 'file' ][ 'tmp_name' ], $file_dir . $name ); $db -> query ( "UPDATE `forum_pt` SET `file` = '" . input ( $name ) . "', `file_size` = '" . $_FILES [ 'file' ][ 'size' ] . "' WHERE `id` = '" . $lastPostId . "'" ); // print_r($db->errorInfo()); } else { echo $err ; } } // print_r($db->errorInfo()); header ( 'Location:/forum/topic' . abs ( intval ( $topic_id )). '/?page=end' ); // print_r($db->errorInfo()); } else { header ( 'Location:/forum/topic' . abs ( intval ( $topic_id )). '/?page=end' ); } } $title = $lang -> word ( 'add_message' ); require_once ( SYS . '/view/header.php' ); $tpl -> div ( 'title' , $lang -> word ( 'add_message' )); $tpl -> div ( 'menu' , '<form action="/forum/add_post/' . $topic_id . '/?act=create" method="post" enctype="multipart/form-data"> <b>' . $lang -> word ( 'message' ) . '</b>:<br/> <textarea name="text" rows="5" cols="26">' .( isset ( $_GET [ 'reply_to' ]) ? '[b]' . $_GET [ 'reply_to' ]. '[/b], ' : NULL ) . ( isset ( $_GET [ 'quote' ]) ? "[b]" . tnick ( $db -> query ( "SELECT user_id FROM `forum_pt` WHERE `topic_id` = '" . $topic_id . "' AND `id` = '" . $_GET [ 'quote' ] . "'" )-> fetchColumn ()). "[/b] " . date ( 'd.m.Y, H:i' , $db -> query ( "SELECT time FROM `forum_pt` WHERE `topic_id` = '" . $topic_id . "' AND `id` = '" . $_GET [ 'quote' ] . "'" )-> fetchColumn ()). "\n[quote]\n" . preg_replace ( '/\[quote\]|\[\/quote\]/i' , '' , $db -> query ( "SELECT text FROM `forum_pt` WHERE `topic_id` = '" . $topic_id . "' AND `id` = '" . $_GET [ 'quote' ] . "'" )-> fetchColumn ()). "\n[/quote] " : NULL ) . '</textarea><br/> <b>' . $lang -> word ( 'add_file' ). '</b><br/> <input type="file" name="file"><br/> <input name="create" type="submit" value="' . $lang -> word ( 'create' ) . '" /><br/> </form>' ); $tpl -> div ( 'block' , NAV . '<a href="/forum/topic' . $topic_id . '/">' . $lang -> word ( 'back' ) . '</a><br/>' . NAV . '<a href="/forum/">' . $lang -> word ( 'forum' ) . '</a><br/>' . HICO . '<a href="/">' . $lang -> word ( 'home' ). '</a>' ); require_once ( SYS . '/view/footer.php' ); ?>