Размер файла: 5.7Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author: Nikoloz Sitchinava [sitchi] //
// Link: http://sitchicms.num.ge //
// Skype: SitchiCMS //
// License: LICENSE.txt (see attached file) //
// Version: VERSION.txt (see attached file) //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../../';
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_news = load_lng('news');
if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php?".SID);exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1",$dblink), 0)==0){
header("Location: index.php?".SID);
exit;}
head(''.$lng_news['1_1'].' | '.$lng['1_52'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng_news['1_1'].'</a> | '.$lng['1_52'].'</b></div>';
if (isset($_POST['msg']))
{
$msg=stripslashes(htmlspecialchars(trim($_POST['msg'])));
// შეტყობინების შემოწმება
if(mb_strlen($msg)<2)
{
$err[] = '<div class="errmenu">'.$lng_news['1_20'].'(min 2)</div>';
}
if(mb_strlen($msg)>512)
{
$err[] = '<div class="errmenu">'.$lng_news['1_21'].'(max 512)</div>';
}
// სტუმრებისთვის
if(!isset($user) && isset($_POST['login']))
{
$login = stripslashes(htmlspecialchars(trim($_POST['login'])));
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_news['1_22'].'</div>';
}
if(mb_strlen($login)<3)
{
$err[] = '<div class="errmenu">'.$lng_news['1_23'].'(min 3)</div>';
}
if(mb_strlen($login)>32)
{
$err[] = '<div class="errmenu">'.$lng_news['1_24'].'(max 32)</div>';
}
if (!preg_match("#^[a-zა-ჰ0-9\-\_\ ]+$#ui", $login))
{
$err[] = '<div class="errmenu">'.$lng_news['1_25'].'</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($login).'" LIMIT 1')))
{
$err[] = '<div class="errmenu">'.$lng_news['1_26'].'</div>';
}
}
if(isset($user))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id_user` = '$user[id]' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_news['1_27'].'</div>';}
}else{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `login` = '".mres($login)."' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_news['1_27'].'</div>';}
}
if(!isset($err))
{
if(isset($user))
{
mysql_query("INSERT INTO `news_komm` (`id_user`, `time`, `msg`, `id_news`, `login`) values('$user[id]', '$time','".mres($msg)."', '".intval($_GET['id'])."', '$user[login]')");
mysql_query("UPDATE `user` SET `balans` = '".($user['balans']+1)."' WHERE `id` = '$user[id]' LIMIT 1");
}else{
mysql_query("INSERT INTO `news_komm` (`id_user`, `time`, `msg`, `id_news`, `login`) values('0', '$time', '".mres($msg)."', '".intval($_GET['id'])."', '$login')");
}
msg('<div class="menu">'.$lng_news['1_19'].'</div>');
}
err();
}
$_SESSION['rand']='';
echo'<div class="egmenu">';
echo'<a href="komm.php?id='.intval($_GET['id']).'">'.$lng['1_72'].'</a><br/>';
if(isset($user) || $set['guest_komm_write']==1)
echo'<a href="komm.php?id='.intval($_GET['id']).'&write">'.$lng_news['1_28'].'</a>';
if (isset($_GET['write']))
{
if(isset($user) || $set['guest_komm_write']==1)
{
echo'<form method="POST" action="komm.php?id='.intval($_GET['id']).'">';
if (!isset($user))
{
echo''.$lng_news['1_17'].'(max 32):<br/><input type="text" name="login" maxlength="32" /><br/>';
echo'<img src="/pages/captcha.php" alt="" /><br/>';
echo'<input type="text" name="code" maxlength="4" size="4" /><br/>';
}
echo''.$lng_news['1_18'].'(max 512):<br/><textarea name="msg" maxlength="512"></textarea><br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo"</form>\n";
}}
echo'</div>';
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id_news` = '".intval($_GET['id'])."'"),0);
$k_page=k_page($k_post,$set['p_count']);
$page=page($k_page);
$start=$set['p_count']*$page-$set['p_count'];
$q=mysql_query("SELECT * FROM `news_komm` WHERE `id_news` = '".intval($_GET['id'])."' ORDER BY `id` DESC LIMIT $start, $set[p_count]");
if ($k_post==0)
{
echo'<div class="errmenu">';
echo''.$lng_news['1_16'].'';
echo'</div>';
}
while ($post = mysql_fetch_assoc($q))
{
if ($post['id_user']==0)
{
$ank['sqe']='guest';
$ank['id']='0';
$ank['level']='0';
}else{
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".$post['id_user']."' LIMIT 1"));
}
echo'<div class="menu">';
echo'<img src="/themes/'.$set['set_them'].'/images/sqe_'.$ank['sqe'].'.png" alt="" /><a href="/pages/info.php?id='.$post['id_user'].'"> '.$post['login'].'</a> '.online($ank['id']).' ('.timef($post['time']).')';
if (isset($user) && $user['level']>=2 && $user['level']>$ank['level'] || $user['id']==$ank['id'] && $user['level']>=2){echo'<a href="delete.php?id2='.$post['id'].'">[X]</a>';}
echo'<br/>'.post($post['msg']).'';
echo'</div>';
}
if ($k_page>1)str("komm.php?id=".intval($_GET['id']).'&',$k_page,$page); // გვერდების გამოტანა
echo'<a href="'.$root_path.'modules/smiles/">'.$lng['1_48'].'</a><br/>';
echo'<a href="'.$root_path.'pages/bb-code.php">'.$lng['1_49'].'</a></br>';
echo'<a href="index.php">'.$lng_news['1_29'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
?>