Размер файла: 20.32Kb
<?php
include_once '../../sys/inc/start.php';
include_once '../../sys/inc/compress.php';
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
if(isset($_GET['id_comm'])){
$id_comm = intval($_GET['id_comm']);
}else{
header("Location: /index.php");
}
$admin = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."'"));
$activate = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."' LIMIT 1"));
$comm = mysql_fetch_array(mysql_query('SELECT * FROM `community_comm` WHERE `id` = '.$id_comm.' LIMIT 1'));
if($id_comm==0 || $id_comm<0){
header("Location: err.php?err=fuck_haker");
}else if($comm['status']==2 && $activate['activate']==0){
header("Location: err.php?err=not_participant");
}else if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_ban` WHERE `id_user` = '$user[id]' AND `id_comm` = '$id' AND `time` > '$time'"), 0)!=0){
header('Location: ban.php?id='.$id);
}else if($id_comm!=$comm['id']){
header("Location: err.php?err=no_community");
}else{
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==0){
$no_adm=" `adm` = '0' AND";
}else{
$no_adm=NULL;
}
if(isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE$no_adm `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_razdel']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_t` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_post']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1){
$forum=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_f` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$razdel=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$them=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_t` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$post=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_p` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$post2=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_p` WHERE `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' ORDER BY `id` DESC LIMIT 1"));
$ank=get_user($post['id_user']);
if(isset($user) && $admin['uid']==$user['id'] && $_GET['act']=='edit' && isset($_POST['msg']) && isset($_POST['post']) && (($admin['priv']>0) || ($user['id']==$post['id_user'] && $post['time']>time()-600 && $post['id_user']==$post2['id_user']))){
$ank=get_user($post['id_user']);
$msg=$_POST['msg'];
if(isset($_POST['translit']) && $_POST['translit']==1){
$msg=translit($msg);
}
if(strlen2($msg)<3){
$err='Короткое сообщение';
}
if(strlen2($msg)>10240){
$err='Длина сообщения превышает предел в 10240 символа';
}
$msg=mysql_real_escape_string($msg);
if(!isset($err)){
mysql_query("UPDATE `comm_forum_p` SET `msg` = '$msg' WHERE `id` = '$post[id]' AND `id_comm` = '".$id_comm."' LIMIT 1");
}
header("Location: index.php?id_forum=$forum[id]&id_razdel=$razdel[id]&id_them=$them[id]&id_comm=$id_comm&page=end");
}
if(isset($user) && $admin['uid']==$user['id'] && $_GET['act']=='edit' && ($admin['priv']>0 || $post['id']==$post2['id'] && $post['id_user']==$user['id'] && $post['time']>time()-600)){
$set['title'] = 'Форум - редактирование поста';
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo '<div class="foot"> <a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
echo '<form method="post" action="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=edit">';
echo 'Сообщение:<br/><textarea name="msg">'.output_text($post['msg'],false,true,false,false,false).'</textarea><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit" value="1"/> Транслит</label><br/>';
}
echo '<input name="post" value="Изменить" type="submit"/></form>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=delete">Удалить пост</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&page=end">В тему</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_comm='.$id_comm.'">'.$razdel['name'].'</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
include_once '../../sys/inc/tfoot.php';
}
if(isset($user) && $admin['uid']==$user['id'] && $_GET['act']=='delete' && $them['close']==0 && ($admin['priv']>0 || $post['id']==$post2['id'] && $post['id_user']==$user['id'] && $post['time']>time()-600) || $them['close']==1 && $admin['priv']>0){
mysql_query("DELETE FROM `comm_forum_p` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1");
}
if(isset($user) && $admin['uid']==$user['id'] && $_GET['act']=='msg' && $them['close']==0){
$ank=get_user($post['id_user']);
$set['title']='Форум - '.$them['name'];
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo '<div class="foot"><a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
echo '<form method="post" name="message" action="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&act=new">';
echo '<a href="/info.php?id='.$ank['id'].'">Посмотреть анкету</a><br/>';
$msg2=$ank['nick'].', ';
echo 'Сообщение:<br/><textarea name="msg">'.$ank['nick'].', </textarea><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit" value="1"/> Транслит</label><br/>';
}
echo '<input name="post" value="Отправить сообщение" type="submit"/></form>';
echo '» <a href=index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&page=end">В тему</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_comm='.$id_comm.'">'.$razdel['name'].'</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
include_once '../../sys/inc/tfoot.php';
}
if(isset($user) && $admin['uid']==$user['id'] && $_GET['act']=='cit' && $them['close']==0){
$ank=get_user($post['id_user']);
$set['title']='Форум - '.$them['name'];
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo '<div class="foot"><a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
echo 'Будет процетировано сообщение:<br/>';
echo '<div class="cit">'.output_text($post['msg']).'</div>';
echo '<form method="post" name="message" action="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&act=new">';
echo '<input name="cit" value="'.$post['id'].'" type="hidden"/>';
$msg2=$ank['nick'].', ';
echo 'Сообщение:<br/><textarea name="msg">'.$ank['nick'].', </textarea><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit" value="1"/> Транслит</label><br/>';
}
echo '<input name="post" value="Отправить сообщение" type="submit"/></form>';
echo '» <a href=index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&page=end">В тему</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_comm='.$id_comm.'">'.$razdel['name'].'</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
include_once '../../sys/inc/tfoot.php';
}
}else if(isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE$no_adm `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_razdel']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_t` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 ){
$forum=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_f` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$razdel=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$them=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_t` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$set['title']='Форум - '.$them['name'];
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo ' <a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a><br/>';
$ank2=get_user($them['id_user']);
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']>0){
include 'inc/set_them_act.php';
}
include 'inc/them.php';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']>0){
include 'inc/set_them_form.php';
}
if(isset($user) && $admin['uid']==$user['id']){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_zakl` WHERE `id_them` = '$them[id]' AND `id_user` = '$user[id]' AND `id_comm` = '".$id_comm."'"),0)==0){
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&page='.$page.'&zakl=1">В закладки</a><br/>';
}else{
mysql_query("UPDATE `comm_forum_zakl` SET `time` = '".time()."' WHERE `id_them` = '$them[id]' AND `id_user` = '$user[id]' AND `id_comm` = '".$id_comm."'");
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&page='.$page.'&zakl=0">Удалить из закладок</a><br/>';
}
}
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_comm='.$id_comm.'">'.$razdel['name'].'</a><br/>';
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
include_once '../../sys/inc/tfoot.php';
}else if(isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE$no_adm `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1 && isset($_GET['id_razdel']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1){
$forum=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_f` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$razdel=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_r` WHERE `id` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
if(isset($user) && $admin['uid']==$user['id'] && isset($_GET['act']) && $_GET['act']=='new' && (!isset($_SESSION['time_c_t_forum']) || $_SESSION['time_c_t_forum']<$time-600 || $admin['priv']>0)){
include 'inc/new_t.php';
}else{
$set['title']='Форум - '.$razdel['name'];
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo ' <a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a><br/>';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2){
include 'inc/set_razdel_act.php';
}
include 'inc/razdel.php';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2){
include 'inc/set_razdel_form.php';
}
if(isset($user) && $admin['uid']==$user['id']){
echo ' - <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_comm='.$id_comm.'&act=new">Новая тема</a><br/>';
}
echo '» <a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
}
include_once '../../sys/inc/tfoot.php';
}else if(isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE$no_adm `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."'"),0)==1){
$forum=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_f` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
$set['title']='Форум - '.$forum['name'];
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
echo ' <a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a><br/>';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2){
include 'inc/set_forum_act.php';
}
include 'inc/forum.php';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2){
include 'inc/set_forum_form.php';
}
echo '» <a href="index.php?id_comm='.$id_comm.'">Форум</a></div>';
include_once '../../sys/inc/tfoot.php';
}else{
$set['title'] = 'Форум';
include_once '../../sys/inc/thead.php';
title();
aut();
echo '<div class="menu">';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2 && isset($_GET['act']) && isset($_GET['ok']) && $_GET['act']=='new' && isset($_POST['name']) && isset($_POST['opis']) && isset($_POST['pos'])){
$name=esc(stripcslashes(htmlspecialchars($_POST['name'])));
if(isset($_POST['translit1']) && $_POST['translit1']==1){
$name=translit($name);
}
if(ereg("\{|\}|\^|\%|\\$|#|@|!|\~|'|\"|`|<|>",$name)){
$err='В названии форума присутствуют запрещенные символы';
}
if(strlen2($name)<3){
$err='Слишком короткое название';
}
if(strlen2($name)>32){
$err='Слишком днинное название';
}
$name=mysql_real_escape_string($name);
$opis=esc(stripcslashes(htmlspecialchars($_POST['opis'])));
if(isset($_POST['translit2']) && $_POST['translit2']==1){
$opis=translit($opis);
}
if(strlen2($opis)>512){
$err='Слишком длинное описание';
}
$opis=mysql_real_escape_string($opis);
$pos=intval($_POST['pos']);
if(!isset($err)){
mysql_query("INSERT INTO `comm_forum_f` (`opis`, `name`, `pos`, `id_comm`) values('$opis', '$name', '$pos', '$id_comm')");
msg('Подфорум успешно создан');
}
}
err();
echo ' <a href="../comm.php?id='.$id_comm.'">Сообщество</a>/<a href="index.php?id_comm='.$id_comm.'">Форум</a><br/>';
echo '<table class="post">';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==0){
$no_adm=" WHERE `adm` = '0' AND `id_comm` = '".$id_comm."'";
}else{
$no_adm =" WHERE `id_comm` = '".$id_comm."'";
}
$q=mysql_query("SELECT * FROM `comm_forum_f`$no_adm ORDER BY `pos` ASC");
if(mysql_num_rows($q)==0){
echo '<tr><td class="p_t">Нет подфорумов</td></tr>';
}
while($forum = mysql_fetch_array($q)){
echo '<tr><td class="icon14"><img src="/style/themes/'.$set['set_them'].'/forum/forum.png" alt=""/></td><td class="p_t">';
echo '<a href="index.php?id_forum='.$forum['id'].'&id_comm='.$id_comm.'">'.$forum['name'].'</a> ('.mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id_forum` = '$forum[id]' AND `id_comm` = '".$id_comm."'"),0).'/'.mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_t` WHERE `id_forum` = '$forum[id]' AND `id_comm` = '".$id_comm."'"),0).')';
echo '</td></tr><tr><td class="p_m" colspan="2">';
if($forum['opis']!=NULL){
echo output_text($forum['opis']).'<br/>';
}
echo '</td></tr>';
}
echo '</table>';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2 && (isset($_GET['act']) && $_GET['act']=='new' || mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE `id_comm` = '".$id_comm."'"),0)==0)){
echo '<form method="post" action="index.php?id_comm='.$id_comm.'&act=new&ok">';
echo 'Название подфорума:<br/><input name="name" type="text" maxlength="32" value=""/><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit1" value="1"/> Транслит</label><br/>';
}
echo 'Описание:<br/><textarea name="opis"></textarea><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit2" value="1"/> Транслит</label><br/>';
}
echo 'Позиция:<br/>';
$pos=mysql_result(mysql_query("SELECT MAX(`pos`) FROM `comm_forum_f` WHERE `id_comm` = '".$id_comm."'"), 0)+1;
echo '<input name="pos" type="text" maxlength="3" value="'.$pos.'"/><br/>';
echo '<input value="Создать" type="submit"/><br/>';
echo '» <a href="index.php?id_comm='.$id_comm.'">Отмена</a></form>';
}
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2 && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_f` WHERE `id_comm` = '".$id_comm."'"),0)>0){
echo '» <a href="index.php?id_comm='.$id_comm.'&act=new">Новый подфорум</a><br/>';
}
echo '</div>';
}
}
include_once '../../sys/inc/tfoot.php';
?>