Просмотр файла modules/forum/add_post.php

Конкурс дизайнеров на 15000 рублей
Реклама ваших сайтов
Размер файла: 4.51Kb 
  1. <?php
  2. /**********************************
  3. *	@package: PerfCMS			  *
  4. *	@year: 2012					  *
  5. *	@author: Artas				  *
  6. *	@link: http://perfcms.ru	  *
  7. **********************************/
  8. $locate = 'in_forum';
  9. $topic_id = abs(intval($_GET['topic_id']));
  10. if(!isset($user) || !isset($topic_id)) { header('Location:/'); }
  11. if($db->query("SELECT * FROM `forum_t` WHERE `id` = '". $topic_id ."'")->rowCount() == 0) {
  12. header('Location:/forum/');
  13. }
  14. if(isset($_POST['create']) && $_GET['act'] == 'create') {
  15.  
  16. if(!empty($_POST['text'])) { $text = substr(input($_POST['text']), 0, 10000);} else { $err = 'Message is empty'; }
  17. if(!empty($_POST['text'])) {
  18. $db->query("INSERT INTO `forum_pt` SET `text` = '".$text."', `time` = '". time() ."', `user_id` = '".$user['id']."', `topic_id` = '".$topic_id."', `file` = '', `file_size` = '0', `edit_time` = '0', `edit_user_id` = '0', `count_edit` = '0', `cat_id` = '0', `name` = ''");
  19. // print_r($db->errorInfo());
  20. $lastPostId = $db->lastInsertId();
  21. if($db->query("SELECT * FROM `notify` WHERE `user_id` = '". $user['id'] ."' AND `type` = 'notify_topic_reply' AND `request_id` = '$topic_id'")->rowCount() == 0)
  22. 	{
  23. 		$db->query("INSERT INTO `notify` SET `user_id` = '". $user['id'] ."', `from_id` ='". $user['id'] ."', `request_id` = '$topic_id', `type` = 'notify_topic_reply', `read` = '0', `time` = '". time() ."'");
  24. 		// print_r($db->errorInfo());
  25. 		$db->query("UPDATE `notify` SET `read` = '0', `time` = '". time() ."' WHERE `user_id` = '". $user['id'] ."' AND `from_id` = '". $user['id'] ."' AND `type` = 'notify_topic_reply' AND `request_id` = '$topic_id'");
  26. 		// print_r($db->errorInfo());
  27. 	}
  28. else
  29. 	{
  30. 		$db->query("UPDATE `notify` SET `from_id` = '". $user['id'] ."', `read` = '0', `time` = '". time() ."' WHERE `type` = 'notify_topic_reply' AND `request_id` = '$topic_id' AND `user_id` != '$user[id]'");
  31. 		// print_r($db->errorInfo());
  32. 	}
  33. $db->query("UPDATE `forum_t` SET `time_last_post` = '". time() ."', `user_last_post` = '". $user['id'] ."' WHERE `id` = '".$topic_id."'");
  34. $file_dir = ROOT .'/files/forum/';
  35. 		if (isset($_FILES['file']) && $_FILES['file']['tmp_name']) {
  36. 			$patch = pathinfo($_FILES['file']['name']);
  37. 			if (!in_array($patch['extension'], explode(';', $system['files_types']))) { $err = 'File extention not allowed.<br />'; }
  38. 			$name_start = cyrlat($patch['filename']);
  39. 			$name_short = trim($name_start).'_'.time();
  40. 			$name_end = mb_convert_encoding($name_short, "UTF-8");
  41. 			$name = $name_end.'.'. $patch['extension'];
  42. 			if (file_exists($file_dir . $name)) { $err = 'This file exists<br />'; }
  43. 			
  44. 			if(!isset($err)) {
  45.         	move_uploaded_file($_FILES['file']['tmp_name'], $file_dir . $name);
  46.         	$db->query("UPDATE `forum_pt` SET `file` = '". input($name) ."', `file_size` = '". $_FILES['file']['size'] ."' WHERE `id` = '".$lastPostId."'");
  47. 			// print_r($db->errorInfo());
  48. 			} else { echo $err; }
  49.  		}
  50. // print_r($db->errorInfo());
  51. header('Location:/forum/topic'. abs(intval($topic_id)).'/?page=end');
  52. exit;
  53. // print_r($db->errorInfo());
  54.  } else { header('Location:/forum/topic'. abs(intval($topic_id)).'/?page=end'); exit;}
  55. }
  56. $title = $lang->word('add_message');
  57. require_once(SYS.'/view/header.php');
  58. $tpl->div('title', $lang->word('add_message'));
  59. $tpl->div('menu', '<form action="/forum/add_post/'. $topic_id .'/?act=create" method="post" enctype="multipart/form-data">
  60. 			<b>'. $lang->word('message') .'</b>:<br/>
  61. 			<textarea name="text" rows="5" cols="26">'.(isset($_GET['reply_to']) ? '[b]'.input($_GET['reply_to']).'[/b], ' : NULL) . (isset($_GET['quote']) ? "[quote][i][b]".tnick($db->query("SELECT user_id FROM `forum_pt` WHERE `topic_id` = '". $topic_id ."' AND `id` = '". abs(intval($_GET['quote'])) ."'")->fetchColumn())."[/b] ".date('d.m.Y, H:i', $db->query("SELECT time FROM `forum_pt` WHERE `topic_id` = '". $topic_id ."' AND `id` = '". abs(intval($_GET['quote'])) ."'")->fetchColumn())."[/i]:\n".preg_replace("/\[quote\]|\[\/quote\]/i", '', $db->query("SELECT text FROM `forum_pt` WHERE `topic_id` = '". $topic_id ."' AND `id` = '". abs(intval($_GET['quote'])) ."'")->fetchColumn())."\n[/quote] " : NULL)  .'</textarea><br/>
  62. 			<b>'.$lang->word('add_file').'</b><br/>
  63. 			<input type="file" name="file"><br/>
  64. 			<input name="create" type="submit" value="'. $lang->word('create') .'" /><br/>
  65. 		</form>');
  66. 		
  67. $tpl->div('block',  NAV .'<a href="/forum/topic'.$topic_id.'?page=end">'. $lang->word('back') .'</a><br/>' . NAV .'<a href="/forum/">'. $lang->word('forum') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
  68. require_once(SYS.'/view/footer.php');
  69. ?>