Размер файла: 1.71Kb
<?php
/**********************************************/
/* Автор скрипта: Александр Есин */
/* E-Mail: [email protected] ([email protected]) */
/* ICQ: 6464729 */
/* Site: http://ticlove.ru */
/**********************************************/
?>
<?php define ('SECURED', true); ?>
<?php require (dirname(__FILE__).'/../_inc/sql.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/config.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/function.php'); ?>
<?php
if (!empty($_SESSION['auth_id']) && (intval($_POST['user_id']) == $_SESSION['auth_id']))
{
if (!empty($_POST['fid']))
{
if (!empty($_POST['msg']))
{
$fid = intval($_POST['fid']);
$f = mysql_query("SELECT * FROM `q_photo` WHERE `id_photo` = '".$fid."' LIMIT 1;");
if (mysql_num_rows($f) == 0)
{
echo 'error';
exit;
}
else
{
$msg = trim($_POST['msg']);
$msg = iconv('utf-8', 'windows-1251', $msg);
if (strlen($msg) > 1000) $msg = substr($msg, 0, 1000);
$msg = iconv('windows-1251', 'utf-8', $msg);
mysql_query("UPDATE `q_photo` SET `all_comm` = `all_comm` + '1' WHERE `id_photo` = '".$fid."';");
if (mysql_query("INSERT INTO `q_photo_comm` (`id_foto`, `id_user`, `uid_user`, `msg`, `new`, `time`) VALUES ('".$fid."', '".$_SESSION['auth_id']."', '".$_SESSION['auth_id']."', '".function_sql($msg)."', '1', '".time()."');")) $str = '<script type="text/javascript">location="/album.php?mode=comments&photo_id='.$fid.'";</script>';
}
} else $str = '<div style="color: #ff0000;">Вы не написали комментарий</div>';
}
}
echo $str;
?>