<?php
Error_Reporting(E_ALL & ~E_NOTICE);
Error_Reporting (ERROR | WARNING);
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
extract($HTTP_SERVER_VARS);
extract($HTTP_SESSION_VARS);
session_name("SESID");
session_start();
require ("../../mysql.php");
require ("../../config.php");
require ("../../themes/$themes.php");
include 'constant.php';
@$cf = $_GET["cf"];
@$lf = $_GET["lf"];
@$br = $_GET["br"];
if(preg_match("[http]",$lf)) exit(ERROR_MESAGE);
if(preg_match("[\.\.]",$lf)) exit(ERROR_MESAGE);
if(preg_match("[http]",$cf)) exit(ERROR_MESAGE);
if(preg_match("[\.\.]",$cf)) exit(ERROR_MESAGE);
$cf = str_replace('http://','',$_GET["cf"]);
$lf = str_replace('http://','',$_GET["lf"]);
$cf = str_replace('..','',$cf);
$cf = str_replace('/','',$cf);
echo '<small>Комментарии к: <a href="'.$lf.'">'.$cf.'</a></small><br />';
if(!$_GET["sub"]) {
echo '<div class=line><small>Прокомментировать:</small></div>
<form action="comm.php" method="GET">
<small>Имя:</small><br /><input type="text" name="name"><br />
<small>Комментарий:</small><br /><input type="text" name="mes"><br />
<input type="hidden" name="cf" value="'.$cf.'">
<input type="hidden" name="lf" value="'.$lf.'">
<input type="hidden" name="br" value="'.str_replace('..','',$br).'">
<input type="hidden" name="sub" value="1">
<input type="submit"><br /><hr>'; }
if($_GET["sub"])
{
if(strip_tags($_GET["name"]) == '') exit("Вы не ввели имя");
if(strip_tags($_GET["mes"]) == '') exit("Вы не ввели сообщение");
if(!empty($_GET["mes"]))
{
if(!empty($_GET["name"]))
{
if(trim($_GET["mes"]) != '')
{
if(trim($_GET["name"]) != '')
{
if($fp = @fopen("./comm/cm.".$cf.".cm","a+"))
{
$name = $_GET["name"];
$mes = $_GET["mes"];
$fp = @fputs($fp,time().'<br /><small><b>Имя: '.strip_tags(trim(substr($name,0,21))).'</b></small><br />'.'<small><b>Комментарий:</b></small><br /><small>'.strip_tags(trim(substr($mes,0,1000))).'</small><hr>'.''."\n");
@fclose($fp);
print "<b>Ok, <a href=\"comm.php?cf=$cf&lf=$lf&br=".str_replace('..','',$br)."\">Далее</a></b><br />";
include('./lite/footer.inc.php');
exit();
} else {
print "<b>Sorry, <a href=\"comm.php?cf=$cf&lf=$lf&br=".str_replace('..','',$br)."\">Далее</a></b><br />";
include("../tel/footer.php");
exit();
}
}
}
}
}
}
if(file_exists("./comm/cm.".$cf.".cm"))
{
$cv = @file("./comm/cm.".$cf.".cm");
$klk = sizeof($cv);
if($fp = @fopen('ck/'.$cf.'.dat',"w+")) {
$fp = @fputs($fp,$klk);
@fclose($fp);
}
}
elseif(!file_exists("./comm/cm.".$cf.".cm"))
{
echo 'Пока нету';
}
$cv = str_replace('%','',$cv);
$st = $_GET["st"];
if(empty($st))
{
$st = 0;
}
$fn = $st + COMMENTS_COUNT;
@rsort($cv,1);
for($i=$st;$i<$fn;$i++)
{
$cv[$i] = strstr($cv[$i],'<');
echo ''.strip_tags($cv[$i],'<a>,<div>,<br>,<small>,<b><hr>').'';
}
if($st != 0) {
echo '<br /><small><a href="?st='.($st-COMMENTS_COUNT).'&cf='.$cf.'&lf='.$lf.'&br='.str_replace('..','',$br).'"><<-</a></small> |'; }
if($fn < sizeof($cv)) {
echo ' <small><a href="?st='.($st+COMMENTS_COUNT).'&cf='.$cf.'&lf='.$lf.'&br='.str_replace('..','',$br).'">->></a></small>'; }
echo '<hr><small><a href="index.php?a='.str_replace('..','',$br).'">К разделам</a></small>';
include('../../foot.php');
?>