View file stol/guest.php

File size: 3.24Kb
<?

require_once ( "../includes/start.php" );
require_once ( "../includes/functions.php" );
require_once ( "../includes/header.php" );
include_once ( "../themes/" . $config['themes'] . "/index.php" );
if ( is_user() )
{
		include_once ( "../includes/db.php" );
		$ank_adm = mysql_fetch_array( mysql_query( "SELECT * FROM `stol` WHERE `id` = '" . ( int )
				$_GET['id'] . "'" ) );
		show_title( 'partners.gif', 'Комментарии к заказу.' );
		if ( isset( $_GET['ok'] ) )
				echo 'Сообщение успешно добавлено.<br />';

		if ( isset( $_POST['msg'] ) )
		{
				if ( utf_strlen( $_POST['msg'] ) > 1024 )
				{
						show_error( 'Сообщение слишком длинное' );
				} elseif ( utf_strlen( $_POST['msg'] ) < 2 )
				{
						show_error( 'Короткое сообщение' );
				}
				else
				{
						$msg = mysql_escape_string( $_POST['msg'] );
						mysql_query( "INSERT INTO `stol_guest` (user,id_post, time, msg) values('$log', '" . ( int )
								$_GET['id'] . "', '" . time() . "', '$msg')" );
						header( "location: ?ok&id=".$_GET[id]."&".SID );
				}
		} elseif ( isset( $_GET['iddel'] ) and is_admin( array( 101, 102, 103, 105 ) ) )
		{
				mysql_query( "DELETE FROM `stol_guest` WHERE `id` = '" . ( int )$_GET['iddel'] . "'" );
				echo 'Сообщение успешно удалено.<br />';
		}
		$total = mysql_num_rows( mysql_query( "SELECT id FROM `stol_guest` WHERE `id_post` = '" .
				( int )$_GET['id'] . "'" ) );
		if ( $total <= '0' )
				show_error( 'Нет сообщений' );
		if ( $start < 0 || $start >= $total )
		{
				$start = 0;
		}
		if ( $total < $start + $config['chatpost'] )
		{
				$end = $total;
		}
		else
		{
				$end = $start + $config['chatpost'];
		}
		$q = mysql_query( "SELECT * FROM `stol_guest` WHERE `id_post` = '" . ( int )$_GET['id'] .
				"'" );
		for ( $i = $start; $i < $end; $i++ )
		{

				while ( $post = mysql_fetch_array( $q ) )
				{

						echo " <div class='e'><a href='" . BASEDIR . "pages/anketa.php?uz=$post[user]&".SID."'><font color='red'>$post[user] </font></a> ";

						echo "(" . date( 'H:i:s j F Y', $post['time'] ) . ")<br/>";

						echo trim( smiles( stripcslashes( htmlspecialchars( $post['msg'] ) ) ) ) . "<br />\n";
						echo "</div>\n";

						if ( is_admin( array( 101, 102, 103, 105 ) ) )
						{
								echo "<div class='b'><a href='?iddel=$post[id]&id=$_GET[id]&".SID."'>Удалить</a><br />\n";
						}
						echo "</div>\n";

				}
		}
		page_jumpnavigation( 'guest.php?', $config['chatpost'], $start, $total );
		page_strnavigation( 'guest.php?', $config['chatpost'], $start, $total );

		echo '<form method="post" action="guest.php?id=' . $_GET['id'] . '&'.SID.'">';
		echo "Сообщение:<br />\n<textarea name=\"msg\"></textarea><br />\n";
		echo "<input value=\"Отправить\" type=\"submit\" />\n";
		echo "</form>\n";
						echo '<br />&laquo;<a href="index.php?&'.SID.'">К списку заказов</a>';
}
else
		echo 'Чтобы писать в наш стол заказов, вам надо зарегистрироваться или авторизироваться!';
include_once ( "../themes/" . $config['themes'] . "/foot.php" );

?>