View file waplend/uploads/comm.php

File size: 4.4Kb
<?PHP
include"../tools.php";
include"../head.php";
include"config.php";

if(!file_exists("".$_GET['kateg']."/".hacker($_GET['name']).""))
{
	echo "<div>Такого файла не существует!!!</div>";
	include"../foot.php";
	exit;
}


if ($_GET['act']=="del")
{
		 $qw = mysql_fetch_array(mysql_query("SELECT * FROM `administration`where `iduser`='".$_SESSION['iduser']."'"));
if (mysql_affected_rows()=="1")
{$r="ok";}
if ($qw['type']>="500" and $r=="ok")
{
	if(mysql_query("DELETE FROM `".$namebase."` WHERE `id` = '".intval($_GET['id'])."';"))
	{echo "<div>Удалено!</div>";}
}
}

	



function tr_to_win($str)
{
$str=strtr($str,array("__"=>" ","_"=>"","a"=>"а","b"=>"б","v"=>"в","g"=>"г","d"=>"д","e"=>"е","yo"=>"ё","zh"=>"ж","z"=>"з","i"=>"и","j"=>"й","k"=>"к","l"=>"л","m"=>"м","n"=>"н","o"=>"о","p"=>"п","r"=>"р","s"=>"с","t"=>"т","u"=>"у","f"=>"ф","h"=>"х","c"=>"ц","ch"=>"ч","sh"=>"ш","sch"=>"щ","q"=>"ъ","x"=>"ы","%"=>"ь","ye"=>"э","yu"=>"ю","ya"=>"я",
"A"=>"А","B"=>"Б","V"=>"В","G"=>"Г","D"=>"Д","E"=>"Е","YO"=>"Ё","ZH"=>"Ж","Z"=>"З","I"=>"И","J"=>"Й","K"=>"К","L"=>"Л","M"=>"М","N"=>"Н","O"=>"О","P"=>"П","R"=>"Р","S"=>"С","T"=>"Т","U"=>"У","F"=>"Ф","H"=>"Х","C"=>"Ц","CH"=>"Ч","SH"=>"Ш","SCH"=>"Щ","Q"=>"Ъ","X"=>"Ы","YE"=>"Э","YU"=>"Ю","YA"=>"Я"));
 return $str;
}

      $page=hacker($_GET['page']);
      if ($page<=0)
      {$page=1;}
    echo "<div class='contur'><div class='header'>".$_GET['name']."</div></div>";
    
    if ($act=="send")
    {
    	if (!empty($msg))
    	{
    		if ($_POST[msgtrans]==1)
{
$msg = tr_to_win($msg);
}
    $search_bad_words = array("'хуй'si","'хуи'si","'пизд'si","'ёб'si","'сука'si","'суки'si","'дроч'si","'хуя'si","'ссуч'si");
    $replace = array("*","*","*","*","*","*","*","*","*");
    $msg = preg_replace($search_bad_words,$replace,$msg);
$realtime=time();
$msg=$msg;
$prov=mysql_query("select * from `".$namebase."` where `file`='".hacker($_GET['name'])."' && `type`='comm' && `author`='".$_SESSION['login']."' && `time`>'".intval(time()-600)."'");
		
if (mysql_affected_rows())
{
	$res="ok";
}
if (!empty($_SESSION['login']) && empty($res))
    {
mysql_query("insert into `".$namebase."` values('','".hacker($_GET['name'])."','".hacker($_POST['msg'])."','".time()."','".$_SESSION['login']."', 'comm', '', '');");
}
    	}
    }
    $messages = mysql_query("select * from `".$namebase."` where file='".hacker($_GET['name'])."' && `type`='comm' order by time desc ;");
$count = mysql_num_rows($messages);

    if (!empty($_SESSION['login']))
    {
    	echo   "<div class='contur'><div class='header'><form action='comm.php?act=send&amp;name=".$_GET['name']."&amp;kateg=".$_GET[kateg]."&amp;pages=".$_GET['pages']."' method='post'>
      Комментарий:<br />
        <textarea rows='2' name='msg'></textarea><br/><br />
        <input type='checkbox' name='msgtrans' value='1' /> Транслит сообщения<br />
      <input type='submit' value='добавить' />  
  </form><span style='color:red;'>Комментарий добавляется не чаще чем в 10 минут</span></div></div>";
    }
   while($massiv = mysql_fetch_array($messages)) 
{if ($i<=$page*10 & $i>=($page-1)*10)
	{
	 echo "<div class='contur'><div class='header'>$massiv[author] ".date("d/m/y",$massiv[time])."<br/> $massiv[text]";
	 
	 $qw = mysql_fetch_array(mysql_query("SELECT * FROM `administration`where `iduser`='".$_SESSION['iduser']."'"));
if (mysql_affected_rows()=="1")
{$r="ok";}
if ($qw['type']>="500" and $r=="ok")
{echo "<br/><a href='comm.php?act=del&amp;id=".$massiv[id]."&amp;name=".$_GET['name']."&amp;kateg=".$_GET['kateg']."&amp;pages=".$_GET['pages']."'>[x]</a>";
}

	 echo "</div></div>";
	}
	++$i;
	}
	if ($count>10)
	{
	$next=$page+1;
	print "<div><a href='comm.php?page=".$next."&amp;kateg=".$_GET[kateg]."&amp;pages=".$_GET['pages']."&amp;name=".$_GET['name']."'>Далее</a></div>";
	}
	$prev=$page-1;
	if ($prev!=0)
	{print "<div><a href='comm.php?page=".$prev."&amp;kateg=".$_GET[kateg]."&amp;pages=".$_GET['pages']."&amp;name=".$_GET['name']."'>Назад</a></div>";}
	echo "<a href='index.php?kateg=".$_GET[kateg]."&amp;pages=".$_GET['pages']."'>В ".tr_to_win($_GET['kateg'])."</a><br/>";
	echo "<div><a href='index.php'>В категории</a></div>";
	require ("../foot.php");