View file library/addkomm.php

File size: 3.57Kb
<?php

/*
////////////////////////////////////////////////////////////////////////////////
// JohnCMS                Mobile Content Management System                    //
// Project site:          http://johncms.com                                  //
// Support site:          http://gazenwagen.com                               //
////////////////////////////////////////////////////////////////////////////////
// Lead Developer:        Oleg Kasyanov   (AlkatraZ)  [email protected] //
// Development Team:      Eugene Ryabinin (john77)    [email protected]   //
//                        Dmitry Liseenko (FlySelf)   [email protected]     //
////////////////////////////////////////////////////////////////////////////////
*/

defined('_IN_JOHNCMS') or die('Error: restricted access');

if ($user_id && !$ban['1'] && !$ban['10'] && ($set['mod_lib_comm'] || $rights >= 7)) {
    if (!$id) {
        echo "ERROR<br/><a href='?'>Back</a><br/>";
        require_once('../incfiles/end.php');
        exit;
    }
    $req = mysql_query("SELECT `name` FROM `lib` WHERE `type` = 'bk' AND `id` = '" . $id . "' LIMIT 1");
    if (mysql_num_rows($req) != 1) {
        // если статья не существует, останавливаем скрипт
        echo '<p>ERROR<br/><a href="index.php">Back</a></p>';
        require_once('../incfiles/end.php');
        exit;
    }
    // Проверка на флуд
    $flood = functions::antiflood();
    if ($flood) {
        require_once('../incfiles/head.php');
        echo functions::display_error($lng['error_flood'] . ' ' . $flood . ' ' . $lng['sec'], '<a href="?act=komm&amp;id=' . $id . '">' . $lng['back'] . '</a>');
        require_once('../incfiles/end.php');
        exit;
    }
    if (isset($_POST['submit'])) {
        if ($_POST['msg'] == "") {
            echo $lng['error_empty_message'] . "<br/><a href='index.php?act=komm&amp;id=" . $id . "'>" . $lng['back'] . "</a><br/>";
            require_once('../incfiles/end.php');
            exit;
        }
        $msg = functions::check($_POST['msg']);
        if ($_POST['msgtrans'] == 1) {
            $msg = trans($msg);
        }
        $msg = mb_substr($msg, 0, 500);
        $agn = strtok($agn, ' ');
        mysql_query("INSERT INTO `lib` SET
            `refid` = '" . $id . "',
            `time` = '" . $realtime . "',
            `type` = 'komm',
            `avtor` = '" . $login . "',
            `count` = '" . $user_id . "',
            `text` = '" . $msg . "',
            `ip` = '" . $ip . "',
            `soft` = '" . mysql_real_escape_string($agn) . "'
        ");
        $fpst = $datauser['komm'] + 1;
        mysql_query("UPDATE `users` SET
            `komm`='" . $fpst . "',
            `lastpost` = '" . $realtime . "'
            WHERE `id`='" . $user_id . "'
        ");
        echo '<p>' . $lng_lib['comment_added'] . '<br />';
    } else {
        echo "<p>" . $lng_lib['write_comment'] . "<br/><br/><form action='?act=addkomm&amp;id=" . $id . "' method='post'>
        " . $lng['message'] . "<br/><textarea rows='3' name='msg'></textarea><br/><br/>
        <input type='checkbox' name='msgtrans' value='1' /> " . $lng['translit'] . "<br/>
        <input type='submit' name='submit' value='добавить' />
        </form><br/>";
        echo '<a href="index.php?act=trans">' . $lng['translit'] . '</a><br /><a href="../str/smile.php">' . $lng['smileys'] . '</a><br/>';
    }
    echo '<a href="?act=komm&amp;id=' . $id . '">' . $lng_lib['to_comments'] . '</a></p>';
} else {
    echo "<p>ERROR</p>";
}

?>