File size: 5.3Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author: Nikoloz Sitchinava [sitchi] //
// Link: http://sitchicms.num.ge //
// Skype: SitchiCMS //
// License: LICENSE.txt (see attached file) //
// Version: VERSION.txt (see attached file) //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../../';
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_gbook = load_lng('gbook');
head(''.$lng_gbook['1_1'].'');
echo'<div class="hdr"><b>'.$lng_gbook['1_1'].'</b></div>';
if(isset($_POST['msg']))
{
$msg = stripslashes(htmlspecialchars(trim($_POST['msg'])));
// შეტყობინების შემოწმება
if(mb_strlen($msg)<2)
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_8'].'.(min 2)</div>';
}
if(mb_strlen($msg)>512)
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_9'].'(max 512)</div>';
}
// სტუმრებისთვის
if(!isset($user) && isset($_POST['login']))
{
$login = stripslashes(htmlspecialchars(trim($_POST['login'])));
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_10'].'</div>';
}
if(mb_strlen($login)<3)
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_11'].'.(min 3)</div>';
}
if(mb_strlen($login)>32)
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_12'].'.(max 32)</div>';
}
if (!preg_match("#^[a-zა-ჰ0-9\-\_\?\!\,\.\ ]+$#ui", $login))
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_13'].'</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `users` WHERE `login`="'.mres($login).'" LIMIT 1')))
{
$err[] = '<div class="errmenu">'.$lng_gbook['1_14'].'</div>';
}}
if(isset($user))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gb` WHERE `id_user` = '$user[id]' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_gbook['1_15'].'</div>';}
}else{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gb` WHERE `login` = '".mres($login)."' AND `msg` = '".mres($msg)."' AND `time`>'".($time-86400)."' LIMIT 1"),0)!=0){
$err[] = '<div class="errmenu">'.$lng_gbook['1_15'].'</div>';}
}
if(!isset($err))
{
if(isset($user))
{
mysql_query("INSERT INTO `gb` (login, time, msg, id_user) values('$user[login]', '$time', '".mres($msg)."', '$user[id]')"); // ვამატებთ შეტყობინებას
mysql_query('UPDATE `users` SET `balans` = "'.($user['balans']+1).'" WHERE `id` = "'.$user['id'].'" LIMIT 1');// ვამატებთ თანხას
}
else
{
mysql_query("INSERT INTO `gb` (login, time, msg, id_user) values('$login', '$time', '".mres($msg)."' , '0')");// ვამატებთ შეტყობინებას
}
msg('<div class="menu">'.$lng_gbook['1_7'].'</div>');
}
err();
}
$_SESSION['rand']='';
echo'<div class="egmenu">';
echo'<a href="index.php">'.$lng['1_72'].'</a><br/>';
if(isset($user) || $set['guest_guestbook_write']==1)
echo'<a href="index.php?write">'.$lng_gbook['1_2'].'</a>';
if (isset($_GET['write']))
{
if(isset($user) || $set['guest_guestbook_write']==1)
{
echo"<form method='POST' action='index.php'>\n";
if (!isset($user))
{
echo''.$lng_gbook['1_3'].'(max 32):<br/><input type="text" name="login" maxlength="32" /><br/>';
echo'<img src="/pages/captcha.php" alt="" /><br/>';
echo'<input type="text" name="code" maxlength="4" size="2" /><br/>';
}
echo''.$lng_gbook['1_4'].'(max 512):<br/><textarea name="msg" maxlength="512"></textarea><br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo'</form>';
}}
echo'</div>';
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `gb`"),0);
$k_page=k_page($k_post,$set['p_count']);
$page=page($k_page);
$start=$set['p_count']*$page-$set['p_count'];
if ($k_post==0)
{
echo'<div class="errmenu">';
echo''.$lng_gbook['1_5'].'';
echo'</div>';
}
$q=mysql_query("SELECT * FROM `gb` ORDER BY id DESC LIMIT $start, $set[p_count]");
while ($post = mysql_fetch_array($q))
{
if ($post['id_user']==0)
{
$ank['sqe']='guest';
$ank['id']='0';
$ank['level']=0;
}else{
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".$post['id_user']."' LIMIT 1"));
}
echo'<div class="menu">';
echo'<img src="/themes/'.$set['set_them'].'/images/sqe_'.$ank['sqe'].'.png" alt="" /><a href="/pages/info.php?id='.$post['id_user'].'"> '.$post['login'].'</a> '.online($ank['id']).' <br/>('.timef($post['time']).')';
if (isset($user) && $user['level']>=2 && $user['level']>$ank['level'] || $user['id']==$ank['id'] && $user['level']>=2){
echo'<a href="delete.php?id='.$post['id'].'">[X]</a>';}
echo'<br/>'.post($post['msg']).'';
echo'</div>';
}
if ($k_page>1)str('?',$k_page,$page); // გვერდების გამოტანა
if (isset($user) && $user['level']>=4)
{
echo'<a href="delete.php?delete">'.$lng_gbook['1_6'].'</a></br>';
}
echo'<a href="'.$root_path.'modules/smiles/">'.$lng['1_48'].'</a><br/>';
echo'<a href="/pages/bb-code.php">'.$lng['1_49'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
?>