View file moduls/add_comm_news.php

File size: 1.6Kb
<?php
/**********************************************/
/* Автор скрипта: Александр Есин              */
/* E-Mail: [email protected] ([email protected]) */
/* ICQ: 6464729                               */
/* Site: http://ticlove.ru                    */
/**********************************************/
?>
<?php define ('SECURED', true); ?>
<?php require (dirname(__FILE__).'/../_inc/sql.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/config.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/function.php'); ?>
<?php
	 if (!empty($_SESSION['auth_id']) && (intval($_POST['user_id']) == $_SESSION['auth_id']))
	 {
	      if (!empty($_POST['news_id']))
	      {
	           if (!empty($_POST['msg']))
		   {
		        $msg = trim($_POST['msg']);
			$msg = iconv('utf-8', 'windows-1251', $msg);
			if (strlen($msg) > 1000) $msg = substr($msg, 0, 1000);
			$msg = iconv('windows-1251', 'utf-8', $msg);
		        
		        if (mysql_query("INSERT INTO `q_news_comm` (`id_news`, `id_user`, `comments`, `date_comm`) VALUES ('".intval($_POST['news_id'])."', '".$_SESSION['auth_id']."', '".function_sql($msg)."', '".time()."');"))
			{
			     mysql_query("UPDATE `q_news` SET `comments` = `comments` + '1' WHERE `id_news` = '".intval($_POST['news_id'])."';");
			     echo '<script type="text/javascript">location="/news.php?page=comments&news_id='.intval($_POST['news_id']).'";</script>';
			     echo 'Комментарий добавлен';
			}
			exit;
		   } else echo '<div style="color: #ff0000;">Вы не написали комментарий</div>';
	      }
	 }
?>