View file moduls/photo_my_comm_add.php

Милый пушистый сайт !!!!
File size: 1.71Kb 
<?php
/**********************************************/
/* Автор скрипта: Александр Есин              */
/* E-Mail: [email protected] ([email protected]) */
/* ICQ: 6464729                               */
/* Site: http://ticlove.ru                    */
/**********************************************/
?>
<?php define ('SECURED', true); ?>
<?php require (dirname(__FILE__).'/../_inc/sql.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/config.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/function.php'); ?>
<?php
	 if (!empty($_SESSION['auth_id']) && (intval($_POST['user_id']) == $_SESSION['auth_id']))
	 {
	      if (!empty($_POST['fid']))
	      {
	           if (!empty($_POST['msg']))
		   {
		        $fid = intval($_POST['fid']);
			$f = mysql_query("SELECT * FROM `q_photo` WHERE `id_photo` = '".$fid."' LIMIT 1;");
			if (mysql_num_rows($f) == 0)
			{
			echo 'error';
			exit;
			}
			else
			{
			$msg = trim($_POST['msg']);
			$msg = iconv('utf-8', 'windows-1251', $msg);
			if (strlen($msg) > 1000) $msg = substr($msg, 0, 1000);
			$msg = iconv('windows-1251', 'utf-8', $msg);
			
			mysql_query("UPDATE `q_photo` SET `all_comm` = `all_comm` + '1' WHERE `id_photo` = '".$fid."';");
			
			if (mysql_query("INSERT INTO `q_photo_comm` (`id_foto`, `id_user`, `uid_user`, `msg`, `new`, `time`) VALUES ('".$fid."', '".$_SESSION['auth_id']."', '".$_SESSION['auth_id']."', '".function_sql($msg)."', '1', '".time()."');")) $str = '<script type="text/javascript">location="/album.php?mode=comments&photo_id='.$fid.'";</script>';
			      }
		   } else $str = '<div style="color: #ff0000;">Вы не написали комментарий</div>';
	      }
	 }
	 echo $str;
?>