<?php
$id = intval ($id);
include ('ini.php');
if ($html) echo '<div class="sec">';
echo 'Добавить мнение';
if($html) echo '</div><div>';
else
echo '<br/>----<br/>';
// --------------------------------------------------------------------------------------------------------------------
$q = mysql_qw ('SELECT * FROM news WHERE id=?',$id);
if(mysql_num_rows($q)==0)
{
if($html) { echo '<div>'; $dive = '</div>'; } exit ('[Новостей нет]'.$dive.$px);
}
switch ($act)
{case 'add':
$name = substr ($name,0,20);
$name=htmlspecialchars(stripslashes($name));
$msg = substr ($msg,0,512);
$msg=htmlspecialchars(stripslashes($msg));
$msg=str_replace("http://","",$msg);
$msg=str_replace("&","",$msg);
$msg=str_replace("&&","",$msg);
$msg=str_replace("wap.","",$msg);
$msg=str_replace("\r","",$msg);
$msg=str_replace("\n","",$msg);
$msg=str_replace(".wen.",".simwap.",$msg);
$msg=str_replace(".kmx.",".simwap.",$msg);
$msg=str_replace(".net.",".simwap.",$msg);
$msg=str_replace(".org.",".simwap.",$msg);
$msg=str_replace("пидарас","хороший чел!",$msg);
$msg=str_replace("хуё","***",$msg);
$msg=str_replace("хуи","***",$msg);
$msg=str_replace("хуй","***",$msg);
if($name =='' or $msg == '')
exit ("Не заполнены обязательные поля".$px);
$q = mysql_qw ('select * from news where id=?',intval($id));
if(mysql_num_rows ($q)==0) exit;
mysql_qw ('INSERT INTO comm SET time=?,name=?,msg=?,id_news=?',time(),$name,$msg,intval($id)) or die(mysql_error());
echo 'Комент добавлен<br/>';
echo "<a href='index.php?wap=$wap'>К новостям</a>";
if($html) echo '</div>';
exit ($px);
break;
default:
if($html)
echo"<form action='add.php?id=$id&act=add&wap=$wap' method='post'>
Ваше имя:<input name='name'><br>
Сообщение:<input name='msg'><br>
<input type='submit' value='Добавить'></form>";
else
echo"
</small>Ваше имя:<input name='name'/><br/>
Мнение:<input name='msg'/><br/>
<anchor>Добавить<go href='add.php?id=$id&act=add&wap=$wap' method='post'>
<postfield name='name' value='$(name)'/>
<postfield name='msg' value='$(msg)'/>
</go></anchor><small>";
exit ($px);
break;
}
?>