Просмотр файла forum/posting.php

<?php
// by Mike O. (mides), coolcms.org

$title = 'Форум';
require_once '../includes/sys.php';
require_once '../includes/header.php';

$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
$topic = mysql_fetch_assoc(mysql_query("SELECT `title`, `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));

switch ($act) {
    default:
		if ($u['id']) {
			if (empty($topic['closed'])) {
				if (TIME > $_SESSION['antispam']) {
					$text = check($_POST['text']);
					if ($text) {
						mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$id'");
						mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$topic[id_cat]', `id_subcat` = '$topic[id_subcat]', `id_topic` = '$id', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
						$_SESSION['antispam'] = TIME + $config['antispam'];
						redirect('topic.php?act=end&id='.$id);
					} else {
						redirect('topic.php?act=end&id='.$id);
					}
				} else {
					error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
					nav('topic.php?id='.$id);
				}
			} else {
				redirect('?');
			}
		} else {
			redirect(HTTPHOME.'/login.php');
		}
    break;

    case 'reply':
		if ($u['id']) {
			if ($msg['id']) {
				if (empty($topic['closed'])) {
					if ($ok) {
						if (TIME > $_SESSION['antispam']) {
							$text = check($_POST['text']);
							if ($text) {
								mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
								mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
								$_SESSION['antispam'] = TIME + $config['spam'];
								redirect('topic.php?act=end&id='.$msg['id_topic']);
							} else {
								redirect('?act=reply&id='.$id);
							}
						} else {
							error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
							nav('topic.php?id='.$msg['id_topic']);
						}
					} else {
						tp('<a href="topic.php?id='.$msg['id_topic'].'">'.$topic['title'].'</a>&raquo; ответ');
						echo '<div class="body">';
						echo note();
						echo '<form name="form" action="?act=reply&amp;id='.$id.'&amp;ok=1" method="post">
						 '.bbpanel('form', 'text').'<textarea name="text" cols="" rows="4">[b]'.username($msg['id_user'], 0).'[/b], </textarea><br />
						<input name="submit" type="submit" value="Ok" />
						</form>
						<a href="topic.php?id='.$msg['id_topic'].'">'.$topic['title'].'</a>&raquo; ответ
						</div>';
					}
				} else {
					redirect('topic.php?id='.$msg['id_topic']);
				}
			} else {
				redirect('index.php');
			}
		} else {
			redirect(HTTPHOME.'/login.php');
		}
    break;

    case 'quote':
		if ($u['id']) {
			$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
			if ($msg['id']) {
				$topic = mysql_fetch_assoc(mysql_query("SELECT `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));
				if (empty($topic['closed'])) {
					if ($ok) {
						if (TIME > $_SESSION['antispam']) {
							$text = check($_POST['text']);
							if ($text) {
								mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
								mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
								$_SESSION['antispam'] = TIME + $config['antispam'];
								redirect('topic.php?act=end&id='.$msg['id_topic']);
							} else {
								error('Вы не заполнили поле.');
								nav('?act=quote&amp;id='.$msg['id_topic']);
							}
						} else {
							error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
							nav('topic.php?id='.$msg['id_topic']);
						}
					} else {
						tp('Цитирование сообщения');
						echo '<div class="body"><form name="form" action="?act=quote&amp;id='.$id.'&amp;ok=1" method="post">
						 '.bbpanel('form', 'text').'<textarea name="text" cols="" rows="4">[i]'.username($msg['id_user'], 0).'[/i] пишет:[q]'.$msg['text'].'[/q]</textarea><br />
						<input name="submit" type="submit" value="Ok" />
						</form>';
						nav('topic.php?id='.$msg['id_topic']);
					}
				} else {
					redirect('topic.php?id='.$msg['id_topic']);
				}
			} else {
				redirect('index.php?');
			}
		} else {
			redirect('../other/login.php');
		}
    break;

    case 'edit':
		if ($u['id']) {
			$msg_r = mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'");
			$msg = mysql_fetch_assoc($msg_r);
			if ($msg['id']) {
				if (access(1) or $u['id'] == $msg['id_user'] and TIME - $msg['time'] < $config['edit_time']) {
					if (empty($ok)) {
						tp('Редактирование сообщения');
						echo '<div class="body"><form name="form" action="?act=edit&amp;id='.$id.'&amp;ok=1" method="post">
						 '.bbpanel('form', 'text').'<textarea name="text" cols="" rows="3">'.$msg['text'].'</textarea>
						<input name="submit" type="submit" value="Ok" />
						</form>';
						nav('topic.php?id='.$msg['id_topic']);
					} else {
						$text = check($_POST['text']);
						if ($text) {
							mysql_query("UPDATE `forum_msg` SET `text` = '$text', `edit_by` = '$u[id]', `edit_time` = '".TIME."' WHERE `id` = '$id'");
							redirect('topic.php?id='.$msg['id_topic']);
						} else {
							error('Вы не заполнили поле.');
							nav('?act=edit&amp;id='.$id);
						}
					}
				} else {
					error('Нельзя отредактировать это сообщение.');
					nav('topic.php?id='.$msg['id_topic']);
				}
			} else {
				redirect('index.php');
			}
		} else {
			redirect('../other/login.php');
		}
    break;

    case 'del':
		$msg = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_topic` FROM `forum_msg` WHERE `id` = '$id'"));
		if ($msg['id']) {
			mysql_query("DELETE FROM `forum_msg` WHERE `id` = '$id'");
			mysql_query("DELETE FROM `voting` WHERE `type` = 'forum' and `id_for` = '$id'");
			redirect('topic.php?id='.$msg['id_topic']);
		} else {
			redirect('topic.php?id='.$msg['id_topic']);
		}
    break;

    case 'vote':
		if ($u['id']) {
			$p = abs(intval($_GET['p']));
			$msg_r = mysql_query("SELECT `id`, `id_topic`, `id_user` FROM `forum_msg` WHERE `id` = '$id'");
			$msg = mysql_fetch_assoc($msg_r);
			if ($msg['id']) {
				if ($msg['id_user'] != $u['id']) {
					$query = mysql_query("SELECT `id` FROM `voting` WHERE `type` = 'forum' and `id_who` = '$u[id]' and `id_for` = '$id'");
					if (!mysql_num_rows($query)) {
						mysql_query("UPDATE `forum_msg` SET `votes` = (`votes`+1) WHERE `id` = '$id'");
						mysql_query("INSERT INTO `voting` SET `type` = 'forum', `id_who` = '$u[id]', `id_for` = '$id'");
						mysql_query("UPDATE `users` SET `karma` = (`karma`+1) WHERE `id` = '$msg[id_user]'");
					}
				}
				redirect('topic.php?id='.$msg[id_topic].'&p='.$p);
			} else {
				redirect('index.php');
			}
		} else {
			redirect('../other/login.php');
		}
    break;	
		
}

require_once '../includes/tail.php';
?>