| // добавляем файл |
| if(isset($_GET['act']) && $_GET['act']=='new' && isset($_FILES['file_f']) && ereg('\.', $_FILES['file_f']['name']) && isset($_POST['file_s'])){ |
| copy($_FILES['file_f']['tmp_name'], H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp'); |
| chmod(H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp', 0777); |
| if(isset($_SESSION['file'])){ |
| $next_f=count($_SESSION['file']); |
| }else{ |
| $next_f=0;} |
| $file=esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name']))); |
| $_SESSION['file'][$next_f]['name']=eregi_replace('\.[^\.]*$', NULL, $file); // имя файла без расширения |
| $_SESSION['file'][$next_f]['ras']=strtolower(eregi_replace('^.*\.', NULL, $file)); |
| $_SESSION['file'][$next_f]['tmp_name']=H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp'; |
| $_SESSION['file'][$next_f]['size']=filesize(H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp'); |
| $_SESSION['file'][$next_f]['type']=$_FILES['file_f']['type'];} |
| |
| // добавляем пост |
| if(($them['close']==0 || $them['close']==1) && isset($_GET['act']) && $_GET['act']=='new' && isset($_POST['msg']) && isset($_POST['post'])){ |
| $msg=$_POST['msg']; |
| if(isset($_POST['translit']) && $_POST['translit']==1){ |
| $msg=translit($msg);} |
| if(strlen2($msg)<2){ |
| $err='Короткое сообщение';} |
| if(strlen2($msg)>10240){ |
| $err='Длина сообщения превышает предел в 10240 символа';} |
| if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id_them` = '$them[id]' AND `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id_user` = '$user[id]' AND `msg` = '".mysql_real_escape_string($msg)."' AND `id_comm` = '$id_comm' LIMIT 1"),0)!=0){ |
| $err='Ваше сообщение повторяет предыдущее';} |
| |
| if(!isset($err)){ |
| if(isset($_POST['cit']) && is_numeric($_POST['cit']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id` = '".intval($_POST['cit'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '$id_comm'"),0)==1){ |
| $cit=intval($_POST['cit']); |
| }else{ |
| $cit='null';} |
| |
| $msg = mysql_real_escape_string($msg); |
| |
| mysql_query("UPDATE `user` SET `balls` = '".($user['balls']+1)."' WHERE `id` = '$user[id]' LIMIT 1"); |
| mysql_query("INSERT INTO `comm_forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `time`, `msg`, `cit`, `id_comm') values('$forum[id]', '$razdel[id]', '$them[id]', '$user[id]', '$time', '$msg', '$cit', '$id_comm')"); |
| mysql_query("UPDATE `comm_forum_zakl` SET `time_obn` = '$time' WHERE `id_them` = '$them[id]' AND `id_comm` = '$id_comm'"); |
| |
| $post_id=mysql_insert_id(); |
| |
| if(isset($_SESSION['file'])){ |
| for($i=0; $i<count($_SESSION['file']);$i++){ |
| if(isset($_SESSION['file'][$i]) && is_file($_SESSION['file'][$i]['tmp_name'])){ |
| mysql_query("INSERT INTO `comm_forum_files` (`id_post`, `name`, `ras`, `size`, `type`, `id_comm`) values('$post_id', '".$_SESSION['file'][$i]['name']."', '".$_SESSION['file'][$i]['ras']."', '".$_SESSION['file'][$i]['size']."', '".$_SESSION['file'][$i]['type']."', '$id_comm')"); |
| $file_id=mysql_insert_id(); |
| copy($_SESSION['file'][$i]['tmp_name'], H.'sys/comm/forum/'.$file_id.'.frf'); |
| unlink($_SESSION['file'][$i]['tmp_name']);}} |
| unset($_SESSION['file']);} |
| unset($_SESSION['msg']); |
| mysql_query("UPDATE `comm_forum_r` SET `time` = '$time' WHERE `id` = '$razdel[id]' AND `id_comm` = '$id_comm' LIMIT 1"); |
| mysql_query("UPDATE `comm_forum_t` SET `time` = '$time' WHERE `id` = '$them[id]' AND `id_comm` = '$id_comm' LIMIT 1"); |
| msg('Сообщение успешно добавлено');}} |
