function response_to_question($id, $answer) { $id = (int) $id; $answer_raw = $answer; $answer = str_to_html($answer); $answ = self::$baseC->update('faq', 'answer', $answer, 'id', $id); $raw_answ = self::$baseC->update('faq', 'raw_answer', $answer_raw, 'id', $id); $answd = self::$baseC->update('faq', 'answered', true, 'id', $id); if ($answ < 0) { return $answ; } elseif ($raw_answ < 0) { return $raw_answ; } elseif ($answd < 0) { return $answd; } else { return 1; } }
$comment_errors = array(NEWS_SECTION_ID => 'Не заполнен текст новости', ARTICLES_SECTION_ID => 'Не заполнен текст статьи', GALLERY_SECTION_ID => 'Не заполнено поле "Описание"', FORUM_SECTION_ID => 'Не заполнено поле "Ваш комментарий"'); if (!empty($_POST['submit_form'])) { $valid_sections = array(NEWS_SECTION_ID, ARTICLES_SECTION_ID, GALLERY_SECTION_ID, FORUM_SECTION_ID); if (!in_array($section_id, $valid_sections)) { $section_id = FORUM_SECTION_ID; } if (trim($_POST['subject']) === '') { $errors['subject'] = 'Не заполнено поле "Заголовок"'; } else { $subject = $_POST['subject']; } if (trim($_POST['comment']) === '') { $errors['comment'] = $comment_errors[$section_id]; } else { $comment = $_POST['comment']; $preview_comment = str_to_html($_POST['comment']); } if (!empty($_POST['user_field'])) { $errors['user_field'] = 'Заполнено поле не требующее заполнения'; $user_field = $_POST['user_field']; } if (empty($_POST['subsection_id'])) { $errors['subsection'] = 'Не указана подкатегория'; } else { $subsection_id = (int) $_POST['subsection_id']; } $prooflink = !empty($_POST['news_link']) ? $_POST['news_link'] : ''; if ($section_id == GALLERY_SECTION_ID && $_POST['submit_form'] != 'Предпросмотр') { if (!empty($_FILES['scrot_link']['tmp_name'])) { $blacklist = array(".php", ".phtml", ".php3", ".php4"); foreach ($blacklist as $item) {
function edit_news($id, $subject, $message, $reason, $tid, $link, $subsection) { $raw_message = str_replace('\\', '\', $message); $subject = htmlspecialchars($subject); if (strlen($subject) > 255) { $subject = substr($subject, 0, 252) . '...'; } $message = str_to_html($message); $changing_timest = gmdate("Y-m-d H:i:s"); $changed_by = $_SESSION['user_id']; $changed_for = htmlspecialchars($reason); $param_arr = array($subject, $raw_message, $message, $changing_timest, $changed_by, $changed_for, $id); $ret = self::$baseC->query('UPDATE comments SET subject=\'::0::\', raw_comment=\'::1::\', comment=\'::2::\', changing_timest=\'::3::\', changed_by=\'::4::\', changed_for=\'::5::\' WHERE id= \'::6::\'', 'assoc_array', $param_arr); $param_arr = array($link, $subsection, $tid); $ret = self::$baseC->query('UPDATE threads SET prooflink=\'::0::\', subsection=\'::1::\' WHERE id = \'::2::\'', 'assoc_array', $param_arr); return $ret; }
} else { $str = $str . $i . ':0;'; } } $str = $filtersC->set_auto_filter($msg_id, $str); $val = $messagesC->set_filter($msg_id, $str); require 'header.php'; $legend = 'Комментарий успешно добавлен'; $text = 'Комментарий успешно добавлен<br>Через три секунды вы будете перенаправлены в тред.<br>Если вы не хотите ждать, нажмите <a href="thread_' . $thread_id . '_comment_' . $msg_id . '#msg' . $msg_id . '">сюда</a>.'; require 'themes/' . $theme . '/templates/fieldset.tpl.php'; die('<meta http-equiv="Refresh" content="3; URL=/thread_' . $thread_id . '_comment_' . $msg_id . '#msg' . $msg_id . '">'); } } elseif ($_POST['sbm'] == 'Предпросмотр' && empty($errors)) { $is_preview = true; $message_subject = $subj; $message_comment = str_to_html($comment); $message_timestamp = gmdate("Y-m-d H:i:s"); $msg_autor = $usersC->get_user_info($_SESSION['user_id']); $message_autor = $msg_autor['nick']; $message_autor_profile_link = '/profile.php?user='******'HTTP_USER_AGENT']; } if (!empty($errors)) { $errors['msg'] = 'Сообщение не было отправлено, проверьте правильность заполнения формы'; } $subj = $coreC->html_escape($subj); } if (!$is_preview) { /* GET request or non-preview POST with errors */ $msg = $messagesC->get_message($message_id); $message_subject = $msg['subject'];
function modify_user_info_settings($id, $user_name, $user_lastname, $gender, $user_email, $show_email, $user_im, $show_im, $country, $city, $additional) { $user_name = htmlspecialchars($user_name); $user_lastname = htmlspecialchars($user_lastname); $gender = empty($gender) ? 0 : 1; if (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) { echo 'e-mail указан не верно'; include 'themes/' . $theme . '/templates/footer.tpl.php'; exit; } $show_email = empty($show_email) ? 0 : 1; if (!empty($user_im)) { if (!filter_var($user_im, FILTER_VALIDATE_EMAIL)) { echo 'IM указан не верно'; include 'themes/' . $theme . '/templates/footer.tpl.php'; exit; } } $show_im = empty($show_im) ? 0 : 1; $country = htmlspecialchars($country); $city = htmlspecialchars($city); $raw_additional = str_replace('\\', '\', $additional); $additional = str_to_html($additional); $photo = htmlspecialchars($photo); $param_arr = array($id, $user_name, $user_lastname, $gender, $user_email, $show_email, $user_im, $show_im, $country, $city, $additional, $raw_additional); $ret = self::$baseC->query('UPDATE users SET name = \'::1::\', lastname = \'::2::\', gender = \'::3::\', email = \'::4::\', show_email = \'::5::\', im = \'::6::\', show_im = \'::7::\', country = \'::8::\', city = \'::9::\', additional = \'::10::\', raw_additional = \'::11::\' WHERE id = \'::0::\'', 'assoc_array', $param_arr); return $ret; }