$smarty = new Smarty();
// Аутентификация
$autMgr = new AuthenticationManager();
$userID = $autMgr->getUserID();
$userGroup = $autMgr->getUserGroup();
if ($userID == 1 or $userGroup != 5) {
$autMgr->endSession();
header('location: /login');
exit;
}
if (isset($_POST['id']) && is_numeric($_POST['id'])) {
$id = $_POST['id'];
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$db->query("UPDATE pm_comments SET name='{$name}', email='{$email}', comment='{$comment}' WHERE cID='{$id}' LIMIT 1");
}
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$id = $_GET['id'];
} else {
die('bad aruments');
}
$db->query("SELECT * FROM pm_comments WHERE cID = {$id} LIMIT 1");
$db->fetch();
$smarty->assign('id', $db->data->cID);
$smarty->assign('name', $db->data->name);
$smarty->assign('email', $db->data->email);
$smarty->assign('comment', $db->data->comment);
$smarty->display('form.html');
print '<!-- Generated in ' . round(get_microtime() - $stime, 3) . ' sec -->';
mysql_close();
public function LoadComment($id)
{
global $user;
$cfg = new config();
$sql = new sql();
$text = '';
$trash = '';
$query = $sql->exe($cfg->get("realmd"), "SELECT * FROM `bt_comment` WHERE `entry` = '" . $id . "' AND `admin_reply` = '0' ORDER BY `id` DESC");
while ($row = $sql->fetch($query)) {
if ($user['gmlevel'] >= $cfg->get("mingm")) {
$trash = '<img src="img/trash.png" onClick="DeleteComment(' . $row['id'] . ',' . $_GET['detail'] . ')" onMouseOver="this.src=\'img/ontrash.png\'" onMouseOut="this.src=\'img/trash.png\'" style="cursor:pointer;" title="Удалить">';
$name = '<a href="' . $cfg->get("LinkPlayer") . $row['player'] . '" target="_blank">' . $this->GetNameByGUID($row['player']) . '</a>';
} else {
$name = $this->GetNameByGUID($row['player']);
}
$text .= '<div class="pad2">' . $trash . $row['date'] . ' [' . $name . ']:<div class="pad2">' . $row['text'] . '</div></div><hr>';
}
return $text;
}
static function get($table, $keys, $where = NULL, $order = NULL, $limit = NULL, $stop = NULL, $revelance = FALSE)
{
$where = self::__combine_where($where, $revelance);
$keys = self::__combine_select($keys, $revelance);
$q = sql::query('SELECT ' . $keys . ' FROM ' . self::__combine_table($table) . $where . self::__combine_order($order, $revelance) . self::__combine_limit($limit, $stop));
return self::escape_data(sql::fetch($q));
}
}
$from = 0;
$per_page = 15;
$cond = '';
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$cond = 'WHERE c.sID=' . $_GET['id'];
$smarty->assign('id', $_GET['id']);
}
$page_line = '';
if (isset($_GET['page']) && is_numeric($_GET['page'])) {
$page = $_GET['page'];
} else {
$page = 1;
}
$db->query("SELECT COUNT(c.sID) as count FROM pm_comments c {$cond}");
$db->fetch();
$page_line = get_page_line($page, $per_page, $db->data->count, '/comments/' . (isset($_GET['id']) && is_numeric($_GET['id']) ? '?id=' . $_GET['id'] : ''));
$from = ($page - 1) * $per_page;
/*
ob_start();
print_r($_POST);
$smarty->assign('message', nl2br(str_replace(' ', ' ', ob_get_contents()) ) );
ob_end_clean();
*/
$com_list = array();
$sQuery = "SELECT c.*, s.Title FROM pm_comments c LEFT JOIN pm_structure s ON (c.sID = s.sID) {$cond} ORDER BY date DESC LIMIT {$from}, {$per_page}";
$db->query($sQuery);
//print_r($sQuery);
while ($db->fetch()) {
$db->data->date = date('d-m-Y (H:i)', $db->data->date);
$db->data->comment = nl2br(htmlspecialchars(substr($db->data->comment, 0, 1024)));
public function view()
{
global $user;
$cfg = new config();
$main = new main();
if (empty($_GET['detail'])) {
if (isset($_GET['type'])) {
$type = intval($_GET['type']);
} else {
$type = 0;
}
if (isset($_GET['sort'])) {
$sort = intval($_GET['sort']);
} else {
$sort = 1;
}
if ($type > 0 && $type < 3) {
$href = "index.php?a=list&type=" . $type;
} else {
$href = "index.php?a=list";
}
$sortto = 'desc';
if (isset($_GET['sortto']) && ($_GET['sortto'] == "desc" || $_GET['sortto'] == "asc")) {
if (isset($_GET['last']) && $_GET['last'] == $sort) {
$_GET['sortto'] == "desc" ? $sortto = 'asc' : ($sortto = 'desc');
}
}
$mass = array(1 => array("30px", "#"), 2 => array("513px", "Заголовок"), 3 => array("120px", "Отправитель"), 4 => array("100px", "Прогресс"), 5 => array("100px", "Статус"), 6 => array("100px", "Приоритет"));
$text = '
<table height="100%" border="0" cellpadding="0" cellspacing="0" align="left">
<tr>';
for ($i = 1; $i < count($mass) + 1; $i++) {
if ($i == 4 && $cfg->get("progressbar") || $i != 4) {
$text .= '<td style="width:' . $mass[$i][0] . ';background-color:#666;" onClick="window.location.href=\'' . $href . '&sort=' . $i . '&sortto=' . $sortto . '&last=' . $sort . '\';" onMouseover="this.style.cursor=\'pointer\';this.style.backgroundColor=\'#777\';" onMouseout="this.style.cursor=\'default\';this.style.backgroundColor=\'#666\';"><div class="pad"><b>' . $mass[$i][1] . '</b></div></td>';
if ($i != count($mass)) {
$text .= '<td width="1px" style="background-color: #000;"></td>';
}
}
}
$text .= '
</tr>
</table>';
$this->blocknot($text);
$text = '<table width="100%" height="19px" border="0" cellpadding="0" cellspacing="0" align="left">';
$psort = '';
if (isset($_GET['sort']) && intval($_GET['sort']) > 0 && $_GET['sort'] > "0" && $_GET['sort'] < "6") {
if ($_GET['sortto'] == "desc") {
$psort = 'desc_' . $sort;
} else {
if ($_GET['sortto'] == "asc") {
$psort = 'asc_' . $sort;
}
}
}
if ($type == 1) {
$result = $main->LoadList("new", $psort);
} else {
if ($type == 2) {
$result = $main->LoadList("my", $psort);
} else {
$result = $main->LoadList("all", $psort);
}
}
$m = 0;
$js = "";
$sql = new sql();
while ($row = $sql->fetch($result)) {
if ($m > 0) {
$text .= '
<tr style="height:1px;background-color: #000;">
<td></td><td></td><td></td>
<td></td><td></td><td></td>
<td></td><td></td><td></td>';
if ($cfg->get("progressbar")) {
$text .= '
<td></td><td></td>';
}
$text .= '
</tr>';
}
$all = $main->SelectMessage($row['id']);
$opt = $main->SelectOptions($row['id']);
$title = $all['title'];
$pcn = $main->GetPercent($all);
$pix = str_replace("%", "", $pcn);
$stream = 'stream' . $row['id'];
$width = $cfg->get("anim") == true ? 0 : $pix;
$img = '<div id="stream' . $m . '" style="height:19px;width:' . $width . 'px;background-color:#006400;"></div>';
$text .= '
<tr style="background-color: #666;" onClick="if(tr_select)window.location.href=\'index.php?a=admin&edit=' . $row['id'] . '\';else window.location.href=\'index.php?a=list&detail=' . $row['id'] . '\';" onMouseover="this.style.cursor=\'pointer\';this.style.backgroundColor=\'#888\';" onMouseout="this.style.cursor=\'default\';this.style.backgroundColor=\'#666\';">
<td width="' . $mass[1][0] . '" class="view"><div class="pad">' . $row['id'] . '</div></td>
<td width="1px" style="background-color: #000;"></td>
<td width="' . $mass[2][0] . '" class="view"><div class="pad">' . $title . '</div></td>
<td width="1px" style="background-color: #000;"></td>
<td width="' . $mass[3][0] . '" class="view"><div class="pad">' . $main->GetNameByGUID(intval($row['sender'])) . '</div></td>
<td width="1px" style="background-color: #000;"></td>';
if ($cfg->get("progressbar")) {
$text .= '
<td width="' . $mass[4][0] . '" class="view" style="padding:0;margin:0;">' . $img . '</td>
<td width="1px" style="background-color: #000;"></td>';
}
$text .= '
<td width="' . $mass[5][0] . '" class="view"><div class="pad">' . $main->GetStatus($all) . '</div></td>
<td width="1px" style="background-color: #000;"></td>
<td width="' . $mass[6][0] . '" class="view"><div class="pad">' . $main->GetPriority($all) . '</div></td>
</tr>';
if ($cfg->get("anim") && $pix > "0") {
$js .= 'streamimg(' . $m . ',' . $pix . ');';
}
$m++;
}
$text .= '</table>';
$text .= '<script>' . $js . '</script>';
if ($m > 1) {
$this->blocknot($text);
} else {
if ($m > 0) {
$this->blocknot($text, '', '', 'ultramini');
}
}
} else {
if (intval($_GET['detail']) > 0) {
$int = addslashes(intval($_GET['detail']));
if ($main->isValidSection($int)) {
$this->detail($int);
} else {
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?a=list">';
exit;
}
} else {
if (strlen($_GET['detail']) > 1) {
$this->inject(addslashes($_GET['detail']));
} else {
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=index.php?a=list">';
exit;
}
}
}
}
}
}
break;
case 5:
$table = $cfg->get("wd_object");
if ($cfg->get("lang") == 8) {
$query = "SELECT `name_loc8`,`entry` FROM `locales_gameobject` WHERE `name_loc8` LIKE '%" . $string . "%'";
} else {
if ($cfg->get("lang") == 1) {
$query = "SELECT `name`,`entry` FROM `gameobject_template` WHERE `name` LIKE '%" . $string . "%'";
}
}
break;
}
$result = $sql->exe($cfg->get("mangos"), $query . " LIMIT " . $cfg->get("searchlimit"));
$text = '<div class="pad">Результаты поиска:</div><br><table border="0" align="left" width="100%" cellpadding="0" cellspacing="0" style="padding: 3px;">';
$i = 0;
while ($row = $sql->fetch($result)) {
$name = str_replace("'", "", $row[0]);
$pname = preg_replace('/(' . $string . ')/iu', '<font color="gold">\\0</font>', $name);
$entry = $row[1];
$link = '<a href="12345">1</a>';
$text .= '
<tr>
<td width="16" valign="top"><div style="cursor:pointer;" onClick=\'searchresult("' . $cfg->get("Database") . $table . $entry . '","' . $name . '")\' title="Добавить"><img src="img/add.png"></div></td>
<td><div class="search"><a href="' . $cfg->get("Database") . $table . $entry . '" target="_blank">' . $pname . '</a></div></td>
</tr>';
$i++;
}
echo $i . '^' . $text . '</table>';
}
static function szukaj_info($dane, $order = NULL, $start = NULL, $limit = 30)
{
$allow = array('id', 'tytul', 'autor', 'wydawnictwo', 'miejsce', 'rok', 'wydanie', 'wycofana');
$replace = array('tytul' => 'tytul~~', 'autor' => 'autor~~', 'wydawnictwo' => 'wydawnictwo~~');
$where = array();
foreach ($dane as $key => $value) {
if (!in_array($key, $allow) or $value === '') {
continue;
}
if ($replace[$key]) {
$key = $replace[$key];
}
$where[$key] = $value;
}
if ($where['id']) {
validate::$kod = TRUE;
switch (validate::type($where['id'])) {
case 'ISBN':
$where['ISBN'] = $where['id'];
unset($where['id']);
break;
case 'ISSN':
$where['ISSN'] = $where['id'];
unset($where['id']);
break;
case 'MSC':
$where['regal'] = $where['id'];
if ($dane['polka']) {
$where['polka'] = $dane['polka'];
}
if ($dane['rzad']) {
$where['rzad'] = $dane['rzad'];
}
unset($where['id']);
break;
}
validate::$kod = FALSE;
}
if (!$where['regal']) {
unset($where['polka']);
unset($where['rzad']);
}
if ($where['id']) {
$ret[] = self::szukaj_KOD($where['id']);
$num = count($ret);
} else {
if ($dane['do']) {
$num = db2::num('pozycz', 'id');
if ($num == 0) {
$ret = array();
} else {
$ret = db2::get(array('pozycz', array('J', 'ksiazki', 'USING', 'id')), '*', NULL, $order, $start, $limit);
}
} else {
$num = db2::num('ksiazki', 'id', $where);
if ($num == 0) {
$ret = array();
} else {
$where = db2::__combine_where($where, TRUE);
$ret = db2::escape_data(sql::fetch(sql::query('SELECT `ksiazki`.*, `pozycz`.`od`, `pozycz`.`kto`' . (db2::revelance() ? ', ' . db2::$revelance : '') . ' FROM `ksiazki` LEFT OUTER JOIN `pozycz` ON `pozycz`.`id`=`ksiazki`.`id` ' . $where . db2::__combine_order($order, TRUE) . db2::__combine_limit($start, $limit))));
}
}
self::cache_addarray($ret);
}
return array($num, $ret, db2::revelance());
}
