function __construct($arg = array()) { global $mod, $start, $kmess; $this->comments_table = $arg['comments_table']; $this->object_table = !empty($arg['object_table']) ? $arg['object_table'] : false; if (!empty($arg['sub_id_name']) && !empty($arg['sub_id'])) { $this->sub_id = $arg['sub_id']; $this->url = $arg['script'] . '&' . $arg['sub_id_name'] . '=' . $arg['sub_id']; } else { //TODO: Доработать на режим без sub_id $this->url = $arg['script']; } $this->item = isset($_GET['item']) ? abs(intval($_GET['item'])) : false; // Получаем данные пользователя if (core::$user_id) { $this->user_id = core::$user_id; $this->rights = core::$user_rights; $this->ban = core::$user_ban; } // Назначение пользовательских прав if (isset($arg['owner'])) { $this->owner = $arg['owner']; if (core::$user_id && $arg['owner'] == core::$user_id && !$this->ban) { $this->access_delete = isset($arg['owner_delete']) ? $arg['owner_delete'] : false; $this->access_reply = isset($arg['owner_reply']) ? $arg['owner_reply'] : false; $this->access_edit = isset($arg['owner_edit']) ? $arg['owner_edit'] : false; } } // Открываем доступ для Администрации if ($this->rights >= $this->access_level) { $this->access_reply = true; $this->access_edit = true; $this->access_delete = true; } switch ($mod) { case 'reply': /* ----------------------------------------------------------------- Отвечаем на комментарий ----------------------------------------------------------------- */ if ($this->item && $this->access_reply && !$this->ban) { echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['reply'] . '</div>'; $req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1"); if (mysql_num_rows($req)) { $res = mysql_fetch_assoc($req); $attributes = unserialize($res['attributes']); if (!empty($res['reply']) && $attributes['reply_rights'] > $this->rights) { echo functions::display_error(core::$lng['error_reply_rights'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>'); } elseif (isset($_POST['submit'])) { $message = $this->msg_check(); if (empty($message['error'])) { $attributes['reply_id'] = $this->user_id; $attributes['reply_rights'] = $this->rights; $attributes['reply_name'] = core::$user_data['name']; $attributes['reply_time'] = time(); mysql_query("UPDATE `" . $this->comments_table . "` SET\n `reply` = '" . mysql_real_escape_string($message['text']) . "',\n `attributes` = '" . mysql_real_escape_string(serialize($attributes)) . "'\n WHERE `id` = '" . $this->item . "'\n "); header('Location: ' . str_replace('&', '&', $this->url)); } else { echo functions::display_error($message['error'], '<a href="' . $this->url . '&mod=reply&item=' . $this->item . '">' . core::$lng['back'] . '</a>'); } } else { $text = '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'user_id'] . '"><b>' . $attributes['author_name'] . '</b></a>' . ' (' . functions::display_date($res['time']) . ')<br />' . functions::checkout($res['text']); $reply = functions::checkout($res['reply']); echo $this->msg_form('&mod=reply&item=' . $this->item, $text, $reply) . '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>'; } } else { echo functions::display_error(core::$lng['error_wrong_data'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>'); } } break; case 'edit': /* ----------------------------------------------------------------- Редактируем комментарий ----------------------------------------------------------------- */ if ($this->item && $this->access_edit && !$this->ban) { echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['edit'] . '</div>'; $req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1"); if (mysql_num_rows($req)) { $res = mysql_fetch_assoc($req); $attributes = unserialize($res['attributes']); $user = functions::get_user($res['user_id']); if ($user['rights'] > core::$user_rights) { echo functions::display_error(core::$lng['error_edit_rights'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>'); } elseif (isset($_POST['submit'])) { $message = $this->msg_check(); if (empty($message['error'])) { $attributes['edit_id'] = $this->user_id; $attributes['edit_name'] = core::$user_data['name']; $attributes['edit_time'] = time(); if (isset($attributes['edit_count'])) { ++$attributes['edit_count']; } else { $attributes['edit_count'] = 1; } mysql_query("UPDATE `" . $this->comments_table . "` SET\n `text` = '" . mysql_real_escape_string($message['text']) . "',\n `attributes` = '" . mysql_real_escape_string(serialize($attributes)) . "'\n WHERE `id` = '" . $this->item . "'\n "); header('Location: ' . str_replace('&', '&', $this->url)); } else { echo functions::display_error($message['error'], '<a href="' . $this->url . '&mod=edit&item=' . $this->item . '">' . core::$lng['back'] . '</a>'); } } else { $author = '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'user_id'] . '"><b>' . $attributes['author_name'] . '</b></a>'; $author .= ' (' . functions::display_date($res['time']) . ')<br />'; $text = functions::checkout($res['text']); echo $this->msg_form('&mod=edit&item=' . $this->item, $author, $text); } } else { echo functions::display_error(core::$lng['error_wrong_data'], '<a href="' . $this->url . '">' . core::$lng['back'] . '</a>'); } echo '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>'; } break; case 'del': /* ----------------------------------------------------------------- Удаляем комментарий ----------------------------------------------------------------- */ if ($this->item && $this->access_delete && !$this->ban) { if (isset($_GET['yes'])) { //TODO: Продумать проверку на удаление постов администрации $req = mysql_query("SELECT * FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "' AND `sub_id` = '" . $this->sub_id . "' LIMIT 1"); if (mysql_num_rows($req)) { $res = mysql_fetch_assoc($req); if (isset($_GET['all'])) { // Удаляем все комментарии выбранного пользователя $count = mysql_result(mysql_query("SELECT COUNT(*) FROM `" . $this->comments_table . "` WHERE `sub_id` = '" . $this->sub_id . "' AND `user_id` = '" . $res['user_id'] . "'"), 0); mysql_query("DELETE FROM `" . $this->comments_table . "` WHERE `sub_id` = '" . $this->sub_id . "' AND `user_id` = '" . $res['user_id'] . "'"); } else { // Удаляем отдельный комментарий $count = 1; mysql_query("DELETE FROM `" . $this->comments_table . "` WHERE `id` = '" . $this->item . "'"); } // Вычитаем баллы из статистики пользователя $req_u = mysql_query("SELECT * FROM `users` WHERE `id` = '" . $res['user_id'] . "'"); if (mysql_num_rows($req_u)) { $res_u = mysql_fetch_assoc($req_u); $count = $res_u['komm'] > $count ? $res_u['komm'] - $count : 0; mysql_query("UPDATE `users` SET `komm` = '{$count}' WHERE `id` = '" . $res['user_id'] . "'"); } // Обновляем счетчик комментариев $this->msg_total(1); } header('Location: ' . str_replace('&', '&', $this->url)); } else { echo '<div class="phdr"><a href="' . $this->url . '"><b>' . $arg['title'] . '</b></a> | ' . core::$lng['delete'] . '</div>' . '<div class="rmenu"><p>' . core::$lng['delete_confirmation'] . '<br />' . '<a href="' . $this->url . '&mod=del&item=' . $this->item . '&yes">' . core::$lng['delete'] . '</a> | ' . '<a href="' . $this->url . '">' . core::$lng['cancel'] . '</a><br />' . '<div class="sub">' . core::$lng['clear_user_msg'] . '<br />' . '<span class="red"><a href="' . $this->url . '&mod=del&item=' . $this->item . '&yes&all">' . core::$lng['clear'] . '</a></span>' . '</div></p></div>' . '<div class="phdr"><a href="' . $this->url . '">' . core::$lng['back'] . '</a></div>'; } } break; default: if (!empty($arg['context_top'])) { echo $arg['context_top']; } /* ----------------------------------------------------------------- Добавляем новый комментарий ----------------------------------------------------------------- */ if (!$this->ban && !functions::is_ignor($this->owner) && isset($_POST['submit']) && ($message = $this->msg_check(1)) !== false) { if (empty($message['error'])) { // Записываем комментарий в базу $this->add_comment($message['text']); $this->total = $this->msg_total(1); $_SESSION['code'] = $message['code']; } else { // Показываем ошибки, если есть echo functions::display_error($message['error']); $this->total = $this->msg_total(); } } else { $this->total = $this->msg_total(); } /* ----------------------------------------------------------------- Показываем форму ввода ----------------------------------------------------------------- */ if (!$this->ban && !functions::is_ignor($this->owner)) { echo $this->msg_form(); } /* ----------------------------------------------------------------- Показываем список комментариев ----------------------------------------------------------------- */ echo '<div class="phdr"><b>' . $arg['title'] . '</b></div>'; if ($this->total > $kmess) { echo '<div class="topmenu">' . functions::display_pagination($this->url . '&', $start, $this->total, $kmess) . '</div>'; } if ($this->total) { $req = mysql_query("SELECT `" . $this->comments_table . "`.*, `" . $this->comments_table . "`.`id` AS `subid`, `users`.`rights`, `users`.`lastdate`, `users`.`sex`, `users`.`status`, `users`.`datereg`, `users`.`id`\n FROM `" . $this->comments_table . "` LEFT JOIN `users` ON `" . $this->comments_table . "`.`user_id` = `users`.`id`\n WHERE `sub_id` = '" . $this->sub_id . "' ORDER BY `subid` DESC LIMIT {$start}, {$kmess}"); $i = 0; while (($res = mysql_fetch_assoc($req)) !== false) { $attributes = unserialize($res['attributes']); $res['name'] = $attributes['author_name']; $res['ip'] = $attributes['author_ip']; $res['ip_via_proxy'] = isset($attributes['author_ip_via_proxy']) ? $attributes['author_ip_via_proxy'] : 0; $res['browser'] = $attributes['author_browser']; echo $i % 2 ? '<div class="list2">' : '<div class="list1">'; $menu = array($this->access_reply ? '<a href="' . $this->url . '&mod=reply&item=' . $res['subid'] . '">' . core::$lng['reply'] . '</a>' : '', $this->access_edit ? '<a href="' . $this->url . '&mod=edit&item=' . $res['subid'] . '">' . core::$lng['edit'] . '</a>' : '', $this->access_delete ? '<a href="' . $this->url . '&mod=del&item=' . $res['subid'] . '">' . core::$lng['delete'] . '</a>' : ''); $text = functions::checkout($res['text'], 1, 1); if (core::$user_set['smileys']) { $text = functions::smileys($text, $res['rights'] >= 1 ? 1 : 0); } if (isset($attributes['edit_count'])) { $text .= '<br /><span class="gray"><small>' . core::$lng['edited'] . ': <b>' . $attributes['edit_name'] . '</b>' . ' (' . functions::display_date($attributes['edit_time']) . ') <b>' . '[' . $attributes['edit_count'] . ']</b></small></span>'; } if (!empty($res['reply'])) { $reply = functions::checkout($res['reply'], 1, 1); if (core::$user_set['smileys']) { $reply = functions::smileys($reply, $attributes['reply_rights'] >= 1 ? 1 : 0); } $text .= '<div class="' . ($attributes['reply_rights'] ? '' : 'g') . 'reply"><small>' . '<a href="' . core::$system_set['homeurl'] . '/users/profile.php?user='******'reply_id'] . '"><b>' . $attributes['reply_name'] . '</b></a>' . ' (' . functions::display_date($attributes['reply_time']) . ')</small><br/>' . $reply . '</div>'; } $user_arg = array('header' => ' <span class="gray">(' . functions::display_date($res['time']) . ')</span>', 'body' => $text, 'sub' => functions::display_menu($menu), 'iphide' => core::$user_rights ? false : true); echo functions::display_user($res, $user_arg); echo '</div>'; ++$i; } } else { echo '<div class="menu"><p>' . core::$lng['list_empty'] . '</p></div>'; } echo '<div class="phdr">' . core::$lng['total'] . ': ' . $this->total . '</div>'; if ($this->total > $kmess) { echo '<div class="topmenu">' . functions::display_pagination($this->url . '&', $start, $this->total, $kmess) . '</div>' . '<p><form action="' . $this->url . '" method="post">' . '<input type="text" name="page" size="2"/>' . '<input type="submit" value="' . core::$lng['to_page'] . ' >>"/>' . '</form></p>'; } if (!empty($arg['context_bottom'])) { echo $arg['context_bottom']; } } }
$friend = '<a class="underline" href="profile.php?act=friends&do=cancel&id=' . $user['id'] . '">' . $lng_profile['canceled_demand_friend'] . '</a>'; } else { $friend = '<a href="profile.php?act=friends&do=add&id=' . $user['id'] . '">' . $lng_profile['in_friend'] . '</a>'; } } } else { $friend = '<a href="profile.php?act=friends&do=delete&id=' . $user['id'] . '">' . $lng_profile['remov_friend'] . '</a>'; } echo '<div><img src="../images/add.gif" width="16" height="16"/> ' . $friend . '</div>'; } if (functions::is_contact($user['id']) != 2) { if (!functions::is_contact($user['id'])) { echo '<div><img src="../images/users.png" width="16" height="16"/> <a href="../mail/index.php?id=' . $user['id'] . '">' . $lng_profile['add_contacts'] . '</a></div>'; } else { echo '<div><img src="../images/users.png" width="16" height="16"/> <a href="../mail/index.php?act=deluser&id=' . $user['id'] . '">' . $lng_profile['delete_contacts'] . '</a></div>'; } } if (functions::is_contact($user['id']) != 2) { echo '<div><img src="../images/del.png" width="16" height="16"/> <a href="../mail/index.php?act=ignor&id=' . $user['id'] . '&add">' . $lng_profile['add_ignor'] . '</a></div>'; } else { echo '<div><img src="../images/del.png" width="16" height="16"/> <a href="../mail/index.php?act=ignor&id=' . $user['id'] . '&del">' . $lng_profile['delete_ignor'] . '</a></div>'; } echo '</p>'; if (!functions::is_ignor($user['id']) && functions::is_contact($user['id']) != 2 && empty($ban['1']) && empty($ban['3'])) { echo '<p><form action="../mail/index.php?act=write&id=' . $user['id'] . '" method="post"><input type="submit" value="' . $lng['write'] . '" style="margin-left: 18px"/></form></p>'; } echo '</div>'; } echo '<div class="phdr"><a href="index.php">' . $lng['users'] . '</a></div>'; } require_once '../incfiles/end.php';
} } if (empty($error)) { mysql_query("INSERT INTO `cms_mail` SET\n\t\t`user_id` = '" . $user_id . "',\n\t\t`from_id` = '" . $id . "',\n\t\t`text` = '" . mysql_real_escape_string($text) . "',\n\t\t`time` = '" . time() . "',\n\t\t`file_name` = '" . mysql_real_escape_string($newfile) . "',\n\t\t`size` = '" . $sizefile . "'") or die(mysql_error()); mysql_query("UPDATE `users` SET `lastpost` = '" . time() . "' WHERE `id` = '{$user_id}';"); if ($ch == 0) { mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $user_id . "' AND\n\t\t\t`from_id` = '" . $id . "';"); mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $id . "' AND\n\t\t\t`from_id` = '" . $user_id . "';"); } Header('Location: index.php?act=write' . ($id ? '&id=' . $id : '')); exit; } else { $out .= '<div class="rmenu">' . implode('<br />', $error) . '</div>'; } } if (!functions::is_ignor($id) && empty($ban['1']) && empty($ban['3'])) { $out .= isset($_SESSION['error']) ? $_SESSION['error'] : ''; $out .= '<div class="gmenu">' . '<form name="form" action="index.php?act=write' . ($id ? '&id=' . $id : '') . '" method="post" enctype="multipart/form-data">' . ($id ? '' : '<p><input type="text" name="nick" maxlength="15" value="' . (!empty($_POST['nick']) ? functions::check($_POST['nick']) : '') . '" placeholder="' . $lng_mail['to_whom'] . '?"/></p>') . '<p>'; if (!$is_mobile) { $out .= bbcode::auto_bb('form', 'text'); } $out .= '<textarea rows="' . $set_user['field_h'] . '" name="text"></textarea></p>'; if ($set_user['translit']) { $out .= '<input type="checkbox" name="msgtrans" value="1" ' . (isset($_POST['msgtrans']) ? 'checked="checked" ' : '') . '/> ' . $lng['translit'] . '<br />'; } $out .= '<p><input type="file" name="fail" style="width: 100%; max-width: 160px"/></p>'; $out .= '<p><input type="submit" name="submit" value="' . $lng['sent'] . '"/></p>' . '</form></div>' . '<div class="phdr"><b>' . ($id && isset($qs) ? $lng_mail['personal_correspondence'] . ' ' . $qs['name'] : $lng_mail['sending_the_message']) . '</b></div>'; } if ($id) { $total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_mail` WHERE ((`user_id`='{$id}' AND `from_id`='{$user_id}') OR (`user_id`='{$user_id}' AND `from_id`='{$id}')) AND `sys`!='1' AND `delete`!='{$user_id}' AND `spam`='0'"), 0); if ($total) {