View file xmyx.ru/club/act/edit_wall.php

<?php defined('ACCESS') OR die('No direct script access...');

/*
* Author - Tw1nGo
* VK - https://vk.com/tw1ngo93
*/

if (isset($_GET['post']))
{
    $post = mysql_fetch_assoc(mysql_query("SELECT * FROM `groups_wall` WHERE `id` = '".abs(intval($_GET['post']))."' LIMIT 1"));
}


if (!isset($_GET['post']) || !isset($post) || $post['id'] <= 0 || $user['id'] != $post['id_user'] && $user['level'] < 4){
	header("Location: /groups");
	exit;
}
$edit_comm = mysql_fetch_assoc(mysql_query("SELECT * FROM `groups_wall` WHERE `id_group` = '".$post['id_group']."' AND `id` = '".abs(intval($_GET['post']))."' LIMIT 1"));

if(isset($user) && isset($_POST['cfms']) && isset($_POST['edit_post'])){

$msg = $_POST['edit_post'];
$mat = antimat($msg);

if ($mat)$err = 'В наборе вашего текста обнаружен мат: ' . $mat;

if (strlen2($msg) > 500)$err = 'Ваше сообщение слишком длинное, max: 500.'; 
if (strlen2($msg) < 2)$err = 'Ваше сообщение короткое, min: 2.'; 

$msg = my_esc($msg);


if(!isset($err)){

	mysql_query("UPDATE `groups_wall` SET `text` = '".$msg."' WHERE `id` = '".$edit_comm['id']."' AND `id_group` = '".$post['id_group']."' LIMIT 1");
	$_SESSION['message'] = 'Сообщение изменено.';
	header ("Location: ?act=wall&post=".$post['id']."");
	exit;
}

}

$set['title'] = 'Редактирование поста';
include_once H.'sys/inc/thead.php';

shapka_VK(true, '?act=wall&post='.$post['id'].'', 'Редактирование');

// Конфигурационный файл
require 'config.php';

?>
<div class="pcont bl_cont">
      <div class="create_post create_post_extra create_post_page">
      <?
      err();
      ?>
        <form id="feed_add_form" action="?act=edit_wall&post=<?= $post['id']?>" method="post">
          <div class="MentionContainer Mention_inited">
            <div class="iwrap">
              <textarea name="edit_post" class="textfield" rows="5" placeholder="Введите текст сообщения.." onkeyup="Mention.onKeyUp(event, this);" onkeydown="Mention.onKeyDown(event, this);" onfocus="Mention.onFocus(event, this);"><?= text($edit_comm['text'])?></textarea>
            </div>
          </div>
          <div class="ibwrap">          
            <div class="cp_buttons_block">
              <input class="button" value="Сохранить" name="cfms" type="submit">
            </div>            
          </div>
        </form>
      </div>
</div> 
<?
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_files` WHERE `id_post` = '".$post['id']."'"), 0) > 0)
{
?>
<div class="pcont bl_cont">
<h4 class="slim_header" style="border-top: 1px solid #dfe3e8;margin-top: 10px;">Прикрепленные объекты</h4>
<div class="attached_block">
<div class="cp_attached_wrap" id="attached_wrap2_gr">
<div class="pi_medias">
<?
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND (`type` = '1' OR `type` = '2')"), 0) > 0)
{
$q_f = mysql_query("SELECT * FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND (`type` = '1' OR `type` = '2') ORDER BY `time` DESC");
while ($post_f = mysql_fetch_array($q_f))
{
?>
<div class="medias_thumb thumb_item mr_x_wrap thumb_upload">
<img class="ph_img" src="<?= Tw1nGo::File_Img($post_f['id'])?>" style="max-width: 100px; opacity: 1;">
<div id="item_progress_wrap_sth92xtxni" class="tu_progress_wrap tu_progress_request" style="opacity: 0;">
<div class="tu_progress" style="width: 100%; visibility: visible;"></div>
</div>
<div id="item_cancel_wrap_sth92xtxni" class="tu_cancel_wrap" onclick="dell_f_post_gr(<?= $post['id']?>, <?= $post_f['id']?>);">
<div id="item_cancel_sth92xtxni" class="tu_cancel"></div>
</div>
</div>
<?
}
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND `type` = '3'"), 0) > 0)
{
$q_f = mysql_query("SELECT * FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND `type` = '3' ORDER BY `time` DESC");
while ($post_f = mysql_fetch_array($q_f))
{
?>
<div class="medias_row mr_x_wrap">
  <span class="mr_label medias_link medias_audio">
    <span class="medias_link_icon"><i class="i_icon i_audio"></i></span>
    <span class="medias_audio_artist"><?= text($post_f['name'])?></span>
    <div class="tu_cancel_wrap" onclick="dell_f_post_gr(<?= $post['id']?>, <?= $post_f['id']?>);"><i class="tu_cancel"></i></div>
</div>
<?
}
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND `type` = '4'"), 0) > 0)
{
$q_f = mysql_query("SELECT * FROM `groups_files` WHERE `id_post` = '".$post['id']."' AND `type` = '4' ORDER BY `time` DESC");
while ($post_f = mysql_fetch_array($q_f))
{
?>
<div class="medias_row mr_x_wrap">
<span class="mr_label medias_link"> 
<span class="medias_link_icon"><i class="i_icon i_doc"></i></span>
<span class="medias_link_texts">
<span class="medias_link_label">Файл</span><span class="medias_link_labeled medias_link_title"> <?= text($post_f['name'])?>.<?= text($post_f['ras'])?></span>
<span class="medias_link_desc"> Файл</span>
</span>
</span>
<div class="tu_cancel_wrap" onclick="dell_f_post_gr(<?= $post['id']?>, <?= $post_f['id']?>);"><i class="tu_cancel"></i></div>
</div>
<?
}
}
?>
</div>
</div>
</div></div>
<?
}
?>           

<?