File size: 2.68Kb
<?php
require 'sys/config.php';
session_start();
$id = isset($_GET['id'])?fil($_GET['id'],'int'):'';
if($sql->result('SELECT COUNT(*) FROM `files` WHERE `id`="'.$id.'"')==0)
{
$smarty->assign('title','Error');
$smarty->assign('back','/index.php');
$smarty->assign('error','This file does not exist');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}
$all = $sql->result('SELECT COUNT(*) FROM `komm` WHERE `file_id`="'.$id.'"');
@$page = abs(intval($_GET['page']));
if(empty($page)){$page = 1;}
$onp = $sql->query('SELECT `onp` FROM `config` LIMIT 1')->fetch_assoc();
$onp = $onp['onp'];
$allp = ceil($all/$onp);
if($page>$allp){$page=$allp;}
if($all>0){
$kom = $sql->query('SELECT * FROM `komm` WHERE `file_id`="'.$id.'" ORDER BY `id` DESC LIMIT '.intval($page*$onp-$onp).','.$onp);
while($koms = $kom->fetch_assoc())$komm[] = $koms;
$smarty->assign('komm',$komm);
}
if(!isset($_POST['go'])){
$_SESSION['mt1'] = mt_rand(11,99);
$_SESSION['mt2'] = mt_rand(11,99);
$smarty->assign('title','Comments');
$smarty->assign('id',$id);
$smarty->assign('all',$allp);
$smarty->assign('one',$onp);
$smarty->assign('page',$page);
$smarty->assign('vse',$all);
$smarty->display('header.tpl');
$smarty->display('komm.tpl');
$smarty->display('footer.tpl');
} else {
$_POST['text'] = fil($_POST['text'],'str');
if(empty($_POST['text'])){
$err = 'Fill in all fields';}
if(empty($user['id']) && $_POST['kod']!=$_SESSION['mt1'].$_SESSION['mt2']){
$err = 'Incorrect code from the image';}
if(mb_strlen($_POST['text'])<3 || mb_strlen($_POST['text'])>100){
$err = 'Comment length can be from 3 to 100 characters';}
if(isset($err)){
unset($_SESSION['mt1'],$_SESSION['mt2']);
$smarty->assign('title','Error');
$smarty->assign('back','/comments.php?id='.$id);
$smarty->assign('error',$err);
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
} elseif
($sql->query('INSERT INTO `komm` SET `user_id`="'.$user['id'].'", `file_id`="'.$id.'",`time`="'.time().'", `text`="'.$_POST['text'].'"'))
{
unset($_SESSION['mt1'],$_SESSION['mt2']);
$smarty->assign('title','comment added');
$smarty->assign('back','/comm-'.$id);
$smarty->assign('ok','Thank you for your comment added');
$smarty->assign('nz','Back');
$smarty->display('header.tpl');
$smarty->display('ok.tpl');
$smarty->display('footer.tpl');
} else {
unset($_SESSION['mt1'],$_SESSION['mt2']);
$smarty->assign('title','Error');
$smarty->assign('back','/comm-'.$id);
$smarty->assign('error','Contact the administrator');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
}
}
?>