<?php
include_once '../sys/inc/start.php';
include_once COMPRESS;
include_once SESS;
include_once '../sys/inc/home.php';
include_once SETTINGS;
include_once DB_CONNECT;
include_once IPUA;
include_once FNC;
include_once USER;
/* Бан пользователя */
if (dbresult(dbquery("SELECT COUNT(*) FROM `ban` WHERE `razdel` = 'forum' AND `id_user` = '$user[id]' AND (`time` > '$time' OR `view` = '0' OR `navsegda` = '1')"), 0) != 0) {
header('Location: /ban.php?' . SID);
exit;
}
if (isset($_GET['id_forum']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_f` WHERE" . ((!isset($user) || $user['level'] == 0) ? " `adm` = '0' AND" : null) . " `id` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_razdel']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_them']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_t` WHERE `id` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_post']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_p` WHERE `id` = '" . intval($_GET['id_post']) . "' AND `id_them` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1) {
$forum = dbassoc(dbquery("SELECT * FROM `forum_f` WHERE `id` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$razdel = dbassoc(dbquery("SELECT * FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$them = dbassoc(dbquery("SELECT * FROM `forum_t` WHERE `id` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$post = dbassoc(dbquery("SELECT * FROM `forum_p` WHERE `id` = '" . intval($_GET['id_post']) . "' AND `id_them` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$post2 = dbassoc(dbquery("SELECT * FROM `forum_p` WHERE `id_them` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' ORDER BY `id` DESC LIMIT 1"));
if (isset($user)) {
$ank = get_user($post['id_user']);
// редактирование поста
// права группы на редактирование
// право на редактирование своего поста, если он поседний в теме
if (isset($_GET['act']) && $_GET['act'] == 'edit' && isset($_POST['msg']) && isset($_POST['post']) && ((user_access('forum_post_ed')) || (isset($user) && $user['id'] == $post['id_user'] && $post['time'] > time() - 600 && $post['id_user'] == $post2['id_user']))) {
$msg = $_POST['msg'];
if (strlen2($msg) < 2) {
$err[] = 'Короткое сообщение';
}
if (strlen2($msg) > 1024) {
$err[] = 'Длина сообщения превышает предел в 1024 символа';
}
$mat = antimat($msg);
if ($mat) {
$err[] = 'В тексте сообщения обнаружен мат: ' . $mat;
}
if (!isset($err)) {
dbquery("UPDATE `forum_p` SET `msg` = '" . my_esc($msg) . "' WHERE `id` = '$post[id]' LIMIT 1");
}
} elseif (isset($_GET['act']) && $_GET['act'] == 'edit' && (user_access('forum_post_ed') && ($ank['level'] < $user['level'] || $ank['level'] == $user['level'] && $ank['id'] == $user['id']) || isset($user) && $post['id'] == $post2['id'] && $post['id_user'] == $user['id'] && $post['time'] > time() - 600)) {
$set['title'] = 'Форум - редактирование поста'; // заголовок страницы
include_once THEAD;
title();
echo "<div class=\"list-group\">\n";
echo "<form class='list-group-item' method='post' name='message' action='/forum/$forum[id]/$razdel[id]/$them[id]/$post[id]/edit'>\n";
$msg2 = output_text($post['msg'], false, true, false, false, false);
echo "<div class='mb-3'>";
echo "<label class='form-label'>Сообщение:</label>\n";
echo "<textarea class='form-control' name=\"msg\">$msg2</textarea>\n";
echo "</div>\n";
echo "<button type='submit' name='post' class='btn btn-success'><i class='mdi mdi-content-save-outline'></i> Сохранить изменения</button>\n";
echo "</form>\n";
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/$them[id]/?page=end\" title='Вернуться в тему'><i class='mdi mdi-arrow-left'></i> В тему</a><br />\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/\" title='В раздел'><i class='mdi mdi-arrow-left'></i> " . text($razdel['name']) . "</a><br />\n";
echo "<a href=\"/forum/$forum[id]/\" title='В подфорум'><i class='mdi mdi-arrow-left'></i> " . text($forum['name']) . "</a><br />\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a><br />\n";
echo "</div>\n";
echo "</div>\n";
include_once TFOOT;
} elseif (isset($_GET['act']) && $_GET['act'] == 'delete' && isset($user) && $them['close'] == 0 && ((user_access('forum_post_ed') && ($ank['level'] <= $user['level'] || $ank['level'] == $user['level'] && $ank['id'] == $user['id'])) || $post['id'] == $post2['id'] && $post['id_user'] == $user['id'] && $post['time'] > time() - 600)) {
dbquery("DELETE FROM `forum_p` WHERE `id` = '" . intval($_GET['id_post']) . "' AND `id_them` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1");
} elseif (isset($_GET['act']) && $_GET['act'] == 'msg' && $them['close'] == 0 && isset($user)) {
$ank = get_user($post['id_user']);
$set['title'] = 'Форум - ' . text($them['name']); // заголовок страницы
include_once THEAD;
title();
aut();
echo "<form class='list-group-item' method='post' name='message' action='/forum/$forum[id]/$razdel[id]/$them[id]/new'>\n";
echo "<a href='/info.php?id=$ank[id]'>Посмотреть анкету</a><br />\n";
$msg2 = $ank['nick'] . ', ';
echo "Сообщение:<br />\n<textarea name=\"msg\">$ank[nick], </textarea><br />\n";
echo "<input name='post' value='Отправить сообщение' type='submit' /><br />\n";
echo "</form>\n";
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/smiles.php\">Смайлы</a><br />\n";
echo "<a href=\"/rules.php\">Правила</a><br />\n";
echo "</div>\n";
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/$them[id]/?page=end\" title='Вернуться в тему'><i class='mdi mdi-arrow-left'></i> В тему</a><br />\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/\" title='В раздел'><i class='mdi mdi-arrow-left'></i> " . text($razdel['name']) . "</a><br />\n";
echo "<a href=\"/forum/$forum[id]/\" title='В подфорум'><i class='mdi mdi-arrow-left'></i> " . text($forum['name']) . "</a><br />\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a><br />\n";
echo "</div>\n";
include_once TFOOT;
} elseif (isset($_GET['act']) && $_GET['act'] == 'cit' && $them['close'] == 0 && isset($user)) {
//$ank=dbassoc(dbquery("SELECT * FROM `user` WHERE `id` = $post[id_user] LIMIT 1"));
$ank = get_user($post['id_user']);
$set['title'] = 'Форум - ' . text($them['name']); // заголовок страницы
include_once THEAD;
title();
aut();
echo "<div class='list-group'>\n";
echo "<div class='list-group-item list-group-item-secondary'>Будет процитировано сообщение:</div>\n";
echo "<div class='list-group-item'>\n";
echo output_text($post['msg']) . "<br />\n";
echo "</div>\n";
echo "<form method='post' class='list-group-item' name='message' action='/forum/$forum[id]/$razdel[id]/$them[id]/new'>\n";
echo "<input name='cit' value='$post[id]' type='hidden' />";
$msg2 = $ank['nick'] . ', ';
echo "<div class='mb-3'>";
echo "<label class='form-label'>Сообщение:</label>\n";
echo "<textarea class='form-control' name=\"msg\">$ank[nick], </textarea>\n";
echo "</div>\n";
echo "<button type='submit' name='post' class='btn btn-success'><i class='mdi mdi-check'></i> Отправить сообщение</button>\n";
echo "</form>\n";
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/$them[id]/?page=end\" title='Вернуться в тему'><i class='mdi mdi-arrow-left'></i> В тему</a><br />\n";
echo "<a href=\"/forum/$forum[id]/$razdel[id]/\" title='В раздел'><i class='mdi mdi-arrow-left'></i> " . text($razdel['name']) . "</a><br />\n";
echo "<a href=\"/forum/$forum[id]/\" title='В подфорум'><i class='mdi mdi-arrow-left'></i> " . text($forum['name']) . "</a><br />\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a><br />\n";
echo "</div>\n";
echo "</div>\n";
include_once TFOOT;
}
}
}
if (isset($_GET['id_forum']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_f` WHERE" . ((!isset($user) || $user['level'] == 0) ? " `adm` = '0' AND" : null) . " `id` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_razdel']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_them']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_t` WHERE `id` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1) {
$forum = dbassoc(dbquery("SELECT * FROM `forum_f` WHERE `id` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$razdel = dbassoc(dbquery("SELECT * FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$them = dbassoc(dbquery("SELECT * FROM `forum_t` WHERE `id` = '" . intval($_GET['id_them']) . "' AND `id_razdel` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
/* Помечаем уведомление прочитанным */
dbquery("UPDATE `notification` SET `read` = '1' WHERE `id_object` = '$them[id]' AND `type` = 'them_komm' AND `id_user` = '$user[id]'");
/* очищаем счетчик этого обсуждения */
if (isset($user)) {
dbquery("UPDATE `discussions` SET `count` = '0' WHERE `id_user` = '$user[id]' AND `type` = 'them' AND `id_sim` = '$them[id]' LIMIT 1");
}
$set['title'] = 'Форум - ' . text($them['name']); // заголовок страницы
include_once THEAD;
title();
$ank2 = get_user($them['id_user']);
include 'inc/set_them_act.php';
include 'inc/them.php';
include 'inc/set_them_form.php';
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a> | <a href=\"/forum/$forum[id]/\" title='В подфорум'>" . text($forum['name']) . "</a> | <a href=\"/forum/$forum[id]/$razdel[id]/\" title='В раздел'>" . text($razdel['name']) . "</a><br />\n";
echo "</div>\n";
include_once TFOOT;
}
if (isset($_GET['id_forum']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_f` WHERE" . ((!isset($user) || $user['level'] == 0) ? " `adm` = '0' AND" : null) . " `id` = '" . intval($_GET['id_forum']) . "'"), 0) == 1 && isset($_GET['id_razdel']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "'"), 0) == 1) {
$forum = dbassoc(dbquery("SELECT * FROM `forum_f` WHERE `id` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$razdel = dbassoc(dbquery("SELECT * FROM `forum_r` WHERE `id` = '" . intval($_GET['id_razdel']) . "' AND `id_forum` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
if (isset($user) && isset($_GET['act']) && $_GET['act'] == 'new' && (!isset($_SESSION['time_c_t_forum']) || $_SESSION['time_c_t_forum'] < $time - 600 || $user['level'] > 0)) {
include 'inc/new_t.php';
} else {
// создание новой темы
$set['title'] = 'Форум - ' . text($razdel['name']); // заголовок страницы
include_once THEAD;
title();
if (user_access('forum_razd_edit')) {
include 'inc/set_razdel_act.php';
}
include 'inc/razdel.php';
echo "<div class=\"list-group\">\n";
if (user_access('forum_razd_edit')) {
include 'inc/set_razdel_form.php';
}
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a> | <a href=\"/forum/$forum[id]/\">" . text($forum['name']) . "</a>";
echo "</div>\n";
echo "</div>\n";
}
include_once TFOOT;
}
if (isset($_GET['id_forum']) && dbresult(dbquery("SELECT COUNT(*) FROM `forum_f` WHERE" . ((!isset($user) || $user['level'] == 0) ? " `adm` = '0' AND" : null) . " `id` = '" . intval($_GET['id_forum']) . "'"), 0) == 1) {
$forum = dbassoc(dbquery("SELECT * FROM `forum_f` WHERE `id` = '" . intval($_GET['id_forum']) . "' LIMIT 1"));
$set['title'] = 'Форум - ' . text($forum['name']); // заголовок страницы
include_once THEAD;
title();
include 'inc/set_forum_act.php'; // действия над подфорумом
include 'inc/forum.php'; // содержимое
include 'inc/set_forum_form.php'; // формы действий над подфорумом
echo "<div class=\"list-group\">\n";
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/\"><i class='mdi mdi-arrow-left'></i> Форум</a>\n";
echo "</div>\n";
echo "</div>\n";
include_once TFOOT;
}
$set['title'] = 'Форум'; // заголовок страницы
include_once THEAD;
title();
if (user_access('forum_for_create') && isset($_GET['act']) && isset($_GET['ok']) && $_GET['act'] == 'new' && isset($_POST['name']) && isset($_POST['opis']) && isset($_POST['pos'])) {
$name = my_esc($_POST['name']);
if (strlen2($name) < 3) {
$err = 'Слишком короткое название';
}
if (strlen2($name) > 32) {
$err = 'Слишком днинное название';
}
$opis = $_POST['opis'];
if (strlen2($opis) > 512) {
$err = 'Слишком длинное описание';
}
$opis = my_esc($opis);
if (!isset($_POST['icon']) || $_POST['icon'] == null) {
$icons = 'default';
} else {
$icons = preg_replace('#[^a-z0-9 _\-\.]#i', null, $_POST['icon']);
}
$pos = intval($_POST['pos']);
if (!isset($err)) {
admin_log('Форум', 'Подфорумы', "Создание подфорума '$name'");
dbquery("INSERT INTO `forum_f` (`opis`, `name`, `pos`, `icon`) values('$opis', '$name', '$pos', '$icons')");
msg('Подфорум успешно создан');
}
}
err();
aut(); // форма авторизации
echo "<div class='list-group'>";
echo "<div class=\"list-group-item\">\n";
echo "<a href='/forum/search.php'><i class='mdi mdi-magnify'></i> Поиск</a>\n";
echo "<a href='#' style='float:right' data-bs-toggle='modal' data-bs-target='#menu'><i class='mdi mdi-menu'></i> Меню</a>\n";
echo "</div>\n";
?>
<!-- Modal -->
<div class="modal fade" id="menu" tabindex="1" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h1 class="modal-title fs-5" id="exampleModalLabel">Меню</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<a href='/forum/new_p.php'><i class='mdi mdi-comment-processing-outline'></i> Новые комментарии</a>
<hr>
<a href='/forum/new_t.php'><i class='mdi mdi-new-box'></i> Новые темы</a>
<?php
if (isset($user)) {
echo "<hr>";
echo "<a href='/user/info/them_p.php?id=" . $user['id'] . "'><i class='mdi mdi-comment-account-outline'></i> Мои темы</a>\n";
echo "<hr>";
echo "<a href='/user/bookmark/forum.php?id=" . $user['id'] . "'><i class='mdi mdi-comment-bookmark-outline'></i> Мои закладки</a>";
echo "<hr>";
echo "<a href='/user/info/them_p.php?id=" . $user['id'] . "&komm'><i class='mdi mdi-comment-text-outline'></i> Мои комментарии</a>";
}
?>
<hr>
<a href='/user/admin.user.php?forum'><i class='mdi mdi-account-tie-hat-outline'></i> Модераторы форума</a>
<hr>
<a href='/rules.php'><i class='mdi mdi-information-box-outline'></i> Правила</a>
</div>
</div>
</div>
</div>
<?php
$q = dbquery("SELECT * FROM `forum_f`" . ((!isset($user) || $user['level'] == 0) ? " WHERE `adm` = '0'" : null) . " ORDER BY `pos` ASC");
if (dbrows($q) == 0) {
echo "<div class='list-group-item'>\n";
echo "Нет результатов\n";
echo "</div>\n";
}
$forum_online = dbquery("SELECT id FROM `user` WHERE `date_last` > '" . (time() - 100) . "' AND `url` like '/forum/%' ORDER BY `date_last` DESC LIMIT 10");
$forum_on = dbassoc(dbquery("SELECT id FROM `user` WHERE `date_last` > '" . (time() - 100) . "' AND `url` like '/forum/%' ORDER BY `date_last` DESC LIMIT 10"));
echo "<div class='list-group-item'>\n";
echo "<small style='color:grey;' class='badge text-bg-secondary'>Сейчас в форуме </small>";
echo "<a href='on-forum.php'><small style='color:grey;' class='badge text-bg-light'><i class='mdi mdi-animation-outline'></i> Смотреть всех</small></a><br />";
while ($post = dbassoc($forum_online)) {
$ank = dbassoc(dbquery("SELECT * FROM `user` WHERE `id` = '$post[id]'"));
echo "<a href='/info.php?id=$ank[id]' title='$ank[nick]'>\n";
echo avatar($ank['id']);
echo "</a>";
}
if ($forum_on == null) {
echo "<small style='color:grey;'>Сейчас в форуме никого нет</small>";
}
echo "</div>\n";
while ($forum = dbassoc($q)) {
echo "<div class='list-group-item'>\n";
echo "<a href='/forum/$forum[id]/'><b><i class='mdi mdi-$forum[icon]'></i> " . text($forum['name']) . "</b></a> <span class='badge text-bg-success' style='float:right'>" . dbresult(dbquery("SELECT COUNT(*) FROM `forum_p` WHERE `id_forum` = '$forum[id]'"), 0) . '/' . dbresult(dbquery("SELECT COUNT(*) FROM `forum_t` WHERE `id_forum` = '$forum[id]'"), 0) . "</span>\n";
if ($forum['opis'] != NULL) {
echo '<br />' . output_text($forum['opis']);
}
echo "</div>\n";
}
if (user_access('forum_for_create') && (isset($_GET['act']) && $_GET['act'] == 'new' || dbresult(dbquery("SELECT COUNT(*) FROM `forum_f`"), 0) == 0)) {
echo "<form class='list-group-item list-group-item-light' method=\"post\" action=\"/forum/index.php?act=new&ok\">\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Название подфорума:</label>\n";
echo "<input name=\"name\" type=\"text\" class='form-control' maxlength='32' required value='' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Описание:</label>\n";
echo "<textarea name=\"opis\" class='form-control'></textarea>\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Позиция:</label>\n";
$pos = dbresult(dbquery("SELECT MAX(`pos`) FROM `forum_f`"), 0) + 1;
echo "<input name=\"pos\" type=\"text\" required class='form-control' maxlength='3' value='$pos' />\n";
echo "</div>\n";
echo "<div class='mb-3'>";
echo "<label class='form-label'>Иконка: <a href='https://pictogrammers.com/library/mdi/'>список иконок</a></label>\n";
echo "<input name=\"icon\" type=\"text\" class='form-control' value='arrange-send-backward' />\n";
echo "</div>\n";
echo "<button type='submit' class='btn btn-success'><i class='mdi mdi-check'></i> Создать</button>\n";
echo "<a href=\"/forum/\" class='btn btn-light'>Отмена</a>\n";
echo "</form>\n";
}
if (user_access('forum_for_create') && dbresult(dbquery("SELECT COUNT(*) FROM `forum_f`"), 0) > 0) {
echo "<div class=\"list-group-item\">\n";
echo "<a href=\"/forum/?act=new\" class='btn btn-outline-dark'><i class='mdi mdi-forum-plus-outline'></i> Новый подфорум</a>\n";
echo "</div>\n";
}
echo "</div>\n";
include_once TFOOT;
?>