ЗаWAP | Просмотр архива

Файл pageinfo/allnews/news.php
Вес запакованого файла 2.7Kb (2758 b)
Вес распакованого файла: 10.3Kb (10567 b)
Метод сжатия: 8
<?php
require_once('../classes/body.class.php');
require_once('../classes/db.class.php');
require_once('../classes/system.class.php');
$title= new Body;
$id = isset($_GET['id']) ? abs((int)$_GET['id']) : false;
$do = isset($_GET['do']) ? check($_GET['do']) : false;
switch($do) {
default:
$array = DB::$dbs->query("SELECT * FROM gazeta_article WHERE id = ? LIMIT 1", [$id]);
if ($array -> rowCount() == 0) {
header('location: /');
die();
}
$arr = $array -> fetch();
DB::$dbs->query("UPDATE `gazeta_article` SET `chit` = `chit` + ? WHERE id = ?", [1,$id]);
$cat = DB::$dbs->queryFetch("SELECT id,name FROM gazeta_cat WHERE id = ? LIMIT 1", [$arr['cid']]);
$title->SetTitle('Свежие новости - '.($arr['name']).'');
$title->GetHeader();
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-widgets"></i> '.$arr['name'].'</div></div></div>';
echo '<div class="list-group-item media"><a href="index.html">Свежие новости</a> :: <a href="category.html?id='.$cat['id'].'">'.$cat['name'].'</a> :: '.$arr['name'].'</div>';


echo '<div class="list-group-item media"><b>'.$arr['name'].'</b><br/>';
echo (empty($arr['image']) ? NULL : '<img src="/files/gazeta/'.$arr['image'].'" alt="*" style="max-width:100%; border-bottom-left-radius: 20px; border-bottom-right-radius: 20px; border-top-right-radius: 20px; border-top-left-radius: 20px;"/>');
echo'</br>';
echo text($arr['text']);
echo '</div>';
echo '<div class="list-group-item media"><i class="zmdi zmdi-account"></i> Добавил: '.Nick($arr['user_id']).' ('.vr($arr['time']).')</div>';

if ($b['id'] == $arr['user_id'] OR $b['level'] > 2) {
echo '<div class="list-group-item media"><i class="zmdi zmdi-shuffle"></i>  Действие: <a href="?do=img&id='.$id.'">[Изображение]</a> / <a href="?do=up&id='.$id.'">[Изменить]</a> / <a href="?do=del&id='.$id.'">[Удалить]</a></div>';
}
$array = DB::$dbs->query("SELECT * FROM gazeta_article WHERE id = ? LIMIT 1", [$id]);
if ($array -> rowCount() == 0) {
header('location: /');
die();
}
$arr = $array -> fetch();
$cat = DB::$dbs->queryFetch("SELECT id,name FROM gazeta_cat WHERE id = ? LIMIT 1", [$arr['cid']]);
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-comment"></i> Обсуждение новости  ('.DB::$dbs->querySingle("SELECT COUNT(id) FROM gazeta_comm WHERE cid = ?", [$id]).')</div></div></div>';
if (isset($_GET['del'])) {
if ($b['level'] < 3) {
header('location: ?');
die();
}
DB::$dbs->query("DELETE FROM gazeta_comm WHERE id = ?", [abs((int)$_GET['del'])]);
header('location: news.html?id='.$id);
die();
}
if (isset($_GET['otv'])) {
$t = DB::$dbs->queryFetch("SELECT * FROM blogger WHERE id = ?", [abs((int)$_GET['otv'])]);
if (empty($t['id'])) {
header('location: /');
}
$reply = $t['nick'].', ';
} else {
$reply = '';
}
$otv = isset($_GET['otv']) ? abs((int)$_GET['otv']) : false;
$k_mess = DB::$dbs->querySingle("SELECT COUNT(id) FROM gazeta_comm WHERE cid = ?", [$id]);
$num = 10;
$k_page = k_page($k_mess, $num);
$page = page($k_page);
$start = $num*$page-$num;
$sql = DB::$dbs->query("SELECT * FROM gazeta_comm WHERE cid = ? ORDER BY time DESC LIMIT $start,$num", [$id]);
if ($sql->rowCount() == 0) {
err('Комментариев нет!');
} else {
while($a = $sql -> fetch()) {
$D = ($b['level'] > 2 ? '[<a href=news.html?id='.$id.'&del='.$a['id'].'">Удл</a>] ':NULL);
echo '<div class="list-group-item media">'.Nick($a['user_id']).' ('.vr($a['time']).') '.(($a['user_id'] != $b['id']) ? ' <a href="news.html?id='.$id.'&otv='.$a['user_id'].'">[Отв]</a>':NULL).' '.$D.'</br>'.text($a['text']).'</div>';
}
}
if ($k_page>1) {
str('news.html?id='.$id.'&', $k_page,$page);
}
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-comment"></i> Добавить комментарий</div></div></div>';

if ($b == true){ 
if (isset($_POST['add'])) {
$text = check($_POST['text']);
if (empty($text)) {
err('Введите текст!');
} elseif (DB::$dbs->querySingle("SELECT COUNT(id) FROM gazeta_comm WHERE text = ? AND cid = ?", [$text,$id]) > 0) {
err('Такой коммент уже есть :)');
} else {
DB::$dbs->query("INSERT INTO gazeta_comm SET text = ?, time = ?, user_id = ?, cid= ?", [$text,time(),$b['id'],$id]);
header('location: news.html?id='.$id);
die();
}
}
$o = (!empty($otv) ? '&otv='.$otv : NULL);
echo '<div class="list-group-item media"><form name="form" method="post" action="news.html?id='.$id.$o.'"><br/>';
quickpaste('text');
quickpanel();
echo'<br/><br/><textarea name="text" class="form-control" rows="8">'.$reply.'</textarea> <input type="submit" name="add" class="btn btn-primary" value="Добавить"/></div></form>';
} else {echo'<div class="list-group-item media">Только зарегистрированные пользователи могут оставлять комментарии. <a href= "/login" >Войдите</a>, пожалуйста.</div>';}
break;
case 'img':
$array = DB::$dbs->query("SELECT * FROM gazeta_article WHERE id = ? LIMIT 1", [$id]);
if ($array -> rowCount() == 0) {
header('location: /');
die();
}
$arr = $array -> fetch();
$cat = DB::$dbs->queryFetch("SELECT id,name FROM gazeta_cat WHERE id = ? LIMIT 1", [$arr['cid']]);
$title->SetTitle('Свежие новости - '.($arr['name']).'');
$title->GetHeader();
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-widgets"></i> '.$arr['name'].' :: Добавить изображение</div></div></div>';
echo '<div class="list-group-item media"><a href="index.html">Свежие новости</a> :: <a href="category.html?id='.$cat['id'].'">'.$cat['name'].'</a> :: '.$arr['name'].'</div>';
if ($arr['user_id'] != $b['id'] && $b['level'] < 2) {
header('location: /');
die();
}
if (isset($_POST['upl'])) {
$err = [];
$fnames = $_FILES['file']['name'];
$pictures = ['.gif', '.jpg', '.jpeg', '.png'];
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$par = @getimagesize($_FILES['file']['tmp_name']);
if (empty($fnames)) {
$err[] = 'Выберите файл!';
} elseif ($par[0] > 1800 || $par[1] > 1600) {
$err[] = 'Большое расширение файла!';
} elseif (preg_match('/(\.php|\.pl|\.htaccess)/i', $fnames) || !in_array($ext, $pictures)) {
$err[] = 'Запрещенный формат файла!';
} elseif ($_FILES['file']['size'] > 1024 * 1 * 1024){
$err[] = 'Большой размер файла!';
}
$foto = ''.homeurl.'_' . mt_rand(1000, 9999) . $ext;
if (empty($err)) {
copy($_FILES['file']['tmp_name'], $_SERVER['DOCUMENT_ROOT'].'/files/gazeta/'.$foto);
DB::$dbs->query("UPDATE gazeta_article SET image = ? WHERE id = ? LIMIT 1", [$foto,$id]);
header('location: ?id='.$id);
} else {
echo '<div class="alert alert-danger" role="alert">';
foreach($err as $error) {
echo $error.'<br/>';
}
echo '</div>';
}
}
echo '<div class="list-group-item media"><form ENCTYPE="multipart/form-data" method="post" action="?do=img&id='.$id.'">Изображение: (*max. 1800x1600px. 1mb.)<br/><input name="file" class="form-control" type="file" accept="image/jpeg, image/png, image/gif"/>
<br/><input type="submit" name="upl" class="btn btn-primary"value="Добавить"/></div></form>';
break;
case 'up':
$array = DB::$dbs->query("SELECT * FROM gazeta_article WHERE id = ? LIMIT 1", [$id]);
if ($array -> rowCount() == 0) {
header('location: /');
die();
}
$arr = $array -> fetch();
$cat = DB::$dbs->queryFetch("SELECT id,name FROM gazeta_cat WHERE id = ? LIMIT 1", [$arr['cid']]);
$title->SetTitle('Свежие новости - '.($arr['name']).'');
$title->GetHeader();
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-widgets"></i> '.$arr['name'].' :: Изменить запись</div></div></div>';
echo '<div class="list-group-item media"><a href="index.html">Свежие новости</a> :: <a href="category.html?id='.$cat['id'].'">'.$cat['name'].'</a> :: '.$arr['name'].'</div>';
if ($b['id'] != $arr['user_id'] && $b['level'] < 2) {
header('location: /');
die();
}
if (isset($_POST['add'])) {
if (empty($_POST['name']) OR empty($_POST['text'])) {
err('Введите название и содержание!');
} elseif (DB::$dbs->querySingle("SELECT COUNT(id) FROM gazeta_article WHERE name = ? AND text = ?", [$name,$text]) > 0) {
err('Такая запись уже есть!');
} else {
DB::$dbs->query("UPDATE gazeta_article SET name = ?, text = ? WHERE id = ?", [check($_POST['name']),check($_POST['text']),$id]);
header('location: ?id='.$id);
}
}
echo '<div class="list-group-item media"><form action="?do=up&id='.$id.'" method="POST">Название:<br/> <input type="text" class="form-control" name="name" value="'.$arr['name'].'"/><br/>Содержание:<br/><br/>';
quickpaste('text');
quickpanel();
echo'<br/><br/><textarea class="form-control" rows="8" name="text">'.$arr['text'].'</textarea><br/><input type="submit" name="add" class="btn btn-primary" value="Изменить"/></form></div>';
break;
case 'del':
$array = DB::$dbs->query("SELECT * FROM gazeta_article WHERE id = ? LIMIT 1", [$id]);
if ($array -> rowCount() == 0) {
header('location: /');
die();
}
$arr = $array -> fetch();
$title->SetTitle('Свежие новости - '.($arr['name']).'');
$title->GetHeader();
echo'<div class="tile"><div class="t-header th-alt bg-teal"><div class="th-title"><i class="zmdi zmdi-widgets"></i> '.$arr['name'].' :: Удаление статьи</div></div></div>';
echo '<div class="list-group-item media"><a href="index.html">Свежие новости</a> :: <a href="category.html?id='.$cat['id'].'">'.$cat['name'].'</a> :: '.$arr['name'].'</div>';
$cat = DB::$dbs->queryFetch("SELECT id,name FROM gazeta_cat WHERE id = ? LIMIT 1", [$arr['cid']]);
if ($b['id'] != $arr['user_id'] && $b['level'] < 2) {
header('location: /');
die();
}
if (isset($_GET['ok'])) {
DB::$dbs->query("DELETE FROM gazeta_comm WHERE cid = ?", [$id]);
if ($arr['image'] != NULL) {
unlink($_SERVER['DOCUMENT_ROOT'].'/files/gazeta/'.$arr['image']);
}
DB::$dbs->query("DELETE FROM gazeta_article WHERE id = ?", [$id]);
echo '<div class="alert alert-success"role="alert">Успешно удалено!</div>';
$title->GetFooter();
die();
}
echo '<div class="list-group-item media">Действительно удалить?<br/><a href="?do=del&id='.$id.'&ok">Да</a> | <a href="?id='.$id.'">Нет</a></div>';
break;
}

$title->GetMenu();
$title->GetFooter();
?>