Viewing File: /people/testlab/www/testlab.com.pl/script/s525.php
<?
if ($_GET['param']=='zapisz_komentarz')
{
include('../config.php');
//if (!islogin()) die();
include('../inc/db.php');
$db = new DBConnect();
$sql="select * from ustawienia where typ='s".$_POST['page']."'";
$db->query($sql);
$row=$db->fetchrow();
$row=explode(";",$row['text']);
$kom=$row[0];
$moderate=$row[1];
$sql= "INSERT INTO `aktualnosci_komentarze` (
`id` ,
`tresc` ,
`news_id` ,
`user_id` ,
`data` ,
`ip` ,
`status`
)
VALUES (
'', '".$_POST['komentarz']."', '".$_POST['news']."', '".$_SESSION['user_id']."', '".date("Y-m-d H:i:s")."', '".$_SERVER["REMOTE_ADDR"]."', '$moderate'
);
";
$result = $db ->query($sql);
//wyslanie maila do wlasiciela
$sql="select * from ustawienia where typ='title'";
$db->query($sql);
$row=$db->fetchrow();
$title=$row['text'];
$sql="select * from pages where id=".$_POST['page'];
$db->query($sql);
$row=$db->fetchrow();
$nazwa=$row['nazwa'];
$sql="select * from users where id=1";
$db->query($sql);
$row=$db->fetchrow();
$to=$row['email'];
$vbCrLF="\n";
$tekst1="Wiadomość ze strony $title".$vbCrLF.$vbCrLF;
$tekst1=$tekst1."----------------------------------------------------".$vbCrLF;
$tekst1=$tekst1."Dodano nowy komentarz do podstrony $nazwa: ".$vbCrLF.$vbCrLF;
$tekst1=$tekst1.$_POST['komentarz'].$vbCrLF.$vbCrLF;
if ($moderate==0) $tekst1=$tekst1."Zaloguj się w panelu administracyjnym aby usunąć lub zatwierdzić komentarz.".$vbCrLF.$vbCrLF;
else $tekst1=$tekst1."Komentarz jest widoczny dla użytkowników. Jeśli chcesz go usunąć zaloguj się w panelu administracyjnym.".$vbCrLF.$vbCrLF;
$tekst1=$tekst1."http://".$_SERVER['SERVER_NAME']."/panel.php?page=".$_POST['page']."&news=".$_POST['news'].$vbCrLF.$vbCrLF;
$tekst1=$tekst1."client IP: ".$_SERVER["REMOTE_ADDR"].$vbCrLF;
$message = $tekst1;
$charset='UTF-8';
$subject="Nowy komentarz";
$encoded_subject="=?$charset?B?".base64_encode($subject)."?=\n";
$from=$title;
$body=$tekst1;
$headers="From: ".$from."\n"
. "Content-Type: text/plain; charset=$charset; format=flowed\n"
. "MIME-Version: 1.0\n"
. "Content-Transfer-Encoding: 8bit\n"
. "X-Mailer: PHP\n";
mail($to,$encoded_subject, $body,$headers);
exit();
}
?>
<script>
function zapisz_komentarz(e)
{
if ($("komentarz").value=='') {alert('<?echo "".$languages['tresc_komentarza_alert'];?>');return;}
advAJAX.post
(
{
url: "script/s<?=$_GET['page'];?>.php?param=zapisz_komentarz",
parameters :
{
"news":e,
"komentarz":$("komentarz").value,
"page":<?=$_GET['page'];?>
},
onInitialization : function()
{
//$("main").innerHTML = loading_html;
},
onSuccess : function(obj)
{
//$("main").innerHTML = obj.responseText;
location.reload();
},
onError : function(obj)
{
alert("Error: " + obj.status);
},
onFinalization : function()
{
}
}
);
}
</script>
<?
$db = new DBConnect();
$db2 = new DBConnect();
$sql="select * from pages where id='".$_GET['page']."'";
$db->query($sql);
$row=$db->fetchrow();
$nazwa_strony=$row['nazwa'];
$opis_strony=$row['tresc'];
$sql="select * from ustawienia where typ='s".$_GET['page']."'";
$db->query($sql);
$row=$db->fetchrow();
$row=explode(";",$row['text']);
$kom=$row[0];
$moderate=$row[1];
if ($_GET['news']!='')
{
$sql = "select * from `aktualnosci` where id=".$_GET['news'].";";
$result = $db->query($sql);
$row=$db->fetchrow();
echo "<table border=0>";
echo "<tr>";
echo "<td id='td_".$row['id']."'>
<div class=news>
<div class=news_title><b>".$row['nazwa']."</b><br><br></div>";
echo "<div class=news_body>".$row['tresc']."</div>";
echo "<div class=news_add><br>".$languages['data_publikacji']." ".$row['data']."</div>
</div>";
$sql= "select * from files where skrypt_id='".$_GET['page']."' and user_id=".$_GET['news']." order by id ;";
$result = $db ->query($sql);
if ($db->numrows()>0)
echo "<br>Pliki do pobrania:<br>";
while ($row=$db->fetchrow())
{
$typ=substr($row['plik'],-3);
$image_path="file.png";
if (($typ=='gif')||($typ=='jpg')||($typ=='png')) $image_path="galeria.png";
if (($typ=='flv')||($typ=='wmv')||($typ=='rmvb')||($typ=='mov')) $image_path="movie.png";
if (($typ=='mp3')||($typ=='wav')) $image_path="sound.png";
if (($typ=='rar')||($typ=='zip')) $image_path="archive.png";
if (($typ=='csv')||($typ=='xls')) $image_path="excel.png";
if (($typ=='doc')) $image_path="word.png";
if (($typ=='pdf')) $image_path="pdf.png";
if (($typ=='gif')||($typ=='jpg')||($typ=='png')||($typ=='flv')||($typ=='wmv')||($typ=='rmvb')||($typ=='mov')||($typ=='mp3')||($typ=='wav'))
$player = "id=\"mb".$j."\" class=\"mb\"";
else $player="target=blank";
echo"<a href='upload/".$row['plik']."' $player title='".$row['opis']."'><img src=\"img/$image_path\" border=0 style='height:30px;vertical-align:middle;'> ".$row['opis']."</a>";
echo "<br>";
}
echo "
<div id=back_button><a href='javascript:void(0)' onclick='history.back()'>".$languages['powrot']."</a></div>
</td>";
echo "</tr>";
echo "</table>";
if (($kom==2)||(($kom==1)&&(isset($_SESSION['user_name']))))
{
echo "<div id=comments_header>".$languages['komentarze']."</div>";
$sql="select * from aktualnosci_komentarze left join users on aktualnosci_komentarze.user_id = users.id where news_id='".$_GET['news']."' and aktualnosci_komentarze.status=1 order by data desc";
$db->query($sql);
if ($db->numrows()==0) echo "".$languages['brak_komentarzy']."<br>";
while ($row=$db->fetchrow())
{
echo str_replace("\n","<br>",$row['tresc'])."<br>";
echo $row['data']." - ";
if ($row['login']=='') echo "".$languages['gosc']."";else echo $row['login'];
echo"<br><br>";
}
echo "<br>
<div id=new_comment_div>
<table>
<tr>
<td>
".$languages['nowy_komentarz']."<br>
<textarea rows=5 cols=60 id=komentarz name=komentarz></textarea></td></tr>
<tr><td align=right>
<input type=button class=button value='".$languages['zapisz']."' onclick=zapisz_komentarz(".$_GET['news'].")>
</td></tr>";
if ($moderate==0) echo "<tr><td id=komunikat>".$languages['komunikat_o_zatwierdzeniu']."</td></tr>";
echo"
</table>
</div>
";
}
}
else
{
if ($opis_strony!='') echo $opis_strony."<br>";
//if ($_GET['rok']=='')
//$sql = "select * from `aktualnosci` where skrypt_id=".$_GET['page']." order by data desc limit 5;";
//else
$sql = "select * from `aktualnosci` where skrypt_id=".$_GET['page']." and data like '".$_GET['rok']."%' order by data desc;";
$result = $db->query($sql);
echo "<table >";
while ($row=$db->fetchrow())
{
if ($row['opcje']=='') $row['opcje']='left;100;';
$params=explode(";",$row['opcje']);
echo "<tr>";
echo "<td id='td_".$row['id']."'>
<div class=news style='min-height:".$params[1].";'>";
$nazwa=str_replace("-","",$row['nazwa']);
$nazwa=str_replace("\"","",$nazwa);
$nazwa=str_replace("?","",$nazwa);
$nazwa=str_replace("__","_",$nazwa);
if ($row['plik']!='') //wczytanie miniaturki
{
list($width, $height, $type, $attr) = getimagesize("upload/".$row['plik']);
$style="float:".$params[0].";margin:5px;";
$style = $style."width:".$params[1]."px;";
echo "<img src='upload/".$row['plik']."' style=\"$style\">";
}
echo "<div class=news_title><a href='".str_replace(" ","_",$nazwa).",".$_GET['page'].",".$row['id']."' id='a_".$row['id']."' ><b>".$row['nazwa']."</b></a></div>";
echo "<div class=news_body>";
echo $row['tresc_krotka']."</div>";
echo "
<div class=news_more><a href='".str_replace(" ","_",$nazwa).",".$_GET['page'].",".$row['id']."' id='a_".$row['id']."' style='font-weight:normal;color:#fff;'>".$languages['wiecej']."</a></div>";
if (($kom==2)||(($kom==1)&&(isset($_SESSION['user_name']))))
{
$sql = "select * from `aktualnosci_komentarze` where news_id=".$row['id']." and status=1;";
$result = $db2->query($sql);
$ilosc = $db2->numrows();
echo "<div class=news_com>".$languages['komentarze']." <b>".$ilosc."</b></div>";
}
echo "<div class=news_add>".$languages['data_publikacji']." ".$row['data']."</div>
</div>
</td>";
echo "</tr>";
}
echo "</table>";
/*
$j=date("Y");
echo "<A href='index.php?page=".$_GET['page']."&rok=$j'>Wszystkie aktualności ".$j."</a><br><br>";
$j--;
for ($i=$j;$i>=2008;$i--)
{
echo "<A href='index.php?page=".$_GET['page']."&rok=$i'>Archiwum $i</a><br>";
}
*/
}
?>
Back to Directory
File Manager