Viewing File: /people/testlab/www/testlab.com.pl/script/s649.php

<?
if ($_GET['param']=='zapisz_komentarz')
{
include('../config.php');
//if (!islogin()) die();
include('../inc/db.php');
$db = new DBConnect();

$sql="select * from ustawienia where typ='s".$_POST['page']."'";
$db->query($sql);
$row=$db->fetchrow(); 
$row=explode(";",$row['text']);
$kom=$row[0];
$moderate=$row[1];

$sql= "INSERT INTO `aktualnosci_komentarze` (
`id` ,
`tresc` ,
`news_id` ,
`user_id` ,
`data` ,
`ip` ,
`status` 
)
VALUES (
'', '".$_POST['komentarz']."', '".$_POST['news']."', '".$_SESSION['user_id']."', '".date("Y-m-d H:i:s")."', '".$_SERVER["REMOTE_ADDR"]."', '$moderate'
);
";
$result = $db ->query($sql);

//wyslanie maila do wlasiciela 
$sql="select * from ustawienia where typ='title'";
$db->query($sql);
$row=$db->fetchrow();
$title=$row['text'];
$sql="select * from pages where id=".$_POST['page'];
$db->query($sql);
$row=$db->fetchrow();
$nazwa=$row['nazwa'];
$sql="select * from users where id=1";
$db->query($sql);
$row=$db->fetchrow();
$to=$row['email'];

		$vbCrLF="\n";

$tekst1="Wiadomość ze strony $title".$vbCrLF.$vbCrLF;
$tekst1=$tekst1."----------------------------------------------------".$vbCrLF;
$tekst1=$tekst1."Dodano nowy komentarz do podstrony $nazwa: ".$vbCrLF.$vbCrLF;
$tekst1=$tekst1.$_POST['komentarz'].$vbCrLF.$vbCrLF;
if ($moderate==0) $tekst1=$tekst1."Zaloguj się w panelu administracyjnym aby usunąć lub zatwierdzić komentarz.".$vbCrLF.$vbCrLF;
else $tekst1=$tekst1."Komentarz jest widoczny dla użytkowników. Jeśli chcesz go usunąć zaloguj się w panelu administracyjnym.".$vbCrLF.$vbCrLF;
$tekst1=$tekst1."http://".$_SERVER['SERVER_NAME']."/panel.php?page=".$_POST['page']."&news=".$_POST['news'].$vbCrLF.$vbCrLF;

$tekst1=$tekst1."client IP: ".$_SERVER["REMOTE_ADDR"].$vbCrLF;

$message = $tekst1;
$charset='UTF-8';
$subject="Nowy komentarz";
$encoded_subject="=?$charset?B?".base64_encode($subject)."?=\n";
$from=$title;
$body=$tekst1;

$headers="From: ".$from."\n"
		. "Content-Type: text/plain; charset=$charset; format=flowed\n"
		. "MIME-Version: 1.0\n"
		. "Content-Transfer-Encoding: 8bit\n"
		. "X-Mailer: PHP\n";
mail($to,$encoded_subject, $body,$headers);

exit();
}



?>

<script type="text/javascript">
function zapisz_komentarz(e)
{
if ($("komentarz").value=='') {alert('<?echo "".$languages['tresc_komentarza_alert'];?>');return;}
 advAJAX.post
	(
		{
			url: "script/s<?=$_GET['page'];?>.php?param=zapisz_komentarz",
			parameters :
			{
			  "news":e,
			  "komentarz":$("komentarz").value,
			  "page":<?=$_GET['page'];?>
			},
			onInitialization : function() 
			{
				//$("main").innerHTML = loading_html;   
				
			},
			onSuccess : function(obj) 
			{ 
			 //$("main").innerHTML = obj.responseText; 
			  
			 location.reload();
			  
			},
			onError : function(obj)
			{ 
				alert("Error: " + obj.status); 
			},
			onFinalization : function() 
			{
				
			}
		}
	);            

}
</script>

<?
$db = new DBConnect();
$db2 = new DBConnect();
$sql="select * from pages where id='".$_GET['page']."'";
$db->query($sql);
$row=$db->fetchrow(); 
$nazwa_strony=$row['nazwa'];
$opis_strony=$row['tresc'];
$sql="select * from ustawienia where typ='s".$_GET['page']."'";
$db->query($sql);
$row=$db->fetchrow(); 
$row=explode(";",$row['text']);
$kom=$row[0];
$moderate=$row[1];


if ($_GET['news']!='')
{
$sql = "select * from `aktualnosci` where id=".$_GET['news'].";";
$result = $db->query($sql);
$row=$db->fetchrow();
echo "<table border=0>";
echo "<tr>";
echo "<td id='td_".$row['id']."'>
<div class=news>
<div class=news_title><b>".$row['nazwa']."</b><br><br></div>";
echo "<div class=news_body>".$row['tresc']."</div>";
echo "<div class=news_add><br>".$languages['data_publikacji']." ".$row['data']."</div>
</div>";

$sql= "select * from files where skrypt_id='".$_GET['page']."' and user_id=".$_GET['news']." order by id ;";
$result = $db ->query($sql);
if ($db->numrows()>0)
echo "<br>Pliki do pobrania:<br>";
while ($row=$db->fetchrow())
{
$typ=substr($row['plik'],-3);
$image_path="file.png";
if (($typ=='gif')||($typ=='jpg')||($typ=='png')) $image_path="galeria.png";
if (($typ=='flv')||($typ=='wmv')||($typ=='rmvb')||($typ=='mov')) $image_path="movie.png";
if (($typ=='mp3')||($typ=='wav')) $image_path="sound.png";
if (($typ=='rar')||($typ=='zip')) $image_path="archive.png";
if (($typ=='csv')||($typ=='xls')) $image_path="excel.png";
if (($typ=='doc')) $image_path="word.png";
if (($typ=='pdf')) $image_path="pdf.png";
											
if (($typ=='gif')||($typ=='jpg')||($typ=='png')||($typ=='flv')||($typ=='wmv')||($typ=='rmvb')||($typ=='mov')||($typ=='mp3')||($typ=='wav'))
											$player = "id=\"mb".$j."\" class=\"mb\"";
											else $player="target=blank";
											
echo"<a href='upload/".$row['plik']."' $player title='".$row['opis']."'><img src=\"img/$image_path\" border=0 style='height:30px;vertical-align:middle;'> ".$row['opis']."</a>";
echo "<br>";
}

echo "
<div id=back_button><a href='javascript:void(0)' onclick='history.back()'>".$languages['powrot']."</a></div>
</td>";
echo "</tr>";
echo "</table>";


if (($kom==2)||(($kom==1)&&(isset($_SESSION['user_name']))))
{
echo "<div id=comments_header>".$languages['komentarze']."</div>";
$sql="select * from aktualnosci_komentarze left join users on aktualnosci_komentarze.user_id = users.id where news_id='".$_GET['news']."' and aktualnosci_komentarze.status=1 order by data desc";
$db->query($sql);

if ($db->numrows()==0) echo "".$languages['brak_komentarzy']."<br>";

while ($row=$db->fetchrow())
{
echo str_replace("\n","<br>",$row['tresc'])."<br>";
echo $row['data']." - ";
if ($row['login']=='') echo "".$languages['gosc']."";else echo $row['login']; 
echo"<br><br>";
}

echo "<br>
<div id=new_comment_div>
<table>
<tr>
<td>
".$languages['nowy_komentarz']."<br>
<textarea rows=5 cols=60 id=komentarz name=komentarz></textarea></td></tr>
<tr><td align=right>
<input type=button class=button value='".$languages['zapisz']."' onclick=zapisz_komentarz(".$_GET['news'].")>
</td></tr>";
if ($moderate==0) echo "<tr><td id=komunikat>".$languages['komunikat_o_zatwierdzeniu']."</td></tr>";
echo"
</table>
</div>
";
}

}
else
{

if ($opis_strony!='') echo $opis_strony."<br>";

//if ($_GET['rok']=='')
//$sql = "select * from `aktualnosci` where skrypt_id=".$_GET['page']."  order by data desc limit 5;";
//else
$sql = "select * from `aktualnosci` where skrypt_id=".$_GET['page']." and data like '".$_GET['rok']."%'  order by data desc;";

$result = $db->query($sql);
echo "<table >";
while ($row=$db->fetchrow())
{
if ($row['opcje']=='') $row['opcje']='left;100;';
$params=explode(";",$row['opcje']);
echo "<tr>";
echo "<td id='td_".$row['id']."'>
<div class=news style='min-height:110px;'>";
$nazwa=str_replace("-","",$row['nazwa']);
$nazwa=str_replace("\"","",$nazwa);
$nazwa=str_replace("?","",$nazwa);
$nazwa=str_replace("__","_",$nazwa);
if ($row['plik']!='') //wczytanie miniaturki
{
	list($width, $height, $type, $attr) = getimagesize("upload/".$row['plik']);
	$style="float:".$params[0].";margin:5px;";
	//$style = $style."width:".$params[1]."px;height:90px;";
	$style = $style."width:90px;height:90px;margin-right:15px;";
	echo "<img src='upload/".$row['plik']."' style=\"$style\" alt=''>";
}
echo "<div class=news_title><a href='".str_replace(" ","_",$nazwa).",".$_GET['page'].",".$row['id']."' ><b>".$row['nazwa']."</b></a></div>";
echo "<div class=news_body>";
echo str_replace("<br />","<br>",$row['tresc_krotka'])."</div>";
echo "
<div class=news_more><a href='".str_replace(" ","_",$nazwa).",".$_GET['page'].",".$row['id']."'>".$languages['wiecej']."</a></div>";
if (($kom==2)||(($kom==1)&&(isset($_SESSION['user_name']))))
{
$sql = "select * from `aktualnosci_komentarze` where news_id=".$row['id']." and status=1;";
$result = $db2->query($sql);
$ilosc = $db2->numrows();
echo "<div class=news_com>".$languages['komentarze']." <b>".$ilosc."</b></div>";
}
echo "<div class=news_add>".$languages['data_publikacji']." ".$row['data']."</div>
</div>
</td>";
echo "</tr>";
}
echo "</table>";
/*
$j=date("Y");
echo "<A href='index.php?page=".$_GET['page']."&rok=$j'>Wszystkie aktualności ".$j."</a><br><br>";
$j--;
for ($i=$j;$i>=2008;$i--)
{
echo "<A href='index.php?page=".$_GET['page']."&rok=$i'>Archiwum $i</a><br>";
}
*/
}
?>
Back to Directory File Manager