Файл: pages/load/file.php
Строк: 133
<?php
include "../../system/mysql.php";
include "../../system/sys_func.php";
if (!isset($_GET['id']) || isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM load_file WHERE id = '". intval($_GET['id']) ."'"), 0) == 0) {
header("location: /pages/load/");
exit;
}
$file = mysql_fetch_assoc(mysql_query("SELECT * FROM load_file WHERE id = '". intval($_GET['id']) ."' LIMIT 1"));
$dir = mysql_fetch_assoc(mysql_query("SELECT * FROM load_dir WHERE id = '". $file['id_dir'] ."' LIMIT 1"));
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id = '". $file['id_user'] ."' LIMIT 1"));
switch($_GET['act']) {
case edit:
if (!isset($user) || isset($user) && $user['position'] != "admin" && $user['id'] != $file['id_user']) {
header("location: ?id=". $file['id'] ."");
exit;
}
$error = false;
$errort = '';
if (isset($_POST['submit'])) {
$name = html($_POST['name']);
$opis = html($_POST['opis']);
if (empty($name)) {
$error = true;
$errort .= '<div class="err">Название не может быть пустым</div>';
} elseif (strlen($name) > 100) {
$error = true;
$errort .= '<div class="err">Слишком длинное название</div>';
} elseif (!preg_match("#^([A-zА-я0-9 _-.,])+$#ui", $name)) {
$error = true;
$errort .= '<div class="err">В названии присутствуют запрещённые символы</div>';
} elseif (strlen($_POST['opis']) > 1024) {
$error = true;
$errort .= '<div class="err">Большое описание</div>';
} else {
mysql_query("UPDATE load_file SET name = '". $name ."', opis = '". $opis ."' WHERE id = '". $file['id'] ."' LIMIT 1");
header("location: ?id=". $file['id'] ."");
}
}
$title = "Загрузки / Редактирование файла";
include "../../system/head.php";
echo "<div class='title'><a href='/pages/load/'>Загрузки</a> / Редактирование файла</div>";
echo $errort;
echo "<form method='post'>";
echo "Название:<br/><input type='text' name='name' value='". html($file['name']) ."'/>". $file['ext'] ."<br/>";
echo "Описание:<br/><textarea name='opis'>". $file['opis'] ."</textarea><br/>";
echo "<input type='submit' name='submit' value='Изменить'/><br/>";
echo "</form>";
echo "<a class='link' href='?id=". $file['id'] ."'>← Назад</a>";
foot();
exit;
break;
case del:
if (!isset($user) || isset($user) && $user['position'] != "admin" && $user['id'] != $file['id_user']) {
header("location: ?id=". $file['id'] ."");
exit;
}
if (isset($_POST['submit'])) {
$query = mysql_query("SELECT * FROM `load_screen` WHERE `id_file` = '". $file['id'] ."' ORDER BY `id` DESC");
while($screen = mysql_fetch_assoc($query)){
unlink("screen/". $screen['id'] .".gif");
unlink("screen/mini/". $screen['id'] .".gif");
}
mysql_query("DELETE FROM `load_screen` WHERE `id_file` = '". $file['id'] ."'");
unlink("file/". $file['id'] .".dat");
mysql_query("DELETE FROM load_file WHERE id = '". $file['id'] ."' LIMIT 1");
header("location: /pages/load/?dir=". $dir['id'] ."&msg=del_file_ok");
exit;
}
$title = "Загрузки / Удаление файла";
include "../../system/head.php";
echo "<div class='title'><a href='/pages/load/'>Загрузки</a> / Удаление файла</div>";
echo "<form method='post'>";
echo "Удалить этот файл?<br/>";
echo "<input type='submit' name='submit' value='Да'/> <a href='?id=". $file['id'] ."'>Нет</a><br/>";
echo "</form>";
foot();
exit;
break;
case save:
$filename = "file/". $file['id'] .".dat";
$fn=$file['name'] . $file['ext'];
if (!file_exists($filename)) {
header ("HTTP/1.0 404 Not Found");
exit;
}
$fsize = filesize($filename);
$ftime = date("D, d M Y H:i:s T", filemtime($filename));
$fd = @fopen($filename, "rb");
if (!$fd) {
header ("HTTP/1.0 403 Forbidden");
exit;
}
mysql_query("UPDATE `load_file` SET `loads` = loads+1 WHERE `id` = '".$file['id']."' LIMIT 1");
// Если запрашивающий агент поддерживает докачку
if ($HTTP_SERVER_VARS["HTTP_RANGE"]) {
$range = $HTTP_SERVER_VARS["HTTP_RANGE"];
$range = str_replace("bytes=", "", $range);
$range = str_replace("-", "", $range);
if ($range) {fseek($fd, $range);}
}
$content = fread($fd, filesize($filename));
fclose($fd);
if ($range) {
header("HTTP/1.1 206 Partial Content");
} else {
header("HTTP/1.1 200 OK");
}
header("Content-Disposition: attachment; filename=$fn");
header("Last-Modified: $ftime");
header("Accept-Ranges: bytes");
header("Content-Length: ".($fsize-$range));
header("Content-Range: bytes $range-".($fsize -1)."/".$fsize);
header("Content-type: application/octet-stream");
print $content;
exit;
break;
}
$title = "Загрузки / Просмотр файла";
include "../../system/head.php";
echo "<div class='title'><a href='/pages/load/'>Загрузки</a> / ".html($file['name']).$file['ext']."</div>";
$qs = mysql_query("SELECT * FROM load_screen WHERE id_file = '".$file['id']."' ORDER BY id ASC");
if (mysql_num_rows($qs) > 0) {
echo "<div class='post'>";
echo "<div style='margin-bottom: 3px'><b>Скриншоты:</b></div>";
while($screen = mysql_fetch_assoc($qs)) {
echo "<a href='screen/". $screen['id'] .".gif'><img src='screen/mini/". $screen['id'] .".gif' alt=''/></a> ";
}
echo "</div>";
}
echo "<div class='post'>";
echo "<b>".html($file['name']).$file['ext']."</b><span class='c_date'>". ptime($file['time']) ."</span><br/>";
if ($file['opis'] != NULL) {
echo "Описание: ".output($file['opis'])."<br/>";
} else {
echo "Без описания";
}
echo "</div>";
echo "<div class='post_sys'><a href='?id=". $file['id'] ."&act=save'><img src='/design/imgs/dfile.png' alt=''/> Скачать</a> (". size($file['size']) .")</div>";
echo "<div class='post'>";
echo "Закачек: ". $file['loads'] ."<br>";
echo "Добавил: ";
echo '<a href="/pages/users/user.php?name='. $ank['login'] .'">';
echo online($ank['id']).$ank['login'].browser($ank['id'])."<br/>";
echo '</a>';
echo "</div>";
if (isset($user) && $user['position'] == 'admin' || $user['id'] == $file['id_user']) {
echo "<a class='link' href='screen.php?id=".$file['id']."'><img src='/design/imgs/ava.png' alt=''/> Управление скриншотами</a>";
echo "<a class='link' href='?id=".$file['id']."&act=del'><img src='/design/imgs/delete.png' alt=''/> Удалить файл</a>";
echo "<a class='link' href='?id=".$file['id']."&act=edit'><img src='/design/imgs/edit.png' alt=''/> Изменить файл</a>";
}
echo "<a class='link' href='/pages/load/?dir=".$dir['id']."'>← Назад</a>";
foot();
?>