Файл: modules/share/delete_file.php
Строк: 33
<?php
$locate = 'in_share';
$file = $db->query("SELECT * FROM `share_files` WHERE `id` = '". abs(intval($_GET['file_id'])) ."'")->fetch();
$user5 = $db->query("SELECT * FROM `users` WHERE `id` = '". $file['user_id'] ."'")->fetch();
if($user['id'] == $file['user_id'] || $user['level'] == 4 || $user['level'] >=6)
{
if (isset($user)) {
if(isset($_GET['file_id'])) {
if(isset($_POST['yes'])) {
unlink(ROOT .'/files/share/'. $db->query("SELECT path_name FROM `share_files` WHERE `id` = '". abs(intval($_GET['file_id'])) ."'")->fetchColumn() .'');
$cat_id = $db->query("SELECT cat_id FROM `share_files` WHERE `id` = '". abs(intval($_GET['file_id'])) ."'")->fetchColumn();
$db->query("DELETE FROM `share_files` WHERE `id` = '". abs(intval($_GET['file_id'])) ."'");
$db->query("UPDATE `users` SET `rub` = '".($user5['rub']-0.00)."' WHERE `id` = '".$user5['id'] . "'");
go('/share/folder/'.$cat_id .'/');
} elseif(isset($_POST['no'])) {
go('/share/file/'.abs(intval($_GET['file_id'])).'/');
}
$title = $lang->word('delete');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('delete'));
echo '<form action="/share/delete_file/?file_id='. abs(intval($_GET['file_id'])) .'" method="post">
<div class="menu">
<b>'. $lang->word('r_sure') .'</b><br/>
<input name="yes" type="submit" value="'. $lang->word('yyes') .'" /> <input name="no" type="submit" value="'. $lang->word('yno') .'" /><br/>
</div>
</form>';
$tpl->div('block', img('share.png') .'<a href="/share/">'. $lang->word('share') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
} else { go('/'); }
} else { go('/'); }
} else {
header('location: /');
exit;
}
?>