Файл: www/app/update.php
Строк: 120
<?
include '../config.php';
include 'functions.php';
$admin=admin();
$moder=mod_fj();
if(!$admin and !$moder){
div('Ошибка');
echo 'Извините! Но к этой странице вам доступ запрещен';
}else{
div('Обновление версии');
if (isset($_GET['id']) && is_numeric($_GET['id']) && !isset($_GET['act'])) {
$game_id=intval($_GET['id']);
$s=mysql_query("SELECT * FROM `app_games` WHERE `id`=$game_id");
$game=mysql_fetch_array($s);
if (!$game) {
echo "Ошибка!<br>За данным ID в базе нет файла";
}
else {
echo "<form action=?act=1 method=post>";
echo "Выберите тип загрузки:<br>";
echo "<input type=radio name=method value=import checked=checked>импорт<br><input type=radio name=method value=upload>выгрузка<br/>n";
echo "<input type=submit name=send value=Дальше>";
echo "<input type=hidden name=id_game value=$_GET[id]>";
echo "</form>";
}
}
if ($_GET['act']==1) {
if (!isset($_POST['send'])) {
echo "Внимание!<br>Произошла ошибка<br>Нельзя вручную обходить форму";
}
else {
if ( $_POST['method'] =='import' )
{
echo "<form method=post action=?act=end>n";
echo "Экран:<select name=display><br/>n";
$display=mysql_query("SELECT * FROM `display` ORDER BY `name` ASC");
while ($c = mysql_fetch_array($display))
{
echo "<option value=$c[id]>$c[name]";
}
echo "</select><br>";
echo "Платформа:<select name=platform><br/>n";
$platform=mysql_query("SELECT * FROM `platform` ORDER BY `name` ASC");
while ($p = mysql_fetch_array($platform))
{
echo "<option value=$p[id]>$p[name]";
}
echo "</select><br>";
echo "Язык: <select name=language><br/>n";
$lang=mysql_query("SELECT * FROM `language` ORDER BY `id` ASC");
while ($l = mysql_fetch_array($lang))
{
echo "<option value=$l[id]>$l[name]";
}
echo "</select><br>";
echo "Версия (не обязательно):<br>";
echo "<input type=text name=ver><br>";
echo "Адрес:<input name=url><br/>n";
}
elseif ( $_POST['method'] == 'upload' )
{
echo "<form method="post" action=?act=end enctype="multipart/form-data">n";
echo "Экран:<select name=display><br/>n";
$display=mysql_query("SELECT * FROM `display` ORDER BY `id` ASC");
while ($c = mysql_fetch_array($display))
{
echo "<option value=$c[id]>$c[name]";
}
echo "</select><br>";
echo "Платформа:<select name=platform><br/>n";
$platform=mysql_query("SELECT * FROM `platform` ORDER BY `name` ASC");
while ($p = mysql_fetch_array($platform))
{
echo "<option value=$p[id]>$p[name]";
}
echo "</select><br>";
echo "Язык: <select name=language><br/>n";
$lang=mysql_query("SELECT * FROM `language` ORDER BY `id` ASC");
while ($l = mysql_fetch_array($lang))
{
echo "<option value=$l[id]>$l[name]";
}
echo "</select><br>";
echo "Версия (не обязательно):<br>";
echo "<input type=text name=ver><br>";
echo "Файл:<input name=file type="file"/><br/>n";
}
echo "<input type="hidden" name="method" value="" . $_POST['method'] . ""/>n";//метод
echo "<input type=hidden name=id_game value=$_POST[id_game]>";
echo "<input type=submit name=send value=Загрузить>";
echo "</form>";
}
}
elseif ($_GET['act']==end) {
if (!isset($_POST['send'])) {
echo "Внимание!<br>Произошла ошибка<br>Нельзя вручную обходить форму";
}
else {
$id_game=intval($_POST['id_game']);
$id_dir=mysql_result(mysql_query("SELECT `cat_id` FROM `app_games` WHERE `id`=$id_game"),0);
$for=mysql_result(mysql_query("SELECT `name` FROM `app_games` WHERE `id`=$id_game"),0);
$descr=$_POST['display'];
$lang=$_POST['language'];
$plat=$_POST['platform'];
$ver=$_POST['ver'];
$description=mysql_result(mysql_query("SELECT `name` FROM `display` WHERE `id`=$descr"),0);
$platform=mysql_result(mysql_query("SELECT `name` FROM `platform` WHERE `id`=$plat"),0);
$language=mysql_result(mysql_query("SELECT `name` FROM `language` WHERE `id`=$lang"),0);
$nazv="$for $description $platform $language $ver";
$method=$_POST['method'];
if ($method==upload) {
move_uploaded_file ( $_FILES['file']['tmp_name'], 'files/' .$nazv. '.jar' );
$array=array ('ver'=>$ver, 'plat'=>$plat,'lang'=>$lang, 'descr' => $descr, 'url' => 'files/' .$nazv. '.jar' );
}
elseif ($method==import) {
$url=$_POST['url'];
copy ( $url, 'files/' .$nazv. '.jar' );
$array=array ('ver'=>$ver, 'plat'=>$plat,'lang'=>$lang, 'descr' => $descr, 'url' => 'files/' .$nazv. '.jar' );
}
$config['jad']='/app/';
$size = round(filesize(''.$array['url'])/1024);
$jad = make_jad(''.$array['url'],'files/',$config['jad'].$array['url']);
$jad = str_replace('', '', $jad);
$jad = str_replace('//', '/', $jad);
mysql_query("UPDATE `app_games` SET `updated`='$time' WHERE `id`=$id_game");
mysql_query ("INSERT INTO `app_files` ( `id` , `game_id` , `cat_id` , `description` , `language`, `platform`, `jar_path` , `jad_path` , `size` , `position`, `time`, `ver`)
VALUES (0, '$id_game', '$id_dir', '".$array['descr']."', '".$array['lang']."', '".$array['plat']."', '".$array['url']."', '$jad', '$size', '$pos', '$time', '".$array['ver']."');");
echo "Новая версия успешно загружена";
}
}
}
echo '</div>';
include '../foot.php';
echo '</div>';
?>