Файл: www/game/update.php
Строк: 120
<?
include '../config.php';
include 'functions.php';
$admin=admin();
$moder=mod_fj();
$admin_zs=adm_zg();
if(!$admin and !$moder and !$admin_zs){
div('Ошибка');
echo 'Извините! Но к этой странице вам доступ запрещен';
}else{
div('Обновление версии');
if (isset($_GET['id']) && is_numeric($_GET['id']) && !isset($_GET['act'])) {
$game_id=intval($_GET['id']);
$s=mysql_query("SELECT * FROM `gamess` WHERE `id`=$game_id");
$game=mysql_fetch_array($s);
if (!$game) {
echo "Ошибка!<br>За данным ID в базе нет файла";
}
else {
echo "<form action=?act=1 method=post>";
echo "Выберите тип загрузки:<br>";
echo "<input type=radio name=method value=import checked=checked>импорт<br><input type=radio name=method value=upload>выгрузка<br/>n";
echo "<input type=submit name=send value=Дальше>";
echo "<input type=hidden name=id_game value=$_GET[id]>";
echo "</form>";
}
}
if ($_GET['act']==1) {
if (!isset($_POST['send'])) {
echo "Внимание!<br>Произошла ошибка<br>Нельзя вручную обходить форму";
}
else {
if ( $_POST['method'] =='import' )
{
echo "<form method=post action=?act=end>n";
echo "Экран:<select name=display><br/>n";
$display=mysql_query("SELECT * FROM `display` ORDER BY `name` ASC");
while ($c = mysql_fetch_array($display))
{
echo "<option value=$c[id]>$c[name]";
}
echo "</select><br>";
echo "Платформа:<select name=platform><br/>n";
$platform=mysql_query("SELECT * FROM `platform` ORDER BY `name` ASC");
while ($p = mysql_fetch_array($platform))
{
echo "<option value=$p[id]>$p[name]";
}
echo "</select><br>";
echo "Язык: <select name=language><br/>n";
$lang=mysql_query("SELECT * FROM `language` ORDER BY `id` ASC");
while ($l = mysql_fetch_array($lang))
{
echo "<option value=$l[id]>$l[name]";
}
echo "</select><br>";
echo "Адрес:<input name=url><br/>n";
}
elseif ( $_POST['method'] == 'upload' )
{
echo "<form method="post" action=?act=end enctype="multipart/form-data">n";
echo "Экран:<select name=display><br/>n";
$display=mysql_query("SELECT * FROM `display` ORDER BY `id` ASC");
while ($c = mysql_fetch_array($display))
{
echo "<option value=$c[id]>$c[name]";
}
echo "</select><br>";
echo "Платформа:<select name=platform><br/>n";
$platform=mysql_query("SELECT * FROM `platform` ORDER BY `name` ASC");
while ($p = mysql_fetch_array($platform))
{
echo "<option value=$p[id]>$p[name]";
}
echo "</select><br>";
echo "Язык: <select name=language><br/>n";
$lang=mysql_query("SELECT * FROM `language` ORDER BY `id` ASC");
while ($l = mysql_fetch_array($lang))
{
echo "<option value=$l[id]>$l[name]";
}
echo "</select><br>";
echo "Файл:<input name=file type="file"/><br/>n";
}
echo "<input type="hidden" name="method" value="" . $_POST['method'] . ""/>n";//метод
echo "<input type=hidden name=id_game value=$_POST[id_game]>";
echo "<input type=submit name=send value=Загрузить>";
echo "</form>";
}
}
elseif ($_GET['act']==end) {
if (!isset($_POST['send'])) {
echo "Внимание!<br>Произошла ошибка<br>Нельзя вручную обходить форму";
}
else {
$id_game=intval($_POST['id_game']);
$id_dir=mysql_result(mysql_query("SELECT `cat_id` FROM `gamess` WHERE `id`=$id_game"),0);
$for=mysql_result(mysql_query("SELECT `name` FROM `gamess` WHERE `id`=$id_game"),0);
$descr=$_POST['display'];
$lang=$_POST['language'];
$plat=$_POST['platform'];
$description=mysql_result(mysql_query("SELECT `name` FROM `display` WHERE `id`=$descr"),0);
$platform=mysql_result(mysql_query("SELECT `name` FROM `platform` WHERE `id`=$plat"),0);
$language=mysql_result(mysql_query("SELECT `name` FROM `language` WHERE `id`=$lang"),0);
$nazv="$for $description $platform $language";
$method=$_POST['method'];
if ($method==upload) {
move_uploaded_file ( $_FILES['file']['tmp_name'], 'files/' .$nazv. '.jar' );
$array=array ('plat'=>$plat,'lang'=>$lang, 'descr' => $descr, 'url' => 'files/' .$nazv. '.jar' );
}
elseif ($method==import) {
$url=$_POST['url'];
copy ( $url, 'files/' .$nazv. '.jar' );
$array=array ('plat'=>$plat,'lang'=>$lang, 'descr' => $descr, 'url' => 'files/' .$nazv. '.jar' );
}
$config['jad']='http://gefan.ru/game/';
$size = round(filesize(''.$array['url'])/1024);
$jad = make_jad(''.$array['url'],'files/',$config['jad'].$array['url']);
$jad = str_replace('', '', $jad);
$jad = str_replace('//', '/', $jad);
mysql_query("UPDATE `gamess` SET `updated`='$time' WHERE `id`=$id_game");
mysql_query ("INSERT INTO `filess` ( `id` , `game_id` , `cat_id` , `description` , `language`, `platform`, `jar_path` , `jad_path` , `size` , `position`, `time` )
VALUES (0, '$id_game', '$id_dir', '".$array['descr']."', '".$array['lang']."', '".$array['plat']."', '".$array['url']."', '$jad', '$size', '$pos', '$time');");
echo "Новая версия успешно загружена";
}
}}
echo '</div>';
include '../foot.php';
echo '</div>';
?>