Файл: user/files/edit.php
Строк: 105
<?php
/*
* Файлы
* DCMS Special
* Модифицировал densnet
* Файл edit.php
*/
require_once '../../sys/inc/start.php';
require_once '../../sys/inc/compress.php';
require_once '../../sys/inc/sess.php';
require_once '../../sys/inc/settings.php';
require_once '../../sys/inc/db_connect.php';
require_once '../../sys/inc/ipua.php';
require_once '../../sys/inc/fnc.php';
require_once '../../sys/inc/user.php';
$set['title'] = 'Файлы';
require_once '../../sys/inc/thead.php';
only_reg();
aut();
$dir = intval($_GET['id']);
if ($_GET['id'] == 0) {
$folder['id_user'] = $user['id'];
} else {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_dir` WHERE `id` = '$dir' AND `id_user` = '$user[id]' LIMIT 1"), 0) == 0) {
header("Location: /index.php?");
exit;
}
$folder = mysql_fetch_array(mysql_query("SELECT * FROM `user_dir` WHERE `id` = '$dir' LIMIT 1"));
}
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'delete' && isset($_GET['ok'])) {
$q2 = mysql_query("SELECT * FROM `user_files` WHERE `dir` = '$folder[id]'");
while ($post = mysql_fetch_array($q2)) {
unlink(H . 'sys/files/' . $post['name'] . '.dat');
}
mysql_query("DELETE FROM `user_files` WHERE `dir` = '$folder[id]'");
mysql_query("DELETE FROM `user_dir` WHERE `id` = '$folder[id]'");
mysql_query("DELETE FROM `user_dir` WHERE `dir` = '$folder[id]'");
header('Location: index.php');
}
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'rename' && isset($_GET['ok']) && isset($_POST['name'])) {
if ($_POST['name'] == NULL) {
$err[] = "Введите название папки";
}
if (!preg_match("#^([A-zА-я0-9-_ ])+$#ui", $_POST['name'])) {
$err[] = 'В логине присутствуют запрещенные символы';
}
if (preg_match("#(^ )|( $)#ui", $_POST['name'])) {
$err[] = 'Запрещено использовать пробел в начале и конце логина';
}
if (!isset($err)) {
mysql_query("UPDATE `user_dir` SET `name`='" . mysql_real_escape_string($_POST['name']) . "' WHERE `id` = '$folder[id]' LIMIT 1");
if ($folder['dir'] == 0) {
header('Location: index.php?id=' . $user['id'] . '');
} else {
header('Location: dir.php?dir=' . $folder['dir'] . '');
}
}
}
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'new' && isset($_GET['ok']) && isset($_POST['name'])) {
if ($_POST['name'] == NULL) {
$err[] = "Введите название папки";
}
if (!preg_match("#^([A-zА-я0-9-_ ])+$#ui", $_POST['name'])) {
$err[] = 'В логине присутствуют запрещенные символы';
}
if (preg_match("#(^ )|( $)#ui", $_POST['name'])) {
$err[] = 'Запрещено использовать пробел в начале и конце логина';
}
if (!isset($err)) {
mysql_query("INSERT INTO `user_dir` (`name` , `dir` , `id_user`) VALUES ('" . mysql_real_escape_string($_POST['name']) . "', '$dir', '$user[id]')");
if ($dir == 0) {
header('Location: index.php?id=' . $user['id'] . '');
} else {
header('Location: dir.php?dir=' . $folder['id'] . '');
}
}
}
err();
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'new') {
echo "<form class = 'razd' action='?id=$dir&act=new&ok' method="post">";
echo "Название папки:<br />n";
echo "<input type = 'text' name = 'name' value = '' aria-required = 'true' aria-invalid = 'false' required = 'required' /><br />n";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Добавить папку</span>";
echo "</button><div class = 'buttons tiptip right'>";
echo "<a href = 'dir.php?id=$dir' class = 'button' title = 'Отмена'><span class = 'icon icon56' /></a>";
echo "</div></form>";
}
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'rename') {
echo "<form class = 'razd' action='?id=$dir&act=rename&ok' method="post">";
echo "Название папки:<br />n";
echo "<input type="text" name="name" value="" . htmlentities($folder['name'], ENT_QUOTES, 'UTF-8') . ""/><br />n";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon67' /> Сохранить</span>";
echo "</button><div class = 'buttons tiptip right'>";
echo "<a href = 'dir.php?id=$dir' class = 'button' title = 'Отмена'><span class = 'icon icon56' /></a>";
echo "</div></form>";
}
if ($folder['id_user'] == $user['id'] && isset($_GET['act']) && $_GET['act'] == 'delete') {
echo "<div class = 'razd'>Удалить текущую папку <b>$folder[name]</b>?<br />n";
echo "<a href = '?id=$dir&act=delete&ok'>Да</a> | ";
echo "<a href = 'dir.php?dir=$dir'>Нет</a></div>";
}
require_once '../../sys/inc/tfoot.php';