Файл: user/files/index.php
Строк: 1357
<?php
require_once '../../sys/inc/start.php';
if (isset($_GET['download']) && isset($_GET['file']) || isset($_GET['test'])) {
} else {
require_once H.'sys/inc/compress.php';
}
require_once H.'sys/inc/sess.php';
require_once H.'sys/inc/settings.php';
require_once H.'sys/inc/db_connect.php';
require_once H.'sys/inc/ipua.php';
require_once H.'sys/inc/fnc.php';
require_once H.'sys/inc/user.php';
if (isset($_GET['test'])) {
$name = 'ololo';
$ras = 'mp3';
$size = filesize(H . "sys/files/78.dat");
$type = ras_to_mime($ras);
chmod(H . "sys/files/78.dat", 0777);
$file_name = "$name.$ras";
require_once H.'sys/inc/downloadfile.php';
DownloadFile(H . 'sys/files/78.dat', $name . '.' . $ras, ras_to_mime($ras));
exit;
}
if (isset($_GET['mp3'])) {
echo '<center>';
?>
<object type='application/x-shockwave-flash' data='player.swf' width='200' height='20' id='dewplayer' name='dewplayer'>
<param name='movie' value='flowplayer.swf' />
<param name='flashvars' value='mp3=2.mp3' />
<param name='wmode' value='transparent' />
</object>
<?php
echo '</center>';
exit;
}
if (isset($_GET['mp4'])) {
echo '<object type = "application/x-shockwave-flash" data = "/user/files/player.swf" height = "340" width = "400">';
echo '<param name = "bgcolor" value = "#FFFFFF" />';
echo '<param name = "allowFullScreen" value = "true" />';
echo '<param name = "allowScriptAccess" value = "always" />';
echo '<param name = "movie" value = "/user/files/videoplayer.swf" />';
echo '<param name = "FlashVars" value = "way=/file/1.mp4&swf=/user/files/videoplayer.swf&w=400&h=340&pic=&autoplay=1&tools=2&skin=blackblack&volume=70&q=1&comment=olololo" />';
echo '</object>';
exit;
}
if (isset($user) && ($user['group_access'] == 4 || $user['group_access'] >= 7)) {
$skp = NULL;
} else {
$skp = " AND `sk` = '0'";
$nvs = 1;
}
if (isset($_GET['activate_multichecker']) && isset($user)) {
$_SESSION['mrf'] = 1;
}
if (isset($_GET['mrf_cancel'])) {
unset($_SESSION['rpfs']);
unset($_SESSION['mrf']);
}
if (isset($_SESSION['mrf']) && isset($user)) {
$mrf = 1;
}
if (isset($_GET['from']) && $_GET['from'] != NULL) {
$from = htmlspecialchars($_GET['from']);
}
if (isset($_GET['file'])) {
$file = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '" . intval($_GET['file']) . "' AND `cat` = 'files' AND `type2` = 'file'"));
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id` = '" . intval($_GET['file']) . "' AND `cat` = 'files' AND `type2` = 'file'"), 0) == 0) {
$set['title'] = "Файлы | Ошибка";
require_once H.'sys/inc/thead.php';
title();
aut();
echo "<div class = 'errs'>Файл ненайден!</div>";
require_once H.'sys/inc/tfoot.php';
}
$ank = user::get_user($file['id_user']);
if ($file['sk'] == 1 && $user['group_access'] != 4 && $user['group_access'] < 7 && $ank['id'] != $user['id']) {
$set['title'] = "Файлы | Ошибка";
require_once H.'sys/inc/thead.php';
title();
aut();
echo "<div class = 'errs'>Файл заблокирован!</div>";
require_once H.'sys/inc/tfoot.php';
}
if ($file['id_dir'] == 0) {
$dir['id'] = 0;
$dir['name'] = 'Файлы';
$dir['count'] = '/0/';
$dir['type'] = 'all';
} else {
$dir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$file[id_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
}
if (isset($_GET['download']) && isset($_GET['file'])) {
} else {
$set['title'] = "Файлы | $ank[nick]";
require_once H.'sys/inc/thead.php';
title();
aut();
}
if (isset($_GET['download'])) {
$ras = $file['ras'];
$name = $file['name'];
$size = filesize(H . "sys/files/$file[id].dat");
$type = ras_to_mime($ras);
if ($ras == 'jar' && isset($_GET['java']) && $_GET['java'] == 'jad') {
$zip = new PclZip(H . 'sys/files/' . $file['id'] . '.dat');
$content = $zip->extract(PCLZIP_OPT_BY_NAME, "META-INF/MANIFEST.MF", PCLZIP_OPT_EXTRACT_AS_STRING);
$jad = preg_replace("#(MIDlet-Jar-URL:( )*[^(n|r)]*)#i", NULL, $content[0]['content']);
$jad = preg_replace("#(MIDlet-Jar-Size:( )*[^(n|r)]*)(n|r)#i", NULL, $jad);
$jad = trim($jad);
$jad.="rnMIDlet-Jar-Size: " . filesize(H . 'sys/files/' . $file['id'] . '.dat') . "";
$jad.="rnMIDlet-Jar-URL: http://$_SERVER[HTTP_HOST]/user/files/?file=$file[id]&download=1";
$jad = text::br($jad, "rn");
header('Content-Type: text/vnd.sun.j2me.app-descriptor');
header('Content-Disposition: attachment; filename="' . $file['name'] . '.jad";');
echo $jad;
exit;
}
chmod(H . "sys/files/$file[id].dat", 0777);
@mysql_query("UPDATE `files` SET `dl` = '" . ($file['dl'] + 1) . "' WHERE `id` = '$file[id]' LIMIT 1");
$file_name = "$name.$ras";
header("Content-Length:$size");
header("Content-Disposition:attachment; filename=$file_name");
header("Content-Type:$type;name=$file_name");
readfile(H . "sys/files/$file[id].dat");
//require_once '../sys/inc/downloadfile.php';
//DownloadFile(H.'sys/files/78.dat', $name.'.'.$ras, ras_to_mime($ras));
exit;
}
if ($user['ank_d_r'] != NULL && $user['ank_m_r'] != NULL && $user['ank_g_r'] != NULL) {
$user['ank_age'] = date("Y") - $user['ank_g_r'];
if (date("n") < $user['ank_m_r']) {
$user['ank_age'] = $user['ank_age'] - 1;
} elseif (date("n") == $user['ank_m_r'] && date("j") < $user['ank_d_r']) {
$user['ank_age'] = $user['ank_age'] - 1;
}
}
if ($dir['type'] == 'dir' && $dir['type_dir'] != 0) {
$dirol = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$dir[type_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
}
if (isset($dirol)) {
if ($dirol['type'] == 'only_me') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
$oki = 1;
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dirol['name']) . "</b> доступна только автору!</div>";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'friends') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$ank[id]') OR (`user` = '$ank[id]' AND `friends` = '$user[id]')"), 0) != 0) {
$oki = 1;
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dirol['name']) . "</b> доступна только друзьям автора!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'pass') {
if (isset($_POST['pass']) && $_POST['pass'] == $dirol['pass'] && isset($user) || mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) != 0 && isset($user) || $ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) == 0) {
mysql_query("INSERT INTO `enter` (`id_user`, `id_object`, `type`, `cat`) values ('$user[id]', '$dirol[id]', 'dostyp', 'file')");
}
$oki = 1;
} elseif ((!isset($_POST['pass']) || isset($_POST['pass']) && $_POST['pass'] != $dirol['pass']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) == 0 && $user['id'] != $ank['id']) {
echo "<div class = 'errs'>";
if (isset($_POST['pass']) && $_POST['pass'] != $dirol['pass']) {
echo "Пароль неправильный<br/>";
}
echo "Доступ к папке <b>" . htmlspecialchars($dirol['name']) . "</b> запрещен пользователем!<br> Чтобы пройти в папку пользователя, введите пароль:";
echo "<br /><form action = '' class = 'razd' method = "post"> <input type="text" name="pass"><br /><input type="submit" name="go"></div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'list') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) != 0) {
$oki = 1;
} else {
echo "<div class = 'errs'>";
echo "Доступ к папке <b>" . htmlspecialchars($dirol['name']) . "</b> закрыт!</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
}
}
if (!isset($oki)) {
/* разделяем путь к файлу на id папок, которые ведут к файлу и выбираем папку, к которой мы не имеем доступа */
$array = explode("/", $file['counter']);
foreach ($array as $key => $value) {
if ($value != NULL) {
$d1 = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = '$value' AND `cat` = 'files' AND `type2` = 'dir'"));
$id_dir = $d1['id'];
$d2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = '$id_dir' AND `cat` = 'files' AND `type2` = 'dir'"));
if ($d1['type'] == 'only_me' && $user['id'] != $ank['id']) {
$id_dir = $d1['id'];
} elseif ($d1['type'] == 'friends' && $user['id'] != $ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$ank[id]') OR (`user` = '$ank[id]' AND `friends` = '$user[id]')"), 0) == 0) {
$id_dir = $d1['id'];
} elseif ($d1['type'] == 'pass' && ($user['id'] != $ank['id'] || !isset($user))) {
$id_dir = $d1['id'];
}
if ($d1['type'] == 'list' && $user['id'] != $ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) == 0) {
$id_dir = $d1['id'];
}
}
}
if (isset($id_dir)) {
$d2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = '$id_dir' AND `cat` = 'files' AND `type2` = 'dir'"));
}
if (isset($d2)) {
if ($d2['type'] == 'only_me') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($d2['name']) . "</b> доступна только автору!</div>";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($d2['type'] == 'friends') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$ank[id]') OR (`user` = '$ank[id]' AND `friends` = '$user[id]')"), 0) != 0) {
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($d2['name']) . "</b> доступна только друзьям автора!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($d2['type'] == 'pass') {
if (isset($_POST['pass']) && $_POST['pass'] == $d2['pass'] && isset($user) || $ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
} elseif ((!isset($_POST['pass']) || isset($_POST['pass']) && $_POST['pass'] != $d2['pass']) && $user['id'] != $ank['id']) {
if (isset($_POST['pass']) && $_POST['pass'] != $d2['pass']) {
echo "<div class = 'errs'>Пароль неправильный</div>";
}
echo "<div class = 'errs'>Доступ к папке <b>" . htmlspecialchars($d2['name']) . "</b> запрещен пользователем!<br /> Чтобы пройти в папку пользователя, введите пароль:</div>";
echo "<form action = '' class = 'razd' method = "post">";
echo "<input type = "text" name = "pass" /><br/>";
echo "<input type = "submit" name = "go" /></form>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($d2['type'] == 'list') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) != 0) {
} else {
echo "<div class='errs'>";
echo "Доступ к папке <b>" . htmlspecialchars($d2['name']) . "</b> закрыт!</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
}
}
}
/*
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$file[id]' AND `type` = '+18' AND `cat` = 'file' LIMIT 1"), 0) == 0 && isset($_GET['passed']) && $file['+18'] == 1) {
mysql_query("INSERT INTO `enter` (`id_user`, `id_object`, `type`, `cat`) values ('$user[id]', '$file[id]', '+18', 'file')");
}
*
*/
if ($file['+18'] == 1) {
if (!isset($user)) {
echo "<div class = 'errs'>Файлы с меткой <font color = 'red'>[+18]</font> доступны только для авторизированых пользователей.Пожалуйста, пройдите процес <a href='/'>авторизации</a> или <a href='/reg.php'>регистрации</a></div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
$user['ank_age'] = date("Y") - $user['ank_g_r'];
if (date("n") < $user['ank_m_r']) {
$user['ank_age'] = $user['ank_age'] - 1;
} elseif (date("n") == $ank['ank_m_r'] && date("j") < $user['ank_d_r']) {
$user['ank_age'] = $user['ank_age'] - 1;
}
if (!isset($_GET['passed']) && $user['ank_age'] < 18) {
echo "<div class = 'errs'>Внимание! Это содержимое только для взрослых!<br/>Нажимая ДА, Вы подтверждаете, что Вам 18 или более лет.<br/>Если Вам менее 18 лет - нажмите НЕТ.<br/><br/><a href='?file=$file[id]&user=$ank[id]&passed=1'>Да</a> <a href='?file=$file[id_dir]&user=$ank[id]'>Нет</a><br/></div>n";
require_once H.'sys/inc/tfoot.php';
exit;
}
}
if (isset($user) && isset($_GET['delete_file']) && $file['sk'] == 0) {
if (isset($_GET['ok'])) {
mysql_query("DELETE FROM `files` WHERE `id` = '$file[id]'");
if (is_file(H . "user/files/screens/$file[id]_big.png")) {
unlink(H . "user/files/screens/$file[id]_big.png");
}
if (is_file(H . "user/files/screens/$file[id].png")) {
unlink(H . "user/files/screens/$file[id].png");
}
if (is_file(H . "user/files/java_icons/$file[id].png")) {
unlink(H . "user/files/java_icons/$file[id].png");
}
if (is_file(H . "sys/files/$file[id].dat")) {
unlink(H . "sys/files/$file[id].dat");
}
mysql_query("DELETE FROM `files_rating` WHERE `id_file` = '$file[id]'");
mysql_query("DELETE FROM `files_komm` WHERE `id_file` = '$file[id]'");
$_SESSION['uf_file_deleted'] = "$file[name].$file[ras]";
header("Location:?user=$ank[id]&dir=$dir[id]");
exit;
}
echo "<div class = 'errs'>Вы действительно хотите удалить файл?!<br /><br />";
echo "<a href='?user=$ank[id]&file=$file[id]&delete_file=1&ok' class = 'add'>Да</a> <a class = 'add' href = '?user=$ank[id]&file=$file[id]'>Нет</a></div>";
require_once H.'sys/inc/tfoot.php';
}
if (($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) && isset($_GET['edit_file']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['komm']) && $file['sk'] == 0) {
$name = text::esc(stripcslashes(htmlspecialchars($_POST['name'])), 1);
$ras = strtolower(preg_replace('#^.*.#i', NULL, $name));
$name = preg_replace('#[^]*$#i', NULL, $name); // имя файла без расширения
if (text::utf8_strlen($name) < 1) {
$err = 'Короткое название';
}
$komm = $_POST['komm'];
if ($komm == 2 || $komm == 3) {
$k = $komm;
} else {
$k = 1;
}
if ($ras == NULL || !isset($ras) || $ras == $name) {
$err = 'Неверный формат названия файла';
}
$desc = $_POST['desc'];
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id_dir` = '$dir[id]' AND `name` = '$name' AND `ras` = '$ras' AND `id_user` = '$ank[id]' AND `id` != '$file[id]'"), 0) != 0) {
$err = 'Файл с таким названием уже есть в этой папке';
}
if (!isset($err)) {
if ($ras != $file['ras'] && is_file(H . "user/files/screens/$file[id]_big.png")) {
unlink(H . "user/files/screens/$file[id]_big.png");
}
if ($ras != $file['ras'] && is_file(H . "user/files/screens/$file[id].png")) {
unlink(H . "user/files/screens/$file[id].png");
}
if ($ras != $file['ras'] && $file['ras'] == 'jar' && is_file(H . "user/files/java_icons/$file[id].png")) {
unlink(H . "user/files/java_icons/$file[id].png");
}
if (isset($_POST['p18']) && $_POST['p18'] == 1) {
$p18 = 1;
} else {
$p18 = 0;
}
//mysql_query("UPDATE `files` SET `name` = '$name', `ras` = '$ras', `komm` = '$k', `+18` = '$p18', `desc` = '$desc' WHERE `id` = '$file[id]'");
mysql_query("UPDATE `files` SET `name` = '$name',`komm` = '$k', ` 18` = '$p18', `desc` = '".mysql_real_escape_string($desc)."' WHERE `id` = '$file[id]'");
msg("Файл <b>" . htmlspecialchars($_POST['name']) . "</b> успешно отредактирован");
$clad = 1;
$file = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '" . intval($_GET['file']) . "' AND `cat` = 'files' AND `type2` = 'file'"));
}
}
if (isset($_GET['edit_file']) && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && !isset($clad) && $file['sk'] == 0) {
err();
echo "<div class = 'razd'>Файл: <a href = '?user=$ank[id]&file=$file[id]'>" . ($file['ras'] == 'jar' && is_file(H . "user/files/java_icons/$file[id].png") ? "<img src='java_icons/$file[id].png' height='16'/>" : "" . (is_file(H . "user/files/file_icons/$file[ras].png") ? "<img src='file_icons/$file[ras].png'/>" : "<img src='file_icons/unknown_file.png'/>") . "") . " <b>" . htmlspecialchars($file['name']) . "." . htmlspecialchars($file['ras']) . "</b></a></div>";
echo "<form class = 'razd' method = 'post' action='?user=$ank[id]&file=$file[id]&edit_file'>";
echo "<b>Название</b><br />";
echo "<input type = 'text' name = 'name' value = '" . htmlspecialchars($file['name']) . "' />." . htmlspecialchars($file['ras']) . "<br />";
echo "<input type = 'checkbox' name = 'p18' value = '1'" . ($file['+18'] == 1 ? " checked = 'checked'" : null) . " /> Только для взрослых <font color='red'>(+18)</font><br/>";
echo "<b>Описание</b><br />n";
echo "<textarea name = 'desc'>$file[desc]</textarea><br />n";
echo "<b>Комментируют</b><br />";
echo "<label><input type="radio"" . ($file['komm'] == 1 ? " checked='checked'" : NULL) . " name="komm" value="1" /> Все</label><br />n";
echo "<label><input type="radio"" . ($file['komm'] == 2 ? " checked='checked'" : NULL) . " name="komm" value="2" /> Только друзья</label><br />n";
echo "<label><input type="radio"" . ($file['komm'] == 3 ? " checked='checked'" : NULL) . " name="komm" value="3" /> Никто</label><br />n";
echo "<button name='ok' class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon67' /> Сохранить</span>";
echo "</button></form>";
echo "<div class = 'razd'><a href = '?user=$ank[id]&file=$file[id]&delete_file'>" . img('del.png') . " Удалить файл</a></div>";
require_once H.'sys/inc/tfoot.php';
}
if (isset($_GET['cur_file']) && !isset($clad)) {
if ($file['sk'] == 0) {
echo "<div class = 'razd'>Ссылка для вставки<br />";
echo "<input type = 'text' value = '[url=http://$_SERVER[HTTP_HOST]/user/files/?user=$ank[id]&file=$file[id]]$ank[nick] | Файлы | $file[name].$file[ras][/url]' maxlength='512' style='width:60%'/></div>n";
} else {
echo "<div class='errs'>Файл заблокирован!</div>n";
}
echo "<div class = 'razd'><a href='?user=$ank[id]&file=$file[id]'>" . img('left.png') . " Назад</a></div>n";
require_once H.'sys/inc/tfoot.php';
}
#Блокировка файла
if (isset($_GET['sk']) && ($user['group_access'] == 4 || $user['group_access'] >= 7)) {
if ($file['sk'] == 0) {
if (isset($_GET['ok']) && isset($_POST['msg'])) {
if (utf8_strlen($_POST['msg']) < 1) {
$err[] = 'Укажите причину';
}
if (!isset($err)) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `name` = 'Заблокированные' AND `sk` = '1' AND `type2` = 'dir' AND `cat` = 'files' AND `id_dir` = '0' AND `id_user` = '$ank[id]'"), 0) == 0) {
mysql_query("INSERT INTO `files` SET `name` = 'Заблокированные', `type` = 'all', `time` = '$time', `time2` = '$time', `id_dir` = '0', `counter` = '/0/', `type2` = 'dir', `cat` = 'files', `id_user` = '$ank[id]', `sk` = '1'");
$idd = mysql_insert_id();
$bdir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$idd'"));
} else {
$bdir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `name` = 'Заблокированные' AND `sk` = '1' AND `type2` = 'dir' AND `cat` = 'files' AND `id_dir` = '0' AND `id_user` = '$ank[id]'"));
}
mysql_query("UPDATE `files` SET `sk` = '1', `sk_user` = '$user[id]', `sk_msg` = '$_POST[msg]', `sk_time` = '$time', `id_dir` = '$bdir[id]', `counter` = '$bdir[counter]$bdir[id]/' WHERE `id` = '$file[id]'");
header("Location:?file=$file[id]&user=$ank[id]");
exit;
}
}
echo "<form class = 'razd' method = 'post' action = '?file=$file[id]&user=$ank[id]&sk=1&ok'>";
echo "<b>Причина</b><br />";
echo "<textarea name = 'msg'></textarea><br />";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Заблокировать</span>";
echo "</button></form>";
} else {
mysql_query("UPDATE `files` SET `sk` = '0', `sk_user` = '$user[id]', `id_dir` = '0', `counter` = '/0/', `sk_time` = '$time' WHERE `id` = '$file[id]'");
header("Location:?file=$file[id]&user=$ank[id]");
exit;
}
echo "<div class='razd'><a href='?file=$file[id]&user=$ank[id]'>" . img('left.png') . " Назад</a></div>n";
require_once H.'sys/inc/tfoot.php';
}
#Редактирование комментария
if (isset($_GET['edit_komm']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id` = '" . intval($_GET['edit_komm']) . "' AND `id_file` = '$file[id]'$skp"), 0) != 0 && $file['sk'] == 0) {
$komm = mysql_fetch_array(mysql_query("SELECT * FROM `files_komm` WHERE `id` = '" . intval($_GET['edit_komm']) . "' AND `id_file` = '$file[id]'"));
if (isset($_GET['ok']) && isset($_POST['ok'])) {
$msg = $_POST['msg'];
$mat = text::antimat($msg);
if ($mat) {
$err[] = 'В тексте сообщения обнаружен мат: ' . $mat;
}
if (text::utf8_strlen($msg) > 10024) {
$err = 'Сообщение слишком длинное';
}
if (text::utf8_strlen($msg) < 2) {
$err = 'Короткое сообщение';
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$file[id]' AND `id_user` = '$user[id]' AND `msg` = '" . mysql_escape_string($msg) . "' LIMIT 1"), 0) != 0) {
$err = 'Ваше сообщение повторяет предыдущее';
}
if (!isset($err)) {
mysql_query("UPDATE `files_komm` SET `msg` = '".mysql_real_escape_string($msg)."' WHERE `id` = '$komm[id]'");
header("Location:?file=$file[id]&user=$user[id]");
exit;
}
}
err();
echo "<form class = 'razd' method = 'post' name = 'message' action = '?file=$file[id]&user=$user[id]&edit_komm=$komm[id]&ok'>n";
echo "<b>Сообщение</b><br />";
echo "<textarea name = 'msg'>$komm[msg]</textarea><br />";
echo "<button name = 'ok' class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon67' /> Сохранить</span>";
echo "</button></form>n";
echo "<div class = 'razd'><a href = '?file=$file[id]&user=$user[id]'>" . img('left.png') . " Назад</a></div>";
require_once H.'sys/inc/tfoot.php';
} elseif (isset($_GET['reply']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id` = '" . intval($_GET['reply']) . "' AND `id_file` = '$file[id]'$skp"), 0) != 0 && $file['sk'] == 0) {
$komm = mysql_fetch_array(mysql_query("SELECT * FROM `files_komm` WHERE `id` = '" . intval($_GET['reply']) . "' AND `id_file` = '$file[id]'"));
$ank2 = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$komm[id_user]'"));
if ($ank2['id'] != $user['id']) {
echo "<div class = 'razd'>";
echo "$ank2[nick] написал(а): " . htmlspecialchars($komm['msg']) . "";
echo "</div>";
echo "<form method = 'post' class = 'razd' name = 'message' action = '?file=$file[id]&user=$user[id]&$passgen'>n";
echo "Сообщение:<br /><textarea name='msg'></textarea><br />";
echo "<input type='hidden' name='reply' value='$ank2[id]'/>";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'/>";
echo "<br/>";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Добавить</span>";
echo "</button></form>n";
echo "<div class = 'razd'>" . img('left.png') . " <a href = '?file=$file[id]&user=$user[id]'>Назад</a></div>";
require_once H.'sys/inc/tfoot.php';
}
}
if (isset($user) && $user['id'] != $ank['id'] && $user['money'] >= 1 && $user['rating'] >= 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_rating` WHERE `id_user` = '$user[id]' AND `id_file` = '$file[id]'"), 0) == 0 && $file['sk'] == 0) {
if (isset($_GET['rating']) && $_GET['rating'] == 'down') {
mysql_query("UPDATE `files` SET `rating` = '" . ($file['rating'] - 1) . "' WHERE `id` = '$file[id]' LIMIT 1", $db);
mysql_query("INSERT INTO `files_rating` (`id_user`, `id_file`, `time`, `rating`) values('$user[id]', '$file[id]', '$time', '1')", $db);
msg('Ваш отрицательный отзыв принят');
$file = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = $file[id] LIMIT 1"));
} elseif (isset($_GET['rating']) && $_GET['rating'] == 'up') {
mysql_query("UPDATE `files` SET `rating` = '" . ($file['rating'] + 1) . "' WHERE `id` = '$file[id]' LIMIT 1", $db);
mysql_query("INSERT INTO `files_rating` (`id_user`, `id_file`, `time`, `rating`) values('$user[id]', '$file[id]', '$time', '2')", $db);
msg('Ваш положительный отзыв принят');
$file = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = $file[id] LIMIT 1"));
}
}
if (isset($_POST['msg']) && isset($user) && $file['sk'] == 0) {
$msg = $_POST['msg'];
$mat = antimat($msg);
if ($mat) {
$err[] = 'В тексте сообщения обнаружен мат: ' . $mat;
}
if (text::utf8_strlen($msg) > 10024) {
$err = 'Сообщение слишком длинное';
} elseif (text::utf8_strlen($msg) < 2) {
$err = 'Короткое сообщение';
} elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$file[id]' AND `id_user` = '$user[id]' AND `msg` = '" . mysql_escape_string($msg) . "' LIMIT 1"), 0) != 0) {
$err = 'Ваше сообщение повторяет предыдущее';
} elseif (!isset($err)) {
if (isset($_POST['reply']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval($_POST['reply']) . "'"), 0) != 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_user` = '" . intval($_POST['reply']) . "' AND `id_file` = '$file[id]'"), 0) != 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id` = '" . intval($_POST['komm_reply']) . "' AND `id_file` = '$file[id]'"), 0) != 0) {
$ru = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . intval($_POST['reply']) . "'"));
if ($ru['id'] != $user['id']) {
$kr = mysql_fetch_array(mysql_query("SELECT * FROM `files_komm` WHERE `id_user` = '" . intval($_POST['komm_reply']) . "' AND `id_file` = '$file[id]'"));
$reply = 1;
}
}
$q3 = NULL;
$qq = mysql_query("SELECT * FROM `files_komm` WHERE `id_file` = '$file[id]'");
while ($ppost = mysql_fetch_array($qq)) {
$a = user::get_user($ppost['id_user']);
if ($a) {
$array = explode(";", $q3);
foreach ($array as $key => $value) {
if ($value == $a['id']) {
$g = 1;
}
}if (!isset($g)) {
$q3 = "" . ($q3 != NULL ? "$q3;" : null) . "$a[id]";
}if (isset($g)) {
unset($g);
}
}
}
$array = explode(";", $q3);
foreach ($array as $key => $value) {
$a = user::get_user($value);
if ($value != NULL && $a) {
$k = mysql_fetch_array(mysql_query("SELECT * FROM `files_komm` WHERE `id_file` = '$file[id]' AND `id_user` = '$a[id]' ORDER BY `id` DESC LIMIT 1"));
if ($a['id'] != $ank['id'] && $user['id'] != $a['id']) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `notification` WHERE `id_kont` = '$a[id]' AND `type` = 'files' AND `id_object` = '$file[id]'"), 0) == 0) {
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`, `type`, `id_object`) values('" . $user['id'] . "', '$a[id]', '[url=/info.php?id=$user[id]]$user[nick][/url] оставил комментарий к файлу [url=/user/files/?file=$file[id]&user=$user[id]]$file[name].$file[ras][/url]', '$time', 'files', '$file[id]')");
} else {
mysql_query("UPDATE `notification` SET `time` = '$time', `read` = '0' WHERE `id_kont` = '$a[id]' AND `type` = 'files' AND `id_object` = '$file[id]'");
}
}
}
}
mysql_query("INSERT INTO `files_komm` (`id_file`, `id_user`, `time`, `msg`" . (isset($reply) ? ", `reply`, `komm_reply`" : null) . ") values('$file[id]', '$user[id]', '$time', '" . mysql_real_escape_string($msg) . "'" . (isset($reply) ? ", '$ru[id]', '$kr[msg]'" : null) . ")");
if ($ank['id'] != $user['id']) {
if ($user['sex'] == 1) {
$pol = 'оставил';
} else {
$pol = 'оставила';
}
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`, `type`, `id_object`) values('" . $user['id'] . "', '$ank[id]', '[url=/info.php?id=$user[id]]$user[nick][/url] $pol комментарий в вашем [url=/user/files/?file=$file[id]&user=$ank[id]]файле[/url]', '$time', 'files', '$file[id]')");
}
mysql_query("UPDATE `user` SET `money` = '" . ($user['money'] + 3) . "' WHERE `id` = '$user[id]' LIMIT 1");
msg('Сообщение успешно добавлено');
}
header("Location:?file=$file[id]&user=$ank[id]");
}
#Удаление комментария
if (isset($_GET['delete_komm']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id`='" . intval($_GET['delete_komm']) . "' AND `id_file`='$file[id]' LIMIT 1"), 0) != 0 && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && $file['sk'] == 0) {
mysql_query("DELETE FROM `files_komm` WHERE `id`='" . intval($_GET['delete_komm']) . "' LIMIT 1");
msg('Комментарий успешно удален');
header("Location:?file=$file[id]&user=$ank[id]");
}
if (isset($_GET['sk_komm']) && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id`='" . intval($_GET['sk_komm']) . "' AND `id_file`='$file[id]' LIMIT 1"), 0) != 0 && $file['sk'] == 0) {
$komm = mysql_fetch_array(mysql_query("SELECT * FROM `files_komm` WHERE `id`='" . intval($_GET['sk_komm']) . "' AND `id_file`='$file[id]' LIMIT 1"));
if ($komm['sk'] == 1) {
$sk = 0;
} else {
$sk = 1;
}
mysql_query("UPDATE `files_komm` SET `sk` = '$sk', `sk_user` = '$user[id]' WHERE `id`='" . intval($_GET['sk_komm']) . "' LIMIT 1");
msg('Комментарий успешно удален');
header("Location:?file=$file[id]&user=$ank[id]");
}
err();
$aback = "?dir=$dir[id]&user=$ank[id]";
$nback = htmlspecialchars($dir['name']);
if ($file['sk_user'] != 0 && $file['sk'] == 0 && ($user['group_access'] == 4 || $user['group_access'] >= 7)) {
$sku = user::get_user($file['sk_user']);
echo "<div class = 'razd'><font color = 'green'>Файл разблокировал </font><b>";
echo user($sku['id']) . "";
echo "</b> <font color = 'blue'>(" . date::time($file['sk_time']) . ")</font></div>";
}
if ($file['sk'] == 1 && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7)) {
echo "<div class='errs'>";
$sku = user::get_user($file['sk_user']);
if ($sku['sex'] == 0) {
$a = 'a';
} else {
$a = null;
}
echo "Файл заблокировал$a ";
echo user($sku['id']) . "";
echo " <font color='blue'>(" . date::time($file['sk_time']) . ")</font><br/>Причина: " . text::toOutput($file['sk_msg']) . "";
if ($user['group_access'] == 4 || $user['group_access'] >= 7) {
echo "<br/><a href='?file=$file[id]&user=$ank[id]&sk=1'><font color = 'green'>[разблокировать]</font></a>";
}
echo "</div>";
}
echo "<div class = 'razd'>";
echo "" . ($file['ras'] == 'jar' && is_file(H . "user/files/java_icons/$file[id].png") ? "<img src='java_icons/$file[id].png' height='16'/>" : "" . (is_file(H . "user/files/file_icons/$file[ras].png") ? "<img src='file_icons/$file[ras].png'/>" : "<img src='file_icons/unknown_file.png'/>") . "") . " <b>" . htmlspecialchars($file['name']) . "</b><span style='color:grey;'>.$file[ras]</span>" . ($file['+18'] == 1 ? " <font color='red'>(+18)</font>" : null) . "";
if ($file['sk'] == 0 && ($user['group_access'] == 4 || $user['group_access'] >= 7)) {
echo " <a href='/user/files/?file=$file[id]&user=$ank[id]&sk=1'><font color = 'red'>[заблокировать]</font></a>n";
}
echo "</div><div class = 'razd'>";
if (IS_WEB == true) {
if ($file['ras'] == 'mp3') {
echo "<object id = 'audioplayer1' data = 'player.swf' type = 'application/x-shockwave-flash' width = '80%' height = '40'>";
echo '<param value="player.swf" name="movie"/><param value="loop=no&autostart=no&soundFile=/sys/files/' . $file['id'] . '.dat" name="FlashVars"/>
<param value="high" name="quality"/><param value="false" name="menu"/>
<param value="mp3=/sys/files/' . $file['id'] . '.dat"/>
<param value="transparent" name="wmode"/></object>';
}
}
$id_file = $file['id'];
$ras = $file['ras'];
$filee = H . "sys/files/$id_file.dat";
if (!is_file(H . "user/files/java_icons/$file[id].png") && $ras == 'jar') {
require_once H . "user/files/screen_creators/java.php";
} elseif (!is_file(H . "user/files/screens/" . $file['id'] . "_big.png") && ($ras == 'jpg' || $ras == 'jpeg' || $ras == 'gif' || $ras == 'png' || $ras == 'bmp')) {
require_once H . "user/files/screen_creators/images.php";
} //elseif (!is_file(H . "user/files/screens/" . $file['id'] . "_big.png") && ($ras == '3gp' || $ras == 'avi' || $ras == 'asf' || $ras == 'mp4' || $ras == 'mpe' || $ras == 'mpeg' || $ras == 'mpg' || $ras == 'wmv')) {
//require_once H . "user/files/screen_creators/videos.php";
//}
if (is_file(H . "user/files/screens/" . $file['id'] . "_big.png")) {
echo "<a href = 'screens/" . $file['id'] . "_big.png'><img src = 'screens/" . $file['id'] . "_big.png'/></a>";
}
if ($file['desc'] != NULL) {
echo "<br />" . text::toOutput($file['desc']) . "";
}
echo "</div>n";
echo "<div class = 'razd' style = 'background-color: #FFF8C4;'>";
echo img('save.gif') . " <a href='?file=$file[id]&user=$ank[id]&download=1' title = 'Скачать файл'>Скачать " . ($ras == 'jar' ? "JAR " : null) . "(" . size_file(filesize(H . "sys/files/$file[id].dat")) . ")</a>" . ($ras == 'jar' ? " (<a href='?file=$file[id]&user=$ank[id]&download=1&java=jad' title='Скачать файл'>JAD</a>)" : null) . "</div>n";
echo "<div class = 'razd' style = 'color: grey'>";
echo "<b style='color: #666;'>Закачек :</b> $file[dl]<br />";
echo " " . user($ank['id']) . " ";
if ($dir['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($dir['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($dir['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($dir['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
echo "<br />Папка: <a href = '$aback'>" . img('' . $dir_img . '') . " $nback</a>";
echo "<br />Рейтинг: ";
if (isset($user) && $user['id'] != $ank['id'] && $user['money'] >= 1 && $user['rating'] >= 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_rating` WHERE `id_user` = '$user[id]' AND `id_file` = '$file[id]'"), 0) == 0 && $file['sk'] == 0) {
echo "[<a href="?file=$file[id]&user=$ank[id]&rating=down" title="Отдать отрицательный голос">-</a>] ";
}
echo "$file[rating]";
if (isset($user) && $user['id'] != $ank['id'] && $user['money'] >= 1 && $user['rating'] >= 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `files_rating` WHERE `id_user` = '$user[id]' AND `id_file` = '$file[id]'"), 0) == 0 && $file['sk'] == 0) {
echo " [<a href="?file=$file[id]&user=$ank[id]&rating=up" title="Отдать положительный голос">+</a>]";
}
echo "</div>n";
if ($file['sk'] == 0) {
echo "<div class = 'razd'>";
if (($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && $file['sk'] == 0) {
echo "<a href = '?file=$file[id]&user=$ank[id]&edit_file' class = 'add'>" . img('set_mini.png') . " Редактировать</a>";
echo "<a href = '?file=$file[id]&user=$ank[id]&delete_file' class = 'add'>" . img('del.png') . " Удалить</a><br /><br />";
}
echo "<a href = '?file=$file[id]&user=$ank[id]&cur_file' class = 'add'>Отправить другу</a>";
echo "</div>";
}
if (isset($user) && $user['id'] == $ank['id']) {
mysql_query("UPDATE `files` SET `a_time` = '$time' WHERE `id` = '$file[id]'");
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$file[id]' AND `id_user` != '$user[id]' AND `time` > '$file[a_time]'"), 0) != 0) {
header("Location:?file=$file[id]&user=$ank[id]");
}
}
/*
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `jurnal` WHERE `id_kont` = '$user[id]' AND `cat` = 'files' AND `type` = 'komm' AND `id_object2` = '$file[id]' AND `read` = '0'"),0)!=0)
{
mysql_query("UPDATE `jurnal` SET `read` = '1', `last_time` = '$time' WHERE `id_kont` = '$user[id]' AND `cat` = 'files' AND `type` = 'komm' AND `id_object2` = '$file[id]' AND `read` = '0'");
header("Location:?user=$ank[id]&file=$file[id]");
}
*/
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$file[id]'$skp"), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
echo "<div class = 'razd'>" . img('comment_white.png') . " Комментариев: $k_post</div>";
if ($k_post == 0) {
echo "<div class = 'errs'>";
echo img('error.png') . " Нет результатов";
echo "</div>";
}
$q = mysql_query("SELECT * FROM `files_komm` WHERE `id_file` = '$file[id]'$skp ORDER BY `id` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_assoc($q)) {
$ank2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
echo "<table class = 'razd'><tr><td class = 'icon48'>";
avatar($ank2['id'], '48');
echo "</td><td class = 'null'>";
echo user($ank2['id']) . "";
echo " (" . date::time($post['time']) . ")<br/>";
if ($post['sk'] == 1 && $post['sk_user'] != 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '$post[sk_user]'"), 0)) {
$sku = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[sk_user]'"));
echo "<font color='red'>Скрыл" . ($sku['sex'] == 0 ? 'a' : null) . " $sku[nick]</font><br/>";
}
if ($post['reply'] != 0 && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '$post[reply]'"), 0)) {
$ru = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[reply]'"));
echo "$ru[nick], ";
}
echo text::toOutput($post['msg']) . "<br />n";
if ($file['sk'] == 0) {
if (isset($user) && $ank2['id'] != $user['id']) {
echo " <a href='?file=$file[id]&user=$ank[id]&reply=$post[id]' title='Ответить на комментарий'>[ответить]</a>";
}
if ($user['group_access'] >= 6) {
echo " <a href='?file=$file[id]&user=$ank[id]&edit_komm=$post[id]' title='Редактировать комментарий'>[ред]</a> ";
}
if ($user['group_access'] >= 6) {
echo " <a href='?file=$file[id]&user=$ank[id]&sk_komm=$post[id]' title='" . ($post['sk'] == 1 ? "Показать" : "Скрыть") . " комментарий'>[" . ($post['sk'] == 1 ? "показать" : "скрыть") . "]</a>";
}
if ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) {
echo " <a href='?file=$file[id]&user=$ank[id]&delete_komm=$post[id]' title='Удалить комментарий'>[удалить]</a>";
}
if (isset($user) && isset($cmpl_module)) {
echo " <a href='/?cmpl=$post[id]&category=file&type=komm' title='Жалоба на комментарий'>[жалоба]</a>";
}
}
echo "</td></tr></table>";
}
if ($k_page > 1) {
str("?file=$file[id]&user=$ank[id]&", $k_page, $page);
} // Вывод страниц
if (isset($user) && $file['sk'] == 0) {
echo "<form method = 'post' class = 'razd' name = 'msg' action = '?file=$file[id]&user=$ank[id]&$passgen'>n";
echo "<b>Сообщение</b><br /><textarea name = 'msg'></textarea><br />";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Отправить</span>";
echo "</button></form>";
}
echo "<div class = 'razd'>" . img('left.png') . " <a href = '$aback'>$nback</a></div>";
require_once H.'sys/inc/tfoot.php';
} elseif (isset($_GET['dir']) && intval($_GET['dir']) != NULL && intval($_GET['dir']) != 0) {
$dir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '" . intval($_GET['dir']) . "' AND `cat` = 'files' AND `type2` = 'dir'"));
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id` = '" . intval($_GET['dir']) . "' AND `cat` = 'files' AND `type2` = 'dir'"), 0) == 0) {
$set['title'] = "Файлы | Ошибка";
require_once H.'sys/inc/thead.php';
title();
aut();
echo "<div class='errs'>Папка ненайдена!</div>";
require_once H.'sys/inc/tfoot.php';
}
$ank = user::get_user($dir['id_user']);
if ($dir['sk'] == 1 && $user['group_access'] != 4 && $user['group_access'] < 7 && $ank['id'] != $user['id']) {
$set['title'] = "Файлы | Ошибка";
require_once H.'sys/inc/thead.php';
title();
aut();
echo "<div class='errs'>Папка заблокирована!</div>";
require_once H.'sys/inc/tfoot.php';
}
if ($dir['id_dir'] == 0) {
$dir2['id'] = 0;
$dir2['name'] = 'Файлы';
$dir2['count'] = '/0/';
$dir2['type'] = 'all';
} else {
$dir2 = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$dir[id_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
}
$set['title'] = "Файлы | $ank[nick]";
require_once H.'sys/inc/thead.php';
title();
aut();
if ($dir['type'] == 'dir' && $dir['type_dir'] != 0) {
$dirol = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$dir[type_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
}
if (isset($dirol)) {
if ($dirol['type'] == 'only_me') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
$oki = 1;
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dirol['name']) . "</b> доступна только автору!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'friends') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '$user[id]' AND `frend` = '$ank[id]') OR (`user` = '$ank[id]' AND `frend` = '$user[id]')"), 0) != 0) {
$oki = 1;
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dirol['name']) . "</b> доступна только друзьям автора!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'pass') {
if (isset($_POST['pass']) && $_POST['pass'] == $dirol['pass'] && isset($user) || mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) != 0 && isset($user) || $ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) == 0) {
mysql_query("INSERT INTO `enter` (`id_user`, `id_object`, `type`, `cat`) values ('$user[id]', '$dirol[id]', 'dostyp', 'file')");
}
$oki = 1;
} elseif ((!isset($_POST['pass']) || isset($_POST['pass']) && $_POST['pass'] != $dirol['pass']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$dirol[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) == 0 && $user['id'] != $ank['id']) {
echo "<div class='errs'>";
if (isset($_POST['pass']) && $_POST['pass'] != $dirol['pass']) {
echo "Пароль неправильный<br/>";
}
echo "Доступ к папке <b>" . htmlspecialchars($dirol['name']) . "</b> запрещен пользователем!<br> Чтобы пройти в папку пользователя, введите пароль:";
echo "<form action='' method="post"> <input type="text" name="pass" /><input type="submit" name="go" /></div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dirol['type'] == 'list') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) != 0) {
$oki = 1;
} else {
echo "<div class='errs'>";
echo "Доступ к папке <b>" . htmlspecialchars($dirol['name']) . "</b> закрыт!</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
}
}
/* разделяем путь к файлу на id папок, которые ведут к файлу и выбираем папку, к которой мы не имеем доступа */
if (!isset($oki)) {
$array = explode("/", $dir['counter']);
foreach ($array as $key => $value) {
if ($value != NULL) {
$d1 = mysql_fetch_assoc(mysql_query("SELECT * FROM `files` WHERE `id` = '$value' AND `cat` = 'files' AND `type2` = 'dir'"));
if ($d1['type'] == 'only_me' && $user['id'] != $ank['id']) {
$id_dir = $d1['id'];
} elseif ($d1['type'] == 'friends' && $user['id'] != $ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '$user[id]' AND `frend` = '$ank[id]') OR (`user` = '$ank[id]' AND `frend` = '$user[id]')"), 0) == 0) {
$id_dir = $d1['id'];
} elseif ($d1['type'] == 'pass' && (mysql_result(mysql_query("SELECT COUNT(*) FROM `enter` WHERE `id_user` = '$user[id]' AND `id_object` = '$d2[id]' AND `type` = 'dostyp' AND `cat` = 'file' LIMIT 1"), 0) == 0 && $user['id'] != $ank['id'] || !isset($user))) {
$id_dir = $d1['id'];
}
if ($d1['type'] == 'list' && $user['id'] != $ank['id'] && mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) == 0) {
$id_dir = $d1['id'];
}
}
}
if ($dir['type'] == 'only_me') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dir['name']) . "</b> доступна только автору!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dir['type'] == 'friends') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$ank[id]') OR (`user` = '$ank[id]' AND `friends` = '$user[id]')"), 0) != 0) {
} else {
echo "<div class = 'errs'>";
echo "Папка <b>" . htmlspecialchars($dir['name']) . "</b> доступна только друзьям автора!";
echo "</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dir['type'] == 'pass') {
if (isset($_POST['pass']) && $_POST['pass'] == $dir['pass'] && isset($user) || $ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) {
} elseif ((!isset($_POST['pass']) || isset($_POST['pass']) && $_POST['pass'] != $dir['pass']) && $user['id'] != $ank['id']) {
if (isset($_POST['pass']) && $_POST['pass'] != $dir['pass']) {
echo "<div class = 'errs'>Пароль неправильный</div>";
}
echo "<div class = 'errs'>Доступ к папке <b>" . htmlspecialchars($dir['name']) . "</b> запрещен пользователем!<br /> Чтобы пройти в папку пользователя, введите пароль:</div>";
echo "<form action = '' method = "post" class = 'razd'>";
echo "Введите пароль<br />";
echo "<input type = "text" name = "pass" /><br />";
echo "<input type = "submit" name="go" /></form>";
require_once H.'sys/inc/tfoot.php';
exit;
}
} elseif ($dir['type'] == 'list') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7 || @mysql_result(mysql_query("SELECT COUNT(*) FROM `dl` WHERE `id_user` = '$ank[id]' AND `id_ank` = '$user[id]'"), 0) != 0) {
} else {
echo "<div class='errs'>";
echo "Доступ к папке <b>" . htmlspecialchars($dir['name']) . "</b> закрыт!</div>";
require_once H.'sys/inc/tfoot.php';
exit;
}
}
}
$aback = "?dir=$dir2[id]&user=$ank[id]";
$nback = htmlspecialchars($dir2['name']);
echo "<div class='razd'><a href='$_SERVER[HTTP_HOST]'>$_SERVER[HTTP_HOST]</a>/<a href='/user/?id=$ank[id]'>$ank[nick]</a>/<a href='?user=$ank[id]'>Файлы</a></div>";
if (($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) && isset($_GET['delete_dir']) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
if (isset($_GET['ok'])) {
$q = mysql_query("SELECT * FROM `files` WHERE `type2` = 'file' AND `cat` = 'files' AND `counter` like '%/$dir[id]/%' AND `id_user` = '$ank[id]'");
while ($post = mysql_fetch_array($q)) {
mysql_query("DELETE FROM `files` WHERE `id` = '$post[id]'");
mysql_query("DELETE FROM `shared_zone` WHERE `id_my_file` = '$post[id]' AND `type` = 'file'");
if (is_file(H . "user/files/screens/$post[id]_big.png")) {
unlink(H . "user/files/screens/$post[id]_big.png");
}
if (is_file(H . "user/files/screens/$post[id].png")) {
unlink(H . "user/files/screens/$post[id].png");
}
if (is_file(H . "user/files/java_icons/$post[id].png")) {
unlink(H . "user/files/java_icons/$post[id].png");
}
if (is_file(H . "sys/files/$post[id].dat")) {
unlink(H . "sys/files/$post[id].dat");
}
mysql_query("DELETE FROM `files_rating` WHERE `id_file` = '$post[id]'");
mysql_query("DELETE FROM `files_komm` WHERE `id_file` = '$post[id]'");
}
mysql_query("DELETE FROM `files` WHERE `id` = '$dir[id]'");
$_SESSION['uf_dir_deleted'] = "$dir[name]";
header("Location:?user=$ank[id]&dir=$dir2[id]");
exit;
}
echo "<div class='errs'>Вы действительно хотите удалить папку и её содержимое?!<br/><a href='?user=$ank[id]&dir=$dir[id]'>Нет</a> <a href='?user=$ank[id]&dir=$dir[id]&delete_dir=1&ok'>Да</a></div>";
require_once H.'sys/inc/tfoot.php';
}
#Проверяем и выгружаем файл
if ($ank['id'] == $user['id'] && isset($user) && isset($_GET['add']) && $_GET['add'] == 'file' && isset($_FILES['file']) && $dir['sk'] == 0) {
$name = text::esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$vneti = '-sevfo_com';
$name = preg_replace('(#|?)', NULL, $name);
$ras = strtolower(preg_replace('#^.*.#i', NULL, $name));
$name = preg_replace('#.[^.]*$#i', NULL, $name); // имя файла без расширения
$size = filesize($_FILES['file']['tmp_name']);
if (isset($_POST['desc'])) {
$desc = $_POST['desc'];
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id_dir` = '$dir[id]' AND `name` = '$name' AND `ras` = '$ras' AND `id_user` = '$ank[id]'"), 0) != 0) {
$err = 'Файл с таким названием уже есть в этой папке';
}
if (!isset($err)) {
if (isset($_POST['p18']) && $_POST['p18'] == 1) {
$p18 = 1;
} else {
$p18 = 0;
}
mysql_query("INSERT INTO `files` SET `name` = '$name$vneti', `desc` = '".mysql_real_escape_string($desc)."', `time` = '$time', `time2` = '$time', `id_dir` = '$dir[id]', `counter` = '$dir[counter]$dir[id]/', `type2` = 'file', `cat` = 'files', `id_user` = '$user[id]', `ras` = '$ras', ` 18` = '$p18'");
$id_file = mysql_insert_id();
if (!@copy($_FILES['file']['tmp_name'], H . "sys/files/$id_file.dat")) {
mysql_query("DELETE FROM `files` WHERE `id` = '$id_file' LIMIT 1");
$err[] = 'Ошибка при выгрузке';
} else {
$filee = H . "sys/files/$id_file.dat";
if ($ras == 'jar') {
require_once H . "user/files/screen_creators/java.php";
} elseif ($ras == '3gp' || $ras == 'avi' || $ras == 'asf' || $ras == 'mp4' || $ras == 'mpe' || $ras == 'mpeg' || $ras == 'mpg' || $ras == 'wmv') {
require_once H . "user/files/screen_creators/videos.php";
} elseif ($ras == 'jpg' || $ras == 'jpeg' || $ras == 'gif' || $ras == 'png' || $ras == 'bmp') {
require_once H . "user/files/screen_creators/images.php";
}
/*
$q = mysql_query("SELECT * FROM `readers` WHERE `user` = '$user[id]' AND `file` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q)) {
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[reader]' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`, `type`, `id_object`, `id_object2`) values('$user[id]', '$a[id]', '$name.$ras', '$time', 'file', '$id_file', '$dir[id]')");
}
*
*/
header("Location:?file=$id_file&user=$ank[id]");
}
}
}
#Форма добавления файла
if (isset($_GET['add']) && $_GET['add'] == 'file' && $ank['id'] == $user['id'] && !isset($clad) && $dir['sk'] == 0) {
err();
if ($dir['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($dir['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($dir['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($dir['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
echo "<div class = 'razd'>Папка: <a href = '?user=$ank[id]&dir=$dir[id]'><b>" . img('' . $dir_img . '') . " " . htmlspecialchars($dir['name']) . "</b></a></div>";
echo "<form class = 'razd' method = 'post' enctype = 'multipart/form-data' action = '?user=$ank[id]&dir=$dir[id]&add=file&CK=0'>";
echo "<b>Выберите файл</b> *<br />";
echo "<input name = 'file' type = 'file'/><br />";
echo "<input type='checkbox' name='p18' value='1'/> Только для взрослых <font color='red'>(+18)</font><br/>";
echo "<b>Описание</b><br />n";
echo "<textarea name = 'desc'></textarea><br />";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon189' /> Выгрузить</span>";
echo "</button></form>";
echo "<div class = 'razd'>";
echo 'Загрузка может длиться несколько минут. Это зависит от размера файла и скорости передачи данных на вашем устройстве.';
echo '</div>';
echo "<div class = 'msg'>";
echo 'Если у вас не видно выше кнопки выбора файла, значит ваш браузер не поддерживает загрузку файлов!';
echo '</div>';
require_once H.'sys/inc/tfoot.php';
}
if (($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) && isset($_GET['edit_dir']) && isset($_POST['name']) && isset($_POST['pass']) && isset($_POST['type']) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
$type = $_POST['type'];
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id` = '$dir[type_dir]' AND `type` != 'all'"), 0) != 0 && $type == 'dir') {
$type = 'all';
}
$name = text::esc(stripcslashes(htmlspecialchars($_POST['name'])), 1);
if (text::utf8_strlen($name) < 1) {
$err = 'Короткое название';
}
if (text::utf8_strlen($name) > 50) {
$err = 'Название не должно быть длиннее 50-ти символов';
}
$name = mysql_real_escape_string($name);
$pass = $_POST['pass'];
if ($type == 'pass') {
if (text::utf8_strlen($pass) < 1) {
$err = 'Слишком короткий пароль!';
}
if (text::utf8_strlen($pass) > 32) {
$err = 'Длина пароля вревышает 32 символа';
}
} else {
$pass = NULL;
}
if (!isset($err)) {
mysql_query("UPDATE `files` SET `name` = '$name', `pass` = '$pass', `type` = '$type'" . ($type == 'dir' && $dir['type'] != $type ? "" . ($dir2['type'] == 'dir' ? ", `type_dir` = '$dir2[type_dir]'" : ", `type_dir` = '$dir2[id]'") . "" : null) . " WHERE `id` = '$dir[id]'");
if ($type == 'all' && $dir['type'] != 'all') {
mysql_query("UPDATE `files` SET `type` = 'all' WHERE `type_dir` = '$dir[id]' AND `type2` = 'dir' AND `cat` = 'files' AND `type` = 'dir'");
} elseif ($type != 'all') {
mysql_query("UPDATE `files` SET `type` = 'dir', `type_dir` = '$dir[id]' WHERE `type2` = 'dir' AND `cat` = 'files' AND (`type` = 'all' OR `type_dir` = '$dir[type_dir]' AND `type` = 'dir') AND `counter` like '%/$dir[id]/%'");
}
msg("Папка <b>" . htmlspecialchars($_POST['name']) . "</b> успешно отредактирована");
$clad = 1;
$dir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '" . intval($_GET['dir']) . "' AND `cat` = 'files' AND `type2` = 'dir'"));
}
}
if (isset($_GET['edit_dir']) && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && !isset($clad) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
err();
if ($dir['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($dir['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($dir['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($dir['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
echo "<div class = 'razd'>Папка: <a href = '?user=$ank[id]&dir=$dir[id]'><b>" . img('' . $dir_img . '') . " " . htmlspecialchars($dir['name']) . "</b></a></div>";
echo "<form class = 'razd' method = 'post' action = '?user=$ank[id]&dir=$dir[id]&edit_dir'>";
echo "<b>Название</b><br />";
echo "<input type = 'text' name = 'name' value = '" . htmlspecialchars($dir['name']) . "'" . ($dir['sk'] == 1 ? " disabled='disabled' " : null) . " /><br/>";
echo "<b>Давать доступ</b><br />";
$type_dir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$dir[type_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
if ($type_dir['type'] == 'only_me') {
$dir_text = 'только мне';
} elseif ($type_dir['type'] == 'friends') {
$dir_text = 'только друзям';
} elseif ($type_dir['type'] == 'pass') {
$dir_text = 'только по паролю';
} elseif ($type_dir['type'] == 'list') {
$dir_text = 'пользователям из <a href="/settings/?dl">списка доступа</a>';
}
echo "<label><input type='radio'" . ($dir['type'] == 'all' || $dir['type'] == 'dir' ? " checked='checked'" : NULL) . " name="type" value='" . ($dir2['type'] == 'all' ? "all" : "dir") . "' />" . ($dir2['type'] == 'all' ? "" . img('globe-small.png') . "Всем" : "" . img('globe-small.png') . "Tем же, кому и к папке <b>" . htmlspecialchars($type_dir['name']) . "</b> - $dir_text") . "</label><br />n";
echo "<label><input type="radio"" . ($dir['type'] == 'only_me' ? " checked='checked'" : NULL) . " name="type" value="only_me" />" . img('lock-small.png') . "Только мне</label><br />n";
echo "<label><input type="radio"" . ($dir['type'] == 'friends' ? " checked='checked'" : NULL) . " name="type" value="friends" />" . img('user-small.png') . "Только друзям</label><br />n";
echo "<label><input type="radio"" . ($dir['type'] == 'pass' ? " checked='checked'" : NULL) . " name="type" value="pass" />" . img('bullet_key.png') . "Только по паролю <br />";
echo "<input name='pass' size='16' maxlength='16' type='text' value='" . htmlspecialchars($dir['pass']) . "'/></label><br/>n";
echo "<label><input type="radio"" . ($dir['type'] == 'list' ? " checked='checked'" : NULL) . " name="type" value="list" />" . img('bullet_textfield.png') . "Пользователям из <a href='/settings/?dl'>списка доступа</a></label><br />n";
echo "<button name = 'ok' class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon67' /> Сохранить</span>";
echo "</button></form>";
echo "<div class = 'razd'><a href = '?user=$ank[id]&dir=$dir[id]&delete_dir' class = 'add'>" . img('del.png') . " Удалить папку</a></div>";
require_once H.'sys/inc/tfoot.php';
}
if (($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) && isset($_GET['add']) && $_GET['add'] == 'dir' && isset($_POST['name']) && isset($_POST['pass']) && isset($_POST['type']) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
$type = $_POST['type'];
$name = text::esc(stripcslashes(htmlspecialchars($_POST['name'])), 1);
if (text::utf8_strlen($name) < 1)
$err = 'Короткое название';
if (text::utf8_strlen($name) > 32)
$err = 'Название не должно быть длиннее 32-х символов';
$name = mysql_real_escape_string($name);
$pass = $_POST['pass'];
if ($type == 'pass') {
if (text::utf8_strlen($pass) < 1) {
$err = 'Слишком короткий пароль!';
}
if (text::utf8_strlen($pass) > 32) {
$err = 'Длина пароля вревышает 32 символа';
}
} else {
$pass = NULL;
}
if (!isset($err)) {
mysql_query("INSERT INTO `files` SET `name` = '$name', `pass` = '$pass', `type` = '$type', `time` = '$time', `time2` = '$time', `id_dir` = '$dir[id]', `counter` = '$dir[counter]$dir[id]/', `type2` = 'dir', `cat` = 'files', `id_user` = '$user[id]'" . ($type == 'dir' ? "" . ($dir['type'] == 'dir' ? ", `type_dir` = '$dir[type_dir]'" : ", `type_dir` = '$dir[id]'") . "" : null) . "");
msg("Папка <b>" . htmlspecialchars($_POST['name']) . "</b> успешно создана");
$clad = 1;
}
}
if (isset($_GET['add']) && $_GET['add'] == 'dir' && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && !isset($clad) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
err();
if ($dir['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($dir['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($dir['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($dir['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
echo "<div class = 'razd'>Папка: <a href = '?user=$ank[id]&dir=$dir[id]'><b>" . img('' . $dir_img . '') . " " . htmlspecialchars($dir['name']) . "</b></a></div>";
echo "<form method = 'post' action = '?user=$ank[id]&dir=$dir[id]&add=dir' class = 'razd'>";
echo "<b>Название</b><br />";
echo "<input type = 'text' name = 'name' /><br />";
echo "<b>Давать доступ</b><br />";
if ($dir['type'] == 'dir') {
$type_dir = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = '$dir[type_dir]' AND `cat` = 'files' AND `type2` = 'dir'"));
} else {
$type_dir = $dir;
}
if ($type_dir['type'] == 'only_me') {
$dir_text = 'только мне';
} elseif ($type_dir['type'] == 'friends') {
$dir_text = 'только друзям';
} elseif ($type_dir['type'] == 'pass') {
$dir_text = 'только по паролю';
} elseif ($type_dir['type'] == 'list') {
$dir_text = 'пользователям из <a href="/settings/?dl">списка доступа</a>';
}
echo "<label><input type='radio'" . (isset($_POST['type']) && ($_POST['type'] == 'all' || $_POST['type'] == 'dir') || !isset($_POST['type']) ? " checked='checked'" : null) . " name="type" value='" . ($dir['type'] == 'all' ? "all" : "dir") . "' /> " . ($dir['type'] == 'all' ? "" . img('globe-small.png') . "Всем" : "" . img('globe-small.png') . "Tем же, как и к папке <b>" . htmlspecialchars($type_dir['name']) . "</b> - $dir_text") . "</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'only_me' ? " checked='checked'" : NULL) . " name="type" value="only_me" />" . img('lock-small.png') . "Только мне</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'friends' ? " checked='checked'" : NULL) . " name="type" value="friends" />" . img('user-small.png') . "Только друзям</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'pass' ? " checked='checked'" : NULL) . " name="type" value="pass" />" . img('bullet_key.png') . "Только по паролю <br />";
echo "<input name='pass' size='16' maxlength='16' type='text' value='" . (isset($_POST['pass']) ? htmlspecialchars($_POST['pass']) : null) . "'/></label><br/>n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'list' ? " checked='checked'" : NULL) . " name="type" value="list" />" . img('bullet_textfield.png') . "Пользователям из <a href='/settings/?dl'>списка доступа</a></label><br />n";
echo "<button name = 'ok' class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Добавить</span>";
echo "</button></form>";
require_once H.'sys/inc/tfoot.php';
}
$set['title'] = "Файлы | $ank[nick]";
require_once H.'sys/inc/thead.php';
if (isset($_SESSION['uf_dir_deleted'])) {
msg("Папка <b>" . htmlspecialchars($_SESSION['uf_dir_deleted']) . "</b> успешно удалена");
unset($_SESSION['uf_dir_deleted']);
}
if ($dir['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($dir['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($dir['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($dir['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `cat` = 'files' AND `id_user` = '$ank[id]' AND `id_dir` = '0'" . ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7 ? null : " AND `sk` = '0'") . ""), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
if ($ank['id'] == $user['id']) {
require_once 'checkeraksmultiselectfdi.php';
}
if (isset($mrf) && $ank['id'] == $user['id']) {
echo "<div class = 'razd'>Выберите файлы и нажмите " . ($count != 0 ? "<a href = '?dir=$dir[id]&user=$ank[id]&page=$page&mok'>" : null) . "Переместить сюда" . ($count != 0 ? "</a>" : null) . "</div>";
} else {
echo "<div class = 'razd'>" . img('' . $dir_img . '') . " <b>" . htmlspecialchars($dir['name']) . "</b></div>";
}
if ($k_post == 0) {
echo "<div class = 'errs'>";
echo img('error.png') . " Нет результатов";
echo "</div>";
}
$q = mysql_query("SELECT * FROM `files` WHERE `cat` = 'files' AND `id_user` = '$ank[id]' AND `id_dir` = '$dir[id]'" . ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7 ? null : " AND `sk` = '0'") . " ORDER BY `type2` DESC, `time` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<div class = 'razd'>";
if (isset($mrf) && $post['type2'] == 'file') {
if (isset($_SESSION['rpfs'])) {
$array = explode(";", $_SESSION['rpfs']);
foreach ($array as $key => $value) {
if ($post['id'] == $value && $value != NULL) {
$ych = 1;
}
}
}
echo "<input type = 'checkbox' name = 'mrf_$post[id]' value = '1' " . (isset($ych) ? " checked = 'checked'" : null) . "/> ";
if (isset($ych)) {
unset($ych);
}
}
if ($post['sk'] == 1) {
$dir_img = 'folder_lock.png';
} elseif ($post['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($post['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($post['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($post['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
if (is_file(H . "user/files/screens/$post[id].png")) {
echo "<a href = '?file=$post[id]&user=$ank[id]'><img src = 'screens/$post[id].png'/></a><br />";
}
$count_komm = mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$post[id]'$skp"), 0);
if ($post['type2'] == 'file') {
echo "<a style = 'float:right;' class = 'add'>" . img('comment_white.png') . " <b>$count_komm</b></a>";
}
echo "<a href = '?" . ($post['type2'] == 'dir' ? "dir" : "file") . "=$post[id]&user=$ank[id]'>" . ($post['type2'] == 'dir' ? "" . img('' . $dir_img . '') . "" : "" . ($post['ras'] == 'jar' && is_file(H . "user/files/java_icons/$post[id].png") ? "<img src='java_icons/$post[id].png' height='16'/>" : "" . (is_file(H . "user/files/file_icons/$post[ras].png") ? "<img src='file_icons/$post[ras].png'/>" : "<img src='file_icons/unknown_file.png'/>") . "") . "") . " " . htmlspecialchars($post['name']) . "" . ($post['type2'] == 'file' ? "." . $post['ras'] . "" . ($post['sk'] == 1 ? " <font color='red'>(заблокирован)</font>" : null) . "" : null) . "</a>" . ($post['type2'] == 'dir' ? " (" . mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `type2` = 'file' AND `cat` = 'files' AND `counter` like '%/$post[id]/%'"), 0) . ")" : null) . "";
echo "</div>";
}
if ($k_page > 1) {
str("?dir=$dir[id]&user=$ank[id]&", $k_page, $page);
} // Вывод страниц
if ($ank['id'] == $user['id']) {
require_once 'checkeraksmultiselectfdh.php';
}
if (($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && ($dir['sk'] == 0 || $dir['sk'] == 1 && ($user['group_access'] == 4 || $user['group_access'] >= 7))) {
echo "<div class = 'razd'>" . ($ank['id'] == $user['id'] ? " <a class = 'add' href = '?user=$ank[id]&dir=$dir[id]&add=file&CK=" . rand(1000000, 9999999) . "'>" . img('plus.png') . " Добавить файл</a>" : null) . " <a class = 'add' href = '?user=$ank[id]&dir=$dir[id]&add=dir&CK=" . rand(1000000, 9999999) . "'>" . img('1.png') . " Добавить папку</a>";
echo "<br /><br /><a class = 'add' href = '?user=$ank[id]&dir=$dir[id]&edit_dir=1&CK=" . rand(1000000, 9999999) . "'>" . img('set_mini.png') . " Редактировать папку</a>";
if ($ank['id'] == $user['id']) {
echo "<a class = 'add' href = '?user=$ank[id]&dir=$dir[id]&activate_multichecker=1&CK=" . rand(1000000, 9999999) . "&page=$page'>" . img('ok.png') . " Выбрать файлы</a>";
}
echo "</div>";
}
require_once H.'sys/inc/tfoot.php';
}
##############################################################################
if (isset($_GET['user']) && $_GET['user'] != NULL) {
$ank = user::get_user(intval($_GET['user']));
} else {
$ank = user::get_user($user['id']);
}
if (!$ank || $ank['id'] == 0) {
$set['title'] = "Файлы | Ошибка";
require_once H.'sys/inc/thead.php';
title();
aut();
echo "<div class = 'errs'>Пользователь не найден!</div>";
require_once H.'sys/inc/tfoot.php';
}
$set['title'] = "Файлы | $ank[nick]";
require_once H.'sys/inc/thead.php';
title();
aut();
$aback = "/info.php?id=$ank[id]";
$nback = "$ank[nick]";
if ($ank['id'] == $user['id'] && isset($user) && isset($_GET['add']) && $_GET['add'] == 'file' && isset($_FILES['file'])) {
$name = text::esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$vneti = '-sevfo_com';
$name = preg_replace('#(#|?)#', NULL, $name);
$ras = strtolower(preg_replace('#^.*.#i', NULL, $name));
$name = preg_replace('#.[^.]*$#i', NULL, $name); // имя файла без расширения
$size = filesize($_FILES['file']['tmp_name']);
if (isset($_POST['desc'])) {
$desc = $_POST['desc'];
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `id_dir` = '0' AND `name` = '$name' AND `ras` = '$ras' AND `id_user` = '$ank[id]'"), 0) != 0) {
$err = 'Файл с таким названием уже есть в этой папке';
}
if (!isset($err)) {
if (isset($_POST['p18']) && $_POST['p18'] == 1) {
$p18 = 1;
} else {
$p18 = 0;
}
mysql_query("INSERT INTO `files` SET `name` = '$name$vneti', `desc` = '".mysql_real_escape_string($desc)."', `time` = '$time', `time2` = '$time', `id_dir` = '0', `counter` = '/0/', `type2` = 'file', `cat` = 'files', `id_user` = '$user[id]', `ras` = '$ras', ` 18` = '$p18'");
$id_file = mysql_insert_id();
if (!@copy($_FILES['file']['tmp_name'], H . "sys/files/$id_file.dat")) {
mysql_query("DELETE FROM `files` WHERE `id` = '$id_file' LIMIT 1");
$err[] = 'Ошибка при выгрузке';
} else {
$filee = H . "sys/files/$id_file.dat";
if ($ras == 'jar') {
require_once H . "user/files/screen_creators/java.php";
} elseif ($ras == 'jpg' || $ras == 'jpeg' || $ras == 'gif' || $ras == 'png' || $ras == 'bmp') {
require_once H . "user/files/screen_creators/images.php";
} elseif ($ras == '3gp' || $ras == 'avi' || $ras == 'asf' || $ras == 'mp4' || $ras == 'mpe' || $ras == 'mpeg' || $ras == 'mpg' || $ras == 'wmv') {
require_once H . "user/files/screen_creators/videos.php";
}
$q = mysql_query("SELECT * FROM `readers` WHERE `user` = '$user[id]' AND `file` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q)) {
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[reader]' LIMIT 1"));
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`, `type`, `id_object`, `id_object2`) values('$user[id]', '$a[id]', '$name.$ras', '$time', 'file', '$id_file', '$dir[id]')");
}
header("Location:?file=$id_file&user=$ank[id]");
}
}
}
if (isset($_GET['add']) && $_GET['add'] == 'file' && $ank['id'] == $user['id'] && !isset($clad)) {
err();
echo "<form class = 'razd' method = 'post' enctype = 'multipart/form-data' action = '?user=$ank[id]&add=file&CK=0'>";
echo "<b>Выберите файл</b> *<br />";
echo "<input name = 'file' type = 'file'/><br />";
echo "<input type='checkbox' name='p18' value='1'/> Только для взрослых <font color='red'>(+18)</font><br/>";
echo "<b>Описание</b><br />n";
echo "<textarea name = 'desc'></textarea><br />";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon189' /> Выгрузить</span>";
echo "</button></form>";
echo "<div class = 'razd'>";
echo 'Загрузка может длиться несколько минут. Это зависит от размера файла и скорости передачи данных на вашем устройстве.';
echo '</div>';
echo "<div class = 'msg'>";
echo 'Если у вас не видно выше кнопки выбора файла, значит ваш браузер не поддерживает загрузку файлов!';
echo '</div>';
require_once H.'sys/inc/tfoot.php';
}
if (($ank['id'] == $user['id'] && isset($user) || $user['group_access'] == 4 || $user['group_access'] >= 7) && isset($_GET['add']) && $_GET['add'] == 'dir' && isset($_POST['name']) && isset($_POST['pass']) && isset($_POST['type'])) {
$type = $_POST['type'];
$name = text::esc(stripcslashes(htmlspecialchars($_POST['name'])), 1);
if (text::utf8_strlen($name) < 1) {
$err = 'Короткое название';
}
if (text::utf8_strlen($name) > 32) {
$err = 'Название не должно быть длиннее 32-х символов';
}
$name = mysql_real_escape_string($name);
$pass = $_POST['pass'];
if ($type == 'pass') {
if (text::utf8_strlen($pass) < 1) {
$err = 'Слишком короткий пароль!';
}
if (text::utf8_strlen($pass) > 32) {
$err = 'Длина пароля вревышает 32 символа';
}
} else {
$pass = NULL;
}
if (!isset($err)) {
mysql_query("INSERT INTO `files` SET `name` = '$name', `pass` = '$pass', `type` = '$type', `time` = '$time', `time2` = '$time', `id_dir` = '0', `counter` = '/0/', `type2` = 'dir', `cat` = 'files', `id_user` = '$user[id]'");
$_SESSION['dir_act_add'] = "$post[name]";
header("Location:?user=$ank[id]&dir=$dir2[id]");
$clad = 1;
}
}
#Добавляем папку
if (isset($_GET['add']) && $_GET['add'] == 'dir' && ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) && !isset($clad)) {
err();
echo "<form method = 'post' action = '?user=$ank[id]&add=dir&CK=0' class = 'razd'>";
echo "<b>Название</b><br />";
echo "<input type = 'text' name = 'name' /><br />";
echo "<b>Давать доступ</b><br />";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'all' || !isset($_POST['type']) ? " checked='checked'" : NULL) . " name="type" value="all" />" . img('globe-small.png') . "Всем</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'only_me' ? " checked='checked'" : NULL) . " name="type" value="only_me" />" . img('lock-small.png') . "Только мне</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'friends' ? " checked='checked'" : NULL) . " name="type" value="friends" />" . img('user-small.png') . "Только друзям</label><br />n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'pass' ? " checked='checked'" : NULL) . " name="type" value="pass" />" . img('bullet_key.png') . "Только по паролю <br />";
echo "<input name='pass' size='16' maxlength='16' type='text' value='" . (isset($_POST['pass']) ? htmlspecialchars($_POST['pass']) : null) . "'/></label><br/>n";
echo "<label><input type="radio"" . (isset($_POST['type']) && $_POST['type'] == 'list' ? " checked='checked'" : NULL) . " name="type" value="list" />" . img('bullet_textfield.png') . "Пользователям из <a href='/settings/?dl'>списка доступа</a></label><br />n";
echo "<button name = 'ok' class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Добавить</span>";
echo "</button></form>";
require_once H.'sys/inc/tfoot.php';
}
#Если папка создана
if (isset($_SESSION['dir_act_add'])) {
msg("Папка <b>" . htmlspecialchars($_SESSION['dir_act_add']) . "</b> успешно создана");
unset($_SESSION['dir_act_add']);
}
#Если папка удалена
if (isset($_SESSION['uf_dir_deleted'])) {
msg("Папка <b>" . htmlspecialchars($_SESSION['uf_dir_deleted']) . "</b> успешно удалена");
unset($_SESSION['uf_dir_deleted']);
}
$dir['id'] = 0;
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `cat` = 'files' AND `id_user` = '$ank[id]' AND `id_dir` = '0'" . ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7 ? null : " AND `sk` = '0'") . ""), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
if ($ank['id'] == $user['id']) {
require_once 'checkeraksmultiselectfdi.php';
}
if (isset($mrf) && $ank['id'] == $user['id']) {
echo "<div class = 'razd'>Выберите файлы и нажмите " . ($count != 0 ? "<a href = '?dir=$dir[id]&user=$ank[id]&page=$page&mok'>" : null) . "Переместить сюда" . ($count != 0 ? "</a>" : null) . "</div>";
} else {
}
if ($k_post == 0) {
echo "<div class = 'errs'>";
echo img('error.png') . " Нет результатов";
echo "</div>";
}
$q = mysql_query("SELECT * FROM `files` WHERE `cat` = 'files' AND `id_user` = '$ank[id]' AND `id_dir` = '0'" . ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7 ? null : " AND `sk` = '0'") . " ORDER BY `type2` DESC, `time` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
echo "<div class = 'razd'>";
if (isset($mrf) && $post['type2'] == 'file') {
if (isset($_SESSION['rpfs'])) {
$array = explode(";", $_SESSION['rpfs']);
foreach ($array as $key => $value) {
if ($post['id'] == $value && $value != NULL) {
$ych = 1;
}
}
}
echo "<input type = 'checkbox' name = 'mrf_$post[id]' value = '1' " . (isset($ych) ? " checked = 'checked'" : null) . "/> ";
if (isset($ych)) {
unset($ych);
}
}
if ($post['sk'] == 1) {
$dir_img = 'folder_lock.png';
} elseif ($post['type'] == 'only_me') {
$dir_img = 'folder_lock.png';
} elseif ($post['type'] == 'friends') {
$dir_img = 'folder_user.png';
} elseif ($post['type'] == 'pass') {
$dir_img = 'folder_key.png';
} elseif ($post['type'] == 'list') {
$dir_img = 'folder_database.png';
} else {
$dir_img = 'folder.png';
}
if (is_file(H . "sys/files/screens/$post[id].png")) {
echo "<a href = '?file=$post[id]&user=$ank[id]'><img src='/sys/files/screens/$post[id].png'/></a><br />";
}
echo "<a href = '?" . ($post['type2'] == 'dir' ? "dir" : "file") . "=$post[id]&user=$ank[id]'>" . ($post['type2'] == 'dir' ? "" . img('' . $dir_img . '') . "" : "" . ($post['ras'] == 'jar' && is_file(H . "user/files/java_icons/$post[id].png") ? "<img src='java_icons/$post[id].png' height='16'/>" : "" . (is_file(H . "user/files/file_icons/$post[ras].png") ? "<img src='file_icons/$post[ras].png'/>" : "<img src='file_icons/unknown_file.png'/>") . "") . "") . " " . htmlspecialchars($post['name']) . "" . ($post['type2'] == 'file' ? "." . $post['ras'] . "" . ($post['sk'] == 1 ? " <font color='red'>(заблокирован)</font>" : null) . "" : null) . "</a>" . ($post['type2'] == 'dir' ? " (" . mysql_result(mysql_query("SELECT COUNT(*) FROM `files` WHERE `type2` = 'file' AND `cat` = 'files' AND `counter` like '%/$post[id]/%'"), 0) . ")" : null) . "";
$count_komm = mysql_result(mysql_query("SELECT COUNT(*) FROM `files_komm` WHERE `id_file` = '$post[id]'$skp"), 0);
if ($post['type2'] == 'file') {
echo "<br/> $post[dl] " . img('comment_white.png') . " $count_komm";
}
echo "</div>n";
}
if ($k_page > 1) {
str("?user=$ank[id]&", $k_page, $page);
} // Вывод страниц
if ($ank['id'] == $user['id']) {
require_once 'checkeraksmultiselectfdh.php';
}
if ($ank['id'] == $user['id'] || $user['group_access'] == 4 || $user['group_access'] >= 7) {
echo "<div class = 'razd'>";
echo "" . ($ank['id'] == $user['id'] ? " <a class = 'count' href = '?user=$ank[id]&add=file&CK=" . rand(1000000, 9999999) . "'>" . img('pus.png') . " Добавить файл</a>" : null) . " <a class = 'add' href = '?user=$ank[id]&add=dir&CK=" . rand(1000000, 9999999) . "'>" . img('plus.png') . " Добавить папку</a>";
if ($ank['id'] == $user['id']) {
echo "<br /><br /><a class = 'count' href = '?user=$ank[id]&activate_multichecker=1&CK=" . rand(1000000, 9999999) . "'>" . img('ok.png') . " Выбрать файлы</a>";
}
echo "</div>";
}
require_once H.'sys/inc/tfoot.php';