Файл: modules/share/edit_file.php
Строк: 38
<?php
$locate = 'in_share';
$edit_topic = $db->query("SELECT * FROM `share_files` WHERE `id` = '". abs(intval($_GET['id'])) ."'")->fetch();
if($user['id'] == $edit_topic['user_id'] or $user['level'] >= 4)
{
if (isset($user)) {
if(isset($_GET['id'])) {
if($db->query("SELECT * FROM `share_files` WHERE `id` = '". abs(intval($_GET['id'])) ."'")->rowCount() == 0) {
go('/share/');
}
if(isset($_POST['edit']) && $_GET['act'] == 'edit') {
$name = substr(input($_POST['name']), 0, 90);
$text = substr(input($_POST['text']), 0, 10000);
$db->query("UPDATE `share_files` SET `name` = '".$name."', `text` = '". $text ."' WHERE `id` = '". abs(intval($_GET['id'])) ."'");
go('/share/file/'. abs(intval(abs(intval($_GET['id'])))));
// print_r($db->errorInfo());
}
$title = $lang->word('edit');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('edit'));
echo '<form action="/share/edit_file/'. abs(intval($_GET['id'])) .'/?act=edit" method="post">
<div class="menu">
<b>'. $lang->word('form_album_name') .'</b>:<br/>
<input name="name" type="text" value="'. $edit_topic['name'] .'" /><br/>
<b>'. $lang->word('about') .'</b>:<br/>
<textarea name="text" rows="5" cols="26">'. $edit_topic['text'] .'</textarea><br/>
<input name="edit" type="submit" value="'. $lang->word('edit') .'" /><br/>
</div>
</form>';
$tpl->div('block', img('share.png') .'<a href="/share/">'. $lang->word('share') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
} else { go('/'); }
} else { go('/'); }
} else {
header('location: /');
exit;
}
?>