Файл: photo.php
Строк: 70
<?php
require 'sys/sid.php';
require 'sys/config.php';
include 'sys/user.php';
include 'sys/head.php';
visit(0, 'info');
$q = (isset($_GET['q'])) ? $_GET['q'] : NULL;
switch($q)
{
default:
$nick = trim(mysql_real_escape_string(char($_GET['nick'], 0)));
$ctrl = mysql_query("SELECT * FROM users WHERE nick = '$nick' LIMIT 1");
if (mysql_num_rows($ctrl) == false)
{
err('Игрок не найден!');
include 'sys/foot.php';
exit();
}
$f = mysql_fetch_assoc($ctrl);
if (isset($_GET['like']))
{
$like = number($_GET['like']);
$t = mysql_query("SELECT id FROM likes WHERE player = '$user[id]' AND uid = '$like' LIMIT 1");
if (mysql_num_rows($t) == false)
{
mysql_query("INSERT INTO likes SET uid = '$like', player = '$user[id]'");
}
else
{
mysql_query("DELETE FROM likes WHERE uid = '$like' AND player = '$user[id]' LIMIT 1");
}
header('location: photo_' . $nick);
}
if (isset($_GET['x']))
{
$x = number($_GET['x']);
$control = mysql_query("SELECT path FROM photo WHERE id = '$x' AND player = '$user[id]' LIMIT 1");
if (mysql_num_rows($control) == false)
{
err('Фотография не найдена!');
}
else
{
$iz = mysql_fetch_assoc($control);
if ($iz['path'] == $user['avatar'])
{
mysql_query("UPDATE users SET avatar = '' WHERE id = '$user[id]' LIMIT 1");
}
if (file_exists($iz['path'])) unlink($iz['path']);
mysql_query("DELETE FROM likes WHERE uid = '$x' AND player = '$user[id]'");
mysql_query("DELETE FROM photo WHERE id = '$x' AND player = '$user[id]' LIMIT 1");
header('location: photo_' . $nick);
}
}
if (isset($_GET['install']))
{
$install = number($_GET['install']);
$control = mysql_query("SELECT path FROM photo WHERE id = '$install' AND player = '$user[id]' LIMIT 1");
if (mysql_num_rows($control) == false)
{
err('Фотография не найдена!');
}
else
{
$iz = mysql_fetch_assoc($control);
mysql_query("UPDATE users SET avatar = '$iz[path]' WHERE id = '$user[id]' LIMIT 1");
header('location: userinfo_' . $nick);
}
}
$num = mysql_query("SELECT photo .*, (SELECT COUNT(*) FROM likes WHERE photo.id = likes.uid) AS c FROM photo WHERE player = '$f[id]' ORDER BY id DESC");
if ($f['id'] == $user['id'])
{
echo '<a href="addphoto"><u>Добавить фотографии</u></a><br/><br/>';
}
if (mysql_num_rows($num) == false)
{
echo 'Фотографии не загружены.<br/>';
}
else
{
while($a = mysql_fetch_assoc($num))
{
echo '<a href="'.$a['path'].'"><img src="resize.php?img='.$a['path'].'&width=150&height=0" alt="'.$a['name'].'"/></a> ';
if ($f['id'] == $user['id'])
{
echo '<img src="images/hp.png" alt=""/> Нравится ' . $a['c'] . ' чел.<br/>
<a href="xphoto'.$a['id'].'_'.$nick.'">Удалить</a> |
<a href="installphoto'.$a['id'].'_'.$nick.'">Установить аватаром</a><br/>';
}
else
{
echo '<img src="images/hp.png" alt=""/> <a href="like'.$a['id'].'_'.$nick.'">Нравится</a> ' . $a['c'] . ' чел.<br/>';
}
}
}
break;
case add:
$col = mysql_result(mysql_query("SELECT COUNT(*) FROM photo WHERE player = '$user[id]'"), 0);
if (isset($_POST['upload']))
{
$fnames = $_FILES['file']['name'];
$ext = pathinfo(mb_strtolower($fnames, 'UTF-8'), PATHINFO_EXTENSION);
$par = @getimagesize($_FILES['file']['tmp_name']);
if (empty($fnames))
{
err('Не выбрана фотография!');
}
elseif ((10 - $col) == false)
{
err('Нет свободного места для фотографий!');
}
elseif (preg_match('/(.php|.pl|.htaccess)/i', $fnames) || $ext != 'jpg' || !isset($par[0]))
{
err('Формат файла не является JPG!');
}
elseif ($_FILES['file']['size'] > 1024 * 300)
{
err('Размер файла превышает 300 Кбайт!');
}
else
{
$foto = 'photo/file' . date('YmdHis') . mt_rand(100, 1000) . '.' . $ext;
move_uploaded_file($_FILES['file']['tmp_name'], $foto);
mysql_query("INSERT INTO photo SET player = '$user[id]', path = '$foto'");
header('location: photo_' . $user['nick']);
}
}
echo '<form enctype="multipart/form-data" method="post" action="addphoto">
JPG фото, не более 300 Кбайт
<br/>
Осталось места: под ' . (10 - $col) . ' фотографий
<br/>
<input name="file" type="file" accept="image/jpeg"/>
<br/>
<input type="submit" name="upload" value="Загрузить"/>
</form>';
break;
}
echo '<br/>
<a href="userinfo_'.$nick.'">Вернуться</a><br/>
<a href="index.php">На главную</a>';
include 'sys/foot.php';