Файл: photo.php
Строк: 1006
<?php
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'photo');
include 'head.php';
include 'navigator.php';
$do = (isset($_GET['do'])) ? $_GET['do'] : NULL;
switch($do) {
default:
echo $div_title . 'Альбомы' . $div_end . $div_left . $div_menu . '
<b>Альбомы</b> |
<a href="photo.php?do=add">Создать</a> |
<a href="photo.php?do=upload">Добавить фотографию</a>
' . $div_end;
if (isset($_GET['edit'])) msg('Альбом изменен!');
if (isset($_GET['delete'])) msg('Альбом и фотографии в нем удалены!');
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'"), 0);
if ($count != FALSE) {
$n = new navigator($user['onp_albums'], 10, '?');
$result = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
$i = 0;
while($a = mysql_fetch_assoc($result)) {
$num = mysql_result(mysql_query("SELECT COUNT(*) FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$a[id]'"), 0);
if (empty($a['parol'])) {
$folder = '<img src="ico/files.gif" alt=""/> ';
} if ($a['friend_looks'] == 0) {
$folder = '<img src="ico/files.gif" alt=""/> ';
} if (!empty($a['parol'])) {
$folder = '<img src="ico/lock.gif" alt=""/> ';
} if ($a['friend_looks'] == 1) {
$folder = '<img src="ico/lock.gif" alt=""/> ';
}
$in_al = mysql_fetch_array(mysql_query("SELECT `cover`, `rotate`, `path`, `block` FROM `albums` WHERE `cover` = '1' AND `type` = 'f' AND `cat` = '$a[id]' LIMIT 1"));
if (!empty($in_al[0])) {
echo ($in_al[3] == 1) ? '<img src="ico/block_photo.gif" alt=""/><br/>'
: '<img src="resize.php?img='.$in_al[2].'&width='.$user['onp_prevs'].'&height=0&i='.$in_al[1].'" alt=""/><br/>';
}
$e = '<a href="photo.php?do=ea&a='.$a['id'].'"><img src="ico/edit.gif" alt=""/></a> ';
$d = '<a href="photo.php?do=da&a='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a>';
$last = (!empty($a['last'])) ? '<br/>Обновлен: ' . $a['last'] : '';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $folder . '<a href="photo.php?do=album&album='.$a['id'].'">' . $a['name'] . '</a> (' . $num . ') ' . $e . $d . ' <br/>Создан: ' . $a['date'] . $last . $div_end;
}
echo $n->navi();
} else {
echo 'Альбомы еще не созданы!<br/>';
}
echo $div_end;
break;
case ea:
echo $div_title . 'Альбомы' . $div_end . $div_left . $div_menu . '
<a href="photo.php?'.$ref.'">Альбомы</a>' . $div_end;
$a = my_int($_GET['a']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$a' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$in = mysql_fetch_assoc($sql);
if ($in['friend_looks'] == 1) $f_1 = 'checked="checked"';
else $f_2 = 'checked="checked"';
if ($in['friend_comm'] == 1) $k_1 = 'checked="checked"';
else $k_2 = 'checked="checked"';
$p = ($in['parol'] != 0) ? $in['parol'] : '';
echo '<FORM method="POST" action="photo.php?do=ea">
Название:<br/>
<input type="text" name="name" value="' . $in['name'] . '"/>
<br/>
Пароль: (только цыфры)<br/>
<input type="text" name="parol" value="' . $p . '"/>
<br/>
Могут смотреть
<br/>
<input type="radio" name="friend_looks" ' . $f_2 . ' value="0"/> Все
<input type="radio" name="friend_looks" ' . $f_1 . ' value="1"/> Только друзья
' . $block . '
Комментировать могут
<br/>
<input type="radio" name="friend_comm" ' . $k_2 . ' value="0"/> Все
<input type="radio" name="friend_comm" ' . $k_1 . ' value="1"/> Только друзья
' . $block . '
<input type="hidden" name="a" value="'.$a.'"/>
<input type="submit" name="save" value="Сохранить"/>
</FORM>';
}
if (isset($_POST['save'])) {
$a = my_int($_POST['a']);
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$parol = my_int($_POST['parol']);
$friend_looks = my_int($_POST['friend_looks']);
$friend_comm = my_int($_POST['friend_comm']);
if (empty($name)) {
err('Не заполнено имя альбома!');
} else {
mysql_query("UPDATE `albums` SET
`name` = '$name',
`parol` = '$parol',
`friend_looks` = '$friend_looks',
`friend_comm` = '$friend_comm'
WHERE `user` = '$user[id]' AND `type` = 'a' AND `id` = '$a' LIMIT 1");
header('Location: photo.php?edit');
}
}
echo $div_end;
break;
case da:
$a = my_int($_GET['a']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$a' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$name = mysql_fetch_assoc($sql);
echo $div_title . 'Удалить альбом' . $div_end . $div_razdel . '
Вы действительно желаете удалить альбом <b>' . $name['name'] . '</b>?<br/>
<span class = "next"><img src = "ico/ok.gif" alt = ""/> <a href = "photo.php?do=da_ok&al='.$a.'">Да</a></span>
<span class = "next"><img src = "ico/delete.gif" alt = ""/> <a href = "photo.php?'.$ref.'">Нет</a></span>
' . $div_end . $div_left . '
<a href = "photo.php?'.$ref.'">Назад</a>' . $div_end;
}
break;
case da_ok:
$al = my_int($_GET['al']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$al' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$_sql = mysql_query("SELECT `id`, `path` FROM `albums` WHERE `cat` = '$al' AND `user` = '$user[id]' AND `type` = 'f'");
while($a = mysql_fetch_assoc($_sql)) {
// удаляем аватар если это он
if ($a['path'] == $user['img']) {
mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$user[id]' LIMIT 1");
}
// удаляем фотки с папки
if (file_exists($a['path'])) unlink($a['path']);
}
// удаляем комментарии
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$al'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$al'");
// удаляем фотки с базы
mysql_query("DELETE FROM `albums` WHERE `cat` = '$al' AND `user` = '$user[id]' AND `type` = 'f'");
// удаляем альбом
mysql_query("DELETE FROM `albums` WHERE `id` = '$al' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
}
header('Location: photo.php?delete');
break;
case add:
echo $div_title . 'Альбомы' . $div_end . $div_left . $div_menu . '
<a href="photo.php?'.$ref.'">Альбомы</a> |
<b>Создать</b> |
<a href="photo.php?do=upload">Добавить фотографию</a>
' . $div_end;
if (isset($_POST['ok'])) {
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$looks = my_int($_POST['looks']);
$comm = my_int($_POST['comm']);
if (empty($name)) {
err('Пустое название альбома!');
} elseif (!empty($_POST['passw']) && !ctype_digit($_POST['passw'])) {
err('Пароль нужно вводить цифрами!');
} else {
$passw = my_int($_POST['passw']);
mysql_query("INSERT INTO `albums` SET
`name` = '$name',
`parol` = '$passw',
`friend_looks` = '$looks',
`friend_comm` = '$comm',
`user` = '$user[id]',
`type` = 'a',
`date` = '" . date('d.m.y в H:i') . "'");
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_photos') == 1 && $user['fr_lenta_photos'] == 1 && $send['who'] != $user['id']) {
$lid = mysql_insert_id();
$message = us($user['id']) . ' создал новый <a href="photo.php?do=u_album&nk='.$user['id'].'&i='.$lid.'">альбом</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
header('Location: photo.php?' . $ref);
}
}
echo '<FORM method="POST" action="photo.php?do=add">
<fieldset>
Название альбома:<br/>
<input type="text" name="name"/>
<br/>
Пароль: (можна оставить пустым)<br/>
<input type="password" name="passw"/>
<br/>
Могут смотреть
<br/>
<input type="radio" name="looks" checked="checked" value="0"/> Все
<input type="radio" name="looks" value="1"/> Только друзья
' . $block . '
Комментировать могут
<br/>
<input type="radio" name="comm" checked="checked" value="0"/> Все
<input type="radio" name="comm" value="1"/> Только друзья
' . $block . '
<input type="submit" name="ok" value="Создать"/>
</fieldset>
</FORM>';
echo $div_left;
break;
case album:
$album = my_int($_GET['album']);
$em = mysql_query("SELECT * FROM `albums` WHERE `id` = '$album' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
$_inf = mysql_fetch_assoc($em);
echo $div_title . 'Альбомы' . $div_end . $div_left . $div_menu . '
<a href="photo.php?'.$ref.'">Альбомы</a> |
<b>' . $_inf['name'] . '</b> |
<a href="photo.php?do=comments&a='.$album.'">Комментарии</a>
' . $div_end;
if (isset($_GET['cut']) || isset($_GET['edit'])) msg('Изменения успешно приняты!');
if (isset($_GET['new'])) msg('Фотография успешно загружена!');
if (mysql_num_rows($em) == FALSE) {
err('Альбома не существует!');
} else {
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM
`albums`
WHERE
`user` = '$user[id]'
AND
`type` = 'f'
AND
`cat` = '$album'"), 0);
$n = new navigator($count, $user['onp_photos'], '?do=album&album='.$album.'&');
$in = mysql_query("SELECT `albums`.*,
(SELECT COUNT(*) FROM `koms_foto` WHERE `koms_foto`.`uid` = `albums`.`id`) AS c
FROM `albums` WHERE `albums`.`user` = '$user[id]' AND `albums`.`type` = 'f' AND `albums`.`cat` = '$album' ORDER BY `albums`.`id` ASC {$n->limit}");
if ($count != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($in)) {
$blk = ($a['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$a['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$a['rotate'].'" alt=""/>';
$a['name'] = (!empty($a['name'])) ? $a['name'] : 'Без описания';
$d = ' <a href="photo.php?do=delete&x='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a>';
$e = ' <a href="photo.php?do=edit&x='.$a['id'].'"><img src="ico/edit.gif" alt=""/></a>';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="photo.php?do=photo&a='.$album.'&p='.$a['id'].'">
' . $blk . '</a><br/>' . $a['name'] . $e . $d . '<br/>
<a href="photo.php?do=photo&a='.$album.'&p='.$a['id'].'">Комментарии (' . $a['c'] . ')</a>' .$div_end;
}
echo $n->navi();
} else {
echo 'Фотографии еще не загружены!<br/>';
}
}
echo $div_end . '<a href="photo.php?'.$ref.'">« Альбомы</a>';
break;
case delete:
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
if (mysql_num_rows($sql) != FALSE) {
$info = mysql_fetch_assoc($sql);
// удаляем аватар если это он
if ($info['path'] == $user['img']) mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$user[id]' LIMIT 1");
// удаляем фото
if (file_exists($info['path'])) unlink($info['path']);
// удаляем коммы
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$info[id]'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$info[id]'");
// удаляем фото с базы
mysql_query("DELETE FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: photo.php?do=album&album=' . $info['cat']);
} else {
err('Данной фотографии не существует!');
}
break;
case edit:
echo $div_title . 'Редактирование' . $div_end . $div_left;
$x = my_int($_REQUEST['x']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
$info = mysql_fetch_assoc($sql);
echo $div_menu . '<a href="photo.php?'.$ref.'">Альбомы</a> |
<b>' . $info['name'] . '</b> |
<a href="photo.php?do=upload">Добавить фотографию</a>' . $div_end;
if (isset($_POST['ok'])) {
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$alb = my_int($_POST['alb']);
$sex = my_int($_POST['sex']);
$cover = my_int($_POST['cover']);
if ($cover == 1) {
mysql_query("UPDATE `albums` SET `cover` = '' WHERE `user` = '$user[id]' AND `type` = 'f'");
}
// перемещение фотки
if ($info['cat'] != $alb) {
mysql_query("INSERT INTO `albums` SET
`user` = '$user[id]',
`name` = '$name',
`path` = '$info[path]',
`type` = 'f',
`cat` = '$alb',
`rotate` = '$info[rotate]',
`date` = '$info[date]',
`sex` = '$sex',
`cover` = '$cover'");
mysql_query("DELETE FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: photo.php?do=album&album='.$alb.'&cut');
} else {
// редактирование фотки
mysql_query("UPDATE `albums` SET `name` = '$name', `sex` = '$sex', `cover` = '$cover' WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: photo.php?do=album&album='.$info['cat'].'&edit');
}
}
if (isset($_GET['rotate'])) {
$rotate = my_int($_GET['rotate']);
if ($rotate == 1 || $rotate == 2) {
if ($rotate == 1) $gr = 90;
elseif ($rotate == 2) $gr = -90;
mysql_query("UPDATE `albums` SET `rotate` = `rotate` + '$gr' WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: photo.php?do=edit&x=' . $x);
} else {
header('Location: photo.php?do=edit&x=' . $x);
}
}
$_sex = ($info['sex'] == 1) ? 'checked="checked"' : '';
$_cover = ($info['cover'] == 1) ? 'checked="checked"' : '';
if (mysql_num_rows($sql) != FALSE) {
$blk = ($info['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$info['path'].'&width=96&height=0&i='.$info['rotate'].'" alt=""/>';
echo $div_tworazdel . '<a href="photo.php?do=edit&rotate=1&x='.$x.'">
<img src="ico/rotate_left.gif" alt=""/></a>
<a href="photo.php?do=edit&rotate=2&x='.$x.'">
<img src="ico/rotate_right.gif" alt=""/></a>
' . $div_end . $blk . '
<br/>
Добавлена: ' . $info['date'] . '
<FORM method="POST" action="photo.php?do=edit">
<label>Описание:</label><br/>
<textarea name="name" cols="50" rows="5" style="width: 99%;">' . $info['name'] . '</textarea>
<br/>
<input type="checkbox" name="sex" ' . $_sex . ' value="1"/> 18+
<br/>
<input type="checkbox" name="cover" ' . $_cover . ' value="1"/> Обложка альбома
<br/>
<label>Переместить в альбом:</label><br/>
<select name="alb">';
$from = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
while($a = mysql_fetch_assoc($from)) {
echo '<option value="' . $a['id'] . '">' . $a['name'] . '</option>';
}
echo '</select>
<input type="hidden" name="x" value="' . $x . '"/>
<br/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
} else {
err('Данной фотографии не существует!');
}
echo $div_end . '<a href="photo.php?'.$ref.'">Назад</a>';
break;
case comments:
echo $div_title . 'Комментарии' . $div_end . $div_left . $div_menu . '
<a href="photo.php?'.$ref.'">Альбомы</a> |
<a href="photo.php?do=load">Добавить фотографию</a> |
<b>Комментарии</b>
' . $div_end;
$a = my_int($_GET['a']);
$sQl = mysql_query("SELECT `id` FROM `albums` WHERE `type` = 'a' AND `user` = '$user[id]' AND `id` = '$a' LIMIT 1");
if (mysql_num_rows($sQl) == FALSE) {
header('Location: photo.php?' . $ref);
die();
}
$koms = mysql_result(mysql_query("SELECT COUNT(*) FROM `koms_foto` WHERE `album` = '$a' AND `komu` = '$user[id]'"), 0);
if ($koms != FALSE) {
$n = new navigator($koms, $user['onp_comments'], '?do=photo&a='.$a.'&');
$_in = mysql_query("SELECT `koms_foto`.*,(SELECT `path` FROM `albums` WHERE `koms_foto`.`uid` = `albums`.`id` AND `type` = 'f') AS c FROM `koms_foto` WHERE `komu` = '$user[id]' AND `album` = '$a' ORDER BY `id` ASC {$n->limit}");
$dv = 0;
while($q = mysql_fetch_assoc($_in)) {
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<TABLE width="5" cellspacing="0" cellpadding="0" align="right">
<TR>
<TD><img src="resize.php?img='.$q['c'].'&width=45&height=0" alt=""/></TD>
</TR>
</TABLE>';
echo us($q['user']) . '<br/>' . date('d.m.Y H:i', $q['date']) . '<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии к данному альбому отсутствуют.<br/>';
}
echo '<a href="photo.php?do=album&album='.$a.'">Назад</a>' . $div_end;
break;
case upload:
echo $div_title . 'Загрузить' . $div_end . $div_left . $div_menu . '
<a href="photo.php?'.$ref.'">Альбомы</a> |
<a href="photo.php?do=add">Создать</a> |
<b>Добавить фотографию</b>
' . $div_end;
if (isset($_POST['upl'])) {
$pictures = array('.gif', '.jpg', '.jpeg', '.png');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$par = @getimagesize($_FILES['file']['tmp_name']);
$fnames = $_FILES['file']['name'];
$alb = my_int($_POST['alb']);
$name = trim(mysql_real_escape_string(check($_POST['name'])));
if (empty($fnames)) {
err('Не выбрана фотография!');
}
elseif ($par[0] > 1600 || $par[1] > 1600) {
err('Большое расширение фотографии!');
}
elseif (preg_match('/(.php|.pl|.htaccess)/i', $fnames) || !in_array($ext, $pictures)) {
err('Запрещенный формат файла!');
}
elseif ($_FILES['file']['size'] > 1024 * 2 * 1024) {
err('Большой размер фотографии!');
}
elseif (empty($alb)) {
err('Не выбран альбом!');
}
else {
$foto = 'photos/img_' . time() . $ext;
if ($ext != '.gif') {
$imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']));
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, $foto, 90);
} else {
copy($_FILES['file']['tmp_name'], $foto);
}
#chmod(basename($foto), 0777);
mysql_query("INSERT INTO `albums` SET
`user` = '$user[id]',
`path` = '$foto',
`name` = '$name',
`type` = 'f',
`cat` = '$alb',
`date` = '" . date('d.m.y H:i') . "'");
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_photos') == 1 && $user['fr_lenta_photos'] == 1 && $send['who'] != $user['id']) {
$last_alb = mysql_fetch_assoc(mysql_query("SELECT `id`, `cat` FROM `albums` WHERE `type` = 'f' ORDER BY `id` DESC LIMIT 1"));
$message = us($user['id']) . ' загрузил новую <a href="photo.php?do=info&nk='.$user['id'].'&a='.$last_alb['cat'].'&p='.$last_alb['id'].'">фотографию</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
mysql_query("UPDATE `albums` SET `last` = '" . date('d.m.y в H:i') . "' WHERE `id` = '$alb' LIMIT 1");
header('Location: photo.php?do=album&album=' . $alb);
}
}
echo '<FORM ENCTYPE="multipart/form-data" action="photo.php?do=upload" method="POST">
<label>Фотография: (*max. 1600x1600px. 2Mb.)</label><br/>
<input name="file" type="file" accept="image/jpeg, image/png, image/gif"/>
<br/>
<label>Описание:</label><br/>
<input type="text" name="name" maxlength="50"/>
<br/>
<label>Выбрать альбом:</label><br/>
<select name="alb">';
$from = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
while($a = mysql_fetch_assoc($from)) {
echo '<option value="' . $a['id'] . '">' . $a['name'] . '</option>';
}
echo '</select>
<br/>
<input type="submit" name="upl" value="Загрузить"/>
</FORM>
' . $div_end . '
<a href="photo.php?'.$ref.'">« Альбомы</a>';
break;
case view:
$nk = my_int($_GET['nk']);
echo $div_title . 'Альбомы ' . us($nk) . ' ' . $div_end . $div_left . $div_menu . '
<b>Альбомы</b>' . $div_end;
if ($user['id'] == $nk) {
header('Location: zametki.php?do=read');
die();
}
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
if ($user['id'] != $nk) {
// запись всевидящего ока
$vok = mysql_query("SELECT `id` FROM `oko` WHERE `user` = '$nk' AND `who` = '$user[id]'");
if (mysql_num_rows($vok) == FALSE && $user['p_oko'] == 1) {
$r_n_d = mt_rand(1000000, 9999999);
mysql_query("INSERT INTO `oko` SET `id` = '$r_n_d', `user` = '$nk', `who` = '$user[id]', `where` = 'album', `time` = '" . time() . "'");
} elseif (mysql_num_rows($vok) != FALSE && $user['p_oko'] == 1) {
mysql_query("UPDATE `oko` SET `where` = 'album', `time` = '" . time() . "' WHERE `user` = '$nk' AND `who` = '$user[id]' LIMIT 1");
}
}
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `albums` WHERE `user` = '$nk' AND `type` = 'a'"), 0);
if ($count != FALSE) {
$n = new navigator($count, $user['onp_albums'], '?do=view&nk='.$nk.'&');
$result = mysql_query("SELECT * FROM `albums` WHERE `user` = '$nk' AND `type` = 'a'");
$i = 0;
while($a = mysql_fetch_assoc($result)) {
if (empty($a['parol'])) {
$folder = '<img src="ico/files.gif" alt=""/> ';
} if ($a['friend_looks'] == 0) {
$folder = '<img src="ico/files.gif" alt=""/> ';
} if (!empty($a['parol'])) {
$folder = '<img src="ico/lock.gif" alt=""/> ';
} if ($a['friend_looks'] == 1) {
$folder = '<img src="ico/lock.gif" alt=""/> ';
}
$in_al = mysql_fetch_array(mysql_query("SELECT `cover`, `rotate`, `path`, `block` FROM `albums` WHERE `cover` = '1' AND `type` = 'f' AND `cat` = '$a[id]' LIMIT 1"));
if (!empty($in_al[0])) {
echo ($in_al[3] == 1) ? '<img src="ico/block_photo.gif" alt=""/><br/>'
: '<img src="resize.php?img='.$in_al[2].'&width='.$user['onp_prevs'].'&height=0&i='.$in_al[1].'" alt=""/><br/>';
}
$last = (!empty($a['last'])) ? '<br/>Обновлен: ' . $a['last'] : '';
$num = mysql_result(mysql_query("SELECT COUNT(*) FROM `albums` WHERE `user` = '$nk' AND `type` = 'f' AND `cat` = '$a[id]'"), 0);
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $folder . '<a href="photo.php?do=u_album&nk='.$nk.'&i='.$a['id'].'">' . $a['name'] . '</a> (' . $num . ')<br/>Создан: ' . $a['date'] . $last . $div_end;
}
echo $n->navi();
} else {
echo 'У пользователя нет альбомов!<br/>';
}
}
echo $div_end . '<a href="photo.php?'.$ref.'">« Мои альбомы</a>';
break;
case photo:
$p = my_int($_GET['p']);
$a = my_int($_GET['a']);
echo $div_title . us($user['id']) . '/Фотографии' . $div_end . $div_left;
//----------------------------Слайд-Шоу----------------------------//
if (isset($_GET['next'])) {
$next = my_int($_GET['next']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$next' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$next' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$next' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} elseif (isset($_GET['back'])) {
$back = my_int($_GET['back']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$back' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$back' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$back' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} else {
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$p' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$p' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$p' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
}
//----------------------------Слайд-Шоу----------------------------//
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$_i = getimagesize($inf['path']);
$size = filesize($inf['path']);
$size = get_size($size);
$ratG = mysql_result(mysql_query("SELECT SUM(`good`) FROM `rating_foto` WHERE `uid` = '$p' AND `komu` = '$user[id]'"), 0);
$ratB = mysql_result(mysql_query("SELECT SUM(`bad`) FROM `rating_foto` WHERE `uid` = '$p' AND `komu` = '$user[id]'"), 0);
$mime = preg_replace('/image/(.*?)/i', '1', $_i['mime']);
$rat_1 = (empty($rat['good'])) ? 0 : $rat['good'];
$rat_2 = (empty($rat['bad'])) ? 0 : $rat['bad'];
// предупреждение о файле +18
if ($inf['sex'] == 1 && $user['adult'] == 1) {
err('Фотография содержит эротический характер.<br/>Вы можете отключить данное предупреждение в настройках.');
include_once 'foot.php';
exit();
}
// установка аватара
if (isset($_GET['cover'])) {
mysql_query("UPDATE `users` SET `img` = '$inf[path]' WHERE `id` = '$user[id]' LIMIT 1");
header('Location: edit.php?do=photo');
}
// вывод фото
$_sex = ($inf['sex'] == 1) ? ' <b style="color: #FF0000;">18+</b>' : '';
echo ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$inf['rotate'].'" alt=""/>';
echo $_sex;
// если есть только "назад"
if (mysql_num_rows($sql_2) != false && mysql_num_rows($sql_1) == false) {
$inSql = mysql_fetch_assoc($sql_2);
echo '<br/><a href="photo.php?do=photo&a='.$a.'&back='.$inSql['id'].'"><span class="next">«Назад</span></a>';
}
// если есть только "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) == false) {
$inSql = mysql_fetch_assoc($sql_1);
echo '<br/><a href="photo.php?do=photo&a='.$a.'&next='.$inSql['id'].'"><span class="next">»Далее</span></a>';
}
// если есть "назад" и "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) != false) {
$inSql_1 = mysql_fetch_assoc($sql_1);
$inSql_2 = mysql_fetch_assoc($sql_2);
echo '<br/><a href="photo.php?do=photo&a='.$a.'&back='.$inSql_2['id'].'"><span class="next">«Назад</span></a> |
<a href="photo.php?do=photo&a='.$a.'&next='.$inSql_1['id'].'"><span class="next">»Далее</span></a>';
}
// маркеры
$num_marks = mysql_result(mysql_query("SELECT COUNT(*) FROM `mark` WHERE `uid` = '$p'"), 0);
// у кого в закладках
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `fav` WHERE `sec` = '4' AND `uid` = '$p'"), 0);
if ($num_marks != FALSE) {
$count_marks = '<img src="ico/druzya.gif" alt=""/> <a href="photo.php?do=marks&a='.$a.'&p='.$inf['id'].'">На фото (' . $num_marks . ')</a><br/>';
}
// скачивание
$inf['name'] = (!empty($inf['name'])) ? $inf['name'] : 'Без описания';
$down = (stripos($mime, 'gif') === false) ? 'copy.php?img='.base64_encode($inf['path']).'&i='.base64_encode($inf['rotate']) : $inf['path'];
if ($inf['block'] == 0) $sk4 = '<img src="ico/d.gif" alt=""/> <a href="'.$down.'">Скачать (' . $size . ')</a>';
echo $block . $div_razdel . '
Добавлена: ' . $inf['date'] . '<br/>
Тип: ' . $mime . ' ' . $_i[0] . 'x' . $_i[1] . '<br/>
' . $div_end . $div_tworazdel . '
Общая оценка: ' . ($ratG + $ratB) . '<br/>
Положительных голосов: ' . $ratG . '<br/>
Отрицательных голосов: ' . $ratB . '<br/>
' . $div_end . $div_razdel . '
Описание: ' . $inf['name'] . '
<br/>
[<a href="photo.php?do=edit&x='.$inf['id'].'"><img src="ico/edit.gif" alt=""/> ред</a>]
[<a href="photo.php?do=delete&x='.$inf['id'].'"><img src="ico/delete.gif" alt=""/> удл</a>]
<br/>
[<img src="ico/foto.gif" alt=""/> <a href="photo.php?do=photo&a='.$a.'&p='.$inf['id'].'&cover">установить на анкету</a>]
[<img src="ico/profile.gif" alt=""/> <a href="photo.php?do=mark&a='.$a.'&p='.$inf['id'].'">отметить</a>]
' . $div_end . $div_tworazdel . '
<img src="ico/fav.gif" alt=""/> <a href="fav.php?do=add&cat=4&p='.$inf['id'].'">Добавить в закладки</a><br/>
В закладках у <a href="../fav.php?do=view_photos&u='.$inf['id'].'">(' . $_num_z . ')</a> чел<br/>
' . $div_end . $count_marks . $sk4 . $block;
} else {
err('Фотография не найдена!');
}
if (isset($_GET['del'])) {
$del = my_int($_GET['del']);
$empt = mysql_query("SELECT `id` FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
if (mysql_num_rows($empt) != FALSE && $nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
mysql_query("DELETE FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
header('Location: photo.php?do=photo&a='.$a.'&nk='.$nk.'&p='.$p);
} else {
header('Location: photo.php?do=photo&a='.$a.'&nk='.$nk.'&p='.$p);
}
}
$koms = mysql_result(mysql_query("SELECT COUNT(*) FROM `koms_foto` WHERE `komu` = '$user[id]' AND `uid` = '$p'"), 0);
if ($koms != FALSE) {
$n = new navigator($koms, $user['onp_comments'], '?do=photo&a='.$a.'&p='.$p.'&');
$_in = mysql_query("SELECT * FROM `koms_foto` WHERE `komu` = '$user[id]' AND `uid` = '$p' ORDER BY `id` ASC {$n->limit}");
$dv = 0;
while($q = mysql_fetch_assoc($_in)) {
$otv = ' <a href="photo.php?do=photo&a='.$a.'&nk='.$nk.'&p='.$p.'&k='.$q['user'].'">[*]</a>';
if ($nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
$dk = '<a href="photo.php?do=photo&a='.$a.'&nk='.$nk.'&p='.$p.'&del='.$q['id'].'"><img src="ico/delete.gif" alt="x"/></a> ';
}
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $dk . us($q['user']) . $otv . '<br/>' . date('d.m.y H:i', $q['date']) . '<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии отсутствуют.<br/>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Не заполнен комментарий!');
} else {
if (isset($_POST['komu']) && user_inf(my_int($_POST['komu']), 'comm_photos') == 1 && my_int($_POST['komu']) != $user['id']) {
$message = us($user['id']) . ' ответил на Ваш комментарий к <a href="photo.php?do=photo&a='.$a.'&p='.$inf['id'].'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '" . my_int($_POST['komu']) . "',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $mes)) {
$mes = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $mes);
}
}
}
mysql_query("INSERT INTO `koms_foto` SET
`msg` = '$mes',
`uid` = '$inf[id]',
`album` = '$a',
`user` = '$user[id]',
`komu` = '$user[id]',
`date` = '" . time() . "'");
header('Location: photo.php?do=photo&a='.$a.'&p=' . $inf['id']);
}
}
$Komu = (isset($_GET['k'])) ? user_inf(my_int($_GET['k']), 'user') . ', ' : '';
echo '<FORM method="POST" action="photo.php?do=photo&a='.$a.'&p='.$inf['id'].'">
<fieldset>
<label><b>Комментарий:</b></label><br/>
Вставить <a href="faq.php?do=smile">[смайлы]</a>
<a href="faq.php?do=bb">[бб-коды]</a>
<br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="hidden" name="komu" value="' . my_int($_GET['k']) . '"/>
<input type="submit" name="addkom" value="Добавить"/>
</fieldset>
</FORM>';
echo '<a href="photo.php?do=album&album='.$a.'">Назад</a>';
echo $div_end;
break;
case mark:
$ar = my_int($_GET['a']);
$p = my_int($_GET['p']);
echo $div_title . us($user['id']) . '/Отметить друга на фото' . $div_end . $div_left;
$in = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$ar' AND `id` = '$p' LIMIT 1");
if (isset($_POST['submitForm']))
{
if (empty($_POST['block'])) {
header('Location: photo.php?do=photo&a='.$ar.'&p=' . $p);
die();
}
foreach($_POST['block'] as $value) {
$sql = mysql_query("SELECT `id` FROM `mark` WHERE `uid` = '$p' AND `user` = '$user[id]' AND `who` = '$value' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'comm_photos') == 1 && $send['who'] != $user['id']) {
$message = us($user['id']) . ' отметил Вас на своей <a href="photo.php?do=info&a='.$ar.'&p='.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
mysql_query("INSERT INTO `mark` SET `uid` = '$p', `user` = '$user[id]', `who` = '$value'");
header('Location: photo.php?do=marks&a='.$ar.'&p=' . $p);
}
header('Location: photo.php?do=marks&a='.$ar.'&p=' . $p);
}
}
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$blk = ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width=96&height=0&i='.$inf['rotate'].'" alt=""/>';
echo $div_razdel . $blk . '
<br/>
Добавлена: ' . $inf['date'] . $div_end;
$look = mysql_query("SELECT DISTINCT `friends`.`who` FROM `friends` WHERE `zajavka` = '1' AND `user` = '$user[id]' AND NOT `who` IN(SELECT `who` FROM `mark` WHERE `user` = '$user[id]' AND `uid` = '$p')");
if (mysql_num_rows($look) != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($look)) {
echo '<FORM method="POST" action="photo.php?do=mark&a='.$ar.'&p='.$p.'">';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<input type="checkbox" name="block[]" value="'.$a['who'].'"/>' . nik($a['who']) . $div_end;
}
echo '<input type="submit" name="submitForm" value="Отметить"/>
</FORM>';
} else {
echo 'Не найдено друзей, или Вы отметили всех Ваших друзей на фото.<br/>';
}
} else {
err('Фотография не найдена!');
}
echo $block . '<a href="photo.php?do=photo&a='.$ar.'&p='.$p.'">Назад</a>';
echo $div_end;
break;
case marks:
$ar = my_int($_GET['a']);
$p = my_int($_GET['p']);
echo $div_title . us($user['id']) . '/На фото' . $div_end . $div_left;
$in = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$ar' AND `id` = '$p' LIMIT 1");
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$blk = ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width=96&height=0&i='.$inf['rotate'].'" alt=""/>';
echo $div_razdel . $blk . '
<br/>
Добавлена: ' . $inf['date'] . $div_end;
$num = mysql_result(mysql_query("SELECT COUNT(*) FROM `mark` WHERE `uid` = '$p' LIMIT 1"), 0);
if ($num != FALSE) {
$n = new navigator($num, 10, '?do=marks&a='.$ar.'&p='.$p.'&');
$i = 0;
$is = mysql_query("SELECT * FROM `mark` WHERE `uid` = '$p' ORDER BY `id` DESC {$n->limit}");
while($a = mysql_fetch_assoc($is)) {
if ($a['user'] == $user['id']) {
$x = ' <a href="photo.php?do=marks&a='.$ar.'&p='.$p.'&x='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a>';
}
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($a['who']) . $x . $div_end;
}
echo $n->navi();
} else {
echo 'Отметок не найдено.<br/>';
}
} else {
err('Фотография не найдена!');
}
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT `id` FROM `mark` WHERE `user` = '$user[id]' AND `id` = '$x' LIMIT 1");
if (mysql_num_rows($sql) != FALSE) {
mysql_query("DELETE FROM `mark` WHERE `user` = '$user[id]' AND `id` = '$x' LIMIT 1");
header('Location: photo.php?do=marks&a='.$ar.'&p=' . $p);
} else {
header('Location: photo.php?do=marks&a='.$ar.'&p=' . $p);
}
}
echo $block . '<a href="photo.php?do=photo&a='.$ar.'&p='.$p.'">Назад</a>';
echo $div_end;
break;
case u_album:
$nk = my_int($_GET['nk']);
$i = my_int($_GET['i']);
$em = mysql_query("SELECT * FROM `albums` WHERE `id` = '$i' AND `user` = '$nk' AND `type` = 'a' LIMIT 1");
$pas = mysql_fetch_assoc($em);
// удаление альбома (Админам)
if (isset($_GET['del_album'])) {
$empta = mysql_query("SELECT * FROM `albums` WHERE `type` = 'a' AND `id` = '$i' LIMIT 1");
if (mysql_num_rows($empta) != FALSE) {
if ($user['level'] == 4 || $user['level'] == 5) {
$Sql = mysql_query("SELECT * FROM `albums` WHERE `type` = 'f' AND `cat` = '$i' LIMIT 1");
while($in_sql = mysql_fetch_assoc($Sql)) {
if ($in_sql['path'] == user_inf($nk, 'img')) {
mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$nk' LIMIT 1");
}
// удаление фото с папки
if (file_exists($in_sql['path'])) unlink($in_sql['path']);
}
// удаляем комментарии
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$i'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$i'");
// удаление фото с бд
mysql_query("DELETE FROM `albums` WHERE `type` = 'f' AND `cat` = '$i' LIMIT 1");
mysql_query("DELETE FROM `albums` WHERE `type` = 'a' AND `id` = '$i' LIMIT 1");
header('Location: photo.php?do=view&nk=' . $nk);
} else {
err('Нет прав доступа!');
}
} else {
err('Альбома не существует!');
}
}
echo $div_title . us($nk, 'user') . '/Фотографии' . $div_end . $div_left . $div_menu . '
<a href="photo.php?do=view&nk='.$nk.'&i='.$i.'">Альбомы</a> |
<b>' . $pas['name'] . '</b>
' . $div_end;
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
if (mysql_num_rows($em) == FALSE) {
err('Альбома не существует!');
} else {
if ($user['level'] == 4 || $user['level'] == 5 && !empty($pas['parol'])) {
$_SESSION['parol'] = $pas['parol'];
}
if (isset($_POST['okpass'])) {
$fotopass = my_int($_POST['fotopass']);
if ($fotopass == $pas['parol']) {
$_SESSION['parol'] = $fotopass;
header('Location: photo.php?do=u_album&nk='.$nk.'&i='.$i);
} else {
err('Пароль неверный!');
}
}
if ($user['level'] < 4 && !empty($pas['parol']) && empty($_SESSION['parol']) || $user['level'] < 4 && !empty($pas['parol']) && $_SESSION['parol'] != $pas['parol']) {
err('Этот альбом защищен паролем!');
echo '<FORM method="POST" action="photo.php?do=u_album&nk='.$nk.'&i='.$i.'">
Введите пароль:<br/>
<input type="text" name="fotopass"/>
<br/>
<input type="submit" name="okpass" value="Далее"/>
</FORM>';
include 'foot.php';
exit();
}
$fr = mysql_query("SELECT COUNT(*) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
AND
`zajavka` = '1'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if ($user['level'] < 4 && $pas['friend_looks'] == 1 && mysql_result($fr, 0) == FALSE) {
err('Данный альбом доступен только для друзей пользователя!');
include 'foot.php';
exit();
}
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM
`albums`
WHERE
`user` = '$nk'
AND
`type` = 'f'
AND
`cat` = '$i'"), 0);
$n = new navigator($count, $user['onp_photos'], '?do=u_album&nk='.$nk.'&i='.$i.'&');
$in = mysql_query("SELECT `albums`.*,
(SELECT COUNT(*) FROM `koms_foto` WHERE `koms_foto`.`uid` = `albums`.`id`) AS c
FROM `albums` WHERE `albums`.`user` = '$nk' AND `albums`.`type` = 'f' AND `albums`.`cat` = '$i' ORDER BY `albums`.`id` ASC {$n->limit}");
if ($count != FALSE) {
$ii = 0;
while($a = mysql_fetch_assoc($in)) {
$blk = ($a['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$a['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$a['rotate'].'" alt=""/>';
$a['name'] = (!empty($a['name'])) ? '<br/>' . $a['name'] : '<br/>Без описания';
echo ($ii ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="photo.php?do=info&nk='.$nk.'&a='.$a['cat'].'&p='.$a['id'].'">
' . $blk . '</a> ' . $a['name'] . '<br/>
<a href="photo.php?do=info&nk='.$nk.'&a='.$a['cat'].'&p='.$a['id'].'">Комментарии (' . $a['c'] . ')</a>' . $div_end;
}
echo $n->navi();
} else {
echo 'Нет фотографий в этом альбоме!<br/>';
}
}
}
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `fav` WHERE `sec` = '3' AND `uid` = '$i'"), 0);
echo '<img src="ico/fav.gif" alt=""/> <a href="fav.php?do=add&cat=3&a='.$i.'">Добавить в закладки</a><br/>
В закладках у <a href="../fav.php?do=view_albums&u='.$i.'">(' . $_num_z . ')</a> чел<br/>';
if ($user['level'] == 4 || $user['level'] == 5) echo '<img src="ico/delete.gif" alt=""/>
<a href="photo.php?do=u_album&i='.$i.'&nk='.$nk.'&del_album">Удалить альбом</a>';
echo $div_end . '<a href="photo.php?'.$ref.'">« Мои альбомы</a>';
break;
case info:
$nk = my_int($_GET['nk']);
$p = my_int($_GET['p']);
$a = my_int($_GET['a']);
echo $div_title . us($nk) . '/Фотографии' . $div_end . $div_left;
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
// удаление фотки админам
if (isset($_GET['del_f'])) {
$is_f = mysql_query("SELECT `id` FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
if (mysql_num_rows($is_f) != FALSE) {
$in_f = mysql_fetch_assoc($is_f);
if ($user['level'] == 4 || $user['level'] == 5) {
if (file_exists($in_f['path'])) unlink($in_f['path']);
mysql_query("DELETE FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
header('Location: photo.php?do=u_album&nk='.$nk.'&i='.$a);
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'foot.php';
exit();
}
}
// блокировка фотки админам
if (isset($_GET['block_f'])) {
$is_f = mysql_query("SELECT `id` FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
if (mysql_num_rows($is_f) != FALSE) {
if ($user['level'] == 4 || $user['level'] == 5) {
echo '<FORM method="POST" action="photo.php?do=info&p='.$p.'&a='.$a.'&nk='.$nk.'&block_ok">
Укажите причину блокировки:
<br/>
<input type="text" name="why" maxlength="50"/>
<br/>
<input type="submit" name="next" value="Блокировать"/>
</FORM>';
include_once 'foot.php';
exit();
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'foot.php';
exit();
}
}
// блокировка фотки админам
if (isset($_GET['block_ok'])) {
$is_f = mysql_query("SELECT `id` FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
$why = trim(mysql_real_escape_string(check($_POST['why'])));
if (mysql_num_rows($is_f) != FALSE) {
if ($user['level'] == 4 || $user['level'] == 5) {
if (empty($why)) {
err('Не указана причина блокировки!');
} else {
mysql_query("UPDATE `albums` SET `block` = '1', `why_block` = '$why', `who_block` = '$user[id]' WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
$mess = 'Ваше <a href="photo.php?do=photo&a='.$a.'&p='.$p.'">фото</a> было заблокировано Администратором ' . us($user['id']) . ' за: ' . $why . '!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$mess','" . time() . "','0','i')");
header('Location: photo.php?do=u_album&nk='.$nk.'&i=' . $a);
}
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'foot.php';
exit();
}
}
//----------------------------Слайд-Шоу----------------------------//
if (isset($_GET['next'])) {
$next = my_int($_GET['next']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$next' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$next' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$next' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} elseif (isset($_GET['back'])) {
$back = my_int($_GET['back']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$back' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$back' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$back' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} else {
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$p' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$p' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$p' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
}
//----------------------------Слайд-Шоу----------------------------//
if (mysql_num_rows($in) != FALSE) {
$_ps = mysql_fetch_array(mysql_query("SELECT `parol`, `id` FROM `albums` WHERE `id` = '$a' AND `user` = '$nk' AND `type` = 'a' LIMIT 1"));
if (!empty($_ps[0]) && $_SESSION['parol'] != $_ps[0]) {
header('Location: photo.php?do=u_album&nk='.$nk.'&i=' . $_ps[1]);
die();
}
$inf = mysql_fetch_assoc($in);
$_i = getimagesize($inf['path']);
$size = filesize($inf['path']);
$size = get_size($size);
$ratG = mysql_result(mysql_query("SELECT SUM(`good`) FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk'"), 0);
$ratB = mysql_result(mysql_query("SELECT SUM(`bad`) FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk'"), 0);
$mime = preg_replace('/image/(.*?)/i', '1', $_i['mime']);
// положительный голос
if (isset($_GET['plus'])) {
$who = mysql_query("SELECT `id` FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk' AND `user` = '$user[id]' LIMIT 1");
$dupl = mysql_fetch_assoc($who);
if (mysql_num_rows($who) != FALSE) {
err('Вы уже голосовали за эту фотографию!');
} elseif ($nk == $user['id']) {
err('Вы не можете голосовать за свою фотографию!');
} else {
mysql_query("INSERT INTO `rating_foto` SET
`user` = '$user[id]',
`uid` = '$inf[id]',
`good` = '1',
`komu` = '$nk'");
if (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . us($user['id']) . ' отдал положительный голос к Вашей <a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
header('Location: photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&vote');
}
}
// отрицательный голос
if (isset($_GET['minus'])) {
$who = mysql_num_rows(mysql_query("SELECT `id` FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk' AND `user` = '$user[id]' LIMIT 1"));
if ($who != FALSE) {
err('Вы уже голосовали за эту фотографию!');
} elseif ($nk == $user['id']) {
err('Вы не можете голосовать за свою фотографию!');
} else {
mysql_query("INSERT INTO `rating_foto` SET
`user` = '$user[id]',
`uid` = '$inf[id]',
`bad` = '1',
`komu` = '$nk'");
if (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . us($user['id']) . ' отдал отрицательный голос к Вашей <a href="photo.php?do=info&nk='.$nk.'&p='.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
header('Location: photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&vote');
}
}
if (isset($_GET['vote'])) msg('Ваш голос за эту фотографию учтен!');
// кол-во закладок
$_num_z = mysql_result(mysql_query("SELECT COUNT(*) FROM `fav` WHERE `sec` = '4' AND `uid` = '$inf[id]'"), 0);
// вывод фото
echo ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$inf['path'].'&width=128&height=0&i='.$inf['rotate'].'" alt=""/>';
// если есть только "назад"
if (mysql_num_rows($sql_2) != false && mysql_num_rows($sql_1) == false) {
$inSql = mysql_fetch_assoc($sql_2);
echo '<br/><a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&back='.$inSql['id'].'"><span class="next">«Назад</span></a>';
}
// если есть только "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) == false) {
$inSql = mysql_fetch_assoc($sql_1);
echo '<br/><a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&next='.$inSql['id'].'"><span class="next">»Далее</span></a>';
}
// если есть "назад" и "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) != false) {
$inSql_1 = mysql_fetch_assoc($sql_1);
$inSql_2 = mysql_fetch_assoc($sql_2);
echo '<br/><a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&back='.$inSql_2['id'].'"><span class="next">«Назад</span></a> |
<a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&next='.$inSql_1['id'].'"><span class="next">»Далее</span></a>';
}
// плюс / минус
if ($nk != $user['id']) {
$Votes = 'Оценить: <a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&plus">[+1]</a>
<a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&minus">[-1]</a>';
}
// скачивание
$inf['name'] = (!empty($inf['name'])) ? $inf['name'] : 'Без описания';
$down = (stripos($mime, 'gif') === false) ? 'copy.php?img='.base64_encode($inf['path']).'&i='.base64_encode($inf['rotate']) : $inf['path'];
if ($inf['block'] == 0) $sk4 = '<img src="ico/d.gif" alt=""/> <a href="'.$down.'">Скачать (' . $size . ')</a>';
echo $block . $div_razdel . '
Добавлена: ' . $inf['date'] . '<br/>
Тип: ' . $mime . ' ' . $_i[0] . 'x' . $_i[1] . '<br/>
' . $div_end . $div_tworazdel . '
Общая оценка: ' . ($ratG + $ratB) . '<br/>
Положительных голосов: ' . $ratG . '<br/>
Отрицательных голосов: ' . $ratB . '<br/>
' . $Votes . '
' . $div_end . $div_razdel . '
Описание: ' . $inf['name'] . '
' . $div_end . '
<img src="ico/fav.gif" alt=""/> <a href="fav.php?do=add&cat=4&p='.$inf['id'].'">Добавить в закладки</a><br/>
В закладках у <a href="../fav.php?do=view_photos&u='.$inf['id'].'">(' . $_num_z . ')</a> чел<br/>
' . $sk4 . $block;
if ($user['level'] == 4 || $user['level'] == 5) {
echo '<img src="ico/delete.gif" alt=""/>
<a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$p.'&del_f">Удалить фото</a>
<br/>
<img src="ico/delete.gif" alt=""/>
<a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$p.'&block_f">Блокировать фото</a>' . $block;
}
if (isset($_GET['del'])) {
$del = my_int($_GET['del']);
$empt = mysql_query("SELECT `id` FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
if (mysql_num_rows($empt) != FALSE && $nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
mysql_query("DELETE FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
header('Location: photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id']);
} else {
header('Location: photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id']);
}
}
$koms = mysql_result(mysql_query("SELECT COUNT(*) FROM `koms_foto` WHERE `komu` = '$nk' AND `uid` = '$inf[id]'"), 0);
if ($koms != FALSE) {
echo $div_razdel . 'Комментарии:' . $div_end;
$n = new navigator($koms, $user['onp_comments'], '?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&');
$_in = mysql_query("SELECT * FROM `koms_foto` WHERE `komu` = '$nk' AND `uid` = '$inf[id]' ORDER BY `id` DESC {$n->limit}");
$dv = 0;
while($q = mysql_fetch_assoc($_in)) {
$otv = ' <a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&k='.$q['user'].'">[*]</a>';
if ($nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
$dk = '<a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'&del='.$q['id'].'"><img src="ico/delete.gif" alt="x"/></a> ';
}
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $dk . us($q['user']) . $otv . '<br/>' . date('d.m.Y H:i', $q['date']) . '<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии отсутствуют.<br/>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Не заполнен комментарий!');
} else {
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $message)) {
$message = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $message);
}
}
}
mysql_query("INSERT INTO `koms_foto` SET
`msg` = '$mes',
`uid` = '$inf[id]',
`album` = '$a',
`user` = '$user[id]',
`komu` = '$nk',
`date` = '" . time() . "'");
if (isset($_POST['komu']) && user_inf(my_int($_POST['komu']), 'comm_photos') == 1 && my_int($_POST['komu']) != $user['id']) {
$message = 'Пользователь ' . us($user['id']) . ' ответил на Ваш комментарий к <a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '" . my_int($_POST['komu']) . "',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
elseif (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . us($user['id']) . ' оставил комментарий к Вашей <a href="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
header('Location: photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id']);
}
}
$fr = mysql_query("SELECT `id` FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND `zajavka` = '1'");
$in_albm = mysql_fetch_array(mysql_query("SELECT `friend_comm` FROM `albums` WHERE `type` = 'a' AND `id` = '$inf[cat]'"));
if ($nk != $user['id'] && $in_albm[0] == 1 && mysql_num_rows($fr) != FALSE || $in_albm[0] == 0) {
$Komu = (isset($_GET['k'])) ? user_inf(my_int($_GET['k']), 'user') . ', ' : '';
echo '<FORM method="POST" action="photo.php?do=info&nk='.$nk.'&a='.$a.'&p='.$inf['id'].'">
<fieldset>
<label><b>Комментарий:</b></label><br/>
Вставить <a href="faq.php?do=smile">[смайлы]</a>
<a href="faq.php?do=bb">[бб-коды]</a>
<br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="hidden" name="komu" value="' . my_int($_GET['k']) . '"/>
<input type="submit" name="addkom" value="Добавить"/>
</fieldset>
</FORM>';
}
} else {
err('Фотография не найдена!');
}
}
echo '<a href="photo.php?do=u_album&nk='.$nk.'&i='.$inf['cat'].'">Назад</a>' . $div_end;
break;
}
include 'foot.php';
?>