Файл: panel/manager.php
Строк: 275
<?php
require('../core/start.php');
$data = array(
'title' => lang('file_manager')
);
head($data);
if (empty($_SESSION['admin_sid'])):
if (!empty($_POST)) {
if ($_POST['login'] == ADM_LOGIN && $_POST['password'] == ADM_PASS) {
$_SESSION['admin_sid'] = true;
redirect(HOME . "panel/manager.php");
} else {
echo 'error';
}
}
?>
<form action="?" method="POST">
<label>
<p><?= lang('login') ?></p>
<input type="text" name="login"/>
</label>
<label>
<p><?= lang('password') ?></p>
<input type="password" name="password"/>
</label>
<div>
<input type="submit" value="<?= lang('sig_in') ?>"/>
</div>
</form>
<?php
else:
switch ($_GET['select']) {
default:
?>
<div class="link">
<a href="manager.php?select=upload"><b><?= lang('upload') ?></b></a>
</div>
<div class="menu">
<?php
$count = mysqli_fetch_row(mysqli_query($db, "SELECT COUNT(*) FROM files"));
$total = $count[0];
if ($total) {
$perpage = 10;
$count_pages = ceil($total / $perpage);
if (!$count_pages) {
$count_pages = 1;
}
if (!empty($_GET['page'])) {
$page = abs((int)$_GET['page']);
if (!$page) {
$page = 1;
}
} else {
$page = 1;
}
if ($page > $count_pages) {
$page = $count_pages;
}
$start_pos = ($page - 1) * $perpage;
$pagenation = pagenation($page, $count_pages);
$query = "SELECT * FROM files ORDER BY id DESC LIMIT $start_pos, $perpage";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)) {
echo $row['display_name'].' <a href="manager.php?select=edit_tags&id='.$row['id'].'">[Edit]</a> <a href="manager.php?select=delete&id='.$row['id'].'">[Delete]</a><br />';
}
echo $pagenation, '<br />';
} else {
echo lang('no_files'), '<br /><br />';
}
echo '<a href="'.HOME.'">'.lang('home').'</div>';
break;
case 'delete':
$id = abs((int)$_GET['id']);
$query = "SELECT * FROM files WHERE id = '".$id."'";
$result = mysqli_query($db, $query);
$data = mysqli_fetch_array($result);
if (!empty($data)) {
unlink(ROOT . '/files/' . $data['path']);
$query = "DELETE FROM files WHERE id = '".$id."'";
mysqli_query($db, $query);
unlink(ROOT . '/screens/' . $id . '.jpg');
unlink(ROOT . '/screens/' . $id . '_mini.jpg');
redirect(HOME . 'panel/manager.php');
}
break;
case 'edit_tags':
$id = abs((int)$_GET['id']);
$query = "SELECT * FROM files WHERE id = '".$id."'";
$result = mysqli_query($db, $query);
$data = mysqli_fetch_array($result);
if (!empty($data)) {
include '../core/PEAR/Id.php';
include '../core/mp3.class.php';
$id3 = new MP3_Id();
$id3->read(ROOT . '/files/' . $data['path']);
//
$track_info = getMP3data(ROOT . '/files/' . $data['path']);
//echo '<pre>', print_r($track_info), '</pre>';
//
$genres = $id3->genres();
if (!empty($_POST)) {
$name = iconv('utf-8','windows-1251',$_POST['name']);
$artist = iconv('utf-8','windows-1251',$_POST['artists']);
$album = iconv('utf-8','windows-1251',$_POST['album']);
$year = iconv('utf-8','windows-1251',$_POST['year']);
$track = iconv('utf-8','windows-1251',$_POST['track']);
$genre = iconv('utf-8','windows-1251',$_POST['genre']);
$comment = iconv('utf-8','windows-1251',$_POST['comment']);
$mp3 = new mp3(ROOT . '/files/' . $data['path']);
$mp3->setIdv3_2($track,$name,$artist,$album,$year,$genre,$comment,$artist,$artist,$comment,'http://'.$_SERVER['HTTP_HOST'],'');
$mp3->save(ROOT . '/files/' . $data['path']);
$id3->name = $name;
$id3->artists = $artist;
$id3->album = $album;
$id3->year = $year;
$id3->track = $track;
$id3->genre = $genre;
$id3->comment = $comment;
$id3->write();
$query = "UPDATE files SET
display_name = '".mysqli_escape_string($db, htmlspecialchars($_POST['display_name']))."',
artist = '".mysqli_escape_string($db, htmlspecialchars($artist))."',
name = '".mysqli_escape_string($db, htmlspecialchars($name))."',
album = '".mysqli_escape_string($db, htmlspecialchars($album))."',
year = '".mysqli_escape_string($db, htmlspecialchars($year))."',
track = '".mysqli_escape_string($db, htmlspecialchars($track))."',
genre = '".mysqli_escape_string($db, htmlspecialchars($genre))."',
comment = '".mysqli_escape_string($db, htmlspecialchars($comment))."'
WHERE id = '".$id."'";
mysqli_query($db, $query);
#add in news
if (!empty($_SESSION['news'])) {
$count = mysqli_fetch_row(mysqli_query($db, "SELECT COUNT(*) FROM news"));
$total = $count[0];
if (empty($total)) {
$new_text = '<a href="'.HOME . 'track.php?id=' . $data['id'].'">'.$artist.' - '.$name.'</a>';
$query = "INSERT INTO news (text, date) VALUES ('".$new_text."', NOW())";
} else {
$query = "SELECT * FROM news WHERE date >= CURDATE()";
$result = mysqli_query($db, $query);
$count = mysqli_fetch_row($result);
$total = $count[0];
if (!empty($total)) {
$query = "SELECT * FROM news ORDER BY id DESC LIMIT 1";
$result = mysqli_query($db, $query);
$data_news = mysqli_fetch_array($result);
$new_text = $data_news['text'] . '<br /><a href="'.HOME . 'track.php?id=' . $data['id'].'">'.$artist.' - '.$name.'</a>';
$query = "UPDATE news SET text = '".$new_text."' WHERE id = '".$data_news['id']."'";
} else {
$new_text = '<a href="'.HOME . 'track.php?id=' . $data['id'].'">'.$artist.' - '.$name.'</a>';
$query = "INSERT INTO news (text, date) VALUES ('".$new_text."', NOW())";
}
}
mysqli_query($db, $query);
unset($_SESSION['news']);
}
}
$genre = code($id3->genre);
echo '<div class="menu">
<form action="#" method="post">
<b>'.lang('music_view').'</b><br/>
<input name="display_name" type="text" value="'.(!empty($data['display_name']) ? trim($data['display_name']) : trim($track_info['id3v1']['artists']).' - '.trim($track_info['id3v1']['name'])).'"/><br/>
<br />' . lang('edit_mp3_tags') . '<br/>
'.lang('name').'<br/>
<input name="name" type="text" value="'.trim($track_info['id3v1']['name']).'"/><br/>
'.lang('artist').'<br/>
<input name="artists" type="text" value="'.trim($track_info['id3v1']['artists']).'"/><br/>
'.lang('album').'<br/>
<input name="album" type="text" value="'.trim($track_info['id3v1']['album']).'"/><br/>
'.lang('year').'<br/>
<input name="year" type="text" value="'.trim($track_info['id3v1']['year']).'"/><br/>
'.lang('track').'<br/>
<input name="track" type="text" value="'.trim($track_info['id3v1']['track']).'"/><br/>
'.lang('genre').'<br/>
<select name="genre"><option value="'.$genre.'"/>'.$genre.'</option>';
foreach($genres as $var){
$var = htmlspecialchars($var);
echo '<option value="'.$var.'">'.$var.'</option>';
}
echo '</select><br/>
'.lang('comment').'<br/>
<textarea name="comment" rows="2" cols="32">'.COPY_MUSIC.'</textarea><br/>
<input class="buttom" type="submit" value="'.lang('save').'"/>
</form><br/><a href="manager.php">'.lang('nazad').'</a></div>';
}
break;
case 'upload':
if (!empty($_POST)) {
$whitelist = array('mp3');
if (empty($_POST['import'])) {
$file = $_FILES['file'];
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
//$size = $file['size'];
} else {
$url = $_POST['import'];
$name = explode("/", $url);
$file['name'] = end($name);
$ext = pathinfo(end($name), PATHINFO_EXTENSION);
}
$err = array();
if (!in_array($ext, $whitelist)) $err[] = 'Не верное расширение файла';
if (empty($err)) {
$new_name = str2url(COPY_MUSIC . '_' . ($file['name']));
$path = ROOT . '/files/' . $new_name;
if (copy(($url ? $url : $file['tmp_name']), $path)) {
$query = "INSERT INTO files (path, date) VALUES ('".$new_name."', NOW())";
mysqli_query($db, $query);
$last_id = mysqli_insert_id($db);
//screen
if (!empty($_POST['import_screen']) OR !empty($_FILES['screen'])) {
$whitelist = array('jpg', 'jpeg', 'gif', 'png');
if (empty($_POST['import_screen'])) {
$file = $_FILES['screen'];
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
//$size = $file['size'];
} else {
$url = $_POST['import_screen'];
$name = explode("/", $url);
$file['name'] = end($name);
$ext = pathinfo(end($name), PATHINFO_EXTENSION);
}
$err = array();
if (!in_array($ext, $whitelist)) $err[] = 'Не верное расширение постера';
if (empty($err)) {
$new_name = $last_id . '.jpg';
$path = ROOT . '/screens/' . $new_name;
copy(($url ? $url : $file['tmp_name']), $path);
ResizeImage($path, 300, 85, ROOT . '/screens/', $last_id . '_mini.jpg');
}
}
if (!empty($_POST['news'])) {
$_SESSION['news'] = true;
}
redirect(HOME . 'panel/manager.php?select=edit_tags&id=' . $last_id);
}
} else {
foreach ($err as $error) {
echo $error . '<br />';
}
}
}
?>
<div class="menu">
<form action="#" method="POST" enctype="multipart/form-data">
<div><?= lang('file') ?>:</div>
<div>
<label>
<input type="file" name="file"/>
</label>
<br /><?= lang('import') ?><br />
<input type="text" name="import" placeholder="http://example.com/file.mp3"/>
</div>
<div><?= lang('poster') ?>:</div>
<div>
<label>
<input type="file" name="screen"/>
</label>
<br /><?= lang('import') ?><br />
<input type="text" name="import_screen" placeholder="http://example.com/poster.jpg"/>
</div>
<div><?= lang('add_in_news') ?>:</div>
<div><input type="checkbox" name="news" value="1"/></div>
<div>
<input type="submit" name="upload" value="<?= lang('upload') ?>"/>
</div>
</form>
<br/><a href="manager.php"><?= lang('nazad') ?></a>
</div>
<?php
break;
}
endif;
footer();
?>