Файл: world-faces.ru/world-faces.ru/dnevnik/file.php
Строк: 59
<?
/*Скрипт vmobe.net
venix & PaRaDoX*/
include_once '../i.php';
pdo();
$set['title']='Файл';
verh();
aut();
$time=intval($_GET['time']);
$fo = DB::$dbs->query("select * from `dnevnik_files` where `time`=?",array($time));
$fo = $fo -> fetch();
if (empty($fo['time'])){echo 'Нету такого файла!!!<br/>'; niz(); exit();}
$nicef = (isset($_GET['nicef'])) ? htmlspecialchars(trim($_GET['nicef'])) : NULL;
if (isset($nicef)){
if(DB::$dbs->querySingle("select count(*) from `dnevnik_f_votes` where `id_us`=? and `id_file` = ?",array("$us[id]","$fo[id]"))!=0){
header ('location:view.php?id='.$fo['id_dnev'].'');}
DB::$dbs->Query("insert into `dnevnik_f_votes` SET `id_file`=?,`id_us`=?,`type`=?",array($fo[id],$us[id],nice));
header ('location:view.php?id='.$fo['id_dnev'].'');
}
$badf = (isset($_GET['badf'])) ? htmlspecialchars(trim($_GET['badf'])) : NULL;
if (isset($badf)){
if(DB::$dbs->querySingle("select count(*) from `dnevnik_f_votes` where `id_us`=? and `id_file` = ?",array("$us[id]","$fo[id]"))!=0){
header ('location:view.php?id='.$fo['id_dnev'].'');
}
DB::$dbs->Query("insert into `dnevnik_f_votes` SET `id_file`=?,`id_us`=?,`type`=?",array($fo[id],$us[id],bad));
header ('location:view.php?id='.$fo['id_dnev'].'');
}
$download = (isset($_GET['download'])) ? htmlspecialchars(mysql_real_escape_string(trim($_GET['download']))) : NULL;
if (isset($download)){
DB::$dbs->query("update `dnevnik_files` set `downloads` = `downloads` + 1 where `id` = ?",array($fo[id]));
if(is_file(H."dnevnik/files/$fo[time].gif"))
$format='.gif';
elseif(is_file(H."dnevnik/files/$fo[time].jpg"))
$format='.jpg';
elseif(is_file(H."dnevnik/files/$fo[time].png"))
$format='.png';
header ('location:files/'.$fo[time].''.$format.'');
}
niz();
?>