Файл: test.masteram.us/audio/upload.php
Строк: 97
<?
include '../Core.php';
include_once 'config.php';
$set['title']=''.$ln['add'].''; // заголовок страницы
include_once '../sys/inc/thead.php';
only_reg();
title();
if (isset($_GET['act'])) {$act = power($_GET['act']);} else {$act = 'index';}
$dir = intval($_GET['dir']);
if(mysql_result(mysql_query("SELECT count(*) FROM `audio_cat` WHERE `id`='".$dir."'"),0)==0){header("Location: /audio/");}### Проверили есть ли каталог
$catalog=mysql_fetch_assoc(mysql_query("SELECT * FROM `audio_cat` WHERE `id`= $dir LIMIT 1"));
switch ($act):
case "upl":
if (!isset($_FILES['file'])){header("location: upload.php?act=index&dir=".$dir."&error=43");}
if (!isset($_FILES['file']['tmp_name'])){header("location: upload.php?act=index&dir=".$dir."&error=44");}
$file=esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$file=ereg_replace('(#|?)', NULL, $file);
$ras=strtolower(eregi_replace('^.*.', NULL, $file));
if($ras=='mp3'){
$size=filesize($_FILES['file']['tmp_name']);
$opis = (isset($_POST['opis'])) ? my_esc($_POST['opis']) : '';
mysql_query("INSERT INTO `audio_file` (id_cat, size, time, opis, id_user) values('$dir', '$size', '$time', '$opis', '$user[id]')");
$id_file=mysql_insert_id();
if (!@copy($_FILES['file']['tmp_name'], H."audio/files/$id_file.mp3")){
mysql_query("DELETE FROM `audio_file` WHERE `id` = '$id_file'");
header("location: upload.php?dir=".$dir."&error=47");}
chmod(H."audio/files/$id_file.mp3", 0666);
### ТЕГИ
$file = 'files/'.$id_file.'.mp3';
require_once ('getid3/getid3.php');
$getID3 = new getID3;
$getID3->encoding = 'UTF-8';
$getid = $getID3->analyze($file);
if(!empty($getid['tags']['id3v2'])) $TagData = $getid['tags']['id3v2'];
elseif(!empty($getid['tags']['id3v1'])) $TagData = $getid['tags']['id3v1'];
$kanal = $getid['audio']['channels'].' ('.$getid['audio']['channelmode'].')';
$chastota = ceil($getid['audio']['sample_rate']/1000).' КГц';
$bitreit = ceil($getid['audio']['bitrate']/1000).' Кбит/с';
$dlit = date('i:s', $getid['playtime_seconds']);
$albom = $TagData['album'][0];
$year = $TagData['year'][0];
mysql_query("UPDATE `audio_file` SET `artist`='".$TagData['artist'][0]."', `title`='".$TagData['title'][0]."', `kanal`='".$kanal."', `chastota`='".$chastota."', `bitreit`='".$bitreit."', `dlit`='".$dlit."', `albom`='".$albom."', `year`='".$year."' WHERE `id`='$id_file' LIMIT 1");
###
header("location: upload.php?act=step2&dir=$dir&file=$id_file&error=48");
}else{header("location: upload.php?act=index&dir=$dir&error=69");}
break;
case "step2":
$id = power($_GET['file']);
if(mysql_result(mysql_query("SELECT count(*) FROM `audio_file` WHERE `id`='".$id."'"),0)==0){header("Location: /audio/");}### Проверили есть ли каталог
$audio=mysql_fetch_assoc(mysql_query("SELECT * FROM `audio_file` WHERE `id`= $id LIMIT 1"));
echo'<div class="str">';
echo'<img src = "img/dir_open.png"> <b>'.$audio['artist'].' - '.$audio['title'].'</b><br/>';
echo'</div>';
echo'<div class="mess">';
echo "<form method='post' enctype='multipart/form-data' action='?act=save2&dir=$dir&file=".$_GET['id']."' >";
echo ''.$ln['art'].':<br />';
echo "<input type='text' name='artist' value='$audio[artist]'><br />n";
echo ''.$ln['name'].':<br />';
echo "<input type='text' name='title' value='$audio[title]'><br />n";
echo ''.$ln['alb'].':<br />';
echo "<input type='text' name='albom' value='$audio[albom]'><br />n";
echo "<input class='submit' type='submit' value='OK' /><br />n";
echo "</form>";
echo'</div>';
break;
case "save2":
$id = power($_GET['file']);
$artist=my_esc($_POST['artist']);
$title=my_esc($_POST['title']);
$albom=my_esc($_POST['albom']);
if(mysql_result(mysql_query("SELECT count(*) FROM `audio_file` WHERE `id`='".$id."'"),0)==0){header("Location: /audio/");}### Проверили есть ли каталог
$audio=mysql_fetch_assoc(mysql_query("SELECT * FROM `audio_file` WHERE `id`= $id LIMIT 1"));
if (utf_strlen($artist) < 300 || utf_strlen($title) < 300 || utf_strlen($albom) < 300){
if($user['id']==$audio['id_user']){
mysql_query("UPDATE `audio_file` SET `artist`='$artist', `title`='$title', `albom`='$albom' WHERE `id` = '$id' LIMIT 1");
header("Location: index.php?act=audio&id=$id");
}else{header("Location: index.php?act=audio&id=$id");}
}else{header("Location: index.php?act=audio&id=$id&error=64");}
break;
case "index":
echo'<div class="str">';
echo''.$catalog['name'].'';
echo'</div>';
echo'<div class="mess">';
echo "<form method="post" enctype="multipart/form-data" action='?act=upl&dir=".$dir."' >";
echo "FILE:<br />n";
echo "<input name='file' type='file'' /><br />n";
echo ''.$ln['opis'].':<br />';
echo "<textarea name='opis'></textarea><br />n";
echo "<input class="submit" type="submit" value="ok" /><br />n";
echo "</form>";
echo'<span style="font-size:small;color:blue"></span><br/><div class="hr"></div><div class="gmenu"><span style="color: #218094"></span></div>';
echo'</div>';
break;
default:
header("location: index.php?" . SID);
endswitch;
include_once '../sys/inc/tfoot.php';
?>