Файл: public_html/audio/album.php
Строк: 152
<?
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
only_reg();
if(isset($_GET['id']))$audio=mysql_fetch_assoc(mysql_query("SELECT * FROM `audio_album` WHERE `id` = '".intval($_GET['id'])."'"));
$ank2=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$audio[id_user]'"));
$set['title']='Аудиоальбомы - '.output_text($audio['name']);
include_once '../sys/inc/thead.php';
title();
err();
if(!$audio)header("Location: index.php");
if(isset($audio['pass']) && $audio['pass']!=NULL && @$_SESSION['pass']!=$audio['pass'] && $audio['id_user']!=$user['id'] && $user['level']<1){
if(isset($_POST['pass']) && isset($_POST['passadd'])) $_SESSION['pass']=mysql_real_escape_string($_POST['pass']);
if(isset($_POST['pass']) && isset($audio['pass']) && $_SESSION['pass']==$audio['pass'])header("Location: album.php?id=".$audio['id']);
if(isset($_POST['pass']) && $_SESSION['pass']!=$audio['pass'])$err='Неверный пароль';
err();
echo "<form class='p_m' method='post' action=''>n";
echo "Пароль:<br />n<input type="text" name="pass" value='".@$_SESSION['pass']."' /><br />n";
echo "<input value="Войти" name="passadd" type="submit" />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='back.png' /> <a href='album.php?id=$audio[id]'>В альбом</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Аудиоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
}
#####edit album#######
if(isset($_GET['edit'])){
if($audio['id_user']!=$user['id'] || $user['level']<1)header("Location: album.php?id=".$audio['id']);
if(isset($_POST['add'])){
$name=mysql_real_escape_string($_POST['name']);
$opis=mysql_real_escape_string($_POST['opis']);
if(isset($_POST['pass']))$pass=mysql_real_escape_string($_POST['pass']); else $pass=NULL;
if(strlen2($name)<2)$err='Название не менее 2 символов';
if(!isset($err)){
mysql_query("UPDATE `audio_album` SET `name` = '".$name."',`opis` = '".$opis."',`pass` = '".$pass."' WHERE `id` = '$audio[id]' LIMIT 1");
if(isset($_POST['pass']))$_SESSION['pass']=mysql_real_escape_string($_POST['pass']);
header("Location: album.php?id=".$audio['id']);
}
}
echo "<form class='p_m' method='post' action='?id=$audio[id]&edit'>n";
echo "Название:<br />n<input type="text" name="name" value="$audio[name]" /><br />n";
echo "Описание:<br />n<textarea name="opis">$audio[opis]</textarea><br />n";
echo "Пароль:<br />n<input type="text" name="pass" value="$audio[pass]" /><br />n";
echo "<input value="Изменить" name="add" type="submit" />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='back.png' /> <a href='album.php?id=$audio[id]'>В альбом</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Аудиоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
}
#end#
#####del audio####
if (isset($_GET['delete']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `audio_album` WHERE `id` = '".$audio['id']."'"),0)==1)
{
if (isset($user) && ($user['level']>1 || $audio['id_user']==$user['id'])){
$req=mysql_query("SELECT * FROM `audio_user` WHERE `id_album` = '".$audio['id']."' order by id desc");
mysql_query("DELETE FROM `audio_album` WHERE `id` = '$audio[id]'");
while($vid=mysql_fetch_assoc($req)){
unlink(H."sys/audio/files/$vid[id].audio");
mysql_query("DELETE FROM `audio_komm` WHERE `id_album` = '$vid[id]'");
mysql_query("DELETE FROM `audio_user` WHERE `id` = '$vid[id]'");
}
header("Location: index.php");
}
}
if (isset($_GET['delv']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `audio_album` WHERE `id` = '".$audio['id']."'"),0)==1)
{
if (isset($user) && ($user['level']>1 || $audio['id_user']==$user['id'])){
echo "<div class='err'>Вы уверены? <a href='?id=$audio[id]&delete'>Да</a> | <a href='?id=$audio[id]'>Нет</a></div>";
}
}
#########
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `audio_user` WHERE `id_album`='$audio[id]'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
echo "<table class='post'>n";
$q=mysql_query("SELECT * FROM `audio_user` WHERE `id_album`='$audio[id]' ORDER BY id DESC LIMIT $start, $set[p_str]");
if (mysql_num_rows($q)==0) {
echo " <tr>n";
echo " <td class='p_t'>n";
echo "Нет Аудиоn";
echo " </td>n";
echo " </tr>n";
}
while ($v = mysql_fetch_assoc($q))
{
echo " <tr>n";
echo " <td class='p_t'>n";
$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$v[id_user]'"));
echo "<img src='name.gif' /> <a href='audio.php?id=$v[id]'>".output_text($v['name'])."</a><br />";
echo "<img src='user.gif' /> ";
echo online($ank['id'])." <a href='/info.php?id=$ank[id]' title='Анкета "$ank[nick]"'><b>$ank[nick]</a><br/>n";
if($v['opis']!=0)echo "<img src='opis.gif' /> ".output_text($v['opis'])."<br />";
echo "<img src='time.png' /> ".vremja($v['time']);
echo " </td>n";
echo " </tr>n";
}
echo "</table>n";
if ($k_page>1)str("?id=$audio[id]&",$k_page,$page); // Вывод страниц
echo "<div class='foot'>n";
if($audio['id_user']==$user['id'])echo "<img src='add.png' /> <a href='audioadd.php?id=$audio[id]'>Добавить Аудио</a><br />n";
if($audio['id_user']==$user['id'] || $user['level']>1){
echo "<img src='set.png' /> <a href='album.php?id=$audio[id]&edit'>Редактировать</a><br />n";
echo "<img src='del.png' /> <a href='album.php?id=$audio[id]&delv'>Удалить альбом</a><br />n";
}
echo "<img src='back.png' /> <a href='user.album.php?id=$ank2[id]'>Все альбомы автора</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Аудиоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
?>