Файл: public_html/video/album.php
Строк: 163
<?
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
only_reg();
if(isset($_GET['id']))$video=mysql_fetch_assoc(mysql_query("SELECT * FROM `video_album` WHERE `id` = '".intval($_GET['id'])."'"));
$ank2=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$video[id_user]'"));
$set['title']='Видеоальбомы - '.output_text($video['name']);
include_once '../sys/inc/thead.php';
title();
err();
if(!$video)header("Location: index.php");
if(isset($video['pass']) && $video['pass']!=NULL && @$_SESSION['pass']!=$video['pass'] && $video['id_user']!=$user['id'] && $user['level']<1){
if(isset($_POST['pass']) && isset($_POST['passadd'])) $_SESSION['pass']=mysql_real_escape_string($_POST['pass']);
if(isset($_POST['pass']) && isset($video['pass']) && $_SESSION['pass']==$video['pass'])header("Location: album.php?id=".$video['id']);
if(isset($_POST['pass']) && $_SESSION['pass']!=$video['pass'])$err='Неверный пароль';
err();
echo "<form class='p_m' method='post' action=''>n";
echo "Пароль:<br />n<input type="text" name="pass" value='".@$_SESSION['pass']."' /><br />n";
echo "<input value="Войти" name="passadd" type="submit" />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='back.png' /> <a href='album.php?id=$video[id]'>В альбом</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Видеоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
}
#####edit album#######
if(isset($_GET['edit'])){
if($video['id_user']!=$user['id'] || $user['level']<1)header("Location: album.php?id=".$video['id']);
if(isset($_POST['add'])){
$name=mysql_real_escape_string($_POST['name']);
$opis=mysql_real_escape_string($_POST['opis']);
if(isset($_POST['pass']))$pass=mysql_real_escape_string($_POST['pass']); else $pass=NULL;
if(strlen2($name)<2)$err='Название не менее 2 символов';
if(!isset($err)){
mysql_query("UPDATE `video_album` SET `name` = '".$name."',`opis` = '".$opis."',`pass` = '".$pass."' WHERE `id` = '$video[id]' LIMIT 1");
if(isset($_POST['pass']))$_SESSION['pass']=mysql_real_escape_string($_POST['pass']);
header("Location: album.php?id=".$video['id']);
}
}
echo "<form class='p_m' method='post' action='?id=$video[id]&edit'>n";
echo "Название:<br />n<input type="text" name="name" value="$video[name]" /><br />n";
echo "Описание:<br />n<textarea name="opis">$video[opis]</textarea><br />n";
echo "Пароль:<br />n<input type="text" name="pass" value="$video[pass]" /><br />n";
echo "<input value="Изменить" name="add" type="submit" />n";
echo "</form>n";
echo "<div class='foot'>n";
echo "<img src='back.png' /> <a href='album.php?id=$video[id]'>В альбом</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Видеоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
}
#end#
#####del video####
if (isset($_GET['delete']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `video_album` WHERE `id` = '".$video['id']."'"),0)==1)
{
if (isset($user) && ($user['level']>1 || $video['id_user']==$user['id'])){
$req=mysql_query("SELECT * FROM `video_user` WHERE `id_album` = '".$video['id']."' order by id desc");
mysql_query("DELETE FROM `video_album` WHERE `id` = '$video[id]'");
while($vid=mysql_fetch_assoc($req)){
unlink(H."sys/video/files/$vid[id].vid");
unlink(H."sys/video/screens/48/$vid[id].gif");
unlink(H."sys/video/screens/128/$vid[id].gif");
mysql_query("DELETE FROM `video_komm` WHERE `id_album` = '$vid[id]'");
mysql_query("DELETE FROM `video_user` WHERE `id` = '$vid[id]'");
}
header("Location: index.php");
}
}
if (isset($_GET['delv']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `video_album` WHERE `id` = '".$video['id']."'"),0)==1)
{
if (isset($user) && ($user['level']>1 || $video['id_user']==$user['id'])){
echo "<div class='err'>Вы уверены? <a href='?id=$video[id]&delete'>Да</a> | <a href='?id=$video[id]'>Нет</a></div>";
}
}
#########
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `video_user` WHERE `id_album`='$video[id]'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
echo "<table class='post'>n";
$q=mysql_query("SELECT * FROM `video_user` WHERE `id_album`='$video[id]' ORDER BY id DESC LIMIT $start, $set[p_str]");
if (mysql_num_rows($q)==0) {
echo " <tr>n";
echo " <td class='p_t'>n";
echo "Нет видеоn";
echo " </td>n";
echo " </tr>n";
}
while ($v = mysql_fetch_assoc($q))
{
$file=H."sys/video/files/$v[id].vid";
echo " <tr>n";
echo " <td class='icon48'>n";
include 'inc/48/'.$v['ras'].'.php';
echo " </td>n";
echo " <td class='p_t'>n";
$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$v[id_user]'"));
echo "<img src='name.gif' /> <a href='video.php?id=$v[id]'>".output_text($v['name'])."</a><br />";
echo "<img src='user.gif' /> ";
echo online($ank['id'])." <a href='/info.php?id=$ank[id]' title='Анкета "$ank[nick]"'><b>$ank[nick]</a><br/>n";
if($v['opis']!=0)echo "<img src='opis.gif' /> ".output_text($v['opis'])."<br />";
echo "<img src='time.png' /> ".vremja($v['time']);
echo " </td>n";
echo " </tr>n";
}
echo "</table>n";
if ($k_page>1)str("?id=$video[id]&",$k_page,$page); // Вывод страниц
echo "<div class='foot'>n";
if($video['id_user']==$user['id'])echo "<img src='add.png' /> <a href='videoadd.php?id=$video[id]'>Добавить Видео</a><br />n";
if($video['id_user']==$user['id'] || $user['level']>1){
echo "<img src='set.png' /> <a href='album.php?id=$video[id]&edit'>Редактировать</a><br />n";
echo "<img src='del.png' /> <a href='album.php?id=$video[id]&delv'>Удалить альбом</a><br />n";
}
echo "<img src='back.png' /> <a href='user.album.php?id=$ank2[id]'>Все альбомы автора</a><br />n";
echo "<img src='back.png' /> <a href='index.php'>Видеоальбомы</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
?>