Файл: system/photos.php
Строк: 499
<?
include 'connect.php';
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
switch($_GET['act'])
{
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~Создание альбома ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'add_album':
if($u['id']){
if (isset($_POST['submit']) and isset($_POST['name'])) {
$flood = mysql_query("SELECT `time` FROM `photos_albums` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - 3) . "'");
if (mysql_num_rows($flood)) {
header ("Location: photos.php");
exit;
}
$priv = num($_POST['priv']);
$name = check(substr($_POST['name'], 0, 100));
$descr = check(substr($_POST['descr'], 0, 250));
if (empty($name)){
require('head.php');
echo '<div class="div"> Ошибка , так делать нельзя!<br/></div>'; $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
mysql_query("INSERT INTO `photos_albums` SET
`name` = '$name',
`descr` = '$descr',
`user` = '".$u['id']."',
`time` = '".time()."',
`priv` = '$priv'
");
$id = mysql_insert_id();
header ("Location: photos.php?act=album&id=$id");
}} else {
$title = $title.' | Фотографии';
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Создание Альбома</b></div>';
echo '<div class="div">';
echo '<form action=photos.php?act=add_album method=post>';
echo 'Название: <br/><input type=text name=name maxlength=25><br/>';
echo 'Описание: <br/><textarea cols="20" rows="2" name="descr"></textarea><br/>';
echo 'Доступен: <br/><select name="priv">
<option value="0">Всем</option>
<option value="1">Друзьям</option>
<option value="2">Только мне</option>
</select><br/>';
echo '<input type=submit name =submit value=Создать class=submit white/ ></form>';
echo '</form>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: index.php");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~Загрузка фотографий~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'add_photo':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' and `user` = '".$u['id']."' LIMIT 1");
if (mysql_num_rows($req)) {
$album = mysql_fetch_assoc($req);
}
}
$flood = mysql_query("SELECT `time` FROM `photos_photo` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - $system['photo_antiflud']) . "'");
if (mysql_num_rows($flood)) {
require('head.php');
header("Refresh: 3; URL=photos.php");
echo '<div class = "div">
<b>Ошибка</b>!</br> Можно добавлять фото только раз в '.$system['photo_antiflud'].' сек.
</div>';
require('foot.php');
exit;
}
if($album){
$_POST['name'] = check(substr($_POST['name'], 0, 100));
if (isset($_POST['submit']) && isset($_POST['name']) && isset($_FILES['photo']['tmp_name'])) {
$flood = mysql_query("SELECT `time` FROM `photos_photo` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - 3) . "'");
if (mysql_num_rows($flood)) {
header ("Location: photos.php");
exit;
}
$name = check(substr($_POST['name'], 0, 100));
$descr = check(substr($_POST['descr'], 0, 250));
if (empty($name)){
require('head.php');
echo '<div class="div"> Ошибка , так делать нельзя!<br/></div>'; $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
$info = getimagesize($_FILES['photo']['tmp_name']);
if ($info[0] >100 && $info[1] >100 || $info[0] <=1024 && $info[1] <=1280) {
if($info['mime']=='image/jpeg'){
$create=imagecreatefromjpeg($_FILES['photo']['tmp_name']);
} else {
if($info['mime']=='image/gif'){
$create=imagecreatefromgif($_FILES['photo']['tmp_name']);
} else {
if($info['mime']=='image/png'){
$create=imagecreatefrompng($_FILES['photo']['tmp_name']);
} else {
header ("Location: photos.php");
exit;
}
}
}
$arhiv = intval(($u['id']/1000)+1);
if(!is_dir('base/'.$arhiv.'/'.$u['id'].'/photos') || !is_dir('base/'.$arhiv.'/'.$u['id'].'/photos_small')){
if(!is_dir('base/'.$arhiv.'')){
@mkdir("base/".$arhiv."", 0777);
}
if(!is_dir('base/'.$arhiv.'/'.$u['id'].'')){
@mkdir("base/".$arhiv."/".$u['id']."", 0777);
}
if(!is_dir('base/'.$arhiv.'/'.$u['id'].'/photos')){
@mkdir("base/".$arhiv."/".$u['id']."/photos", 0777);
}
if(!is_dir('base/'.$arhiv.'/'.$u['id'].'/photos_small')){
@mkdir("base/".$arhiv."/".$u['id']."/photos_small", 0777);
}
}
$w=$info[0];
$h=$info[1];
if($w > 1280 || $h > 1024){
if($w>$h){
$o=$w/$h;
$ww=$w/1280;
$w=$w/$ww;
$hh=$h/(1024/$o);
$h=$h/$hh;
} else {
$o=$h/$w;
$hh=$h/1024;
$h=$h/$hh;
$ww=$w/(1280/$o);
$w=$w/$ww;
}
}
$img=imagecreatetruecolor($w,$h);
imagecopyresampled($img,$create,0,0,0,0,$w,$h,$info[0],$info[1]);
mysql_query("INSERT INTO `photos_photo` SET
`name` = '$name',
`descr` = '$descr',
`user` = '".$u['id']."',
`time` = '".time()."',
`album` = '$id'
");
$idp = mysql_insert_id();
$dir = 'base/'.$arhiv.'/'.$u['id'].'/photos/'.$idp.'.jpg';
imagejpeg($img,$dir,75);
$w=$info[0];
$h=$info[1];
if($w > 150 || $h > 150){
if($w>$h){
$o=$w/$h;
$ww=$w/150;
$w=$w/$ww;
$hh=$h/(150/$o);
$h=$h/$hh;
} else {
$o=$h/$w;
$hh=$h/150;
$h=$h/$hh;
$ww=$w/(150/$o);
$w=$w/$ww;
}
}
$img=imagecreatetruecolor($w,$h);
imagecopyresampled($img,$create,0,0,0,0,$w,$h,$info[0],$info[1]);
$name = $name;
$dir = 'base/'.$arhiv.'/'.$u['id'].'/photos_small/'.$idp.'.jpg';
imagejpeg($img,$dir,75);
imagedestroy($img);
$id = mysql_insert_id();
mysql_query("UPDATE `users` SET `rating` = `rating`+20 WHERE `id` = '".$u['id']."'");
if($u['sex'] == 'm'){
$action[0] = 'Загрузил';
} else {
$action[0] = 'Загрузила';
}
$text = $action[0].' <a href = "photos.php?act=photo&id='.$id.'&show=comm">фото</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Загрузил';
} else {
$action[0] = 'Загрузила';
}
$text = $action[0].' <a href = "photos.php?act=photo&id='.$id.'">фото</a>.';
mysql_query("INSERT INTO `lenta_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
} else {
require('head.php');
echo '<div class = "app"> Запрещенный размер фото!</div>';
require('foot.php');
exit;
}}
header ("Location: photos.php?act=photo&id=$idp");
} else {
$title = $title.' | Фотографии';
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <a href = "photos.php?act=album&id='.$album["id"].'">'.checkout($album["name"]).'</a> <b>Загрузка Фото</b></div>';
echo '<div class="div">';
echo '<form action=photos.php?act=add_photo&id='.$id.' method=post enctype=multipart/form-data>';
echo 'Фото: <br/><input type=file name=photo SIZE=15><br/>';
echo 'Название: <br/><input type=text name=name maxlength=25><br/>';
echo 'Описание: <br/><textarea cols="20" rows="2" name="descr" maxlength="250"></textarea><br/>';
echo '<input type=submit name =submit value=Загрузить class=submit white/></form>';
echo '</form>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: photos.php");
}
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Просмотр альбома~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'album':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$album = mysql_fetch_assoc($req);
}
}
if ($album){
$arhiv = intval(($album['user']/1000)+1);
$name_album = checkout($album['name']);
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$album['user']."' LIMIT 1"));
if($user['id'] != $u['id'] and $album['priv'] == 2) {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Просмотр Альбома</b></div>';
echo '<div class="div"> Ошибка, доступ к альбому закрыт.</div>';
require('foot.php');
exit;}
if($album['priv'] == 1){
$req = mysql_query("SELECT * FROM `friends` WHERE `user` = '".$u['id']."' and friend = '".$user['id']."' LIMIT 1");
if(mysql_num_rows($req)){
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Просмотр Альбома</b></div>';
echo '<div class="div"> Ошибка, доступ к альбому открыт только для друзей !</div>';
require('foot.php');
exit;}
}
$title = $title.' | Фотографии';
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Просмотр Альбома</b></div>';
if($album['user'] == $u['id']) {
echo '<div class="nav"><img src="ico/dirnew.png" alt="!"/> <a href = "photos.php?act=add_photo&id='.$album['id'].'">Загрузить фото</a></div>';
} else {
echo '<div class="nav"><img src="ico/Back.gif" alt="!"/> <a href = "photos.php?id='.$user['id'].'">Фотоальбомы</a> '.$user['login'].' </div>';
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `photos_photo` WHERE `album` = '".$album['id']."'"), 0);
if($all > 0){
$total = intval(($all - 1) / 25) + 1;
$page = num($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 25 - 25;
$result = mysql_query("SELECT * FROM `photos_photo` WHERE `album` = '".$album['id']."' ORDER BY `id` DESC LIMIT $start, 15");
while($photo = mysql_fetch_assoc($result)){
echo $i % 2 ? '<div class="div">' : '<div class="div">';
$descr = checkout($photo['descr']);
$name = checkout($photo['name']);
echo '<a href = "photos.php?act=photo&id='.$photo['id'].'"><img src = "base/'.$arhiv.'/'.$album['user'].'/photos_small/'.$photo['id'].'.jpg"></a>';
echo '</div>';
$i++;
}
echo '</div>';
navigation($page, $total,'photos.php?act=album&id='.$album['id'].'&');
}else{
echo '<div class="div"> Фотографий пока нет !</div>';
}
echo '</div>';
require('foot.php');
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~Редактирование альбома~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'edit_album':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
if($u['admin'] == 1) $req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' LIMIT 1");
else $req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' AND `user` = '".$u['id']."' LIMIT 1");
if (mysql_num_rows($req)) {
$album = mysql_fetch_assoc($req);
}
}
if($album){
$title = $title.' | Фотографии';
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Редактирование альбома</b></div>';
if (isset($_POST['submit']) and isset($_POST['name'])) {
$name = check(substr($_POST['name'], 0, 100));
$descr = check(substr($_POST['descr'], 0, 250));
$priv = num($_POST['priv']);
if (empty($name)){
require('head.php');
echo '<div class="div"> Ошибка , так делать нельзя!<br/></div>'; $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
mysql_query("UPDATE `photos_albums` SET
`name` = '$name',
`descr` = '$descr',
`priv` = '$priv'
WHERE `id` = '$id'
");
if($u['admin'] == 1 || $u['admin'] == 2) {
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' фотоальбом<a href = "photos.php?act=album&id='.$album['id'].'"> пользователю</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' фотоальбом<a href = "photos.php?act=album&id='.$album['id'].'"> пользователю</a>.';
mysql_query("INSERT INTO `admin_jurnal_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}}
echo '<div class = "app">Изменения сохранены!</div>';
$album = mysql_fetch_assoc(mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' LIMIT 1"));
}
$name = checkout($album['name']);
$descr = checkout($album['descr']);
echo '<form action=photos.php?act=edit_album&id='.$id.' method=post>';
echo '<div class="div">';
echo 'Название: <br/><textarea cols="20" rows="1" name="name"style="width: 30%;height: 20px;">'.$name.'</textarea><br/>';
echo 'Описание: <br/><textarea cols="20" rows="2" name="descr">'.$descr.'</textarea><br/>';
echo 'Доступен: <br/><select name="priv">
<option value="0" ' . ($album["priv"] == 0 ? ' selected="selected"' : '') . '>Всем</option>
<option value="1" ' . ($album["priv"] == 1 ? ' selected="selected"' : '') . '>Друзьям</option>
<option value="2" ' . ($album["priv"] == 2 ? ' selected="selected"' : '') . '>Только мне</option>
</select><br/>';
echo '<input type=submit name =submit value=Сохранить class=submit white/ ></form>';
echo '</form>';
echo '</div>';
require('foot.php');
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Вам сюда нельзя ! </div>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~Удаление альбома ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'delete_album':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
if($u['admin'] == 1) $req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' LIMIT 1");
else $req = mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '$id' AND `user` = '".$u['id']."' LIMIT 1");
if (mysql_num_rows($req)) {
$album = mysql_fetch_assoc($req);
}
}
if($album){
$title = $title.' | Фотографии';
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Удаление альбома</b></div>';
if (isset($_POST['submit'])) {
$result =mysql_query("SELECT `id` FROM `photos_photo` WHERE `album` = '".$album['id']."'");
$arhiv = intval(($album['user']/1000)+1);
while ($row = mysql_fetch_assoc($result)) {
unlink('base/'.$arhiv.'/'.$album['user'].'/photos_small/'.$row['id'].'.jpg');
unlink('base/'.$arhiv.'/'.$album['user'].'/photos/'.$row['id'].'.jpg');
mysql_query("DELETE FROM `photos_comm` WHERE `photo` = '".$row['id']."'");
mysql_query("DELETE FROM `photos_ocenka` WHERE `photo` = '".$row['id']."'");
}
mysql_query("DELETE FROM `photos_photo` WHERE `album` = '".$album['id']."'");
mysql_query("DELETE FROM `photos_albums` WHERE `id` = '".$album['id']."'");
if($u['admin'] == 1 || $u['admin'] == 2) {
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' фотоальбом<a href = "photos.php?id='.$u['id'].'"> пользователю</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' фотоальбом<a href = "photos.php?id='.$u['id'].'"> пользователю</a>.';
mysql_query("INSERT INTO `admin_jurnal_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
echo '<div class = "app">Альбом успешно удален!</div>';
} else {
$name = checkout($album['name']);
echo '<div class="div">';
echo 'Вы уверены, что хотите удалить альбом <a href = "photos.php?act=album&id='.$id.'">'.$name.'</a> и все находящиеся в ней фотографии?<br/>';
echo '<form action="photos.php?act=delete_album&id='.$id.'" method="post">';
echo '<input type="submit" name="submit" value="Да, удалить" class="submit white"/>';
echo '</form></div>';
}
echo '</div>';
require('foot.php');
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"><a href = "photos.php"> Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Вам сюда нельзя !</div>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Просмотр фото~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'photo':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$photo = mysql_fetch_assoc($req);
}
}
if ($photo){
$arhiv = intval(($photo['user']/1000)+1);
if($u['id'] and $_POST['message']){
$message = check(substr($_POST['message'], 0, 500));
$flood = mysql_query("SELECT `time` FROM `photos_comm` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - 3) . "'");
if (mysql_num_rows($flood) > 0) {
header ("Location: photos.php?act=photo&id=".$photo['id']."");
exit;
}
$req = mysql_query("SELECT * FROM `photos_comm` WHERE `user` = '".$u['id']."' AND `photo` = '".$photo['id']."' ORDER BY `time` DESC");
$res = mysql_fetch_array($req);
if ($res['message'] == $message) {
header ("Location: photos.php?act=photo&id=".$photo['id']."");
exit;
}
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
mysql_query("INSERT INTO `photos_comm` SET
`user` = '".$u['id']."',
`message` = '$message',
`time` = '".time()."',
`photo` = '".$photo['id']."'
");
if($u['sex'] == 'm'){
$action[0] = 'Прокомментировал';
} else {
$action[0] = 'Прокомментировала';
}
$text = $action[0].'<a href = "photos.php?act=photo&id='.$id.'"> фото</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Прокомментировал';
} else {
$action[0] = 'Прокомментировала';
}
$text = $action[0].'<a href = "photos.php?act=photo&id='.$id.'"> фото</a>.';
mysql_query("INSERT INTO `lenta_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($photo['user'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
$action[1] = '';
} else {
$action[0] = 'Оставила';
$action[1] = 'ей';
}
$text = $action[0].' комментарий к вашей <a href = "photos.php?act=photo&id='.$photo['id'].'">фотографии</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$photo['user']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
$name = checkout($photo['name']);
$descr = checkout($photo['descr']);
$album = mysql_fetch_assoc(mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '".$photo['album']."' LIMIT 1"));
$name_album = checkout($album['name']);
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$photo["user"]."'"));
if($user['id'] != $u['id']) {
if($album['priv'] == 2) {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Просмотр Альбома</b></div>';
echo '<div class="div"> Ошибка, доступ к фото закрыт.</div>';
require('foot.php');
exit;}
if($album['priv'] == 1){
$req = mysql_query("SELECT * FROM `friends` WHERE `user` = '".$u['id']."' and friend = '".$user['id']."' LIMIT 1");
if(mysql_num_rows($req)){
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Просмотр Альбома</b></div>';
echo '<div class="div"> Ошибка, доступ к фото открыт только для друзей.</div>';
require('foot.php');
exit;}
}
}
$title = $title.' | Фотографии';
require('head.php');
require('core/bb_code.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php"> Фотоальбомы</a>
<a href = "photos.php?act=album&id='.$album['id'].'">'.$name_album.'</a> <b>Просмотр</b></div>';
if ($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
echo '<div class="nav">';
echo '<a href = "photos.php?act=edit_photo&id='.$photo['id'].'">Редактировать</a></a> | ';
echo '<a href = "photos.php?act=delete_photo&id='.$photo['id'].'"> Удалить</a></br>';
echo '</div>';
}
if($_GET['like'] && isset($u['id'])){
$req = mysql_query("SELECT * FROM `photos_like` WHERE `user` = '".$u['id']."' AND `photo` = '".$photo['id']."' LIMIT 1");
if (!mysql_num_rows($req)) {
$photo['rating']++;
mysql_query("INSERT INTO `photos_like` SET
`user` = '".$u['id']."',
`time` = '".time()."',
`photo` = '".$photo['id']."'
");
mysql_query("UPDATE `photos_photo` SET
`rating` = '".$photo['rating']."'
WHERE `id` = '".$photo['id']."'
");
if($photo['user'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Отметил';
$action[1] = 'ему';
} else {
$action[0] = 'Отметила';
$action[1] = 'ей';
}
$text = $action[0].' что '.$action[1].' понравилась ваша <a href = "photos.php?act=photo&id='.$photo['id'].'">фотография</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$photo['user']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
}
}
$count = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `photos_comm` WHERE `photo` = '".$photo['id']."'"), 0);
echo '<div class="div">';
if (strlen($name) < 1){
echo '<center><b>Нет имени</b></center>';
} else {
echo '<center><b>'.$name.'</b></center>';
}
echo '</div>';
echo '<div class="div">';
$info = getimagesize('base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg');
if ($info[0] <=320) {
echo '<center><a href = "base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg"><img src = "base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg"></a></center>';
} else {
echo '<center><a href = "base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg"><img src = "base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg"width = "60%"></a></center>';
}
echo '</div><div class="div"> ';
if (strlen($descr) < 1){
echo 'Нет описания';
} else {
echo ''.$descr.'';
}
echo '</div><div class="nav">';
echo 'Файл добавлен: <a href = "/'.$photo['user'].'">'.login($photo['user']).'</a> ( '.vremya($photo['time']).' )</br>';
echo 'В альбом: <a href = "photos.php?act=album&id='.$album['id'].'">'.$name_album.'</a></br>';
if($photo['cedit'] == 0) {echo ' Нет данных';
} else { echo 'Редактировалось: <a href = "/'.$photo['who'].'">'.$photo['edit'].'</a> ( '.vremya($photo['etime']).' ) ['.$photo['cedit'].' раз]'; }
echo '</br>';
if($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
if($album['priv'] == 0) {
if($photo['top'] == 0) {
echo ' <a href = "photos.php?act=top_add&id='.$photo['id'].'">Выгрузить фото в топ</a>';
} else {
echo ' <a href = "photos.php?act=top_del&id='.$photo['id'].'">Удалить фото из топа</a>';
}
}
}
echo '</div>';
echo '<div class="zona">';
echo '<img src = "ico/save.gif"> <a href = "base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg">Скачать</a></br>';
$req = mysql_query("SELECT * FROM `photos_like` WHERE `user` = '".$u['id']."' AND `photo` = '".$photo['id']."' LIMIT 1");
if (!mysql_num_rows($req)) { echo '<img src = "ico/like.png"> <a href = "photos.php?act=photo&id='.$photo['id'].'&like=1">Мне нравится</a> ('.$photo['rating'].')';
} else {
echo '<img src = "ico/like.png"> <a>Понравилось:</a> ('.$photo['rating'].')';
}
echo '</div>';
echo '<div class="nav">';
echo ' Комментарии: ('.$count.')';
echo '</div>';
echo '<div class="app">';
$o = abs(intval($_GET['o']));
$user = mysql_fetch_assoc(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$o."'"));
if($user['login']) $otv = $user['login'].', ';
echo '<form action="photos.php?act=photo&id='.$photo['id'].'" method="post">';
echo '<textarea cols="20" rows="2" name="message">';
echo $otv;
echo '</textarea><br/>';
echo "<input type='submit' title='Нажмите для отправки' name='submit' value='Написать' class='submit white'/> <small>500 <a href = 'smiles.php'>Смайлы</a>
| <a href = 'code.php'>BB-коды</a></small>
</form>";
echo '</div>';
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin'] == 3 || $u['id'] == $photo['user']){
if($_GET['del']){
$del = num($_GET['del']);
$commcheck = mysql_num_rows(mysql_query("SELECT * FROM `photos_comm` WHERE `id` = '$del' LIMIT 1"));
if ($commcheck) {
mysql_query("DELETE FROM `photos_comm` WHERE `id` = '$del'");
echo '<div class="div"><font color="green">Комментарий удален!</font></div>';
}
}
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `photos_comm` WHERE `photo` = '".$photo['id']."'"), 0);
if($all > 0){
$total = intval(($all - 1) / 10) + 1;
$page = num($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
if ($count >= 11)echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
$sort = check($_GET['sort']);
if($sort == 'message') {
$sortq = 'ASC';
if ($count >= 11)echo '<a href = "photos.php?act=photo&id='.$photo['id'].'&sort=time&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'time' || empty($sortq)) {
$sort = 'time';
$sortq = 'DESC';
if ($count >= 11)echo '<b>Новые</b> | <a href = "photos.php?act=photo&id='.$photo['id'].'&sort=message&page='.$page.'">Поcледние</a>';
}
if ($count >= 11)echo '</div>';
$result = mysql_query("SELECT * FROM `photos_comm` WHERE `photo` = '".$photo['id']."' ORDER BY `time` $sortq LIMIT $start, 10");
while($comm = mysql_fetch_assoc($result)){
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$comm["user"]."'"));
$message = checkout($comm['message']);
echo $i % 2 ? '<div class="div">' : '<div class="div">';
if(ban($user['id'])){
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'"><del>'.$user['login'].'</del></a> '.online($user['online']).' ';
} else {
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'">'.$user['login'].'</a> '.online($user['online']).' ';
}
if($user['rating']>=1000 && $user['rating']<=1999)echo "<img src='ico/b.png' alt='' class='icon'</a>n";
if($user['rating']>=2000 && $user['rating']<=2999)echo "<img src='ico/s.png' alt='' class='icon'</a>n";
if($user['rating']>=3000)echo "<img src='ico/z.png' alt='' class='icon'</a>n";
echo '<small> '.vremya($comm['time']).'</small>';
echo '<br/>';
echo ''.smile(censored($message)).'';
echo '</br>';
echo '<small>';
if($user['id'] != $u['id']) echo '[<a href = "photos.php?act=photo&id='.$photo['id'].'&o='.$user['id'].'">Отв</a>] ';
if($u['admin'] == 1 || $u['admin'] == 2 || $u['id'] == $photo['user']){
echo '[<a href = "photos.php?act=photo&id='.$photo['id'].'&del='.$comm['id'].'"><font color="red"><b>x</b></font> Удал</a>]'; }
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin'] == 3){
if(ban($user['id'])){
if($comm['user'] != $u['id'])echo ' [<a href = "adminka.php?act=delban_users&id='.$user['id'].'"><font color="red">Разбанить</font></a>]';
} else {
if($comm['user'] != $u['id'])echo ' [<a href = "adminka.php?act=ban_users&id='.$user['id'].'"><font color="red">Бан</font></a>]';
}
}
echo '</small>';
echo '</div>';
$i++;
}
if ($count >= 11)echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
if($sort == 'message') {
$sortq = 'ASC';
if ($count >= 11)echo '<a href = "photos.php?act=photo&id='.$photo['id'].'&sort=time&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'time' || empty($sortq)) {
$sort = 'time';
$sortq = 'DESC';
if ($count >= 11)echo '<b>Новые</b> | <a href = "photos.php?act=photo&id='.$photo['id'].'&sort=message&page='.$page.'">Поcледние</a>';
}
if ($count >= 11)echo '</div>';
echo '</div>';
navigation($page, $total,'photos.php?act=photo&id='.$photo['id'].'&sort='.$sort.'&');
}else{
echo '<div class="div"> Комментариев еще нет !</div>';
}
echo '</div>';
require('foot.php');
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"><a href = "photos.php"> Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Такого фото нет !</div>';
echo '</div>';
require('foot.php');
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~Добавить в топ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'top_add':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$photo = mysql_fetch_assoc($req);
}
}
if($photo){
$album = mysql_fetch_assoc(mysql_query("SELECT * FROM `photos_albums` WHERE `id` = '".$photo['album']."' LIMIT 1"));
if($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
if($album['priv'] == 0) {
if($photo['top'] == 0) {
mysql_query("UPDATE `photos_photo` SET
`top` = `top`+1
WHERE `id` = '$id'
");
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
} else {
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
} else {
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
} else {
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~Удалить из топа~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'top_del':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$photo = mysql_fetch_assoc($req);
}
}
if($photo){
if($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
if($photo['top'] == 1) {
mysql_query("UPDATE `photos_photo` SET
`top` = '".($photo['top']-1)."'
WHERE `id` = '$id'
");
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
} else {
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
}
} else {
header ("Location: photos.php?act=photo&id=".$photo['id']."&");
}
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~Редактирование фото~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'edit_photo':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$photo = mysql_fetch_assoc($req);
}
}
if($photo){
if($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
$title = $title.' | Фотографии';
require('head.php');
$name = checkout($photo['name']);
echo '<div class="title"><img src="ico/foto.png"><a href = "photos.php"> Фотоальбомы</a>
<a href = "photos.php?act=photo&id='.$photo['id'].'">'.$name.'</a> <b>Редактирование фото</b></div>';
if (isset($_POST['submit']) and isset($_POST['name'])) {
$name = check(substr($_POST['name'], 0, 100));
$descr = check(substr($_POST['descr'], 0, 500));
$top = num($_POST['top']);
if (empty($name)){
require('head.php');
echo '<div class="div"> Ошибка , так делать нельзя!<br/></div>'; $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
mysql_query("UPDATE `photos_photo` SET
`name` = '$name',
`descr` = '$descr',
`edit` = '".$u['login']."',
`who` = '".$u['id']."',
`cedit` = `cedit`+1,
`etime` = '".time()."'
WHERE `id` = '$id'
");
if($u['admin'] == 1 || $u['admin'] == 2) {
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' фото с <a href = "photos.php?act=photo&id='.$photo['id'].'"> фотоальбома</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' фото с <a href = "photos.php?act=photo&id='.$photo['id'].'"> фотоальбома</a>.';
mysql_query("INSERT INTO `admin_jurnal_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}}
echo '<div class = "app">Изменения сохранены!</div>';
$photo = mysql_fetch_assoc(mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1"));
}
$name = $photo['name'];
$descr = $photo['descr'];
$top = num($photo['top']);
echo '<form action=photos.php?act=edit_photo&id='.$id.' method=post>';
echo '<div class="div">';
echo 'Название: 100 символов<br/><textarea cols="20" rows="1" name="name"style="width: 30%;height: 20px;">'.$name.'</textarea><br/>';
echo 'Описание: 500 символов<br/><textarea cols="20" rows="2" name="descr">'.$descr.'</textarea><br/>';
echo '<input type=submit name =submit value=Сохранить class=submit white/ ></form>';
echo '</form>';
echo '</div>';
require('foot.php');
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Вам сюда нельзя !</div>';
echo '</div>';
require('foot.php');
}
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Такого фото нет !</div>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~~~~Удаление фото~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'delete_photo':
if($u['id']){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `photos_photo` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$photo = mysql_fetch_assoc($req);
}
}
if($photo){
if($photo['user'] == $u['id'] || $u['admin'] == 1 || $u['admin'] == 2) {
$title = $title.' | Фотографии';
require('head.php');
$name = checkout($photo['name']);
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <a href = "photos.php?act=photo&id='.$photo['id'].'">'.$name.'</a> <b>Удаление фото</b></div>';
if (isset($_POST['submit'])) {
$arhiv = intval(($photo['user']/1000)+1);
unlink('base/'.$arhiv.'/'.$photo['user'].'/photos_small/'.$photo['id'].'.jpg');
unlink('base/'.$arhiv.'/'.$photo['user'].'/photos/'.$photo['id'].'.jpg');
mysql_query("DELETE FROM `photos_photo` WHERE `id` = '".$photo['id']."'");
mysql_query("DELETE FROM `photos_comm` WHERE `photo` = '".$photo['id']."'");
mysql_query("DELETE FROM `photos_ocenka` WHERE `photo` = '".$photo['id']."'");
if($u['admin'] == 1 || $u['admin'] == 2) {
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' фото с <a href = "photos.php?act=photo&id='.$photo['id'].'"> фотоальбома</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' фото с <a href = "photos.php?act=photo&id='.$photo['id'].'"> фотоальбома</a>.';
mysql_query("INSERT INTO `admin_jurnal_foto` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
echo '<div class = "app">Фото успешно удалено!</div>';
} else {
echo '<div class="div">';
echo 'Вы уверены, что хотите удалить фото <a href = "photos.php?act=photo&id='.$id.'">'.$name.'</a>?<br/>';
echo '<form action="photos.php?act=delete_photo&id='.$id.'" method="post">';
echo '<input type="submit" name="submit" value="Да, удалить" class="submit white"/>';
echo '</form></div>';
}
echo '</div>';
require('foot.php');
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Вам сюда нельзя !</div>';
echo '</div>';
require('foot.php');
}
} else {
require('head.php');
echo '<div class="title"><img src="ico/foto.png"> <a href = "photos.php">Фотоальбомы</a> <b>Ошибка</b></div>';
echo '<div class="div">';
echo ' Такого фото нет !</div>';
echo '</div>';
require('foot.php');
}
} else {
header ("Location: photos.php");
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Список альбомов~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
default:
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
} else {
$id = $u['id'];
}
} else {
$id = $u['id'];
}
if($id == 0){
header ("Location: photos.php");
exit;
}
if(ban($user['id'])){
require('head.php');
echo '<div class = "div">
Пользователь заблокирован!
</div>';
require('foot.php');
exit;
}
if($id == $u['id']) $zag = 'Мои фотографии';
else $zag = 'Фотографии <a href = "/'.$user['id'].'">'.$user['login'].'</a>';
$title = $title.' | Фотографии';
require('head.php');
if($u['id'])
echo '<div class="title"><img src="ico/foto.png"> '.$zag.' <b>Просмотр</b></div>';
else
echo '<div class="title"><img src="ico/foto.png"> '.$zag.' <b>Просмотр</b></div>';
if($id == $u['id']) echo '<div class="nav"><img src="ico/dirnew.png" alt="!"/> <a href = "photos.php?act=add_album">Создать альбом</a></div>';
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `photos_albums` WHERE `user` = '$id'"), 0);
if($all > 0){
$total = intval(($all - 1) / 10) + 1;
$page = intval($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
$result = mysql_query("SELECT * FROM `photos_albums` WHERE `user` = '$id' ORDER BY `time` DESC LIMIT $start, 10");
while($album = mysql_fetch_assoc($result)){
echo $i % 2 ? '<div class="div">' : '<div class="div">';
$name = checkout($album['name']);
$descr = checkout($album['descr']);
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `photos_photo` WHERE `album` = '".$album['id']."'"), 0);
if($album['priv'] == 2 || $album['priv'] == 1) {
echo '<img src="ico/lock.gif" alt="image" /> <a href = "photos.php?act=album&id='.$album['id'].'">'.$name.'</a> ('.$count.')';
} else {
echo '<img src="ico/download.png" alt="!"/> <a href = "photos.php?act=album&id='.$album['id'].'">'.$name.'</a> ('.$count.')';
}
if (strlen($descr) > 1){
echo '</br><small>'.$descr.'</small>';
}
if ($u['admin'] == 1 || $u['admin'] == 2 || $album['user'] == $u['id'])
{ echo '</br><small><a href = "photos.php?act=edit_album&id='.$album['id'].'">Изменить</a>
- <a href = "photos.php?act=delete_album&id='.$album['id'].'">Удалить</a></small>'; }
echo '</div>';
$i++;
}
echo '</div>';
navigation($page, $total,'photos.php?id='.$id.'&');
}else{
echo '<div class="div"> Альбомов еще нет !</div>';
}
echo '</div>';
require('foot.php');
break;
}
?>