Файл: vtulun.ru/blog/file.php
Строк: 105
<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
only_reg();
$set['title']='Дневники-Файлы';
include_once '../sys/inc/thead.php';
title();
aut();
if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php?".SID);exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_list` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1",$db), 0)==0){header("Location: index.php?".SID);exit;}
$blog=mysql_fetch_array(mysql_query("select * from `blog_list` where `id`='".intval($_GET['id'])."';"));
if (($user['level'] < 4) && ($user['id'] !=$blog['id_user']))
{
$set['title']='Ошибка';
include_once '../sys/inc/thead.php';
title();
aut();
echo "У вас нету прав доступа к этой странице!";
echo"<div class='foot'>n";
echo"<a href='index.php'>Дневники</a><br />n";
echo"</div>n";
include_once '../sys/inc/tfoot.php';
exit();
}
if (isset($user) && isset($_GET['add']) && isset($_FILES['file_f']) && ereg('.', $_FILES['file_f']['name']) && isset($_POST['file_s']))
{
$file=esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name'])));
$name=eregi_replace('.[^.]*$', NULL, $file); // имя файла без расширения
$ras=strtolower(eregi_replace('^.*.', NULL, $file));
$tmp_name=$_FILES['file_f']['tmp_name'];
$size=filesize($_FILES['file_f']['tmp_name']);
$type=$_FILES['file_f']['type'];
mysql_query("INSERT INTO `blog_files` (`id_blog`, `name`, `ras`, `size`, `type`) values('".intval($_GET['id'])."', '".$name."', '".$ras."', '".$size."', '".$type."')");
$file_id=mysql_insert_id();
copy($_FILES['file_f']['tmp_name'], H.'blog/files/'.$file_id.'.frf');
msg('Файл добавлен');
}
elseif (isset($_GET['del']) && is_file(H.'blog/files/'.intval($_GET['del']).'.frf') && mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' && `id_blog` = '".intval($_GET['id'])."'"),0))
{
mysql_query("DELETE FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' LIMIT 1");
unlink(H.'blog/files/'.intval($_GET['del']).'.frf');
msg('Файл удалён');
}
err();
$q_f=mysql_query("SELECT * FROM `blog_files` WHERE `id_blog` = '".intval($_GET['id'])."'");
while ($file = mysql_fetch_assoc($q_f))
{
if (is_file(H.'style/themes/'.$set['set_them'].'/loads/14/'.$file['ras'].'.png'))
{
echo "<img src='/style/themes/$set[set_them]/loads/14/$file[ras].png' alt='$file[ras]' />n";
if ($set['echo_rassh_forum']==1)$ras=".$file[ras]";else $ras=NULL;
}
else
{
echo "<img src='/style/themes/$set[set_them]/forum/14/file.png' alt='' />n";
$ras=".$file[ras]";
}
echo "<a href='files.php?id=$file[id]'>$file[name]$ras</a> (".size_file($file['size']).") n";
echo "<a href='?id=".intval($_GET['id'])."&del=$file[id]' title='Удалить из списка'><img src='/style/themes/$set[set_them]/forum/14/del_file.png' alt='' /></a>n";
echo "<br />n";
echo " | ";
echo "Скачано: $file[count] раз(а) ";
echo "<br />n";
}
echo "<form method='post' name='message' enctype='multipart/form-data' action='file.php?id=".intval($_GET['id'])."&add'>n";
echo "<input name='file_f' type='file' /><br />n";
echo "<input name='file_s' value='Прикрепить файл' type='submit' /><br />n";
echo"</form>";
echo"<div class='foot'>n";
echo"<a href='list.php?id=".intval($_GET['id'])."'>Назад</a><br />n";
echo"<a href='index.php'>Дневники</a><br />n";
echo"</div>n";
include_once '../sys/inc/tfoot.php';
?>