Файл: spuff.ru/loads/index.php
Строк: 304
<?php
$title = 'ЗЦ';
require_once '../includes/sys.php';
require_once '../includes/header.php';
$type = 'loads';
switch ($act) {
default:
echo '<div class="title">Загруз-центр';
if ($u['id']) {
echo ' (<a href="index.php?act=file_add">Загрузить файл</a>';
if (access(2)) {
echo ', <a href="index.php?act=mod">мод</a>';
}
echo ')';
}
echo '</div>';
$cats_r = mysql_query("SELECT `id`, `name` FROM `loads_cats` ORDER BY `name`");
if (mysql_num_rows($cats_r)) {
while ($cat = mysql_fetch_assoc($cats_r)) {
$loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_cat` = '$cat[id]' and `ok` = 1"), 0);
$loads_new = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_cat` = '$cat[id]' and `time` > '".(TIME-86400)."' and `ok` = 1"), 0);
if ($loads_new > 0) $new = '<span style="color:green">+'.$loads_new.'</span>';
echo '<div class="row"><img src="'.FLEVEL.'images/loads_folder.png"> <a href="?act=cat&id='.$cat['id'].'"> '.$cat['name'].'</a> ('.$loads.')';
$loads_new = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_cat` = '$cat[id]' and `time` > '".(TIME-86400)."' and `ok` = 1"), 0);
if ($loads_new > 0) echo ' <span style="color:green">+'.$loads_new.'</span>';
echo '</div>';
}
} else {
echo '<div class="error">Разделы не созданы</div>';
}
break;
case 'cat':
$cat = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `loads_cats` WHERE `id` = '$id'"));
if ($cat['name']) {
tp('<a href="?">ЗЦ</a>» '.$cat['name']);
$subcats_r = mysql_query("SELECT `id`, `name` FROM `loads_subcats` WHERE `id_cat` = '$id' ORDER BY `name`");
if (mysql_num_rows($subcats_r)) {
while ($subcat = mysql_fetch_assoc($subcats_r)) {
$loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$subcat[id]' and `ok` = 1"), 0);
echo '<div class="raz"><img src="/images/unknown.png"> <a href="?act=subcat&id='.$subcat['id'].'">'.$subcat['name'].'</a> ('.$loads.')';
$loads_new = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$subcat[id]' and`time` > '".(TIME-86400)."' and `ok` = 1"), 0);
if ($loads_new > 0) echo ' <span style="color:green">+'.$loads_new.'</span>';
echo '</div>';
}
} else {
echo '<div class="error">Подразделы не созданы.</div>';
}
} else {
error('Выбранный раздел не существует.');
}
break;
case 'subcat':
$subcat = mysql_fetch_assoc(mysql_query("SELECT `id_cat`, `name` FROM `loads_subcats` WHERE `id` = '$id'"));
if ($subcat['name']) {
$cat = mysql_fetch_assoc(mysql_query("SELECT `id`, `name` FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
echo '<div class="title"><a href="?">ЗЦ</a>» <a href="?act=cat&id='.$cat['id'].'">'.$cat['name'].'</a>» '.$subcat['name'].'</div>';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$id' and `ok` = 1"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$loads_r = mysql_query("SELECT * FROM `loads` WHERE `id_subcat` = '$id' and `ok` = 1 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($load = mysql_fetch_assoc($loads_r)) {
$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if ($load['time'] > (TIME - 86400)) {
}
echo '<div class="raz"><img src="/images/load_file.png"> <a href="?act=view&id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('files/'.$subcat['path'].'/'.$load['file'])).')</div>';
if ($load['time'] > (TIME - 86400)) {
}
}
} else {
echo '<div class="error">Нет файлов.</div>';
}
navig($page, '?act=subcat&id='.$id.'&', $pages);
} else {
error('Выбранный подраздел не существует.');
nav_main();
}
break;
case 'subcat_update':
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$id'");
$subcat = mysql_fetch_assoc($subcat_r);
tp('Обновление подраздела "'.$subcat['name'].'"');
$ftpfiles = glob('inc/loads/'.$subcat['path'].'/*', GLOB_NOSORT);
foreach ($ftpfiles as $ftpfile) {
$file = basename($ftpfile);
if (!mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `id_subcat` = '$id' and `file` = '$file'"))) {
mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$id', `id_user` = '$u[id]', `name` = '$file', `file` = '$file', `time` = '".TIME."', `ok` = 1");
echo 'Файл <u>'.$file.'</u> добавлен.<br />';
}
}
break;
case 'view':
$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id' and `ok` = 1"));
if ($load['id']) {
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
tp('<a href="?act=subcat&id='.$load['id_subcat'].'">'.$subcat['name'].'</a>» '.$load['name']);
if ($load['desc']) echo '<div class="lst"><b>Описание:</b> ';
if ($load['desc']) echo bb($load['desc']).'';
echo'</div>';
if ($load['author']) echo '<div class="raz"><b>Автор файла:</b> '.$load['author'].'</div>';
if ($load['site'] and $load['author'])
{
echo '<div class="raz"><b>Сайт автора:</b> <a href="http://'.$load['site'].'" target="_blank">http://'.$load['site'].'</a></div>';
} elseif ($load['site']) {
echo '<div class="raz"><b>Сайт автора:</b> <a href="http://'.$load['site'].'" target="_blank">http://'.$load['site'].'</a></div>';
}
echo '<div class="raz"><b>Добавил(а):</b> <a href="../other/profile.php?id='.$load['id_user'].'"> '.username($load['id_user'], 2).'</a> ('.ccdate($load['time'], 0).')</div>';
echo '<div class="raz"><b>Рейтинг:</b> <b>'.$load['rating'].'</b>'; if ($u['id']) {echo ' (<a href="?act=rate&id='.$load['id'].'" style="color:red">-1</a>/<a href="?act=rate&id='.$load['id'].'&ok=1"" style="color:green">+1</a>)';} echo '</div>';
$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
if ($load['screen']) {
echo '<div class="raz"><b>Скриншот:</b><br /><a href="screens/'.$load['screen'].'"><img src="../photos/resize.php?dir=/loads/screens&name='.$load['screen'].'"/></a></div>';
}
echo '<div class="raz"><a href="?act=load&id='.$load['id'].'"><b>Скачать</b></a> ('.size(filesize('files/'.$subcat['path'].'/'.$load['file'])).')</div>';
echo '<div class="raz"><b>Импорт:</b><br /><input name="file" type="text" value="'.HTTPHOME.'/loads/files/'.$subcat['path'].'/'.$load['file'].'" /></div>';
echo '<div class="raz"><b>BB-код для форума:</b><br /><input name="bb_code" type="text" value="[url='.HTTPHOME.'/loads/?act=view&id='.$load['id'].']'.$load['name'].'[/url]" /></div>';
echo'<div class="rega"><a href="?act=comm&id='.$load['id'].'"><b>Комментарии</b></a> ('.$comm.')</div>';
if (access(2)) echo '<div class="raz"><a href="?act=file_edit&id='.$load['id'].'">Редактировать</a></div>';
if (access(3)) echo '<div class="raz"><a href="?act=file_del&id='.$load['id'].'">Удалить</a></div>';
} else {
redirect('?');
}
break;
case 'load':
$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id'"));
if ($load['id']) {
$subcat = mysql_fetch_assoc(mysql_query("SELECT `path` FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if (file_exists('files/'.$subcat['path'].'/'.$load['file'])) {
if ($u['id']) {
$seen_r = mysql_query("SELECT `id` FROM `seen` WHERE `type` = 'loads' and `id_data` = '$load[id]' and `id_user` = '$u[id]'");
if (!mysql_num_rows($seen_r)) {
mysql_query("INSERT INTO `seen` SET `type` = 'loads', `id_data` = '$load[id]', `id_user` = '$u[id]'");
mysql_query("UPDATE `loads` SET `seen` = (`seen`+1) WHERE `id` = '$load[id]'");
}
}
redirect('files/'.$subcat['path'].'/'.$load['file']);
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
case 'file_add':
if ($ok) {
function getext($filename) {
return end(explode(".", $filename));
}
$current_ext = getext(basename($_FILES['file']['name']));
$allowed_ext = explode(' ', $config['allowed_ext']);
if (!in_array($current_ext, $allowed_ext)) {
error('Файлы формата '.$current_ext.' запрещены');
break;
}
$subcat_id = abs(intval($_POST['subcat']));
$name = check($_POST['name']);
$desc = check($_POST['desc']);
$author = check($_POST['author']);
$site = check($_POST['site']);
if (empty($subcat_id)) {
error('Не выбран подраздел.');
break;
}
if (empty($name)) {
error('Не указано название.');
break;
}
if (empty($_FILES['file']['name'])) {
error('Не выбран файл.');
break;
}
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$subcat_id'"));
if (!isset($subcat['id'])) {
error('Выбранный подраздел не существует.');
break;
}
$file = $_SERVER['HTTP_HOST'].'_'.$u['id'].'_'.check(basename($_FILES['file']['name']));
if (mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `file` = '$file'"))) {
error('Такой файл уже есть в ЗЦ.');
break;
}
copy($_FILES['file']['tmp_name'], 'files/'.$subcat['path'].'/'.$file);
mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$subcat[id]', `id_user` = '$u[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `file` = '$file', `time` = '".time()."'");
$adm_r = mysql_query("SELECT `id` FROM `users` WHERE `access` > 1");
while ($adm = mysql_fetch_assoc($adm_r)) {
sendpm($adm['id'], 'Появился новый файл в ЗЦ. <a href="../loads/?act=mod">Проверьте</a>.');
}
info('Файл загружен. После модерации он появится в ЗЦ. Вы будете уведомлены.');
} else {
tp('<a href="?">ЗЦ</a>» Добавить файл');
echo '<div class="body"><form name="form" action="?act=file_add&ok=1" method="post" enctype="multipart/form-data" name="form">
<b>Выберите подраздел</b>: <br/><select name="subcat">';
$cat_r = mysql_query("SELECT * FROM `loads_cats` ORDER BY `name`");
while ($cat = mysql_fetch_assoc($cat_r)) {
echo '<option value="0">'.$cat['name'].'</option>';
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id_cat` = '$cat[id]' ORDER BY `name`");
while ($subcat = mysql_fetch_assoc($subcat_r)) {
echo '<option value="'.$subcat['id'].'">-- '.$subcat['name'].'</option>';
}
}
echo '</select><br />
<b>Название файла(max50):</b><br /><input name="name" type="text" maxlength="50" /><br />
<b>Описание:</b><br /><textarea name="desc" cols="" rows="4"></textarea><br />
<b>Автор файла(max20):</b><br /><input name="author" type="text" maxlength="20" /><br />
<b>Сайт автора(без http://, max20):</b><br /><input name="site" type="text" maxlength="20" /><br />
<b>Выбрать файл:</b><br /><input name="file" type="file" size="file" style="width: 99%"><br />';
echo '<input name="submit" type="submit" value="Загрузить" >
</form></div>';
}
break;
case 'file_edit':
if (access(2)) {
$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id'"));
if ($load['id']) {
if ($ok) {
if ($_POST['name']) {
$scat_current = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if (empty($_POST['action'])){
unlink('files/'.$scat_current['path'].'/'.$load['file']);
mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
redirect('?act=subcat&id='.$load['id_subcat']);
} else {
$scat_new_id = abs(intval($_POST['subcat']));
$scat_new = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$scat_new_id'"));
if (!empty($_FILES['file']['name'])) {
$file_to_cp = $_FILES['file']['tmp_name'];
$file = rand(111, 999).check(basename($_FILES['file']['name']));
$copy = copy($file_to_cp, 'files/'.$scat_new['path'].'/'.$file);
if ($copy == TRUE) {
unlink('files/'.$scat_current['path'].'/'.$load['file']);
mysql_query("UPDATE `loads` SET `file` = '$file' WHERE `id` = '$load[id]'");
} else {
error('Не получилось обновить файл, возможно нет прав на запись на папку в ЗЦ');
}
} else {
if ($scat_new_id != $scat_current['id']) {
$rename = rename('files/'.$scat_current['path'].'/'.$load['file'], 'files/'.$scat_new['path'].'/'.$load['file']);
if ($rename == FALSE) {
error('Не получилось переместить файл. Возможно папка, в которую хотите переместить файл, не существует или права доступа не позволяют делать запись.');
break;
}
}
}
$name = check($_POST['name']);
$desc = check($_POST['desc']);
$author = check($_POST['author']);
$site = check($_POST['site']);
if (!empty($_FILES['screen']['name'])) {
$screen_to_cp = $_FILES['screen']['tmp_name'];
$screen = $load['id'].'_'.rand(11, 99).check(basename($_FILES['screen']['name']));
$copy_sc = copy($screen_to_cp, 'screens/'.$screen);
if ($copy_sc == TRUE) {
if (file_exists('screens/'.$load['screen'])) {
unlink('screens/'.$load['screen']);
}
mysql_query("UPDATE `loads` SET `screen` = '$screen' WHERE `id` = '$load[id]'");
} else {
$_SESSION['note'] = 'Скрин не загружен';
}
}
mysql_query("UPDATE `loads` SET `id_cat` = '$scat_new[id_cat]', `id_subcat` = '$scat_new[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `ok` = 1 WHERE `id` = '$id'");
if (empty($load['ok'])) {
sendpm($load['id_user'], 'Ваш файл <b><a href="../loads/?act=view&id='.$load['id'].'">'.$load['name'].'</a></b> был успешно промодерирован.');
}
redirect('?act=view&id='.$id);
}
} else {
redirect('?act=file_edit&id='.$id);
}
} else {
tp('<a href="?act=view&id='.$id.'">Файл</a>» Ред-е инфо о файле');
echo '<div class="body"><b>Находится в:</b><br />
<form name="form" action="?act=file_edit&id='.$id.'&ok=1" method="post" enctype="multipart/form-data">
<select name="subcat">';
$subcat_r1 = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'");
$subcat1 = mysql_fetch_assoc($subcat_r1);
$cat1 = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat1[id_cat]'"));
echo '<option value="'.$subcat1['id'].'">'.$cat1['name'].'» '.$subcat1['name'].'</option>';
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` != '$load[id_subcat]' ORDER BY `id_cat`, `name`");
while ($subcat = mysql_fetch_assoc($subcat_r)) {
$cat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
echo '<option value="'.$subcat['id'].'">'.$cat['name'].'» '.$subcat['name'].'</option>';
}
echo '</select><br />
<b>Обновить(заменить) файл:</b><br /><input name="file" type="file" size="file" style="width: 99%"><br />';
if ($load['screen']) {
echo '<a href="screens/'.$load['screen'].'"><img src="../photos/resize.php?dir=loads/screens&name='.$load['screen'].'"></a><br />';
}
echo '<b>Обновить(или добавить) скрин:</b><br /><input name="screen" type="file" size="file" style="width:99%"><br />
<b>Название(max50):</b><br /><input name="name" type="text" maxlength="50" value="'.$load['name'].'" /><br />
<b>Описание:</b><br /><textarea name="desc" cols="" rows="3">'.$load['desc'].'</textarea><br />
<b>Автор(max20):</b><br /><input name="author" type="text" maxlength="20" value="'.$load['author'].'" /><br />
<b>Сайт(max20):</b><br /><input name="site" type="text" maxlength="20" value="'.$load['site'].'" /><br />
<b>Действие:</b><br />
<select name="action">';
if (empty($load['ok'])) {
echo '<option value="1">Ред-ть и добавить в ЗЦ</option>';
} else {
echo '<option value="1">Ред-ть</option>';
}
echo '<option value="0">Удалить</option>
</select><br />
<input name="submit" type="submit" value="Далее" />
</form>
</div>
';
}
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
case 'file_del':
if (access(3)) {
$load = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_subcat`, `name`, `file` FROM `loads` WHERE `id` = '$id'"));
if ($load['id']) {
$subcat = mysql_fetch_assoc(mysql_query("SELECT `path` FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if ($ok) {
unlink('files/'.$subcat['path'].'/'.$load['file']);
mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
redirect('?act=subcat&id='.$load['id_subcat']);
} else {
tp('Подтвердите, пожалуйста');
echo '<div class="body">';
echo 'Вы действительно хотите удалить файл "<b>'.$load['name'].'</b>"?<br />
<form name="form" action="?act=file_del&id='.$id.'&ok=1" method="post">
<input name="submit" type="submit" value="Да" />
</form>
</div>';
}
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
case 'mod':
if (!access(1)) {
redirect(HTTPHOME);
}
tp('<a href="?">ЗЦ</a>» Модерировать');
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `ok` = 0"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$loads_r = mysql_query("SELECT * FROM `loads` WHERE `ok` = 0 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($load = mysql_fetch_assoc($loads_r)) {
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
echo '<div class="raz"><img src="/images/load_file.png"> <a href="?act=file_edit&id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('files/'.$subcat['path'].'/'.$load['file'])).') <a href="files/'.$subcat['path'].'/'.$load['file'].'">скачать</a>';
if (access(3)) echo ' <a href="?act=file_del&id='.$load['id'].'" style="color:red">[del]</a>';
echo '</div>';
}
navig($page, '?act=subcat&id='.$id.'&', $pages);
} else {
echo '<div class="error">Файлов на модерации нет.</div>';
}
break;
case 'rate':
require_once '../includes/rate.php';
break;
case 'comm':
require_once '../includes/comm.php';
break;
case 'comm_add':
require_once '../includes/comm_add.php';
break;
case 'comm_reply':
require_once '../includes/comm_reply.php';
break;
case 'comm_edit':
require_once '../includes/comm_edit.php';
break;
case 'comm_del':
require_once '../includes/comm_del.php';
break;
case 'comm_by':
require_once '../includes/comm_by.php';
break;
case 'comm_new':
require_once '../includes/comm_new.php';
break;
case 'top':
require_once '../includes/top.php';
break;
case 'my':
require_once '../includes/my.php';
break;
}
require_once '../includes/tail.php';
?>