Файл: user/wall/edit.php
Строк: 146
<?php
/* DCMS S (Special)
* Версия файла 0.0.1
* Дата последнего редактирования 25.11.2015
* Модифицировал densnet
*/
require_once '../../sys/inc/start.php';
require_once H . 'sys/inc/compress.php';
require_once H . 'sys/inc/sess.php';
require_once H . 'sys/inc/settings.php';
require_once H . 'sys/inc/db_connect.php';
require_once H . 'sys/inc/ipua.php';
require_once H . 'sys/inc/fnc.php';
require_once H . 'sys/inc/user.php';
user::only_reg();
$set['title'] = 'Редактирование записи';
require_once H . 'sys/inc/thead.php';
aut();
if (!isset($_GET['id']) && !is_numeric($_GET['id'])) {
header("Location: index.php?" . SID);
exit;
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `wall` WHERE `id` = '" . intval($_GET['id']) . "' LIMIT 1", $db), 0) == 0) {
header("Location: index.php?" . SID);
exit;
}
$wall = mysql_fetch_array(mysql_query("select * from `wall` where `id`='" . intval($_GET['id']) . "';"));
if (($user['level'] < 4) && ($user['id'] != $wall['id_user'])) {
$set['title'] = 'Ошибка';
require_once H . 'sys/inc/thead.php';
aut();
echo "<div class = 'alert alert-danger'>У вас нет прав, для редактирования данной записи</div>";
echo "<div class = 'comm'><a href = 'index.php'><span class='glyphicon glyphicon-arrow-left'></span> Стена</a></div>";
require_once H . 'sys/inc/tfoot.php';
exit();
}
if (isset($user) && isset($_GET['f_del']) && is_numeric($_GET['f_del']) && isset($_SESSION['file'][$_GET['f_del']])) {
@unlink($_SESSION['file'][$_GET['f_del']]['tmp_name']);
}
if (isset($user) && isset($_GET['edit']) && isset($_FILES['file_f']) && preg_match('#.#', $_FILES['file_f']['name']) && isset($_POST['file_s'])) {
copy($_FILES['file_f']['tmp_name'], H . 'sys/tmp/' . $user['id'] . '_' . md5_file($_FILES['file_f']['tmp_name']) . '.wall.tmp');
chmod(H . 'sys/tmp/' . $user['id'] . '_' . md5_file($_FILES['file_f']['tmp_name']) . '.wall.tmp', 0777);
if (isset($_SESSION['file'])) {
$next_f = count($_SESSION['file']);
} else {
$next_f = 0;
}
$file = text::esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name'])));
$_SESSION['file'][$next_f]['name'] = preg_replace('#.[^.]*$#i', NULL, $file); // имя файла без расширения
$_SESSION['file'][$next_f]['ras'] = strtolower(preg_replace('#^.*.#i', NULL, $file));
$_SESSION['file'][$next_f]['tmp_name'] = H . 'sys/tmp/' . $user['id'] . '_' . md5_file($_FILES['file_f']['tmp_name']) . '.wall.tmp';
$_SESSION['file'][$next_f]['size'] = filesize(H . 'sys/tmp/' . $user['id'] . '_' . md5_file($_FILES['file_f']['tmp_name']) . '.wall.tmp');
$_SESSION['file'][$next_f]['type'] = $_FILES['file_f']['type'];
}
if (isset($_GET['edit']) && isset($_POST['msg']) && !isset($_POST['file_s'])) {
$msg = mysql_real_escape_string($_POST['msg']);
if (text::utf8_strlen($msg) < 3) {
$err = 'Короткое сообщение';
}
if (text::utf8_strlen($msg) > 3000) {
$err = 'Длинное сообщение';
}
if (isset($_POST['privat_komm'])) {
if ($_POST['privat_komm'] == 1) {
$privat_komm = '1';
} else {
$privat_komm = '0';
}
} else {
$privat_komm = '0';
}
if (!isset($err)) {
mysql_query("UPDATE `wall` SET `msg` = '$msg', `time` = '$time', `privat_komm` = '$privat_komm' WHERE `id`='" . intval($_GET['id']) . "'");
echo "" . mysql_error() . "";
$post_id = mysql_insert_id();
if (isset($_SESSION['file']) && isset($user)) {
for ($i = 0; $i < count($_SESSION['file']); $i++) {
if (isset($_SESSION['file'][$i]) && is_file($_SESSION['file'][$i]['tmp_name'])) {
mysql_query("INSERT INTO `wall_files` (`id_wall`, `name`, `ras`, `size`, `type`) values('" . intval($_GET['id']) . "', '" . $_SESSION['file'][$i]['name'] . "', '" . $_SESSION['file'][$i]['ras'] . "', '" . $_SESSION['file'][$i]['size'] . "', '" . $_SESSION['file'][$i]['type'] . "')");
$file_id = mysql_insert_id();
copy($_SESSION['file'][$i]['tmp_name'], H . 'sys/wall/' . $file_id . '.frf');
unlink($_SESSION['file'][$i]['tmp_name']);
}
}
unset($_SESSION['file']);
}
msg('Успешно сохранено...');
}
}
if (isset($_GET['del'])) {
if (isset($_GET['ok'])) {
$q_f = mysql_query("SELECT * FROM `wall_files` WHERE `id_wall` = '" . intval($_GET['id']) . "'");
while ($file = mysql_fetch_assoc($q_f)) {
mysql_query("DELETE FROM `wall_files` WHERE `id` = '$file[id]' LIMIT 1");
unlink(H . 'sys/wall/' . $file['id'] . '.frf');
}
mysql_query("DELETE FROM `wall_comments` WHERE `id_wall` = '" . intval($_GET['id']) . "' LIMIT 1");
mysql_query("DELETE FROM `wall_like` WHERE `id_komm` = '" . intval($_GET['id']) . "' LIMIT 1");
mysql_query("DELETE FROM `wall` WHERE `id` = '" . intval($_GET['id']) . "' LIMIT 1");
msg('Запись успешно удалена');
require_once H . 'sys/inc/tfoot.php';
exit();
} else {
echo "<div class = 'alert alert-danger'>";
echo "Вы действительно хотите удалить запись?<br /><br />";
echo "<a href='?id=" . intval($_GET['id']) . "&del&ok' class='btn btn-success'>Да</a> <a href='comments.php?id=" . intval($_GET['id']) . "' class='btn btn-default'>Нет</a><br />";
echo "</div>";
}
}
err();
$wall = mysql_fetch_array(mysql_query("select * from `wall` where `id`='" . intval($_GET['id']) . "';"));
if ($user['set_files'] == 1) {
echo "<form class='list-group-item' name='message' method='POST' enctype='multipart/form-data' action='?id=" . intval($_GET['id']) . "&edit'>";
} else {
echo "<form class='list-group-item' name='message' method='POST' action='?id=" . intval($_GET['id']) . "&edit'>";
}
echo "Редактирование записи: <br />";
echo "<textarea name='msg' rows='3' class='form-control'>$wall[msg]</textarea><br />n";
if ($user['set_files'] == 1) {
if (isset($_SESSION['file'])) {
echo "Прикрепленные файлы:<br />";
for ($i = 0; $i < count($_SESSION['file']); $i++) {
if (isset($_SESSION['file'][$i]) && is_file($_SESSION['file'][$i]['tmp_name'])) {
echo "<span class='glyphicon glyphicon-pushpin'></span> ";
echo $_SESSION['file'][$i]['name'] . '.' . $_SESSION['file'][$i]['ras'] . ' (';
echo size_file($_SESSION['file'][$i]['size']);
echo ")<br />";
//echo "<a href = '?id=" . intval($_GET['id']) . "&edit&d_file$i' title = 'Удалить'><img src = '/style/icons/del.png' /></a><br />";
}
}
}
echo "<div class='col-xs-6'>";
echo "<input class='form-control' name = 'file_f' type = 'file' /> ";
echo "</div>";
echo "<button class='btn btn-success' name='file_s'>OK</button><br />";
}
echo "<br /><label class='c-input c-checkbox'><input type="checkbox" name="privat_komm" value="1" /><span class='c-indicator'></span> Запретить комментировать</label><br />n";
echo "<button class='btn btn-success'><span class='fa fa-save'></span> Сохранить</button>";
echo "</form>";
echo "<div class='list-group-item'><a href='comments.php?id=" . intval($_GET['id']) . "'><span class='fa fa-arrow-left'></span> Комментарии</a></div>";
require_once H . 'sys/inc/tfoot.php';