Файл: modules/public/edit.php
Строк: 504
<?php
/* DCMS Special
* Дата последнего редактирования 23.01.2016
* Модифицировал densnet
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user') as $inc) {
require_once "../../sys/inc/$inc.php";
}
if (isset($_GET['edit']) && $_GET['edit'] == 'edit' && intval($_GET['id'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$set['title'] = lang('Редактирование') . ' - ' . $public['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_POST['edit'])) {
if (isset($_POST['name']) && preg_match('#^([A-zА-я -]*)$#ui', $_POST['name'])) {
$public['name'] = $_POST['name'];
mysql_query("UPDATE `public` SET `name` = '" . mysql_real_escape_string($public['name']) . "' WHERE `id` = '$public[id]' LIMIT 1");
} else {
$err[] = lang('Ошибка в поле название');
}
if (isset($_POST['post']) && utf8_strlen($_POST['post']) <= 10000) {
$public['post'] = $_POST['post'];
mysql_query("UPDATE `public` SET `post` = '" . mysql_real_escape_string($public['post']) . "' WHERE `id` = '$user[id]' LIMIT 1");
} else {
$err[] = lang('Ошибка в поле описание');
}
if (isset($_POST['p']) && ($_POST['p'] == 1 || $_POST['p'] == 0)) {
$public['p'] = intval($_POST['p']);
mysql_query("UPDATE `public` SET `p` = '" . $public['p'] . "' WHERE `id` = '" . $public['id'] . "' LIMIT 1");
}
if (isset($_POST['a']) && ($_POST['a'] == 1 || $_POST['a'] == 0)) {
$public['a'] = intval($_POST['a']);
mysql_query("UPDATE `public` SET `a` = '" . $public['a'] . "' WHERE `id` = '" . $public['id'] . "' LIMIT 1");
}
if (isset($_POST['v']) && ($_POST['v'] == 1 || $_POST['v'] == 0)) {
$public['v'] = intval($_POST['v']);
mysql_query("UPDATE `public` SET `v` = '" . $public['v'] . "' WHERE `id` = '" . $public['id'] . "' LIMIT 1");
}
if (isset($_POST['f']) && ($_POST['f'] == 1 || $_POST['f'] == 0)) {
$public['f'] = intval($_POST['f']);
mysql_query("UPDATE `public` SET `f` = '" . $public['f'] . "' WHERE `id` = '" . $public['id'] . "' LIMIT 1");
}
if (!isset($err)) {
msg('Изменения успешно приняты');
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
if ($public['id_user'] == $user['id']) {
echo "<form method='post' action='edit.php?id=" . $public['id'] . "&edit=edit' class='list-group-item'>";
echo lang('Название') . " <small style='color: grey'>(" . lang('можно сменить за 100 монет') . ")</small>:<br />";
echo "<input class='form-control' type='text' name='name' value='" . toOutput($public['name'], false) . "' maxlength='128' />";
$doc->Textarea('post', 'Описание', 10000, "" . toOutput($public['post'], false) . "");
echo "<br />n";
echo "<b>" . lang('Настройка привилегий') . "</b><br />";
echo lang('Выгрузка фото') . ":<br />";
echo "<select class='form-control' name='p'>n";
echo "<option value='1'" . ($public['p'] == 1 ? " selected='selected'" : null) . ">" . lang('Только я') . "</option>n";
echo "<option value='0'" . ($public['p'] == 0 ? " selected='selected'" : null) . ">" . lang('Я и все подписчики') . "</option>n";
echo "</select>n";
echo lang('Выгрузка музыки') . ":<br />";
echo "<select class='form-control' name='a'>n";
echo "<option value='1'" . ($public['a'] == 1 ? " selected='selected'" : null) . ">" . lang('Только я') . "</option>n";
echo "<option value='0'" . ($public['a'] == 0 ? " selected='selected'" : null) . ">" . lang('Я и все подписчики') . "</option>n";
echo "</select>n";
echo lang('Выгрузка видео') . ":<br />";
echo "<select class='form-control' name='v'>n";
echo "<option value='1'" . ($public['v'] == 1 ? " selected='selected'" : null) . ">" . lang('Только я') . "</option>n";
echo "<option value='0'" . ($public['v'] == 0 ? " selected='selected'" : null) . ">" . lang('Я и все подписчики') . "</option>n";
echo "</select>n";
echo lang('Создавать темы в обсуждениях') . ":<br />";
echo "<select class='form-control' name='f'>n";
echo "<option value='1'" . ($public['f'] == 1 ? " selected='selected'" : null) . ">" . lang('Только я') . "</option>n";
echo "<option value='0'" . ($public['f'] == 0 ? " selected='selected'" : null) . ">" . lang('Я и все подписчики') . "</option>n";
echo "</select><br />n";
$doc->Button('btn btn-success btn-sm', 'edit', 'save', 'Сохранить');
echo "</form>";
} else {
echo "<div class='err'>" . lang('Это не Ваше сообщество') . "</div>";
}
}
if (isset($_GET['foto']) && $_GET['foto'] == 'edit' && intval($_GET['id'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$set['title'] = lang('Изменить фото') . ' - ' . $public['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_FILES['file'])) {
if (eregi('.jpe?g$', $_FILES['file']['name']) && $imgc = @imagecreatefromjpeg($_FILES['file']['tmp_name'])) {
if (imagesx($imgc) > 300 || imagesy($imgc) > 300) {
$img_x = imagesx($imgc);
$img_y = imagesy($imgc);
if ($img_x == $img_y) {
$dstW = 300; // ширина
$dstH = 300; // высота
} elseif ($img_x > $img_y) {
$prop = $img_x / $img_y;
$dstW = 300;
$dstH = ceil($dstW / $prop);
} else {
$prop = $img_y / $img_x;
$dstH = 300;
$dstW = ceil($dstH / $prop);
}
$screen = imagecreatetruecolor($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
imagedestroy($imgc);
@chmod(H . "sys/public/ava/" . $public['id'] . ".jpg", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".gif", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".png", 0777);
@unlink(H . "sys/public/ava/" . $public['id'] . ".jpg");
@unlink(H . "sys/public/ava/" . $public['id'] . ".gif");
@unlink(H . "sys/public/ava/" . $public['id'] . ".png");
imagejpeg($screen, H . "sys/public/ava/" . $public['id'] . ".jpg", 100);
@chmod(H . "sys/public/ava/" . $public['id'] . ".jpg", 0777);
imagedestroy($screen);
} else {
copy($_FILES['file']['tmp_name'], H . "sys/public/ava/" . $public['id'] . ".jpg");
}
if (is_file(H . "sys/public/ava/" . $public['id'] . ".jpg")) {
mysql_query("INSERT INTO `public_foto` (`id_public`, `ras`, `foto`) values ('" . $public['id'] . "', 'jpg', '1')");
} else {
mysql_query("UPDATE `public_foto` SET `foto` = '1' WHERE `id_public` = '" . $public['id'] . "'");
}
msg("фото успешно установлено");
header('Location: index.php?id=' . $public['id']);
} elseif (eregi('.gif$', $_FILES['file']['name']) && $imgc = @imagecreatefromgif($_FILES['file']['tmp_name'])) {
include_once 'sys/inc/gif_resize.php';
$screen = gif_resize(fread(fopen($_FILES['file']['tmp_name'], "rb"), filesize($_FILES['file']['tmp_name'])), 110, 110);
@chmod(H . "sys/public/ava/" . $public['id'] . ".jpg", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".gif", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".png", 0777);
@unlink(H . "sys/public/ava/" . $public['id'] . ".jpg");
@unlink(H . "sys/public/ava/" . $public['id'] . ".gif");
@unlink(H . "sys/public/ava/" . $public['id'] . ".png");
file_put_contents(H . "sys/public/ava/" . $public['id'] . ".gif", $screen);
@chmod(H . "sys/public/ava/" . $public['id'] . ".gif", 0777);
if (is_file(H . "sys/public/ava/" . $public['id'] . ".gif")) {
mysql_query("INSERT INTO `public_foto` (`id_public`, `ras`, `foto`) values ('" . $public['id'] . "', 'gif', '1')");
} else {
mysql_query("UPDATE `public_foto` SET `foto` = '1' WHERE `id_public` = '" . $public['id'] . "'");
}
msg("фото успешно установлено");
header('Location: index.php?id=' . $public['id']);
} elseif (eregi('.png$', $_FILES['file']['name']) && $imgc = @imagecreatefrompng($_FILES['file']['tmp_name'])) {
if (imagesx($imgc) > 300 || imagesy($imgc) > 300) {
$img_x = imagesx($imgc);
$img_y = imagesy($imgc);
if ($img_x == $img_y) {
$dstW = 300; // ширина
$dstH = 300; // высота
} elseif ($img_x > $img_y) {
$prop = $img_x / $img_y;
$dstW = 300;
$dstH = ceil($dstW / $prop);
} else {
$prop = $img_y / $img_x;
$dstH = 300;
$dstW = ceil($dstH / $prop);
}
$screen = ImageCreate($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
imagedestroy($imgc);
@chmod(H . "sys/public/ava/" . $public['id'] . ".jpg", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".gif", 0777);
@chmod(H . "sys/public/ava/" . $public['id'] . ".png", 0777);
@unlink(H . "sys/public/ava/" . $public['id'] . ".jpg");
@unlink(H . "sys/public/ava/" . $public['id'] . ".gif");
@unlink(H . "sys/public/ava/" . $public['id'] . ".png");
imagepng($screen, H . "sys/public/ava/" . $public['id'] . ".png");
@chmod(H . "sys/public/ava/" . $public['id'] . ".png", 0777);
imagedestroy($screen);
} else {
copy($_FILES['file']['tmp_name'], H . "sys/public/ava/" . $public['id'] . ".png");
}
if (is_file(H . "sys/public/ava/" . $public['id'] . ".png")) {
mysql_query("INSERT INTO `public_foto` (`id_public`, `ras`, `foto`) values ('" . $public['id'] . "', 'png', '1')");
} else {
mysql_query("UPDATE `public_foto` SET `foto` = '1' WHERE `id_public` = '" . $public['id'] . "'");
}
msg("фото успешно установлено");
header('Location: index.php?id=' . $public['id']);
} else {
$err = 'Неверный формат файла';
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
$foto = mysql_fetch_array(mysql_query("SELECT id,ras FROM `public_foto` WHERE `id_public` = '" . $public['id'] . "' AND `foto` = '1' LIMIT 1"));
if (is_file(H . "sys/public/ava/" . $public['id'] . "." . $foto['ras'] . "")) {
echo "<img src='/sys/public/ava/" . $public['id'] . "." . $foto['ras'] . "' width='223'>";
} else {
echo "<img src='images/no_foto.jpg' width='223'>";
}
echo "<form method='post' enctype='multipart/form-data' action=''>n";
echo "<input type='file' name='file' accept='image/*,image/gif,image/png,image/jpeg' />n";
echo "<input value='Загрузить фото' type='submit' />n";
echo '</form>';
}
if (isset($_GET['foto']) && $_GET['foto'] == 'add' && intval($_GET['id'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$set['title'] = lang('Добавить фото') . ' - ' . $public['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($user) && $user['id'] == $public['id_user'] && isset($_FILES['file'])) {
if ($imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']))) {
$name = esc(stripcslashes(htmlspecialchars($_POST['name'])), 1);
if ($name == null) {
$name = esc(stripcslashes(htmlspecialchars(preg_replace('#.[^.]*$#i', NULL, $_FILES['file']['name']))));
}
$opis = esc(stripcslashes(htmlspecialchars($_POST['opis'])), 1);
if (!preg_match("#^([A-zА-я0-9-_(),. ])+$#ui", $name)) {
$err = lang('В названии фото присутствуют запрещенные символы');
}
if (utf8_strlen($name) > 128) {
$err = lang('Название слишком длинное');
}
$name = mysql_real_escape_string($name);
if (utf8_strlen($opis) > 1024) {
$err = lang('Описание слишком длинное');
}
$opis = mysql_real_escape_string($opis);
$img_x = imagesx($imgc);
$img_y = imagesy($imgc);
if ($img_x > $set['max_upload_foto_x'] || $img_y > $set['max_upload_foto_y']) {
$err = lang('Размер изображения превышает ограничения в') . ' ' . $set['max_upload_foto_x'] . '*' . $set['max_upload_foto_y'];
}
if (!isset($err)) {
mysql_query("INSERT INTO `public_foto` (`id_public`, `name`, `ras`, `foto`) values ('" . $public['id'] . "', '$name', 'jpg', '2')");
$id_foto = mysql_insert_id();
mysql_query("INSERT INTO `public_wall` (`id_public`, `link`, `ras`, `name`, `opis`, `id_pub`, `type`, `id_file`, `id_ank`) values('" . $public['id'] . "', '/sys/public/foto/600/$id_foto.jpg', 'jpg', '" . $name . "', '$opis', '" . $public['id'] . "', 'public_foto', '$id_foto', '" . $user['id'] . "')");
$sss = mysql_query("SELECT * FROM `public_coint` WHERE `id_public` = '" . $public['id'] . "' AND `i` = '1'");
while ($podpiska = mysql_fetch_array($sss)) {
$us_pub = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . $podpiska['id_user'] . "' LIMIT 1"));
if ($us_pub['id'] != $public['id_user']) {
mysql_query("INSERT INTO `public_wall` (`id_wall`, `link`, `ras`, `name`, `id_pub`, `type`, `id_file`) values('" . $us_pub['id'] . "', '/sys/public/foto/600/$id_foto.jpg', 'jpg', '[url=/modules/public/index.php?id=" . $public['id'] . "]" . $public['name'] . "[/url]', '" . $public['id'] . "', 'public_foto', '$id_foto')");
}
}
if ($img_x > 600 || $img_y > 600) {
if ($img_x == $img_y) {
$dstW = 600; // ширина
$dstH = 600; // высота
} elseif ($img_x > $img_y) {
$prop = $img_x / $img_y;
$dstW = 600;
$dstH = ceil($dstW / $prop);
} else {
$prop = $img_y / $img_x;
$dstH = 600;
$dstW = ceil($dstH / $prop);
}
$screen = imagecreatetruecolor($dstW, $dstH);
imagecopyresampled($screen, $imgc, 0, 0, 0, 0, $dstW, $dstH, $img_x, $img_y);
#imagedestroy($imgc);
$screen = img_copyright($screen); // наложение копирайта
imagejpeg($screen, H . "sys/public/foto/600/$id_foto.jpg", 90);
imagedestroy($screen);
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, H . "sys/public/foto/600/$id_foto.jpg", 90);
@chmod(H . "sys/public/foto/foto/$id_foto.jpg", 0777);
} else {
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, H . "sys/public/foto/600/$id_foto.jpg", 90);
imagejpeg($imgc, H . "sys/public/foto/foto/$id_foto.jpg", 90);
@chmod(H . "sys/public/foto/foto/$id_foto.jpg", 0777);
}
@chmod(H . "sys/public/foto/600/$id_foto.jpg", 0777);
imagedestroy($imgc);
msg("Фотография успешно добавлена");
}
} else {
$err = 'Выбранный Вами формат изображения не поддерживается';
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
echo "<form enctype='multipart/form-data'' action='' method='post' class='list-group-item'>";
$doc->Input('name', 'Название');
$doc->Textarea('opis', 'Описание');
$doc->File('file', 'Изображение');
$doc->Button('btn btn-primary btn-sm', null, 'upload', 'Выгрузить');
echo "</form>";
$fotki = mysql_result(mysql_query("SELECT COUNT(*) FROM `public_foto` WHERE `id_public` = '" . $public['id'] . "' AND `foto` = '2'"), 0);
echo "<div class='list-group-item list-group-item-info'>";
echo "<a href='foto.php?id=" . $public['id'] . "'>Фотографии</a><span class='badge'>$fotki</span>";
echo "</div>";
$f = mysql_query("SELECT id,ras FROM `public_foto` WHERE `id_public` = '" . $public['id'] . "' AND `foto` = '2'ORDER BY id DESC LIMIT 10");
echo "<div class='list-group-item'>";
while ($foto = mysql_fetch_array($f)) {
echo "<img src='/sys/public/foto/600/" . $foto['id'] . ".jpg' width='50' height='50'>";
}
echo "</div>";
}
if (isset($_GET['wall']) && $_GET['wall'] == 'edit' && intval($_GET['id']) && intval($_GET['row'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$row = mysql_fetch_array(mysql_query("SELECT * FROM `public_wall` WHERE `id` = '" . intval($_GET['row']) . "'"));
$set['title'] = 'Редактирование - ' . $row['name'] . '';
include_once '../../sys/inc/thead.php';
title();
if (isset($_POST['edit'])) {
if (isset($_POST['name']) && preg_match('#^([A-zА-я -]*)$#ui', $_POST['name'])) {
$row['name'] = $_POST['name'];
mysql_query("UPDATE `public_wall` SET `name` = '" . mysql_real_escape_string($row['name']) . "' WHERE `id` = '" . $row['id'] . "' LIMIT 1");
}
if (isset($_POST['opis']) && preg_match('#^([A-zА-я -]*)$#ui', $_POST['opis'])) {
$row['opis'] = $_POST['opis'];
mysql_query("UPDATE `public_wall` SET `opis` = '" . mysql_real_escape_string($row['opis']) . "' WHERE `id` = '" . $row['id'] . "' LIMIT 1");
}
}
aut();
err();
echo "<div class='pub_add'><a href='index.php?id=" . $public['id'] . "'>Вернуться в сообщество</a></div>";
echo "<div class='pub_clear'></div>";
if (isset($user)) {
if ($set['web']) {
echo "<form method='post' action='edit.php?id=" . $public['id'] . "&wall=edit&row=" . $row['id'] . "'>";
echo "Заголовок:<br />";
echo "<input type='text' name='name' value='" . toOutput($row['name'], false) . "' maxlength='128' /><br />";
if ($row['ras'] == 'jpg') {
echo "<img src='" . $row['link'] . "' width='300' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'jpeg') {
echo "<img src='" . $row['link'] . "' width='300' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'gif') {
echo "<img src='" . $row['link'] . "' width='300' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'png') {
echo "<img src='" . $row['link'] . "' width='300' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'mp3') {
echo "<object type=application/x-shockwave-flash data=/sys/uppod.swf height=35 width=480>
<param name=wmode VALUE=transparent />
<param name=allowFullScreen value=true />
<param name=allowScriptAccess value=always />
<param name=movie value=/sys/uppod.swf />
<param name=FlashVars value=way=" . $row['link'] . "&swf=/sys/uppod.swf&w=480&h=35&autoplay=0&q=&st=/sys/audio13.txt&volume=40></object><br />";
}
if ($row['ras'] == 'mp4') {
echo "<object type=application/x-shockwave-flash data=/sys/uppod.swf width=300 height=210>
<param name=bgcolor value=#ffffff />
<param name=allowFullScreen value=true />
<param name=allowScriptAccess value=always />
<param name=wmode value=transparent />
<param name=movie value=/sys/uppod.swf/>
<param name=flashvars value=file=" . $row['link'] . " />
</object>";
}
if ($row['ras'] == 'flv') {
echo "<object type=application/x-shockwave-flash data=/sys/uppod.swf width=300 height=210>
<param name=bgcolor value=#ffffff />
<param name=allowFullScreen value=true />
<param name=allowScriptAccess value=always />
<param name=wmode value=transparent />
<param name=movie value=/sys/uppod.swf/>
<param name=flashvars value=file=" . $row['link'] . " />
</object>";
}
echo "Описание:<br />";
echo "<textarea name='opis' rows='2'>" . toOutput($row['opis'], false) . "</textarea><br />n";
echo "<input type='submit' name='edit' value='Сохранить' />";
echo "</form>";
} else {
echo "<form method='post' action='edit.php?id=" . $public['id'] . "&wall=edit&row=" . $row['id'] . "'>";
echo "Заголовок:<br />";
echo "<input type='text' name='name' value='" . toOutput($row['name'], false) . "' maxlength='128' /><br />";
if ($row['ras'] == 'jpg') {
echo "<img src='" . $row['link'] . "' width='120' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'jpeg') {
echo "<img src='" . $row['link'] . "' width='120' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'gif') {
echo "<img src='" . $row['link'] . "' width='120' alt='Скрин...' /><br />n";
}
if ($row['ras'] == 'png') {
echo "<img src='" . $row['link'] . "' width='120' alt='Скрин...' /><br />n";
}
echo "Описание:<br />";
echo "<textarea name='opis' rows='2'>" . toOutput($row['opis'], false) . "</textarea><br />n";
echo "<input type='submit' name='edit' value='Сохранить' />";
echo "</form>";
}
} else {
echo "<div class='err'>Этот пост вам не пренадлежит!</div>";
}
}
if (isset($_GET['audio']) && $_GET['audio'] == 'add' && intval($_GET['id'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$set['title'] = lang('Добавить музыку') . ' - ' . $public['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_POST['ok'])) {
if (!isset($_FILES['file'])) {
$err[] = lang('Ошибка при выгрузке файла');
} elseif (!isset($_FILES['file']['tmp_name']) || filesize($_FILES['file']['tmp_name']) > $upload_max_filesize) {
$err[] = lang('Размер файла превышает установленные ограничения');
} else {
$file = esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$file = preg_replace('(#|?)', NULL, $file);
$name = preg_replace('#.[^.]*$#', NULL, $file); // имя файла без расширения
$ras = strtolower(preg_replace('#^.*.#', NULL, $file));
$type = $_FILES['file']['type'];
$size = filesize($_FILES['file']['tmp_name']);
$ras1 = 'mp3';
$rasss = explode(';', $ras1);
$ras_ok = false;
for ($i = 0; $i < count($rasss); $i++) {
if ($rasss[$i] != NULL && $ras == $rasss[$i]) {
$ras_ok = true;
}
}
if (!$ras_ok) {
$err = lang('Неверное расширение файла');
}
}
if (!isset($err)) {
mysql_query("INSERT INTO `public_audio` (`id_public`, `name`, `ras`) VALUES ('" . $public['id'] . "', '$name', 'mp3' )");
$id_file = mysql_insert_id();
mysql_query("INSERT INTO `public_wall` (`id_public`, `link`, `ras`, `name`, `opis`, `id_ank`, `id_pub`, `type`, `id_file`) values('" . $public['id'] . "', '/sys/public/music/$id_file.mp3', 'mp3', '" . $name . "', 'Новая песня', '" . $user['id'] . "', '" . $public['id'] . "', 'public_audio', '$id_file')");
$sss = mysql_query("SELECT * FROM `public_coint` WHERE `id_public` = '" . $public['id'] . "' AND `i` = '1'");
while ($podpiska = mysql_fetch_array($sss)) {
$us_pub = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . $podpiska['id_user'] . "' LIMIT 1"));
if ($us_pub['id'] != $public['id']) {
mysql_query("INSERT INTO `public_wall` (`id_wall`, `link`, `ras`, `name`, `id_pub`, `type`, `id_file`) values('" . $us_pub['id'] . "', '/sys/public/music/$id_file.mp3', 'mp3', '[url=/modules/public/index.php?id=" . $public['id'] . "]" . $public['name'] . "[/url]', '" . $public['id'] . "', 'public_audio', '$id_file')");
}
}
if (!@copy($_FILES['file']['tmp_name'], H . "sys/public/music/$id_file.mp3")) {
mysql_query("DELETE FROM `public_audio` WHERE `id` = '$id_file' LIMIT 1");
$err[] = lang('Ошибка при выгрузке');
}
}
if (!isset($err)) {
$_SESSION['message'] = lang('Музыкальный файл успешно добавлен');
chmod(H . "sys/public/music/$id_file.mp3", 0666);
header("Location: edit.php?id=" . $public['id'] . "&audio=add");
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
echo "<form class="list-group-item" enctype="multipart/form-data" action="edit.php?id=" . $public['id'] . "&audio=add" method="post">";
$doc->File('file', 'Изображение');
$doc->Button('btn btn-primary btn-sm', 'ok', 'upload', 'Выгрузить');
echo "</form>";
$doc->Link('list-group-item', "audio.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в музыку');
$q = mysql_query("SELECT id,name FROM `public_audio` WHERE `id_public` = '" . $public['id'] . "' ORDER BY id DESC LIMIT 10");
while ($music = mysql_fetch_array($q)) {
echo "<div class='list-group-item list-group-item-warning'>";
echo $music['name'];
echo "</div>";
}
}
if (isset($_GET['audio']) && $_GET['audio'] == 'audio' && intval($_GET['id']) && intval($_GET['row'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$row = mysql_fetch_array(mysql_query("SELECT * FROM `public_audio` WHERE `id` = '" . intval($_GET['row']) . "'"));
$set['title'] = lang('Редактирование') . ' - ' . $row['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_POST['save'])) {
if (isset($_POST['name'])) {
$row['name'] = $_POST['name'];
mysql_query("UPDATE `public_audio` SET `name` = '" . mysql_real_escape_string($row['name']) . "' WHERE `id` = '" . $row['id'] . "' LIMIT 1");
$_SESSION['message'] = lang('Изменения сохранены');
header("Location: edit.php?id=$public[id]&audio=audio&row=$row[id]");
exit();
} else {
$_SESSION['err'] = lang('В названии присутствуют запрещенные символы');
header("Location: edit.php?id=$public[id]&audio=audio&row=$row[id]");
exit();
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
if (isset($user)) {
echo "<form method='post' class='list-group-item' action='edit.php?id=$public[id]&audio=audio&row=$row[id]'>";
$doc->Input('name', 'Название', 128, "" . toOutput($row['name'], false) . "");
echo "<object type=application/x-shockwave-flash data=/sys/uppod.swf height=35 width=480>
<param name=wmode VALUE=transparent />
<param name=allowFullScreen value=true />
<param name=allowScriptAccess value=always />
<param name=movie value=/sys/uppod.swf />
<param name=FlashVars value=way=/sys/public/music/" . $row['id'] . ".mp3&swf=/sys/uppod.swf&w=480&h=35&autoplay=0&q=&st=/sys/audio13.txt&volume=40></object><br />";
$doc->Button('btn btn-success btn-sm', 'save', 'save', 'Сохранить');
echo "</form>";
} else {
echo "<div class='err'>Этот пост Вам не пренадлежит!</div>";
}
}
if (isset($_GET['video']) && $_GET['video'] == 'video' && intval($_GET['id']) && intval($_GET['row'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$row = mysql_fetch_array(mysql_query("SELECT * FROM `public_video` WHERE `id` = '" . intval($_GET['row']) . "'"));
$set['title'] = lang('Редактирование') . ' - ' . $row['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_POST['edit'])) {
if (isset($_POST['name'])) {
$row['name'] = $_POST['name'];
mysql_query("UPDATE `public_video` SET `name` = '" . mysql_real_escape_string($row['name']) . "' WHERE `id` = '" . $row['id'] . "' LIMIT 1");
$_SESSION['message'] = lang('Изменения сохранены');
header("Location: video.php?id=" . $public['id']);
exit;
} else {
$_SESSION['err'] = lang('В названии присутствуют запрещенные символы');
header("Location: video.php?id=" . $public['id']);
exit();
}
}
aut();
err();
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в сообщество');
if (isset($user)) {
echo "<form method='post' class='list-group-item' action='edit.php?id=" . $public['id'] . "&video=video&row=" . $row['id'] . "'>";
$doc->Input('name', 'Название', 128, "" . toOutput($row['name'], false) . "");
echo "<br />";
$doc->Button('btn btn-success btn-sm', 'edit', 'save', 'Сохранить');
echo "</form>";
$doc->Link('list-group-item', "video.php?id=" . $public['id'] . "", 'arrow-left', 'Вернуться в видео');
} else {
echo "<div class='err'>Этот пост вам не пренадлежит!</div>";
}
}
if (isset($_GET['video']) && $_GET['video'] == 'add' && intval($_GET['id'])) {
$public = mysql_fetch_array(mysql_query("SELECT * FROM `public` WHERE `id` = '" . intval($_GET['id']) . "'"));
$set['title'] = lang('Добавить Видео') . ' - ' . $public['name'] . '';
require_once H . 'sys/inc/thead.php';
if (isset($_POST['save'])) {
if (!isset($_FILES['file'])) {
$err[] = lang('Ошибка при выгрузке файла');
} elseif (!isset($_FILES['file']['tmp_name']) || filesize($_FILES['file']['tmp_name']) > 50971520) {
$err[] = lang('Размер файла превышает установленные ограничения');
} else {
$file = esc(stripcslashes(htmlspecialchars($_FILES['file']['name'])));
$file = preg_replace('(#|?)', NULL, $file);
$name = preg_replace('#.[^.]*$#', NULL, $file); // имя файла без расширения
$ras = strtolower(preg_replace('#^.*.#', NULL, $file));
$type = $_FILES['file']['type'];
$size = filesize($_FILES['file']['tmp_name']);
$rasss = explode(';', 'avi;mp4;3gp;flv');
$ras_ok = false;
for ($i = 0; $i < count($rasss); $i++) {
if ($rasss[$i] != NULL && $ras == $rasss[$i]) {
$ras_ok = true;
}
}
if (!$ras_ok) {
$err = lang('Неверное расширение файла');
}
}
if (!isset($err)) {
mysql_query("INSERT INTO `public_video` (`id_public`, `name`, `ras`, `time`) VALUES ('" . $public['id'] . "', '$name', '$ras', '$time')");
$id_file = mysql_insert_id();
mysql_query("INSERT INTO `public_wall` (`id_public`, `link`, `ras`, `name`, `opis`, `id_pub`, `id_ank`, `type`, `id_file`, `screen`) values('" . $public['id'] . "', '/sys/public/video/$ras/$id_file.$ras', '$ras', '" . $name . "', 'Новое видео', '" . $public['id'] . "', '" . $user['id'] . "', 'public_video', '$id_file', 'sys/public/screen/" . $id_file . ".jpg')");
$sss = mysql_query("SELECT * FROM `public_coint` WHERE `id_public` = '" . $public['id'] . "' AND `i` = '1'");
while ($podpiska = mysql_fetch_array($sss)) {
$us_pub = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . $podpiska['id_user'] . "' LIMIT 1"));
if ($us_pub['id'] != $public['id']) {
$us_pub = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . $podpiska['id_user'] . "' LIMIT 1"));
mysql_query("INSERT INTO `public_wall` (`id_wall`, `link`, `ras`, `name`, `id_pub`, `type`, `id_file`) values('" . $us_pub['id'] . "', '/sys/public/video/$ras/$id_file.$ras', '$ras', '[url=/modules/public/index.php?id=" . $public['id'] . "]" . $public['name'] . "[/url]', '" . $public['id'] . "', 'public_video', '$id_file')");
}
}
if (!@copy($_FILES['file']['tmp_name'], H . "sys/public/video/$ras/$id_file.$ras")) {
mysql_query("DELETE FROM `public_video` WHERE `id` = '$id_file' LIMIT 1");
$err[] = lang('Ошибка при выгрузке');
}
}
$media = new ffmpeg_movie(H . "sys/public/video/$ras/$id_file.$ras");
$length = intval($media->getDuration());
$frame = intval($media->getFrameCount());
$w = $media->GetFrameWidth();
$h = $media->GetFrameHeight();
$ff_frame = $media->getFrame(intval($frame / 2));
if ($ff_frame) {
$gd_image = $ff_frame->toGDImage();
if ($gd_image) {
$des_img = imagecreatetruecolor(130, 98);
$s_img = $gd_image;
imagecopyresampled($des_img, $s_img, 0, 0, 0, 0, 130, 98, $w, $h);
imagejpeg($des_img, H . "sys/public/screen/$id_file.jpg");
chmod(H . "sys/public/screen/$id_file.jpg", 0777);
imagedestroy($des_img);
imagedestroy($s_img);
}
}
chmod(H . "sys/public/video/$ras/$id_file.$ras", 0777);
header("Location: /modules/public/video_file.php?id=" . $id_file . "");
}
aut();
err();
$doc->Link('list-group-item', "video.php?id=" . $public['id'] . "", 'arrow-left', 'Назад в видео');
echo "<form class="list-group-item" enctype="multipart/form-data" action='edit.php?id=" . $public['id'] . "&video=add' method="post">n";
$doc->File('file', 'Изображение', 'video/*');
$doc->Button('btn btn-primary btn-sm', 'save', 'upload', 'Загрузить');
echo "</form>";
$doc->Link('list-group-item', "index.php?id=" . $public['id'] . "", 'arrow-left', 'Назад в сообщество');
$v = mysql_query("SELECT * FROM `public_video` WHERE `id_public` = '" . $public['id'] . "' ORDER BY id DESC LIMIT 10");
while ($video = mysql_fetch_array($v)) {
echo "<div class='list-group-item list-group-item-info'>";
echo $video['name'];
echo "</div>";
}
}
require_once H . 'sys/inc/tfoot.php';