Файл: 4mast/profmas.ru/downloads/file.php
Строк: 202
<?php
require_once('../includes/Headers.php');
require_once('../includes/PDO_func.php');
$query = DB :: $dbs -> query ("SELECT * FROM `down_files` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount ()==0) {
header ('location: /');
exit;
}
$f = $query -> fetch ();
$u = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $f['us'] . "')");
$query = DB::$dbs->query ("SELECT * FROM `down_kats` WHERE (`id`='" . $f['id_kats'] . "')");
if ($query -> rowCount ()==0) {
header ('location:/zz');
exit;
}
$kats = $query -> fetch ();
$query = DB :: $dbs -> query ("SELECT * FROM `down_pods` WHERE (`id`='" . $f['id_pods'] . "')");
if ($query -> rowCount ()==0) {
header ('location:/');
exit;
}
$pods = $query -> fetch ();
H ($f['name'],'<a href="/downloads" style="color:white;">Обменник</a> / <a href="/downloads/pods' . $pods['id'] . '" style="color:white;">' . $pods['name'] . '</a> / ' . $f['name']);
if ($f['us'] == $us['id'] || ($us['level'] != 0)) {
echo '<div class="block"><a href="/downloads/file.php?id=' . $f['id'] . '&redk">[Редактировать]</a> | <a href="/downloads/file.php?id=' . $f['id'] . '&add_scr">[Добавить скриншот]</a>';
if ($us['level']>2) {
echo ' | <a href="/downloads/file.php?id=' . $f['id'] . '&del">[Удалить]</a>';
}
echo '</div>';
}
if (isset ($_GET['del_scr'])) {
if ($f['us'] == $us['id'] && ($us['level'] != 0)) {
$query = DB :: $dbs -> query ("SELECT * FROM `down_scr` WHERE (`id_f`='" . $f['id'] . "') AND (`id`=?)", array (intval ($_GET['del_scr'])));
if ($query -> rowCount () == 0) {
header ('location: /downloads/file.php?id=' . $f['id']);
exit;
}
$scr = $query -> fetch ();
DB :: $dbs -> query ("DELETE FROM `down_scr` WHERE (`id`='" . $scr['id'] . "')");
if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/files/down_scr/' . $scr['filename'])) {
unlink ($_SERVER['DOCUMENT_ROOT'] . '/files/down_scr/' . $scr['filename']);
}
header ('location: /downloads/file.php?id=' . $f['id']);
exit;
}
}
// Удаление файла
if (isset ($_GET['del'])) {
if ($us['level']>2) {
DB :: $dbs -> query ("DELETE FROM `down_files` WHERE (`id`='" . $f['id'] . "')");
DB :: $dbs -> query ("DELETE FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "')");
DB :: $dbs -> query ("DELETE FROM `down_votes` WHERE (`id_file`='" . $f['id'] . "')");
DB :: $dbs -> query ("DELETE FROM `down_scr` WHERE (`id_f`='" . $f['id'] . "')");
if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/files/down/' . $f['filename'])) {
unlink ($_SERVER['DOCUMENT_ROOT'] . '/files/down/' . $f['filename']);
}
header ('location: /downloads/file.php?id=' . $f['id']);
exit;
}
}
// Редактирование
if (isset ($_GET['redk'])) {
if ($f['us'] == $us['id'] && ($us['level'] != 0)) {
header ('location: /downloads/file' . $f['id']);
exit;
}
echo '<div class="list1">';
echo '<form action="/downloads/file.php?id=' . $f['id'] . '&redk&save" method="post">';
echo 'Название:<br/><input name="name" value="' . $f['name'] . '"/><br/>';
echo 'Описание:<br/><textarea name="opis">' . $f['opis'] . '</textarea><br/>';
echo '<input type="submit" value="Сохранить"/>';
echo '</form>';
echo '</div>';
echo '<div class="list1"><a href="/downloads/file.php?id=' . $f['id'] . '">К файлу</a></div>';
if (isset ($_GET['save'])) {
$_POST['name'] = htmlspecialchars (addslashes (trim ($_POST['name'])));
$_POST['opis'] = htmlspecialchars (addslashes (trim ($_POST['opis'])));
if (empty ($_POST['name'])) {
echo '<div class="error"><b style="color:red;">Вы не ввели название..</b></div>';
}
elseif (empty ($_POST['opis'])) {
echo '<div class="error"><b style="color:red;">Вы не ввели описание..</b></div>';
}
else {
if (!isset ($_POST['reit'])) {
$_POST['reit']=0;
}
else {
if ($_POST['reit']<0) {
$_POST['reit']=0;
}
if ($_POST['reit']>$us['reit']) {
$_POST['reit']=$us['reit'];
}
}
DB :: $dbs -> query ("UPDATE `down_files` SET `name`=?,`opis`=?, `reit`=? WHERE (`id`='" . $f['id'] . "')", array ($_POST['name'], $_POST['opis'], $_POST['reit']));
header ('location: /downloads/file' . $f['id']);
}
}
}
// Загрузка скриншотов
if (isset ($_GET['add_scr'])) {
if ($f['us'] != $us['id'] && ($us['level'] != 0)) {
header ('location: /downloads/file' . $f['id']);
exit;
}
echo '<div class="list1">';
echo '<form action="/downloads/file.php?id=' . $f['id'] . '&add_scr&up" method="post" enctype="multipart/form-data">';
echo 'Файл:<br/><input type="file" name="filename"/><br/>';
echo '<input type="submit" value="Загрузить"/>';
echo '</form>';
echo '</div>';
echo '<div class="list1"><a href="/downloads/file.php?id=' . $f['id'] . '">К файлу</a></div>';
if (isset ($_GET['up'])) {
if (file_exists ($_FILES['filename']['tmp_name'])) {
$ext = substr ($_FILES['filename']['name'], strrpos ($_FILES['filename']['name'], '.') + 1);
if (!in_array ($ext, array ('jpg','gif','png','jpeg','bmp'))) {
echo '<div class="error"><b style="color:red;">Недопустимый формат файла!</b></div>';
}
else {
if ($_FILES['filename']['size'] > ((1024 * 1024 ) * 20)) {
echo '<div class="error"><b style="color:red;">Файл привышает допустимый размер в 20 Мб!</b></div>';
}
else {
$filename = $us['id'] . '_' . passgen () . '.' . $ext;
copy ($_FILES['filename']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/files/down_scr/' . $filename);
DB :: $dbs -> query ("INSERT INTO `down_scr` (`id_kats`,`id_pods`,`id_f`,`filename`) VALUES ('" . $kats['id'] . "','" . $pods['id'] . "', '" . $f['id'] . "', '$filename')");
header ('location: /downloads/file.php?id=' . $f['id']);
}
}
}
else {
echo '<div class="error"><b style="color:red;">Вы не выбрали файл..</b></div>';
}
}
}
else {
if (isset ($_GET['poslike'])) {
}
else {
echo '<div class="lst">';
echo '<b style="color:red;">' . $f['name'] . '</b><br/>';
echo 'Описание: ' . tag ($f['opis']) . '<br/>';
echo 'Загрузил: ' . Nick ($u['id']) . '<br/>';
echo 'Вес: <b>' . sizef ($f['size']) . '</b><br/>';
echo 'Скачиваний: <b>' . $f['ups'] . '</b><br/>';
if ($f['last']!=0) {
echo 'Последнее скачивание: <b>' . datef ($f['last']) . '</b><br/>';
}
echo 'Добавлен: <b>' . datef ($f['time']) . '</b><br/>';
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_scr` WHERE (`id_f`='" . $f['id'] . "')") != 0) {
echo 'Скриншоты:<br/>';
$query = DB :: $dbs -> query ("SELECT * FROM `down_scr` WHERE (`id_f`='" . $f['id'] . "')");
while ($scr = $query -> fetch ()) {
echo '<a class="zoom" href="/files/down_scr/' . $scr['filename'] . '"/><img src="/files/down_scr/' . $scr['filename'] . '" alt="' . $scr['filename'] . '" style="max-width:80px;max-height:80px;"/></a>';
if ($us['level']>3) {
echo ' <a href="/downloads/file.php?id=' . $f['id'] . '&del_scr=' . $scr['id'] . '">[x]</a>';
}
echo '<br/>';
}
}
echo '</div>';
echo '<a href="/downloads/file.php?id=' . $f['id'] . '&do" class="block"><img src="/images/zip.png" alt=""/> Скачать ' . $f['filename'] . '</a></div>';
if ($f['reit']<=$us['reit']) {
$ext = substr ($f['filename'], strrpos ($f['filename'], '.') + 1);
if ($ext == 'zip') {
echo '<a href="/downloads/archives.php?id=' . $f['id'] . '" class="block"><img src="/images/xeyes.png" alt=""/> Просмотр архива</a></div>';
}
if ($ext == 'mp3') {
echo '<object type="application/x-shockwave-flash" data="/flash.swf?file=/files/down/' . $f['filename'] . '">';
echo '</object>';
}
if (isset ($_GET['do'])) {
DB :: $dbs -> query ("UPDATE `down_files` SET `ups`=`ups`+1, `last`='" . time () . "' WHERE (`id`='" . $f['id'] . "')");
header ('location: /files/down/' . $f['filename']);
}
}
if($us == true) {
echo '<a href="/downloads/votes.php?id=' . $f['id'] . '"><div class="block"> <img src="/images/downloads/rating.png" alt=""/> Рейтинг</a>: ';
if ($f['us']!=$us['id']) {
echo '<a href="file.php?id=' . $f['id'] . '&vote&vot=za">+1</a> | <a href="file.php?id=' . $f['id'] . '&vote&vot=protiv">-1</a>';
}
echo ' (<font color="green">' . DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_votes` WHERE (`id_file`='" . $f['id'] . "') AND (`vot`='za')") . '</font>/<font color="red">' . DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_votes` WHERE (`id_file`='" . $f['id'] . "') AND (`vot`='protiv')").'</font>)';
}
echo '</div>';
echo '<div class="lst">Ссылка на файл: <input type="text" value="http://' . $_SERVER['HTTP_HOST'] . '/downloads/file' . $f['id'] . '"/></div>';
echo '<div class="lst">Экспорт: <input type="text" value="http://' . $_SERVER['HTTP_HOST'] . '/files/down/' . $f['filename'] . '"/></div>';
if ($f['us']!=$us['id']) {
if (isset ($_GET['vote'])) {
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_votes` WHERE (`id_file`='" . $f['id'] . "') AND (`kem`='" . $us['id'] . "')")!=0) {
echo '<div class="error"><b style="color:red;">Вы уже оценивали данный файл!</b></div>';
}
else {
if (!isset ($_GET['vote'])) {
header ('location: /downloads/file' . $f['id']);
exit;
}
$_GET['vot'] = htmlspecialchars (addslashes (trim ($_GET['vot'])));
echo '<div class="list1">';
echo '<form action="/downloads/file.php?id=' . $f['id'] . '&vote&vot=' . $_GET['vot'] . '&ok" method="post">';
echo 'Комментарий:<br/>';
echo '<textarea name="komm"></textarea><br/>';
echo '<input type="submit" value="Оценить"/>';
echo '</div>';
if (isset ($_GET['ok'])) {
$_POST['komm'] = htmlspecialchars (addslashes (trim ($_POST['komm'])));
if (empty ($_POST['komm'])) {
echo '<div class="list1"><b style="color:red;">Вы не ввели текст комментария!</b></div>';
}
else {
if ($_GET['vot']=='za') {
DB :: $dbs -> query ("UPDATE `us` SET `reit`='" . ($u['reit'] + 0.1) . "' WHERE (`id`='" . $u['id'] . "')");
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`razd`) VALUES ('us{" . $us['id'] . "} оценил [b]положительно[/b] ваш [url=/downloads/file" . $f['id'] . "]файл[/url]!', '" . time () . "', '" . $u['id'] . "','rate')");
DB :: $dbs -> query ("INSERT INTO `down_votes` (`id_file`,`us`,`komm`,`vot`,`t`,`kem`) VALUES ('" . $f['id'] . "', '" . $u['id'] . "',?,'za','" . time () . "', '" . $us['id'] . "')", array ($_POST['komm']));
}
elseif ($_GET['vot'] == 'protiv') {
DB :: $dbs -> query ("UPDATE `us` SET `reit`='" . ($u['reit'] - 0.1) . "' WHERE (`id`='" . $f['us'] . "')");
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`razd`) VALUES ('us{" . $us['id'] . "} оценил [b]отрицательно[/b] ваш [url=/downloads/file" . $f['id'] . "]файл[/url]!', '" . time () . "', '" . $u['id'] . "','rate')");
DB :: $dbs -> query ("INSERT INTO `down_votes` (`id_file`,`us`,`komm`,`vot`,`t`,`kem`) VALUES ('" . $f['id'] . "', '" . $u['id'] . "',?,'protiv','" . time () . "','" . $us['id'] . "')", array ($_POST['komm']));
}
header ('location: /downloads/file' . $f['id']);
}
}
}
}
}
echo '<div class="menu2"><a href="/downloads/komm.php?id=' . $f['id'] . '"> Комментарии</a> (' . DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "')").')</div>';
$query = DB :: $dbs -> query ("SELECT * FROM `down_files` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /');
exit;
}
$f = $query -> fetch ();
if (!isset ($f['dop']) || $f['dop']=='net') {
header ('location: /');
exit;
}
$items = DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "')");
$items_per_page = 10;
$pages = ceil ( $items / $items_per_page );
if ($page < 1)
$page = 1;
if ($page > $pages)
$page = $pages;
$start = $page * $items_per_page - $items_per_page;
$_GET['komu'] = isset ($_GET['komu']) ? intval ($_GET['komu']) : 0;
if ($_GET['komu']!=0) {
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`='" . $_GET['komu'] . "')");
if ($query -> rowCount () == 0) {
header ('location: /');
exit;
}
$komu = $query -> fetch ();
if ($komu['id'] == $us['id']) {
header ('location: /');
exit;
}
}
if($us == true) {
echo '<div class="list1">';
echo '<form action="/downloads/file.php?id=' . $f['id'] . '&komu=' . $komu['id'] . '&add" method="post">';
echo 'Комментарии:<br/><textarea name="kom">' . ($_GET['komu']!=0 ? '[b]' . $komu['nick'] . '[/b], ':'') . '</textarea><br/>';
echo '<input type="submit" value="Добавить"/>';
echo '</form>';
echo '</div>';
} else { echo '<div class="news">Чтобы оставить сообщение вам необходимо пройти <a href="/login/auth">Авторизацию</a> илли <a href="/login/reg">Регистрацию</a>!</div>';
}
if (isset ($_GET['add'])) {
$_POST['kom'] = htmlspecialchars (addslashes (trim ($_POST['kom'])));
if (empty ($_POST['kom'])) {
echo '<div class="error"><b style="color:red;">Вы не ввели текст комментария..</b></div>';
}
else {
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "') AND (`us`='" . $us['id'] . "') AND (`text`=?)", array ($_POST['kom'])) != 0) {
echo '<div class="error"><b style="color:red;">Вы уже писали это.</b></div>';
}
else {
DB :: $dbs -> query ("INSERT INTO `down_komm` (`id_f`,`us`,`komu`, `text`,`t`) VALUES ('" . $f['id'] . "','" . $us['id'] . "', '" . $_GET['komu'] . "',?,'" . time () . "')", array ($_POST['kom']));
if ($_GET['komu']!=0) {
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`) VALUES ('us{" . $us['id'] . "} ответил вам в [url=/downloads/komm.php?id=" . $f['id'] . "]комментариях[/url] к файлу!', '" . time () . "', '" . $_GET['komu'] . "')");
}
if ($f['us']!=$us['id']) {
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`) VALUES ('us{" . $us['id'] . "} [url=/downloads/komm.php?id=" . $f['id'] . "] прокомментировал[/url] ваш файл!', '" . time () . "', '" . $f['us'] . "')");
}
header ('location: /downloads/file.php?id=' . $f['id']);
}
}
}
if ($items == 0) {
echo '<div class="error">Комментариев нет..</div>';
}
else {
if (isset ($_GET['del'])) {
$query = DB :: $dbs -> query ("SELECT * FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "') AND (`id`=?)", array (intval ($_GET['del'])));
if ($query -> rowCount () != 0) {
$komm = $query -> fetch ();
$u = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $komm['us'] . "')");
if ($u['id']==$us['id'] && $us['level']>0 || $u['level']<$us['level']) {
DB :: $dbs -> query ("DELETE FROM `down_komm` WHERE (`id`='" . $komm['id'] . "')");
}
}
header ('location: /downloads/file.php?id=' . $f['id']);
}
$query = DB :: $dbs -> query ("SELECT * FROM `down_komm` WHERE (`id_f`='" . $f['id'] . "') ORDER BY `id` DESC LIMIT $start, $items_per_page");
while ($komm = $query -> fetch ()) {
$u = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $komm['us'] . "')");
echo '<div class="list1">';
echo Nick ($komm['us']) . ' (' . datef ($komm['t']) . ')';
if ($komm['us']!=$us['id']) {
echo ' [<a href="/downloads/file.php?id=' . $f['id'] . '&komu=' . $komm['us'] . '">отв</a>]';
}
if ($u['id']==$us['id'] && $us['level']>0 || $u['level']<$us['level']) {
echo ' [<a href="/downloads/file.php?id=' . $f['id'] . '&del=' . $komm['id'] . '">x</a>]';
}
echo '<br/>';
echo tag ($komm['text']);
echo '</div>';
}
if($items>5) page('/downloads/komm' . $f['id']);
}
}
}
require_once('../includes/Footers.php');
?>