Файл: 4mast/profmas.ru/pages/shop/incfiles/screen.php
Строк: 78
<?php
define('ROOT', $_SERVER['DOCUMENT_ROOT'].'/');
require_once(ROOT.'includes/Headers.php');
require_once(ROOT.'includes/PDO_func.php');
$id = isset($_GET['id']) ? abs((int)$_GET['id']) : false;
if (empty($id)) {
header ('location: /');
exit;
}
$query = DB::$dbs->query("SELECT * FROM `magazin_file` WHERE `id`= ?", [$id]);
if ($query -> rowCount () == 0) {
header ('location: /');
exit();
}
$file = $query->fetch();
H('Скриншоты','<a href="/pages/shop/file/'.$file['id'].'" style="color:white;">'.$file['name'].'</a> | Скриншоты');
switch($act) {
default:
if (isset($_GET['del'])) {
$del = abs(intval($_GET['del']));
$screen = DB::$dbs->queryFetch("SELECT * FROM magazin_screen WHERE id = ? LIMIT 1",[$del]);
if(file_exists(ROOT.'files/mag_screen/'.$screen['screen'])) unlink(ROOT.'files/mag_screen/'.$screen['screen']);
DB::$dbs->query("DELETE FROM magazin_screen WHERE id = ?",array($del));
header('location: /pages/shop/screen/'.$id);
}
echo '<a href="/pages/shop/screen/add/'.$id.'" class="block"><img src="'.$img.'" alt="*"/> Добавить скриншот</a></div>';
$array = DB::$dbs->query("SELECT * FROM magazin_screen WHERE file = ? ORDER BY id DESC", [$id]);
if ($array->rowCount()==0) {
echo '<div class="error">Скриншотов пока нет!</div>';
}
while($arr = $array->fetch()){
echo '<div class="lst">[<a href="/pages/shop/screen/'.$id.'?del='.$arr['id'].'">X</a>] <a href="/files/mag_screen/'.$arr['screen'].'"><img src="/files/mag_screen/'.$arr['screen'].'" alt="*" width="120"/></a></div>';
}
break;
case 'add':
if (isset($_POST['ok'])) {
for($i=0;$i<count($_FILES['file']['name']);$i++){
$FileName = $_FILES['file']['name'][$i];
$FileSize = $_FILES['file']['size'][$i];
$GetExt = array('.bmp',
'.gif','.jpeg','.jpg','.png');
$ext = strtolower(strrchr($_FILES['file']['name'][$i], '.'));
if (empty($FileName)) $err .= 'Не выбран файл!';
if(!preg_match('#([a-z0-9-_]{1,32})#i', $FileName)) $err .= 'Не правильное имя файла!';
if ($FileSize > 1024 * 2 * 1024) $err .= 'Размер файла более 2 Мб!';
if(preg_match('/(.php|.pl|.htaccess)/i', $FileName) || !in_array($ext, $GetExt)) $err .= 'Запрещенный формат файла!';
$filename = 'mag_screen_'.mt_rand(1000, 9999).$ext;
if (!empty($err)){
echo '<div class="error">Пусто</div>';
} else {
copy($_FILES['file']['tmp_name'][$i], $_SERVER['DOCUMENT_ROOT'].'/files/mag_screen/'.$filename);
$copy_file = ROOT.'files/mag_screen/'.$filename;
$imgc = imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name'][$i]));
$imgc = copy_img($imgc);
imagejpeg($imgc,$copy_file,90);
DB::$dbs->query("INSERT INTO `magazin_screen` SET `file` = ?, `screen` = ?",array($id,$filename));
header('location: /pages/shop/screen/'.$id);
}
}
}
echo '<div class="news"><form action="/pages/shop/screen/add/'.$id.'" method="post" enctype="multipart/form-data">Скриншот 1:<br/>
<input name="file[]" type="file"/><br/>Скриншот 2:<br/>
<input name="file[]" type="file"/><br/>Скриншот 3:<br/>
<input name="file[]" type="file"/><br/>Скриншот 4:
<br/><input name="file[]" type="file"/><br/><input type="submit" name="ok" value="Добавить"></form></div>';
break;
}
require_once(ROOT.'includes/Footers.php');
?>