Файл: user/wall/files.php
Строк: 40
<?php
/* DCMS Special
* Дата последнего редактирования 03.01.2016
* Модифицировал densnet
*/
foreach (array('start', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'user', 'downloadfile') as $inc) {
require_once "../../sys/inc/$inc.php";
}
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_files` WHERE `id` = '" . intval($_GET['id']) . "'"), 0) == 1) {
$file = mysql_fetch_assoc(mysql_query("SELECT * FROM `wall_files` WHERE `id` = '" . intval($_GET['id']) . "' LIMIT 1"));
if (is_file(H . 'sys/wall/' . $file['id'] . '.frf') && isset($user) && $user['level'] >= 1 && isset($_GET['del'])) {
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != NULL) {
$link = $_SERVER['HTTP_REFERER'];
} else {
$link = '/index.php';
}
mysql_query("DELETE FROM `wall_files` WHERE `id` = '$file[id]' LIMIT 1");
unlink(H . 'sys/wall/' . $file['id'] . '.frf');
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != NULL) {
header("Location: $_SERVER[HTTP_REFERER]");
} else {
header("Location: /user/wall/index.php?" . SID);
}
} elseif (is_file(H . 'sys/wall/' . $file['id'] . '.frf')) {
mysql_query("UPDATE `wall_files` SET `count` = '" . ($file['count'] + 1) . "' WHERE `id` = '$file[id]' LIMIT 1");
DownloadFile(H . 'sys/wall/' . $file['id'] . '.frf', $file['name'] . '.' . $file['ras'], ras_to_mime($file['ras']));
exit;
}
} else {
header("Refresh: 3; url=/index.php");
header("Content-type: text/html", NULL, 404);
echo "<html><head><title>Ошибка 404</title>n";
echo "<link rel="stylesheet" href="/style/themes/default/style.css" type="text/css" />n";
echo "</head>n<body>n<div class="body"><div class="err">n";
echo "Нет такой страницыn";
echo "<br />";
echo "<a href="/index.php">На главную</a>";
echo "</div>n</div>n</body>n</html>";
exit;
}