Файл: mydcms.tk/downloads/info.php
Строк: 165
<?php
require '../system/sid.php';
require '../system/config.php';
include '../system/user.php';
include '../system/head.php';
include '../system/navigator.php';
whorm(0, 'fo');
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do)
{
default:
$i = my_int($_GET['i']);
$file = mysql_query("SELECT * FROM `fo_files` WHERE `id` = '$i' AND `moder` = '0' LIMIT 1");
if (mysql_num_rows($file) == FALSE) {
err('Такого файла не существует!');
} else {
$info = mysql_fetch_assoc($file);
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'fo$i' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'fo$i' LIMIT 1");
}
//-------------------------------------------//
// положительный голос
if (isset($_GET['like']))
{
$prv = mysql_query("SELECT `id` FROM `rating_files` WHERE `uid` = '$i' AND `who` = '$user[id]' LIMIT 1");
if (mysql_num_rows($prv) != FALSE) {
err('Вы уже голосовали!');
} else {
mysql_query("INSERT INTO `rating_files` SET `uid` = '$i', `who` = '$user[id]', `like` = '1'");
msg('Ваш голос принят!');
}
}
// отрицательный голос
if (isset($_GET['dlike']))
{
$prv = mysql_query("SELECT `id` FROM `rating_files` WHERE `uid` = '$i' AND `who` = '$user[id]' LIMIT 1");
if (mysql_num_rows($prv) != FALSE) {
err('Вы уже голосовали!');
} else {
mysql_query("INSERT INTO `rating_files` SET `uid` = '$i', `who` = '$user[id]', `dlike` = '1'");
msg('Ваш голос принят!');
}
}
if (!empty($info['parol']) && my_int($_REQUEST['parol']) != $info['parol'] && !isset($_SESSION["parol$i"])) {
$_SESSION['parol$i'] = '';
if (isset($_POST['ok_pass']) && my_int($_REQUEST['parol']) != $info['parol']) {
err('Пароль неверный!');
} else {
err('Файл защищен паролем!');
}
if ($user['level'] == 4 || $user['level'] == 5) {
echo '<span class="color:#FF0000;">Пароль: ' . $info['parol'] . '</span>' . $block;
}
echo '<FORM method="POST" action="info.php?i='.$i.'">
<label>Введите пароль:</label><br/>
<input type="text" name="parol"/>
<br/>
<input type="submit" name="ok_pass" value="Войти"/>
</FORM>
<a href="index.php?">Назад</a>';
include '../system/foot.php';
exit();
} else {
$_SESSION["parol$i"] = my_int($_REQUEST['parol']);
}
#######################
$ext = strtolower(strrchr($info['url'], '.'));
if ($ext == '.zip') $format = '<img src="http://digmas.tk/ico/form/zip.gif" alt="*"/> ';
elseif ($ext == '.rar') $format = '<img src="http://digmas.tk/ico/form/rar.gif" alt="*"/> ';
elseif ($ext == '.gz') $format = '<img src="http://digmas.tk/ico/form/gz.gif" alt="*"/> ';
elseif ($ext == '.tar') $format = '<img src="http://digmas.tk/ico/form/tar.gif" alt="*"/> ';
else $format = '<img src="img/unknown.gif" alt="*"/> ';
#######################
$opis = (!empty($info['info'])) ? $info['info'] : 'Без описания';
$size = filesize($info['url']);
$size = get_size($size);
// скачивание
if (isset($_GET['download'])) {
mysql_query("UPDATE `fo_files` SET `clicks` = `clicks` + '1' WHERE `id` = '$info[id]' LIMIT 1");
header('Location: ' . $info['url']);
}
if ($ext == '.zip')
{
$openZip = '<div class="menu"><a class="ssyl2" href="zip.php?id='.$i.'">Просмотр архива</a></div>';
}
$_down = $openZip . '<div class="menu"><a class="ssyl2" href="info.php?download&i='.$i.'"><img src="../views/default/img/down.png" alt=""/>Скачать ('.$info['clicks'].''.plural($info['clicks'], ' раз', ' раза', ' раз').')</a></div>';
if (isset($_SESSION['us']))
{
$_import = '<div class="menu"><b>Импорт:</b><br><input type="text" value="http://'.$site.'/fo/'.$info['url'].'"/></div>';
}
echo $div_title . $info['title'] . $div_end;
echo '<div class="menu"><b>Описание:</b><br>';
echo '' . $opis . '<br><br>';
echo '<b>Загружен:</b> '.date('d.m.Y').' в '.date('H:i', $info['time']).'<br>
<b>Размер:</b> ' . $size . '<br>
<b>Выложил:</b> <img src="../views/default/img/male_icon.png"> ' . us($info['author']) . '<br>
<b>Рейтинг:</b>';
$i_vote = mysql_query("SELECT `id` FROM `rating_files` WHERE `uid` = '$i' AND `who` = '$user[id]' LIMIT 1");
$like = mysql_fetch_assoc(mysql_query("SELECT SUM(`like`) AS t, SUM(`dlike`) AS c FROM `rating_files` WHERE `uid` = '$i'"));
if (mysql_num_rows($i_vote) == FALSE)
{
echo '<a href="info.php?i='.$i.'&like"> <img src="../ico/plus.gif" title="Плюс" alt="+"/></a><a href="?do=whovote&id='.$i.'&v=1"> ' . ($like['t'] != 0 ? $like['t'] : 0) . '</a>
|
<a href="info.php?i='.$i.'&dlike"> <img src="../ico/minus.gif" title="Минус" alt="-"/></a><a href="?do=whovote&id='.$i.'&v=2"> ' . ($like['c'] != 0 ? $like['c'] : 0) . '</a>';
}
else
{
echo '<img src="../ico/plus.gif" title="Плюс" alt="+"/><a href="?do=whovote&id='.$i.'&v=1"> ' . ($like['t'] != 0 ? $like['t'] : 0) . '</a>
|
<img src="../ico/minus.gif" title="Минус" alt="-"/><a href="?do=whovote&id='.$i.'&v=2"> ' . ($like['c'] != 0 ? $like['c'] : 0) . '</a>';
}
echo '</div>'.$_down.''.$_import.'';
// Голосование //
if (isset($_GET['del'])) {
$del = my_int($_GET['del']);
$empt = mysql_query("SELECT `id` FROM `fo_komm` WHERE `id` = '$del' LIMIT 1");
if (mysql_num_rows($empt) != FALSE && $user['level'] >= 2 && $user['level'] <= 5) {
mysql_query("DELETE FROM `fo_komm` WHERE `id` = '$del' LIMIT 1");
header('Location: info.php?i=' . $i);
} else {
header('Location: info.php?i=' . $i);
}
}
$koms = mysql_result(mysql_query("SELECT COUNT(id) FROM `fo_komm` WHERE `uid` = '$i'"), 0);
if ($koms != FALSE) {
echo $div_title . 'Комментарии:' . $div_end;
$n = new navigator($koms, 10, '?i='.$i.'&');
$_in = mysql_query("SELECT * FROM `fo_komm` WHERE `uid` = '$i' ORDER BY `id` DESC {$n->limit}");
$dv = 0;
while($q = mysql_fetch_assoc($_in)) {
$otv = '<div class="auth2><a href="info.php?i='.$i.'&k='.$q['user'].'&#down">отв</a></div>';
if ($user['level'] >= 2 && $user['level'] <= 5) {
$dk = '<a href="info.php?i='.$i.'&del='.$q['id'].'">[удалить]</a> ';
}
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo ''.uus($q['user']).'<div class="auth2"><b>'.us($q['user']).'</b>'.$online.'</div>'.$otv.'';
echo '('.date('d.m.y H:i', $q['date']).')</td></tr></table>';
echo ''. smiles(bb_code($q['msg'])).'</td></tr></table></div>';
echo '</div>';
}
echo $n->navi();
} else {
echo '<div class="menu">Комментариев нет.</div>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Не заполнен комментарий!');
} else {
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('../domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $mes)) {
$mes = preg_replace("/(w)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $mes);
}
}
}
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
if (isset($_POST['komu']) && user_inf(my_int($_POST['komu']), 'comm_files') == 1 && my_int($_POST['komu']) != $user['id']) {
$message = cvetnik($user['id']) . ' ответил на Ваш комментарий к <a href="fo/info.php?i='.$i.'">файлу</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '" . my_int($_POST['komu']) . "',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'fo$i',
`read` = '1'");
}
elseif (user_inf($info['author'], 'comm_files') == 1 && $info['author'] != $user['id']) {
$message = cvetnik($user['id']) . ' оставил комментарий к Вашему <a href="fo/info.php?i='.$i.'">файлу</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$info[author]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'fo$i',
`read` = '1'");
}
mysql_query("INSERT INTO `fo_komm` SET
`msg` = '$mes',
`uid` = '$i',
`user` = '$user[id]',
`date` = '" . time() . "'");
header('Location: info.php?&i=' . $i);
}
}
if (isset($_SESSION['us']))
{
$Komu = (isset($_GET['k'])) ? '[b]Ответ: ' . user_inf(my_int($_GET['k']), 'user') . '[/b], ' : '';
echo '<div class="menu"><a name="down"></a>
<FORM method="POST" action="info.php?i='.$i.'">
<label><b>Сообщение:</b></label>
<br/>';
echo '<textarea id="Site" name="mes" rows="5" cols="20" class="input">' . $Komu . '</textarea><br/>'.quickcode().'
<input type="hidden" name="komu" value="' . my_int($_GET['k']) . '"/>
<input type="submit" class="button" name="addkom" value="Отправить"/>
</FORM></div>';
}
}
break;
case whovote:
$id = my_int($_GET['id']);
$v = my_int($_GET['v']);
$sql = mysql_query("SELECT id FROM fo_files WHERE id = '$id' LIMIT 1");
if (mysql_num_rows($sql) == false)
{
err('Ошибка!');
} elseif ($v != 1 && $v != 2) {
err('Ошибка!');
} else {
$var = ($v == 1) ? '`like`' : 'dlike';
$sel = mysql_result(mysql_query("SELECT COUNT(id) FROM rating_files WHERE uid = '$id' AND $var = '1'"), 0);
if ($sel != 0)
{
$n = new navigator($sel, 10, '?do=whovote&id='.$id.'&v='.$v.'&');
$res = mysql_query("SELECT * FROM rating_files WHERE uid = '$id' AND $var = '1' ORDER BY id DESC {$n->limit}");
while($a = mysql_fetch_assoc($res))
{
echo us($a['who']) . '<br/>';
}
echo $n->navi();
} else {
echo 'За этот вариант никто не голосовал.<br/>';
}
}
echo '« <a href="?i='.$id.'">Назад</a>';
break;
}
echo '</div>';
include '../system/foot.php';
?>