Файл: files/index.php
Строк: 187
<?
include_once $_SERVER['DOCUMENT_ROOT'].'/core/system.php';
$title='Обменник';
include_once $_SERVER['DOCUMENT_ROOT'].'/design/heads.php';
title($title).nav();
/////////////Настройки
$formats =array ("wmv", "zip", "rar", "tar", "avi", "3gp", "mp4", "mp3", "amr", "txt", "cab", "thm", "sdt", "nth", "mtf", "col", "scs", "utz", "gif", "jpg", "jpeg", "bmp", "png", "wbmp", "pic", "ani", "pco", "mmf", "mid", "amr", "mp3", "wav", "aac", "seq", "vox", "dxm", "imy", "emy", "pmd", "rng", "doc", "docx", "swf", "tsk", "apk", "sis", "sisx", "jar", "jad", "flac", "torrent");
$max_image_size = $set['upload_size'];
/////////Переход
if (isset($_GET['d']) && my_esc($_GET['d']) != NULL) {
$l = preg_replace("#.{2,}#", NULL, my_esc($_GET['d']));
$l = preg_replace("#./|/.#", NULL, $l);
$l = preg_replace("#(/){1,}#", "/", $l);
$l = '/' . preg_replace("#(^(/){1,})|((/){1,}$)#", "", $l);
} else {
$l = '/';
}
if ($l=='/')
{
$dir_id['upload']=0;
$id_dir=0;
$l='/';
}elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `files_dir` WHERE `dir` = '/$l' OR `dir` = '$l/' OR `dir` = '$l' LIMIT 1"),0)!=0)
{
$dir_id=mysql_fetch_assoc(mysql_query("SELECT * FROM `files_dir` WHERE `dir` = '/$l' OR `dir` = '$l/' OR `dir` = '$l' LIMIT 1"));
$id_dir=$dir_id['id'];
}
else
{
$dir_id['upload']=0;
$id_dir=0;
$l='/';
}
$dir_ids=mysql_fetch_assoc(mysql_query("SELECT * FROM `files_dir` WHERE `id` = '$id_dir' LIMIT 1"));
//////////Добвление папки
if (isset($_POST['add_dir'])) {
access(1);
$name=my_esc($_POST['name']);
$upload = my_esc($_POST['upload']);
if ($l!='/')$l.='/';
mysql_query("INSERT INTO `files_dir` (`name`, `dir` , `dirs` , `upload` , `incert`) VALUES ('$name', '".$l."".retranslit($name,1)."/', '".$l."', '$upload' ,'$dir_ids[incert]')");
$idsss=mysql_insert_id();
if ($l=='/')mysql_query("UPDATE `files_dir` SET `incert` = '$idsss' WHERE `id` = '".$idsss."' LIMIT 1");
$_SESSION['msg'] = 'Папка Добавлена ';
header('Location: ?');
}
////////////Сохранение настроек
if (isset($_POST['red_save'])) {
access(1);
$name=filtr($_POST['name']);
$upload = filtr($_POST['upload']);
if ($l!='/')$l.='/';
mysql_query("UPDATE `files_dir` SET `name` = '$name', `upload` = '$upload' WHERE `id` = '".$id_dir."' LIMIT 1");
$_SESSION['msg'] = 'Папка Отредактирована ';
header('Location: ?');
}
/////////Выгрузка
if (isset($_POST['upload_ok'])) {
/////////Выгрузка Скриншота
$screen_name=htmlspecialchars($_FILES['screen']['name']);
$screen_t=strtolower(preg_replace("/^.*./", NULL, $screen_name));
$screen_f=array ("jpg","jpeg","gif","png","webp");
if (($_FILES['screen']['name'] != NULL) && !in_array($screen_t,$screen_f)){$error ="Скриншот может быть только форматом jpg, jpeg ,gif ,png ,webp";}
$uploadscreen = "".cputen($_FILES['screen']['name']);
$tmps=$_FILES['screen']['tmp_name'];
/////////Выгрузка фала
//////Модерация Файла
if ($set['upload_moder'] == 1)$moder = 0;else$moder=1;
$names=my_esc($_POST['name']);
$opis=my_esc($_POST['opis']);
if (strlen($opis) > $set['max_opis']) $error .= 'Максимум '.$set['max_opis'].' символов в описании';
if (strlen($names) > $set['max_name']) $error .= 'Максимум '.$set['max_opis'].' символов в названии';
$name=htmlspecialchars($_FILES['somename']['name']);
$tmp=$_FILES['somename']['tmp_name'];
$filesize = filesize($tmp);
$uploadfile = "".cputen($_FILES['somename']['name']);
$t=strtolower(preg_replace("/^.*./", NULL, $name));
if ($names != NULL)
$new_name = $names=my_esc($_POST['name']);
else
$new_name = my_esc($name);
$xt=$formats;
if (!in_array($t, $xt)){$error ="Загружать можно только : jpg, jpeg, gif, png, webp, zip, rar, tar, mp3, flac, mp4, 3gp, avi, mvk, apk, jar, jad";}
if($_FILES['somename']['error']>0)$error ="Файл не прикреплен";
if (filesize($tmp) > $max_image_size)$error ="Фаил слишком большой!";
//////////Ошибки при выгрузке
if($error){
$_SESSION['err'] = ''.$error.'';
header('Location: ?');
exit();
}else{
mysql_query("INSERT INTO `files_file` (`name`,`opis`,`file`,`type`,`id_dir` , `time` , `id_user`,`size`,`screen`,`incert`,`moder`) VALUES ('$new_name','$opis','".cputen($uploadfile)."','$t','$id_dir','$time','$user[id]','$filesize','$uploadscreen','$dir_ids[incert]','$moder')");
move_uploaded_file($tmp,'../path/files/'.$uploadfile);
move_uploaded_file($tmps,'../path/screen/'.$uploadscreen);
$_SESSION['msg'] = 'Файл выгружен, ждите модерации';
header('Location: ?');
}
}
////////Вывод файлов и папок
$q=mysql_query("SELECT * FROM `files_dir` WHERE `dirs` = '/$l' OR `dirs` = '$l/' OR `dirs` = '$l' ORDER BY `name`,`positions` ASC");
while ($post = mysql_fetch_assoc($q))
{
$list[]=array('dir'=>1,'post'=>$post);
}
$q=mysql_query("SELECT * FROM `files_file` WHERE `moder` = '1' AND `id_dir` = '$id_dir' ORDER BY `time` DESC");
while ($post = mysql_fetch_assoc($q))
{
$list[]=array('dir'=>0,'post'=>$post);
}
$k_post=sizeof($list);
$k_page=k_page($k_post,$count_page);
$page=page($k_page);
$start=$count_page*$page-$count_page;
echo '<div class="lines">' . ($dir_ids == 0 ? 'Категории':''.$dir_ids['name'].'').'</div><div class="block"><div class="row">';
if ($l!='/' && $dir_ids['upload'] == 1)echo '<a class="gsilka" href="?upload&?id='.$id_dir.'">Выгрузить Фаил</a></br> ☆☆☆☆☆☆☆</div>';
for ($i=$start;$i<$k_post && $i<$count_page*$page;$i++)
{
if ($list[$i]['dir']==1) // папка
{
$post=$list[$i]['post'];
$k_f=0;
$k_n=0;
$q3=mysql_query("SELECT * FROM `files_dir` WHERE `dirs` like '$post[dir]%'");
while ($post2 = mysql_fetch_assoc($q3))
{
$k_f=$k_f+mysql_result(mysql_query("SELECT COUNT(*) FROM `files_file` WHERE `moder` = '1' AND `id_dir` = '$post2[id]'"),0);
$k_n=$k_n+mysql_result(mysql_query("SELECT COUNT(*) FROM `files_file` WHERE `moder` = '1' AND `id_dir` = '$post2[id]' AND `time` > '" . (time() - 60 * 60 * 24 * 1) . "'"), 0);
}
$k_f=$k_f+mysql_result(mysql_query("SELECT COUNT(*) FROM `files_file` WHERE `moder` = '1' AND `id_dir` = '$post[id]'"),0);
$k_n=$k_n+mysql_result(mysql_query("SELECT COUNT(*) FROM `files_file` WHERE `moder` = '1' AND `id_dir` = '$post[id]' AND `time` > '" . (time() - 60 * 60 * 24 * 1) . "'"), 0);
if ($k_n==0)$k_n=NULL;
else $k_n='<font color="red">+'.$k_n.'</font>';
echo "<div class='row'><a href='/files$post[dir]'><img src='/path/icons/folder.png' width ='16'> $post[name] <span class='kol'>$k_f $k_n</span></a></div>";
}
else
{
$post=$list[$i]['post'];
$time_new = ($post['time'] + 86400);
$url = '/files/icons/';
if ($post['time'] < $time_new)$k_ns='<span class="kol"><font color="red">New</font></span>';
echo "<div class='row'><a href='/files/file.php?id=$post[id]'><img src='/path/icons/$post[type].png' width='16'> $post[name] [".size_file($post['size'])."] $k_ns</a></div>";
}
}
if ($k_post==0)
{
echo '<div class="err">Пока что пусто</div>';
}
echo '</div></div>';
if ($k_page>1)str('?',$k_page,$page); // Вывод страниц
///////////Удаление
if (isset($_GET['del_dir']))
{
access(1);
$q2=mysql_query("SELECT * FROM `files_file` WHERE `id_dir` = '$id_dir'");
while ($del = mysql_fetch_assoc($q2))
{
@unlink('files/'.$del['name'].'');
}
mysql_query("DELETE FROM `files_dir` WHERE `id` = '".$id_dir."' LIMIT 1");
$_SESSION['msg'] = 'Каталог удален';
header('Location: /files'.$dir_ids['dirs'].'');
}
if($user){
///////////Форма выгрузки
if (isset($_GET['upload']))
{
echo '<div class="lines"></div><div class="block">';
echo '
<form action = "" method = "post" enctype = "multipart/form-data">';
echo '<div class="menu">Скриншот:</br><input type = "file" name = "screen" /></div>';
echo '<div class="menu">Файл (MAX'.size_file($max_image_size).'):</br><input type = "file" name = "somename" /></div>';
echo ' <div class="menu">Название:</br> <input type="text" name="name"></div>';
echo ' <div class="menu">Описание:</br> <textarea name="opis"></textarea></div>';
echo '<div class="menu"><input type = "submit" name ="upload_ok" value = "Загрузить" /></form></div>
';
echo '</div>';
}else
//////////Форма редактирование папки
if (isset($_GET['red_dir']))
{
access(1);
echo '<div class="blok"></div><div class="white-block">';
echo '<form action="" method="POST">
<div class="menu">Название папки:</br> <input type="text" value="'.$dir_ids['name'].'" name="name"></div>';
echo "Выгружать в папку:<br />n<select name='upload'>n";
echo "<option value='1'".($dir_ids['upload']==1?" selected='selected'":null).">Можно</option>n";
echo "<option value='0'".($dir_ids['upload']==0?" selected='selected'":null).">Нельзя</option>n";
echo "</select>n";
echo '<div class="menu"><input type="submit" name="red_save" value="Изменить"></div></form></div>';
echo '</div>';
}else
////////////Форма добавления папки
if (isset($_GET['add_dir']))
{
access(1);
echo '<div class="blok"></div><div class="white-block">';
echo '<form action="" method="POST">
<div class="menu">Название папки:</br> <input type="text" name="name"></div>
<div class="menu">Можно выгружать в папку?:<br /><select name="upload"><option value="0">Нет</option><option value="1">Да</option></select></div>
<div class="menu"><input type="submit" name="add_dir" value="Добавить папку"></div></form></div>';
echo '</div>';
}else{
////////Ссылки
if($user['access'] > 0){
echo '<div class="lines">Управление</div><div class="block">';
echo '<div class="row"><a href="?add_dir&?id='.$id_dir.'">Добавить Папку</a></div>';
if ($l!='/')echo '<div class="row"><a href="?red_dir&?id='.$id_dir.'">Редактировать Папку</a></div>';
if ($l!='/')echo '<div class="row"><a href="?del_dir&?id='.$id_dir.'">Удалить Папку</a></div>';
echo '</div>';
}
}
}
include_once $_SERVER['DOCUMENT_ROOT'].'/design/footer.php';
?>