Файл: vsime.com/comm/inc/act_comm_avatar.php
Строк: 65
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
$title .= ' - '.htmlspecialchars($comm['name']).' - Аватар'; // Заголовок страницы
ex_head();
if($ank['id']==$user['id'] && isset($user))
{
if (isset($_FILES['file']) && isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$file_path = $_FILES['file']['tmp_name'];
$save_path = H."i/comm_avatar/";
$type = $_FILES['file']['type'];
if ($type!=='image/jpeg' && $type!=='image/jpg' && $type!=='image/gif' && $type!=='image/png')$error[]="Это не картинка.";
else
{
if (is_file(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png"))unlink(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png");
$comm['mdi']=md5(rand(12345,99999999));
mysqli_query($dbi, "UPDATE `comm` SET `mdi` = '$comm[mdi]' WHERE `id` = '$comm[id]'");
$name = "comm.".$comm['id'].".".$comm['mdi'].".img.png";
create_screen($file_path, $save_path, 96, 96, NULL, $name, 0);
msg("Аватар успешно установлен");
}
} else hacked_by_Killer();
}
if (isset($_GET['rotate']) && ($_GET['rotate']=='right' || $_GET['rotate']=='left') && is_file(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png"))
{
if (hsc(@$_GET['mdp'])==$mdp)
{
$rotate=$_GET['rotate'];
if($rotate=='left')$degrees=90;else $degrees=270;
// Файл и угол поворота
$icon = H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png";
// Загрузка изображения
$source = imagecreatefromstring(file_get_contents($icon));
// Поворот
$rotate = imagerotate($source, $degrees, 0);
// Ввод
if (is_file(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png"))unlink(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png");
$comm['mdi']=md5(rand(12345,99999999));
mysqli_query($dbi, "UPDATE `comm` SET `mdi` = '$comm[mdi]' WHERE `id` = '$comm[id]'");
imagepng($rotate,H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png");
} else hacked_by_Killer();
}
if (isset($_GET['delete']))
{
if (is_file(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png"))unlink(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png");
}
show_errors();
?>
<div class='list'>
<div class='left'>
<?
if (is_file(H."i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png"))
{
echo "<img src='/i/comm_avatar/comm.".$comm['id'].".".$comm['mdi'].".img.png' /><br/>n";
?>
<style>
img.rotate {
border: 2px solid #CCEDEC;
border-radius: 3px;
}
img.rotate:hover {
border: 2px solid #CCEDEC;
background: #CCEDEC;
border-radius: 3px;
}
</style>
<?
echo "<center><a href='?act=comm_avatar&id=$comm[id]&rotate=left&mdp=$mdp'><img src='/i/site/rotate_left.png' class='rotate' /></a> <a href='?act=comm_avatar&id=$comm[id]&rotate=right&mdp=$mdp'><img src='/i/site/rotate_right.png' class='rotate' /></a><br /><a href='?act=comm_avatar&id=$comm[id]&delete'>Удалить</a></center>n";
}
else echo "<img src='/i/site/no_avatar_comm.png'/><br/>n";
?>
</div>
<div class='overfl_hid'>
<form method='post' enctype='multipart/form-data' class=multi'>
<input type='file' name='file' accept='image/*,image/gif,image/png,image/jpeg' />
<br />
<input type="hidden" name="mdp" value="<? echo $mdp;?>">
<input value='Заменить' type='submit' name='submited' /> <a href='?act=comm_settings&id=<?php echo $comm['id'];?>'>Назад</a>
</form>
</div>
<div class='clear'></div>
</div>
<div class='main'>
Можно загружать картинки форматов: GIF, JPG, PNG<br />Качественное преобразование GIF-анимации не гарантируется<br />
</div>
<?
echo "<div class='foot'>n";
echo image_back()."<a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>";
}
else{header("Location:/comm");exit;}
}
else{header("Location:/comm");exit;}
?>