Файл: vsime.com/files/inc/file_form.php
Строк: 342
<?
include('inc/selectar_form.php');
$count_komm=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]'"));
if ($count_komm > 0) {
$last_komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' ORDER BY `time` DESC LIMIT 1"));
$ank_last_komm = profile($last_komm['id_user']);
}
if (isset($_GET['mdelete']) && (isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level']))$mdelete=1;
if (isset($mdelete) && isset($_POST['m_d_okey'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
foreach ($_POST as $key => $value) {
if (preg_match('#^mdelelte_komm_([0-9]*)$#',$key,$kid) && $value == 1) {
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '$kid[1]' LIMIT 1"))!=0) {
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '$kid[1]' LIMIT 1"));
mysqli_query($dbi, "DELETE FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '$komm[id]'");
}
}
}
} else hacked_by_Killer();
}
if (isset($_GET['delete_file'])) {
if (isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level']) {
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
mysqli_query($dbi, "DELETE FROM `files_komm` WHERE `id_file` = '$file[id]'");
mysqli_query($dbi, "DELETE FROM `files` WHERE `id` = '$file[id]' AND `type` = 'file'");
mysqli_query($dbi, "DELETE FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'");
mysqli_query($dbi, "DELETE FROM `files_comm` WHERE `id_file` = '$file[id]' AND `type` = 'file'");
mysqli_query($dbi, "DELETE FROM `lenta` WHERE `id_object` = '$file[id]' AND `type` = 'file'");
unlink(H."system/files/files/users/user$file[id_user]/dir$dir[id]/".$file['id'].".dat");
if (is_file(H."i/tmp_flv/".$file['id'].".video.flv"))unlink(H."i/tmp_flv/".$file['id'].".video.flv");
if (!mysqli_result("SELECT COUNT(*) FROM `files` WHERE `type` = 'file' AND `id_dir` = '$dir[id]'"))rmdir(H."system/files/files/users/user$file[id_user]/dir$dir[id]");
locon(" ?dir=$file[id_dir]");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "<div class='list'>n";
echo "Подтвердите удаление файла<br/>n";
echo "<input type='submit' name='submited' value='Удалить'> <a href='?file=$file[id]'>Отмена</a>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "</form>n";
echo "</div>";
} else {
$error[] = "У Вас нет прав для удаления файла!";
show_errors();
}
ex_foot();
}
if (isset($_GET['edit_file'])) {
if (isset($user) || $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level']) {
if (isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$name=$_POST['name'];
$desc=$_POST['desc'];
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files` WHERE `name` = '".my_esc($name)."' AND `id` != '$file[id]' AND `type` = 'file' AND `ras` = '$file[ras]' AND `id_dir` = '$dir[id]'"))!=0)$error[]="Такая папка уже есть";
if (strlen2(trim($name)) < 1)$error[]="Название не должно быть пустым и не больше 50-ти символов";
if (strlen2($desc) > 512)$error[]="Описание должно быть не больше 512-ти символов";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error)) {
if (mysqli_result("SELECT COUNT(*) FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'")!=0) {
mysqli_query($dbi, "UPDATE `files_zone` SET `name` = '$name.$file[ras]' WHERE `id_file` = '$file[id]' AND `type` = 'file'");
}
mysqli_query($dbi, "UPDATE `files` SET `name` = '$name', `desc` = '$desc' WHERE `id` = '$file[id]' AND `type` = 'file'");
locon("?file=$file[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br />n";
if ($config['web'] == true) {
if (is_file(H.'i/file_type/'.$file['ras'].'.png'))echo "<img src='/i/file_type/$file[ras].png' alt='$file[ras]' /> n";
else echo "<img src='/i/file_type/file.png' alt='file' /> n";
}
echo "<input type='text' style='width: 80%' name='name' value='".input_value($file['name'])."'".title_link('Введите новое название файла').">.".hsc($file['ras'])."<br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br />n";
echo "<textarea name='desc' rows='6' cols='17' style='width:85%'".title_link('Введите новое описание файла').">".input_value($file['desc'])."</textarea><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='mod_grad'>n";
echo "$config[code_delete] <a href='?file=$file[id]&delete_file'>Удалить файл</a><br />n";
echo "</div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?file=$file[id]'>Назад</a><br />n";
echo "</div>n";
} else {
$error[] = "У Вас нет прав для редактирования файла!";
show_errors();
}
ex_foot();
}
if (isset($mdelete) && isset($_POST['m_sk_okey'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
foreach ($_POST as $key => $value) {
if (preg_match('#^mdelelte_komm_([0-9]*)$#',$key,$kid) && $value == 1) {
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '$kid[1]' LIMIT 1"))!=0)
{
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '$kid[1]' LIMIT 1"));
mysqli_query($dbi, "UPDATE `files_komm` SET `sk` = '".($komm['sk']==0?1:0)."', `sk_user` = '$user[id]' WHERE `id_file` = '$file[id]' AND `id` = '$komm[id]'");
}
}
}
} else hacked_by_Killer();
}
if (isset($_GET['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '".intval($_GET['reply'])."'"))!=0) {
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '".intval($_GET['reply'])."'"));
$ank2=profile($komm['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
echo show_avatar($ank2['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']);
echo "<br />n";
echo output_text($komm['msg'], $ank2['id'])."n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
if (isset($user)) {
input_bbs();
echo "<div class=foot><form method='post' name='message' action='?file=$file[id]'>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите свой ответ...'></textarea><br />n";
echo "<input type='hidden' name='reply' value='$ank2[id]'>n";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input value="Отправить" type="submit" /> <a href='?file=$file[id]'>Назад</a>n";
echo "</form></div>n";
} else echo "<div class='main'>$config[code_add] <a href='/login.php'>Добавить комментарий</a></div>n";
ex_foot();
}
if (isset($_GET['edit']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '".intval($_GET['edit'])."'"))!=0) {
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id` = '".intval($_GET['edit'])."'"));
$ank2=profile($komm['id_user']);
if (isset($user) && ($user['id']==$ank2['id'] && $komm['time']>time()-600)) {
if (isset($_POST['msg'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$msg=$_POST['msg'];
if (strlen2($msg) > 10000){$error[]='Сообщение слишком длинное';}
if (strlen2(trim($msg)) < 1){$error[]='Короткое сообщение';}
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `files_komm` SET `msg` = '".my_esc($msg)."' WHERE `id_file` = '$file[id]' AND `id` = '$komm[id]'");
locon(" ?file=$file[id]");
}
} else hacked_by_Killer();
}
show_errors();
input_bbs();
echo "<form method='post' action=''>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите комментарий...'>".input_value($komm['msg'])."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "<input type='submit' name='submited' value='Отправить' />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?file=$file[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
if (isset($_POST['msg']) && isset($user)) {
if (hsc(@$_POST['mdp'])==$mdp) {
$msg=$_POST['msg'];
if (strlen2($msg) > 10000){$error[]='Сообщение слишком длинное';}
if (strlen2(trim($msg)) < 1){$error[]='Короткое сообщение';}
if (@$ank_last_komm['id']==$user['id'] && my_esc($msg)==@$last_komm['msg']){$error[]='Ваше сообщение повторяет предыдущее';}
if (!isset($error)) {
if (isset($_POST['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '".intval($_POST['reply'])."'"))!=0) {
$reply_user=profile(intval($_POST['reply']));
$komm_reply=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id_file` = '$file[id]' AND `id_user` = '$reply_user[id]' AND `id` = '".intval($_POST['komm_reply'])."'"));
$reply=1;
}
$array_journal = array();
$query_komm = mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE `id_file` = '$file[id]' ORDER BY `time` ASC");
while ($post_komm = mysqli_fetch_array($query_komm)) {
if ($post_komm['id_user'] != $ank['id'] && $post_komm['id_user'] != $user['id'])$array_journal["$post_komm[id_user]"] = $post_komm['id'];
}
foreach ($array_journal as $key => $value) {
$ank_journal = profile($key);
$komm_journal = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE `id` = '$value'"));
if (!mysqli_result("SELECT COUNT(*) FROM `journal` WHERE `id_kont` = '$ank_journal[id]' AND `cat` = 'files' AND `type` = 'komm' AND `id_object2` = '$file[id]'"))mysqli_query($dbi, "INSERT INTO `journal` (`id_kont`, `time`, `cat`, `type`, `id_object`, `id_object2`) values('$ank_journal[id]', '$time', 'files', 'komm', '$komm_journal[id]', '$file[id]')");
else mysqli_query($dbi, "UPDATE `journal` SET `time` = '$time', `read` = '0', `id_object` = '$komm_journal[id]' WHERE `id_kont` = '$ank_journal[id]' AND `cat` = 'files' AND `type` = 'komm' AND `id_object2` = '$file[id]'");
}
mysqli_query($dbi, "INSERT INTO `files_komm` (`id_user`, `id_file`, `time`, `msg`".(isset($reply)?", `id_reply`, `reply_msg`":null).") values('$user[id]', '$file[id]', '$time', '".my_esc($msg)."'".(isset($reply)?", '$reply_user[id]', '$komm_reply[msg]'":null).")");
locon(" ?file=$file[id]");
}
} else hacked_by_Killer();
}
if ((isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level']) && isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `files_komm` WHERE$skp `id` = '".intval($_GET['delete'])."' AND `id_file` = '$file[id]' LIMIT 1"))!=0) {
if (hsc($_GET['mdp'])==$mdp) {
mysqli_query($dbi, "DELETE FROM `files_komm` WHERE$skp `id` = '".intval($_GET['delete'])."' AND `id_file` = '$file[id]' LIMIT 1");
locon(" ?file=$file[id]");
} else hacked_by_Killer();
}
if (mysqli_result("SELECT COUNT(*) FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'")!=0) {
if (isset($_GET['delete_fzone']) && (isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level'])) {
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
mysqli_query($dbi, "DELETE FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'");
locon(" ?file=$file[id]");
exit;
} else hacked_by_Killer();
}
echo "<div class=list><form method='POST'>n";
echo "Подтвердите удаление файла из Зоны файлов<br/>n";
echo "<input type='submit' name='submited' value='Удалить'> <a href='?file=$file[id]'>Отмена</a>n";
echo "<input type='hidden' name='mdp' value='$mdp' />n";
echo "</form></div>n";
ex_foot();
}
$file_zone = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'"));
if ($file_zone['id_dir'] == 0) {
$dir_zone = array();
$dir_zone['show'] = 'Корневая папка';
} else {
$dir_zone = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_zone` WHERE `id` = '$file_zone[id_dir]' AND `type` = 'dir'"));
$dir_zone['show'] = "<a href='/files_zone/?dir=$dir_zone[id]'>".hsc($dir_zone['name'])."</a>";
if (mysqli_result("SELECT COUNT(*) FROM `files_zone` WHERE `id` = '$dir_zone[id_dir]' AND `type` = 'dir'")!=0) {
$dir_zone2 = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files_zone` WHERE `id` = '$dir_zone[id_dir]' AND `type` = 'dir'"));
$dir_zone['show'] = "<a href='/files_zone/?dir=$dir_zone2[id]'>".hsc($dir_zone2['name'])."<a> / ".$dir_zone['show'];
}
}
echo "<div class='main'>n";
if (isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level'])echo "<span class='right'><a href='?act=fzone&id=$file[id]'>$config[code_move]</a> <a href='?file=$file[id]&delete_fzone'>$config[code_delete]</a></span>n";
echo "<img src='/i/dir_type/dir_zone.png' /> Зона файлов: $dir_zone[show]<br />n";
echo "</div>n";
}
echo "<div class='list'>n";
echo "<div class='mediaspace'>n";
if (is_file(H.'/i/file_type/'.$file['ras'].'.png'))echo "<img src='/i/file_type/$file[ras].png' alt='$file[ras]' />n";
else echo "<img src='/i/file_type/file.png' alt='file' />n";
echo " <b class='none'>".hsc($file['name'])."</b>.".hsc($file['ras'])."n";
if (isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level'])if ($config['web']==true)echo "<span class='right'><a href='?file=$file[id]&edit_file'>$config[code_edit]</a>".(isset($user) && $ank['id']==$user['id'] || isset($moderate_files) && $user['level'] > $ank['level']?" <a href='?file=$file[id]&delete_file'>$config[code_delete]</a>":NULL)."</span>n";
echo "<br />n";
echo "</div>n";
include('inc/file_media_form.php');
if ($file['desc']!=NULL) {
echo "<div class='freespace'>n";
echo output_text($file['desc'], $ank['id'])."<br />n";
echo "</div>n";
}
$file['name_load'] = $file['name'];
if (isset($sound)) {
if ($sound['artist'] && $sound['name'])$file['name_load'] = $sound['artist'].' - '.$sound['name'];
}
echo "<img src='/i/site/download.png' /> <a href='/files/download/".md5($file['id'])."/$unique_code/$mdp/".file_name_html($file['name_load'])."(".file_name_html($_SERVER['HTTP_HOST']).").".hsc($file['ras'])."'".title_link('Скачать файл').">Скачать</a> (".size_file($file['size']).")<br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<img src='/i/site/avatar.png' /> Выгрузил: n";
echo profile_nick($ank['id'], 1);
echo " (".vremja($file['time']).")n";
echo "<br />n";
if (isset($_GET['file_replace']) && (isset($user) && $ank['id']==$user['id'])) {
if (isset($_SESSION['files_multi_select'])) {
if (!in_array($file['id'], $_SESSION['files_multi_select']))$_SESSION['files_multi_select'][] = $file['id'];
} else {
$_SESSION['files_multi_select'] = array();
$_SESSION['files_multi_select'][] = $file['id'];
}
locon(" ?dir=$dir[id]");
exit();
}
else echo "<img src='/i/dir_type/dir.png' /> Папка: <a href='?dir=$dir[id]".($dir['id']==0?"&id=$ank[id]":NULL)."'>".hsc($dir['name'])."</a> ".(isset($user) && $ank['id']==$user['id']?" [<a href='?file=$file[id]&file_replace'><span style='text-decoration: underline;'>Переместить</span></a>]":NULL)."<br />";
echo "</div>n";
echo "<div class='main'>n";
if (mysqli_result("SELECT COUNT(*) FROM `files_zone` WHERE `id_file` = '$file[id]' AND `type` = 'file'")==0 && $ank['id'] == $user['id'] && isset($user))echo "<img src='/i/site/toFZ.png' /> <a href='?act=fzone&id=$file[id]'>В зону</a><br />n";
echo "<img src='/i/site/share.png' /> <a href='?act=share&id=$file[id]'>Отправить другу</a><br />n";
echo "</div>n";
include('inc/file_komm_form.php');
echo "<div class='foot'>n";
echo image_back()." <a href='?dir=$dir[id]".($dir['id']==0?"&id=$ank[id]":NULL)."'>В папку</a>n";
echo "</div>n";
ex_foot();
?>