Файл: vsime.com/fotos/inc/act_download.php
Строк: 27
<?
$unique_code = "unique_code";
$get_unique_code = hsc($_GET['unique_code']);
$mdp_unique_code = hsc($_GET['mdp_unique_code']);
$q = mysqli_query($dbi, "SELECT * FROM `foto`");
while ($post = mysqli_fetch_array($q))
{
if (md5($post['id']) == my_esc(hsc(@$_GET['md5_id'])))$id_foto = $post['id'];
}
$foto = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `foto` WHERE `id` = '".intval(@$id_foto)."' AND `type` = 'foto'"));
if (@$foto['id'])
{
if ($get_unique_code != $unique_code || $mdp_unique_code != $mdp)
{
locon(" /fotos/?foto=$foto[id]");
exit();
}
$dir = dir_fotos_info($foto['id_dir']);
$ank = profile($foto['id_user']); // гг
if (!dir_fotos_access($dir, NULL, 1))
{
dir_fotos_access($dir, access_denied());
}
$foto['path'] = H."system/files/fotos/d$foto[id_dir]/".$foto['id'].".dat";
DownloadFile($foto['path'], $foto['name'].".".$foto['ras'], ras_to_mime($foto['ras']));
} else {
$text = "File not founded";
header("Content-type: image/png");
$image = imagecreate(200, 18);
$background_color = imagecolorallocate ($image, 255, 255, 255);
$count_chars = 2;
$black = imagecolorallocate($image, 255, 0, 0);
ImageString($image,6,$count_chars,1,$text,$black);
imagepng($image);
imagedestroy($image);
}
exit();
?>