Файл: public_html/modules/work/file.php
Строк: 174
<?
/**********************************
* @package: cssliga.ru *
* @year: 2013 *
* @author: AIIeJIbCiH4iK *
* @link: http://cssliga.ru *
* ------------------------------- */
if(isset($_GET['id']) && $db->query("SELECT * FROM `portfel_work` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->rowCount() == 1)
{
$fo = $db->query("SELECT * FROM `portfel_work` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->fetch();
$foldref = $db->query("SELECT * FROM `portfel_folder` WHERE `id` = '". $fo['refid'] ."' LIMIT 1")->fetch();
} else {
$title = 'Ошибка';
$locate = 'in_portfolio';
require_once(SYS.'/view/header.php');
$tpl->div('title', 'Ошибка');
echo '<div class="menu">Нету такой работы</div>';
require_once(SYS.'/view/footer.php');
exit;
}
if(isset($_GET['act']) && $_GET['act'] == 'add') {
if(!empty($_POST['text'])) {
$text = substr(input($_POST['text']), 0, 5000);
} else { $err = ''.$lang->word('chat_mess_n').''; }
if(isset($user)) { $userid = $user['id']; } else { $userid = '0'; }
$s = $db->query("SELECT * FROM `portfel_komm` WHERE `user_id` = '". $user['id'] ."' AND `time` > '". (time()-$system['spam']) ."'")->rowCount();
if ($s>0) {
header('location: /work/file?id='.$fo['id'].'&act=spam');
} else {
if(!isset($err)) {
$db->query("UPDATE `users` SET `balans` = '".($user['balans']+$system[balans_chat])."' WHERE `id` = '".$user['id'] . "'");
$db->query("INSERT INTO `portfel_komm` SET `text` = '$text', `refid` = '$fo[id]', `user_id` = '$userid', `time` = '". time() ."'");
if($db->query("SELECT * FROM `notify` WHERE `user_id` = '". $user['id'] ."' AND `type` = 'notify_work_reply' AND `request_id` = '".$fo['id']."'")->rowCount() == 0)
{
$db->query("INSERT INTO `notify` SET `user_id` = '".$fo['user']."', `from_id` ='". $user['id'] ."', `request_id` = '".$fo['id']."', `type` = 'notify_work_reply', `read` = '0', `time` = '". time() ."'");
// print_r($db->errorInfo());
$db->query("UPDATE `notify` SET `read` = '0', `time` = '". time() ."' WHERE `user_id` = '".$fo['user']."' AND `from_id` = '". $user['id'] ."' AND `type` = 'notify_work_reply' AND `request_id` = '".$fo['id']."'");
// print_r($db->errorInfo());
}
else
{
$db->query("UPDATE `notify` SET `from_id` = '". $user['id'] ."', `read` = '0', `time` = '". time() ."' WHERE `type` = 'notify_work_reply' AND `request_id` = '".$fo['id']."' AND `user_id` != '".$fo['user']."'");
// print_r($db->errorInfo());
}
header('location: /work/file?id='.$fo['id'].'');
exit;
} else {
$tpl->div('error', $err);
}
}
}
if(isset($_GET['act']) && $_GET['act'] == 'delete') {
$mini_chat_del = $db->query("SELECT * FROM `portfel_komm` WHERE `id` = '".$_GET['uid']."'")->fetch();
if(($_GET['uid'] != 0 || !empty($_GET['uid'])) && $user['level'] >= 5 || $user['level'] == 2 || $mini_chat_del['user_id'] == $user['id']) {
$db->query("DELETE FROM `portfel_komm` WHERE `id` = '". abs(intval($_GET['uid'])) ."'");
header('location: /work/file?id='.$fo['id'].'');
exit;
} else { $tpl->div('error', $lang->word('chat_not_g')); }
}
if(isset($_GET['act']) && $_GET['act'] == 'edit') {
if(isset($_POST['edit'])) {
if(!empty($_POST['text'])) {
$text = substr(input($_POST['text']), 0, 5000);
$db->query("UPDATE `portfel_komm` SET `text` = '". $text ."' WHERE `id` = '".abs(intval($_GET['uid']))."'");
}
header('location: /work/file?id='.$fo['id'].'');
exit;
}
}
$title = $fo['name'];
$locate = 'in_portfolio';
require_once(SYS.'/view/header.php');
$tpl->div('title', ''. $fo['name'].'');
$mp = $db->query("SELECT * FROM `portfel_scr` WHERE `refid` = '". abs(intval($_GET['id'])) ."' ORDER BY id");
if($user['id'] == $fo['user']) {
$tpl->div('menu', '<a href="file?scr&id='.$fo['id'].'"> Добавить скриншот</a> | <a href="file?scrdel&id='.$fo['id'].'"> Удаление скриншот</a>');
$tpl->div('menu', '<a href="file?editfo&id='.$fo['id'].'"> Изменить </a> | <a href="file?del&id='.$fo['id'].'"> Удалить</a>');
// удаление скринов
if(isset($_GET['scrdel_ok'])) {
$de_scr = $db->query("SELECT * FROM `portfel_scr` WHERE `id` = '". abs(intval($_GET['scrdel_ok'])) ."' LIMIT 1")->fetch();
$file_dir = ROOT .'/files/port/';
$key22 = $file_dir .''. $de_scr['url'];
unlink($key22);
$db->query("DELETE FROM `portfel_scr` WHERE `id` = '". abs(intval($_GET['scrdel_ok'])) ."'");
$tpl->div('menu', 'Удалено <br /><a href="file?id='.$fo['id'].'&scrdel"> Продолжить</a>');
require_once(SYS.'/view/footer.php');
exit();
}
// вывод скринов для удаления
if(isset($_GET['scrdel'])) {
echo '<div class="menu">';
while($ps = $mp->fetch())
{
echo '<a href="'. $ps['url'] .'"><img src="/files/port/'. $ps['url'] .'" alt="" width="60" /></a><a href="file?id='. $fo['id'] .'&scrdel_ok='. $ps['id'] .'">Удалить</a><br />';
}
echo '</div>';
}
// добавление скриншотов
if(isset($_GET['scr'])) {
# директория файлов
$file_dir = ROOT .'/files/port/';
if ($_FILES['scr']['tmp_name']) {
# Инфа о файле
$patch = pathinfo($_FILES['scr']['name']);
// Проверка верности расширения
if (!in_array($patch['extension'], explode(';', 'png;jpg;jpeg;gif;'))) $err .= 'Запрещенное расширение скриншотов.<br />';
if (!isset($err)) {
# Уникальное имя файла
$key = md5('scr' . time());
$key1 = ''. substr($key, 0, 15) .'.'. $patch['extension'];
$key2 = $file_dir .''. $key1;
# Копирование файла
move_uploaded_file($_FILES['scr']['tmp_name'] , $key2);
# Сохраняем данные
$db->query("INSERT INTO `portfel_scr` SET `user` = '".$user['id']."', `url` = '".$key1."', `refid` = '".abs(intval($_GET['id']))."'");
$tpl->div('menu', 'Скриншот загружен <br /><a href="file?id='.$fo['id'].'"> Продолжить</a>');
require_once(SYS.'/view/footer.php');
exit();
}
}
$scr_count=$db->query("SELECT * FROM `portfel_scr` WHERE `refid` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->rowCount();
if($scr_count < 5) {
echo '<div class="menu">
<form enctype="multipart/form-data" method="post" method="post" action="file?id='. $fo['id'] .'&scr">
Скриншот : *<br /><input type="file" name="scr" accept="image/*, image/gif, image/png, image/jpeg" />
<input type="submit" name="edit" value="Загрузить" />
</div>
</form>';
}
else
{
echo '<div class="menu">Достигнут предел количества скриншотов</div>';
}
}
// изменение работы
if(isset($_GET['editfo'])) {
if(isset($_POST['save'])) {
$name = substr(input($_POST['name']), 0, 200);
$text = substr(input($_POST['text']), 0, 1000);
$time_abb = substr(input($_POST['time_abb']), 0, 200);
$status = substr(abs(intval($_POST['status'])), 0, 2);
$rub = substr(abs(intval($_POST['rub'])), 0, 200);
if (mb_strlen($text) < 3 || mb_strlen($text) > 1000) $err.= 'Недопустимая длина описания!';
if (mb_strlen($name) < 3 || mb_strlen($name) > 200) $err.= 'Недопустимая длина названия!';
if(isset($err)){$tpl->div('error', $err); }
else {
$db->query("UPDATE `portfel_work` SET `name` = '".$name."', `text` = '".$text."', `time_abb` = '".$time_abb."', `status` = '".$status."', `rub` = '".$rub."' WHERE `id` = '".$fo['id']."'");
$tpl->div('menu', 'Работа успешно изменена <br /><a href="file?id='.$fo['id'].'"> Продолжить</a>');
require_once(SYS.'/view/footer.php');
exit();
}
}
echo '<div class="post">
<form action="?editfo&id='.$fo['id'].'" method="post">
<u>Название</u>: <br/>
<input type="text" name="name" value="'.$fo['name'].'"/><br/>
<u>Цена</u>:<br />
<input type="text" name="rub" value="'.$fo['rub'].'"/><br/>
<u>Затрачено времени</u>:<br />
<input type="text" name="time_abb" value="'.$fo['time_abb'].'"/><br/>
<u>Статус</u>:<br />
<select name="status">
<option value="1" '.($fo['status'] == '1' ? 'selected="selected"' : NULL).'>Продано</option>
<option value="2" '.($fo['status'] == '2' ? 'selected="selected"' : NULL).'>На продажу</option>
<option value="2" '.($fo['status'] == '3' ? 'selected="selected"' : NULL).'>Не продается</option>
</select><br/>
<u>Описание</u>: <br/>
<textarea rows="5" cols="30" name="text">'.$fo['text'].'</textarea><br/>
<input name="save" type="submit" value="Создать" />
</form>
</div>
';
}
if(isset($_GET['del'])) {
echo '<div class="menu"> Вы уверены ? <br /> <a href="file?ok&id='.$fo['id'].'">Да</a> | <a href="file?id='.$fo['id'].'">Нет</a> </div>';
}
if(isset($_GET['ok'])) {
$db->query("DELETE FROM `portfel_work` WHERE `id` = '". $fo['id'] ."'");
$ab = $db->query("SELECT * FROM `portfel_scr` WHERE `refid` = '". $fo['id'] ."' ORDER BY id");
while($sssk = $ab->fetch())
{
$db->query("DELETE FROM `portfel_scr` WHERE `id` = '". $sssk['id'] ."'");
$key22 = $file_dir .''. $sssk['url'];
unlink($key22);
}
$tpl->div('menu', 'Работа удалена <br /><a href="port/"> Продолжить</a>');
require_once(SYS.'/view/footer.php');
exit;
}
}
echo '
<div class="menu">
<b>Категория</b>: <a href="/work/foler?id='.$foldref['id'].'">'.$foldref['name'].'</a> <br /> <b>Статус</b>: ';
if($fo['status'] == 1) echo 'Продано<br />';
if($fo['status'] == 2) echo 'На продажу<br />';
if($fo['status'] == 3) echo 'Не продается<br />';
echo '<b>Цена</b>: '.$fo['rub'].' руб<br />
<b>Затрачено времени</b>: '.$fo['time_abb'].'<br />
<b>Добавлено</b>: '.rtime($fo['time']).' <br />';
while($ps = $mp->fetch())
{
echo '<a href="/files/port/'. $ps['url'] .'"><img src="/files/port/'. $ps['url'] .'" alt="" width="60" /></a><br />';
}
echo '<b>Описание</b>: '.$fo['text'].' <br /></div>';
$tpl->div('title', 'Комментарии');
if(isset($_GET['act']) && $_GET['act'] == 'edit') {
$mini_chat_ed = $db->query("SELECT * FROM `portfel_komm` WHERE `id` = '".$_GET['uid']."'")->fetch();
if(($_GET['uid'] != 0 || !empty($_GET['uid'])) && $user['level'] >= 5 || $user['level'] == 2 || $mini_chat_ed['user_id'] == $user['id']) {
$tpl->div('title', $lang->word('edit_post'));
echo '<form action="/work/file?id='.$fo['id'].'&act=edit&uid='.$_GET['uid'].'" method="post">
<div class="menu">
<b>'. $lang->word('message') .'</b>:<br/>
<textarea name="text">'.$mini_chat_ed['text'].'</textarea><br/>
<input name="edit" type="submit" value="'. $lang->word('edit') .'" /><br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/work/file?id='.$fo['id'].'">К работе</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
exit;
} else { $tpl->div('error', $lang->word('chat_not_g')); }
}
if(isset($_GET['act']) && $_GET['act'] == 'spam') {
$tpl->div('block', $lang->word('spam') .' <b>'.$system['spam'].'</b> '.$lang->word('sec'));
}
echo '<div class="menu">'.$lang->word('chat_write_mess').':<br/>';
require_once(SYS.'/inc/bb.php');
echo '<form action="/work/file?act=add&id='.$fo['id'].'" method="post">
<textarea name="text" id="view_bar">'.(isset($_GET['reply']) ? '[b]'.tnick(abs(intval($_GET['reply']))).'[/b], ' : NULL).'</textarea><br/>
[ <a href="/pages/smiles.php">'. $lang->word('smiles') .'</a> | <a href="/pages/tags.php">'. $lang->word('tags') .'</a> ]<br/><input type="submit" value="'. $lang->word('chat_mess_send') .'" /> <a href="/work/" title="'. $lang->word('update') .'">'.img('refresh.png').'</a>
</form>
</div>';
$portfel_komm = $db->query("SELECT * FROM `portfel_komm` WHERE `refid` = '".$fo['id']."'")->rowCount();
$pages = new Paginator($portfel_komm, $ames);
if($portfel_komm == 0) {
$tpl->div('menu', $lang->word('chat_not_mess'));
} else {
$komm = $db->query("SELECT * FROM `portfel_komm` WHERE `refid` = '".$fo['id']."' ORDER BY `time` DESC LIMIT $start, $ames");
while($km = $komm->fetch()) {
$tpl->div('post', nick($km['user_id']) .' ('. rtime($km['time']) .') <span style="float:right">'.($km['user_id'] != $user['id'] ? ' <a href="/work/file?id='.$fo['id'].'&reply='.$km['user_id'].'" title="'. $lang->word('reply') .'">'. img('reply_11.png').'</a> ':NULL) .' '.($user['level'] >= 5 || $user['level'] == 2 || $km['user_id'] == $user['id'] ? ' <a href="/work/file?id='.$fo['id'].'&act=delete&uid='.$km['id'].'" title="'. $lang->word('delete') .'">'. img('delete_11.png').'</a> <a href="/work/file?id='.$fo['id'].'&act=edit&uid='.$km['id'].'" title="'. $lang->word('edit') .'">'. img('edit_11.png').' </a>' : NULL).'</span><br/>
'.output($km['text']));
}
$pages->view('/work/file?id='.$fo['id'].'&');
}
// Комментарии
$tpl->div('block', '<a href="folder?id='.$fo['refid'].'">В папку</a> | <a href="port?id='.$fo['user'].'">В портфолио</a>');
$tpl->div('block', HICO .'<a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
?>