Файл: region_clean/fo/down.php
Строк: 265
<?php
#######################################
## Mod By KoT (borispol) [76-75-072] ##
#######################################
require_once "../start.php";
require_once "../sid.php";
header('Cache-Control: no-store, no-cache, must-revalidate');
if ($ver == "wml") header ("Content-type:text/vnd.wap.wml; charset=utf-8");
else header("Content-Type:text/html; charset=UTF-8");
require_once "../inc.php";
$link = connect_db();
list($row, $id, $ps, $fsize1, $fsize2) = check_login($link);
require_once "../version.php";
if ($ver == "wml") {
echo $xml;
echo $dtd;
echo "<wml>n
<head><meta http-equiv="Cache-Control" content="no-cache" forua="true"/></head>n
<card id="change" title="Wap обменник">n
<p>n";
} else {
echo "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="../css/$css.css"/>
<title>Wap обменник</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/></head><body>
<div align="left">n";
}
$fid = intval($fid);
function get_size($size)
{
if ($size < 1024) $size = $size.' б.';
if ($size > 1024 and $size < 1048576) $size = round($size / 1024, 1).' кб.';
if ($size >= 1048576) $size = round(($size / 1024) / 1024, 1).' мб.';
return $size;
}
echo $fsize1;
echo '<div class="c4">Wap обменник</div><br/>';
$type = trim($_GET['type']);
switch($_GET['page'])
{
default:
if ($type != 'pictures' and $type != 'music' and $type != 'video' and $type != 'themes' and $type != 'other' and $type != 'xxx-pictures' and $type != 'xxx-video')
{
echo 'Не выбран тип отображаемых файлов!<br/>';
echo "<a href='index.php?$ses'>Назад</a><br/>n";
}
$ext = check($_GET['ext']);
if (!empty($ext))
{
$sort = check($_GET['sort']);
if ($sort != 'time' and $sort != 'clicks' and $sort != 'rating') $sort = 'time';
if (empty($sort)) $sort = 'time';
if ($sort == 'time')
{
$sort2 = 'ORDER BY `time`';
}
elseif ($sort == 'clicks')
{
$sort2 = 'ORDER BY `clicks`';
}
$_type1 = array('pictures', 'music', 'video', 'themes', 'other', 'xxx-pictures', 'xxx-video');
$_type2 = array('Картинки', 'Музыка', 'Видео', 'Темы', 'Другое', 'XXX картинки', 'XXX видео');
$_type = str_replace($_type1, $_type2, $type);
echo '<small>Раздел: <u>'.$_type.'</u> » <u>'.strtoupper($ext).'</u></small><br/>';
if ($sort == 'time') echo '<small>Сортировать по: Дате|<a href="down.php?'.$ses.'&module=view&type='.$type.'&ext='.$ext.'&sort=clicks">Скачиванию</a></small><br/>';
echo $divide;
if ($sort == 'clicks') echo '<small>Сортировать по: <a href="down.php?'.$ses.'&module=view&type='.$type.'&ext='.$ext.'&sort=time">Дате</a>|Скачиванию</small><br/>';
echo $divide;
$pg = intval($_GET['pg']);
if (empty($pg)) $pg = 1;
if ($type == 'xxx-pictures' or $type == 'xxx-video')
$order = " and `xxx` = '1' ";
else
$order = " and `xxx` = '0' ";
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `type` = '".mysql_real_escape_string($type)."' AND `url` LIKE '%".mysql_real_escape_string($ext)."%';"), 0);
$max = $row['max'];
if (empty($max)) $max = 10;
$total = intval(($all + $max - 1) / $max);
if ($pg > $total) $pg = $total;
$start = $pg * $max - $max;
$start = intval($start);
$max = intval($max);
if ($sort != 'rating')
{
$query = mysql_query("SELECT * FROM `fo_files` WHERE `type` = '".mysql_real_escape_string($type)."' AND `url` LIKE '%".mysql_real_escape_string($ext)."%' ".mysql_real_escape_string($sort2)." DESC LIMIT $start, $max;");
}
else
{
$ext = mysql_real_escape_string(check($ext));
$type = check($type);
$query = mysql_query("SELECT *, `id` as aid FROM `fo_files` WHERE `type` = '$type' AND `url` LIKE '%".$ext."%' ORDER BY (SELECT COUNT(*) FROM `comments` WHERE `fid` = aid) DESC LIMIT $start, $max;");
}
$i = 0;
while($array = mysql_fetch_assoc($query))
{
$fid = $array['id'];
$title = mysql_real_escape_string(check($array['title']));
$info = mysql_real_escape_string(check($array['info']));
$clicks = intval($array['clicks']);
$time = date('d/m/Y в H:i', $array['time']);
$img = $array['url'];
if ($array['type'] == 'pictures' or $array['type'] == 'xxx-pictures')
echo '<img src="./files/'.$array['type'].'/'.$img.'" width="20" height="20"/>';
echo "<a href='down.php?$ses&module=view&page=info&type=$type&ext=$ext&fid=$fid'>$title</a><br/><small>[$info]</small><br/>Скачан: ".$clicks."<br/>n";
$i++;
}
if ($i == 0) echo 'Файлов нет!<br/>';
if ($total > 1)
{
echo "<br/>Страница ".$pg." из ".$total."<br/>
<form method='post' action='down.php?$ses&module=view&type$type&ext=$ext&sort=$sort'>n";
echo "стр.<input name='pg' maxlength='3' size='3'/> <input type='submit' value='»'/>
</form>n";
}
if ($pg != 1 and $pg > 0) echo '<a href="down.php?'.$ses.'&module=view&type='.$type.'&ext='.$ext.'&sort='.$sort.'&pg='.($pg - 1).'">Пред. стр.</a><br/>';
if ($pg != $total) echo '<a href="down.php?'.$ses.'&module=view&type='.$type.'&ext='.$ext.'&sort='.$sort.'&pg='.($pg + 1).'">След. стр.</a><br/>';
echo "<br/><a href='down.php?$ses&module=view&type=$type'>Назад</a><br/>n";
}
else
{
if ($type == 'xxx-pictures')
{
$ext = array('gif', 'jpg', 'jpeg', 'bmp', 'png', 'wbmp', 'pic', 'ani', 'pco');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%' AND `xxx` = '1';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=xxx-pictures&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif ($type == 'xxx-video')
{
$ext = array('3gp', 'mp4', 'avi', 'mpeg', 'rm');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%' AND `xxx` = '1';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=xxx-video&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif ($type == 'pictures')
{
$ext = array('gif', 'jpg', 'jpeg', 'bmp', 'png', 'wbmp', 'pic', 'ani', 'pco');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%' AND `xxx` = '0';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=pictures&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif ($type == 'music')
{
$ext = array('mmf', 'mid', 'amr', 'mp3', 'wav', 'aac', 'seq', 'vox', 'dxm', 'imy', 'emy', 'pmd', 'rng');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=music&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif ($type == 'video')
{
$ext = array('3gp', 'mp4', 'avi', 'mpeg', 'rm');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%' AND `xxx` = '0';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=video&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif($type == 'themes')
{
$ext = array('sis', 'sisx', 'thm', 'sdt', 'nth', 'mtf', 'col', 'scs', 'utz');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=themes&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
elseif ($type == 'other')
{
$ext = array('zip', 'rar', 'cab', 'sis', 'sisx', 'jar', 'jad');
for($i = 0; $i < count($ext); $i++)
{
$ext[$i] = mysql_real_escape_string(check($ext[$i]));
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `fo_files` WHERE `url` LIKE '%.".$ext[$i]."%';"), 0);
echo "<img src='images/dir.gif' alt='»'/> <a href='down.php?$ses&module=view&type=other&ext=".$ext[$i]."'>".strtoupper($ext[$i])."</a> ($count)<br/>";
}
}
echo '<br/>';
}
break;
case 'info':
$pr = mysql_fetch_array(mysql_query("SELECT * FROM `fo_files` WHERE `id`='".$fid."'"));
$parol = $pr['parol'];
if ($passw != $parol and !$_POST['komm']) {
if (!isset($passw) != $parol) echo '<font color = "#ff0000">Неверный пароль!</font>';
echo "<form method="post" action="down.php?$ses&module=view&page=info&type=$type&ext=$ext&fid=$fid">
Файл защищен паролем*:<br/>
<input name="passw" type="password" maxlength="15" title="passw"/><br/>
<input type="submit" class="ibutton" name="passwd" value="OK"/></form>";
if ($row['level'] >= 7)
{
echo '[<a href="down.php?'.$ses.'&module=view&page=info&type='.$type.'&delete='.$fid.'">удалить</a>]<br/>';
}
break;
}
$fid = intval($_GET['fid']);
if ($config['admin'] == $info['login'])
{
$delete = intval($_GET['delete']);
if ((!empty($delete)) and ($row['level'] >= 7))
{
$query1 = mysql_query("SELECT * FROM `fo_files` WHERE `id` = '".$delete."'");
$array1 = mysql_fetch_array($query1);
$img = $array1['url'];
$flag = unlink ("./files/".$array1['type']."/".$img."");
mysql_query("DELETE FROM `fo_files` WHERE `id` = '".$delete."';");
#echo 'Удалено!<br/>';
#header("Location: down.php?module=view&type=".$_GET['type']."&ext=".$_GET['ext']."");
}
}
$query = mysql_query("SELECT * FROM `fo_files` WHERE `id` = '".$fid."'");
if (mysql_affected_rows() > 0)
{
$array = mysql_fetch_array($query);
$url1 = $array['type'].'/'.$array['url'];
$title = check($array['title']);
$info2 = check($array['info']);
$time = date('d/m/Y в H:i', $array['time']);
$ltime = date('d/m/Y в H:i', $array['ltime']);
$clicks = check($array['clicks']);
$author = check($array['author']);
$authors = check($array['author']);
$size = @filesize('files/'.$url1);
$size = get_size($size);
echo "<b>".$title."</b><br/> <small>".$info2."</small><br/>n";
echo $divide;
if ($array['type'] == 'pictures' or $array['type'] == 'xxx-pictures')
{
$x = @getimagesize('files/'.$url1);
if ($x[0] > 0 and $x[1] > 0)
{
if (!file_exists('tmp/'.$url1)) @copy('files/'.$url1, 'tmp/'.$array['url']);
$img = $array['url'];
echo '<img src="./files/'.$array['type'].'/'.$img.'" width="100" height="100"/><br/>';
}
}
if ($row['level'] >= 7)
{
echo '[<a href="down.php?'.$ses.'&module=view&page=info&type='.$type.'&delete='.$array['id'].'">удалить</a>]<br/><br/>';
}
echo 'Размер: <u>'.$size.'</u><br/>';
if ($array['type'] == 'pictures' or $array['type'] == 'xxx-pictures') echo 'Разрешение: <u>'.$x[0].'x'.$x[1].'</u><br/>';
echo 'Загружен: <u>'.$time.'</u><br/>';
echo 'Скачиваний: <u>'.(int)$clicks.'</u><br/>';
if ($clicks > 0) echo 'Посл. раз скачан: <u>'.$ltime.'</u><br/>';
echo 'Загрузил:';
$q = mysql_query("select * from users where id='".check($author)."';");
$author = mysql_fetch_array($q);
if ($ver != "wml") echo "<a href="../search.php?$ses&go=view$takep2&nick=".$author['user'].""> <b>".col_n($author['user'])."</b></a><br/><br/>n";
echo "<img src='images/link.png' alt='»'/> n";
echo "<a href="down.php?$ses&page=down&file=http://".$_SERVER['HTTP_HOST']."/fo/files/".$array['type']."/".$array['url']."&size=".filesize('files/'.$url1)."&fid=".$fid."&id_users=".$row['id']."">Скачать</a><br/>n";
echo "<img src='images/link.png' alt='»'/> n";
echo '<a href="../myzakl.php?'.$ses.'&mod=file&z='.$array['type'].'&f='.$ext.'&n='.$fid.'">В закладки</a><br/>';
$num = mysql_num_rows(mysql_query("SELECT * FROM `myzakl` WHERE `namef`='".intval($fid)."'"));
echo 'В закладках у: '.$num.' чел.<br/>';
$count_k = mysql_num_rows(mysql_query("SELECT * FROM `comments` WHERE `fid`='".(int)$fid."'"));
echo '<a href="down.php?page=comm&'.$ses.'&type='.$array['type'].'&fid='.$fid.'">Комм.</a> ('.$count_k.')<br/><br/>';
echo 'URL:';
echo '<input name="url" value="http://'.$_SERVER['HTTP_HOST'].'/fo/files/'.$array['type'].'/'.$array['url'].'"/><br/>';
echo $divide;
}
else
{
echo 'Файл удален!<br/>';
echo "<a href='down.php?$ses&module=view&type=".$_SESSION['type']."'>Назад</a><br/>n";
}
break;
case 'comm':
if (!is_numeric($fid)) { header('Location: index.php?isset=403'); }
$fid = intval($fid);
if (!empty($_POST['text']))
{
$text = mysql_real_escape_string(check($text));
$info['id'] = intval($info['id']);
$query = mysql_query("SELECT `id` FROM `comments` WHERE `fid`='$fid' AND `who` = '".$info['id']."' AND `text`='$text';");
if (mysql_affected_rows() == 0)
{
$time = mysql_result(mysql_query("SELECT `time` FROM `comments` WHERE `fid`='$fid' ORDER BY `id` DESC LIMIT 1;"), 0);
if (time() - $time > 30)
{
$fid = intval($fid);
$who = mysql_real_escape_string(check($who));
$text = mysql_real_escape_string(check($text));
mysql_query("UPDATE `users` SET count_komm_fl=`count_komm_fl`+'1' WHERE id='".$row['id']."'");
mysql_query("INSERT INTO `comments` (`fid`, `who`, `time`, `text`) VALUES ('$fid', '".$row['user']."', '".time()."', '$text');");
echo '<small>Комментарий добавлен</small><br/>';
}
else
{
echo '<small>Ты не можешь добавлять комментарии так часто.</small><br/>';
}
}
}
echo "<form method='post' action='down.php?$ses&page=comm&type=$type&ext=$ext&fid=$fid'>
<input name='text' maxlength='256'/> <input type='submit' class='ibutton' name='komm' value='Добавить'/>
</form>n";
$pg = intval($_GET['pg']);
if (empty($pg)) $pg = 1;
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `comments` WHERE `fid`='$fid'"), 0);
$max = 4;
$total = intval(($all + $max - 1) / $max);
if ($pg > $total) $pg = $total;
$start = $pg * $max - $max;
$start = intval($start);
$max = intval($max);
$query = mysql_query("SELECT * FROM `comments` WHERE `fid` = '$fid' ORDER BY `time` DESC LIMIT $start, $max;");
$i = 0;
while($array = mysql_fetch_assoc($query))
{
$time = date('d/m/Y в H:i', $array['time']);
$text = mysql_real_escape_string(check($array['text']));
$del_c = '<a href="down.php?'.$ses.'&page=delcom&tid='.$array['id'].'">[x]</a>';
if ($ver != "wml")
echo "<img src='images/link.png' alt='»'/>
$del_c <a href="../search.php?$ses&go=view$takep2&nick=".$array['who'].""><b>".col_n($array['who'])."</b></a>
<small>[$time]</small><br/>
$text<br/>n";
else echo "<img src='images/link.png' alt='»'/>
$del_c <b>".$array['who']."</b>
<small>[$time]</small><br/>
$text<br/>n";
$i++;
}
if ($i == 0) echo 'Комментариев нет!<br/>';
if ($pg != 1 and $pg > 0) echo '<br/><a href="down.php?'.$ses.'&module=view&page=comm&type='.$type.'&ext='.$ext.'&fid='.$fid.'&pg='.($pg - 1).'">Пред. стр.</a>';
if ($pg != $total) echo '<br/><a href="down.php?'.$ses.'&module=view&page=comm&type='.$type.'&ext='.$ext.'&fid='.$fid.'&pg='.($pg + 1).'">След. стр.</a>';
echo "<br/><a href='down.php?$ses&module=view&page=info&type=".$_GET['type']."&ext=$ext&fid=$fid'>Назад</a><br/>n";
break;
case 'delcom':
if (mysql_query("DELETE FROM `comments` WHERE `id`='".intval($tid)."' LIMIT 1")) {
echo 'Коммент удален!<br/>';
} else {
die('Произошла ошибка...');
}
break;
case 'down':
$file = $_GET['file'];
$id_users = intval($_GET['id_users']);
$size = $_GET['size'];
$fid = intval($_GET['fid']);
mysql_query("UPDATE `fo_files` SET `clicks` = `clicks` + 1, `ltime` = '".time()."' WHERE `id` = '$fid';");
mysql_query("UPDATE users SET `count_dw_file`=`count_dw_file`+1 WHERE id='$id_users'");
mysql_query("UPDATE users SET `count_click_file_size`=`count_click_file_size`+".$size." WHERE id='$id_users'");
header('Location: '.$file.'');
break;
}
echo $fsize2;
echo $fsize1;
echo "<div class = 'd1'><a href="index.php?$ses">Обменник</a><br/>n
<a href="../enter.php?$ses">Прихожая</a></div>n";
include_once "../foot.php";
exit;
?>