Файл: modules/downloads/index.php
Строк: 214
<?php
$module = 'downloads';
require_once 'core/recursion.php';
switch ($act) {
case 'index':
$total = DB::run()->querySingle("select count(`id`) from `downloads_categs` where `parentid` = 0;");
if ($total)
{
$query = DB::run()->query("select * from `downloads_categs` where `parentid` = 0 ORDER BY `order`");
}
$totalFiles = DB::run()->querySingle("select count(`id`) from `downloads_posts` where `categid` = 0;");
if ($totalFiles)
{
$pages = ceil($totalFiles / $config['ipp']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$start = ($page - 1) * $config['ipp'];
$queryFiles = DB::run()->query("select * from `downloads_posts` where `categid` = 0 ORDER BY `time` desc limit $start, $config[ipp];");
}
$config['newtitle'] = $lang['Downloads'];
$tpl['file'] = 'downloads';
require_once 'core/header.php';
break;
case 'viewcateg':
$categ = DB::run()->queryFetch("select * from `downloads_categs` where `id` = ?;", array($id));
if ($categ)
{
$totalSubCateg = DB::run()->querySingle("select count(`id`) from `downloads_categs` where `parentid` = ?;", array($categ['id']));
if ($totalSubCateg)
{
$query = DB::run()->query("select * from `downloads_categs` where `parentid` = ? ORDER BY `order`", array($categ['id']));
}
$totalFiles = DB::run()->querySingle("select count(`id`) from `downloads_posts` where `categid` = ?;", array($categ['id']));
if ($totalFiles)
{
$pages = ceil($totalFiles / $config['ipp']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$start = ($page - 1) * $config['ipp'];
$queryFiles = DB::run()->query("select * from `downloads_posts` where `categid` = ? ORDER BY `time` DESC LIMIT $start, $config[ipp];", array($categ['id']));
}
$config['newtitle'] = $categ['name'];
$tpl['title'] = '<a href="/downloads">'.$lang['Downloads'].'</a> '.showPath(getPath($categ['id'])).' » '.$categ['name'];
$tpl['file'] = 'downloads_viewcateg';
require_once 'core/header.php';
}
else
{
redirect(HTTPHOME);
}
break;
case 'viewfile':
$file = DB::run()->queryFetch("select * from `downloads_posts` where `id` = ?;", array($id));
if ($file)
{
$config['newtitle'] = $file['name'];
$path = FALSE;
if ($file['categid'])
{
$categ = DB::run()->queryFetch("select `name`, `foldername` from `downloads_categs` where `id` = ?;", array($file['categid']));
$path = fpath($file['categid']).$categ['foldername'].'/';
}
$filepath = 'uploads/downloads/'.$path.$file['filename'];
$tpl['title'] = '<a href="/downloads">'.$lang['Downloads'].'</a> '.fpath($file['categid'], 1).' '.($file['categid'] ? '» <a href="/downloads/viewcateg'.$file['categid'].'">'.$categ['name'].'</a>' : FALSE).' » '.$file['name'];
if (access('downloads_editpost'))
{
$tpl['title'] .= ' <a href="/downloads/editfile'.$file['id'].'">{LANG.Edit_}</a>';
}
if (access('downloads_delpost'))
{
$tpl['title'] .= ' <a href="/downloads/delfile'.$file['id'].'">{LANG.DEL}</a><br>';
}
$tpl['file'] = 'downloads_viewfile';
require_once 'core/header.php';
}
else
{
redirect('/downloads');
}
break;
case 'upload':
if (!is_auth()) redirect('/login');
$file = isset($_FILES['file']) ? check($_FILES['file']) : FALSE;
$categid = isset($_POST['categid']) ? abs(intval($_POST['categid'])) : FALSE;
$name = isset($_POST['name']) ? check($_POST['name']) : FALSE;
$message = isset($_POST['message']) ? check($_POST['message']) : FALSE;
$keystring = isset($_POST['keystring']) ? check($_POST['keystring']) : FALSE;
if ($file && $name && $keystring)
{
if (mb_strlen($name, $charset) <= 50)
{
if ($file['name'] && $file['size'] > 0)
{
if ($file['size'] <= 1000 * 1000 * $config['max_filesize'])
{
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
$allowed_ext = explode(',', $config['allowed_ext']);
if (in_array($ext, $allowed_ext))
{
if (isset($_SESSION['captcha_keystring']) && $_SESSION['captcha_keystring'] === $keystring)
{
$filename = str_to_en($file['name']);
$filename = str_replace($ext, '', $filename);
$filename = check($filename.'.'.$ext);
$exists = DB::run()->querySingle("select count(`id`) from `downloads_posts` where `name` = ? or `filename` = ?;", array($name, $filename));
if (!$exists)
{
$path = FALSE;
if ($categid)
{
$categ = DB::run()->queryFetch("select * from `downloads_categs` where `id` = ?;", array($categid));
if ($categ)
{
$path = showfpath(getfpath($categ['id'])).$categ['foldername'].'/';
}
}
if (@copy($_FILES['file']['tmp_name'], 'uploads/downloads/'.$path.$filename))
{
DB::run()->query("insert into `downloads_posts` set `categid` = ?, `userid` = ?, `name` = ?, `filename` = ?, `message` = ?, `time` = ?;", array($categid, $u['id'], $name, $filename, $message, TIME));
unset($_SESSION['captcha_keystring']);
$fileid = DB::run()->lastinsertid();
redirect('/downloads/viewfile'.$fileid);
}
else
{
$_SESSION['note'] = $lang['Unable_to_upload_file'];
}
}
else
{
$_SESSION['note'] = $lang['The_file_already_exists'];
}
}
else
{
$_SESSION['note'] = $lang['The_verification_code_is_incorrect'];
}
}
else
{
$ext = $ext ? '"'.$ext.'"' : FALSE;
$lang['File_extension_not_allowed'] = str_replace('%ext%', $ext, $lang['File_extension_not_allowed']);
$_SESSION['note'] = $lang['File_extension_not_allowed'];
}
}
else
{
$_SESSION['note'] = $lang['The_uploaded_file_likely_exceeded_the_maximum_file_size'];
}
}
else
{
$_SESSION['note'] = $lang['The_filename_is_incorrent'];
}
}
else
{
$_SESSION['note'] = $lang['The_name_exceeds_the_maximum_number_of_characters_allowed'];
}
}
$module = 'downloads';
require_once 'core/recursion.php';
$config['newtitle'] = $lang['Upload'];
$tpl['title'] = '<a href="/downloads">'.$lang['Downloads'].'</a> » '.$lang['Upload'];
$tpl['file'] = 'downloads_upload';
require_once 'core/header.php';
break;
case 'delfile':
$file = DB::run()->queryFetch("select * from `downloads_posts` where `id` = ?;", array($id));
if ($file)
{
$confirm = isset($_POST['confirm']) ? 1 : FALSE;
if ($confirm)
{
require_once 'core/recursion.php';
$path = 'uploads/downloads/';
if ($file['categid'])
{
$categ = DB::run()->queryFetch("select `id`, `foldername` from `downloads_categs` where `id` = ?;", array($file['categid']));
$path .= fpath($categ['id']).$categ['foldername'].'/';
}
if (@unlink($path.'/'.$file['filename']) or !file_exists($path.'/'.$file['filename']))
{
DB::run()->query("delete from `downloads_posts` where `id` = ?;", array($file['id']));
$redirect = $file['categid'] ? '/viewcateg'.$file['categid'] : FALSE;
redirect('/downloads'.$redirect);
}
else
{
$_SESSION['note'] = $lang['Unable_to_delete_file'];
redirect('/downloads/viewfile'.$file['id']);
}
}
$config['newtitle'] = $lang['Delete_file'];
$tpl['title'] = '<a href="/downloads">'.$lang['Downloads'].'</a> » '.$lang['Upload'];
$tpl['file'] = 'confirm';
require_once 'core/header.php';
}
else
{
redirect('/downloads');
}
break;
}