Файл: soc-set/moduls/album/index.php
Строк: 151
<?php
require_once('../../core/start.php');
check_auth();
switch ($select) {
default:
head('Фотоальбомы');
panel();
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS." WHERE `user_id` = ?", array($user['user_id']));
echo DIV_LI . '<a href="'.HOME.'/album/user/'.$user['user_id'].'/"><b>Мои фотоальбомы</b> ['.$all.']</a>' . CLOSE_DIV;
if ($_POST['add'] && privilegy('album')) {
$name = html($_POST['name']);
if (empty($name)) {
echo DIV_ERROR . 'Введите название категории' . CLOSE_DIV;
} else {
DB::$dbs->query("INSERT INTO ".ALBUMS_CAT." (`name`) VALUES (?)", array($name));
header("Location: ".HOME."/album/");
}
}
echo DIV_BLOCK . '<b>Категории:</b>' . CLOSE_DIV;
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS_CAT."");
if ($all == 0) {
echo DIV_AUT . 'Категорий нет' . CLOSE_DIV;
} else {
$sql = DB::$dbs->query("SELECT * FROM ".ALBUMS_CAT." ORDER BY `id` DESC ");
while($cat = $sql -> fetch()) {
$albums = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS." WHERE `cat_id` = ? ", array($cat['id']));
$photos = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS_PHOTOS." WHERE `cat_id` = ? ", array($cat['id']));
echo DIV_LI . '<a href="'.HOME.'/album/'.$cat['id'].'/">'.$cat['name'].'</a> ['.$albums.' / '.$photos.']' . CLOSE_DIV;
}
}
if (privilegy('album')) {
echo DIV_AUT;
echo '<form action="#" method="POST">';
echo 'Новая категория:<br /><input type="text" name="name" />';
echo '<input type="submit" name="add" value="+" /></form>';
echo CLOSE_DIV;
}
$array = array('Фотоальбомы');
nav($array);
break;
case 'cat':
$cat = DB::$dbs->queryFetch("SELECT * FROM ".ALBUMS_CAT." WHERE `id` = ? ", array(abs(num($_GET['cat']))));
if (empty($cat)) {
head('Категория не найдена');
echo DIV_TITLE . 'Категория не найдена' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
} else {
head('Категория: ' . $cat['name']);
panel();
if (isset($_GET['del']) && privilegy('album')) {
if (!isset($_GET['go'])) {
echo DIV_LI . '<b>Подтвердите удаление:</b> <a href="?del&go">[Удалить]</a> <a href="'.HOME.'/album/'.$cat['id'].'/">[Нет]</a>' . CLOSE_DIV;
} else {
DB::$dbs->query("DELETE FROM ".ALBUMS_CAT." WHERE `id` = ? ", array($cat['id']));
header("Location: ".HOME."/album/");
}
}
if (isset($_GET['edit']) && privilegy('album')) {
if ($_POST['edit']) {
$name = html($_POST['name']);
if (empty($name)) {
echo DIV_ERROR . 'Введите название категории' . CLOSE_DIV;
} else {
DB::$dbs->query("UPDATE ".ALBUMS_CAT." SET `name` = ? WHERE `id` = ? ", array($name, $cat['id']));
header("Location: ".HOME."/album/".$cat['id']."/");
}
}
echo DIV_AUT;
echo '<form action="#" method="POST">';
echo 'Редактирование категории:<br /><input type="text" value="'.$cat['name'].'" name="name" />';
echo '<input type="submit" name="edit" value="Изменить" /></form>';
echo CLOSE_DIV;
}
if ($_POST['add']) {
$name = html($_POST['name']);
$info = html($_POST['info']);
if (empty($name)) {
echo DIV_ERROR . 'Введите название фотоальбома' . CLOSE_DIV;
} else {
DB::$dbs->query("INSERT INTO ".ALBUMS." (`cat_id`, `name`, `info`, `user_id`, `time`) VALUES (?, ?, ?, ?, ?)", array($cat['id'], $name, $info, $user['user_id'], time()));
header("Location: ".HOME."/album/".$cat['id']."/");
}
}
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS." WHERE `cat_id` = ?", array($cat['id']));
if (empty($all)) {
echo DIV_BLOCK . 'Фотоальбомы не созданы' . CLOSE_DIV;
} else {
$n = new Navigator($all,$config['write']['album_albums'],'cat='.$cat['id'].'&select=cat');
$sql = DB::$dbs->query("SELECT * FROM ".ALBUMS." WHERE `cat_id` = ? ORDER BY `id` DESC LIMIT {$n->start()}, ".$config['write']['album_albums']." ", array($cat['id']));
while($album = $sql -> fetch()) {
$photos = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS_PHOTOS." WHERE `album_id` = ? ", array($album['id']));
echo DIV_LI . '<a href="'.HOME.'/album/'.$cat['id'].'/'.$album['id'].'/">'.$album['name'].'</a> ['.$photos.'] ['.userLink($album['user_id']).']' . CLOSE_DIV;
}
echo $n->navi();
}
echo DIV_AUT;
echo '<form action="#" method="POST">';
echo 'Новый альбом:<br /><input type="text" name="name" /><br />';
echo 'Описание:<br /><textarea name="info"></textarea><br />';
echo '<input type="submit" name="add" value="Создать" /></form>';
echo CLOSE_DIV;
if (privilegy('album') && !empty($cat)) {
echo DIV_BLOCK;
echo '<a href="?edit">Редактировать категорию <b>'.$forum['name'].'</b></a><br />';
echo '<a href="?del">Удалить категорию <b>'.$forum['name'].'</b></a><br />';
echo CLOSE_DIV;
}
}
$array = array('Фотоальбомы');
nav($array);
break;
case 'album':
$cat = DB::$dbs->queryFetch("SELECT * FROM ".ALBUMS_CAT." WHERE `id` = ? ", array(abs(num($_GET['cat']))));
if (empty($cat)) {
head('Категория не найдена');
echo DIV_TITLE . 'Категория не найдена' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/album/">Фотоальбомы</a> / <b>Категория не найдена</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
$album = DB::$dbs->queryFetch("SELECT * FROM ".ALBUMS." WHERE `id` = ? ", array(abs(num($_GET['album']))));
if (empty($album)) {
head('Фотоальбом не найден');
echo DIV_TITLE . 'Фотоальбом не найден' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/album/">Фотоальбомы</a> / <b>Фотоальбом не найден</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
head('Фотоальбом:' . $album['name']);
echo DIV_TITLE . 'Фотоальбом: ' . $album['name'] . CLOSE_DIV;
if (!empty($_POST['upload']) && $album['user_id'] == $user['user_id']) {
if (isset($_FILES['photo']['name'])) {
foreach ($_FILES['photo']['name'] as $k=>$v) {
$name = $_FILES['photo']['name'][$k];
$ext = strtolower(strrchr($name, '.')); # Расширение файла
$pictures = array('.jpg', '.jpeg', '.gif', '.png'); # Допустимые расширения
$size = $_FILES['photo']['size'][$k]; # Вес файла
if (preg_match('/.phtml/i', $name) || preg_match('/.php/i', $name) || preg_match('/.pl/i', $name) || $name == '.htaccess' || !in_array($ext, $pictures)) {
} else {
$name_photo = md5(time() . rand(1,100)).$ext;
copy($_FILES['photo']['tmp_name'][$k], '../../files/album/'.$name_photo);
img_resize('../../files/album/'.$name_photo, '../../files/album/mini_'.$name_photo, $config['mini_photo_par'][0], $config['mini_photo_par'][1]); # Mini
DB::$dbs->query("INSERT INTO ".ALBUMS_PHOTOS." (`cat_id`, `album_id`, `url`, `user_id`, `size`, `type`, `time`) VALUES (?,?,?,?,?,?,?)", array($cat['id'], $album['id'], $name_photo, $user['user_id'], $size, $ext, time()));
}
}
}
header("Location: ".HOME."/album/".$cat['id']."/".$album['id']."/");
}
if (!empty($_GET['del'])) {
$photo = DB::$dbs->queryFetch("SELECT * FROM ".ALBUMS_PHOTOS." WHERE `id` = ? ", array(abs(num($_GET['del']))));
@unlink('../../files/album/' . $photo['url']);
@unlink('../../files/album/mini_' . $photo['url']);
DB::$dbs->query("DELETE FROM ".ALBUMS_PHOTOS." WHERE `id` = ? ", array(abs(num($_GET['del']))));
}
if (!empty($album['info'])) {
echo DIV_BLOCK . '<b>Описание:</b> ' . text($album['info']) . CLOSE_DIV;
}
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS_PHOTOS." WHERE `album_id` = ?", array($album['id']));
if ($all == 0) {
echo DIV_AUT . 'Фотографии не загружены' . CLOSE_DIV;
} else {
$n = new Navigator($all,$config['write']['album_photos'],'cat='.$cat['id'].'&album='.$album['id'].'&select=album');
$sql = DB::$dbs->query("SELECT * FROM ".ALBUMS_PHOTOS." WHERE `album_id` = ? ORDER BY `id` DESC LIMIT {$n->start()}, ".$config['write']['album_photos']." ", array($album['id']));
while($photo = $sql -> fetch()) {
echo DIV_BLOCK;
echo '<a href="'.HOME.'/files/album/'.$photo['url'].'"><img src="'.HOME.'/files/album/mini_'.$photo['url'].'" /></a><br />';
echo '<a href="'.HOME.'/files/album/'.$photo['url'].'">[Скачать]</a><br />';
echo get_size($photo['size']) . ' [' . $photo['type'] . ']<br />';
echo 'Загружен: [' . vrem($photo['time']) . ']<br />';
if ($photo['user_id'] == $user['user_id']) {
echo '<br /><a href="'.HOME.'/album/'.$cat['id'].'/'.$album['id'].'/?del='.$photo['id'].'">Удалить</a>';
}
echo CLOSE_DIV;
}
echo $n->navi();
}
if ($album['user_id'] == $user['user_id']) {
echo DIV_AUT;
echo '<form action="'.HOME.'/album/'.$cat['id'].'/'.$album['id'].'/" enctype="multipart/form-data" method="POST">';
echo '<b>Загрузить фотографии:</b> [Мультивыбор]<br /><input name="photo[]" type="file" multiple="true" /><br />';
echo '<input type="submit" name="upload" value="Загрузить" />';
echo '</form>';
echo CLOSE_DIV;
}
echo DIV_LI . '<a href="'.HOME.'/album/'.$cat['id'].'/">Вернуться назад</a>' . CLOSE_DIV;
$array = array('Фотоальбомы');
nav($array);
break;
case 'user':
$ank = DB::$dbs->queryFetch("SELECT * FROM ".USERS." WHERE `user_id` = ?",array(num($_GET['user'])));
if (empty($ank)) {
head('Пользователь не найден');
echo DIV_TITLE . 'Пользователь не найден' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
} else {
head('Фотоальбомы: ' . $ank['nick']);
panel();
echo DIV_BLOCK . 'Фотоальбомы: ' . $ank['nick']. CLOSE_DIV;
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS." WHERE `user_id` = ?", array($ank['user_id']));
if (empty($all)) {
echo DIV_BLOCK . 'Фотоальбомы не созданы' . CLOSE_DIV;
} else {
$n = new Navigator($all,$config['write']['album_albums'],'select=user&user='.$ank['user_id']);
$sql = DB::$dbs->query("SELECT * FROM ".ALBUMS." WHERE `user_id` = ? ORDER BY `id` DESC LIMIT {$n->start()}, ".$config['write']['album_albums']." ", array($ank['user_id']));
while($album = $sql -> fetch()) {
$photos = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".ALBUMS_PHOTOS." WHERE `album_id` = ? ", array($album['id']));
echo DIV_LI . '<a href="'.HOME.'/album/'.$album['cat_id'].'/'.$album['id'].'/">'.$album['name'].'</a> ['.$photos.'] ['.userLink($album['user_id']).']' . CLOSE_DIV;
}
echo $n->navi();
}
}
echo DIV_LI . '<a href="'.HOME.'/id'.$ank['user_id'].'">Вернуться на страницу</a>' . CLOSE_DIV;
$array = array('Фотоальбомы');
nav($array);
break;
}
require_once('../../core/stop.php');
?>