Файл: soc-set/moduls/loads/edit.php
Строк: 171
<?php
require_once('../../core/start.php');
require_once('func.php');
require_once('../../core/class/id.php');
check_auth();
$folder = DB::$dbs->queryFetch("SELECT * FROM ".LOADS." WHERE `id` = ? ", array(abs(num($_GET['folder']))));
if (empty($folder)) {
head('Каталог не найден');
echo DIV_TITLE . 'Каталог не найден' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <b>Каталог не найден</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
$folderc = DB::$dbs->queryFetch("SELECT * FROM ".LOADS_CAT." WHERE `id` = ? ", array(abs(num($_GET['folderc']))));
if (empty($folderc)) {
head('Подкаталог не найден');
echo DIV_TITLE . 'Подкаталог не найден' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <b>Подкаталог не найден</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
$file = DB::$dbs->queryFetch("SELECT * FROM ".LOADS_FILE." WHERE `id` = ? ", array(abs(num($_GET['file']))));
if (empty($file)) {
head('Файл не найден');
echo DIV_TITLE . 'Файл не найден' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <b>Файл не найден</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
if (privilegy('zc') == FALSE) {
head('Ошибка доступа');
echo DIV_TITLE . 'Ошибка доступа' . CLOSE_DIV;
echo DIV_ERROR . 'Ошибка!' . CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <b>Ошибка доступа</b>' . CLOSE_DIV;
require_once('../../core/stop.php');
exit();
}
switch ($select) {
case 'screen':
head('Управление скриншотами файла: ' . $file['name']);
if (!empty($_GET['del'])) {
$scr = DB::$dbs->queryFetch("SELECT * FROM ".LOADS_SCREEN." WHERE `id` = ? ", array(abs(num($_GET['del']))));
unlink(HOME . '/files/loads/screen/'.$scr['url']);
DB::$dbs->query("DELETE FROM ".LOADS_SCREEN." WHERE `id` = ? ", array(abs(num($_GET['del']))));
header("Location: ".HOME."/loads/".$folder['id']."/".$folderc['id']."/".$file['id']."/edit/screen/");
}
if (!empty($_POST['upload'])) {
if (isset($_FILES['screen']['name']) && $folder['type'] > 3) {
foreach ($_FILES['screen']['name'] as $k=>$v) {
$name = $_FILES['screen']['name'][$k];
$ext = strtolower(strrchr($name, '.')); # Расширение файла
if (preg_match('/.php/i', $name) || preg_match('/.pl/i', $name) || $name == '.htaccess' || !in_array($ext, type(1))) {
} else {
$name_screen = md5(time() . rand(1,100)).$ext;
copy($_FILES['screen']['tmp_name'][$k], '../../files/loads/screen/'.$name_screen);
DB::$dbs->query("INSERT INTO ".LOADS_SCREEN." (`file_id`, `url`) VALUES (?,?)", array($file['id'], $name_screen));
}
}
}
header("Location: ".HOME."/loads/".$folder['id']."/".$folderc['id']."/".$file['id']."/edit/screen/");
}
echo DIV_TITLE . 'Управление скриншотами файла: ' . $file['name'] . CLOSE_DIV;
echo DIV_BLOCK;
$screens = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".LOADS_SCREEN." WHERE `file_id` = ? ", array($file['id']));
if (!empty($screens)) {
$sql = DB::$dbs->query("SELECT * FROM ".LOADS_SCREEN." WHERE `file_id` = ? ", array($file['id']));
while($screen = $sql -> fetch()) {
echo '<a href="'.HOME.'/files/loads/screen/'.$screen['url'].'"><img src="'.HOME.'/files/loads/screen/'.$screen['url'].'" wight="80" height="80" /></a> <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/screen/?del='.$screen['id'].'">[x]</a><br />';
}
} else {
echo 'Скриншоты не загружены';
}
echo CLOSE_DIV;
echo DIV_AUT;
echo '<form action="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/screen/" enctype="multipart/form-data" method="POST">';
echo '<b>Загрузить скриншоты:</b> [Мультивыбор]<br /><input name="screen[]" type="file" multiple="true" /><br />';
echo '<input type="submit" name="upload" value="Загрузить" />';
echo '</form>';
echo CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/">'.$folder['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/">'.$folderc['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/">'.$file['name'].'</a> / <b>Управление скриншотами</b>' . CLOSE_DIV;
break;
case 'edit':
head('Редактирование файла: ' . $file['name']);
if (!empty($_POST['edit'])) {
$name = html($_POST['name']);
$info = html($_POST['info']);
$lang = html($_POST['lang']);
if (empty($name)) {
echo DIV_ERROR . 'Заполните название' . CLOSE_DIV;
} else {
DB::$dbs->query("UPDATE ".LOADS_FILE." SET `name` = ?, `lang` = ?, `info` = ? WHERE `id` = ? ", array($name, $lang, $info, $file['id']));
echo DIV_MSG . 'Изменения приняты' . CLOSE_DIV;
}
}
echo DIV_TITLE . 'Редактирование файла: ' . $file['name'] . CLOSE_DIV;
echo DIV_AUT;
echo '<form action="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/edit/" enctype="multipart/form-data" method="POST">';
echo 'Отоброжать как [название]:<br /><input type="text" name="name" value="'.$file['name'].'" /><br /><br />';
echo 'Описание:<br /><textarea name="info" />'.$file['info'].'</textarea><br /><br />';
echo 'Язык:<br /><input type="text" name="lang" value="'.$file['lang'].'" /><br /><br />';
echo '<input type="submit" name="edit" value="Изменить" />';
echo '</form>';
echo CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/">'.$folder['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/">'.$folderc['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/">'.$file['name'].'</a> / <b>Редактирование файла</b>' . CLOSE_DIV;
break;
case 'ver':
head('Управление версиями файла: ' . $file['name']);
echo DIV_TITLE . 'Управление версиями файла: ' . $file['name'] . CLOSE_DIV;
if (!empty($_GET['del'])) {
$file_dop = DB::$dbs->queryFetch("SELECT * FROM ".LOADS_FILE_DOP." WHERE `id` = ? ", array(abs(num($_GET['del']))));
unlink(HOME . '/files/loads/files/'.$file_dop['url']);
DB::$dbs->query("DELETE FROM ".LOADS_FILE_DOP." WHERE `id` = ? ", array(abs(num($_GET['del']))));
header("Location: ".HOME."/loads/".$folder['id']."/".$folderc['id']."/".$file_dop['id']."/edit/ver/");
}
if (!empty($_GET['edit'])) {
$file_dop = DB::$dbs->queryFetch("SELECT * FROM ".LOADS_FILE_DOP." WHERE `id` = ? ", array(abs(num($_GET['edit']))));
if (!empty($_POST['edit'])) {
$name = html($_POST['name']);
$lang = html($_POST['lang']);
if (empty($name)) {
echo DIV_ERROR . 'Введите название' . CLOSE_DIV;
} else {
DB::$dbs->query("UPDATE ".LOADS_FILE_DOP." SET `name` = ?, `lang` = ? WHERE `id` = ? ", array($name, $lang, $file_dop['id']));
echo DIV_MSG . 'Изменения приняты' . CLOSE_DIV;
}
}
echo DIV_AUT;
echo '<form action="#" method="POST">';
echo 'Отоброжать как [название]:<br /><input type="text" name="name" value="'.$file_dop['name'].'" /><br /><br />';
echo 'Язык:<br /><input type="text" name="lang" value="'.$file_dop['lang'].'" /><br /><br />';
echo '<input type="submit" name="edit" value="Изменить" /></form>';
echo CLOSE_DIV;
}
if (!empty($_POST['upload'])) {
$file_name = html($_POST['name']);
$file_lang = html($_POST['lang']);
if (!empty($_FILES['file'])) {
$name = $_FILES['file']['name']; # Название файла
$ext = strtolower(strrchr($name, '.')); # Расширение файла
$size = $_FILES['file']['size']; # Вес файла
$file1 = time().$ext;
if (preg_match('/.php/i', $name) || preg_match('/.pl/i', $name) || $name == '.htaccess') {
$err .= 'Не верное расширение файла.<br />';
}
if (empty($file_name)) {
$file_name = html($_FILES['file']['name']);
}
if (empty($err)) {
copy($_FILES['file']['tmp_name'], '../../files/loads/files/'.$file1);
DB::$dbs->query("INSERT INTO ".LOADS_FILE_DOP." (`folder_id`, `folderc_id`, `file_id`, `name`, `url`, `time`, `size`, `lang`, `type`) VALUES
(?,?,?,?,?,?,?,?,?)", array($folder['id'], $folderc['id'], $file['id'], $file_name, $file1, time(), $size, $file_lang, $ext));
header("Location: ".HOME."/loads/".$folder['id']."/".$folderc['id']."/".$file['id']."/edit/ver/");
} else {
echo $err;
}
}
}
echo DIV_BLOCK;
$files = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".LOADS_FILE_DOP." WHERE `file_id` = ? ", array($file['id']));
if (!empty($files)) {
$sql = DB::$dbs->query("SELECT * FROM ".LOADS_FILE_DOP." WHERE `file_id` = ? ", array($file['id']));
while($dop = $sql -> fetch()) {
echo '<a href="'.HOME.'/files/loads/files/'.$dop['url'].'">'.$dop['name'].'</a> [Язык: '.$dop['lang'].' / Размер: '.get_size($dop['size']).' / '.$dop['type'].'] <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/ver/?del='.$dop['id'].'">[x]</a> <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/ver/?edit='.$dop['id'].'">[edit]</a><br />';
}
} else {
echo 'Дополнительные версии не загружены';
}
echo CLOSE_DIV;
echo DIV_AUT;
echo '<form action="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/edit/ver/" enctype="multipart/form-data" method="POST">';
echo '<b>Загрузить:</b><br />';
echo 'Отоброжать как [название]:<br /><input type="text" name="name" /><br />';
echo 'Язык:<br /><input type="text" name="lang" /><br />';
echo '<input name="file" type="file" /><br />';
echo '<input type="submit" name="upload" value="Загрузить" />';
echo '</form>';
echo CLOSE_DIV;
echo DIV_GO . '<a href="'.HOME.'/">Главная</a> / <a href="'.HOME.'/loads/">Загрузки</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/">'.$folder['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/">'.$folderc['name'].'</a> / <a href="'.HOME.'/loads/'.$folder['id'].'/'.$folderc['id'].'/'.$file['id'].'/">'.$file['name'].'</a> / <b>Управление версиями файла</b>' . CLOSE_DIV;
break;
case 'delete':
unlink(HOME . '/files/loads/files/'.$file['url']);
$sql = DB::$dbs->query("SELECT * FROM ".LOADS_FILE_DOP." WHERE `file_id` = ? ", array($file['id']));
while($dop = $sql -> fetch()) {
unlink('../../files/loads/files/'.$dop['url']);
}
DB::$dbs->query("DELETE FROM ".LOADS_FILE_DOP." WHERE `file_id` = ? ", array($file['id']));
DB::$dbs->query("DELETE FROM ".LOADS_RATING." WHERE `file_id` = ? ", array($file['id']));
DB::$dbs->query("DELETE FROM ".LOADS_COMM." WHERE `file_id` = ? ", array($file['id']));
DB::$dbs->query("DELETE FROM ".LOADS_FILE." WHERE `id` = ? ", array($file['id']));
header("Location: ".HOME."/loads/".$folder['id']."/".$folderc['id']."/");
break;
}
require_once('../../core/stop.php');
?>