Файл: photo.php
Строк: 981
<?php
require 'system/sid.php';
require 'system/config.php';
include 'system/user.php';
whorm(0, 'photo');
include 'system/head.php';
include 'system/navigator.php';
$do = (isset($_GET['do'])) ? $_GET['do'] : NULL;
switch($do) {
default:
echo $div_title . 'Альбомы' . $div_end . $div_menu . '
<b>Альбомы</b> |
<a href="photo.php?do=add">Создать</a> |
<a href="photo.php?do=upload">Добавить фотографию</a>
' . $div_end;
if (isset($_GET['edit'])) msg('Альбом изменен!');
if (isset($_GET['delete'])) msg('Альбом и фотографии в нем удалены!');
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'"), 0);
if ($count != FALSE) {
$n = new navigator($user['onp_albums'], 10, '?');
$result = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
$_div = 0;
while($a = mysql_fetch_assoc($result)) {
$num = mysql_result(mysql_query("SELECT COUNT(id) FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$a[id]'"), 0);
$in_al = mysql_fetch_array(mysql_query("SELECT `cover`, `rotate`, `path`, `block` FROM `albums` WHERE `cover` = '1' AND `type` = 'f' AND `cat` = '$a[id]' LIMIT 1"));
if (!empty($in_al[0])) {
echo ($in_al[3] == 1) ? '<img src="ico/block_photo.gif" alt=""/><br/>'
: '<img src="resize.php?img='.$in_al[2].'&width='.$user['onp_prevs'].'&height=0&i='.$in_al[1].'" alt=""/><br/>';
}
$e = '<a href="edit-ea-'.$a['id'].'"><img src="ico/edit.png" alt=""/></a> ';
$d = '<a href="delete-da-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a>';
$last = (!empty($a['last'])) ? '<br/>Обновлен: ' . itime($a['last'], 0) : '';
echo ($_div ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="ico/dir.gif" alt=""/> <a href="alb-album-'.$a['id'].'">' . $a['name'] . '</a> (' . $num . ') ' . $e . $d . ' <br/>Создан: ' . itime($a['date'], 0) . $last . $div_end . $block;
}
echo $n->navi();
} else {
echo 'Альбомы еще не созданы!<br/>';
}
break;
case ea:
echo $div_title . 'Альбомы' . $div_end . $div_menu . '
<a href="photo.php?">Альбомы</a>' . $div_end;
$a = my_int($_GET['a']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$a' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$in = mysql_fetch_assoc($sql);
if ($in['friend_looks'] == 1) $f_1 = 'checked="checked"';
else $f_2 = 'checked="checked"';
if ($in['friend_comm'] == 1) $k_1 = 'checked="checked"';
else $k_2 = 'checked="checked"';
$p = ($in['parol'] != 0) ? $in['parol'] : '';
echo '<FORM method="POST" action="photo.php?do=ea">
<label>Название:</label><br/>
<input type="text" name="name" value="' . $in['name'] . '"/>
<br/>
<label>Пароль: (только цыфры)</label><br/>
<input type="text" name="parol" value="' . $p . '"/>
<br/>
<label>Могут смотреть</label>
<br/>
<input type="radio" name="friend_looks" ' . $f_2 . ' value="0"/> Все
<input type="radio" name="friend_looks" ' . $f_1 . ' value="1"/> Только друзья
' . $block . '
<label>Комментировать могут</label>
<br/>
<input type="radio" name="friend_comm" ' . $k_2 . ' value="0"/> Все
<input type="radio" name="friend_comm" ' . $k_1 . ' value="1"/> Только друзья
' . $block . '
<input type="hidden" name="a" value="'.$a.'"/>
<input type="submit" name="save" value="Сохранить"/>
</FORM>';
}
if (isset($_POST['save'])) {
$a = my_int($_POST['a']);
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$parol = my_int($_POST['parol']);
$friend_looks = my_int($_POST['friend_looks']);
$friend_comm = my_int($_POST['friend_comm']);
if (empty($name)) {
err('Не заполнено имя альбома!');
} else {
mysql_query("UPDATE `albums` SET
`name` = '$name',
`parol` = '$parol',
`friend_looks` = '$friend_looks',
`friend_comm` = '$friend_comm'
WHERE `user` = '$user[id]' AND `type` = 'a' AND `id` = '$a' LIMIT 1");
header('Location: photo.php?edit');
}
}
break;
case da:
$a = my_int($_GET['a']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$a' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$name = mysql_fetch_assoc($sql);
echo $div_title . 'Удалить альбом' . $div_end . $div_menu . '
Вы действительно желаете удалить альбом <b>' . $name['name'] . '</b>?<br/>
<span class = "next"><img src = "ico/ok.png" alt = ""/> <a href = "photo.php?do=da_ok&al='.$a.'">Да</a></span>
<span class = "next"><img src = "ico/delete.png" alt = ""/> <a href = "photo.php?">Нет</a></span>
' . $div_end . '
<a href = "photo.php?">Назад</a>';
}
break;
case da_ok:
$al = my_int($_GET['al']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$al' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Такого альбома не существует или этот альбом не Ваш!');
} else {
$_sql = mysql_query("SELECT `id`, `path` FROM `albums` WHERE `cat` = '$al' AND `user` = '$user[id]' AND `type` = 'f'");
while($a = mysql_fetch_assoc($_sql)) {
// удаляем аватар если это он
if ($a['path'] == $user['img']) {
mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$user[id]' LIMIT 1");
}
// удаляем фотки с папки
if (file_exists($a['path'])) unlink($a['path']);
}
// удаляем комментарии
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$al'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$al'");
// удаляем фотки с базы
mysql_query("DELETE FROM `albums` WHERE `cat` = '$al' AND `user` = '$user[id]' AND `type` = 'f'");
// удаляем альбом
mysql_query("DELETE FROM `albums` WHERE `id` = '$al' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
}
header('Location: photo.php?delete');
break;
case add:
echo $div_title . 'Альбомы' . $div_end . $div_menu . '
<a href="photo.php?">Альбомы</a> |
<b>Создать</b> |
<a href="photo.php?do=upload">Добавить фотографию</a>
' . $div_end;
if (isset($_POST['ok'])) {
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$looks = my_int($_POST['looks']);
$comm = my_int($_POST['comm']);
if (empty($name)) {
err('Пустое название альбома!');
} elseif (!empty($_POST['passw']) && !ctype_digit($_POST['passw'])) {
err('Пароль нужно вводить цифрами!');
} else {
$passw = my_int($_POST['passw']);
mysql_query("INSERT INTO `albums` SET
`name` = '$name',
`parol` = '$passw',
`friend_looks` = '$looks',
`friend_comm` = '$comm',
`user` = '$user[id]',
`type` = 'a',
`date` = '" . time() . "'");
$lid = mysql_insert_id();
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_photos') == 1 && $user['fr_lenta_photos'] == 1 && $send['who'] != $user['id']) {
$message = cvetnik($user['id']) . ' создал новый <a href="u-u_album-'.$user['id'].'-'.$lid.'">альбом</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`uid` = 'album$lid',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
header('Location: photo.php?');
}
}
echo '<FORM method="POST" action="photo.php?do=add">
<label>Название альбома:</label><br/>
<input type="text" name="name"/>
<br/>
<label>Пароль: (можна оставить пустым)</label><br/>
<input type="password" name="passw"/>
<br/>
<label>Могут смотреть</label>
<br/>
<input type="radio" name="looks" checked="checked" value="0"/> Все
<input type="radio" name="looks" value="1"/> Только друзья
' . $block . '
<label>Комментировать могут</label>
<br/>
<input type="radio" name="comm" checked="checked" value="0"/> Все
<input type="radio" name="comm" value="1"/> Только друзья
' . $block . '
<input type="submit" name="ok" value="Создать"/>
</FORM>';
break;
case album:
$album = my_int($_GET['album']);
$em = mysql_query("SELECT * FROM `albums` WHERE `id` = '$album' AND `user` = '$user[id]' AND `type` = 'a' LIMIT 1");
$_inf = mysql_fetch_assoc($em);
echo $div_title . 'Альбомы' . $div_end . $div_menu . '
<a href="photo.php?">Альбомы</a> |
<b>' . $_inf['name'] . '</b> |
<a href="comm-comments-'.$album.'">Комментарии</a>
' . $div_end;
if (isset($_GET['cut']) || isset($_GET['edit'])) msg('Изменения успешно приняты!');
if (isset($_GET['new'])) msg('Фотография успешно загружена!');
if (mysql_num_rows($em) == FALSE) {
err('Альбома не существует!');
} else {
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM
`albums`
WHERE
`user` = '$user[id]'
AND
`type` = 'f'
AND
`cat` = '$album'"), 0);
$n = new navigator($count, $user['onp_photos'], 'album-'.$album.'&');
$in = mysql_query("SELECT `albums`.*,
(SELECT COUNT(id) FROM `koms_foto` WHERE `koms_foto`.`uid` = `albums`.`id`) AS c
FROM `albums` WHERE `albums`.`user` = '$user[id]' AND `albums`.`type` = 'f' AND `albums`.`cat` = '$album' ORDER BY `albums`.`id` ASC {$n->limit}");
if ($count != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($in)) {
$blk = ($a['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$a['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$a['rotate'].'" alt=""/>';
$a['name'] = (!empty($a['name'])) ? $a['name'] : 'Без описания';
$d = ' <a href="x-delete-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a>';
$e = ' <a href="redact-edit-'.$a['id'].'"><img src="ico/edit.png" alt=""/></a>';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="ph-photo-'.$album.'-'.$a['id'].'">
' . $blk . '</a><br/>' . $a['name'] . ' ' . $e . $d . '<br/>
<a href="ph-photo-'.$album.'-'.$a['id'].'">Комментарии (' . $a['c'] . ')</a>' . $div_end;
}
echo $n->navi();
} else {
echo 'Фотографии еще не загружены!<br/>';
}
}
echo '« <a href="photo.php?">Альбомы</a>';
break;
case delete:
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
if (mysql_num_rows($sql) != FALSE) {
$info = mysql_fetch_assoc($sql);
// удаляем аватар если это он
if ($info['path'] == $user['img']) mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$user[id]' LIMIT 1");
// удаляем фото
if (file_exists($info['path'])) unlink($info['path']);
// удаляем коммы
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$info[id]'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$info[id]'");
// удаляем фото с базы
mysql_query("DELETE FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: alb-album-' . $info['cat']);
} else {
err('Данной фотографии не существует!');
}
break;
case edit:
echo $div_title . 'Редактирование' . $div_end;
$x = my_int($_REQUEST['x']);
$sql = mysql_query("SELECT * FROM `albums` WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
$info = mysql_fetch_assoc($sql);
$aName = mysql_fetch_array(mysql_query("SELECT name FROM `albums` WHERE id = '$info[cat]' AND `type` = 'a' AND `user` = '$user[id]' LIMIT 1"));
echo $div_menu . '<a href="photo.php?">Альбомы</a> |
<b>' . $aName[0] . '</b> |
<a href="photo.php?do=upload">Добавить фотографию</a>' . $div_end;
if (isset($_POST['ok'])) {
$name = trim(mysql_real_escape_string(check($_POST['name'])));
$alb = my_int($_POST['alb']);
$cover = my_int($_POST['cover']);
if ($cover == 1) {
mysql_query("UPDATE `albums` SET `cover` = '' WHERE `user` = '$user[id]' AND `type` = 'f'");
}
// перемещение фотки
if ($info['cat'] != $alb) {
mysql_query("UPDATE albums SET cat = '$alb' WHERE id = '$x' AND type = 'f' AND user = '$user[id]' LIMIT 1");
header('Location: alb-album-'.$alb.'&cut');
} else {
// редактирование фотки
mysql_query("UPDATE `albums` SET `name` = '$name', `cover` = '$cover' WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: alb-album-'.$info['cat'].'&edit');
}
}
if (isset($_GET['rotate'])) {
$rotate = my_int($_GET['rotate']);
if ($rotate == 1 || $rotate == 2) {
if ($rotate == 1) $gr = 90;
elseif ($rotate == 2) $gr = -90;
mysql_query("UPDATE `albums` SET `rotate` = `rotate` + '$gr' WHERE `id` = '$x' AND `type` = 'f' AND `user` = '$user[id]' LIMIT 1");
header('Location: redact-edit-' . $x);
} else {
header('Location: redact-edit-' . $x);
}
}
$_cover = ($info['cover'] == 1) ? 'checked="checked"' : '';
if (mysql_num_rows($sql) != FALSE)
{
$blk = ($info['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$info['path'].'&width=96&height=0&i='.$info['rotate'].'" alt=""/>';
echo $div_tworazdel . '<a href="photo.php?do=edit&rotate=1&x='.$x.'">
<img src="ico/rotate_left.gif" alt=""/></a>
<a href="photo.php?do=edit&rotate=2&x='.$x.'">
<img src="ico/rotate_right.gif" alt=""/></a>
' . $div_end . $blk . '
<br/>
Добавлена: ' . itime($info['date'], 0) . '
<FORM method="POST" action="photo.php?do=edit">
<label>Описание:</label><br/>
<textarea name="name" cols="50" rows="5" style="width: 99%;">' . $info['name'] . '</textarea>
<br/>
<input type="checkbox" name="cover" ' . $_cover . ' value="1"/> Обложка альбома
<br/>
<label>Переместить в альбом:</label><br/>
<select name="alb">';
$from = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
while($a = mysql_fetch_assoc($from)) {
echo '<option value="' . $a['id'] . '">' . $a['name'] . '</option>';
}
echo '</select>
<input type="hidden" name="x" value="' . $x . '"/>
<br/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
} else {
err('Данной фотографии не существует!');
}
echo '<a href="photo.php?">Назад</a>';
break;
case comments:
echo $div_title . 'Комментарии' . $div_end . $div_menu . '
<a href="photo.php?">Альбомы</a> |
<a href="photo.php?do=upload">Добавить фотографию</a> |
<b>Комментарии</b>
' . $div_end;
$a = my_int($_GET['a']);
$sQl = mysql_query("SELECT `id` FROM `albums` WHERE `type` = 'a' AND `user` = '$user[id]' AND `id` = '$a' LIMIT 1");
if (mysql_num_rows($sQl) == FALSE) {
header('Location: photo.php?');
die();
}
$koms = mysql_result(mysql_query("SELECT COUNT(id) FROM `koms_foto` WHERE `album` = '$a' AND `komu` = '$user[id]'"), 0);
if ($koms != FALSE) {
$n = new navigator($koms, $user['onp_comments'], 'comm-comments-'.$a.'&');
$_in = mysql_query("SELECT `koms_foto`.*,(SELECT `path` FROM `albums` WHERE `koms_foto`.`uid` = `albums`.`id` AND `type` = 'f') AS c FROM `koms_foto` WHERE `komu` = '$user[id]' AND `album` = '$a' ORDER BY `id` ASC {$n->limit}");
$dv = 0;
while($q = mysql_fetch_assoc($_in)) {
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<table width="5" cellspacing="0" cellpadding="0" align="right">
<tr>
<td><img src="resize.php?img='.$q['c'].'&width=45&height=0" alt=""/></td>
</tr>
</table>';
echo us($q['user']) . '<br/>(' . itime($q['date'], 0) . ')<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии к данному альбому отсутствуют.<br/>';
}
echo '<a href="alb-album-'.$a.'">Назад</a>';
break;
case upload:
echo $div_title . 'Загрузить' . $div_end . $div_menu . '
<a href="photo.php?">Альбомы</a> |
<a href="photo.php?do=add">Создать</a> |
<b>Добавить фотографию</b>
' . $div_end;
if (isset($_POST['upl'])) {
$pictures = array('.gif', '.jpg', '.jpeg', '.png');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$par = @getimagesize($_FILES['file']['tmp_name']);
$fnames = $_FILES['file']['name'];
$alb = my_int($_POST['alb']);
$name = trim(mysql_real_escape_string(check($_POST['name'])));
if (empty($fnames)) {
err('Не выбрана фотография!');
}
elseif ($par[0] > 1600 || $par[1] > 1600) {
err('Большое расширение фотографии!');
}
elseif (preg_match('/(.php|.pl|.htaccess)/i', $fnames) || !in_array($ext, $pictures)) {
err('Запрещенный формат файла!');
}
elseif ($_FILES['file']['size'] > 1024 * 2 * 1024) {
err('Большой размер фотографии!');
}
elseif (empty($alb)) {
err('Не выбран альбом!');
}
else {
$foto = 'photos/img_' . mt_rand(100000, 999999) . $ext;
if ($ext != '.gif') {
$imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']));
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, $foto, 90);
} else {
copy($_FILES['file']['tmp_name'], $foto);
}
#chmod(basename($foto), 0777);
mysql_query("INSERT INTO `albums` SET
`user` = '$user[id]',
`path` = '$foto',
`name` = '$name',
`type` = 'f',
`cat` = '$alb',
`date` = '" . time() . "'");
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_photos') == 1 && $user['fr_lenta_photos'] == 1 && $send['who'] != $user['id']) {
$last_alb = mysql_fetch_assoc(mysql_query("SELECT `id`, `cat` FROM `albums` WHERE `type` = 'f' ORDER BY `id` DESC LIMIT 1"));
$message = cvetnik($user['id']) . ' загрузил новую <a href="iph-info-'.$user['id'].'-'.$last_alb['cat'].'-'.$last_alb['id'].'">фотографию</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`uid` = 'album$last_alb[id]',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
mysql_query("UPDATE `albums` SET `last` = '" . time() . "' WHERE `id` = '$alb' LIMIT 1");
header('Location: alb-album-' . $alb);
}
}
echo '<FORM ENCTYPE="multipart/form-data" action="photo.php?do=upload" method="POST">
<label>Фотография: (*max. 1600x1600px. 2Mb.)</label><br/>
<input name="file" type="file" accept="image/jpeg, image/png, image/gif"/>
<br/>
<label>Описание:</label><br/>
<input type="text" name="name" maxlength="50"/>
<br/>
<label>Выбрать альбом:</label><br/>
<select name="alb">';
$from = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'a'");
while($a = mysql_fetch_assoc($from)) {
echo '<option value="' . $a['id'] . '">' . $a['name'] . '</option>';
}
echo '</select>
<br/>
<input type="submit" name="upl" value="Загрузить"/>
</FORM>
« <a href="photo.php?">Альбомы</a>';
break;
case view:
$nk = my_int($_GET['nk']);
echo $div_title . 'Альбомы ' . us($nk) . ' ' . $div_end . $div_menu . '
<b>Альбомы</b>' . $div_end;
if ($user['id'] == $nk) {
header('Location: photo.php');
die();
}
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM `albums` WHERE `user` = '$nk' AND `type` = 'a'"), 0);
if ($count != FALSE) {
$n = new navigator($count, $user['onp_albums'], 'view-'.$nk.'&');
$result = mysql_query("SELECT * FROM `albums` WHERE `user` = '$nk' AND `type` = 'a'");
$i = 0;
while($a = mysql_fetch_assoc($result)) {
$in_al = mysql_fetch_array(mysql_query("SELECT `cover`, `rotate`, `path`, `block` FROM `albums` WHERE `cover` = '1' AND `type` = 'f' AND `cat` = '$a[id]' LIMIT 1"));
if (!empty($in_al[0])) {
echo ($in_al[3] == 1) ? '<img src="ico/block_photo.gif" alt=""/><br/>'
: '<img src="resize.php?img='.$in_al[2].'&width='.$user['onp_prevs'].'&height=0&i='.$in_al[1].'" alt=""/><br/>';
}
$last = (!empty($a['last'])) ? '<br/>Обновлен: ' . itime($a['last'], 0) : '';
$num = mysql_result(mysql_query("SELECT COUNT(id) FROM `albums` WHERE `user` = '$nk' AND `type` = 'f' AND `cat` = '$a[id]'"), 0);
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<img src="ico/dir.gif" alt=""/> <a href="u-u_album-'.$nk.'-'.$a['id'].'">' . $a['name'] . '</a> (' . $num . ')<br/>Создан: ' . itime($a['date'], 0) . $last . $div_end;
}
echo $n->navi();
} else {
echo 'У пользователя нет альбомов!<br/>';
}
}
echo '« <a href="photo.php?">Мои альбомы</a>';
break;
case photo:
$p = my_int($_GET['p']);
$a = my_int($_GET['a']);
echo $div_title . us($user['id']) . ' / Фотографии' . $div_end;
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'album$p' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'album$p' LIMIT 1");
}
//-------------------------------------------//
//----------------------------Слайд-Шоу----------------------------//
if (isset($_GET['next'])) {
$next = my_int($_GET['next']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$next' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$next' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$next' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} elseif (isset($_GET['back'])) {
$back = my_int($_GET['back']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$back' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$back' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$back' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} else {
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$p' AND user = '$user[id]' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$p' AND user = '$user[id]' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$p' AND user = '$user[id]' AND cat = '$a' ORDER BY id DESC LIMIT 1");
}
//----------------------------Слайд-Шоу----------------------------//
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$_i = getimagesize($inf['path']);
$size = filesize($inf['path']);
$size = get_size($size);
$mime = preg_replace('/image/(.*)/i', '1', $_i['mime']);
$ratG = mysql_result(mysql_query("SELECT SUM(`good`) FROM `rating_foto` WHERE uid = '$p' AND komu = '$user[id]'"), 0);
$ratB = mysql_result(mysql_query("SELECT SUM(`bad`) FROM `rating_foto` WHERE uid = '$p' AND komu = '$user[id]'"), 0);
$rat_1 = (empty($ratG)) ? 0 : $ratG;
$rat_2 = (empty($ratB)) ? 0 : $ratB;
// установка аватара
if (isset($_GET['cover'])) {
mysql_query("UPDATE `users` SET `img` = '$inf[path]' WHERE `id` = '$user[id]' LIMIT 1");
header('Location: edit.php?do=photo');
}
// вывод фото
echo ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$inf['rotate'].'" alt=""/>';
// если есть только "назад"
if (mysql_num_rows($sql_2) != false && mysql_num_rows($sql_1) == false) {
$inSql = mysql_fetch_assoc($sql_2);
echo '<br/><a href="back-photo-'.$a.'-'.$inSql['id'].'"><span class="next">«Назад</span></a>';
}
// если есть только "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) == false) {
$inSql = mysql_fetch_assoc($sql_1);
echo '<br/><a href="next-photo-'.$a.'-'.$inSql['id'].'"><span class="next">»Далее</span></a>';
}
// если есть "назад" и "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) != false) {
$inSql_1 = mysql_fetch_assoc($sql_1);
$inSql_2 = mysql_fetch_assoc($sql_2);
echo '<br/><a href="back-photo-'.$a.'-'.$inSql_2['id'].'"><span class="next">«Назад</span></a> |
<a href="next-photo-'.$a.'-'.$inSql_1['id'].'"><span class="next">»Далее</span></a>';
}
// маркеры
$num_marks = mysql_result(mysql_query("SELECT COUNT(id) FROM `mark` WHERE `uid` = '$p'"), 0);
if ($num_marks != FALSE) {
$count_marks = '•<a href="marks-'.$a.'-'.$inf['id'].'">На фото (' . $num_marks . ')</a><br/>';
}
// скачивание
$inf['name'] = (!empty($inf['name'])) ? $inf['name'] : 'Без описания';
$down = 'copy.php?img='.str_rot13(base64_encode($inf['path'])).'&i='.str_rot13(base64_encode($inf['rotate']));
if ($inf['block'] == 0) $sk4 = '<img src="ico/d.gif" alt=""/> <a href="'.$down.'">Скачать (' . $size . ')</a>';
echo $block . $div_razdel . '
Добавлена: ' . itime($inf['date'], 0) . '<br/>
Тип: ' . $mime . ' ' . $_i[0] . 'x' . $_i[1] . '<br/>
' . $div_end . $div_tworazdel . '
Общая оценка: ' . ($rat_1 + $rat_2) . '<br/>
Положительных голосов: ' . $rat_1 . '<br/>
Отрицательных голосов: ' . $rat_2 . '<br/>
' . $div_end . $div_razdel . '
Описание: ' . $inf['name'] . '
' . $div_end . '
[<a href="redact-edit-'.$inf['id'].'">ред</a>]
[<a href="x-delete-'.$inf['id'].'">удл</a>]
<br/>
[<a href="ph-photo-'.$a.'-'.$inf['id'].'&cover">установить на анкету</a>]
[<a href="ph-mark-'.$a.'-'.$inf['id'].'">отметить</a>]
' . $count_marks . '<br/>' . $sk4 . $block;
} else {
err('Фотография не найдена!');
}
if (isset($_GET['del'])) {
$del = my_int($_GET['del']);
$empt = mysql_query("SELECT `id` FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
if (mysql_num_rows($empt) != FALSE && $nk == $user['id'] || $user['level'] >= 2 && $user['level'] <= 5) {
mysql_query("DELETE FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
header('Location: ph-photo-'.$a.'-'.$p);
} else {
header('Location: ph-photo-'.$a.'-'.$p);
}
}
$koms = mysql_result(mysql_query("SELECT COUNT(id) FROM `koms_foto` WHERE `komu` = '$user[id]' AND `uid` = '$p'"), 0);
if ($koms != FALSE) {
$n = new navigator($koms, $user['onp_comments'], 'photo-'.$a.'-'.$p.'&');
$_in = mysql_query("SELECT * FROM `koms_foto` WHERE `komu` = '$user[id]' AND `uid` = '$p' ORDER BY `id` ASC {$n->limit}");
$_div = 0;
while($q = mysql_fetch_assoc($_in))
{
$otv = ' <a href="answ-ph-photo-'.$a.'-'.$p.'-'.$q['user'].'#down">[отв]</a>';
if ($nk == $user['id'] || $user['level'] >= 2 && $user['level'] <= 5) {
$dk = '<a href="ph-photo-'.$a.'-'.$p.'&del='.$q['id'].'"><img src="ico/delete.png" alt="x"/></a> ';
}
echo ($_div ++ % 2) ? $diw_tworazdel : $div_razdel;
echo $dk . us($q['user']) . $otv . '<br/>(' . itime($q['date'], 0) . ')<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии отсутствуют.<br/>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes))
{
err('Не заполнен комментарий!');
}
else
{
if (isset($_POST['komu']) && user_inf(my_int($_POST['komu']), 'comm_photos') == 1 && my_int($_POST['komu']) != $user['id']) {
$message = cvetnik($user['id']) . ' ответил на Ваш комментарий к <a href="iph-info-'.$user['id'].'-'.$a.'-'.$inf['id'].'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '" . my_int($_POST['komu']) . "',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$inf[id]',
`read` = '1'");
}
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $mes)) {
$mes = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $mes);
}
}
}
mysql_query("INSERT INTO `koms_foto` SET
`msg` = '$mes',
`uid` = '$inf[id]',
`album` = '$a',
`user` = '$user[id]',
`komu` = '$user[id]',
`date` = '" . time() . "'");
header('Location: ph-photo-'.$a.'-' . $inf['id']);
}
}
$Komu = (isset($_GET['k'])) ? '[b]Ответ: ' . user_inf(my_int($_GET['k']), 'user') . '[/b], ' : '';
echo '<a name="down"></a>
<FORM method="POST" action="ph-photo-'.$a.'-'.$inf['id'].'">
<label><b>Комментарий:</b></label>
<br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="hidden" name="komu" value="' . my_int($_GET['k']) . '"/>
<input type="submit" name="addkom" value="Добавить"/>
</FORM>';
echo '<a href="alb-album-'.$a.'">Назад</a>';
break;
case mark:
$ar = my_int($_GET['a']);
$p = my_int($_GET['p']);
echo $div_title . us($user['id']) . '/Отметить друга на фото' . $div_end;
$in = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$ar' AND `id` = '$p' LIMIT 1");
if (isset($_POST['submitForm']))
{
if (empty($_POST['block'])) {
header('Location: ph-photo-'.$ar.'-' . $p);
die();
}
foreach($_POST['block'] as $value) {
$sql = mysql_query("SELECT `id` FROM `mark` WHERE `uid` = '$p' AND `user` = '$user[id]' AND `who` = '$value' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'comm_photos') == 1 && $send['who'] != $user['id']) {
$message = cvetnik($user['id']) . ' отметил Вас на своей <a href="iph-info-'.$user['id'].'-'.$ar.'-'.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$p',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
mysql_query("INSERT INTO `mark` SET `uid` = '$p', `user` = '$user[id]', `who` = '$value'");
header('Location: ph-marks-'.$ar.'-' . $p);
}
header('Location: ph-marks-'.$ar.'-' . $p);
}
}
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$blk = ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width=96&height=0&i='.$inf['rotate'].'" alt=""/>';
echo $blk . '
<br/>
Добавлена: ' . itime($inf['date'], 0) . $block;
$look = mysql_query("SELECT DISTINCT `friends`.`who` FROM `friends` WHERE `zajavka` = '1' AND `user` = '$user[id]' AND NOT `who` IN(SELECT `who` FROM `mark` WHERE `user` = '$user[id]' AND `uid` = '$p')");
if (mysql_num_rows($look) != FALSE) {
while($a = mysql_fetch_assoc($look)) {
echo '<FORM method="POST" action="ph-mark-'.$ar.'-'.$p.'">';;
echo $div_tworazdel . '<input type="checkbox" name="block[]" value="'.$a['who'].'"/>' . us($a['who']) . $div_end;
}
echo '<input type="submit" name="submitForm" value="Отметить"/>
</FORM>';
} else {
echo 'Не найдено друзей, или Вы отметили всех Ваших друзей на фото.<br/>';
}
} else {
err('Фотография не найдена!');
}
echo $block . '<a href="ph-photo-'.$ar.'-'.$p.'">Назад</a>';
break;
case marks:
$ar = my_int($_GET['a']);
$p = my_int($_GET['p']);
echo $div_title . us($user['id']) . '/На фото' . $div_end;
$in = mysql_query("SELECT * FROM `albums` WHERE `user` = '$user[id]' AND `type` = 'f' AND `cat` = '$ar' AND `id` = '$p' LIMIT 1");
if (mysql_num_rows($in) != FALSE) {
$inf = mysql_fetch_assoc($in);
$blk = ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$inf['path'].'&width=96&height=0&i='.$inf['rotate'].'" alt=""/>';
echo $blk . '
<br/>
Добавлена: ' . itime($inf['date'], 0) . $block;
$num = mysql_result(mysql_query("SELECT COUNT(id) FROM `mark` WHERE `uid` = '$p' LIMIT 1"), 0);
if ($num != FALSE) {
$n = new navigator($num, 10, 'marks-'.$ar.'-'.$p.'&');
$i = 0;
$is = mysql_query("SELECT * FROM `mark` WHERE `uid` = '$p' ORDER BY `id` DESC {$n->limit}");
while($a = mysql_fetch_assoc($is)) {
if ($a['user'] == $user['id']) {
$x = ' <a href="dm-marks-'.$ar.'-'.$p.'-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a>';
}
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($a['who']) . $x . $div_end;
}
echo $n->navi();
} else {
echo 'Отметок не найдено.<br/>';
}
} else {
err('Фотография не найдена!');
}
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT `id` FROM `mark` WHERE `user` = '$user[id]' AND `id` = '$x' LIMIT 1");
if (mysql_num_rows($sql) != FALSE) {
mysql_query("DELETE FROM `mark` WHERE `user` = '$user[id]' AND `id` = '$x' LIMIT 1");
header('Location: marks-'.$ar.'-' . $p);
} else {
header('Location: marks-'.$ar.'-' . $p);
}
}
echo $block . '<a href="ph-photo-'.$ar.'-'.$p.'">Назад</a>';
break;
case u_album:
$nk = my_int($_GET['nk']);
$i = my_int($_GET['i']);
$em = mysql_query("SELECT * FROM `albums` WHERE `id` = '$i' AND `user` = '$nk' AND `type` = 'a' LIMIT 1");
$pas = mysql_fetch_assoc($em);
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE user = '$user[id]' AND `read` = '1' AND type = 'friends' AND uid = 'album$i' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE user = '$user[id]' AND `read` = '1' AND type = 'friends' AND uid = 'album$i' LIMIT 1");
}
//-------------------------------------------//
// удаление альбома (Админам)
if (isset($_GET['del_album'])) {
$empta = mysql_query("SELECT * FROM `albums` WHERE `type` = 'a' AND `id` = '$i' LIMIT 1");
if (mysql_num_rows($empta) != FALSE) {
if ($user['level'] == 4 || $user['level'] == 5) {
$Sql = mysql_query("SELECT * FROM `albums` WHERE `type` = 'f' AND `cat` = '$i' LIMIT 1");
while($in_sql = mysql_fetch_assoc($Sql)) {
if ($in_sql['path'] == user_inf($nk, 'img')) {
mysql_query("UPDATE `users` SET `img` = '' WHERE `id` = '$nk' LIMIT 1");
}
// удаление фото с папки
if (file_exists($in_sql['path'])) unlink($in_sql['path']);
}
// удаляем комментарии
mysql_query("DELETE FROM `koms_foto` WHERE `uid` = '$i'");
// удаляем рейтинг
mysql_query("DELETE FROM `rating_foto` WHERE `uid` = '$i'");
// удаление фото с бд
mysql_query("DELETE FROM `albums` WHERE `type` = 'f' AND `cat` = '$i' LIMIT 1");
mysql_query("DELETE FROM `albums` WHERE `type` = 'a' AND `id` = '$i' LIMIT 1");
header('Location: view-' . $nk);
} else {
err('Нет прав доступа!');
}
} else {
err('Альбома не существует!');
}
}
echo $div_title . us($nk, 'user') . ' / Фотографии' . $div_end . $div_menu . '
<a href="u-view-'.$nk.'-'.$i.'">Альбомы</a> |
<b>' . $pas['name'] . '</b>
' . $div_end;
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
if (mysql_num_rows($em) == FALSE) {
err('Альбома не существует!');
} else {
if ($user['level'] == 4 || $user['level'] == 5 && !empty($pas['parol'])) {
$_SESSION['parol'] = $pas['parol'];
}
if (isset($_POST['okpass'])) {
$fotopass = my_int($_POST['fotopass']);
if ($fotopass == $pas['parol']) {
$_SESSION['parol'] = $fotopass;
header('Location: u-u_album-'.$nk.'-'.$i);
} else {
err('Пароль неверный!');
}
}
if ($user['level'] < 4 && !empty($pas['parol']) && empty($_SESSION['parol']) || $user['level'] < 4 && !empty($pas['parol']) && $_SESSION['parol'] != $pas['parol']) {
err('Этот альбом защищен паролем!');
echo '<FORM method="POST" action="u-u_album-'.$nk.'-'.$i.'">
<label>Введите пароль:</label><br/>
<input type="text" name="fotopass"/>
<br/>
<input type="submit" name="okpass" value="Далее"/>
</FORM>';
include 'system/foot.php';
exit();
}
$fr = mysql_query("SELECT COUNT(id) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
AND
`zajavka` = '1'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if ($user['level'] < 4 && $pas['friend_looks'] == 1 && mysql_result($fr, 0) == FALSE) {
err('Данный альбом доступен только для друзей пользователя!');
include 'system/foot.php';
exit();
}
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM
`albums`
WHERE
`user` = '$nk'
AND
`type` = 'f'
AND
`cat` = '$i'"), 0);
$n = new navigator($count, $user['onp_photos'], 'u-u_album-'.$nk.'-'.$i.'&');
$in = mysql_query("SELECT `albums`.*,
(SELECT COUNT(id) FROM `koms_foto` WHERE `koms_foto`.`uid` = `albums`.`id`) AS c
FROM `albums` WHERE `albums`.`user` = '$nk' AND `albums`.`type` = 'f' AND `albums`.`cat` = '$i' ORDER BY `albums`.`id` ASC {$n->limit}");
if ($count != FALSE) {
$_div = 0;
while($a = mysql_fetch_assoc($in)) {
$blk = ($a['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>'
: '<img src="resize.php?img='.$a['path'].'&width='.$user['onp_prevs'].'&height=0&i='.$a['rotate'].'" alt=""/>';
$a['name'] = (!empty($a['name'])) ? '<br/>' . $a['name'] : '<br/>Без описания';
echo ($_div ++ % 2) ? $diw_tworazdel : $div_razdel;
echo '<a href="iph-info-'.$nk.'-'.$a['cat'].'-'.$a['id'].'">
' . $blk . '</a> ' . $a['name'] . '<br/>
<a href="iph-info-'.$nk.'-'.$a['cat'].'-'.$a['id'].'">Комментарии (' . $a['c'] . ')</a>' . $div_end;
}
echo $n->navi();
} else {
echo 'Нет фотографий в этом альбоме!' . $block;
}
}
}
if ($user['level'] == 4 || $user['level'] == 5) echo $block . '<img src="ico/delete.png" alt=""/>
<a href="u-u_album-'.$i.'-'.$nk.'&del_album">Удалить альбом</a>' . $block;
echo '« <a href="photo.php?">Мои альбомы</a>';
break;
case info:
$nk = my_int($_GET['nk']);
$p = my_int($_GET['p']);
$a = my_int($_GET['a']);
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE type = 'friends' AND user = '$user[id]' AND `read` = '1' AND uid = 'album$p' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE type = 'friends' AND user = '$user[id]' AND `read` = '1' AND uid = 'album$p' LIMIT 1");
}
unset($sqlLenta);
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE type = 'comments' AND user = '$user[id]' AND `read` = '1' AND uid = 'album$p' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE type = 'comments' AND user = '$user[id]' AND `read` = '1' AND uid = 'album$p' LIMIT 1");
}
//-------------------------------------------//
echo $div_title . us($nk) . ' / Фотографии' . $div_end;
if (!user_inf($nk)) {
err('Пользователь не найден!');
} else {
// удаление фотки админам
if (isset($_GET['del_f'])) {
$is_f = mysql_query("SELECT `id` FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
if (mysql_num_rows($is_f) != FALSE) {
$in_f = mysql_fetch_assoc($is_f);
if ($user['level'] == 4 || $user['level'] == 5) {
if (file_exists($in_f['path'])) unlink($in_f['path']);
mysql_query("DELETE FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
header('Location: u-u_album-'.$nk.'-'.$a);
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'system/foot.php';
exit();
}
}
// разблокировка фотки админам
if (isset($_GET['block_n'])) {
$is_f = mysql_query("SELECT `id`, block FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
if (mysql_num_rows($is_f) != FALSE) {
$if = mysql_fetch_assoc($is_f);
if ($if['block'] == 0)
{
err('Фотография не заблокирована!');
include '/system/foot.php';
exit();
}
if ($user['level'] < 4)
{
err('Нет прав!');
}
else
{
mysql_query("UPDATE `albums` SET `block` = '0', `why_block` = '', `who_block` = '' WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
$mess = 'Ваше <a href="ph-photo-'.$a.'-'.$p.'">фото</a> разблокировано Администратором ' . cvetnik($user['id']) . '!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$mess','" . time() . "','0','i')");
header('Location: iph-info-'.$nk.'-'.$a.'-' . $p);
}
} else {
err('Фотография не найдена!');
include_once 'system/foot.php';
exit();
}
}
// блокировка фотки админам
if (isset($_GET['block_f'])) {
$is_f = mysql_query("SELECT `id`, block FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
if (mysql_num_rows($is_f) != FALSE) {
$if = mysql_fetch_assoc($is_f);
if ($if['block'] == 1)
{
err('Фотография уже заблокирована!');
include '/system/foot.php';
exit();
}
if ($user['level'] == 4 || $user['level'] == 5) {
echo '<FORM method="POST" action="iph-info-'.$nk.'-'.$a.'-'.$p.'&block_ok">
<label>Укажите причину блокировки:</label>
<br/>
<input type="text" name="why" maxlength="50"/>
<br/>
<input type="submit" name="next" value="Блокировать"/>
</FORM>';
include_once 'system/foot.php';
exit();
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'system/foot.php';
exit();
}
}
// блокировка фотки админам
if (isset($_GET['block_ok'])) {
$is_f = mysql_query("SELECT `id` FROM `albums` WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
$why = trim(mysql_real_escape_string(check($_POST['why'])));
if (mysql_num_rows($is_f) != FALSE) {
$if = mysql_fetch_assoc($is_f);
if ($if['block'] == 1)
{
err('Фотография уже заблокирована!');
include '/system/foot.php';
exit();
}
if ($user['level'] == 4 || $user['level'] == 5) {
if (empty($why)) {
err('Не указана причина блокировки!');
} else {
mysql_query("UPDATE `albums` SET `block` = '1', `why_block` = '$why', `who_block` = '$user[id]' WHERE `cat` = '$a' AND `id` = '$p' AND `user` = '$nk' AND `type` = 'f' LIMIT 1");
$mess = 'Ваше <a href="ph-photo-'.$a.'-'.$p.'">фото</a> было заблокировано Администратором ' . cvetnik($user['id']) . ' за: ' . $why . '!';
mysql_query("INSERT INTO `letters` (`id`,`who`,`idwho`,`message`,`data`,`read`,`mod`)
VALUES (0,'0','$nk','$mess','" . time() . "','0','i')");
header('Location: iph-info-'.$nk.'-'.$a.'-' . $p);
}
} else {
err('Нет прав!');
}
} else {
err('Фотография не найдена!');
include_once 'system/foot.php';
exit();
}
}
//----------------------------Слайд-Шоу----------------------------//
if (isset($_GET['next'])) {
$next = my_int($_GET['next']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$next' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$next' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$next' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} elseif (isset($_GET['back'])) {
$back = my_int($_GET['back']);
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$back' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$back' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$back' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
} else {
$in = mysql_query("SELECT * FROM albums WHERE type = 'f' AND id = '$p' AND user = '$nk' AND cat = '$a' LIMIT 1");
$sql_1 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id > '$p' AND user = '$nk' AND cat = '$a' ORDER BY id ASC LIMIT 1");
$sql_2 = mysql_query("SELECT id FROM albums WHERE type = 'f' AND id < '$p' AND user = '$nk' AND cat = '$a' ORDER BY id DESC LIMIT 1");
}
//----------------------------Слайд-Шоу----------------------------//
if (mysql_num_rows($in) != FALSE) {
$_ps = mysql_fetch_array(mysql_query("SELECT `parol`, `id` FROM `albums` WHERE `id` = '$a' AND `user` = '$nk' AND `type` = 'a' LIMIT 1"));
if (!empty($_ps[0]) && $_SESSION['parol'] != $_ps[0]) {
header('Location: u-u_album-'.$nk.'-' . $_ps[1]);
die();
}
$inf = mysql_fetch_assoc($in);
$_i = getimagesize($inf['path']);
$size = filesize($inf['path']);
$size = get_size($size);
$ratG = mysql_result(mysql_query("SELECT SUM(`good`) FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk'"), 0);
$ratB = mysql_result(mysql_query("SELECT SUM(`bad`) FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk'"), 0);
$mime = preg_replace('/image/(.*?)/i', '1', $_i['mime']);
$rat_1 = (empty($ratG)) ? 0 : $ratG;
$rat_2 = (empty($ratB)) ? 0 : $ratB;
// положительный голос
if (isset($_GET['plus'])) {
$who = mysql_query("SELECT `id` FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk' AND `user` = '$user[id]' LIMIT 1");
$dupl = mysql_fetch_assoc($who);
if (mysql_num_rows($who) != FALSE) {
err('Вы уже голосовали за эту фотографию!');
} elseif ($nk == $user['id']) {
err('Вы не можете голосовать за свою фотографию!');
} else {
mysql_query("INSERT INTO `rating_foto` SET
`user` = '$user[id]',
`uid` = '$inf[id]',
`good` = '1',
`komu` = '$nk'");
if (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . cvetnik($user['id']) . ' отдал положительный голос к Вашей <a href="ph-photo-'.$a.'-'.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$p',
`read` = '1'");
}
header('Location: iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&vote');
}
}
// отрицательный голос
if (isset($_GET['minus'])) {
$who = mysql_num_rows(mysql_query("SELECT `id` FROM `rating_foto` WHERE `uid` = '$inf[id]' AND `komu` = '$nk' AND `user` = '$user[id]' LIMIT 1"));
if ($who != FALSE) {
err('Вы уже голосовали за эту фотографию!');
} elseif ($nk == $user['id']) {
err('Вы не можете голосовать за свою фотографию!');
} else {
mysql_query("INSERT INTO `rating_foto` SET
`user` = '$user[id]',
`uid` = '$inf[id]',
`bad` = '1',
`komu` = '$nk'");
if (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . cvetnik($user['id']) . ' отдал отрицательный голос к Вашей <a href="ph-photo-'.$a.'-'.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$p',
`read` = '1'");
}
header('Location: iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&vote');
}
}
if (isset($_GET['vote'])) msg('Ваш голос за эту фотографию учтен!');
// вывод фото
echo ($inf['block'] == 1) ? '<img src="ico/block_photo.gif" alt=""/>' : '<img src="resize.php?img='.$inf['path'].'&width=128&height=0&i='.$inf['rotate'].'" alt=""/>';
// если есть только "назад"
if (mysql_num_rows($sql_2) != false && mysql_num_rows($sql_1) == false) {
$inSql = mysql_fetch_assoc($sql_2);
echo '<br/><a href="backu-info-'.$nk.'-'.$a.'-'.$inSql['id'].'"><span class="next">«Назад</span></a>';
}
// если есть только "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) == false) {
$inSql = mysql_fetch_assoc($sql_1);
echo '<br/><a href="nextu-info-'.$nk.'-'.$a.'-'.$inSql['id'].'"><span class="next">»Далее</span></a>';
}
// если есть "назад" и "далее"
elseif (mysql_num_rows($sql_1) != false && mysql_num_rows($sql_2) != false) {
$inSql_1 = mysql_fetch_assoc($sql_1);
$inSql_2 = mysql_fetch_assoc($sql_2);
echo '<br/><a href="backu-info-'.$nk.'-'.$a.'-'.$inSql_2['id'].'"><span class="next">«Назад</span></a> |
<a href="nextu-info-'.$nk.'-'.$a.'-'.$inSql_1['id'].'"><span class="next">»Далее</span></a>';
}
// плюс / минус
if ($nk != $user['id']) {
$Votes = 'Оценить: <a href="iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&plus"><img src="ico/plus.png" alt="+"/></a>
<a href="iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&minus"><img src="ico/minus.png" alt="-"/></a>';
}
// скачивание
$inf['name'] = (!empty($inf['name'])) ? $inf['name'] : 'Без описания';
$down = 'copy.php?img='.str_rot13(base64_encode($inf['path'])).'&i='.str_rot13(base64_encode($inf['rotate']));
if ($inf['block'] == 0) $sk4 = '<img src="ico/d.gif" alt=""/> <a href="'.$down.'">Скачать (' . $size . ')</a>';
echo $block . '
Добавлена: ' . itime($inf['date'], 0) . '<br/>
Тип: ' . $mime . ' ' . $_i[0] . 'x' . $_i[1] . '<br/>
' . $div_tworazdel . '
Общая оценка: ' . ($rat_1 + $rat_2) . '<br/>
Положительных голосов: ' . $rat_1 . '<br/>
Отрицательных голосов: ' . $rat_2 . '<br/>
' . $Votes . '
' . $div_end . $div_razdel . '
Описание: ' . $inf['name'] . $div_end . $sk4 . $block;
if ($user['level'] == 4 || $user['level'] == 5) {
echo '<img src="ico/delete.png" alt=""/>
<a href="iph-info-'.$nk.'-'.$a.'-'.$p.'&del_f">Удалить фото</a>
<br/>
<img src="ico/delete.png" alt=""/>
' . ($inf['block'] == 0
? '<a href="iph-info-'.$nk.'-'.$a.'-'.$p.'&block_f">Блокировать фото</a>'
: '<a href="iph-info-'.$nk.'-'.$a.'-'.$p.'&block_n">Разблокировать фото</a>') . $block;
}
if (isset($_GET['del'])) {
$del = my_int($_GET['del']);
$empt = mysql_query("SELECT `id` FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
if (mysql_num_rows($empt) != FALSE && $nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
mysql_query("DELETE FROM `koms_foto` WHERE `id` = '$del' LIMIT 1");
header('Location: ph-info-'.$nk.'-'.$a.'-'.$inf['id']);
} else {
header('Location: ph-info-'.$nk.'-'.$a.'-'.$inf['id']);
}
}
$koms = mysql_result(mysql_query("SELECT COUNT(id) FROM `koms_foto` WHERE `komu` = '$nk' AND `uid` = '$inf[id]'"), 0);
if ($koms != FALSE) {
echo $div_razdel . 'Комментарии:' . $div_end;
$n = new navigator($koms, $user['onp_comments'], 'info-'.$nk.'-'.$a.'-'.$inf['id'].'&');
$_in = mysql_query("SELECT * FROM `koms_foto` WHERE `komu` = '$nk' AND `uid` = '$inf[id]' ORDER BY `id` DESC {$n->limit}");
$_div = 0;
while($q = mysql_fetch_assoc($_in)) {
$otv = ' <a href="iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&k='.$q['user'].'#down">[отв]</a>';
if ($nk == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
$dk = '<a href="iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'&del='.$q['id'].'"><img src="ico/delete.png" alt="x"/></a> ';
}
echo ($_div ++ % 2) ? $diw_tworazdel : $div_razdel;
echo $dk . us($q['user']) . $otv . '<br/>(' . itime($q['date'], 0) . ')<br/>' . smiles(bb_code($q['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментарии отсутствуют.<br/>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Не заполнен комментарий!');
} else {
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $message)) {
$message = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $message);
}
}
}
mysql_query("INSERT INTO `koms_foto` SET
`msg` = '$mes',
`uid` = '$inf[id]',
`album` = '$a',
`user` = '$user[id]',
`komu` = '$nk',
`date` = '" . time() . "'");
if (isset($_POST['komu']) && user_inf(my_int($_POST['komu']), 'comm_photos') == 1 && my_int($_POST['komu']) != $user['id']) {
$message = 'Пользователь ' . cvetnik($user['id']) . ' ответил на Ваш комментарий к <a href="iph-info-'.$nk.'-'.$a.'-'.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '" . my_int($_POST['komu']) . "',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$p',
`read` = '1'");
}
elseif (user_inf($nk, 'comm_photos') == 1 && $nk != $user['id']) {
$message = 'Пользователь ' . cvetnik($user['id']) . ' оставил комментарий к Вашей <a href="ph-photo-'.$a.'-'.$p.'">фотографии</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$nk',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'album$p',
`read` = '1'");
}
header('Location: iph-info-'.$nk.'-'.$a.'-'.$inf['id']);
}
}
$fr = mysql_query("SELECT `id` FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND `zajavka` = '1'");
$in_albm = mysql_fetch_array(mysql_query("SELECT `friend_comm` FROM `albums` WHERE `type` = 'a' AND `id` = '$inf[cat]'"));
if ($nk != $user['id'] && $in_albm[0] == 1 && mysql_num_rows($fr) != FALSE || $in_albm[0] == 0) {
$Komu = (isset($_GET['k'])) ? '[b]Ответ: ' . user_inf(my_int($_GET['k']), 'user') . '[/b], ' : '';
echo '<a name="down"></a>
<FORM method="POST" action="iph-info-'.$nk.'-'.$a.'-'.$inf['id'].'">
<label><b>Комментарий:</b></label><br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="hidden" name="komu" value="' . my_int($_GET['k']) . '"/>
<input type="submit" name="addkom" value="Добавить"/>
</FORM>';
}
} else {
err('Фотография не найдена!');
}
}
echo '<a href="u-u_album-'.$nk.'-'.$inf['cat'].'">Назад</a>';
break;
}
include 'system/foot.php';
?>