Файл: comm/forum/files.php
Строк: 69
<?php
include_once '../../sys/inc/start.php';
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
if(isset($_GET['id_comm'])){
$id_comm = intval($_GET['id_comm']);
}else{
header("Location: /index.php");
}
$admin = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."'"));
$activate = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."' LIMIT 1"));
$comm = mysql_fetch_array(mysql_query('SELECT * FROM `community_comm` WHERE `id` = '.$id_comm.' LIMIT 1'));
if($id_comm==0 || $id_comm<0){
header("Location: err.php?err=fuck_haker");
}else if($comm['status']==2 && $activate['activate']==0){
header("Location: err.php?err=not_participant");
}else if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_ban` WHERE `id_user` = '$user[id]' AND `id_comm` = '$id' AND `time` > '$time'"), 0)!=0){
header('Location: ban.php?id='.$id);
}else if($id_comm!=$comm['id']){
header("Location: err.php?err=no_community");
}else{
if(isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_files` WHERE `id` = '".intval($_GET['id'])."' AND `id_comm` = '".$id_comm."'"),0)==1){
$file=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_files` WHERE `id` = '".intval($_GET['id'])."' AND `id_comm` = '".$id_comm."' LIMIT 1"));
if(is_file(H.'sys/comm/forum/'.$file['id'].'.frf') && $admin['uid']==$user['id'] && $admin['priv']==2 && isset($_GET['del'])){
if(isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL){
$link =$_SERVER['HTTP_REFERER'];
}else{
$link='/index.php';
}
mysql_query("DELETE FROM `comm_forum_files` WHERE `id` = '$file[id]' AND `id_comm` = '".$id_comm."' LIMIT 1");
unlink(H.'sys/comm/forum/'.$file['id'].'.frf');
if(isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL){
header("Location: $_SERVER[HTTP_REFERER]");
}else{
header("Location: index.php?id_comm=$id_comm");
}
}else if(is_file(H.'sys/comm/forum/'.$file['id'].'.frf')){
mysql_query("UPDATE `comm_forum_files` SET `count` = '".($file['count']+1)."' WHERE `id` = '$file[id]' AND `id_comm` = '".$id_comm."' LIMIT 1");
DownloadFile(H.'sys/comm/forum/'.$file['id'].'.frf', $file['name'].'.'.$file['ras'],ras_to_mime($file['ras']));
exit;
}
}else{
header("Refresh: 3; url=/index.php");
header("Content-type: text/html",NULL,404);
echo '<html><head><title>Ошибка 404</title><link rel="stylesheet" href="/style/themes/default/style.css" type="text/css"/>';
echo '</head><body><div class="body"><div class="err">Файл не найден.<br/><a href="/index.php">На главную</a></div></div></body></html>';
exit;
}
}
?>