Файл: comm/obmen/index.php
Строк: 187
<?php
include_once '../../sys/inc/start.php';
if(isset($_GET['showinfo']) || !isset($_GET['f']) || isset($_GET['komm'])){
include_once '../../sys/inc/compress.php';
}
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
if(isset($_GET['id_comm'])){
$id_comm = intval($_GET['id_comm']);
}else{
header("Location: /index.php");
}
$admin = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."'"));
$activate = mysql_fetch_array(mysql_query("SELECT * FROM `community_user_incomm` WHERE `cid` = '$id_comm' AND `uid` = '".$user['id']."' LIMIT 1"));
$comm = mysql_fetch_array(mysql_query('SELECT * FROM `community_comm` WHERE `id` = '.$id_comm.' LIMIT 1'));
$dir = mysql_fetch_array(mysql_query("SELECT * FROM `comm_obmen_dir` WHERE `dir` = '".esc($_GET['d'])."' AND `id_comm` = '".$id_comm."'"));
$ft=esc(urldecode($_GET['f']));
$namet=eregi_replace('.[^.]*$', NULL, $ft);
$file_t = mysql_fetch_array(mysql_query("SELECT * FROM `comm_obmen_files` WHERE `name` = '".$namet."' AND `id_comm` = '".$id_comm."'"));
if($id_comm==0 || $id_comm<0){
header("Location: err.php?err=fuck_haker");}
else if($comm['status']==2 && $activate['activate']==0){
header("Location: err.php?err=not_participant");
}else if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_ban` WHERE `id_user` = '$user[id]' AND `id_comm` = '$id' AND `time` > '$time'"), 0)!=0){
header('Location: ban.php?id='.$id);
}else if($id_comm!=$comm['id']){
header("Location: err.php?err=no_community");
}else if($dir['dir']!=esc($_GET['d'])){
header("Location: err.php?err=no_dir");
}else if($file_t['name']!=$namet){
header("Location: err.php?err=no_file");
}else{
if(isset($_GET['d']) && esc($_GET['d'])!=NULL){
$l=ereg_replace(".{2,}",NULL,esc(urldecode($_GET['d'])));
$l=ereg_replace("./|/.",NULL,$l);
$l=ereg_replace("(/){1,}","/",$l);
$l='/'.ereg_replace("(^(/){1,})|((/){1,}$)","",$l);
}else{
$l='/';
}
if($l=='/'){
$dir_id['upload']=0;
$id_dir=0;
$l='/';
}else if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_obmen_dir` WHERE `dir` = '/$l' OR `dir` = '$l/' OR `dir` = '$l' AND `id_comm` = '$id_comm' LIMIT 1"),0)!=0){
$dir_id=mysql_fetch_array(mysql_query("SELECT * FROM `comm_obmen_dir` WHERE `dir` = '/$l' OR `dir` = '$l/' OR `dir` = '$l' AND `id_comm` = '$id_comm' LIMIT 1"));
$id_dir=$dir_id['id'];
}else{
$dir_id['upload']=0;
$id_dir=0;
$l='/';
}
if(isset($_GET['f'])){
$f=esc(urldecode($_GET['f']));
$name=eregi_replace('.[^.]*$', NULL, $f);
$ras=strtolower(eregi_replace('^.*.', NULL, $f));
$ras=str_replace('jad', 'jar', $ras);
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_obmen_files` WHERE `id_dir` = '$id_dir' AND `name`='$name' AND `ras` = '$ras' AND `id_comm` = '$id_comm' LIMIT 1"),0)!=0){
$file_id=mysql_fetch_array(mysql_query("SELECT * FROM `comm_obmen_files` WHERE `id_dir` = '$id_dir' AND `name`='$name' AND `ras` = '$ras' AND `id_comm` = '$id_comm' LIMIT 1"));
$ras=$file_id['ras'];
$file=H."sys/comm/obmen/files/$file_id[id].dat";
$name=$file_id['name'];
$size=$file_id['size'];
if(!isset($_GET['showinfo']) && !isset($_GET['komm']) && is_file(H.'sys/comm/obmen/files/'.$file_id['id'].'.dat')){
if($ras=='jar' && strtolower(eregi_replace('^.*.', NULL, $f))=='jad'){
include_once H.'sys/inc/zip.php';
$zip=new PclZip(H.'sys/comm/obmen/files/'.$file_id['id'].'.dat');
$content = $zip->extract(PCLZIP_OPT_BY_NAME, "META-INF/MANIFEST.MF" ,PCLZIP_OPT_EXTRACT_AS_STRING);
$jad=eregi_replace("(MIDlet-Jar-URL:( )*[^(n|r)]*)", NULL, $content[0]['content']);
$jad=eregi_replace("(MIDlet-Jar-Size:( )*[^(n|r)]*)(n|r)", NULL, $jad);
$jad=trim($jad);
$jad.="rnMIDlet-Jar-Size: ".filesize(H.'sys/comm/obmen/files/'.$file_id['id'].'.dat')."";
$jad.="rnMIDlet-Jar-URL: /comm/obmen$dir_id[dir]$file_id[name].$file_id[ras]";
$jad=br($jad,"rn");
header('Content-Type: text/vnd.sun.j2me.app-descriptor');
header('Content-Disposition: attachment; filename="'.$file_id['name'].'.jad";');
echo $jad;
exit;
}
@mysql_query("UPDATE `comm_obmen_files` SET `k_loads` = '".($file_id['k_loads']+1)."' WHERE `id` = '$file_id[id]' AND `id_comm` = '$id_comm' LIMIT 1");
DownloadFile(H.'sys/comm/obmen/files/'.$file_id['id'].'.dat', $name.'.'.$ras, ras_to_mime($ras));
exit;
}else if(isset($_GET['komm']) && is_file(H.'sys/comm/obmen/files/'.$file_id['id'].'.dat')){
$set['title']='Обменник - Комментарии - '.$file_id['name'];
$_SESSION['page']=1;
include_once '../../sys/inc/thead.php';
title();
if(isset($user) && $admin['uid']==$user['id'] || $user['id']==$file_id['id_user']){
include 'inc/komm_act.php';
}
include_once 'inc/komm.php';
echo '» <a href="index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.'.$file_id['ras'].'&id_comm='.$id_comm.'&showinfo">К описанию</a><br/>';
echo '» <a href="index.php?d='.$dir_id['dir'].'&id_comm='.$id_comm.'">В папку</a><br/>';
echo '» <a href="../comm.php?id='.$id_comm.'">В сообщество</a></div>';
include_once '../../sys/inc/tfoot.php';
exit;
}else{
$set['title']='Обменник - '.$file_id['name'];
include_once '../../sys/inc/thead.php';
title();
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']>0){
include 'inc/file_act.php';
}
err();
aut();
echo '<div class="menu">';
if(is_file("inc/file/$ras.php")){
include "inc/file/$ras.php";
}else{
include_once 'inc/file.php';
}
if(isset($user) && $admin['uid']==$user['id']){
if($file_id['ras']=='jar'){
echo '» <a href="index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.jad&id_comm='.$id_comm.'">Скачать</a> <a href="index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.'.$file_id['ras'].'&id_comm='.$id_comm.'">JAR</a> ('.$file_id['k_loads'].')<br/>';
}else{
echo '» <a href="index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.'.$file_id['ras'].'&id_comm='.$id_comm.'">Скачать</a> ('.$file_id['ras'].')<br/>';
echo '<b>Скачали</b>: '.$file_id['k_loads'].' раз.<br/>';
}
echo '<input type="text" value="http://'.htmlentities($_SERVER['HTTP_HOST']).'/comm/obmen/index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.'.$file_id['ras'].'&id_comm='.$id_comm.'"/><br/>';
}else{
echo '<div class="err">Чтобы скачивать файлы Вам нужно вступить в сообщество.</div>';
}
echo '» <a href="index.php?d='.$dir_id['dir'].'&f='.urlencode($file_id['name']).'.'.$file_id['ras'].'&id_comm='.$id_comm.'&komm">Комментарии</a> ('.mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_obmen_komm` WHERE `id_file` = '$file_id[id]' AND `id_comm` = '$id_comm'"), 0).')<br/>';
echo '» <a href="index.php?d='.$dir_id['dir'].'&id_comm='.$id_comm.'">В папку</a><br/>';
echo '» <a href="../comm.php?id='.$id_comm.'">В сообщество</a><br/>';
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']>0){
include 'inc/file_form.php';
}
echo '</div>';
include_once '../../sys/inc/tfoot.php';
}
}
}else{
include_once 'inc/dir.php';
}
}
include_once '../../sys/inc/tfoot.php';
?>