Файл: download/file.php
Строк: 136
<?
////////////////////////////////////////
///// Kyber ApiCMS 2013 apicms.ru //////
///// Запрещается продажа данной CMS ///
///// Автор Евгений Медянкин Kyber /////
///// ICQ 626-000-895 или 37-22-47 /////
////////////////////////////////////////
/////////////////////////////////////////
require_once '../api_core/apicms_system.php';
/////////////////////////////////////////
if (isset($_GET['id']))$file_id = intval($_GET['id']);
$file_name = mysql_fetch_assoc(mysql_query("SELECT * FROM `download_files` WHERE `id` = '$file_id' LIMIT 1"));
$title = 'Скачать '.htmlspecialchars($file_name['name']).'';
require_once '../api_core/head.php';
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `download_files` WHERE `id` = '".$file_id."'"),0)==1){
//////////////////////////////////////////////////////////
$qii22=mysql_query("SELECT * FROM `download_files` WHERE `id` = '$file_id' LIMIT 1");
while ($a = mysql_fetch_assoc($qii22)){
$who_post=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '$a[id_user]' LIMIT 1"));
echo "<div class='content'><center><table class='post'>n";
echo '<tr>';
if (file_exists("files/".$a['id']."/screen1.gif")){
echo "<td style='width:25%'><center><a href='files/".$a['id']."/screen1.gif' ><img src='/download/files/".$a['id']."/screen1.gif' alt='' hight='50' width='50' /></a></center></td>";
}
if (file_exists("files/".$a['id']."/screen2.gif")){
echo "<td style='width:25%'><center><a href='files/".$a['id']."/screen2.gif' ><img src='/download/files/".$a['id']."/screen2.gif' alt='' hight='50' width='50'/></a></center></td>";
}
if (file_exists("files/".$a['id']."/screen3.gif")){
echo "<td style='width:25%'><center><a href='files/".$a['id']."/screen3.gif' ><img src='/download/files/".$a['id']."/screen3.gif' alt='' hight='50' width='50'/></a></center></td>";
}
if (file_exists("files/".$a['id']."/screen4.gif")){
echo "<td style='width:25%'><center><a href='files/".$a['id']."/screen4.gif' ><img src='/download/files/".$a['id']."/screen4.gif' alt='' hight='50' width='50'/></a></center></td>";
}
echo '</tr>';
echo "</table></center></div>n";
echo "<div class='subhead'> <img src='/design/download/name.png'/> Название: <strong> ".htmlspecialchars($a['name'])."</strong> <span style='float:right'> <small><sup>".apicms_data($a['time'])."</sup></small> </span></div>n";
echo "<div class='subhead'> <img src='/design/download/ups.png'/> Загрузил: <strong><a href='/profile.php?id=$who_post[id]'>".htmlspecialchars($who_post['login'])."</a></strong></div>n";
echo "<div class='subhead'> <img src='/design/download/ops.png'/> Описание: <strong>".apicms_smiles(apicms_br(apicms_bb_code(htmlspecialchars($a['descr']))))."</strong></div>n";
echo "<div class='subhead'></br><center><a href='/download/files/$a[id]/$a[file_name].$a[ras]'> <img src='/design/download/save.png'/> <b>Скачать файл ".formatfilesize($a['size'])."</b></a></center></br></div>";
if ($a['ras']=='mp3'){
echo '<div class="subhead"><center> <object type="application/x-shockwave-flash" data="/download/dewplayer.swf" width="200" height="20" id="dewplayer" name="dewplayer"><param name="movie" value="/download/dewplayer.swf" /><param name="flashvars" value="mp3=/download/files/'.$a['id'].'/'.$a['file_name'].'.'.$a['ras'].'" /><param name="wmode" value="transparent" /></object></center></div>';
}
}
//////////////////////////////////////////////////////////
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `download_coms` WHERE `file` = '$file_id'"),0);
$k_page=k_page($k_post,$api_settings['on_page']);
$page=page($k_page);
$start=$api_settings['on_page']*$page-$api_settings['on_page'];
if ($k_post!=0)echo "<div class='erors'>Комментарии</div>";
if ($k_post==0)echo "<div class='erors'><center>Комментариев к файлу не найдено</center></div>";
/////////////////////////////////////////
$qii=mysql_query("SELECT * FROM `download_coms` WHERE `file` = '$file_id' ORDER BY id ASC LIMIT $start, $api_settings[on_page]");
while ($post_post = mysql_fetch_assoc($qii)){
$who_post = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = $post_post[id_user] LIMIT 1"));
echo '<div class="subhead"><table width="100%" ><tr><td width="10%"><center>';
echo apicms_ava32($who_post['id']);
echo "</center></td><td width='85%'> <a href='/profile.php?id=$who_post[id]'>".$who_post['login']."</a> ";
echo "<span style='float:right'> <small>".apicms_data($post_post['time'])."</small> ";
if ($user['level']==1) echo ' <a href="del_coms.php?id='.$post_post['id'].'&file='.$file_id.'"><img src="/design/download/del.png"></a> ';
echo " </span>";
echo "</br> <b>".apicms_smiles(apicms_bb_code(apicms_br(htmlspecialchars($post_post['text']))))."</b>";
echo "</td></tr></table></div>";
}
//////////////////////////////////////////////////////////
if ($k_page > 1){
echo '<div class="subhead"><center>';
str('file.php?id='.$file_id.'&',$k_page,$page); // генерируем постраничную навигацию
echo '</center></div>';
}
//////////////////////////////////////////////////////////
if (isset($_POST['txt'])){
$text = mysql_real_escape_string($_POST['txt']);
if (strlen($text)>10000)$err = '<div class="content"><center>Очень длинное сообщение</center></div>';
if (strlen($text)<10)$err = '<div class="content"><center>Короткое сообщение</center></div>';
if (!isset($err)){
mysql_query("INSERT INTO `download_coms` (`text`, `id_user`, `file`, `time`) VALUES ('$text', '$user[id]', '$file_id', '$time')");
header("Location: file.php?id=".$file_id."");
}else{
apicms_error($err);
}
}
//////////////////////////////////////////////////////////
if ($user['id']){
echo "<form action="/download/file.php?id=".$file_id."&page=end&ok" method="post">n";
echo "<div class='content'><center><textarea name="txt"></textarea><br />n";
echo "<input type='submit' value='Добавить комментарий'/></form></center></div>n";
}else{
echo "<div class='erors'><center>Извините, вы не можете оставить комментарий</center></div>n";
}
}else{
echo "<div class='erors'><center>Извините, файла не существует</center></div>n";
}
/////////////////////////////////////////
apicms_foot();
?>