Файл: modules/downloads/add_dir.php
Строк: 91
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_downloads';
$dir_id = (isset($_GET['dir_id']) ? abs(intval($_GET['dir_id'])) : 0);
if($dir_id != 0 && $db->query("SELECT * FROM `downloads` WHERE `id` = '$dir_id'")->rowCount() == 0 || $user['level'] < 4)
{
header('location: /downloads/');
exit;
}
if(isset($_GET['act']) && $_GET['act'] == 'add')
{
$err = false;
$name = input($_POST['dir_name']);
$desc = input($_POST['dir_desc']);
$_name = cyrlat(input($_POST['dir_name']));
$trans_name = preg_replace('/[^а-яА-Яa-zA-Z0-9_-]/isU', '', strtolower($_name));
$access = (num($_POST['access']) == 0 || num($_POST['access']) == 1 ? num($_POST['access']) : 1);
$serverPath = ($dir_id !=0 ? $db->query("SELECT server_path FROM `downloads` WHERE `id` = '$dir_id'")->fetchColumn() : false).'/'.strtolower($trans_name);
if($db->query("SELECT * FROM `downloads` WHERE `server_path` = '$trans_name' AND 'type' = '0'")->rowCount() > 0)
{
$err = 'Direcotry already exists';
}
if(file_exists(ROOT.'/files/downloads/'.$serverPath)) $err = 'Can't create directory';
if($err == false && !empty($name))
{
$db->query("INSERT INTO `downloads` SET `name` = '$name', `server_path` = '$serverPath', `description` = '$desc', `type` = '0', `dir_id` = '$dir_id', `access` = '$access'");
mkdir(ROOT.'/files/downloads/'.$serverPath);
header('location: /downloads/dir/'.$dir_id);
exit;
}
else
{
echo $err;
}
}
$title = _t('dl_add_dir').' | '._t('downloads');
include_header($title);
$tpl->div('title', _t('dl_add_dir'));
echo '<div class="post">
<form action="/downloads/add_dir?act=add'.($dir_id != 0 ? '&dir_id='.$dir_id : NULL).'" method="post">
'._t('dl_dir_name').':<br/>
<input type="text" name="dir_name" /><br/>
'._t('dl_dir_desc').':<br/>
<textarea name="dir_desc" rows="5" cols="25"></textarea><br/>
'. _t('access_upload') .':<br/>
<select name="access">
<option value="0">'. _t('access_admins') .'</option>
<option value="1">'. _t('access_all') .'</option>
</select><br/>
<input type="submit" value="'. _t('add') .'" />
</form>
</div>';
$tpl->div('block', ($dir_id != 0 ? img('folder.png') .' <a href="/downloads/dir/'. $dir_id.'">'.$db->query("SELECT name FROM `downloads` WHERE `id` = '". $dir_id ."'")->fetchColumn().'</a><br/>' : img('folder.png') . ' <a href="/downloads/">'. _t('back') .'</a><br/>').'
'. img('download.png') . ' <a href="/downloads/">'. _t('downloads') .'</a><br/>'
. HICO .' <a href="/">'. _t('home') .'</a>');
include_footer();
?>