Просмотр файла katrinka.ru/users/photos.php

<?php
  include '../config.php';
  include '../guestbook/mylib.php';
  $ppp=20;
  session_start();

   $lang=$_GET['lang'];
   $p=htmlspecialchars(trim($_GET['p']),ENT_QUOTES);
   $cat=htmlspecialchars(trim($_GET['cat']),ENT_QUOTES);
   $action=htmlspecialchars(trim($_GET['action']),ENT_QUOTES);
#   if ($_POST['id']!=0) $id=$_POST['id'];
#   else $id=$_GET['id'];
  $id=htmlspecialchars(trim($_GET['id']),ENT_QUOTES);
  $agent=$_SERVER['HTTP_USER_AGENT'];
  $addr=$_SERVER['REMOTE_ADDR'];
  list ($opname, $chatok) = check_op($_SERVER['REMOTE_ADDR']);
  $dayx=date("Y-m-d", mktime(0,0,0,date("m"), date("d")-3, date("Y")));

  $access=1;
  $getpath='/sorry.wml';
?>
<?php
  if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass")))
  {
	header("Content-type: text/vnd.wap.wml");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="CatalogErr" title="&#x041E;&#x0448;&#x0438;&#x0431;&#x043A;&#x0430;">
<p align="center">
&#x041E;&#x0448;&#x0438;&#x0431;&#x043A;&#x0430; &#x043F;&#x043E;&#x0434;&#x043A;&#x043B;&#x044E;&#x0447;&#x0435;&#x043D;&#x0438;&#x044F; &#x043A; &#x0411;&#x0414<br/>
<a href="/">&#x041D;&#x0430; &#x0433;&#x043B;&#x0430;&#x0432;&#x043D;&#x0443;&#x044E;</a>
</p>
</card>
</wml>
<?php
	exit;
    }
if (($action=='')&&($id==0)) {
	header("Content-type: text/vnd.wap.wml"); ?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml> <?php
	print "<card id=\"Photos\" title=\"Photos\">\n";
	print "<p align=\"center\">**************<br/>\n";
	$offset=$p*$ppp;
	$res=pg_query($conn,"select count(*) from photos,users where users.id=photos.uid and users.moder=0;");
	$numrec=pg_result($res,0,0);
	$res=pg_query($conn,"select photos.id,users.login from photos,users where users.id=photos.uid and users.moder=0 order by users.access desc,photos.dlcount desc limit $ppp offset $offset;");
	$rows=pg_numrows($res);
	$np=$p+1; $pp=$p-1; $mp=floor(($numrec-1)/$ppp);

	for ($i=0;$i<$rows;$i++) {
		$login=uconv(pg_result($res,$i,1));
		$getpath=sprintf("photos.php?id=%d", pg_result($res,$i,0));
		print "<a href=\"".$getpath."\">".$login."</a><br/>\n";
	}
	pg_close($conn);

	print "*******<br/><br/>\n";
	if ($lang=='eng') { 
		if ($numrec > $ppp) {
			if ($p<$mp) print("<a href=\"photos.php?lang=eng&amp;p=".$np."&amp;cat=".$cat."\">Next ".$ppp."</a><br/>\n");
			if ($p>0) print("<a href=\"photos.php?lang=eng&amp;p=".$pp."&amp;cat=".$cat."\">Prev ".$ppp."</a><br/>\n"); 
		}
		print "<a href=\"index.php\">Back</a><br/>\n";
	} else { 
		if ($numrec > $ppp) {
			if ($p<$mp) print("<a href=\"photos.php?p=".$np."&amp;cat=".$cat."\">&#x0421;&#x043B;&#x0435;&#x0434;&#x0443;&#x044E;&#x0449;&#x0438;&#x0435; ".$ppp."</a><br/>\n");
			if ($p>0) print("<a href=\"photos.php?p=".$pp."&amp;cat=".$cat."\">&#x041F;&#x0440;&#x0435;&#x0434;&#x044B;&#x0434;&#x0443;&#x0449;&#x0438;&#x0435; ".$ppp."</a><br/>\n"); 
		}
		print "<a href=\"index.php\">&#x041D;&#x0430;&#x0437;&#x0430;&#x0434;</a><br/>\n";
	}
}

if (($action=='top')&&($cat==0)&&($id==0)) {
	if ($access) setcookie("Sweetty", "21895", time()+864000, "/");
	header("Content-type: text/vnd.wap.wml"); ?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<card id="Top10" title="Top10">
<p align="center">
***********<br/>
<?php
	$res=pg_query($conn,"select midi.id,midi.name_eng,midi.name_rus,midi.dlcount from midi,cat where midi.enabled=1 and midi.dlcount > 0 and midi.cat=cat.id and cat.content=2 order by midi.dlcount desc limit 10;");
	$rows=pg_numrows($res);
	for ($i=0; $i<$rows; $i++) {
		$fname=uconv(pg_result($res,$i,2));
		$pos=$i+1;
		if (($lang=='eng')||($fname=='')) $fname=uconv(pg_result($res,$i,1));
		if ($access) $getpath=sprintf("photos.php?id=%d", pg_result($res,$i,0));
		print $pos.".<a href=\"".$getpath."\">".$fname."</a><br/>\n";
	}
	print "<br/>\n";
	if ($lang=='eng')
		print "<a href=\"photos.php?lang=eng\">Back</a><br/>\n";	
	else
		print "<a href=\"photos.php\">&#x041D;&#x0430;&#x0437;&#x0430;&#x0434;</a><br/>\n";	
print "*******\n";
pg_close($conn);
}

if (($action=='news')&&($id==0)) {
	if ($cat=='') $cat=1;
	if ($access) setcookie("Sweetty", "21895", time()+864000, "/");
	header("Content-type: text/vnd.wap.wml"); ?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml> <?php
	$fl=0;
	$res=pg_query($conn,"select max(rdate) from cat where enabled=1;");
	ereg ("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})", pg_result($res,0,0), $regs);
	if ($lang=='eng') {
		print "<card id=\"News\" title=\"What's New\">\n";
		print "<p align=\"center\">\n";
		print "***********<br/>\n";
		print "<b>Last update: ".$regs[1]."-".$regs[2]."-".$regs[3]."</b><br/><br/>";
	} else {
		print "<card id=\"News\" title=\"&#x0427;&#x0442;&#x043E; &#x043D;&#x043E;&#x0432;&#x0435;&#x043D;&#x044C;&#x043A;&#x043E;&#x0433;&#x043E;\">\n";
		print "<p align=\"center\">\n";
		print "***********<br/>\n";
		print "<b>&#x041F;&#x043E;&#x0441;&#x043B;&#x0435;&#x0434;&#x043D;&#x0435;&#x0435; &#x043E;&#x0431;&#x043D;&#x043E;&#x0432;&#x043B;&#x0435;&#x043D;&#x0438;&#x0435;: ".$regs[3].".".$regs[2].".".$regs[1]."</b><br/><br/>";
	}
	$res=pg_query($conn, "select id,name_eng,name_rus from cat where enabled=1 and content=2 order by id;");
	$rows=pg_numrows($res);
	for ($i=0; $i<$rows; $i++)
	{
		$cid=pg_result($res,$i,0);	
		$fres=pg_query($conn, "select id,name_eng,name_rus from midi where enabled=1 and category ='$cid' and adate > '$dayx' order by name_eng;");
		$frows=pg_numrows($fres);
		if ($frows > 0) {
			$fl++;
			if ($lang=='eng') {
				$catname=pg_result($res,$i,1);
				print "<a href=\"photos.php?cat=".pg_result($res,$i,0)."&amp;lang=eng&amp;action=news\">".
				$catname." (".$frows."):</a><br/>----------------<br/>\n";
				if (pg_result($res,$i,0)==$cat) {
					for ($f=0; $f<$frows; $f++) {
						$fname=uconv(pg_result($fres,$f,1));
						if ($access) $getpath=sprintf("photos.php?id=%d", pg_result($fres,$f,0));
						print "<a href=\"".$getpath."\">".$fname."</a><br/>\n";
					}
					print "<br/>\n";
				}
				
			} else {
				$catname=uconv(pg_result($res,$i,2));
				if ($catname=='') $catname=pg_result($res,$i,1);
				print "<a href=\"photos.php?cat=".pg_result($res,$i,0)."&amp;action=news\">".
				$catname." (".$frows."):</a><br/>----------------<br/>\n";
				if (pg_result($res,$i,0)==$cat) {
					for ($f=0; $f<$frows; $f++) {
						$fname=uconv(pg_result($fres,$f,2));
						if ($fname=='') $fname=uconv(pg_result($fres,$f,1));
						if ($access) $getpath=sprintf("photos.php?id=%d", pg_result($fres,$f,0));
						print "<a href=\"".$getpath."\">".$fname."</a><br/>\n";
					}
					print "<br/>\n";
				}
			}
		}
	}

	if ($lang=='eng') {
		if (!$fl) print "Sorry, nothing new at this moment.<br/>\n";
		print "<a href=\"photos.php?lang=eng\">Back</a><br/>\n";	
	} else {
		if (!$fl) print "&#x0418;&#x0437;&#x0432;&#x0438;&#x043D;&#x0438;&#x0442;&#x0435;, &#x043D;&#x0438;&#x0447;&#x0435;&#x0433;&#x043E; &#x043D;&#x043E;&#x0432;&#x0435;&#x043D;&#x044C;&#x043A;&#x043E;&#x0433;&#x043E; &#x043D;&#x0435;&#x0442;.<br/>\n";
		print "<a href=\"photos.php\">&#x041D;&#x0430;&#x0437;&#x0430;&#x0434;</a><br/>\n";	
	}
print "*******\n";
pg_close($conn);
}

if (($id>0)&&($action=='')) {
	$uid=0;
  if (isset($_SESSION['id'])) {
	$uid=$_SESSION['id'];
  } else {
  if ((trim($_COOKIE['Login'])!='')&&(trim($_COOKIE['Password'])!='')) {
	$login=htmlspecialchars(trim($_COOKIE['Login']),ENT_QUOTES);
	$pass=htmlspecialchars(trim($_COOKIE['Password']),ENT_QUOTES);
  } else {
	$login=htmlspecialchars(trim($_GET['login']),ENT_QUOTES);
	$pass=htmlspecialchars(trim($_GET['pass']),ENT_QUOTES);
  }
	$res=pg_query($conn, "select id from users where login='$login' and passwd='$pass' and moder=0;");
	if (pg_numrows($res)==1) $uid=pg_result($res,0,0);
	$_SESSION['id']=$uid;
  }
	if ($uid) {
		pg_query($conn, "begin;");
		pg_query($conn, "update photos set dlcount=dlcount+1 where id='$id';");
		$dltime=time();
		pg_query($conn, "update users set lastact='$dltime' where id='$uid';");
#		pg_query($conn, "insert into downloads (uid,midi,ip,agent,time) values ('$uid','$id','$addr','$agent','$dltime');");
		$res=pg_query($conn,"select path from photos where id='$id';");	
		pg_query($conn, "end;");
#		if (($_COOKIE['Sweetty']!='21895')&&(!$chatok)) $access=0;
		if ($access) {
			$getfile = sprintf("/home/katrinka/WWW/%s", pg_result($res,0,0));
			$im=@imagecreatefromjpeg($getfile);
			header("Content-type: image/jpeg");
			imagejpeg($im);
		} else {
			$getfile = sprintf("Location: /sorry.wml");
			header($getfile);
		}
		
	} else {
		header("Content-type: text/vnd.wap.wml");
  		header("Cache-Control: no-cache");
?>
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.2//EN" "http://www.wapforum.org/DTD/wml_1.2.dtd">
<wml>
<head><meta http-equiv="Cache-Control" content="no-cache" forua="true"/></head>
<card id="Login" title="Login">
<p align="center">
Login: 
<input type="text" name="login" title="Login" maxlength="15"/><br/>
Password:
<input type="password" name="pass" title="Password" maxlength="15"/><br/>
<anchor title="Download">Download<go href="photos.php" method="get">
<postfield name="login" value="$(login)"/>
<postfield name="pass" value="$(pass)"/>
<postfield name="nc" value="1"/>
<?php print "<postfield name=\"lang\" value=\"".$_GET['lang']."\"/>\n";
print "<postfield name=\"id\" value=\"".$id."\"/>\n";
print "<postfield name=\"PHPSESSID\" value=\"".session_id()."\"/>\n"; ?>
</go></anchor>
</p>
</card>
</wml>
<?php }
	pg_close($conn);
} else {
print "</p>\n";
counters();
print "</card>\n";
print "</wml>\n";
}
?>