Просмотр файла photo.php

<?php
include 'sys/db.php';
include 'sys/conf.php';
include 'sys/start.php';
include 'sys/functions.php';

$config_title_name = "Ваше фото";
include 'style/head.php';



$act = isset($_GET['act']) ? $_GET['act'] : '';
switch($act){
default:
if(isset($user['login'])){
echo "<div class=title>Ваше фото</div>";
echo "<div class=content> \n <div align=center>\n";
if ($_GET['isset']==fotono) {echo "У вас уже есть фото!!\n";}
if ($user['foto']==NULL){
echo "<img src='img/nophoto_man.gif' alt=''  border='1'><br>\n";
echo "<a href='?act=add'>Загрузить</a><br><br>\n";
}else{
echo "<img src='image.php?pic=".$user['foto']."&W=50&H=63' alt='' border='1'><br>\n";
echo "<a href='?act=del'>Удалить</a><br><br>\n";
}
echo "</div>\n</div>\n <div class=stat><a href='index.php'>Прихожая</a></div>\n";
}else{ header ("Location: index.php"); exit;}
break;

case('add'):
echo "<div class=content>\n";
if ($_GET['isset']==format) {echo "Недопустимое расширение (Только gif, jpg или png)!<br><br>\n";}
echo "Загрузка фото: <br>\n";
echo "<form action='photo.php?act=addimage' method='POST' enctype='multipart/form-data'><br>\n";
echo "Фото: <input type='file' name='t_item'> <br>\n";
echo "<input type='submit' name='ok' value='Добавить'></form>\n</div>\n";
echo "<div class=stat><a href='photo.php'>Назад</div>\n";
echo "<div class=stat><a href='index.php'>Прихожая</a></div>\n";
echo "</div>\n";
break;

case('addimage'):
if(isset($user['login'])){
if ($user['foto']==NULL){
if ($_POST[ok]) {
$rand_foto = rand(1000,99999999);
$foto_format = $_FILES[t_item][name];
$ext = strtolower(substr($foto_format, 1 + strrpos($foto_format, ".")));
if($ext=="jpg" || $ext=="gif" || $ext=="png"){
$foto_light_name = "$config_foto_title-$rand_foto.$ext";
$upfiledir = $_SERVER[DOCUMENT_ROOT]."/files/users_photo/";
$upfile = $upfiledir . basename($foto_light_name);
if (move_uploaded_file($_FILES[t_item][tmp_name], $upfile ) ) {


$uplink = "/files/users_photo/".$_FILES[t_item][name];
mysql_query("UPDATE `users` SET `foto` = '$foto_light_name' WHERE `id` = '$user[id]'");
header ("Location: photo.php"); exit;


}
}else{header ("Location: photo.php?act=add&isset=format"); exit;}
}
}else{ header ("Location: photo.php?isset=fotono"); exit;}
}else{ header ("Location: index.php"); exit;}
break;

case('del'):
$id = $user['id'];
$file = $user['foto'];
unlink("files/users_photo/$file");
mysql_query("UPDATE `users` SET `foto` = '' WHERE `id` = '$id'");
mysql_query("UPDATE `users` SET `foto_down` = '' WHERE `id` = '$id'");
header ("Location: photo.php"); exit;
break;
}

include 'style/foot.php';
?>