Просмотр файла dl/admin.php

Размер файла: 32.36Kb
<?php
#********************************** AgS MOD DOWNLOAD CENTR SEA *************************************#
#***************************************************************************************************#
#  /||||||||||||||| *********************  /||||||||||||||| *********************  /||||||||||||||| #
# | ||||||||||||||| ********************* | ||||||||||||||| ********************* | ||||||||||||||| #
# | |||||/////||||| ********************* | |||||/////////  ********************* | |||||/////////  #
# | |||||   | ||||| ****** E-MAIL ******* | |||||           ****** WAP/WEB ****** | |||||           #
# | |||||   | ||||| *** [email protected] *** | |||||           * http://ags.h2m.ru * | ||||||||||||||| #
# | |||||   | ||||| ********************* | ||||||||||||||| ********************* | ||||||||||||||| #
# | |||||   | ||||| ********************* | |||||/////||||| ********************* |///////////||||| #
# | ||||||||||||||| ****** SKYPE ******** | |||||   | ||||| ***** MOD AUTHOR ****           | ||||| #
# | |||||////|||||| ***** agrizz15 ****** | |||||   | ||||| ***** Agris Cišs ****  /||||||||||||||| #
# | |||||   | ||||| ********************* | ||||||||||||||| ********************* | ||||||||||||||| #
# |/////    |/////  ********************* |///////////////  ********************* |///////////////  #
#***************************************************************************************************#
#********************************* MOD by AgS in 2010 @ LATVIA *************************************#


require_once"system/start.php";
require_once"system/config.php";
require_once"system/db.php";
require_once"system/head.php";
require_once"lng/$setup[lng]/lng.php";
require_once"system/functions.php";
require_once"system/cookies.php";
require_once"system/counter.php";
include_once"thm/$setup[thm]/index.php";
include_once"system/msg.php";

require_once"system/lib.id.php";
require_once"system/lib.pclzip.php";


@set_time_limit(99999);
ignore_user_abort(1); 


/* Admina sesija */
if ($setup['adnick']==$_SESSION['log'] && $setup['adpass']==md5($_SESSION['par']) && $_SESSION['log']!="" && md5($_SESSION['par'])!="") {

/* ID apstrāde */
		$id = intval($_GET['id']);
	echo'<img src="pic/main/head.gif" alt=""> '.adm_000.'<br><br>';
/* ADMINA izvēlne */
if(!isset($act)){
	
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=scaner">'.adm_001.'</a><br>'.adm_002.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=rot">'.adm_003.'</a><br>'.adm_004.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=optm">'.adm_005.'</a><br>'.adm_006.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=clean">'.adm_007.'</a><br>'.adm_008.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=cleankomm">'.adm_009.'</a><br>'.adm_010.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=upload">'.adm_011.'</a><br>'.adm_012.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=import">'.adm_013.'</a><br>'.adm_014.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=id3">'.adm_015.'</a><br>'.adm_016.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin_setup.php?">'.adm_017.'</a><br>'.adm_018.'<br>';
	echo'<img src="pic/main/dot2.gif" alt=""> <a href="admin_backup.php?">'.dl_165.'</a><br>'.dl_166.'<br>';
}


/* MP3 failu pārsaukšana vienam vai vairākiem */
if($act=="id3"){
		$id3 = &new MP3_Id();
		$genres = $id3->genres();
if(!$_POST) {
if($id) {
		$tmp = mysql_fetch_row(mysql_query('SELECT `path` FROM `'.$MY_pre.'faili` WHERE `id`='.$id.' LIMIT 1'));
		$id3->read($tmp[0]);

/* Kodējums */
function code($str) {
	$charset = strtolower(mb_detect_encoding($str,'UTF-8, Windows-1251'));
if($charset != 'utf-8') {
	$str = iconv('windows-1251','utf-8',$str);}
return $str;}


/* Iegūstam MP3 datus */
$name = code($id3->name);
$artists = code($id3->artists);
$album = code($id3->album);
$year = code($id3->year);
$track = code($id3->track);
$genre = code($id3->genre);
$comment = code($id3->comment);

/* Forma */
echo adm_019.'<br><br>';
echo '<form action="admin.php?act=id3&amp;id='.$id.'" method="post">';

echo sys_name.':<br><input name="name" type="text" value="'.$name.'"><br>';
echo sys_artist.':<br><input name="artists" type="text" value="'.$artists.'"><br>';
echo sys_album.':<br><input name="album" type="text" value="'.$album.'"><br>';
echo sys_year.':<br><input name="year" type="text" value="'.$year.'"><br>';
echo adm_024.':<br><input name="track" type="text" value="'.$track.'"><br>';
echo sys_genre.':<br><select name="genre"><option value="'.$genre.'">'.$genre.'</option>';

foreach($genres as $var) {
if($var == $genre) {
continue;
}

$var = htmlspecialchars($var);
echo '<option value="'.$var.'">'.$var.'</option>';
}

echo '</select><br>';
echo sys_coment.':<br><textarea name="comment" rows="2" cols="32">'.$comment.'</textarea><br>';
echo '<input type="submit" value="'.sys_edit.'"></form></div>';

}else {

echo adm_028.'<br><br>';

echo '<form action="admin.php?act=id3" method="post">';
echo sys_name.':<br><input name="name" type="text"/><br>';
echo sys_artist.':<br><input name="artists" type="text"/><br>';
echo sys_album.':<br><input name="album" type="text"/><br>';
echo sys_year.':<br><input name="year" type="text"/><br>';
echo adm_024.':<br><input name="track" type="text"/><br>';
echo sys_genre.':<br><select name="genre"><option value=""></option>';
 						
foreach($genres as $var) {
$var = htmlspecialchars($var);
echo '<option value="'.$var.'">'.$var.'</option>';}

echo '</select><br>';
echo sys_coment.':<br><textarea name="comment" rows="2" cols="32"></textarea><br>';
echo '<input type="submit" value="'.sys_edit.'"></form></div>';}


}else {

if($id) {

$tmp = mysql_fetch_row(mysql_query('SELECT `path` FROM `'.$MY_pre.'faili` WHERE `id`='.$id.' LIMIT 1'));
$id3->read($tmp[0]);
$id3->name = iconv('utf-8','windows-1251',$_POST['name']);
$id3->artists = iconv('utf-8','windows-1251',$_POST['artists']);
$id3->album = iconv('utf-8','windows-1251',$_POST['album']);
$id3->year = iconv('utf-8','windows-1251',$_POST['year']);
$id3->track = iconv('utf-8','windows-1251',$_POST['track']);
$id3->genre = iconv('utf-8','windows-1251',$_POST['genre']);
$id3->comment = iconv('utf-8','windows-1251',$_POST['comment']);
$id3->write();

header ('Location: about.php?id='.$id.'&sayer=mp3_teg_one&'.SID); exit;

}else {

$arr = array();
$q = mysql_query('SELECT TRIM(`path`) FROM `'.$MY_pre.'faili`');
while($f = mysql_fetch_row($q)) {
if(strtoupper(strrchr($f[0],'.')) == '.MP3') {
$arr[] = $f[0];
}}

if($_POST['name'] != '') {    $_POST['name'] = iconv('utf-8','windows-1251',$_POST['name']);}
if($_POST['artists'] != ''){  $_POST['artists'] = iconv('utf-8','windows-1251',$_POST['artists']);}
if($_POST['album'] != '') {   $_POST['album'] = iconv('utf-8','windows-1251',$_POST['album']);}
if($_POST['year'] != '') {    $_POST['year'] = iconv('utf-8','windows-1251',$_POST['year']);}
if($_POST['track'] != '') {   $_POST['track'] = iconv('utf-8','windows-1251',$_POST['track']);}
if($_POST['genre'] != '') {   $_POST['genre'] = iconv('utf-8','windows-1251',$_POST['genre']);}
if($_POST['comment'] != '') { $_POST['comment'] = iconv('utf-8','windows-1251',$_POST['comment']);}
 						
$all = sizeof($arr);

for($i = 0; $i <= $all; ++$i) {
$id3->read($arr[$i]);

if($_POST['name'] != '') {    $id3->name = $_POST['name'];}
if($_POST['artists'] != '') { $id3->artists = $_POST['artists'];}
if($_POST['album'] != '') {   $id3->album = $_POST['album'];}
if($_POST['year'] != '') {    $id3->year = $_POST['year'];}
if($_POST['track'] != '') {   $id3->track = $_POST['track'];}
if($_POST['genre'] != '') {   $id3->genre = $_POST['genre'];}
if($_POST['comment'] != '') { $id3->comment = $_POST['comment'];}

$id3->write();

}

header ('Location: admin.php?sayer=mp3_teg_two&folderis='.$all.'&'.SID); exit;
}}}




/* Ātrais apraksts mapēm un failiem ( failiem ātrais + ātro pievieno pie galvenā ) */
if($act=="fast"){

$file = mysql_fetch_array(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));

if(!$_POST) {

echo adm_029.' <b>'.$file['name'].'</b><br><br>';
echo '<form action="admin.php?act=fast&amp;backid='.$backid.'&amp;id='.$id.'" method="post">';
echo '<textarea cols="70" rows="10" name="text">'.htmlspecialchars($file['fastabout']).'</textarea><br><br>';
echo '<input name="tr" type="checkbox" value="1">'.adm_030.'<br>';
echo '<input type="submit" value="'.adm_031.'">';
echo '</form>';

}else {

$filename = pathinfo($file['path']);
$dir = $filename['dirname'];

if(intval($_POST['tr']) == 1) {
mysql_query("UPDATE `".$MY_pre."faili` SET about='".bb_kods(tirit($_POST['text']))."' WHERE `id` = ".$id);}

mysql_query("UPDATE `".$MY_pre."faili` SET fastabout='".bb_kods(tirit($_POST['text']))."' WHERE `id` = ".$id);

if($_POST['text'] == '') {
header ('Location: index.php?sayer=about_del&id='.$backid.'&'.SID); exit;}else{ 
header ('Location: index.php?sayer=about_add&id='.$backid.'&'.SID); exit;}}}




/* Pozīcijas maiņa */
if($act=="pos"){
$file_info = mysql_fetch_assoc(mysql_query('SELECT `name`,`path` FROM `'.$MY_pre.'faili` WHERE `id`='.$id));

if(is_dir($file_info['path'])){

$file_info['name'] = str_replace('*','',$file_info['name']);

if($_GET['to'] == 'down') {
$query = 'UPDATE `'.$MY_pre.'faili` SET `priority`=`priority`-1 WHERE `id` = '.$id;} elseif($_GET['to'] == 'up') {
$query = 'UPDATE `'.$MY_pre.'faili` SET `priority`=`priority`+1 WHERE `id` = '.$id;}

if(mysql_query($query)) {
header ('Location: index.php?sayer=pos_yes&id='.$backid.'&folderis='.$file_info['name'].'&'.SID); exit; }else {
header ('Location: index.php?sayer=pos_no&id='.$backid.'&'.SID); exit;}}else{
header ('Location: index.php?sayer=pos_no&id='.$backid.'&'.SID); exit;}}




/* DB tīrīšana */
if($act=="rot"){

$delfiles = 0;
$reses = mysql_query('SELECT `id`,`path` FROM `'.$MY_pre.'faili`');

while($array = mysql_fetch_assoc($reses)) {
$array_path[$array['id']] = $array['path'];
}

foreach($array_path as $key => $value) {

if(file_exists($value) == false) {
$res = mysql_query('DELETE FROM `'.$MY_pre.'faili` WHERE `id` = '.$key);
$res = mysql_query('DELETE FROM `'.$MY_pre.'komentari` WHERE `file_id` = '.$key);

$delfiles++;
}}

header ('Location: admin.php?sayer=rot&dellete='.$delfiles.'&'.SID); exit;}




/* Ikonas pievienošana */
if($act=="addico"){

$file_info = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));

if(!$_FILES) {

echo adm_032.'<br><br>';
echo '<form action="admin.php?act=addico&amp;backid='.$backid.'&amp;id='.$id.'" method="post" enctype="multipart/form-data">';
echo sys_file.':<br>';
echo '<input name="ico" type="file"><br>';
echo '<input type="submit" value="'.sys_upload.'">';
echo '</form><br>';

}else {

$name = $_FILES['ico']['name'];
$ext = pathinfo($name);
$ext = strtolower($ext['extension']);
$to = $file_info['path'].'folder.png';

if($ext == 'php' or $ext == 'php3' or $ext == 'php4' or $ext == 'php5' or $ext == 'php6' or $ext == 'phtml' or $ext =='cgi' or $ext == 'asp' or $ext == 'js' or $ext == 'phtm' or $ext == 'py' or $ext == 'pl'){ 
die($setup['hackmess']);}

if($ext != 'png'){ 
header ('Location: admin.php?act=addico&sayer=adico_only&backid='.$backid.'&id='.$id.'&'.SID); exit;}
if(file_exists($to)){ 
header ('Location: index.php?sayer=dir_noexist&'.SID); exit; }
chmod($file_info['path'],0777);
if(move_uploaded_file($_FILES['ico']['tmp_name'],$to)) {
chmod($to,0644);
header ('Location: index.php?sayer=addico_yes&id='.$backid.'&'.SID); exit; 
}else {
header ('Location: index.php?sayer=addico_no&id='.$backid.'&'.SID); exit; }}}




/* Mapes dzēšana ar visiem failiem */
if($act=="redir"){

if(!$_GET['level']) {

echo adm_035.'<br><br>';
echo '<center><a href="admin.php?act=redir&amp;level=1&amp;backid='.$backid.'&amp;id='.$id.'">'.sys_yes.'</a>';
echo ' | <a href="index.php?id='.$backid.'">'.sys_nop.'</a></center><br><br>';

}else {

$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id.' ORDER BY `name`'));

if(!is_dir($file['path'])){header ('Location: index.php?sayer=dir_noexist&'.SID); exit; }

$ex = explode('/',$file['path']);
$f_chmod = null;

foreach($ex as $chmod) {
$f_chmod .= $chmod.'/';
chmod($f_chmod,0777);}

$array = glob($file['path'].'*');

foreach($array as $vv) {

if(is_dir($vv)){
echo adm_038.'<br>'; exit; 

}else {

if(!unlink($vv)) die( adm_039.' '.$vv.'!<br></body></html>');}}


$query = mysql_query("DELETE FROM `".$MY_pre."faili` WHERE `infolder` = '".$file['path']."'") or header ('Location: index.php?sayer=dir_delerror2&id='.$backid.'&'.SID);


if(!rmdir($file['path'])){
header ('Location: index.php?sayer=dir_delerror2&id='.$backid.'&'.SID); exit;}

$query = mysql_query('DELETE FROM `'.$MY_pre.'faili` WHERE `id` = '.$id) or header ('Location: index.php?sayer=dir_delerror2&id='.$backid.'&'.SID);


$f_chmod = null;
foreach($ex as $chmod) {
$f_chmod .= $chmod.'/';

if($f_chmod != $setup['dir_faili'].'/') {
chmod($f_chmod.'/',0777);
}}
header ('Location: index.php?sayer=redir_del&id='.$backid.'&'.SID); exit; }}




/* Failu un mapju pārsaukšana */
if($act=="rename"){

$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));

if(!$_POST) {

if(is_dir($file['path'])) $file['name'] = str_replace('*','',$file['name']);

echo adm_040.':<br>';
echo '<form method="post" action="admin.php?act=rename&amp;backid='.$backid.'&amp;id='.$id.'"">';
echo '<input type="text" name="newname" size="50%" value="'.$file['name'].'"><br>';
echo '<input type="submit" value="'.adm_041.'" >';
echo '</form><br>';

}else {

$newname = tirit(dzest($_POST['newname']));

if(is_dir($file['path'])) $newname = '*'.$newname;
mysql_query("UPDATE `".$MY_pre."faili` SET name='".$newname."' WHERE `id` = ".$id);
$error = mysql_error();

if($error){ header ('Location: index.php?sayer=rename_error&id='.$backid.'&'.SID); exit; }
header ('Location: index.php?sayer=rename&id='.$backid.'&'.SID); exit; }}




/* Komentāru tīrīšana */
if($act=="clearkomm"){

$query = mysql_query('DELETE FROM `'.$MY_pre.'komentari` WHERE `file_id` = '.$id);
$error = mysql_error();

if($error){ 
header ('Location: about.php?id='.$id.'&sayer=cleancommno&'.SID); exit; }
header ('Location: about.php?id='.$id.'&sayer=clearcom&'.SID); exit; }




/* Ikonas dzēšana */
if($act=="reico"){

$file_info = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));

if(!file_exists($file_info['path'].'folder.png')){
header ('Location: index.php?sayer=reico_error&id='.$backid.'&'.SID); exit;}
chmod($file_info['path'].'folder.png',0777);

if(unlink($file_info['path'].'folder.png')){
header ('Location: index.php?sayer=reico_yes&id='.$backid.'&'.SID); exit;}else{
header ('Location: index.php?sayer=reico_no&id='.$backid.'&'.SID); exit;}}




/* Reitinga nomešana */
if($act=="cleareval"){

$query = mysql_query('UPDATE `'.$MY_pre.'faili` SET `ips`="",`yes`=0,`no`=0 WHERE `id` = '.$id);
$error = mysql_error();

if($error){
header ('Location: about.php?id='.$id.'&sayer=eval_error&'.SID); exit;}
header ('Location: about.php?id='.$id.'&sayer=cleareval&'.SID); exit;}




/* DB optimizēšana */
if($act=="optm"){

mysql_query('OPTIMIZE TABLE `'.$MY_pre.'faili`;');
mysql_query('OPTIMIZE TABLE `'.$MY_pre.'komentari`;');
mysql_query('OPTIMIZE TABLE `'.$MY_pre.'iestatijumi`;');
header ('Location: index.php?sayer=db_optim'); exit;
}




/* Datu Bāze attīrīta no aprakstiem, kačājuma un reitinga skaita, komentāriem! */
if($act=="clean"){

if(!$_GET['level']) {

echo adm_042.'<br>';
echo '<a href="admin.php?act=clean&amp;backid='.$backid.'&amp;level=1">'.sys_yes.'</a>';
echo ' | <a href="admin.php?">'.sys_nop.'</a><br><br>';

}else {

mysql_query('TRUNCATE TABLE `'.$MY_pre.'faili`;');
mysql_query('TRUNCATE TABLE `'.$MY_pre.'komentari`;');

header ('Location: admin.php?sayer=del_db&'.SID); exit;}}




/* Visu komentāru dzēšana */
if($act=="cleankomm"){

if(!$_GET['level']) {

echo adm_043.'<br><br><a href="admin.php?act=cleankomm&amp;level=1">'.sys_yes.'</a>';
echo ' | <a href="admin.php?">'.sys_nop.'</a>';
echo '<br><br>';

}else {

mysql_query('TRUNCATE TABLE `'.$MY_pre.'komentari`');

header ('Location: admin.php?sayer=delcomm_db&'.SID); exit;}}




/* Faila galvenais apraksts */
if($act=="about"){

$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));

if(!$_POST) {

echo adm_044.' '.$file['name'].':<br>';
echo '<form action="admin.php?act=about&amp;id='.$id.'" method="post">';
echo '<textarea cols="70" rows="10" name="text">'.htmlspecialchars($file['about']).'</textarea><br><br>';
echo '<input type="submit" value="'.adm_045.'"></form><br>';
echo adm_046.'<br><br>';

}else {

$filename = pathinfo($file['path']);
$dir = $filename['dirname'];
$back = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `".$MY_pre."faili` WHERE `path` = '".bb_kods(tirit($dir))."';"));
$write_bd = mysql_query("UPDATE `".$MY_pre."faili` SET about='".bb_kods(tirit($_POST['text']))."' WHERE `id` = ".$id);


if($_POST['text'] == ''){
header ('Location: about.php?id='.$id.'&sayer=about_del&'.SID); exit; }else{ 
header ('Location: about.php?id='.$id.'&sayer=about_add&'.SID); exit; }}}




/* Failu imports */
if($act=="import"){

if(!$_POST) {

$dirs = mysql_query('SELECT `path` FROM `'.$MY_pre.'faili` WHERE `size` = 0');

echo adm_047.'<br><br>';
echo sys_save.':<br>';
echo '<form action="admin.php?act=import" method="post">';
echo '<select size="1" width="70" name="topath">';
echo '<option value="'.$setup['dir_faili'].'/">./</option>';

while($item = mysql_fetch_assoc($dirs)) {
$name = str_replace($setup['dir_faili'].'/','',$item['path']);
$path = explode('/',$name);
$option = '';
unset($path[sizeof($path) - 1]);

foreach($path as $value) {

if(strpos($value,'!') !== false){
$name = trans($value);}else{
$name = $value;}
$option = $option.$name.'/';
}

echo '<option value="'.$item['path'].'">'.$option.'</option>';
}

echo '</select><br><br>';
echo adm_049.':<br><textarea cols="70" rows="10" name="files"></textarea><br>';
echo '<input type="submit" value="'.adm_050.'"></form><br>';
echo adm_051.'<br><br>';

}else {

$newpath = trim($_POST['topath']);

if(!empty($newpath)){

$text = explode("\n",$_POST['files']);

for($i = 0; $i < $sizeof = sizeof($text); $i++) {
$ex = pathinfo($text[$i]);
$ext = strtolower($ex['extension']);
$to = $newpath.$ex['basename'];

if(file_exists($to)){
echo sys_file.' '.$to.' '.adm_053.'<br></body></html>';
}

if($ext == 'php' or $ext == 'php2' or $ext == 'php3' or $ext == 'php4' or $ext == 'php5' or $ext == 'php6' or $ext == 'phtml' or $ext == 'cgi' or $ext == 'asp' or $ext == 'js' or $ext == 'phtm' or $ext == 'py' or $ext == 'pl'){echo $setup['hackmess'].'</body></html>';} 

chmod($newpath,0777);

@ini_set('user_agent',$_SERVER['HTTP_USER_AGENT']);

if(copy($text[$i],$to)) {

echo sys_file.' '.$text[$i].' '.adm_054.'<br>';

$upltime = filectime($to);
$ex = pathinfo($to);
$name = str_replace('.'.$ex['extension'],'',basename($to));

if(strpos($name,'!') !== false) {
$name = trans($name);}else {
$name = trans2($name);}

$size = filesize($to);
$infolder = dirname($to).'/';
$query = mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$to', '$name', '$infolder' , '$size' , '$upltime');");
}else {

echo sys_file.' '.$text[$i].' '.adm_056.'<br>';
}}
chmod($newpath,0777);

echo '<br><img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=import">'.adm_055.'</a><br>';


}else{header ('Location: admin.php?act=import&sayer=import_exists&'.SID);}}}




/* Failu augšuplāde */
if($act=="upload"){

if(!$_POST) {

$dirs = mysql_query('SELECT `path` FROM `'.$MY_pre.'faili` WHERE `size` = 0');

echo adm_057.' (<b>MAX - '.ini_get('upload_max_filesize').'</b>)<br><br>';
echo sys_save.':<br>';
echo '<form action="admin.php?act=upload" method="post" enctype="multipart/form-data">';
echo '<select size="1" width="70" name="topath">';
echo '<option value="'.$setup['dir_faili'].'/">./</option>';

while($item = mysql_fetch_assoc($dirs)) {
$name = str_replace($setup['dir_faili'].'/','',$item['path']);
$path = explode('/',$name);
$option = '';
unset($path[sizeof($path) - 1]);

foreach($path as $value) {
if(strpos($value,'!') !== false){ 
$name = trans($value);}else{ 
$name = $value;}
$option = $option.$name.'/';
}
echo '<option value="'.$item['path'].'">'.$option.'</option>';
}

echo '</select><br><br>';
echo adm_059.':<br>';
echo '<input name="userfile[]" type="file"><br>';
echo '<input name="userfile[]" type="file"><br>';
echo '<input name="userfile[]" type="file"><br>';
echo '<input name="userfile[]" type="file"><br>';
echo '<input name="userfile[]" type="file"><br>';

echo '<input type="submit" value="'.sys_upload.'"></form><br><br>';

}else {

$newpath = trim($_POST['topath']);

if(empty($newpath)){ header ('Location: admin.php?act=upload&sayer=import_exists&'.SID);}

for($i = 0; $i < sizeof($_FILES['userfile']['name']); $i++) {

if(empty($_FILES['userfile']['name'][$i])) {
continue;}

$name = $_FILES['userfile']['name'][$i];
$ex = pathinfo($name);
$ext = strtolower($ex['extension']);
$to = $newpath.$name;

if($ext == 'php' or $ext == 'php3' or $ext == 'php4' or $ext == 'php5' or $ext == 'php6' or $ext == 'phtml' or $ext == 'cgi' or $ext == 'asp' or $ext == 'js' or $ext == 'phtm' or $ext == 'py' or $ext == 'pl'){
die($setup[hackmess]);}

if(file_exists($to)){
die(adm_061.'<br>');}

chmod($newpath,0777);

if(move_uploaded_file($_FILES['userfile']['tmp_name'][$i],$to)) {

echo sys_file.' '.$name.' '.adm_062.'<br>';

$upltime = filectime($to);
$ex = pathinfo($to);
$ex = $ex['extension'];
$name = str_replace('.'.$ex,'',basename($to));
$size = filesize($to);
$infolder = dirname($to).'/';

if(strpos($name,'!') !== false) {
$name = trans($name);}else {
$name = trans2($name);}

$query = mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$to', '$name', '$infolder' , '$size' , '$upltime');");
chmod($to,0644);}else{  
echo sys_file.' '.$name.' '.adm_063.'<br>';}}
chmod($newpath,0777);

echo '<br><img src="pic/main/dot2.gif" alt=""> <a href="admin.php?act=upload">'.sys_upload.'</a><br>';

}}




/* Jauna mape */
if($act=="newdir"){

if(!$_POST) {

echo adm_065.'<br><br>';
echo '<form action="admin.php?act=newdir&amp;backid='.$backid.'&amp;id='.$id.'" method="post">';
echo sys_name.':<br>';
echo '<input name="dirnew" type="text" size="70" value=""><br><br>';
echo '<input name="tr" type="checkbox" value="1" checked="checked">';
echo adm_067.'<br>';
echo '<input type="submit" value="'.sys_create.'"></form><br><br>';

}else {

if(empty($_POST['dirnew'])) {
header ('Location: admin.php?act=addico&sayer=newdir_empty&backid='.$backid.'&id='.$id.'&'.SID); exit; }

$dirnew = tirit(dzest($_POST['dirnew']));
$name = '*'.$dirnew;
if($_POST['tr'] == 1) {$dirnew = '!'.retrans($dirnew);}
if(!$id) {$d['path'] = $setup['dir_faili'].'/';

}else {

$d = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));
}

chmod($d['path'],0777);
$dirnew = trim($d['path']).trim($dirnew).'/';

if(mkdir($dirnew,0777) AND mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `timeupload`, `loads`, `yes` ) VALUES ('".$dirnew."', '$name', '".$d['path']."', '9999999999', '9999999999', '9999');")) {

$screen = $setup['dir_screen'].substr($dirnew,strlen($setup['dir_faili']));
mkdir($screen,0777);
chmod($screen,0777);

$desc = $setup['dir_about'].substr($dirnew,strlen($setup['dir_faili']));
mkdir($desc,0777);
chmod($desc,0777);
chmod($dirnew,0777);

header ('Location: index.php?sayer=newdir_yes&id='.$backid.'&'.SID); exit; }else {
header ('Location: index.php?sayer=newdir_no&id='.$backid.'&'.SID); exit; }}}




/* Failu DB atjaunošana noteiktām mapēm */
if($act=="flash"){

$file_info = mysql_fetch_assoc(mysql_query('SELECT `path` FROM `'.$MY_pre.'faili` WHERE `id` = '.$id.' AND `size` = 0'));

if(!is_dir($file_info['path'])){header ('Location: index.php?sayer=dir_noexist&'.SID); exit; }

function scaner($paths) {
$paths = $paths.'/*';
$array = glob($paths);
static $file_aray;
foreach($array as $vv) {
if(is_dir($vv)) {
$file_aray[] = $vv.'/';
scaner($vv);
}else {
if(basename($vv) == 'folder.png'){ continue;}
$file_aray[] = $vv;}}

return $file_aray;}

$file_array = scaner(mb_substr($file_info['path'],0,mb_strlen($file_info['path']) - 1));
$addfolder = $addfiles = 0;
$reses = mysql_query('SELECT `id`,`path` FROM `'.$MY_pre.'faili`');

while($array = mysql_fetch_assoc($reses)) {
$array_path[$array['id']] = $array['path'];}

foreach($file_array as $value) {

if(@in_array($value,$array_path) === false) {
$upltime = filectime($value);
$name = basename($value);
$pathinfo = pathinfo($value);
$ext = $pathinfo['extension'];
$name = str_replace('.'.$ext,'',$name);
$infolder = dirname($value).'/';
$size = filesize($value);

if(strpos($name,'!') !== false) {
$name = trans($name);}else {
$name = trans2($name);}

if(is_dir($value)) {
$query = mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `timeupload`, `loads`, `yes` ) VALUES ('$value', '*".
$name."', '$infolder', '9999999999', '9999999999', '9999');");
$addfolder++;

}else {

$query = mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$value', '$name', '$infolder' , '$size' , '$upltime');");

$addfiles++;
}}}
header ('Location: index.php?sayer=flash_ok&id='.$backid.'&folders='.$addfolder.'&files='.$addfiles.'&'.SID); exit; }




/* Arhīva atrhivēšana arhīva atrašanās vietā */
if($act=="unpack"){

$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));
$dir = dirname($file['path']).'/';
chmod($folder['path'],0777);
$zip = new PclZip($file['path']);

if(!$zip->extract(PCLZIP_OPT_PATH,$dir)){
header ('Location: index.php?sayer=unzip_no&id='.$backid.'&'.SID); exit; }else{

chmod($folder['path'],0777);
header ('Location: index.php?sayer=unzip_yes&id='.$backid.'&'.SID); exit; }}




/* Faila dzēšana */
if($act=="refile"){

$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id.' ORDER BY `name`'));


if(!is_file($file['path'])){
header ('Location: index.php?sayer=refile_doesnt&id='.$backid.'&'.SID); exit; }
$ex = explode('/',$file['path']);
$f_chmod = null;
foreach($ex as $chmod) {
$f_chmod .= $chmod;
if(is_dir($f_chmod)) {$f_chmod = $f_chmod.'/';}
chmod($f_chmod,0777);}
if(!unlink($file['path'])){
header ('Location: index.php?sayer=refile_error&folderis='.$file['path'].'&id='.$backid.'&'.SID); exit;}
$query = mysql_query('DELETE FROM `'.$MY_pre.'faili` WHERE `id` = '.$id) or header ('Location: index.php?sayer=refile_errordb&id='.$backid.'&'.SID); 
$f_chmod = null;
foreach($ex as $chmod) {
$f_chmod .= $chmod;
if(is_dir($f_chmod)) {$f_chmod = $f_chmod.'/';}
if($f_chmod != $setup['dir_faili'].'/') {chmod($f_chmod,0777);}}
header ('Location: index.php?sayer=file_del&folderis='.$file['name'].'&id='.$backid.'&'.SID); exit;}




/* Priekšskata augšuplāde */
if($act=="screen"){
$info = mysql_fetch_assoc(mysql_query('SELECT * FROM `'.$MY_pre.'faili` WHERE `id` = '.$id));
$info['path'] = strstr($info['path'],'/');
$to = $setup['dir_screen'].$info['path'].'.gif';

if(!$_FILES) {
if(empty($backid)){$backid=$id;}

echo adm_069.'<br><br>';
echo '<form action="admin.php?act=screen&amp;backid='.$backid.'&amp;id='.$id.'" method="post" enctype="multipart/form-data">';
echo sys_prew.':<br>';
echo '<input name="scr" type="file"><br>';
echo '<input type="submit" value="'.sys_upload.'"></form><br><br>';

}else {

$name = htmlspecialchars($_FILES['scr']['name']);
$ex = pathinfo($name);
$ext = strtolower($ex['extension']);

if(($ext != 'gif' && $ext != 'jpg' && $ext != 'jpe' && $ext != 'jpeg' && $ext != 'png') && ($backid==$id)){
header ('Location: about.php?id='.$id.'&sayer=screen_formats&'.SID); exit; 

}elseif($ext != 'gif' && $ext != 'jpg' && $ext != 'jpe' && $ext != 'jpeg' && $ext != 'png'){
header ('Location: index.php?id='.$backid.'&sayer=screen_formats&'.SID); exit; 
}

chmod($setup['dir_screen'],0777);
$dirs = explode('/',$to);
$all = sizeof($dirs) - 1;
$tmp = $setup['dir_screen'].'/';

for($i = 1; $i < $all; ++$i) {
$tmp .= $dirs[$i].'/';
mkdir($tmp,0777);
chmod($tmp,0777);
}

if(move_uploaded_file($_FILES['scr']['tmp_name'],$to)) {
chmod($to,0666);
if($ext == 'jpg' || $ext == 'jpe' || $ext == 'jpeg') {
$im = imagecreatefromjpeg($to);
imagegif($im,$to);
imagedestroy($im);
} elseif($ext == 'png') {
$im = imagecreatefrompng($to);
imagegif($im,$to);
imagedestroy($im);
}
if($backid==$id){
header ('Location: about.php?id='.$id.'&sayer=screen_yes&folderis='.$name.'&'.SID); exit; }else{
header ('Location: index.php?sayer=screen_yes&folderis='.$name.'&id='.$backid.'&'.SID); exit; }}else {
if($backid==$id){
header ('Location: about.php?id='.$id.'&folderis='.$name.'&sayer=screen_no&'.SID); exit; }else{
header ('Location: index.php?sayer=screen_no&folderis='.$name.'&id='.$backid.'&'.SID); exit; }}}}




/* Failu rakstīšana DB */
if($act=="scaner"){

$currtime = $sitetime;
$addfolder = $addfiles = 0;
chmod($setup['dir_screen'],0777);
chmod($setup['dir_about'],0777);
$reses = mysql_query('SELECT `id`,`path` FROM `'.$MY_pre.'faili`;');

while($arr = mysql_fetch_row($reses)) {
$array_path[$arr[0]] = $arr[1];
}

function scaner($path) {
static $f_arr;
chmod($path,0777);
$arr = glob($path.'/*');
foreach($arr as $vv) {

if(is_dir($vv)) {
$f_arr[] = $vv.'/';
scaner($vv);
}else {

if(basename($vv) == 'folder.png') {
continue;
}else {$f_arr[] = $vv;}}}
return $f_arr;}

$file_array = scaner($setup['dir_faili']);
$upltime = time();
foreach($file_array as $value) {

if(!in_array($value,$array_path)) {
$pathinfo = pathinfo($value);
$name = str_replace('.'.$pathinfo['extension'],'',basename($value));
$infolder = dirname($value).'/';
$size = filesize($value);
if(strpos($name,'!') !== false) {
$name = trans($name);
}else { $name = trans2($name); }

if(is_dir($value)) {
mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `timeupload`, `loads`, `yes` ) VALUES ('".mysql_real_escape_string($value)."', '*".mysql_real_escape_string($name)."', '".mysql_real_escape_string($infolder)."', '9999999999', '9999999999', '$upltime');");
$addfolder++;

$screen = $setup['dir_screen'].substr($value,strlen($setup['dir_faili']));
mkdir($screen,0777);
chmod($screen,0777);

$desc = $setup['dir_about'].substr($value,strlen($setup['dir_faili']));
mkdir($desc,0777);
chmod($desc,0777);

}else {

mysql_query("INSERT INTO `".$MY_pre."faili` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('".mysql_real_escape_string($value)."', '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($infolder)."' , '$size' , '$upltime');");
$addfiles++;}}}
header ("Location: ".BASE."admin.php?sayer=flash_ok&folders=".$addfolder."&files=".$addfiles."&".SID); 
exit;
}


/* Komentāra dzēšana */
if($act=="allkom_delete"){	


$del = mysql_query('DELETE FROM `'.$MY_pre.'komentari` WHERE `id` = '.intval($_GET['id']).' LIMIT 1');

if($del) {
header ("Location: ".BASE."allkomm.php?sayer=del_all_suces&page=".$page."&".SID); 
}else {
header ("Location: ".BASE."allkomm.php?sayer=del_all_suces_no&page=".$page."&".SID); 
}
}
echo'<img src="pic/main/dot.gif" alt=""> <a href="admin_login.php?action=exit&amp;'.SID.'">EXIT</a><br>';

} else {
echo '<img src="pic/main/head.gif" alt=""> <b>'.adm_072.'</b><br><br>';

echo'<form method="post" action="'.BASE.'admin_login.php?'.SID.'">';
echo sys_nick.':<br><input name="login" value="'.$_COOKIE['cookname'].'" /><br>';
echo adm_074.':<br><input name="pass" type="password" /><br><br>';
echo'<input value="'.adm_075.'" type="submit" /></form><hr>';



echo'<br>'.adm_076.'<br>';
}


/* Beigas */
echo'<img src="pic/main/dot.gif" alt=""> <a href="index.php?'.SID.'">'.sys_dl.'</a><br>';
echo'<img src="pic/main/home.gif" alt=""> <a href="'.$setup['home'].'?'.SID.'">'.sys_home.'</a><br>';


include_once"thm/$setup[thm]/foot.php";


?>