Просмотр файла orf.php

<?php
include 'inc/db.php';
include 'inc/1.php';
if (!$_GET['id'])header("Location: /obmen.php");
$id=intval($_GET['id']);
$a=mysql_query("SELECT * FROM `obmen` WHERE `razdel` = '$id' ORDER BY `id` DESC");
if ($_GET['delete'] && ($user['admin']==1)){
$del=intval($_GET['delete']);
mysql_query("DELETE FROM `obmen` WHERE `id` = '$del'");
header("Location: /orf.php?id=$id");
}
if ($_GET['edit'] && ($user['admin']==1)){
if (!$_POST['eok']){
$n=mysql_query("SELECT * FROM `obmen_t` WHERE `id` = '$id'");
$e=mysql_fetch_assoc($n);
echo "<form action='?edit=1&id=$id' method='POST'>Имя:<br><input type='text' name='ename' value='".htmlspecialchars($e['name'])."'><br>Описание:<br><textarea name='emsg'>".htmlspecialchars($e['opis'])."</textarea><br><input type='submit' name='eok' value='Изменить'></form>";
include_once 'inc/foot.php';
exit;
}
elseif ($_POST['eok'] && $_POST['ename'])
{
$name=mysql_escape_string($_POST['ename']);
$msg=mysql_escape_string($_POST['emsg']);
mysql_query("UPDATE `obmen_t` SET `name` = '$name', `opis` = '$msg' WHERE `id` = '$id'");
echo "<div class='msg'>Изменено</div>";
}
}
echo "<div class='p0'><a href='onewf.php?id=$id'>Выгрузить файл</a>";
if ($user['admin']==1)echo " | <a href='?id=$id&edit=1'>Изменить</a>";
echo "</div>";
if (mysql_num_rows($a)==0)echo "<div class='p1'>Файлов нет!</div>";
$b=1;
while ($f=mysql_fetch_assoc($a)){
$o=($b%2);
$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[user]'"));
echo "<div class='p$o'>- <a href='file.php?id=$f[id]'>".htmlspecialchars($f['name']).".".htmlspecialchars($f['ras'])."</a>";
//if ($user['admin']==1)echo " <a href='?id=$id&delete=$f[id]'>[<font color='red'>x</font> удал]</a>";
echo "<br>$ank[name] (".vremja($f['time']).")</div>";
$b++;
}
$rf=mysql_fetch_assoc(mysql_query("SELECT * FROM `obmen_t` WHERE `id` = '$id'"));
echo "<div class='p0'><a href='orazdel.php?id=$rf[razdel]'>".htmlspecialchars($rf['name'])."</a></div>";
include_once 'inc/foot.php';
?>