Просмотр файла modules/smiles/create.php

Размер файла: 5.02Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author:  Nikoloz Sitchinava [sitchi]      //
// Link:        http://sitchicms.num.ge          //
// Skype:       SitchiCMS                        //
// License:     LICENSE.txt (see attached file)  //
// Version:     VERSION.txt (see attached file)  //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
define('_SITCHICMS', 1);
$root_path='../../'; 
require $root_path.'includes/db_connect.php';
require $root_path.'includes/start.php';
require $root_path.'includes/header.php';
require $root_path.'includes/functions.php';
require $root_path.'includes/head.php'; // თავი
$lng_smiles = load_lng('smiles');
if (!isset($_GET['act']))
{
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL)
header("Location: ".$_SERVER['HTTP_REFERER']);
else
header("Location: index.php?".SID);
}else{
$act=htmlspecialchars(trim($_GET['act']));
}
switch ($act) 
{
/**სმაილის დამატება**/
case 'create_smile':
if (isset($_GET['id_dir']) && is_numeric($_GET['id_dir']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `smiles_dir` WHERE `id` = '".intval($_GET['id_dir'])."' LIMIT 1",$dblink), 0)==1)
{
$id_dir=intval(abs($_GET['id_dir']));
$dir = mysql_fetch_assoc(mysql_query("SELECT * FROM `smiles_dir` WHERE `id` = '".$id_dir."' LIMIT 1"));
}else{
header("Location: index.php?".SID);
} 
if(isset($_POST['sim']) && isset($_FILES['file']))
{
$sim = stripslashes(trim($_POST['sim']));
$size=intval($_FILES['file']['size']);
$parts = pathinfo($_FILES['file']['name']);
if(mb_strlen($sim)<2)
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_6'].'.(min 2)</div>';
}
if(mb_strlen($sim)>48)
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_7'].'.(max 48)</div>';
}
if(mysql_num_rows(mysql_query('SELECT * FROM `smiles_list` WHERE `sim`="'.$sim.'" LIMIT 1')))
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_8'].'</div>';
}
if ($size>1024*1024)
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_9'].'(max 1M)</div>';
}
if ($parts['extension']!=='gif')
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_10'].'</div>';
}
if(!isset($err))
{
mysql_query("INSERT INTO `smiles_list` (name, id_dir, sim) values('".mres($parts['filename'])."', '$dir[id]', '".$sim."')");
copy($_FILES['file']['tmp_name'], $root_path.'/files/smiles/'.$parts['basename']);
  
header("Location: index.php?act=view_dir&id_dir=$dir[id]&".SID);
}
}
head(''.$lng['1_48'].' | '.$lng_smiles['1_11'].''); 
echo'<div class="hdr"><b><a href="index.php">'.$lng['1_48'].'</a></b></div>';
err();
echo'<form action="create.php?act=create_smile&amp;id_dir='.$dir['id'].'" method="POST" enctype="multipart/form-data"><div class="egmenu">';
echo''.$lng_smiles['1_12'].'(max 48).'.$lng_smiles['1_13'].' :-) <br/>';
echo'<input name="sim" type="text" maxlength="48"><br/>';
echo'<input type="hidden" name="MAX_FILE_SIZE" value="1048576">';
echo''.$lng_smiles['1_14'].':<br/><input name="file" type="file"><br/>';
echo'<input name="submit" type="submit" value="'.$lng['1_8'].'"></div></form>';
require $root_path.'includes/end.php'; // დასასრული 
break;
/**განყოფილების შექმნა**/
case 'create_dir':
if(isset($user) && $user['level']>=8)
{
if(isset($_POST['dir']))
{
$dir = stripslashes(htmlspecialchars(trim($_POST['dir'])));
if(mb_strlen($dir)<4)
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_15'].'.(min 4)</div>';
}else
if(mb_strlen($dir)>32)
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_16'].'.(max 32)</div>';
}
if($_POST['code']!=$_SESSION['rand'])
{
$err[] = '<div class="errmenu">'.$lng_smiles['1_17'].'</div>';
}
if(!isset($err))
{
mysql_query("INSERT INTO `smiles_dir` (`name`) values('$dir')");
head(''.$lng['1_48'].' | '.$lng_smiles['1_18'].'');
echo'<div class="hdr"><b><a href="index.php">'.$lng['1_48'].'</a> | '.$lng_smiles['1_18'].'</b></div>';
msg('<div class="menu">'.$lng_smiles['1_19'].'</div>');
echo'<a href="/modules/smiles/">'.$lng['1_48'].'</a>';
require $root_path.'includes/end.php'; // დასასრული
}
}
$_SESSION['rand']='';
head(''.$lng['1_48'].' | '.$lng_smiles['1_18'].''); 
echo'<div class="hdr"><b><a href="index.php">'.$lng['1_48'].'</a> | '.$lng_smiles['1_18'].'</b></div>';
err();
echo'<form method="POST" action="create.php?act=create_dir"><div class="egmenu">';
echo''.$lng_smiles['1_20'].'(max 32):<br/><input type="text" name="dir" maxlength="32" /><br/>';
echo'<img src="/pages/captcha.php" alt=""  /><br/>';
echo'<input type="text" name="code" maxlength="4" size="4" /><br/>';
echo'<input type="submit" name="save" value="'.$lng['1_8'].'" />';
echo'</div></form>';
require $root_path.'includes/end.php'; // დასასრული
}else{
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!=NULL)
header("Location: ".$_SERVER['HTTP_REFERER']);
else
header("Location: index.php?".SID);
}
break;
}
require $root_path.'includes/end.php'; // დასასრული
?>