Просмотр файла blog/file.php

Размер файла: 3.7Kb
<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';

only_reg();

$set['title']='Блоги - Файлы';
include_once '../sys/inc/thead.php';
title();
aut();

if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php?");exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_list` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1",$db), 0)==0){header("Location: index.php?".SID);exit;}
$blog=mysql_fetch_array(mysql_query("select * from `blog_list` where `id`='".intval($_GET['id'])."';"));

if (($user['level'] < 4) && ($user['id'] !=$blog['id_user']))
{
$set['title']='Ошибка';
include_once '../sys/inc/thead.php';
title();
aut();
echo "У вас нету прав доступа к этой странице!";
echo"<div class='foot'>\n";
echo"<a href='index.php'>Блоги</a><br />\n";
echo"</div>\n";
include_once '../sys/inc/tfoot.php';
exit();
}



if (isset($user) && isset($_GET['add']) && isset($_FILES['file_f']) && ereg('\.', $_FILES['file_f']['name']) && isset($_POST['file_s']))
{

$file=esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name'])));
$name=eregi_replace('\.[^\.]*$', NULL, $file); // имя файла без расширения
$ras=strtolower(eregi_replace('^.*\.', NULL, $file));
$tmp_name=$_FILES['file_f']['tmp_name'];
$size=filesize($_FILES['file_f']['tmp_name']);
$type=$_FILES['file_f']['type'];


mysql_query("INSERT INTO `blog_files` (`id_blog`, `name`, `ras`, `size`, `type`) values('".intval($_GET['id'])."', '".$name."', '".$ras."', '".$size."', '".$type."')");
$file_id=mysql_insert_id();
copy($_FILES['file_f']['tmp_name'], H.'blog/files/'.$file_id.'.frf');


msg('Файл добавлен');

}
elseif (isset($_GET['del']) && is_file(H.'blog/files/'.intval($_GET['del']).'.frf') && mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' && `id_blog` = '".intval($_GET['id'])."'"),0))
{
mysql_query("DELETE FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' LIMIT 1");
unlink(H.'blog/files/'.intval($_GET['del']).'.frf');
msg('Файл удалён');
}



err();
$q_f=mysql_query("SELECT * FROM `blog_files` WHERE `id_blog` = '".intval($_GET['id'])."'");
while ($file = mysql_fetch_assoc($q_f))
{




if (is_file(H.'style/themes/'.$set['set_them'].'/loads/14/'.$file['ras'].'.png'))
{
echo "<img src='/style/themes/$set[set_them]/loads/14/$file[ras].png' alt='$file[ras]' />\n";
if ($set['echo_rassh_forum']==1)$ras=".$file[ras]";else $ras=NULL;
}
else
{
echo "<img src='/style/themes/$set[set_them]/forum/14/file.png' alt='' />\n";
$ras=".$file[ras]";
}





echo "<a href='files.php?id=$file[id]'>$file[name]$ras</a> (".size_file($file['size']).") \n";



echo "<a href='?id=".intval($_GET['id'])."&amp;del=$file[id]' title='Удалить из списка'><img src='/style/themes/$set[set_them]/forum/14/del_file.png' alt='' /></a>\n";


echo "<br />\n";


echo " | ";

echo "Скачано: $file[count] раз(а) ";
echo "<br />\n";
}






echo "<form method='post' name='message' enctype='multipart/form-data' action='file.php?id=".intval($_GET['id'])."&amp;add'>\n";

echo "<input name='file_f' type='file' /><br />\n";

echo "<input name='file_s' value='Прикрепить файл' type='submit' /><br />\n";
echo"</form>";

echo"<div class='foot'>\n";
echo"<a href='list.php?id=".intval($_GET['id'])."'>Назад</a><br />\n";
echo"<a href='index.php'>Блоги</a><br />\n";
echo"</div>\n";

include_once '../sys/inc/tfoot.php';

?>