<?php
// by Mike O. (mides), coolcms.mobi
$title = 'ЗЦ';
require_once 'system/sys.php';
require_once 'system/header.php';
$type = 'loads';
switch ($act) {
default:
tp($lang['downloads']);
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `time` > '".(time()-86400)."' and `ok` = 1"), 0);
if ($total > 0) {
echo '<b><a href="?act=newfiles">'.$lang['newfiles'].'</a> ('.$total.')</b><br /><br />';
} else {
echo '<a href="?act=newfiles">'.$lang['newfiles'].'</a> ('.$total.')<br /><br />';
}
$cats_r = mysql_query("SELECT `id`, `name` FROM `loads_cats` ORDER BY `name`");
if (mysql_num_rows($cats_r)) {
while ($cat = mysql_fetch_assoc($cats_r)) {
$loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_cat` = '$cat[id]' and `ok` = 1"), 0);
echo '<a href="?act=cat&id='.$cat['id'].'">'.$cat['name'].'</a> ('.$loads.')<br />';
}
} else {
echo 'Разделы не созданы.<br />';
}
if ($u['id']) {
echo '<br /><a href="?act=file_add">Добавить файл</a>';
}
if ($u['access'] > 1) {
echo '<br /><a href="?act=moderate">Модерировать</a>';
}
nav_main();
break;
case 'newfiles':
echo '<div class="title"><a href="?">'.$lang['dl'].'</a> > '.$lang['newfiles'].'</div><div class="list">';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `time` > '".(time()-86400)."' and `ok` = 1"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$loads_r = mysql_query("SELECT * FROM `loads` WHERE `time` > '".(time()-86400)."' and `ok` = 1 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($load = mysql_fetch_assoc($loads_r)) {
if (!isset($num) ) $num = 1;
$num++;
$row_class = (!($num % 2)) ? 'row1' : 'row2';
$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
echo '<div class="'.$row_class.'">
<a href="?act=view&id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')';
if ($u['access'] > 1) echo ' <a href="?act=file_edit&id='.$load['id'].'">ред</a>';
if ($u['access'] == 3) echo '/<a href="?act=file_del&id='.$load['id'].'">уд</a>';
echo '<br />
'.$lang['comments'].': '.$comm.'<br />
'.$lang['added_by'].': '.login($load['id_user']).' ('.ccdate($load['time'], 0).')
</div>';
}
navig($page, '?act=newfiles&', $pages);
} else {
echo $lang['nothing_yet'];
}
nav('?');
break;
case 'cat':
$cat = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `loads_cats` WHERE `id` = '$id'"));
if ($cat['name']) {
tp('<a href="?">ЗЦ</a> > '.$cat['name']);
$subcats_r = mysql_query("SELECT `id`, `name` FROM `loads_subcats` WHERE `id_cat` = '$id' ORDER BY `name`");
if (mysql_num_rows($subcats_r)) {
while ($subcat = mysql_fetch_assoc($subcats_r)) {
$loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$subcat[id]' and `ok` = 1"), 0);
echo '<a href="?act=subcat&id='.$subcat['id'].'">'.$subcat['name'].'</a> ('.$loads;
if (access(3)) {
echo ', <a href="?act=subcat_update&id='.$subcat['id'].'">обн</a>';
}
echo ')<br />';
}
} else {
echo 'Подразделы не созданы.';
}
} else {
error('Выбранный раздел не существует.');
}
nav2('?', 'Загрузки');
break;
case 'subcat':
$subcat = mysql_fetch_assoc(mysql_query("SELECT `id_cat`, `name` FROM `loads_subcats` WHERE `id` = '$id'"));
if ($subcat['name']) {
$cat = mysql_fetch_assoc(mysql_query("SELECT `id`, `name` FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
echo '<div class="title"><a href="?">ЗЦ</a> > <a href="?act=cat&id='.$cat['id'].'">'.$cat['name'].'</a> > '.$subcat['name'].'</div><div class="list">';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$id' and `ok` = 1"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$loads_r = mysql_query("SELECT * FROM `loads` WHERE `id_subcat` = '$id' and `ok` = 1 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($load = mysql_fetch_assoc($loads_r)) {
if (!isset($num) ) $num = 1;
$num++;
$row_class = (!($num % 2)) ? 'row1' : 'row2';
$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
echo '<div class="'.$row_class.'">
<a href="?act=view&id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')';
if ($u['access'] > 1) echo ' <a href="?act=file_edit&id='.$load['id'].'">ред</a>';
if ($u['access'] == 3) echo '/<a href="?act=file_del&id='.$load['id'].'">уд</a>';
echo '<br />
Комментарий: '.$comm.'<br />
</div>';
}
navig($page, '?act=subcat&id='.$id.'&', $pages);
} else {
echo 'Пусто.';
}
nav2('?act=cat&id='.$subcat['id_cat'], $cat['name']);
} else {
error('Выбранный подраздел не существует.');
nav_main();
}
break;
case 'subcat_update':
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$id'");
$subcat = mysql_fetch_assoc($subcat_r);
tp('Обновление подраздела "'.$subcat['name'].'"');
$ftpfiles = glob('inc/loads/'.$subcat['path'].'/*', GLOB_NOSORT);
foreach ($ftpfiles as $ftpfile) {
$file = basename($ftpfile);
if (!mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `id_subcat` = '$id' and `file` = '$file'"))) {
mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$id', `id_user` = '$u[id]', `name` = '$file', `file` = '$file', `time` = '".TIME."', `ok` = 1");
echo 'Файл <u>'.$file.'</u> добавлен.<br />';
}
}
nav('?act=cat&id='.$subcat['id_cat']);
break;
case 'view':
$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id' and `ok` = 1"));
if ($load['id']) {
tp($load['name']);
if ($load['desc']) echo bb($load['desc']).'<br />';
if ($load['author']) echo '<br />Автор файла: '.$load['author'];
if ($load['site'] and $load['author']) {
echo ' (<a href="http://'.$load['site'].'">http://'.$load['site'].'</a>)';
} elseif ($load['site']) {
echo '<br>Сайт: <a href="http://'.$load['site'].'">http://'.$load['site'].'</a>';
}
echo '<br />';
echo 'Добавлено: <a href="profile.php?id='.$load['id_user'].'">'.login($load['id_user']).'</a> ('.date('d.m.y, H:i', $load['time']).')<br /><br />';
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
echo '<a href="inc/loads/'.$subcat['path'].'/'.$load['file'].'">Скачать</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')<br />
<a href="?act=comm&id='.$load['id'].'">Комментарии</a> ('.$comm.')<br /><br />';
if ($u['id']) echo 'Скопировать адрес:<br /><input name="file" type="text" value="'.HTTPHOME.'/inc/loads/'.$subcat['path'].'/'.$load['file'].'" /><br />';
echo 'BB-код для форума:<br /><input name="bb_code" type="text" value="[url='.HTTPHOME.'/loads.php?act=view&id='.$load['id'].']'.$load['name'].'[/url]" /><br />';
if ($u['access'] > 1) echo '<br />- <a href="?act=file_edit&id='.$load['id'].'">Редактировать</a><br />';
if ($u['access'] == 3) echo '- <a href="?act=file_del&id='.$load['id'].'">Удалить</a><br />';
nav2('?act=subcat&id='.$load['id_subcat'], $subcat['name']);
} else {
error('Выбранный файл не существует.');
nav('?');
}
break;
case 'file_add':
if ($ok) {
function getext($filename) {
return end(explode(".", $filename));
}
$current_ext = getext(basename($_FILES['file']['name']));
$allowed_ext = explode('|', $config['allowed_ext']);
if (!in_array($current_ext, $allowed_ext)) {
error('Запрещенный формат файла.');
nav('?act=file_add');
break;
}
if (empty($_POST['subcat'])) {
error('Не выбран подраздел.');
nav('?act=file_add');
break;
}
if (empty($_POST['name'])) {
error('Не указано название.');
nav('?act=file_add');
break;
}
if (empty($_FILES['file']['name'])) {
error('Не выбран файл.');
nav('?act=file_add');
break;
}
$subcat_id = abs(intval($_POST['subcat']));
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$subcat_id'"));
if (!isset($subcat['id'])) {
error('Выбранный подраздел не существует.');
nav('?act=file_add');
break;
}
$file = $u['id'].'_'.check(basename($_FILES['file']['name']));
if (mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `file` = '$file'"))) {
error('Такой файл уже есть в ЗЦ.');
nav('?act=file_add');
break;
}
$name = check($_POST['name']);
$desc = check($_POST['desc']);
$author = check($_POST['author']);
$site = check($_POST['site']);
copy($_FILES['file']['tmp_name'], 'inc/loads/'.$subcat['path'].'/'.$file);
mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$subcat[id]', `id_user` = '$u[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `file` = '$file', `time` = '".time()."'");
$adm_r = mysql_query("SELECT `id` FROM `users` WHERE `access` > 1");
while ($adm = mysql_fetch_assoc($adm_r)) {
sendpm($adm['id'], 'Появился новый файл в ЗЦ. <a href="loads.php?act=moderate">Проверьте</a>.');
}
info('Файл загружен. После модерации он появится в ЗЦ. Вы будете уведомлены.');
nav('?');
} else {
tp('Добавить файл');
echo '<form name="form" action="?act=file_add&ok=1" method="post" enctype="multipart/form-data" name="form">
Выберите <b>подраздел</b>*:<br /><select name="subcat">';
$cat_r = mysql_query("SELECT * FROM `loads_cats` ORDER BY `name`");
while ($cat = mysql_fetch_assoc($cat_r)) {
echo '<option value="0">'.$cat['name'].'</option>';
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id_cat` = '$cat[id]' ORDER BY `name`");
while ($subcat = mysql_fetch_assoc($subcat_r)) {
echo '<option value="'.$subcat['id'].'">-- '.$subcat['name'].'</option>';
}
}
echo '</select><br />
Название(max50)*:<br /><input name="name" type="text" maxlength="50" /><br />
Описание:<br /><textarea name="desc" cols="" rows="4"></textarea><br />
Автор(max20):<br /><input name="author" type="text" maxlength="20" /><br />
Сайт(<del>http://</del>, max20):<br /><input name="site" type="text" maxlength="20" /><br />
Выбрать файл*:<br /><input name="file" type="file" size="file" /><br />
<input name="submit" type="submit" value="Ok" />
</form>';
nav('?');
}
break;
case 'file_edit':
if ($u['access'] > 1) {
$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id'"));
if ($load['id']) {
if (isset($_GET['ok'])) {
if ($_POST['name']) {
$scat_current = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if (empty($_POST['action'])){
unlink('inc/loads/'.$scat_current['path'].'/'.$load['file']);
mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
header('location: ?act=subcat&id='.$load['id_subcat']);
} else {
$scat_new_id = abs(intval($_POST['subcat']));
$scat_new = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$scat_new_id'"));
$name = check($_POST['name']);
$desc = check($_POST['desc']);
$author = check($_POST['author']);
$site = check($_POST['site']);
if ($scat_new_id != $scat_current['id']) {
$rename = rename('inc/loads/'.$scat_current['path'].'/'.$load['file'], 'inc/loads/'.$scat_new['path'].'/'.$load['file']);
if ($rename == FALSE) {
error('Не получилось переместить файл. Возможно папка, в которую хотите переместить файл, не существует или права доступа не позволяют делать запись.');
nav('?act=file_edit&id='.$id);
break;
}
}
mysql_query("UPDATE `loads` SET `id_cat` = '$scat_new[id_cat]', `id_subcat` = '$scat_new[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `ok` = 1 WHERE `id` = '$id'");
if (empty($load['ok'])) {
sendpm($load['id_user'], 'Ваш файл <b><a href="loads.php?act=view&id='.$load['id'].'">'.$load['name'].'</a></b> был успешно промодерирован.');
}
header('location: ?act=view&id='.$id);
}
} else {
header('location: ?act=file_edit&id='.$id);
}
} else {
tp('Редактирование инфо о файле');
echo 'Находится в:<br />
<form name="form" action="?act=file_edit&id='.$id.'&ok=1" method="post">
<select name="subcat">';
$subcat_r1 = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'");
$subcat1 = mysql_fetch_assoc($subcat_r1);
$cat1 = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat1[id_cat]'"));
echo '<option value="'.$subcat1['id'].'">'.$cat1['name'].' > '.$subcat1['name'].'</option>';
$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` != '$load[id_subcat]' ORDER BY `id_cat`, `name`");
while ($subcat = mysql_fetch_assoc($subcat_r)) {
$cat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
echo '<option value="'.$subcat['id'].'">'.$cat['name'].' > '.$subcat['name'].'</option>';
}
echo '</select><br />
Название(max50):<br /><input name="name" type="text" maxlength="50" value="'.$load['name'].'" /><br />
Описание:<br /> '.bbpanel('form', 'text').'<textarea name="desc" cols="" rows="3">'.$load['desc'].'</textarea><br />
Автор(max20):<br /><input name="author" type="text" maxlength="20" value="'.$load['author'].'" /><br />
Сайт(max20):<br /><input name="site" type="text" maxlength="20" value="'.$load['site'].'" /><br />
Действие:<br />
<select name="action">';
if (empty($load['ok'])) {
echo '<option value="1">Ред-ть, добавить в ЗЦ</option>';
} else {
echo '<option value="1">Ред-ть</option>';
}
echo '<option value="0">Удалить</option>
</select><br />
<input name="submit" type="submit" value="Ok" />
</form>';
nav('?act=view&id='.$id);
}
} else {
error('Файл не существует.');
nav('?');
}
} else {
header('location: ?');
exit;
}
break;
case 'file_del':
if ($u['access'] == 3) {
$load = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_subcat`, `name`, `file` FROM `loads` WHERE `id` = '$id'"));
if ($load['id']) {
$subcat = mysql_fetch_assoc(mysql_query("SELECT `path` FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
if (isset($_GET['ok'])) {
unlink('inc/loads/'.$subcat['path'].'/'.$load['file']);
mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
header('location: ?act=subcat&id='.$load['id_subcat']);
exit;
} else {
tp('Подтверждение');
echo 'Вы действительно хотите удалить файл "'.$load['name'].'"?<br />
<form name="form" action="?act=file_del&id='.$id.'&ok=1" method="post">
<input name="submit" type="submit" value="Yeah" />
</form>';
nav2('?act=view&id='.$load['id'], 'К файлу');
}
} else {
error('Файл не существует.');
nav('?');
}
} else {
header('location: ?');
exit;
}
break;
case 'comm':
require_once 'system/comm.php';
break;
case 'comm_add':
require_once 'system/comm_add.php';
break;
case 'comm_reply':
require_once 'system/comm_reply.php';
break;
case 'comm_edit':
require_once 'system/comm_edit.php';
break;
case 'comm_del':
require_once 'system/comm_del.php';
break;
case 'moderate':
if (!access(1)) {
redirect(HTTPHOME);
}
echo '<div class="title"><a href="?">ЗЦ</a> > Модерировать</div><div class="list">';
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `ok` = 0"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$loads_r = mysql_query("SELECT * FROM `loads` WHERE `ok` = 0 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($load = mysql_fetch_assoc($loads_r)) {
if (!isset($num) ) $num = 1;
$num++;
$row_class = (!($num % 2)) ? 'row1' : 'row2';
$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
echo '<div class="'.$row_class.'">
<a href="?act=file_edit&id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).') <a href="inc/loads/'.$subcat['path'].'/'.$load['file'].'">скачать</a>';
if ($u['access'] == 3) echo ', <a href="?act=file_del&id='.$load['id'].'">del</a>';
echo '<br />
</div>';
}
navig($page, '?act=subcat&id='.$id.'&', $pages);
} else {
echo 'Пусто.';
}
echo '</div>';
nav('?');
break;
}
require_once 'system/tail.php';
?>