View file loads.php

File size: 19.47Kb
<?php
// by Mike O. (mides), coolcms.mobi

$title = 'ЗЦ';
require_once 'system/sys.php';
require_once 'system/header.php';

$type = 'loads';

switch ($act) {
    default:
        tp($lang['downloads']);
        $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `time` > '".(time()-86400)."' and `ok` = 1"), 0);
        if ($total > 0) {
            echo '<b><a href="?act=newfiles">'.$lang['newfiles'].'</a> ('.$total.')</b><br /><br />';
        } else {
            echo '<a href="?act=newfiles">'.$lang['newfiles'].'</a> ('.$total.')<br /><br />';
        }
        $cats_r = mysql_query("SELECT `id`, `name` FROM `loads_cats` ORDER BY `name`");
        if (mysql_num_rows($cats_r)) {
                while ($cat = mysql_fetch_assoc($cats_r)) {
                        $loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_cat` = '$cat[id]' and `ok` = 1"), 0);
                        echo '<a href="?act=cat&amp;id='.$cat['id'].'">'.$cat['name'].'</a> ('.$loads.')<br />';
                }
        } else {
                echo 'Разделы не созданы.<br />';
        }
        if ($u['id']) {
                echo '<br /><a href="?act=file_add">Добавить файл</a>';
        }
        if ($u['access'] > 1) {
                echo '<br /><a href="?act=moderate">Модерировать</a>';
        }
        nav_main();
    break;
        
    case 'newfiles':
        echo '<div class="title"><a href="?">'.$lang['dl'].'</a> &gt; '.$lang['newfiles'].'</div><div class="list">';
        $total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `time` > '".(time()-86400)."' and `ok` = 1"), 0);
        if ($total > 0) {
            $pages = ceil($total / $config['onpage']);
            if ($page > $pages or $page == 0) {
                $page = 1;
            }
            $begin = ($page - 1) * $config['onpage'];

            $loads_r = mysql_query("SELECT * FROM `loads` WHERE `time` > '".(time()-86400)."'  and `ok` = 1 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
            while ($load = mysql_fetch_assoc($loads_r)) {
                if (!isset($num) ) $num = 1;  
                $num++;
                $row_class = (!($num % 2)) ? 'row1' : 'row2';	
                $comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);

                $subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));

                echo '<div class="'.$row_class.'">
                <a href="?act=view&amp;id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')';
                if ($u['access'] > 1) echo ' <a href="?act=file_edit&amp;id='.$load['id'].'">ред</a>';
                if ($u['access'] == 3) echo '/<a href="?act=file_del&amp;id='.$load['id'].'">уд</a>';
                echo '<br />
                '.$lang['comments'].': '.$comm.'<br />
                '.$lang['added_by'].': '.login($load['id_user']).' ('.ccdate($load['time'], 0).')
                </div>';
            }
            navig($page, '?act=newfiles&amp;', $pages);
        } else {
            echo $lang['nothing_yet'];
        }
        nav('?');	
    break;       
	
    case 'cat':
		$cat = mysql_fetch_assoc(mysql_query("SELECT `name` FROM `loads_cats` WHERE `id` = '$id'"));
		if ($cat['name']) {
			tp('<a href="?">ЗЦ</a> &gt; '.$cat['name']);
			$subcats_r = mysql_query("SELECT `id`, `name` FROM `loads_subcats` WHERE `id_cat` = '$id' ORDER BY `name`");
			if (mysql_num_rows($subcats_r)) {
				while ($subcat = mysql_fetch_assoc($subcats_r)) {
					$loads = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$subcat[id]' and `ok` = 1"), 0);
					echo '<a href="?act=subcat&amp;id='.$subcat['id'].'">'.$subcat['name'].'</a> ('.$loads;
					if (access(3)) {
						echo ', <a href="?act=subcat_update&amp;id='.$subcat['id'].'">обн</a>';
					}
					echo ')<br />';
				}
			} else {
				echo 'Подразделы не созданы.';
			}
		} else {
			error('Выбранный раздел не существует.');
		}
		nav2('?', 'Загрузки');
	break;
			
	case 'subcat':
		$subcat = mysql_fetch_assoc(mysql_query("SELECT `id_cat`, `name` FROM `loads_subcats` WHERE `id` = '$id'"));
		if ($subcat['name']) {
			$cat = mysql_fetch_assoc(mysql_query("SELECT `id`, `name` FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
			echo '<div class="title"><a href="?">ЗЦ</a> &gt; <a href="?act=cat&amp;id='.$cat['id'].'">'.$cat['name'].'</a> &gt; '.$subcat['name'].'</div><div class="list">';
			$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `id_subcat` = '$id' and `ok` = 1"), 0);
			if ($total > 0) {
				$pages = ceil($total / $config['onpage']);
				if ($page > $pages or $page == 0) {
					$page = 1;
				}
				$begin = ($page - 1) * $config['onpage'];
			
				$loads_r = mysql_query("SELECT * FROM `loads` WHERE `id_subcat` = '$id'  and `ok` = 1 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
				while ($load = mysql_fetch_assoc($loads_r)) {
					if (!isset($num) ) $num = 1;  
					$num++;
					$row_class = (!($num % 2)) ? 'row1' : 'row2';	
					$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
					
					$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));

					echo '<div class="'.$row_class.'">
					<a href="?act=view&amp;id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')';
					if ($u['access'] > 1) echo ' <a href="?act=file_edit&amp;id='.$load['id'].'">ред</a>';
					if ($u['access'] == 3) echo '/<a href="?act=file_del&amp;id='.$load['id'].'">уд</a>';
					echo '<br />
					Комментарий: '.$comm.'<br />
					</div>';
				}
				navig($page, '?act=subcat&amp;id='.$id.'&amp;', $pages);
			} else {
				echo 'Пусто.';
			}
			nav2('?act=cat&amp;id='.$subcat['id_cat'], $cat['name']);
		} else {
			error('Выбранный подраздел не существует.');
			nav_main();
		}				
	break;
	
	case 'subcat_update':
		$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$id'");
		$subcat = mysql_fetch_assoc($subcat_r);
		
		tp('Обновление подраздела "'.$subcat['name'].'"');

		$ftpfiles = glob('inc/loads/'.$subcat['path'].'/*', GLOB_NOSORT);
		foreach ($ftpfiles as $ftpfile) {
			$file = basename($ftpfile);
			if (!mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `id_subcat` = '$id' and `file` = '$file'"))) {
				mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$id', `id_user` = '$u[id]', `name` = '$file', `file` = '$file', `time` = '".TIME."', `ok` = 1");
				echo 'Файл <u>'.$file.'</u> добавлен.<br />';
			}
		}
		nav('?act=cat&amp;id='.$subcat['id_cat']);
	break;
	
	case 'view':
		$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id' and `ok` = 1"));
		if ($load['id']) {
			tp($load['name']);
			if ($load['desc']) echo bb($load['desc']).'<br />';
			if ($load['author']) echo '<br />Автор файла: '.$load['author'];
			if ($load['site'] and $load['author']) {
				echo ' (<a href="http://'.$load['site'].'">http://'.$load['site'].'</a>)';
			} elseif ($load['site']) {
				echo '<br>Сайт: <a href="http://'.$load['site'].'">http://'.$load['site'].'</a>';
			}
			echo '<br />';
			echo 'Добавлено: <a href="profile.php?id='.$load['id_user'].'">'.login($load['id_user']).'</a> ('.date('d.m.y, H:i', $load['time']).')<br /><br />';
			
			$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));

			$comm = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads_comm` WHERE `id_loads` = '$load[id]'"), 0);
			echo '<a href="inc/loads/'.$subcat['path'].'/'.$load['file'].'">Скачать</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).')<br />
			<a href="?act=comm&amp;id='.$load['id'].'">Комментарии</a> ('.$comm.')<br /><br />';
			
			
			if ($u['id']) echo 'Скопировать адрес:<br /><input name="file" type="text" value="'.HTTPHOME.'/inc/loads/'.$subcat['path'].'/'.$load['file'].'" /><br />';
			echo 'BB-код для форума:<br /><input name="bb_code" type="text" value="[url='.HTTPHOME.'/loads.php?act=view&amp;id='.$load['id'].']'.$load['name'].'[/url]" /><br />';
			
			if ($u['access'] > 1) echo '<br />- <a href="?act=file_edit&amp;id='.$load['id'].'">Редактировать</a><br />';
			if ($u['access'] == 3) echo '- <a href="?act=file_del&amp;id='.$load['id'].'">Удалить</a><br />';
			
			
			nav2('?act=subcat&amp;id='.$load['id_subcat'], $subcat['name']);
		} else {
			error('Выбранный файл не существует.');
			nav('?');
		}
	break;
	
	case 'file_add':
		if ($ok) {
			function getext($filename) {
				return end(explode(".", $filename));
			}
			$current_ext = getext(basename($_FILES['file']['name']));
			$allowed_ext = explode('|', $config['allowed_ext']); 
			if (!in_array($current_ext, $allowed_ext)) { 
				error('Запрещенный формат файла.');
				nav('?act=file_add');
				break;
			}
		
			if (empty($_POST['subcat'])) {
				error('Не выбран подраздел.');
				nav('?act=file_add');
				break;
			}
			
			if (empty($_POST['name'])) {
				error('Не указано название.');
				nav('?act=file_add');
				break;
			}
			
			if (empty($_FILES['file']['name'])) {
				error('Не выбран файл.');
				nav('?act=file_add');
				break;
			}
			
			$subcat_id = abs(intval($_POST['subcat']));
			$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$subcat_id'"));
			if (!isset($subcat['id'])) {
				error('Выбранный подраздел не существует.');
				nav('?act=file_add');
				break;
			}
			
			$file = $u['id'].'_'.check(basename($_FILES['file']['name']));
			if (mysql_num_rows(mysql_query("SELECT `id` FROM `loads` WHERE `file` = '$file'"))) {
				error('Такой файл уже есть в ЗЦ.');
				nav('?act=file_add');
				break;
			}
			
			$name = check($_POST['name']);
			$desc = check($_POST['desc']);
			$author = check($_POST['author']);
			$site = check($_POST['site']);
			
			copy($_FILES['file']['tmp_name'], 'inc/loads/'.$subcat['path'].'/'.$file);
			mysql_query("INSERT INTO `loads` SET `id_cat` = '$subcat[id_cat]', `id_subcat` = '$subcat[id]', `id_user` = '$u[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `file` = '$file', `time` = '".time()."'");
			$adm_r = mysql_query("SELECT `id` FROM `users` WHERE `access` > 1");
			while ($adm = mysql_fetch_assoc($adm_r)) {
				sendpm($adm['id'], 'Появился новый файл в ЗЦ. <a href="loads.php?act=moderate">Проверьте</a>.');
			}
			info('Файл загружен. После модерации он появится в ЗЦ. Вы будете уведомлены.');
			nav('?');
		} else {
			tp('Добавить файл');
			echo '<form name="form" action="?act=file_add&amp;ok=1" method="post" enctype="multipart/form-data" name="form">
			Выберите <b>подраздел</b>*:<br /><select name="subcat">';			
			$cat_r = mysql_query("SELECT * FROM `loads_cats` ORDER BY `name`");
			while ($cat = mysql_fetch_assoc($cat_r)) {
				echo '<option value="0">'.$cat['name'].'</option>';
				$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id_cat` = '$cat[id]' ORDER BY `name`");
				while ($subcat = mysql_fetch_assoc($subcat_r)) {
					echo '<option value="'.$subcat['id'].'">-- '.$subcat['name'].'</option>';
				}
			}
			echo '</select><br />
			Название(max50)*:<br /><input name="name" type="text" maxlength="50" /><br />
			Описание:<br /><textarea name="desc" cols="" rows="4"></textarea><br />
			Автор(max20):<br /><input name="author" type="text" maxlength="20" /><br />
			Сайт(<del>http://</del>, max20):<br /><input name="site" type="text" maxlength="20" /><br />
			Выбрать файл*:<br /><input name="file" type="file" size="file" /><br />
			<input name="submit" type="submit" value="Ok" />
			</form>';
			nav('?');
		}
	break;
	
	case 'file_edit':
		if ($u['access'] > 1) {
			$load = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads` WHERE `id` = '$id'"));
			if ($load['id']) {
				if (isset($_GET['ok'])) {
					if ($_POST['name']) {
						$scat_current = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
						if (empty($_POST['action'])){
							unlink('inc/loads/'.$scat_current['path'].'/'.$load['file']);
							mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
							mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
							header('location: ?act=subcat&id='.$load['id_subcat']);
						} else {
							$scat_new_id = abs(intval($_POST['subcat']));
							$scat_new = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$scat_new_id'"));
							$name = check($_POST['name']);
							$desc = check($_POST['desc']);
							$author = check($_POST['author']);
							$site = check($_POST['site']);
							
							if ($scat_new_id != $scat_current['id']) {
								$rename = rename('inc/loads/'.$scat_current['path'].'/'.$load['file'], 'inc/loads/'.$scat_new['path'].'/'.$load['file']);
								if ($rename == FALSE) {
									error('Не получилось переместить файл. Возможно папка, в которую хотите переместить файл, не существует  или права доступа не позволяют делать запись.');
									nav('?act=file_edit&amp;id='.$id);
									break;
								}
							}
							
							mysql_query("UPDATE `loads` SET `id_cat` = '$scat_new[id_cat]', `id_subcat` = '$scat_new[id]', `name` = '$name', `desc` = '$desc', `author` = '$author', `site` = '$site', `ok` = 1 WHERE `id` = '$id'");
							if (empty($load['ok'])) {
								sendpm($load['id_user'], 'Ваш файл <b><a href="loads.php?act=view&amp;id='.$load['id'].'">'.$load['name'].'</a></b> был успешно промодерирован.');
							}
							header('location: ?act=view&id='.$id);
						}
					} else {
						header('location: ?act=file_edit&id='.$id);
					}
				} else {
					tp('Редактирование инфо о файле');
					echo 'Находится в:<br />
					<form name="form" action="?act=file_edit&amp;id='.$id.'&amp;ok=1" method="post">
					<select name="subcat">';
					$subcat_r1 = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'");
					$subcat1 = mysql_fetch_assoc($subcat_r1);
					$cat1 = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat1[id_cat]'"));
					echo '<option value="'.$subcat1['id'].'">'.$cat1['name'].' &gt; '.$subcat1['name'].'</option>';

					$subcat_r = mysql_query("SELECT * FROM `loads_subcats` WHERE `id` != '$load[id_subcat]' ORDER BY `id_cat`, `name`");
					while ($subcat = mysql_fetch_assoc($subcat_r)) {
						$cat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_cats` WHERE `id` = '$subcat[id_cat]'"));
						echo '<option value="'.$subcat['id'].'">'.$cat['name'].' &gt; '.$subcat['name'].'</option>';
					}
					echo '</select><br />
					Название(max50):<br /><input name="name" type="text" maxlength="50" value="'.$load['name'].'" /><br />
					Описание:<br /> '.bbpanel('form', 'text').'<textarea name="desc" cols="" rows="3">'.$load['desc'].'</textarea><br />
					Автор(max20):<br /><input name="author" type="text" maxlength="20" value="'.$load['author'].'" /><br />
					Сайт(max20):<br /><input name="site" type="text" maxlength="20" value="'.$load['site'].'" /><br />
					Действие:<br />
					<select name="action">';
					if (empty($load['ok'])) {
						echo '<option value="1">Ред-ть, добавить в ЗЦ</option>';
					} else {
						echo '<option value="1">Ред-ть</option>';
					}
					echo '<option value="0">Удалить</option>
					</select><br />
					<input name="submit" type="submit" value="Ok" />
					</form>';
					nav('?act=view&amp;id='.$id);
				}
			} else {
				error('Файл не существует.');
				nav('?');
			}
		} else {
			header('location: ?');
			exit;
		}
	break;
	
	case 'file_del':
		if ($u['access'] == 3) {
			$load = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_subcat`, `name`, `file` FROM `loads` WHERE `id` = '$id'"));
			if ($load['id']) {
				$subcat = mysql_fetch_assoc(mysql_query("SELECT `path` FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));
				if (isset($_GET['ok'])) {
					unlink('inc/loads/'.$subcat['path'].'/'.$load['file']);
					mysql_query("DELETE FROM `loads` WHERE `id` = '$load[id]'");
					mysql_query("DELETE FROM `loads_comm` WHERE `id_loads` = '$load[id]'");
					header('location: ?act=subcat&id='.$load['id_subcat']);
					exit;
				} else {
					tp('Подтверждение');
					echo 'Вы действительно хотите удалить файл "'.$load['name'].'"?<br />
					<form name="form" action="?act=file_del&amp;id='.$id.'&amp;ok=1" method="post">
					<input name="submit" type="submit" value="Yeah" />
					</form>';
					nav2('?act=view&amp;id='.$load['id'], 'К файлу');
				}
			} else {
				error('Файл не существует.');
				nav('?');
			}
		} else {
			header('location: ?');
			exit;
		}
	break;

	case 'comm':
		require_once 'system/comm.php';
	break;

	case 'comm_add':
		require_once 'system/comm_add.php';
	break;
	
	case 'comm_reply':
		require_once 'system/comm_reply.php';
	break;
	
	case 'comm_edit':
		require_once 'system/comm_edit.php';
	break;
	
	case 'comm_del':
		require_once 'system/comm_del.php';
	break;

	case 'moderate':
		if (!access(1)) {
			redirect(HTTPHOME);
		}
		echo '<div class="title"><a href="?">ЗЦ</a> &gt; Модерировать</div><div class="list">';
		$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `loads` WHERE `ok` = 0"), 0);
		if ($total > 0) {
			$pages = ceil($total / $config['onpage']);
			if ($page > $pages or $page == 0) {
				$page = 1;
			}
			$begin = ($page - 1) * $config['onpage'];
		
			$loads_r = mysql_query("SELECT * FROM `loads` WHERE `ok` = 0 ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
			while ($load = mysql_fetch_assoc($loads_r)) {
				if (!isset($num) ) $num = 1;  
				$num++;
				$row_class = (!($num % 2)) ? 'row1' : 'row2';	
				
				$subcat = mysql_fetch_assoc(mysql_query("SELECT * FROM `loads_subcats` WHERE `id` = '$load[id_subcat]'"));

				echo '<div class="'.$row_class.'">
				<a href="?act=file_edit&amp;id='.$load['id'].'">'.$load['name'].'</a> ('.size(filesize('inc/loads/'.$subcat['path'].'/'.$load['file'])).') <a href="inc/loads/'.$subcat['path'].'/'.$load['file'].'">скачать</a>';
				if ($u['access'] == 3) echo ', <a href="?act=file_del&amp;id='.$load['id'].'">del</a>';
				echo '<br />
				</div>';
			}
			navig($page, '?act=subcat&amp;id='.$id.'&amp;', $pages);
		} else {
			echo 'Пусто.';
		}
		echo '</div>';
		nav('?');
	break;
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
}

require_once 'system/tail.php';
?>