фот функсия мода
func (+/-)
<?php
////////////////////////////////////////////////////
// Статьи //
////////////////////////////////////////////////////
// Автор: web_demon //
// Oф. сайт поддержки: http://annimon.com //
// E-mail: web_demon@mail.ru //
////////////////////////////////////////////////////
class ablogs
{
function image_tag_del($string)
{
return preg_replace('/\[(file|img)\=([^\n\&\/\"\\\\<\>\+\&\;\:]{1,200})\](.*?)\[\/\1\]/', '\3', $string);
}
function is_image_3($string)
{
$exts = array('png', 'jpg', 'gif', 'jpeg');
if(in_array(self::getextension($string),$exts))
return TRUE;
else
return FALSE;
}
function cut_extension($string)
{
$n=strrpos($string,".");
if($n)
{
$ext=substr($string,0,$n);
return $ext;
}
else
return $string;
}
function cut_filename($string,$cut = 15)
{
$ext = self::getextension($string);
$string = self::cut_extension($string);
if(mb_strlen($string) > $cut)
{
$string = mb_substr($string, 0, $cut);
$string = htmlentities($string, ENT_QUOTES, 'UTF-8').'(...)';
}
return $string.'.'.$ext;
}
function getextension($string)
{
$n=strrpos($string,".");
if($n)
{
$n=$n+1;
$ext=mb_strtolower(substr($string,$n));
return $ext;
}
else
return '';
}
public static function ablogs_com_new()
{
$old = time() - (3 * 24 * 3600);
return mysql_result(mysql_query("SELECT COUNT(*) FROM `ablogs` LEFT JOIN `ablogs_com_rdm` ON `ablogs`.`id` = `ablogs_com_rdm`.`comid` AND `ablogs_com_rdm`.`userid` = '" . core::$user_id . "' WHERE `ablogs_com_rdm`.`userid` IS NULL AND `ablogs`.`type` = 'cm' AND `ablogs`.`time` > '".$old."' ORDER BY `ablogs`.`time`;"), 0);
}
public static function ablogs_new()
{
//Счетчик новых фотографий в фотоальбомах
$old = time() - (3 * 24 * 3600);
return mysql_result(mysql_query("SELECT COUNT(*) FROM `ablogs` LEFT JOIN `ablogs_rdm` ON `ablogs`.`id` = `ablogs_rdm`.`photoid` AND `ablogs_rdm`.`userid` = '" . core::$user_id . "' WHERE `ablogs_rdm`.`userid` IS NULL AND `ablogs`.`type` = 'ph' AND `ablogs`.`realtime` > '".$old."' ORDER BY `ablogs`.`realtime`;"), 0);
}
public static function ablogs_mod()
{
if (core::$user_rights >= 6 )
return mysql_result(mysql_query('SELECT COUNT(*) FROM `ablogs_mod`;'), 0);
else '';
}
public static function ablogs_total()
{
//Счетчик фотоашльбомов для меню
global $lng_ablogs_ind;
$photos = mysql_result(mysql_query('SELECT COUNT(*) FROM `ablogs` WHERE `type` = "ph";'), 0);
$new = self::ablogs_new();
if(core::$user_id)
$com_new = self::ablogs_com_new();
$mod = self::ablogs_mod();
return $photos.($new ? ' / <span class="red"><a href="articles/?act=new">+'.$new.'</a></span>' : '').($com_new ? ' / <span style="text-color: blue"><a href="articles/?act=newcm">+'.$com_new.'</a></span>' : '').($mod ? ' / <span class="red"><a href="articles/?act=mod">'.$lng_ablogs_ind['this_mod'].' '.$mod.'</a></span>' : '');
}
function image_replace($mach)
{
global $out_fil, $home;
$item = $mach[2];
$text = $mach[3];
if($mach[1]=='file')
{
$item = trim($item);
preg_match('/\?([0-9]{0,4})x([0-9]{0,4})$/',$item,$maches);
if ($maches[0])
$item=str_replace($maches[0],'',$item);
if(!$text)
$text = $out_fil[$item]['name'];
return '<a title="'.$text.'" href="./file'.$out_fil[$item]['id'].'/'.rawurlencode($out_fil[$item]['name']).'"><img src="./img/9.png" /> '.$text.'</a>';
}
elseif($mach[1]=='img')
{
if(preg_match('/^ ([^\s]{1,}) $/',$item))
$align='none_float';
elseif(preg_match('/^ ([^\s]{1,})$/',$item))
$align='right_float';
elseif(preg_match('/^([^\s]{1,}) $/',$item))
$align='left_float';
$item = trim($item);
preg_match('/\?([0-9]{0,4})x([0-9]{0,4})$/',$item,$maches);
if ($maches[0])
{
$item=str_replace($maches[0],'',$item);
$w= $maches[1];
$h= $maches[2];
}
if($out_fil[$item])
{
if(self::is_image_3($item))
{
$maxh=250;
$maxw= 250;
$size= getimagesize('attach/'.$item.'.dat');
//определяемся с размерами
if(!$h and !$w)
{
$h = $size[1];
$w = $size[0];
if ($h>=$w and $h>= $maxh)
{
$w=$w*$maxh/$h;
$h=$maxh;
}
elseif($w>$h and $w> $maxw)
{
$h=$h*$maxw/$w;
$w=$maxh;
}
}
if($h and !$w)
{
if($h > $maxh)
{
$w=$size[0]*$maxh/$size[1];
$h=$maxh;
}
else
$w=$size[0]*$h/$size[1];
}
elseif($w and !$h)
{
if($w > $maxw)
{
$h=$size[1]*$maxw/$size[0];
$w=$maxw;
}
else
$h=$size[1]*$w/$size[0];
}
else
{
if ($h>$w and $h> $maxh)
{
$w=$w*$maxh/$h;
$h=$maxh;
}
elseif($w>$h and $w> $maxw)
{
$h=$h*$maxw/$w;
$w=$maxh;
}
}
$h=ceil($h);
$w=ceil($w);
if(file_exists('imcache/'.$item.'.'.$w.'x'.$h.'.png'))
return '<a title="'.$text.'" href="./file'.$out_fil[$item]['id'].'/'.rawurlencode($out_fil[$item]['name']).'"><img '.($align ? 'class="'.$align.'"' : '').' alt="'.$text.'" src="'.$home.'/articles/imcache/'.$item.'.'.$w.'x'.$h.'.png"/></a>';
else
return '<a alt="'.$text.'" href="./file'.$out_fil[$item]['id'].'/'.rawurlencode($out_fil[$item]['name']).'"><img '.($align ? 'class="'.$align.'"' : '').' title="'.$text.'" src="'.$home.'/articles/img.php?i='.$item.''.($w ? '&w='.$w : '').''.($h ? '&h='.$h : '').'" /></a>';
}
else
return $mach[0];
}
else
return $mach[0];
}
else
return $mach[0];
}
function download($filename = '', $data = '', $prefix = '', $attachment = TRUE)
{
if ($filename == '' OR $data == '')
return FALSE;
if (FALSE === strpos($filename, '.'))
return FALSE;
$extension = self::getextension($filename);
$mimes = array(
'hqx' => 'application/mac-binhex40',
'cpt' => 'application/mac-compactpro',
'csv' => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'),
'bin' => 'application/macbinary',
'dms' => 'application/octet-stream',
'lha' => 'application/octet-stream',
'lzh' => 'application/octet-stream',
'exe' => 'application/octet-stream',
'class' => 'application/octet-stream',
'psd' => 'application/x-photoshop',
'so' => 'application/octet-stream',
'sea' => 'application/octet-stream',
'dll' => 'application/octet-stream',
'oda' => 'application/oda',
'pdf' => array('application/pdf', 'application/x-download'),
'ai' => 'application/postscript',
'eps' => 'application/postscript',
'ps' => 'application/postscript',
'smi' => 'application/smil',
'smil' => 'application/smil',
'mif' => 'application/vnd.mif',
'xls' => array('application/excel', 'application/vnd.ms-excel', 'application/msexcel'),
'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint'),
'wbxml' => 'application/wbxml',
'wmlc' => 'application/wmlc',
'dcr' => 'application/x-director',
'dir' => 'application/x-director',
'dxr' => 'application/x-director',
'dvi' => 'application/x-dvi',
'gtar' => 'application/x-gtar',
'gz' => 'application/x-gzip',
'php' => 'application/x-httpd-php',
'php4' => 'application/x-httpd-php',
'php3' => 'application/x-httpd-php',
'phtml' => 'application/x-httpd-php',
'phps' => 'application/x-httpd-php-source',
'js' => 'application/x-javascript',
'swf' => 'application/x-shockwave-flash',
'sit' => 'application/x-stuffit',
'tar' => 'application/x-tar',
'tgz' => 'application/x-tar',
'xhtml' => 'application/xhtml+xml',
'xht' => 'application/xhtml+xml',
'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
'mid' => 'audio/midi',
'midi' => 'audio/midi',
'mpga' => 'audio/mpeg',
'mp2' => 'audio/mpeg',
'mp3' => array('audio/mpeg', 'audio/mpg'),
'aif' => 'audio/x-aiff',
'aiff' => 'audio/x-aiff',
'aifc' => 'audio/x-aiff',
'ram' => 'audio/x-pn-realaudio',
'rm' => 'audio/x-pn-realaudio',
'rpm' => 'audio/x-pn-realaudio-plugin',
'ra' => 'audio/x-realaudio',
'rv' => 'video/vnd.rn-realvideo',
'wav' => 'audio/x-wav',
'bmp' => 'image/bmp',
'gif' => 'image/gif',
'jpeg' => array('image/jpeg', 'image/pjpeg'),
'jpg' => array('image/jpeg', 'image/pjpeg'),
'jpe' => array('image/jpeg', 'image/pjpeg'),
'png' => array('image/png', 'image/x-png'),
'tiff' => 'image/tiff',
'tif' => 'image/tiff',
'css' => 'text/css',
'html' => 'text/html',
'htm' => 'text/html',
'shtml' => 'text/html',
'txt' => 'text/plain',
'text' => 'text/plain',
'log' => array('text/plain', 'text/x-log'),
'rtx' => 'text/richtext',
'rtf' => 'text/rtf',
'xml' => 'text/xml',
'xsl' => 'text/xml',
'mpeg' => 'video/mpeg',
'mpg' => 'video/mpeg',
'mpe' => 'video/mpeg',
'qt' => 'video/quicktime',
'mov' => 'video/quicktime',
'avi' => 'video/x-msvideo',
'movie' => 'video/x-sgi-movie',
'doc' => 'application/msword',
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'word' => array('application/msword', 'application/octet-stream'),
'xl' => 'application/excel',
'eml' => 'message/rfc822',
'jar' => 'application/java-archive',
'jad' => 'text/vnd.sun.j2me.app-descriptor;charset=UTF-8',
'sis' => 'application/vnd.symbian.install',
'thm' => 'application/vnd.eri.thm'
);
if ( ! isset($mimes[$extension]))
$mime = 'application/octet-stream';
else
$mime = (is_array($mimes[$extension])) ? $mimes[$extension][0] : $mimes[$extension];
if(in_array($extension,array('jpg', 'jpeg', 'gif', 'png', 'jpe')))
$is_image = 1;
if(!$attachment)
{
header('Content-Type: '.$mime);
header("Content-Length: ".strlen($data));
}
else
{
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE"))
{
header('Content-Type: '.$mime);
header('Content-Disposition: attachment; filename='.$prefix . '"'.$filename.'"');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header("Content-Transfer-Encoding: binary");
header('Pragma: public');
header("Content-Length: ".strlen($data));
}
else
{
header('Content-Type: '.$mime);
header('Content-Disposition: '.($is_image ? 'inline' : 'attachment' ).'; filename='.$prefix . '"'.$filename.'"');
header("Content-Transfer-Encoding: binary");
header('Expires: 0');
header('Pragma: no-cache');
}
}
exit($data);
}
}вот сам файл
файл (+/-)
<?php
////////////////////////////////////////////////////
// Статьи //
////////////////////////////////////////////////////
// Автор: web_demon //
// Oф. сайт поддержки: http://annimon.com //
// E-mail: web_demon@mail.ru //
////////////////////////////////////////////////////
defined('_IN_JOHNCMS') or die('Error: restricted access');
$cat=intval(abs($_POST['cat']));
require_once ('../incfiles/head.php');
if ($user_id)
{
$do=$_GET['do'];
if(isset($_POST['add_attachment']))
{
function gename($string)
{
$tr = array(
"а"=>"a","б"=>"b",
"в"=>"v","г"=>"g","д"=>"d","е"=>"e","ж"=>"j",
"з"=>"z","и"=>"i","й"=>"y","к"=>"k","л"=>"l",
"м"=>"m","н"=>"n","о"=>"o","п"=>"p","р"=>"r",
"с"=>"s","т"=>"t","у"=>"u","ф"=>"f","х"=>"h",
"ц"=>"ts","ч"=>"ch","ш"=>"sh","щ"=>"sch","ъ"=>"y",
"ы"=>"yi","ь"=>"","э"=>"e","ю"=>"yu","я"=>"ya"," "=>"_" );
$len=mb_strlen($string);
$string=str_replace(' ','_',$string);
$string=str_replace('\\','',$string);
for($i=0;$i<=$len;$i++)
{
$text=mb_substr($string,$i,1);
if (preg_match("/[0-9A-zА-я\-\_]/iu",$text))
$out .= $text;
}
$out=mb_strtolower($out);
$out=strtr($out,$tr);
return $out;
}
function cut_ext($string)
{
$n=strrpos($string,".");
$ext=substr($string,0,$n);
return $ext;
}
//прикрепление файлов
$att= intval(abs($_GET['att']));
if($att)
$total_att = mysql_result(mysql_query("SELECT COUNT(*) FROM `ablog_files` WHERE `attach` = '".$att."'"), 0);
else
$total_att=0;
if($total_att>=20)
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['max_files'].'';
echo '</div><div class="phdr"><form action="./?act=load&do=save'.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
$file=$_FILES['file']['name'];
if($file)
{
if(ceil($_FILES['file']['size']/1024) < $set['flsz'])
{
$ext=mb_strtolower(ablogs::getextension($file));
if($ext)
{
$filename=gename(cut_ext($file));
if(file_exists('attach/'.$filename.'.'.$ext.'.dat'))
{
$num= file_get_contents('cache/count.dat')+1;
$filename=$filename.'_'.$num;
file_put_contents('cache/count.dat',$num, LOCK_EX);
}
move_uploaded_file($_FILES['file']['tmp_name'], 'attach/'.$filename.'.'.$ext.'.dat');
$at_num=intval(abs($_GET['att']));
if (!$at_num)
$at_num= file_get_contents('cache/post_count.dat')+1;
file_put_contents('cache/post_count.dat',$at_num, LOCK_EX);
mysql_query('INSERT INTO `ablog_files` SET
`attach` = "'.$at_num.'",
`time` = "'.time().'",
`filename` = "'.mysql_real_escape_string($filename.'.'.$ext).'",
`name` = "'.mysql_real_escape_string(htmlentities($file, ENT_QUOTES, 'UTF-8')).'",
`count` = "0"');
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['file_added'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.'&att='.$at_num.'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['continue'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="rmenu"><b>'.$lng_ablogs['error'].'</b> '.$lng_ablogs['file_denied'].'</div>';
echo '<div class="menu">'.$lng_ablogs['file_dhave_ext'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="rmenu"><b>'.$lng_ablogs['error'].'</b> '.$lng_ablogs['too_big_file'].'</div>';
echo '<div class="menu">'.$lng_ablogs['file_big_mess_one'].' '.$set['flsz'].' '.$lng_ablogs['file_big_mess_two'].' ';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
}
else
{
require_once ("../incfiles/head.php");
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['nothing_ch'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
exit();
}
elseif($_POST['del_attachment'])
{
$file_del = $_POST['del_attachment'];
$file_del = intval(abs(implode('',array_flip($file_del))));
if ($file_del)
{
$req_file = mysql_query("SELECT * FROM `ablog_files` WHERE `id` = '".$file_del."' LIMIT 1");
if (mysql_num_rows($req_file))
{
$fd = mysql_fetch_assoc($req_file);
if ($fd['post']==0)
{
mysql_query("DELETE FROM `ablog_files` WHERE `id` = '".$file_del."' LIMIT 1");
if(file_exists('./attach/' . $fd['filename'].'.dat'))
unlink('./attach/' . $fd['filename'].'.dat');
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['file_del_one'].' '.$fd['name'].'('.$fd['filename'].') '.$lng_ablogs['file_del_two'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['file_of_an_post'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['this_del_file_nexists'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['file_att'].'</div>';
echo '<div class="menu">'.$lng_ablogs['this_del_file_nexists'].'';
echo '</div><div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
require_once ('../incfiles/end.php');
exit();
}
exit();
}
elseif($do=='save')
{
$cat=intval(abs($_POST['cat']));
if ($cat)
{
$raz1 = mysql_query('SELECT * FROM `ablogs` where `type` = "al" AND `id`= "'.$cat.'" LIMIT 1;');
if(mysql_num_rows($raz1))
{
$raz = mysql_fetch_assoc($raz1);
$codetxt = trim($_POST['codetext']);
$code_name = trim($_POST['name']);
if($codetxt)
{
if($ban['1'] or $ban['10'])
{
echo '<div class="menu">'.$lng_ablogs['banned'].'<br/><a href="./">'.$lng_ablogs['back'].'</a></div>';
echo '<div class="phdr"> </div>';
require_once ("../incfiles/end.php");
exit;
}
$size = mb_strlen($codetxt);
if($size < $kode_max)
{
if (mb_strlen($code_name) < $name_max and $code_name)
{
if ($rights >= 6)
{
mysql_query('INSERT INTO `ablogs` SET
`catid` = "'.$cat.'",
`type` = "ph",
`userid` = "'.$user_id.'",
`autor` = "'.$datauser['name'].'",
`name` = "'.mysql_real_escape_string(htmlentities($code_name, ENT_QUOTES, 'UTF-8')).'",
`text` = "'.mysql_real_escape_string($codetxt).'",
`subtext` = "'.mysql_real_escape_string(trim($_POST['text'])).'",
`time` = "'.time().'",
`realtime` = "'.time().'",
`view` = "0"');
$postid = mysql_insert_id();
$att_id=intval(abs($_GET['att']));
if ($att_id)
mysql_query('UPDATE `ablog_files` SET `post` = "'.$postid.'" WHERE `attach` = "'.$att_id.'" AND `post` = "0"');
mysql_query("UPDATE `ablogs` SET `time` = '".time()."' WHERE `id` = '".$cat."' LIMIT 1");
mysql_query("INSERT INTO `ablogs_com_rdm` SET `comid` = '0', `photoid` = '".$postid."', `userid` = '0', `time` = '0';");
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ablogs_rdm` WHERE `photoid` = '".$postid."' AND `userid` = '".$user_id."'"), 0)==0)
mysql_query("INSERT INTO `ablogs_rdm` SET `photoid` = '".$postid."', `userid` = '".$user_id."', `time` = '".time()."'");
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<div class="menu">'.$lng_ablogs['article_added'].'<br/><a href="./?act=album&id='.$cat.'">'.$lng_ablogs['continue'].'</a></div>';
echo '<div class="phdr"> </div>';
}
else
{
mysql_query('INSERT INTO `ablogs_mod` SET
`catid` = "'.$cat.'",
`type` = "ph",
`userid` = "'.$user_id.'",
`autor` = "'.$datauser['name'].'",
`name` = "'.mysql_real_escape_string(htmlentities($code_name, ENT_QUOTES, 'UTF-8')).'",
`text` = "'.mysql_real_escape_string($codetxt).'",
`subtext` = "'.mysql_real_escape_string(trim($_POST['text'])).'",
`time` = "'.time().'",
`realtime` = "'.time().'",
`view` = "0"');
$postid = mysql_insert_id();
$att_id=intval(abs($_GET['att']));
if ($att_id)
mysql_query('UPDATE `ablog_files` SET `atmod` = "'.$postid.'" WHERE `attach` = "'.$att_id.'" AND `post` = "0"');
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<div class="menu">'.$lng_ablogs['article_on_mod'].'<br/><a href="./">'.$lng_ablogs['continue'].'</a></div>';
echo '<div class="phdr"> </div>';
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | </div>';
echo '<div class="menu">'.$lng_ablogs['err_name_one'].' '.$name_max.' '.$lng_ablogs['err_name_two'].'</div>';
echo '<div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="hidden" name="text" value="'.base64_encode($_POST['text']).'" /><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | </div>';
echo '<div class="menu">'.$lng_ablogs['stat_too_long_one'].' '.$kode_max.' '.$lng_ablogs['stat_too_long_two'].'</div>';
echo '<div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="hidden" name="text" value="'.base64_encode($_POST['text']).'" /><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<div class="menu">'.$lng_ablogs['no_body'].'</div>';
echo '<div class="phdr"><form action="./?act=load&id='.$cat.''.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="hidden" name="text" value="'.base64_encode($_POST['text']).'" /><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<div class="menu">'.$lng_ablogs['cat_no_ch'].'</div>';
echo '<div class="phdr"><form action="./?act=load'.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post"><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="hidden" name="text" value="'.base64_encode($_POST['text']).'" /><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
}
}
else
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<div class="menu">'.$lng_ablogs['cat_no_ch'].'</div>';
echo '<div class="phdr"><form action="./?act=load" method="post"><input type="hidden" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'" /><input type="hidden" name="text" value="'.base64_encode($_POST['text']).'" /><input type="hidden" name="codetext" value="'.base64_encode($_POST['codetext']).'" /><input type="submit" value="'.$lng_ablogs['back'].'"/></form></div>';
}
}
else
{
if($ban['1'] or $ban['10'])
{
echo '<div class="menu">'.$lng_ablogs['banned'].'<br/><a href="./">'.$lng_ablogs['back'].'</a></div>';
echo '<div class="phdr"> </div>';
require_once ("../incfiles/end.php");
exit;
}
$raz1 = mysql_query('SELECT * FROM `ablogs` where `type` = "al" order by time;');
if(mysql_num_rows($raz1))
{
echo '<div class="phdr"><a href="./">'.$lng_ablogs['articles'].'</a> | '.$lng_ablogs['new_article'].'</div>';
echo '<form name="mess" action="./?act=load&do=save'.($_GET['att'] ? '&att='.intval(abs($_GET['att'])) : '').'" method="post" enctype="multipart/form-data">';
if ($rights < 6)
{
echo '<div class="topmenu"> '.$lng_ablogs['add_after_mod'].'</div>';
}
echo '<div class="gmenu">'.$lng_ablogs['this_cat'].'<br/><select name="cat">';
while($raz = mysql_fetch_array($raz1))
{
echo '<option value="'.$raz['id'].'" '.($raz['id']==$id ? 'selected="selected"' : '' ).'>'.(mb_strlen($raz['text']) > 25 ? htmlentities(mb_substr($raz['text'],0,25), ENT_QUOTES, 'UTF-8').'...' : htmlentities($raz['text'], ENT_QUOTES, 'UTF-8')).'</option>';
}
echo '</select></div>';
echo '<div class="menu">';
echo ''.$lng_ablogs['ar_name'].' ('.$lng_ablogs['max_symb_one'].' '.$name_max.' '.$lng_ablogs['max_symb_two'].')<br/><input type="text" name="name" value="'.htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8').'"/>';
echo '</div>';
echo '<div class="menu">';
echo ''.$lng_ablogs['text'].' ('.$lng_ablogs['max_symb_one'].' '.$kode_max.' '.$lng_ablogs['max_symb_two'].'):<br/>'.bbcode::auto_bb('mess', 'codetext').'<textarea name="codetext" cols="30" rows="12">'.htmlentities(base64_decode($_POST['codetext']), ENT_QUOTES, 'UTF-8').'</textarea><br/>';
echo '</div>';
$att=intval(abs($_GET['att']));
if($att)
{
$at1 = mysql_query('SELECT * FROM `ablog_files` WHERE `attach` = "'.$att.'"');
if (mysql_num_rows($at1))
{
echo '<div class="gmenu">';
echo '<b>'.$lng_ablogs['att_files'].'</b><br/>';
while ($at = mysql_fetch_assoc($at1))
{
$ext=ablogs::getextension($at['name']);
echo ((file_exists('./ext/'.$ext.'.png') ? '<img src="./ext/'.$ext.'.png" />' : '<img src="./img/9.png" />')).' <a href="./file'.$at['id'].'/'.rawurlencode($at['name']).'">'.ablogs::cut_filename($at['name']).'</a> | <a class="edittext_4" href="javascript:tag(\'\', \' ['.(ablogs::is_image_3($at['filename']) ? 'img' : 'file').'='.$at['filename'].']'.$at['name'].'[\/'.(ablogs::is_image_3($at['filename']) ? 'img' : 'file').'] \')">'.$lng_ablogs['put_dick_in_vagina'].'</a> <input type="submit" name="del_attachment['.$at['id'].']" value="'.$lng_ablogs['delete'].'"/><br/>';
}
echo '</div>';
}
}
if($att)
$total_att = mysql_result(mysql_query("SELECT COUNT(*) FROM `ablog_files` WHERE `attach` = '".$att."'"), 0);
else
$total_att=0;
if($total_att<20)
{
echo '<div class="gmenu">'.$lng_ablogs['att_file'].'<br/>';
echo '<input type="file" name="file" /> ';
echo '<input type="submit" name="add_attachment" value="'.$lng_ablogs['attach'].'"/>';
echo '</div>';
}
echo '<div class="phdr"><input type="submit" value="'.$lng_ablogs['add_article'].'" /></div>';
echo '</form>';
}
else
{
echo '<div class="phdr">'.$lng_ablogs['articles'].'</div>';
echo '<div class="menu">'.$lng_ablogs['no_cats'].'<br/><a href="./">'.$lng_ablogs['back'].'</a></div>';
echo '<div class="phdr"> </div>';
}
}
}
else
{
echo '<div class="phdr">'.$lng_ablogs['articles'].'</div>';
echo '<div class="menu">'.$lng_ablogs['only_reg_users'].'<br/><a href="./">'.$lng_ablogs['back'].'</a></div>';
echo '<div class="phdr"> </div>';
}
require_once ('../incfiles/end.php');исправьте кто может
