Listing 3315
Submitted by anonymous user, 30 July 2010
//include_once "../SYSTEM/include/pclzip.lib.php"; //include_once "../SYSTEM/include/mp3.php"; include_once "../SYSTEM/include/functions.php"; include_once "../SYSTEM/include/mysql.php"; include_once "../SYSTEM/include/param.php"; include_once "../SYSTEM/include/ban.php"; include_once "../SYSTEM/include/sess.php"; include_once "../SYSTEM/include/ban_2.php"; include_once "../SYSTEM/include/theme.php"; $title='Добавить материал'; $mesto='В загрузках'; head(); if ( !$_GET['r'] or !is_numeric($_GET['r']) or $_GET['r']>4 or $_GET['r']<1 or $user['level']!= 4 ) { header ("Location: ".BASADIR."index.php?err=404;".SID.""); exit; } $k_links = 11; $r=$_GET['r']; switch($r)/*быстре*/{ case 1: $rN = 'Картинки'; break; case 2: $rN = 'Видео'; break; case 3: $rN = 'Игры'; break; case 4: $rN = 'Программы'; break; } echo head_text($rN); if ( is_numeric($_GET['c']) and $_GET['c']==2 ) { echo '<b><u>Всё было успешно добавлено</u></b><br />'; } if ( $_POST['name'] and $_POST['screen'] and $_POST['about'] and $_POST['name_link1'] and $_POST['link1'] and $_GET['c']==1 ) { $name = stripcslashes(htmlspecialchars($_POST['name'])); $screen = stripcslashes($_POST['screen']); $about = nl2br(stripcslashes(htmlspecialchars($_POST['about']))); // Басе64 кодируем $name = base64_encode($name); $screen = base64_encode($screen); $about = base64_encode($about); // Конец безабразию $t = mysql_query("SELECT `id` FROM `$mysql[pref]dn_files`"); $T = mysql_num_rows($t); $T++; if ( $user[level] > 3 )/*на будующее*/{ $show = 2; }else{ $show = 1; } mysql_query("INSERT INTO `$mysql[pref]dn_files` (id, r, name, screen, about, show, time, time_add) values('$T', '$r', '$name', '$screen', '$about', '$show', '$time', '$time')"); for ( $i=1;$i<$k_links;$i++ ){ if ( !empty($_POST['name_link'.$i.'']) and !empty($_POST['link'.$i.''])){ $name_link = stripcslashes(htmlspecialchars($_POST['name_link'.$i.''])); $link = stripcslashes($_POST['link'.$i.'']); $size = stripcslashes(htmlspecialchars($_POST['size'.$i.''])); // Басе64 кодируем $name_link = base64_encode($name_link); $link = base64_encode($link); $size = base64_encode($size); // Конец безабразию mysql_query("INSERT INTO `$mysql[pref]dn_links` (t, link, link_name, size) values('$T', '$link', '$name_link', '$size')"); } } header("Location: add.php?r=$r&c=2"); } echo ' <form action="add.php?r='.$r.'&c=1" method="post"> Имя: <input name="name" class="form" type="text" value="" /><br /> Путь к скрину: <input name="screen" class="form" type="text" value="http://" /><br /> Описание: <br /><textarea name="about" class="form" rows="10" cols="20" ></textarea> '; for ( $i=1;$i<$k_links;$i++ ) { echo '<br />Сcылка на файл #'.$i.':<br /> Имя: <input name="name_link'.$i.'" class="form" type="text" value="" /><br /> Ссылка: <input name="link'.$i.'" class="form" type="text" value="http://" /><br /> Размер: <input name="size'.$i.'" class="form" type="text" value="" /><br />'; if ( $i != 10 ){ echo '------------------------'; } } echo ' <input type="submit" class="form" value="Добавить" /> </form> '; echo "<center>"; if ( $user['level'] == 4 ){ echo '<a href="/dn_beta/?r='.$r.'">Отмена</a><br />'; echo "\n"; } echo "<a href=\"/\">На главную</a>\n"; echo "</center>\n"; foot();