Файл: modules/plugin/complate.php
Строк: 56
<?php
/*
*
* @author (Макс) Freedom <by_freedom@bk.ru>
* ICQ 286-0-666
*
*/
$id = isset($_GET['id']) ? abs((int)$_GET['id']) : false;
if (empty($id)) {
header ('location: /');
exit;
}
$query = DB::$dbs->query("SELECT * FROM `files` WHERE `id`= ? LIMIT 1", array($id));
if ($query -> rowCount () == 0) {
header ('location: /');
die();
}
$a = $query->fetch();
func::head($lang['complate_file'].' '.$a['name']);
echo '<div class="container">';
if (!empty($a['pass']) && empty($_SESSION["password$id"])) {
$_SESSION['password'] = '';
if (isset($_POST['ok'])) {
$pass = func::check($_POST['pass']);
if (empty($pass) OR $a['pass'] != sha1($pass.'freed')) {
func::err($lang['pass_enter'].'!');
} else {
$_SESSION["password$id"] = sha1($pass.'freed');
header('location: /'.$id);
die();
}
}
echo '<form role="form" action="/'.$id.'" method="POST"><label class="control-label">'.$lang['pass'].':</label><input type="text" name="pass" class="form-control"/><button type="submit" name="ok" class="btn btn-success">'.$lang['go'].'</button></form>';
func::foot();
die();
}
if (isset($_POST['add'])) {
$text = func::check($_POST['text']);
$kod = abs((int)$_POST['kod']);
if (empty($text)) {
func::err('Error...');
} elseif (empty($kod) OR $_SESSION['code'] != $kod) {
func::err('Error...');
unset($_SESSION['code']);
} elseif (DB::$dbs->querySingle("SELECT COUNT(id) FROM complate WHERE ip = ?", array($ip)) > 1) {
func::err('Error...');
} else {
DB::$dbs->query("INSERT INTO `complate` SET `ip` = ?, `text` = ?, `fid` = ?, `date` = ?, `read` = ?", array($ip,$text,$id,time(),1));
func::msg($lang['comp_send']);
}
}
$_SESSION['code'] = mt_rand(10000,99999);
echo '<div class="list-group"><div class="list-group-item"><form role="form" action="?id='.$id.'" method="POST"><div class="form-group"><label class="control-label">'.$lang['comm'].':</label></div><div class="form-group"><textarea name="text" class="form-control" rows="3"></textarea></div><div class="form-group"><label class="control-label">'.$lang['code'].': <b>'.$_SESSION['code'].'</b></label><input type="text" name="kod" class="form-control"/></div><button type="submit" name="add" class="btn btn-success">'.$lang['go'].'</button></form></div></div>';
echo '</div>';
func::foot();
?>