<?php
/*****************************************************************
* Spacemarc News
* Version: 1.2.0
* Author and copyright (C): Marcello Vitagliano
* Web site: http://www.spacemarc.it
* License: GNU General Public License
*
* This program is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation, either version 3
* of the License, or (at your option) any later version.
*
* Current file: files.php
*****************************************************************/
session_start();
define('IN_NEWS', true);
//includo i file di configurazione
require_once (dirname(__FILE__) . '/../config.php');
require_once (dirname(__FILE__) . '/functions.php');
require_once (dirname(__FILE__) . '/../lang/lang.php');
$db = mysql_connect($db_host, $db_user, $db_password) or die("Impossibile connettersi a MySQL<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
mysql_select_db($db_name, $db) or die("Impossibile selezionare il database $db_name<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
check_login();
if (isset($_GET['user_id']) && preg_match('/^[0-9]{1,4}$/', $_GET['user_id'])) {
$get_dir = intval($_GET['user_id']);
$checkid = mysql_query("SELECT user_id, nome_cognome FROM $tab_utenti WHERE user_id=$get_dir LIMIT 1");
$rigaid = mysql_fetch_assoc($checkid);
if (mysql_num_rows($checkid) == 0) {
die("Non ci sono file inviati dall'utente user_id $get_dir");
}
if ($_SESSION['livello_id'] != 1 && $get_dir != $_SESSION['user_id'] && $rigaid['user_id'] != $_SESSION['user_id']) {
die("Puoi visualizzare solo i tuoi file");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>File inviati
</title>
<link rel="stylesheet" href="../style.css" type="text/css" />
<script language="JavaScript" src="../javascript.js" type="text/JavaScript"></script>
</head>
<body>
<div align="center">
<?php
$dir = "../$file_dir/$get_dir";
$id_file = 0;
echo "<span class=\"text\"><b>" . $lang['file_inviati'] . " " . $rigaid['nome_cognome'] . "</b></span><br /><br />";
echo "<form method=\"post\" action=\"files.php?user_id=$get_dir\" name=\"admin\">";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"1\" width=\"550\">";
echo "<tr><td> </td>";
echo "<td class=\"text\" align=\"center\">ID news*</td>";
echo "<td class=\"text\" align=\"center\">Nome file</td>";
echo "<td class=\"text\" align=\"center\">Size</td>";
echo "<td class=\"text\" align=\"center\">Data di invio</td></tr>";
foreach(glob("$dir/*.*") as $filename) {
if ($filename == '.' || $filename == '..' || basename($filename) == 'index.html') continue;
++$id_file;
$nome = basename($filename);
$dimensione = round(filesize($filename) / 1024, 1);
//icone estensione file
$estensione_file = pathinfo($filename);
switch ($estensione_file['extension']) {
case 'gif':
$icon_file = "<img src=\"$img_path/icon_gif.gif\" alt=\"gif\" />";
break;
case 'jpg':
$icon_file = "<img src=\"$img_path/icon_jpg.gif\" alt=\"jpg\" />";
break;
case 'zip':
$icon_file = "<img src=\"$img_path/icon_zip.gif\" alt=\"zip\" />";
break;
case 'pdf':
$icon_file = "<img src=\"$img_path/pdf.gif\" alt=\"pdf\" />";
break;
}
//vedo in quali news sono presenti i files
$file_news = mysql_query("SELECT id FROM $tab_news WHERE testo LIKE '%$nome%'");
$riga = mysql_fetch_array($file_news);
echo "<tr><td align=\"center\" bgcolor=\"#EEEEEE\"><input type=\"checkbox\" name=\"cb_id[]\" value=\"$nome\" id=\"f_$id_file\" /></td>\n";
echo "<td align=\"center\" bgcolor=\"#EEEEEE\"><a href=\"modifica.php?id=" . $riga['id'] . "\" title=\"Modifica [Nuova finestra]\" class=\"piccolo\" target=\"_blank\">" . $riga['id'] . "</a></td>\n";
echo "<td align=\"left\" bgcolor=\"#EEEEEE\">$icon_file <a href=\"$dir/$nome\" target=\"blank\" class=\"piccolo\" title=\"Visualizza\">$nome</a></td>\n";
echo "<td class=\"text2\" align=\"center\" bgcolor=\"#EEEEEE\">$dimensione KiB</td>\n";
echo "<td class=\"text2\" align=\"center\" bgcolor=\"#EEEEEE\">" . date("d/m/Y H:i:s", filemtime($filename)) . "</td></tr>";
}
echo "<tr><td colspan=\"5\" class=\"text2\" align=\"left\">* " . $lang['files_orfani_descr2'] . " <br /><br />Seleziona: <a href=\"javascript:onClick=checkTutti()\" class=\"piccolo\">tutti</a>, <a href=\"javascript:onClick=uncheckTutti()\" class=\"piccolo\">nessuno</a> <input type=\"submit\" name=\"canc_file\" value=\"Cancella file\" onclick=\"return confirmSubmit()\" /></td></tr>";
echo "</table></form><br />";
if (isset($_POST['canc_file'])) {
if (isset($_POST['cb_id'])) {
$uid = implode(",", $_POST['cb_id']);
if (count($_POST['cb_id']) == 1) {
@unlink($dir . "/" . $uid);
echo "<div id=\"success\">" . $lang['file_cancellato'] . "</div>";
echo "<script language=\"JavaScript\" type=\"text/javascript\">
<!--
function doRedirect() { location.href = \"files.php?user_id=$get_dir\"; }
window.setTimeout(\"doRedirect()\", 1500);
//-->
</script>";
}
else {
$dirs = explode(",", $uid);
foreach($dirs as $del_dirs) {
@unlink($dir . "/" . $del_dirs);
$del_msg = "<div id=\"success\">" . $lang['file_cancellati'] . "</div>
<script language=\"JavaScript\" type=\"text/javascript\">
<!--
function doRedirect() { location.href = \"files.php?user_id=$get_dir\"; }
window.setTimeout(\"doRedirect()\", 1500);
//-->
</script>";
}
echo $del_msg;
}
}
}
}
else {
die("Utente non valido");
}
?>
</div>
</body>
</html>