<?php defined('ACCESS') OR die('No direct script access...');
if ((!isset($_SESSION['attachments' . $peer['id']]) && !is_array($_SESSION['attachments' . $peer['id']])) || $_SESSION['attachments' . $peer['id']]['hash'] != $hash)
redirect('/mail/?act=show&' . $_SESSION['attachments' . $peer['id']]['type'] . '=' . $peer['id'], 'Ошибка доступа.', 'error');
$q = mysql_query("SELECT folder, name, tmp_name, extension FROM mail_files_vk WHERE `action` = 'prepare' AND `id_mail` = '0' AND `id_user` = '" . $user['id'] . "' AND `id_kont` = '" . $peer['id'] . "' LIMIT " . $config['max_uploads_file']);
$countFile = mysql_num_rows($q);
if ($countFile >= $config['max_uploads_file'])
redirect('/mail/?act=show&' . $_SESSION['attachments' . $peer['id']]['type'] . '=' . $peer['id'], 'Вы загрузили максимальное количество файлов на одно сообщение.', 'error');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
foreach ($_FILES as $key => $item)
if (preg_match('/^file([0-9]+)$/i', $key))
if ($item['tmp_name']) {
$file = array(
'folder' => explode('/', $item['type']),
'name' => explode('.', $item['name'])
);
$file = array(
'folder' => array_shift($file['folder']),
'name' => array_shift($file['name']),
'extension' => array_pop($file['name']),
);
$file['tmp_name'] = md5_file($item['tmp_name']) . '.' . $file['extension'];
if (!is_dir(H . 'mail/files/' . $file['folder']))
mkdir(H . 'mail/files/' . $file['folder']);
/**
* Получаем тип файла
*/
$fileType = mime_content_type($item['tmp_name']);
$fileType = explode('/', $fileType);
$fileType = array_shift($fileType);
/**
* Запрщаем доступ к папкам которые не входят в этот список
* лучше не менять, только хуже сделаете
*/
if (in_array($fileType, array('audio', 'video', 'image')) === false && is_readable(H . 'mail/files/' . $file['folder'] . '/.htaccess') === false)
file_put_contents(H . 'mail/files/' . $file['folder'] . '/.htaccess', 'Deny From All');
if (!in_array($file['tmp_name'], array_diff(scandir(H . 'mail/files/' . $file['folder']), array('..', '.'))))
copy($item['tmp_name'], H . 'mail/files/' . $file['folder'] . '/' . $file['tmp_name']);
mysql_query("INSERT INTO `mail_files_vk` (`id_user`, `id_kont`, `time`, `name`, `tmp_name`, `extension`, `folder`, `type`, `size`) values('" . $user['id'] . "', '" . $peer['id'] . "', '" . $time . "', '" . $file['name'] . "', '" . $file['tmp_name'] . "', '" . $file['extension'] . "', '" . $file['folder'] . "', '" . $item['type'] . "', '" . $item['size'] . "')");
unset($file);
}
clearstatcache();
redirect('/mail/?act=show&' . $_SESSION['attachments' . $peer['id']]['type'] . '=' . $peer['id']);
}
$set['title'] = 'Редактирование вложений';
include_once H.'sys/inc/thead.php';
shapka_VK(true, '/mail/?act=show&peer='.$peer['id'].'', 'Диалог');
?>
<div class="basisDialogs pcont mail bl_cont vk_mail">
<?
?><h4 class="slim_header">Загрузить файл</h4>
<div class="form_item upload_form">
<form action="/mail/?act=attachments&peer=<?= $peer['id'] ?>&hash=<?= $hash ?>" method="post"
enctype="multipart/form-data">
<?
for ($i = 1; $i <= $config['max_uploads_file'] - $countFile; $i++) {
?>
<div class="upload_row"><input type="file" class="upload_input" name="file<?= $i ?>"></div><?
}
?>
<div class="upload_row ibwrap">
<input type="submit" class="button" value="Загрузить файл"><a class="near_btn"
href="/mail/?act=show&<?= $_SESSION['attachments' . $peer['id']]['type'] ?>=<?= $peer['id'] ?>">Назад</a>
</div>
</form>
</div>
<?php
if ($countFile) {
?>
<h4 class="slim_header">Прикрепленные объекты</h4>
<div class="attached_block">
<div class="pi_medias">
<?
while ($post = mysql_fetch_assoc($q)) {
if ($post['folder'] == 'reply') {
?>
<div class="medias_row mr_x_wrap"><span
class="medias_message_attach"> <?= des2num(count(explode(',', $post['name'])), array(' пересылаемое сообщение', ' пересылаемых сообщения', ' пересылаемых сообщений')) ?></span>
<div class="tu_cancel_wrap"
onclick="return MessagesActions.reset(this, <?= $peer['id'] ?>, true);"><i
class="tu_cancel"></i></div>
</div>
<?
} elseif ($post['folder'] == 'image') {
?>
<div class="medias_thumb thumb_item">
<div class="thumb_img_wrap">
<img class="ph_img" src="/mail/file/<?= $post['folder'] ?>/<?= $post['tmp_name'] ?>/"></div>
<a class="media_action"
href="/mail/?act=files&type=delete&object=<?= $post['folder'] ?>&hash=<?= $post['tmp_name'] ?>">Удалить</a>
</div>
<?
} elseif ($post['folder'] == 'audio') {
?>
<div class="medias_row">
<span class="mr_label medias_link medias_audio">
<span class="medias_link_icon"><i class="i_icon i_audio"></i></span><span class="medias_link_label">Песня</span>
<span class="medias_audio_title"><?= $post['name'] ?>.<?= $post['extension'] ?></span></span>
<div class="media_action_row"><a class="media_action"
href="/mail/?act=files&type=delete&object=<?= $post['folder'] ?>&hash=<?= $post['tmp_name'] ?>">Удалить</a>
</div>
</div>
<?
} elseif ($post['folder'] == 'video') {
?>
<div class="medias_row">
<span class="mr_label medias_link medias_audio">
<span class="medias_link_icon"><i class="i_icon i_doc"></i></span><span class="medias_link_label">Видео</span>
<span class="medias_audio_title"><?= $post['name'] ?>.<?= $post['extension'] ?></span></span>
<div class="media_action_row"><a class="media_action"
href="/mail/?act=files&type=delete&object=<?= $post['folder'] ?>&hash=<?= $post['tmp_name'] ?>">Удалить</a>
</div>
</div>
<?
} else {
?>
<div class="medias_row"><span class="mr_label medias_link"> <span class="medias_link_icon"><i
class="i_icon i_doc"></i></span><span class="medias_link_label">Файл</span><span
class="medias_link_labeled medias_link_title"> <?= $post['name'] ?>
.<?= $post['extension'] ?></span></span>
<div class="media_action_row"><a class="media_action"
href="/mail/?act=files&type=delete&object=<?= $post['folder'] ?>&hash=<?= $post['tmp_name'] ?>">Удалить</a>
</div>
</div>
<?
}
}
?></div>
<a class="button wide_button"
href="/mail/?act=show&<?= $_SESSION['attachments' . $peer['id']]['type'] ?>=<?= $peer['id'] ?>">Назад</a>
</div>
<?
}