File size: 1.75Kb
<?php
require 'sys/config.php';
$id = isset($_GET['id'])?fil($_GET['id'],'int'):'';
if($sql->result('SELECT COUNT(*) FROM `files` WHERE `id`="'.$id.'"')==0)
{
$smarty->assign('title','Error');
$smarty->assign('back','/index.php');
$smarty->assign('error','This file does not exist');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
} else {$file = $sql->query('SELECT * FROM `files` WHERE `id`="'.$id.'"')->fetch_assoc();}
if(!isset($user) || $user['assec']<2){
if(!empty($file['pass'])){
if(!isset($_POST['go'])){
$smarty->display('header.tpl');
echo '<div class="title">Enter password:</div>
<form action="file.php?id='.$id.'" method="post">
<div class="main">
Пароль:<br/>
<input type="password" name="pass" /><br/>
<input type="submit" name="go" value="Submit" />
</div></form>';
$smarty->display('footer.tpl');
}else{
if(md5($_POST['pass'])!=$file['pass']){
$smarty->assign('title','Error');
$smarty->assign('back','/file.php?id='.$id);
$smarty->assign('error','Invalid password');
$smarty->display('header.tpl');
$smarty->display('error.tpl');
$smarty->display('footer.tpl');
} else {
$smarty->assign('pass','yes');
}
}
}
}
$smarty->assign('file',$file);
$smarty->assign('title','information '.$file['name']);
if($file['user_id']!='00'){$usup = $sql->query('SELECT `nick` FROM `acc` WHERE `id`="'.$file['user_id'].'"')->fetch_assoc();
$usup = $usup['nick'];}
$name = $sql->query('SELECT `name` FROM `cat` WHERE `id`="'.$file['cat_id'].'"')->fetch_assoc();
$name = fil($name['name'],'echo');
$smarty->assign('usup',isset($usup)?$usup:'');
$smarty->assign('nc',$name);
$smarty->display('header.tpl');
$smarty->display('file.tpl');
$smarty->display('footer.tpl');
?>