<?php
#-----------------------------------------------------#
# ============ЗАГРУЗ-ЦЕНТР============= #
# Автор : Sea #
# E-mail : x-sea-x@ya.ru #
# ICQ : 355152215 #
# Вы не имеете права распространять данный скрипт. #
# По всем вопросам пишите в ICQ. #
#-----------------------------------------------------#
// mod Gemorroj
$HeadTime = microtime(true);
session_name('SID');
session_start();
require 'moduls/config.php';
require 'moduls/fun.php';
require 'moduls/header.php';
//
$id = intval($_GET['id']);
//
mysql_query('UPDATE `loginlog` SET `time`="", `access_num`=0 WHERE `id` = 1');
$all = mysql_fetch_row(mysql_query('SELECT COUNT(`id`) FROM `loginlog`;'));
if($all[0] > 21)
{
$min = mysql_fetch_row(mysql_query('SELECT MIN(`id`) FROM `loginlog` WHERE `id` > 1'));
mysql_query('DELETE FROM `loginlog` WHERE `id` = '.$min[0]);
}
###################################################
$error = 0;
if(empty($_SESSION['autorise'])) $error = 1;
if($_SESSION['autorise']!= $setup['password']) $error = 1;
if(empty($_SESSION['ipu'])) $error = 1;
if($_SESSION['ipu'] != $ip) $error = 1;
if($error==1) die($setup['hackmess'].'</body></html>');
####################ВЫХОД##########################
if($_GET['action']=='exit')
{
session_destroy();
echo 'You came out of the admin<br>
<a href="index.php">Downloads</a>';
}
###################ГЛАВНОЕ МЕНЮ####################
switch($_GET['action']){
default:
echo '<div class="mainzag">Админка</div>
<div class="row"><a href="apanel_index.php">File Manager</a></div>
<div class="row"><a href="apanel_scan.php">Full update the database</a></div>
<div class="row"><a href="apanel.php?action=rot">Cleaning debris from the database</a></div>
<div class="row"><a href="apanel.php?action=upload">Upload file</a></div>
<div class="row"><a href="apanel.php?action=import">import file</a></div>
<div class="row"><a href="apanel.php?action=setting">Settings</a></div>
<div class="row"><a href="apanel.php?action=modules">Моdule</a></div>
<div class="row"><a href="apanel.php?action=sec">security</a></div>
<div class="row"><a href="apanel.php?action=log">Log authorizations</a></div>
<div class="row"><a href="apanel.php?action=buy">Advertising</a></div>
<div class="row"><a href="apanel.php?action=id3">MP3 tag</a></div>
<div class="row"><a href="apanel.php?action=mark">Tag pictures</a></div>
<div class="row"><a href="apanel.php?action=optm">Оptimize db</a></div>
<div class="row"><a href="apanel.php?action=clean">cleaning db</a></div>
<div class="row"><a href="apanel.php?action=exit">logout</a></div>
<div class="row"><a href="apanel.php?action=cleankomm">Cleanup comments</a></div>';
break;
case 'mark':
if(!$_POST){
print '<div class="mainzag"> Tag Image<br>The images shown will bear the inscription, it would be impossible to remove<br></div>
<div class="row">
<form action="apanel.php?action=mark" method="post">inscription<br>
<input name="text" type="text"><br>
location<br>
<select name="y">
<option value="top">top</option>
<option value="foot">bottom</option>
</select><br>
Шрифт<br>
<input name="size" type="text" size="3" maxlength="1" value="2"><br>
Цвет<br>
<input name="color[]" type="text" size="3" maxlength="3" value="200">
<input name="color[]" type="text" size="3" maxlength="3" value="200">
<input name="color[]" type="text" size="3" maxlength="3" value="200"><br>
<input class="buttom" type="submit" value="Готово">
</form>
</div>';
}
else{
@set_time_limit(0);
$q = mysql_query('SELECT `path` FROM `files` WHERE `path` LIKE "%.jpg" OR `path` LIKE "%.jpe" OR `path` LIKE "%.jpeg" OR `path` LIKE "%.gif" OR `path` LIKE "%.png"');
$all = mysql_num_rows($q);
$i = 0;
while($arr = mysql_fetch_row($q)){
$path = pathinfo($arr[0]);
if($path['extension'] == 'gif'){
$pic = imageCreateFromGif($arr[0]);
$f = 'imageGif';
}
elseif($path['extension'] == 'png'){
$pic = imageCreateFromPng($arr[0]);
$f = 'imagePng';
}
elseif($path['extension'] == 'jpg' || $path['extension'] == 'jpe' || $path['extension'] == 'jpeg'){
$pic = imageCreateFromJpeg($arr[0]);
$f = 'imageJpeg';
}
if($pic){
// Color
$color = imagecolorallocate($pic, $_POST['color'][0], $_POST['color'][1], $_POST['color'][2]);
// Top / bottom
if($_POST['y']=='foot'){
$y = imageSY($pic)-($_POST['size']*8);
}
else{
$y = 1;
}
imagestring($pic, $_POST['size'], (imageSX($pic)/2)-(strlen($_POST['text'])*3), $y, $_POST['text'], $color);
if($f($pic,$arr[0],100))
$i++;
}
$pic = null;
}
print 'Total images:'.$all.', promarkerovany: '.$i;
}
break;
// MP3 Tag Editor
case 'id3':
include 'moduls/id.php';
$id3 = &new MP3_Id();
$genres = $id3->genres();
if(!$_POST){
if($id){
$tmp = mysql_fetch_row(mysql_query('SELECT `path` FROM `files` WHERE `id`='.$id.' LIMIT 1'));
$id3->read($tmp[0]);
function code($str){
$charset = strtolower(mb_detect_encoding($str, 'UTF-8, Windows-1251'));
if($charset != 'utf-8'){
$str = iconv('windows-1251','utf-8',$str);
}
return $str;
}
$name = code($id3->name);
$artists = code($id3->artists);
$album = code($id3->album);
$year = code($id3->year);
$track = code($id3->track);
$genre = code($id3->genre);
$comment = code($id3->comment);
print '<div class="mainzag">MP3 Tag Editor<br></div>
<div class="row">
<form action="apanel.php?action=id3&id='.$id.'" method="post">
Name<br>
<input name="name" type="text" value="'.$name.'"><br>
Artist<br>
<input name="artists" type="text" value="'.$artists.'"><br>
Аlbum<br>
<input name="album" type="text" value="'.$album.'"><br>
Year<br>
<input name="year" type="text" value="'.$year.'"><br>
Track<br>
<input name="track" type="text" value="'.$track.'"><br>
Genre<br>
<select name="genre"><option value="'.$genre.'">'.$genre.'</option>';
foreach($genres as $var){
if($var == $genre){
continue;
}
$var = htmlspecialchars($var);
print '<option value="'.$var.'">'.$var.'</option>';
}
print '</select><br>
Comments<br>
<textarea name="comment" rows="2" cols="32">'.$comment.'</textarea><br>
<input class="buttom" type="submit" value="Задать">
</form>
</div>';
}
else{
print '<div class="mainzag">module will set all the MP3 files listed tags. If the field is empty, the tag will not change<br></div>
<div class="row">
<form action="apanel.php?action=id3" method="post">
Name<br>
<input name="name" type="text"/><br>
Аrtist<br>
<input name="artists" type="text"/><br>
Аlbum<br>
<input name="album" type="text"/><br>
year<br>
<input name="year" type="text"/><br>
trackbr>
<input name="track" type="text"/><br>
genre<br>
<select name="genre"><option value=""></option>';
foreach($genres as $var){
$var = htmlspecialchars($var);
print '<option value="'.$var.'">'.$var.'</option>';
}
print '</select><br>
Comments<br>
<textarea name="comment" rows="2" cols="32"></textarea><br>
<input class="buttom" type="submit" value="Zadat">
</form>
</div>';
}
}
else{
if($id){
$tmp = mysql_fetch_row(mysql_query('SELECT `path` FROM `files` WHERE `id`='.$id.' LIMIT 1'));
$id3->read($tmp[0]);
$id3->name = iconv('utf-8','windows-1251',$_POST['name']);
$id3->artists = iconv('utf-8','windows-1251',$_POST['artists']);
$id3->album = iconv('utf-8','windows-1251',$_POST['album']);
$id3->year = iconv('utf-8','windows-1251',$_POST['year']);
$id3->track = iconv('utf-8','windows-1251',$_POST['track']);
$id3->genre = iconv('utf-8','windows-1251',$_POST['genre']);
$id3->comment = iconv('utf-8','windows-1251',$_POST['comment']);
$id3->write();
print 'Теги изменены';
}
else{
$arr = array();
$q = mysql_query('SELECT TRIM(`path`) FROM `files`');
while($f = mysql_fetch_row($q)){
if(strtoupper(strrchr($f[0],'.'))=='.MP3'){
$arr[] = $f[0];
}
}
if($_POST['name']!=''){
$_POST['name'] = iconv('utf-8','windows-1251',$_POST['name']);
}
if($_POST['artists']!=''){
$_POST['artists'] = iconv('utf-8','windows-1251',$_POST['artists']);
}
if($_POST['album']!=''){
$_POST['album'] = iconv('utf-8','windows-1251',$_POST['album']);
}
if($_POST['year']!=''){
$_POST['year'] = iconv('utf-8','windows-1251',$_POST['year']);
}
if($_POST['track']!=''){
$_POST['track'] = iconv('utf-8','windows-1251',$_POST['track']);
}
if($_POST['genre']!=''){
$_POST['genre'] = iconv('utf-8','windows-1251',$_POST['genre']);
}
if($_POST['comment']!=''){
$_POST['comment'] = iconv('utf-8','windows-1251',$_POST['comment']);
}
$all = sizeof($arr);
for($i=0; $i<=$all; ++$i){
$id3->read($arr[$i]);
if($_POST['name']!=''){
$id3->name = $_POST['name'];
}
if($_POST['artists']!=''){
$id3->artists = $_POST['artists'];
}
if($_POST['album']!=''){
$id3->album = $_POST['album'];
}
if($_POST['year']!=''){
$id3->year = $_POST['year'];
}
if($_POST['track']!=''){
$id3->track = $_POST['track'];
}
if($_POST['genre']!=''){
$id3->genre = $_POST['genre'];
}
if($_POST['comment']!=''){
$id3->comment = $_POST['comment'];
}
$id3->write();
}
print 'tags are set to '.$all.' file';
}
}
break;
#####################################Additions and changes DESCRIPTIONS ###################################
case 'fast':
$file = mysql_fetch_array(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
if(!$_POST)
{
echo '<div class="mainzag">quick description'.$file['name'].':</div>
<div class="row">
<form action="apanel.php?action=fast&id='.$id.'" method="post">
<textarea class="enter" cols="70" rows="10" name="text">'.htmlspecialchars($file['fastabout']).'</textarea><br><br>
<input name="tr" type="checkbox" value="1">Add to the basic description<br>
<input class="buttom" type="submit" value="Napisat">
</form></div>';
}
else
{
if($_POST['text']=='') $res='deleted!'; else $res='added!';
$filename = pathinfo($file['path']);
$dir = $filename['dirname'];
if(intval($_POST['tr']) == 1){
mysql_query("UPDATE `files` SET about='".bbcode(clean($_POST['text']))."' WHERE `id` = ".$id);
}
mysql_query("UPDATE `files` SET fastabout='".bbcode(clean($_POST['text']))."' WHERE `id` = ".$id);
echo 'quick description '.$res.'<br><a href="apanel_view.php?id='.$id.'">to the description</a>';
}
break;
######################################ЛОГ######################################################
case 'pos':
$file_info = mysql_fetch_assoc(mysql_query('SELECT `name`,`path` FROM `files` WHERE `id`='.$id));
if(!is_dir($file_info['path'])) die('Error');
$file_info['name'] = str_replace('*','',$file_info['name']);
if($_GET['to'] == 'down'){
$query = 'UPDATE `files` SET `priority`=`priority`-1 WHERE `id` = '.$id;
}
elseif($_GET['to'] == 'up'){
$query = 'UPDATE `files` SET `priority`=`priority`+1 WHERE `id` = '.$id;
}
if(mysql_query($query)){
echo '<div class="mainzag">Priority catalog '.$file_info['name'].' changed!</div>';
}
else{
echo '<div class="minizag">Failed to change priority</div>';
}
break;
######################################ЛОГ######################################################
case 'rot':
$delfiles = 0;
$reses = mysql_query('SELECT `id`,`path` FROM `files`');
while($array = mysql_fetch_assoc($reses)){
$array_path[$array['id']] = $array['path'];
}
foreach($array_path as $key=>$value){
if(file_exists($value)==false ){
$res = mysql_query('DELETE FROM `files` WHERE `id` = '.$key);
$res = mysql_query('DELETE FROM `komments` WHERE `file_id` = '.$key);
$delfiles++;
}
}
echo '<div class="mainzag">Database successfully updated!</div><div class="row">Removed incorrect records: '.$delfiles.'</div>';
break;
######################################ЛОГ######################################################
case 'editabout':
$file_info = mysql_fetch_assoc(mysql_query('SELECT `id`,`fastabout`,`name`,`path` FROM `files` WHERE `id` = '.$id));
$file_info['name'] = str_replace('*','',$file_info['name']);
if(!is_dir($file_info['path']) and !is_file($file_info['path'])) die('Error</body></html>');
if(!$_POST){
echo '<div class="mainzag">File description '.$file_info['name'].':</div>
<div class="row">
<form action="apanel.php?action=editabout&id='.$id.'" method="post">
<textarea class="enter" cols="50" rows="7" name="text">'.htmlspecialchars($file_info['fastabout']).'</textarea><br><br>
<input class="buttom" type="submit" value="Добавить">
</form>
</div>';
}
else{
mysql_query("UPDATE `files` SET fastabout='".bbcode(clean($_POST['text']))."' WHERE `id` = ".$id);
echo 'quick description changed!';
}
break;
######################################ЛОГ######################################################
case 'flash':
$file_info = mysql_fetch_assoc(mysql_query('SELECT `path` FROM `files` WHERE `id` = '.$id.' AND `size` = 0'));
if(!is_dir($file_info['path'])) die('This category does not exist.</body></html>');
function scaner ($paths)
{
$paths = $paths.'/*';
$array = glob($paths);
static $file_aray;
foreach($array as $vv)
{
if(is_dir($vv)){
$file_aray[] = $vv.'/';
scaner($vv);
}
else{
if(basename($vv)=='folder.png') continue;
$file_aray[] = $vv;
}
}
return $file_aray;
}
$file_array = scaner(mb_substr($file_info['path'],0,mb_strlen($file_info['path'])-1));
$addfolder = $addfiles = 0;
$reses = mysql_query('SELECT `id`,`path` FROM `files`');
while($array = mysql_fetch_assoc($reses)){
$array_path[$array['id']] = $array['path'];
}
foreach($file_array as $value){
if(@in_array($value,$array_path)===false)
{
$upltime = filectime($value);
$name = basename($value);
$pathinfo = pathinfo($value);
$ext = $pathinfo['extension'];
$name = str_replace('.'.$ext,'',$name);
$infolder = dirname($value).'/';
$size = filesize($value);
if(strpos($name , '!') !== false){
$name = trans($name);
}
else{
$name = trans2($name);
}
if(is_dir($value)){
$query = mysql_query("INSERT INTO `files` (`path`, `name`, `infolder`, `timeupload`, `loads`, `yes` ) VALUES ('$value', '*".$name."', '$infolder', '9999999999', '9999999999', '9999');"); $addfolder++;
}
else{
$query = mysql_query("INSERT INTO `files` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$value', '$name', '$infolder' , '$size' , '$upltime');");
$addfiles++;
}
}
}
echo '<div class="mainzag">Database successfully updated!</div><div class="row">addded folder: '.$addfolder.' <br>Добавлено file: '.$addfiles.'</div>';
break;
######################################ЛОГ######################################################
case 'log':
$query = mysql_query('SELECT * FROM `loginlog` WHERE `id` > 1 ORDER BY `time` DESC;');
echo '<div class="mainzag">Log last 20 visits to admin([UserAgent][IP][Time]):</div><div class="row">';
while($log = mysql_fetch_assoc($query)){
echo '<strong>[</strong>'.$log['ua'].'<strong>][</strong>'.$log['ip'].'<strong>][</strong>'.date('d.m.Y (H:i)',$log['time']).'<strong>]</strong><br>';
}
echo '</div>';
break;
######################################ЛОГ######################################################
case 'addico':
$file_info = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
if(!$_FILES)
{
echo '<div class="mainzag">Load icons to the folder</div>
<div class="row">
<form action="apanel.php?action=addico&id='.$id.'" method="post" enctype="multipart/form-data">
The file will be copied to the destination folder:<br>
<input name="ico" type="file"><br>
<input class="buttom" type="submit" value="Добавить">
</form>
</div>';
}
else
{
$name = $_FILES['ico']['name'];
$ext = pathinfo($name);
$ext = strtolower($ext['extension']);
$to = $file_info['path'].'folder.png';
if($ext=='php' or $ext=='php3' or $ext=='php4' or $ext=='php5' or $ext=='php6' or $ext=='phtml' or $ext=='cgi' or $ext=='asp' or $ext=='js' or $ext=='phtm' or $ext=='py' or $ext=='pl') die ($setup['hackmess']);
if($ext!='png') die('icons are supported only png format');
if(file_exists($to)) die('File already exists');
chmod($file_info['path'], 0777);
if(move_uploaded_file($_FILES['ico']['tmp_name'], $to))
{
echo 'Downloading is successful icons.<br>';
chmod($to, 0644);
}
else{
echo 'Downloading icons ended unsuccessfully.<br>';
//chmod($file_info['path'], 0777);
}
}
break;
######################################ЛОГ######################################################
case 'reico':
$file_info = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
if(!file_exists($file_info['path'].'folder.png')) die('icon to the folder does not exist');
chmod($file_info['path'].'folder.png',0777);
if(unlink($file_info['path'].'folder.png')) echo 'Deleting icons was successful.<br>';
else echo 'Deleting icons ended unsuccessfully.<br>';
break;
###################################Unpacker########################################
case 'unpack':
$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
$dir = dirname($file['path']).'/';
chmod($folder['path'], 0777);
include 'moduls/pclzip.lib.php';
$zip = new PclZip($file['path']);
if(!$zip->extract(PCLZIP_OPT_PATH, $dir)) die('Error while unpacking'); else die('Archive unpacked in '.$dir.'<br>Не забудьте обновить БД.');
chmod($folder['path'], 0777);
break;
###################################### Delete a folderИ######################################################
case 'redir':
if($setup['delete_dir']==0) die($hackmess.'</body></html>');
if(!$_GET['level']){
echo 'This will delete all files in a directory and the directory itself. Continue?<br><a href="apanel.php?action=redir&level=1&id='.$id.'">Yes, continue </a>';
}
else{
$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id.' ORDER BY `name`'));
if(!is_dir ($file['path'])) die('This category does not exist!</body></html>');
$ex = explode('/',$file['path']);
$f_chmod = null;
foreach($ex as $chmod){
$f_chmod.=$chmod.'/';
chmod($f_chmod,0777);
}
$array = glob($file['path'].'*');
foreach($array as $vv){
if(is_dir($vv)) die('Allowed to delete a folder with only 1 level of nesting!!</body></html>');
else{
if(!unlink($vv)) die('Error deleting file '.$vv.'</body></html>');
}
}
$query = mysql_query("DELETE FROM `files` WHERE `infolder` = '".$file['path']."'") or die('Error in deleting files from the database</body></html>');
if(!rmdir($file['path'])) die('Error deleting directory</body></html>');
$query = mysql_query('DELETE FROM `files` WHERE `id` = '.$id) or die('Error deleting directory from the database </body></html>');
$f_chmod = null;
foreach($ex as $chmod){
$f_chmod.=$chmod.'/';
if($f_chmod!=$setup['path'].'/'){
chmod($f_chmod.'/',0777);
}
}
echo 'Directory deleted successfully!';
}
break;
################################## DELETING FILE ########################################
case 'refile':
if($setup['delete_dir']==0) die($hackmess.'</body></html>');
$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id.' ORDER BY `name`'));
if(!is_file($file['path'])) die('This file does not exist!</body></html>');
$ex = explode('/',$file['path']);
$f_chmod = null;
foreach($ex as $chmod){
$f_chmod.=$chmod;
if(is_dir($f_chmod)){
$f_chmod = $f_chmod.'/';
}
chmod($f_chmod,0777);
}
if(!unlink($file['path'])) die('Error deleting file '.$file['path'].'</body></html>');
$query = mysql_query('DELETE FROM `files` WHERE `id` = '.$id) or die('Error deleting a file from the database</body></html>');
$f_chmod = null;
foreach($ex as $chmod){
$f_chmod.=$chmod;
if(is_dir($f_chmod)){
$f_chmod = $f_chmod.'/';
}
if($f_chmod!=$setup['path'].'/'){
chmod($f_chmod,0777);
}
}
echo 'Файл <strong>'.$file['name'].'</strong>deleted!';
break;
############################### ADVERTISIN ###############################################
case 'buy':
if(!$_POST)
{
$file = mysql_fetch_array(mysql_query('SELECT * FROM `files` WHERE `id` = '.clean($id)));
echo '<div class="mainzag">Ad unit:</div>
<div class="row">
<form action="apanel.php?action=buy" method="post">
<textarea class="enter" cols="70" rows="10" name="text">'.$setup['buy'].'</textarea><br>
<input name="randbuy" type="checkbox" value="1" '.check($setup['randbuy']).'>Conclusion random links<br>
<input class="buttom" type="submit" value="Save"></form></div>';
}
else
{
$_POST['randbuy'] = intval($_POST['randbuy']);
if($_POST['text']=='') die('Не заполнено поле.</body></html>');
$query = mysql_query("UPDATE `setting` SET `value`='".clean($_POST['text'])."' WHERE `name` = 'buy'");
$query = mysql_query("UPDATE `setting` SET `value`='".$_POST['randbuy']."' WHERE `name` = 'randbuy'");
echo 'Settings saved.';
}
break;
####################################Renaming##################################################
case 'rename':
$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
if(!$_POST)
{
if(is_dir($file['path'])) $file['name'] = str_replace('*','',$file['name']);
echo '<div class="mainzag">enter a new name::</div>
<div class="row">
<form method="post" action="apanel.php?action=rename&id='.$id.'"">
<input class="enter" type="text" name="newname" size="70" value="'.$file['name'].'"><br>
<input class="buttom" type="submit" value="Gotovo" >
</form></div>';
}
else
{
$newname = clean(del($_POST['newname']));
if(is_dir($file['path'])) $newname = '*'.$newname;
mysql_query("UPDATE `files` SET name='".$newname."' WHERE `id` = ".$id);
$error = mysql_error();
if($error) die('Error renaming.<br>'.$error.'</body></html>');
echo 'The file is renamed.';
}
break;
######################################### PURIFICATION TO FILE #########################################
case 'clearkomm':
$query = mysql_query('DELETE FROM `komments` WHERE `file_id` = '.$id);
$error = mysql_error();
if($error) die('Error while dumping.<br>'.$error.'</body></html>');
echo 'Comments was deleted.';
break;
##############################################ОЧИСТКА РЕЙТИНГА К ФАЙЛУ#######################################
case 'cleareval':
$query = mysql_query('UPDATE `files` SET `ips`="",`yes`=0,`no`=0 WHERE `id` = '.$id);
$error = mysql_error();
if($error) die('Error while dumping.<br>'.$error.'</body></html>');
echo 'rating has been deleted.';
break;
########################################OPTIMIZATION DB#################################
case 'optm':
mysql_query('OPTIMIZE TABLE `files`;');
mysql_query('OPTIMIZE TABLE `komments`;');
mysql_query('OPTIMIZE TABLE `loginlog`;');
mysql_query('OPTIMIZE TABLE `online`;');
mysql_query('OPTIMIZE TABLE `setting`;');
echo 'Database is optimized.';
break;
#############################################PURIFICATION DB#####################################
case 'clean':
if(!$_GET['level'])
{
echo 'This will delete all data on the database, including descriptions, counters uploads, ratings, and kommentarii.Prodolzhit?<br><a href="apanel.php?action=clean&level=1">Yes, continue</a>';
}
else
{
mysql_query('TRUNCATE TABLE `files`;');
mysql_query('TRUNCATE TABLE `komments`;');
echo 'Database cleaned.<br>';
}
break;
########################################## Clear all ##############################################
case 'cleankomm':
if(!$_GET['level']){
echo 'This will delete all comments to the files?<br><a href="apanel.php?action=cleankomm&level=1">Yes, continue</a>';
}
else{
mysql_query('TRUNCATE TABLE `komments`');
echo 'Database comment clear<br>';
}
break;
#########################################Additions and changes DESCRIPTIONS#########################################
case 'about':
$file = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
if(!$_POST)
{
echo '<div class="mainzag">File description'.$file['name'].':</div>
<div class="row">
<form action="apanel.php?action=about&id='.$id.'" method="post">
<textarea class="enter" cols="70" rows="10" name="text">'.htmlspecialchars($file['about']).'</textarea><br><br>
<input class="buttom" type="submit" value="Написать"></form></div>';
}
else
{
if($_POST['text']=='') $res='deleted'; else $res='added';
$filename = pathinfo($file['path']);
$dir = $filename['dirname'];
$back = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `files` WHERE `path` = '".bbcode(clean($dir))."';"));
$write_bd = mysql_query("UPDATE `files` SET about='".bbcode(clean($_POST['text']))."' WHERE `id` = ".$id);
echo 'Description '.$res.'
<br><a href="apanel_index.php?id='.$back['id'].'">File Manager</a>
<br><a href="apanel_view.php?id='.$id.'">to the description</a>';
}
break;
#########################################IMPORT###########################################################
case 'import':
if(!$_POST)
{
$dirs = mysql_query('SELECT `path` FROM `files` WHERE `size` = 0');
echo '<div class="mainzag">import file</div>
<div class="row">
Save to:<br>
<form action="apanel.php?action=import" method="post">
<select class="buttom" size="1" width="70" name="topath"><option value="'.$setup['path'].'/">./</option>';
while($item = mysql_fetch_assoc($dirs)){
$name = str_replace($setup['path'].'/','',$item['path']);
$path = explode('/',$name);
$option = '';
unset($path[sizeof($path)-1]);
foreach($path as $value){
if(strpos($value , '!') !== false) $name = trans($value); else $name = $value;
$option = $option.$name.'/';
}
echo '<option value="'.$item['path'].'">'.$option.'</option>';
}
echo '</select><br>
Files:<br>
<textarea class="enter" cols="70" rows="10" name="files"></textarea><br><br>
<input class="buttom" type="submit" value="import">
</form></div>';
}
else
{
$newpath = trim($_POST['topath']);
if(empty($newpath)){
die('There is no finite way! '.$newpath.'</body></html>');
}
$text = explode("\n",$_POST['files']);
for($i=0; $i<$sizeof=sizeof($text); $i++){
$ex = pathinfo($text[$i]);
$ext = strtolower($ex['extension']);
$to = $newpath.$ex['basename'];
if(file_exists($to)) die('File '.$to.'already exists</body></html>');
if($ext=='php' or $ext=='php2' or $ext=='php3' or $ext=='php4' or $ext=='php5' or $ext=='php6' or $ext=='phtml' or $ext=='cgi' or $ext=='asp' or $ext=='js' or $ext=='phtm' or $ext=='py' or $ext=='pl') die ($setup['hackmess'].'</body></html>');
chmod($newpath, 0777);
@ini_set('user_agent',$_SERVER['HTTP_USER_AGENT']);
if(copy($text[$i],$to)){
echo 'import file '.$text[$i].' success<br>';
$upltime = filectime($to);
$ex = pathinfo($to);
$name = str_replace('.'.$ex['extension'],'',basename($to));
if(strpos($name , '!') !== false){
$name = trans($name);
}
else{
$name = trans2($name);
}
$size = filesize($to);
$infolder = dirname($to).'/';
mysql_query("INSERT INTO `files` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$to', '$name', '$infolder' , '$size' , '$upltime');");
}
else{
echo 'import file '.$text[$i].' failed<br>';
}
}
chmod($newpath, 0777);
}
break;
####################################APLOAD screen################################################
case 'screen':
$info = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
$info['path'] = strstr($info['path'],'/'); // remove the folder with downloads
$to = $setup['spath'].$info['path'].'.gif'; // destination file name
if(!$_FILES)
{
echo '<div class="mainzag">Loading screen</div>
<div class="row">
<form action="apanel.php?action=screen&id='.$id.'" method="post" enctype="multipart/form-data">
The file will be copied to a folder with screenshots:<br>
<input name="scr" type="file"><br>
<input class="buttom" type="submit" value="Добавить">
</form>';
}
else
{
$name = htmlspecialchars($_FILES['scr']['name']);
$ex = pathinfo($name);
$ext = strtolower($ex['extension']);
if($ext!='gif' && $ext!='jpg' && $ext!='jpe' && $ext!='jpeg' && $ext!='png') die('screens are supported only gif, jpeg, png formats</body></html>');
//if(file_exists($to)) die('File already exists</body></html>');
chmod($setup['spath'], 0777);
//
$dirs = explode('/',$to);
$all = sizeof($dirs)-1;
$tmp = $setup['spath'].'/';
for($i=1; $i<$all; ++$i){
$tmp.= $dirs[$i].'/';
mkdir($tmp,0777);
chmod($tmp,0777); // fix
}
//
if(move_uploaded_file($_FILES['scr']['tmp_name'], $to)){
echo 'download screen '.$name.' success.<br>';
chmod($to,0666);
if($ext=='jpg' || $ext=='jpe' || $ext=='jpeg'){
$im = imagecreatefromjpeg($to);
imagegif($im,$to);
imagedestroy($im);
}
elseif($ext=='png'){
$im = imagecreatefrompng($to);
imagegif($im,$to);
imagedestroy($im);
}
}
else{
echo 'download screen '.$name.' ended unsuccessfully..<br>';
}
}
break;
##################################upload################################
case 'upload':
if(!$_POST)
{
$dirs = mysql_query('SELECT `path` FROM `files` WHERE `size` = 0');
echo '<div class="mainzag">Upload file (max '.ini_get('upload_max_filesize').')</div>
<div class="row">
Save to:<br>
<form action="apanel.php?action=upload" method="post" enctype="multipart/form-data">
<select class="buttom" size="1" width="70" name="topath"><option value="'.$setup['path'].'/">./</option>';
while($item = mysql_fetch_assoc($dirs))
{
$name = str_replace($setup['path'].'/','',$item['path']);
$path = explode('/',$name);
$option = '';
unset($path[sizeof($path)-1]);
foreach($path as $value)
{
if(strpos($value , '!') !== false) $name = trans($value); else $name = $value;
$option = $option.$name.'/';
}
echo '<option value="'.$item['path'].'">'.$option.'</option>';
}
echo '</select><br>
Add Files:<br>
<input name="userfile[]" type="file"><br>
<input name="userfile[]" type="file"><br>
<input name="userfile[]" type="file"><br>
<input name="userfile[]" type="file"><br>
<input name="userfile[]" type="file"><br>
<input class="buttom" type="submit" value="Добавить">
</form>';
}
else
{
$newpath = trim($_POST['topath']);
if(empty($newpath)){
die ('Нет конечного пути! '.$newpath);
}
for($i=0; $i<$a=sizeof($_FILES['userfile']['name']); $i++)
{
if(empty($_FILES['userfile']['name'][$i])){
continue;
}
$name = $_FILES['userfile']['name'][$i];
$ex = pathinfo($name);
$ext = strtolower($ex['extension']);
$to = $newpath.$name;
if($ext=='php' or $ext=='php3' or $ext=='php4' or $ext=='php5' or $ext=='php6' or $ext=='phtml' or $ext=='cgi' or $ext=='asp' or $ext=='js' or $ext=='phtm' or $ext=='py' or $ext=='pl') die ($setup[hackmess]);
if(file_exists($to)) die('File already exists');
chmod($newpath, 0777);
if(move_uploaded_file($_FILES['userfile']['tmp_name'][$i], $to))
{
echo 'Upload File '.$name.' successful.<br>';
$upltime = filectime($to);
$ex = pathinfo($to);
$ex = $ex['extension'];
$name = str_replace('.'.$ex,'',basename($to));
$size = filesize($to);
$infolder = dirname($to).'/';
if(strpos($name , '!') !== false){
$name = trans($name);
}
else{
$name = trans2($name);
}
mysql_query("INSERT INTO `files` (`path`, `name`, `infolder`, `size` , `timeupload`) VALUES ('$to', '$name', '$infolder' , '$size' , '$upltime');");
chmod($to, 0644);
}
else{
echo 'upload file'.$name.' ended unsuccessfull.<br>';
}
}
chmod($newpath, 0777);
}
break;
###################################cREATING A NEW CATALOG ################################
case 'newdir':
if(!$_POST)
{
echo '<div class="mainzag"> Creating a new category:</div>
<div class="row">
<form action="apanel.php?action=newdir&id='.$id.'" method="post">
Name the new folder: <br>
<input class="enter" name="dirnew" type="text" size="70" value=""><br>
<input name="tr" type="checkbox" value="1" checked="checked">translations (if there are Russian letters - including mandatory!)<br>
<input class="buttom" type="submit" value="Добавить">
</form>';
}
else{
if(empty($_POST['dirnew'])){
die('No field!</body></html>');
}
$dirnew = clean(del($_POST['dirnew']));
$name = '*'.$dirnew;
if($_POST['tr'] == 1){
$dirnew = '!'.retrans($dirnew);
}
if(!$id){
$d['path'] = $setup['path'].'/';
}
else{
$d = mysql_fetch_assoc(mysql_query('SELECT * FROM `files` WHERE `id` = '.$id));
}
chmod($d['path'],0777);
$dirnew = trim($d['path']).trim($dirnew).'/';
mkdir($dirnew, 0777);
chmod($dirnew, 0777);
if(!is_dir($dirnew)){
exit('Unable to create directory. Make the right to record.</body></html>');
}
if(mysql_query("INSERT INTO `files` (`path`, `name`, `infolder`, `timeupload`) VALUES ('".$dirnew."', '$name', '".$d['path']."', ".time().");")){
// screenshot
$screen = $setup['spath'].substr($dirnew, strlen($setup['path']));
mkdir($screen, 0777);
chmod($screen, 0777);
// Description
$desc = $setup['opath'].substr($dirnew, strlen($setup['path']));
mkdir($desc, 0777);
chmod($desc, 0777);
echo 'The new directory is created';
}
else{
echo 'Error creating a new catalog.';
}
}
break;
########################################CHANGE MODULES #######################################################
case 'modules':
if(!$_POST)
{
echo '<div class="mainzag">Module::</div>
<form action="apanel.php?action=modules" method="post">
<div class="row">
<input name="komments_change" type="checkbox" value="ON" '.check($setup['komments_change']).'>Comments<br>
<input name="eval_change" type="checkbox" value="ON" '.check($setup['eval_change']).'>Rating<br>
<input name="jad_change" type="checkbox" value="ON" '.check($setup['jad_change']).'>Generator Jad<br>
<input name="cut_change" type="checkbox" value="ON" '.check($setup['cut_change']).'>Narezchik MP3<br>
<input name="zip_change" type="checkbox" value="ON" '.check($setup['zip_change']).'>Browse archives<br>
<input name="zakaz" type="checkbox" value="ON" '.check($setup['zakaz']).'>table orders<br>
<input name="buy_change" type="checkbox" value="ON" '.check($setup['buy_change']).'>Advertising block<br>
<input name="onpage_change" type="checkbox" value="ON" '.check($setup['onpage_change']).'>Menu selection number of files on a page<br>
<input name="preview_change" type="checkbox" value="ON" '.check($setup['preview_change']).'>selection menu display predosmotra <br>
<input name="top_change" type="checkbox" value="ON" '.check($setup['top_change']).'>TOP<br>
<input name="stat_change" type="checkbox" value="ON" '.check($setup['stat_change']).'>Statistics<br>
<input name="pagehand_change" type="checkbox" value="ON" '.check($setup['pagehand_change']).'>manual entry pages<br>
<input name="search_change" type="checkbox" value="ON" '.check($setup['search_change']).'>Find Files<br><br>
<input class="buttom" type="submit" value="Save">
</form>
</div>';
}
else
{
if ($_POST['komments_change'] == 'ON') $_POST['komments_change']=1; else $_POST['komments_change']=0;
if ($_POST['eval_change'] == 'ON') $_POST['eval_change']=1; else $_POST['eval_change']=0;
if ($_POST['onpage_change'] == 'ON') $_POST['onpage_change']=1; else $_POST['onpage_change']=0;
if ($_POST['preview_change'] == 'ON') $_POST['preview_change']=1; else $_POST['preview_change']=0;
if ($_POST['top_change'] == 'ON') $_POST['top_change']=1; else $_POST['top_change']=0;
if ($_POST['stat_change'] == 'ON') $_POST['stat_change']=1; else $_POST['stat_change']=0;
if ($_POST['search_change'] == 'ON') $_POST['search_change']=1; else $_POST['search_change']=0;
if ($_POST['pagehand_change'] == 'ON') $_POST['pagehand_change']=1; else $_POST['pagehand_change']=0;
if ($_POST['zip_change'] == 'ON') $_POST['zip_change']=1; else $_POST['zip_change']=0;
if ($_POST['jad_change'] == 'ON') $_POST['jad_change']=1; else $_POST['jad_change']=0;
if ($_POST['zakaz'] == 'ON') $_POST['zakaz']=1; else $_POST['zakaz']=0;
if ($_POST['buy_change'] == 'ON') $_POST['buy_change']=1; else $_POST['buy_change']=0;
if ($_POST['cut_change'] == 'ON') $_POST['cut_change']=1; else $_POST['cut_change']=0;
foreach($_POST as $key=>$value)
{
if($key=='password' or $key=='delete_dir' or $key=='delete_file') die($hackmess);
$query = mysql_query("UPDATE `setting` SET `value` = '".intval($value)."' WHERE `name` = '$key';");
}
echo 'The list of modules changed';
}
break;
########################################sECURITY###########################################
case 'sec':
if(!$_POST)
{
echo '<div class="mainzag"> Safety:</div>
<form action="apanel.php?action=sec" method="post">
<div class="row">
Password (if you do not want to change left blank): <br>
<input class="enter" name="password" type="password" value=""></div><div class="row">
The number of incorrect attempts to enter a password to lock: <br>
<input class="enter" name="countban" type="text" value="'.$setup['countban'].'"></div><div class="row">
Time lock (seconds): <br>
<input class="enter" name="timeban" type="text" value="'.$setup['timeban'].'"><br>
<input name="autologin" type="checkbox" value="ON" '.check($setup['autologin']).'>Autologin<br>
<input name="delete_file" type="checkbox" value="ON" '.check($setup['delete_file']).'>function remove files<br>
<input name="delete_dir" type="checkbox" value="ON" '.check($setup['delete_dir']).'>function remote directory
</div><div class="row">
Enter a password for potverzhdeniya: <br>
<input class="enter" name="pwd" type="password" value=""><br>
<input class="buttom" type="submit" value="Save">
</form>
</div>';
}
else
{
if ($_POST['autologin'] == 'ON') $_POST['autologin']=1; else $_POST['autologin']=0;
if ($_POST['delete_dir'] == 'ON') $_POST['delete_dir']=1; else $_POST['delete_dir']=0;
if ($_POST['delete_file'] == 'ON') $_POST['delete_file']=1; else $_POST['delete_file']=0;
if (md5(clean($_POST['pwd'])) != $setup['password'] or empty($_POST['pwd'])) die($setup['hackmess']);
is_num($_POST['countban'],'countban');
is_num($_POST['timeban'],'timeban');
foreach($_POST as $key=>$value)
{
if($value=='' and $key!='password' and $key!='autologin' and $key!='delete_dir' and $key!='delete_file') die('Не заполнено одно из полей.');
}
if(!empty($_POST['password'])) $query = mysql_query("UPDATE `setting` SET `value` = '".md5(clean($_POST['password']))."' WHERE `name` = 'password';");
mysql_query("UPDATE `setting` SET `value` = '".clean($_POST['countban'])."' WHERE `name` = 'countban';");
mysql_query("UPDATE `setting` SET `value` = '".clean($_POST['timeban'])."' WHERE `name` = 'timeban';");
mysql_query("UPDATE `setting` SET `value` = '".$_POST['autologin']."' WHERE `name` = 'autologin';");
mysql_query("UPDATE `setting` SET `value` = '".$_POST['delete_file']."' WHERE `name` = 'delete_file';");
mysql_query("UPDATE `setting` SET `value` = '".$_POST['delete_dir']."' WHERE `name` = 'delete_dir';");
echo 'Settings changed.';
}
break;
######################################## SETUP SCRIPTS ##################################################
case 'setting':
if(!$_POST)
{
echo '<div class="mainzag">Settings загруз-центра:</div>
<form action="apanel.php?action=setting" method="post">
<div class="row">
A folder with the files:<br>
<input class="enter" name="path" type="text" value="'.$setup['path'].'"></div><div class="row">
File description:<br>
<input class="enter" name="opath" type="text" value="'.$setup['opath'].'"></div><div class="row">
A folder with the screen:<br>
<input class="enter" name="spath" type="text" value="'.$setup['spath'].'"></div><div class="row">
Folder c JAVA books::<br>
<input class="enter" name="jpath" type="text" value="'.$setup['jpath'].'"></div><div class="row">
Folder c ZIP Books:<br>
<input class="enter" name="zpath" type="text" value="'.$setup['zpath'].'"></div><div class="row">
Folder co screenshots so:<br>
<input class="enter" name="tpath" type="text" value="'.$setup['tpath'].'"></div><div class="row">
Folder co screenshots video::<br>
<input class="enter" name="vpath" type="text" value="'.$setup['vpath'].'"></div><div class="row">
Folder for narezok:<br>
<input class="enter" name="mp3path" type="text" value="'.$setup['mp3path'].'"></div><div class="row">
Limit narezok (MB)<br>
<input class="enter" name="limit" type="text" value="'.$setup['limit'].'"></div><div class="row">
Limit comments to one file:<br>
<input class="enter" name="klimit" type="text" value="'.$setup['klimit'].'"></div><div class="row">
Files to the default page:<br>
<select class="enter" size="1" name="onpage">
<option '.sel(10,$setup['onpage']).'>10</option>
<option '.sel(15,$setup['onpage']).'>15</option>
<option '.sel(20,$setup['onpage']).'>20</option>
<option '.sel(25,$setup['onpage']).'>25</option>
<option '.sel(30,$setup['onpage']).'>30</option>
</select></div><div class="row">
Predosmotr default:<br>
<select class="enter" size="1" name="prew">
<option value="1" '.sel(1,$setup['prew']).'>Enabled</option>
<option value="0" '.sel(0,$setup['prew']).'>disabled</option>
</select></div><div class="row">
Prevyushek Size (width * height, the sign "*" is required!):<br>
<input class="enter" name="prev_size" type="text" value="'.$setup['prev_size'].'"></div><div class="row">
Marker images:<br>
<select class="enter" size="1" name="marker">
<option value="0" '.sel(0,$setup['marker']).'>disabled</option>
<option value="1" '.sel(1,$setup['marker']).'>Enabled</option>
</select></div><div class="row">
Marker text:<br>
<input class="enter" name="text_marker" type="text" value="'.$setup['text_marker'].'"></div><div class="row">
Display expansion:<br>
<select class="enter" size="1" name="ext">
<option value="1" '.sel(1,$setup['ext']).'>Enabled</option>
<option value="0" '.sel(0,$setup['ext']).'>disabled</option>
</select></div><div class="row">
Time of new files (days 0 - off): <br>
<input class="enter" name="day_new" type="text" value="'.$setup['day_new'].'"></div><div class="row">
Available online (sec.):<br>
<input class="enter" name="online_time" type="text" value="'.$setup['online_time'].'"></div><div class="row">
The number of pages, after which you can manually enter the page:<br>
<input class="enter" name="pagehand" type="text" value="'.$setup['pagehand'].'"></div><div class="row">
TOP File Number<br>
<input class="enter" name="top_num" type="text" value="'.$setup['top_num'].'"></div><div class="row">
Message for gifted:<br>
<input class="enter" name="hackmess" type="text" value="'.$setup['hackmess'].'"></div><div class="row">
Sorted by default:<br>
<select class="enter" size="1" name="sort">
<option value="name" '.sel('name',$setup['sort']).'>name</option>
<option value="size" '.sel('size',$setup['sort']).'>size</option>
<option value="data" '.sel('data',$setup['sort']).'>Date</option>
<option value="load" '.sel('load',$setup['sort']).'>popularity</option>
<option value="eval" '.sel('eval',$setup['sort']).'>Rating</option>
</select></div><div class="row">
Email:<br>
<input class="enter" name="zakaz_email" type="text" value="'.$setup['zakaz_email'].'">
</div><div class="row">
Title: <br>
<input class="enter" name="zag" type="text" value="'.$setup['zag'].'">
</div><div class="row">
Home Site:<br>
<input class="enter" name="site_url" type="text" value="'.$setup['site_url'].'"><br><br>
<input class="buttom" type="submit" value="Save">
</div></form>
</form>';
}
else
{
if($_POST['password'] OR $_POST['delete_dir'] OR $_POST['delete_file']){
die($hackmess.'</body></html>');
}
foreach($_POST as $key=>$value){
if(!isset($value) or $value=='') die('Не заполнено одно из полей.');
mysql_query("DELETE FROM `setting` WHERE `name`='".$key."'");
mysql_query("INSERT INTO `setting`(`name`,`value`) VALUES( '".$key."', '".clean($value)."');");
//print mysql_error();
}
echo 'Your preferences have been saved';
}
break;
}
#####################################sock###############################################
if($_GET['action']){
echo '<div class="row"><a href="apanel.php"> admin</a></div>';
}
echo '<hr noshade size="1" class="hr">'.round(microtime(true)-$HeadTime,4).' sec.<br></body></html>';
?>