View file file.php

<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';

only_reg();

$set['title']='Catatan - File';
include_once '../sys/inc/thead.php';
title();
aut();

///////////////////////////////////////////////////////

if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php?".SID);exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_list` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1",$db), 0)==0){header("Location: index.php?".SID);exit;}
$blog=mysql_fetch_array(mysql_query("select * from `blog_list` where `id`='".intval($_GET['id'])."';"));

if (($user['level'] < 4) && ($user['id'] !=$blog['id_user']))
{
$set['title']='Kesalahan';
include_once '../sys/inc/thead.php';
title();
aut();
echo "Anda tidak berhak untuk menambah file dalam catatan!";
$smarty = new Smarty_conf();
$menu=array();
$menu[]=array("/blog/index.php","Semua catatan");
$smarty->assign('menu',$menu);
$smarty->assign('menu_title','Navigasi');
$smarty->display('links.links.tpl');
include_once '../sys/inc/tfoot.php';
exit();
}



if (isset($user) && isset($_GET['add']) && isset($_FILES['file_f']) && ereg('\.', $_FILES['file_f']['name']) && isset($_POST['file_s']))
{

$file=esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name'])));
$name=eregi_replace('\.[^\.]*$', NULL, $file); // имя файла без расширения
$ras=strtolower(eregi_replace('^.*\.', NULL, $file));
$tmp_name=$_FILES['file_f']['tmp_name'];
$size=filesize($_FILES['file_f']['tmp_name']);
$type=$_FILES['file_f']['type'];


mysql_query("INSERT INTO `blog_files` (`id_blog`, `name`, `ras`, `size`, `type`) values('".intval($_GET['id'])."', '".$name."', '".$ras."', '".$size."', '".$type."')");
$file_id=mysql_insert_id();
copy($_FILES['file_f']['tmp_name'], H.'blog/files/'.$file_id.'.frf');


msg('File berhasil ditambahkan!');

}
elseif (isset($_GET['del']) && is_file(H.'blog/files/'.intval($_GET['del']).'.frf') && mysql_result(mysql_query("SELECT COUNT(*) FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' && `id_blog` = '".intval($_GET['id'])."'"),0))
{
mysql_query("DELETE FROM `blog_files` WHERE `id` = '".intval($_GET['del'])."' LIMIT 1");
unlink(H.'blog/files/'.intval($_GET['del']).'.frf');
msg('File berhasil dihapus!');
}



err();
$q_f=mysql_query("SELECT * FROM `blog_files` WHERE `id_blog` = '".intval($_GET['id'])."'");




$listing = new Smarty_conf();
$posts=array();

while ($file = mysql_fetch_assoc($q_f))
{


$posts[]=array('title'=>"   <img src='/style/icons_files/file.png' alt='file' />  
<a href='files.php?id=$file[id]'>$file[name]$ras</a> (".size_file($file['size']).")
<a href='?id=".intval($_GET['id'])."&amp;del=$file[id]' title='Hapus file'>[<font color='#ff0000'><b>x</b></font> hapus]</a>
<br />
Didownload: $file[count] kali(а) 

");






}

$listing->assign('post',$posts);
$listing->display('body.conlentlist.tpl');



$smarty = new Smarty_conf();
$smarty->assign('form_title','Tambahkan file');
$smarty->assign('method','POST');
$smarty->assign('files',1); // выгрузка файлов
$smarty->assign('action',"file.php?id=".intval($_GET['id'])."&amp;add");
$elements=array();
$elements[]=array('type'=>'file', 'br'=>1, 'info'=>array('name' => 'file_f'));
$elements[]=array('type'=>'submit', 'br'=>0, 'info'=>array('name'=> 'file_s', 'value'=>'Upload')); // кнопка
$smarty->assign('el',$elements);
$smarty->display('input.form.tpl');


$smarty = new Smarty_conf();
$menu=array();
$menu[]=array("/blog/list.php?id=".intval($_GET['id'])."",'Ke catatan');
$menu[]=array('/blog/index.php','Semua catatan');
$smarty->assign('menu',$menu);
$smarty->assign('menu_title','Navigasi');
$smarty->display('links.links.tpl');

include_once '../sys/inc/tfoot.php';

?>