View file obmen/edit.php

<?php
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';

$set['title']='Фото';
include_once '../sys/inc/thead.php';
title();
aut();

if (isset($_GET['id']))$idi=intval($_GET['id']);
$file_id=mysql_fetch_array(mysql_query("SELECT * FROM `obmennik_files` WHERE `id` = '$idi' LIMIT 1"));
if (user_access('obmen_dir_edit')){

if (isset($user)&&$_POST['name'] && $_POST['opis'] && isset($_GET['act']) && $_GET['act']=='edit' && $l!='/' )
{
if (!isset($err)){
$id['name']=esc(stripcslashes(htmlspecialchars($_POST['name'])));
$id['opis']=esc(stripcslashes(htmlspecialchars($_POST['opis'])));
$id['ras']=esc(stripcslashes(htmlspecialchars($_POST['ras'])));
mysql_query("UPDATE `obmennik_files` SET `name` = '".my_esc($id['name'])."' WHERE `id` = '$file_id[id]' LIMIT 1");
mysql_query("UPDATE `obmennik_files` SET `opis` = '".my_esc($id['opis'])."' WHERE `id` = '$file_id[id]' LIMIT 1");
mysql_query("UPDATE `obmennik_files` SET `ras` = '".my_esc($id['ras'])."' WHERE `id` = '$file_id[id]' LIMIT 1");
header("Location: ?id=$file_id[id]");
}
}
if (isset($user)&&user_access('obmen_dir_edit')&&isset($_GET['act']) && $_GET['act']=='del'  && $l!='/')
{
if (isset($user) && $user['id']!=$file_id['id_user']&& $user['group_access']<7)
header("Location: ?showinfo");
mysql_query("DELETE FROM `obmennik_files` WHERE `id` = '$file_id[id]'");
unlink(H.'sys/obmen/files/'.$file_id['id'].'.dat');
header("Location: ?id=$file_id[id]");
exit;
}
if (isset($user)&& user_access('obmen_file_delete') && $l!='/')
{
echo "<form method='post' action='?id=$file_id[id]&act=edit'>\n";
echo "Имя:<br /><input type='text' name='name' value='$file_id[name]' maxlength='512' /><br />\n";
echo "Описание:<br /><input type='text' name='opis' value='$file_id[opis]' maxlength='99999999999999' /><br />\n";
echo "Формат:<br /><input type='text' name='ras' value='$file_id[ras]' maxlength='99999999999999' /><br />\n";
echo "<input type='submit' name='save' value='Изменить' />\n";
echo "<a href='?showinfo'>Отмена</a><br />\n";
echo "</form>\n";
}

}else echo 'Ты что здесь забыл<br />';
echo "&laquo;<a href='/obmen$id[dir]'>В папку</a><br />\n";
echo "&laquo;<a href='/obmen'>В обменник</a><br />\n";

include_once '../sys/inc/tfoot.php';

?>