<?php
require_once './inc/func_main.php';
if (is_numeric($_REQUEST['idfile'])) {
if ($usrinfo['right_power']) {
$sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile'];
} else {
$sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile'] . " AND secret=0";
}
$getres = MySQL_Query($sql);
if ($getrec = MySQL_Fetch_Assoc($getres)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $getrec['nazev'] . '";');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . $getrec['size']);
$getf = FOpen('./files/' . $getrec['soubor'], 'r');
FPassThru($getf);
}
}
//Otevření souboru
$fp = FOpen("gbook.txt", "a+");
//Zápis dat do souboru
FWrite($fp, "<div class=\"prispevek\">\n");
FWrite($fp, "<meta name=\"IP\" content=\"" . $_SERVER[REMOTE_ADDR] . "\">\n");
FWrite($fp, "<div class=\"nadpis\">" . $title . "</div>\n");
FWrite($fp, "<div class=\"jmeno\"> vložil: " . $name . " - " . $contact . "</div>\n");
FWrite($fp, "<div class=\"datum\">" . $datum . "</div><br />\n");
FWrite($fp, "<div class=\"text\">\n");
FWrite($fp, $text);
FWrite($fp, "\n</div></div>\n\n");
//Uzavření souboru
FClose($fp);
//Výpisy
echo "<b><font color=\"red\">Příspěvek byl korektně uložen!<br />Vaše IP adresa: " . $_SERVER[REMOTE_ADDR] . " byla uložena!</font></b> <meta http-equiv=\"refresh\" content=\"1\">";
} else {
echo "<b><font color=\"red\" title=\"Nezapomeňte na pole ochrany proti spamu!!!\">Nezapomeňte vyplnit všechna pole!</font></b>";
}
?>
</div>
<?php
//Vypsání celého souboru
$fp = FOpen("gbook.txt", "r+");
FPassThru($fp);
FClose($fp);
?>
</body>
</html>