Rype Uploads - objects.php (methods)

<?php

//////////////////////////
//  phuct uploads       //
//  objects.php         //
//////////////////////////

class database {

    function connect()
        {

        // if   ( $_SERVER["REMOTE_ADDR"] == "127.0.0.1" )  { $domain = "localhost"; }
        //else{
        //$domain = "mysql.rypedesigns.com";
        //}

        $dbuser = "rypesrealm";
        $dbpass = "password!";
        $dbname = "rypesrealm";
        $dbhost = "mysql.rypesrealm.com";

        $this->id = mysql_connect($dbhost, $dbuser, $dbpass) or die("<br />Failed onConnect(DB); printing report..<br />" . mysql_error());

        mysql_select_db($dbname, $this->id) or die ("<br />Failed onSelect('{$dbname}'); printing report..<br />" . mysql_error());

        return $this->id;

        } // end connect()

    function query($query_inp, $results = false, $result_name = false)
        {

            global $DB;

            if  ( $this->qcount == 0 || $this->qcount == false ){

                $this->qcount = 1;

                } else {

                ++$this->qcount;

                }

            $result = @mysql_query($query_inp, $this->id);


            if  ( $result !== false && $result !== NULL ){

                $this->error = NULL;
                $this->last_query = $query_inp;

                if  ( !isset($result_name) || $result_name == false ){
                      $this->result = $result; }

                else{ $this->$result_name = $result; }

                if  ( $results == true || $results == "1" ){    $result_count = 0;

                    $this->count_query = preg_replace('/LIMIT(\s*)(\d*\s*,)?(\s*)(\d*)/', '', $query_inp);
                    $count_result = @mysql_query($this->count_query, $this->id);

                    while   ( $row = mysql_fetch_row($count_result) )
                            { $result_count++; }

                    $this->results = $result_count;
                    return @mysql_query($query_inp, $this->id);

                    } else {

                    return true;

                    }

                } else {

                $this->error = mysql_error();
                $this->last_query = $query_inp;

                 return $this->result = false;

                }

        } // end query


} // end DB

$DB = new database();
$DB->connect();

class user {

}

$user = new user();

class prescripts{

    function logout(){

    setcookie("id", '', time()+1, "/uploads", "rypesrealm.com");
    setcookie("username", '', time()+1, "/uploads", "rypesrealm.com");
    setcookie("password", '', time()+1, "/uploads", "rypesrealm.com");
    setcookie("time", '', time()+1, "/uploads", "rypesrealm.com");
    unset($_SESSION);

    }

    function login(){

    global $DB, $user;

    if  ( $_POST['username'] && $_POST['password'] ){

            $username = $_POST['username'];
            $password = md5($_POST['password']);

            $DB->query("SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'");
            $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
            $row_id = $user_row['id'];
            $row_username = $user_row['username'];
            $row_password = $user_row['password'];

            if  ( $DB->error == NULL && $user_row !== false && $password == $row_password  ){

                if  ( $_POST['setcookie'] == "true" ){

                    setcookie("id", $row_id, time()+3600, "/uploads", "rypesrealm.com");
                    setcookie("username", $row_username, time()+3600, "/uploads", "rypesrealm.com");
                    setcookie("password", $row_password, time()+3600, "/uploads", "rypesrealm.com");
                    setcookie("time", time(), time()+3600, "/uploads", "rypesrealm.com");

                    }

                // $GLOBALS['user']['id'] = $id;
                // $GLOBALS['user']['name'] = $username;
                // $GLOBALS['user']['password'] = $password;
                // $GLOBALS['user']['logged_in'] = true;

                $user->id = $id;
                $user->username = $username;
                $user->password = $password;
                $user->logged_in = true;

                $_SESSION['id'] = $id;
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $password;

                return true;

                } else {

                unset($_SESSION);
                $user->logged_in = false;

                return false;

                }

        }

    }

     function verify_user($id = false, $password = false){

        global $user, $DB;

        if  ( $this->setcookie >= 1 ) return false;
        $setcookie = false;     //FIX THIS addslashes($_POST);

    /*  if  ( isset($id) && isset($password) && $id !== false && $password !== false ){

            $column = "id";
            $id = $id;
            $password = md5($password);

            } else {
    */
            if  ( isset($_COOKIE['id']) && isset($_COOKIE['password']) ){

                $column = "id";
                $id = $_COOKIE['id'];
                $password = $_COOKIE['password'];

                } elseif ( isset($_POST['username']) && isset($_POST['password']) ) {

                $setcookie = true;
                $column = "username";
                $id = $_POST['username'];
                $password = md5($_POST['password']);

                } else {

                return false;

                }


        //  }


            $DB->query("SELECT * FROM `phuct_users` WHERE `{$column}` = '{$id}' AND `password` = '{$password}'");
            $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
            $id = $user_row['id'];
            $username = $user_row['username'];
            $password = $user_row['password'];

            if  ( $DB->error == NULL && $user_row !== false && $password == $_COOKIE['password'] ){

                $user->id = $id;
                $user->username = $username;
                $user->password = $password;
                $user->logged_in = true;

                $_SESSION['id'] = $id;
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $password;

                return true;

                } else {

                unset($_SESSION);
                $user->logged_in = false;

                return false;

                }

     }


    function verify($parameters = false){

    global $root, $DB, $modules;

    if  ( !isset($_COOKIE['id']) || !isset($_COOKIE['password']) ){

        $modules->user_forms();

        }

    }

    function send_login(){

    global $DB, $user;

    if  ( $_POST['username'] && $_POST['password'] ) {

        $password = md5($_POST['password']);
        addslashes($_POST);
        $username = $_POST['username'];
        $page = $_POST['page'];
        if  ( $_POST['previous_page'] ){ $pagelink = $_POST['previous_page']; } else { $pagelink = $page; }

        $query = "SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'";

        $DB->query($query);
        $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
        $id = $user_row['id'];

    //  if ( $pre_header == false || !isset($pre_header) ) return;

        if  ( $DB->error == NULL && $user_row !== false ){

            setcookie("id", $id);
            setcookie("username", $username);
            setcookie("password", $password);

            $this->id = $id;
            $this->username = $username;
            $this->password = $password;

            $_SESSION['id'] = $id;
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;

            return;

            }

        }

    }

    function download_file($file_id = false){

    global $user, $DB, $root;

    if  ( isset($_GET['file_id']) && is_numeric($_GET['file_id']) ) { $file_id = $_GET['file_id']; }
    else{ $file_id = $file_id; }

    $DB->query("SELECT * FROM `phuct_uploads` WHERE `id` = {$file_id} LIMIT 1");
    $error = $DB->error;

    $file = mysql_fetch_array($DB->result);
        $file_dls = $file['downloads'] + 1;
        $DB->query("UPDATE `phuct_uploads` SET `downloads` = '{$file_dls}' WHERE `id` = '{$file['id']}' AND `username` = '{$file['username']}' LIMIT 1");

    $filename = $file['filename'];
    $file_url = "http://www.rypesrealm.com/uploads/uploads/" . $filename;
    $file_path = $root . "uploads/" . $filename;

    if  ( !isset($error) && $filename ){

        $this->file_url = $file_url;
        dl_file($file_path);

        }

    }

} // end prescripts()

$prescripts = new prescripts();


class secure_modules{


    function login(){

    global $user, $DB, $modules, $secure_modules;

    if  ( $user->logged_in !== true )
        { return $modules->user_forms(); }
    else{ return $this->my_account(); }

    }


    function remove_file(){

    global $DB, $user, $modules, $root;

    $id = $_GET['id'];

    if  ( is_numeric($id) ){

        $DB->query("SELECT * FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}'", '1');

        if  ( !isset($DB->error) && isset($DB->results) && $DB->results >= 1 ){

            $row = mysql_fetch_array($DB->result, MYSQL_ASSOC);
            $DB->query("DELETE FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}' LIMIT 1");
            $filepath = $root . "uploads/" . $row['filename'];
            // print_r($row);
            // $query = "DELETE FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}' LIMIT 1";

            if  ( !isset($DB->error) && file_exists($filepath) )
                    { unlink($filepath);
                      echo "<h2>success!</h2>" . $row['filename'] . " removal complete.";   }

            else{ echo "<h2>error!</h2>failed to delete " . $row['filename'] . "!<br />" . $DB->error; }

            } else {

            echo "<h2>error!</h2>" . $row['filename'] . " (id = $id) is either not owned by you, or doesn't exist.";

            }

        }

    }

    function upload(){

    global $user, $DB, $modules, $root;

    if  ( $user->logged_in !== true ) return $modules->user_forms();

    //$file = $root . "frontend/upload_form.php";
    // return str_replace('replaceme', $user->username, read_file($file));

    include($root . 'frontend/upload_form.php');


    }


    function upload_handler(){

    global $DB, $user, $functions, $root;

    if  ( $user->logged_in !== true ) return $this->user_forms();

    echo "<div align=\"center\" style=\"width: {$GLOBALS['content_width']}\"><br /><br />";

    foreach ( $_POST as $key => $val ){

            $_POST[$key] = addslashes($val);

            }

    if  ( isset($_POST['title']) && $_POST['title'] !== "file title" )
            { $title = $_POST['title']; }

    else{ $title = pathinfo($_FILES['uploaded_file']['name']);
            $title = $title['filename']; }

    $username = $_POST['username'];
    $fileinfo = pathinfo($_FILES['uploaded_file']['name']);
    $extension = $fileinfo['extension'];
    $filename = preg_replace('~..~', '', $fileinfo['filename']);
    $filename = preg_replace('~./~', '', $fileinfo['filename']);
    $filename = $filename . "." . $fileinfo['extension'];
    $temp_file = $_FILES['uploaded_file']['tmp_name'];
    $file_home = $root . "uploads/" . basename($filename);

    $uploads_folder = $root . "uploads/";
    $thumbnail_folder = $root . "uploads/thumbnails/";

    $exists = file_exists($file_home);

    if  ( isset($_FILES['uploaded_file']['name']) && $exists == false ){

        $query = "INSERT INTO `phuct_uploads` (`uid`, `username`, `title`, `filename`, `extension`) VALUES ('" . $user->id . "', '{$username}', '{$title}', '{$filename}', '{$extension}')";
        $DB->query($query);

        if  ( !isset($DB->error) && move_uploaded_file($temp_file, $file_home) ){

            if  ( file_exists($thumbnail_folder . $filename) !== true && $extension == "jpeg" || $extension == "jpg" || $extension == "gif" || $extension == "png" || $extension == "bmp" ) {

                $functions->image->load($uploads_folder . $filename);
                $functions->image->resizeToWidth(220);
                $functions->image->save($thumbnail_folder . $filename);

                }

            echo  "<h4 class=\"folder_box\"><span class=\"folder_name\">action complete</span></h4><h2>upload successful</h2>{$filename} has been uploaded to <a href=\"uploads/" . rawurlencode($filename) . "\">uploads/{$filename}</a>";

            } else {

            echo  "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>there was an error executing the SQL query: " . $DB->error;

            }

        }

    elseif  ( $_FILES['uploaded_file']['name'] == NULL ){ echo  "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>you haven't selected a file!";    }
    else    { echo  "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>upload failed: {$filename} -> {$file_home} already exists on the server!";    }

    echo "</div>";

    return;

    } // end upload_handler()


    function my_account($parameters = false){


    global $root, $DB, $user;

    if  ( $user->logged_in !== true )
        { return $this->login(); }

    $DB->query("SELECT SUM(`downloads`) FROM `phuct_uploads` WHERE `uid` = {$user->id}");

    $total_downloads = mysql_fetch_array($DB->result);
    $total_downloads = $total_downloads["SUM(`downloads`)"];


    echo    "
            <div align=\"center\" style=\"text-align: left; width: ".$GLOBALS['content_width']."\">

                <br />

                <h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\">my account</span></h4>
                <h2 style=\"border-top: 1px solid #004477; border-left: 0px solid #004477; padding-left: 0px; margin-bottom: 4px; padding-bottom: 0px\"><a href=\"?act=browse&subact=search&subinput={$user->username}\" class=\"light_bloo\">{$user->username}</a> -- logged in as</h2>

                <a href=\"?act=logout\" class=\"orange\">Logout</a>

                <h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\" style=\"margin-left: 64px\">my stats</span></h4>

                <div align=\"center\" class=\"folder\" style=\"text-align: left; border-top: 1px solid #004477; border-left: 0px solid #004477\" width=\"1%\">

                    <b>total downloads: {$total_downloads} <br />
                    uploads: 24 <br />
                    average rating: n/a

                </div>

            ";

    $DB->query("SELECT * FROM `phuct_uploads` WHERE `uid` = '{$user->id}' AND `username` = '{$user->username}'");

    if  ( !isset($DB->error) ){

        echo '
                <br />

                <h4 class=\"folder_box\" style="padding-bottom: 0px; text-align: left"><span class="folder_name" style="margin-left: 96px">my uploads</span></h4>

                <div align="center" style="text-align: left; margin-left: 0px; padding-left: 0px; padding-top: 8px; border-top: 1px solid #004477; border-left: 0px solid #004477" width="1%">

                <table cellspacing="1" cellpadding="4" width="100%" style="background-color: transparent; text-align: left" align="center">

                    <tr>
                            <td class="bloo_bar" width="1%">ID</td>
                            <td class="bloo_bar">Title</td>
                            <td class="bloo_bar">Filename</td>
                            <td class="bloo_bar" width="1%">DLs</td>
                            <td class="bloo_bar" width="1%">Delete</td>
                    </tr>

            ';

        while   ( $row = mysql_fetch_array($DB->result, MYSQL_ASSOC) ){

                echo "<tr>
                        <td class=\"row3\" style=\"padding: 8px\">{$row['id']}</td>
                        <td class=\"row2\" style=\"padding: 8px\"><a href=\"uploads/{$row['filename']}\" class=\"light_bloo\" style=\"font-weight: normal\">{$row['title']}</a></td>
                        <td class=\"rowHover2\" style=\"padding: 8px\"><a href=\"uploads/{$row['filename']}\" class=\"light\" style=\"font-weight: normal\">{$row['filename']}</a></td>
                        <td class=\"row3\" style=\"padding: 8px\">{$row['downloads']}</td>
                        <td class=\"row3\" style=\"padding: 8px\">[ <a onClick=\"confirm_delete('{$row['filename']}', 'index.php?secure_act=remove_file&id={$row['id']}', 'void')\" href=\"javascript:void(0)\" class=\"orange\">X</a> ]</td>
                      </tr>
                     ";

                }

        echo "
        </table>

        <br /><br />

        </div>

        </div>
        ";

        }

    }

}

$secure_modules = new secure_modules();

class modules {

    function login(){

    global $user;

    if  ( $user->logged_in == true ){

        echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">
              <h4 class=\"folder_box\"><span class=\"folder_name\">action complete</span></h4>
              <h2>login successful</h2>
              you are logged in as {$user->username}!
              <br />
              you can now access <a href=\"?secure_act=my_account\">your account</a>.
              </div>
              ";

        } else {

        echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">
              <h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4>
              <h2>login failed</h2>
              your username or password is incorrect.
              </div>
              ";

        }

    }

    function logout(){

    echo
    '
    <div align="center" style="width: '.$GLOBALS['content_width'].'">

        <br /><br />

        <h4 class="folder_box"><span class="folder_name">action successful</span></h4>
        <h2>logged out</h2>

        you\'ve been successfully logged out.

    </div>
    ';

    return;

    }


    function register(){

    global $DB, $user;

    echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">";

    if  ( isset($_POST['username']) && isset($_POST['password']) && $_POST['password'] == $_POST['password_check'] ) {

        $password = md5($_POST['password']);
        addslashes($_POST);
        $username = $_POST['username'];
        $time = time();

        $query = "INSERT INTO `phuct_users` (`username`, `password`, `date_joined`) VALUES ('{$username}', '{$password}', '{$time}')";

        $DB->query($query);

        if  ( $DB->error == NULL ){

            echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action successful</span></h4><h2>registration complete</h2>your username: {$username} <br><br> you can now <a href=\"?secure_act=my_account\">login</a>.</a></div>";
            return;

            } else {

            echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4><h2>registration error</h2>" . $DB->error . "</div>";
            return;

            }

        } else {

        echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4><h2>registration unsuccessful</h2>there was a problem with your registration.</div>";
        return;

        }

    } // end register();


    function memberlist($parameters = false){

    global $DB, $user;

    echo
    '
    <div align="center" style="text-align: left; width: '.$GLOBALS["content_width"].'">

    <br />
    ';

    $margins[0] = "32px";
    $margins[1] = "64px";
    $margins[2] = "96px";
    $margins[3] = "128px";
    $i = 0;

    $DB->query('SELECT * FROM `phuct_users`');
    $new_result = $DB->result;

    while   ( $row = mysql_fetch_array($new_result, MYSQL_ASSOC) ){

            $date = date('m.d.y', $row['date_joined']);
            $DB->query("SELECT COUNT(*) FROM `phuct_uploads` WHERE `uid` = '".$row['id']."'");
            $uploads = mysql_fetch_row($DB->result);
            $uploads = $uploads[0];

            $DB->query("SELECT SUM(`downloads`) FROM `phuct_uploads` WHERE `uid` = {$row['id']}");
            $total_downloads = mysql_fetch_array($DB->result);
            $total_downloads = $total_downloads["SUM(`downloads`)"];

            echo "<h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\" style=\"margin-left: {$margins[$i]}\">member [#{$row['id']}]</span></h4>";
            // echo '<h4>joined on '.$date.'</h4>';
            echo '<h2 style="margin-bottom: 4px">'.$row['username'].'</h2>';
            echo 'uploads: ' . $uploads . '<br />';
            echo 'downloads: ' . $total_downloads . '<br />';
            echo 'joined: ' . $date. '<br />';
            echo '<br /><br />';

            if  ( ++$i >= 3 ) $i = 0;

            }

    echo '</div>';

    }

    function list_files(){

    global $root;

    $files = scan_dir($root);

    print_r($files);

    if  ( $files == false ) echo $root . "uploads/  could not be scanned!";

    foreach ( $files as $key => $val ){

        echo "$key => $val<br />";

        }

    }

    function browse($parameters = false){

    global $root, $DB;

    require($root . "backend/modules/browse.php");
    return;

    }

    function browser($parameters = false){

    global $root, $DB;

    if      ( isset($_GET['file_type']) ) { $viewing = $_GET['file_type'] . "s"; }

    elseif  ( $_GET['subact'] == "search" && isset($_GET['subinput']) ) { $viewing = "% ".$_GET['subinput']." %"; }

    else    { $viewing = "everything"; }

    $file_types["program"]["0"] = "exe";
    $file_types["program"]["1"] = "msi";
    $file_types["program"]["2"] = "zip";
    $file_types["program"]["3"] = "rar";

    $file_types["image"]["0"] = "jpeg";
    $file_types["image"]["1"] = "jpg";
    $file_types["image"]["2"] = "gif";
    $file_types["image"]["3"] = "bmp";
    $file_types["image"]["4"] = "png";

    $file_types["audio"]["0"] = "mp3";
    $file_types["audio"]["1"] = "wma";

    $file_types["video"]["0"] = "wmv";
    $file_types["video"]["1"] = "mpeg";
    $file_types["video"]["2"] = "mpg";
    $file_types["video"]["3"] = "avi";
    $file_types["video"]["4"] = "mk4";
    $file_types["video"]["5"] = "mp4";


    $DB->query('SELECT DISTINCT `extension` FROM `phuct_uploads` ORDER BY `extension`');
    $i = 0;

    while   ( $row = mysql_fetch_row($DB->result) ){
                $file_extensions["$i"] = $row[0];
                $i++;
            }

    $sort_menu = sort_by_menu($file_types);
    $type_links = file_type_links($file_types);

    if  ( !isset($_GET['subinput']) ) {

        $search_string = "ex: rype";

    } else {

        $search_string = $_GET['subinput'];

    }

    echo "
    <div align=\"center\">

    <br />

    <table cellspacing=\"0\" cellpadding=\"0\" style=\"width: 100%; border-bottom: 6px solid #0085CC\">

    <tr>

        <td valign=\"bottom\" style=\"vertical-align: bottom; padding: 0px 0px 0px 0px; border-bottom: 6px solid #0085CC\">

            <form action=\"\" method=\"GET\">

            <input type=\"hidden\" name=\"subact\" value=\"search\">
            <input type=\"hidden\" name=\"act\" value=\"browse\">

            <h4 class=\"folder_box\" style=\"margin-bottom: 0px; border-bottom: 0px solid #050505; border-color: #0085CC\"><span class=\"folder_name\" style=\"width: 300px; border-color: #0085CC; margin-left: 15%; margin-bottom: 0px\"><input type=\"text\" name=\"subinput\" value=\"{$search_string}\" maxlength=\"24\" size=\"16\" onClick=\"this.value=''\" style=\"height: 100%; padding: 5px\"><input type=\"submit\" value=\"Search\" style=\"height: 100%; padding: 5px\"></span><span class=\"folder_name\" style=\"border-color: #0085CC; margin-right: 0px; margin-bottom: 0px\">viewing <font color=\"#CCCCCC\">{$viewing}</font></span></h4>

            <!-- <h2 style=\"margin-bottom: 0px; padding: 0px; border-top: 0px solid #0085CC; font-size: 1px; line-height: 1px\"></h2> -->

            </form>

        </td>
        <td style=\"width: 250px; padding: 0px 0px 0px 0px; border-bottom: 6px solid #0085CC\">

            <h4 class=\"folder_box\" style=\"margin-bottom: 0px; border-bottom: 0px solid #050505; border-color: #0085CC\"><span class=\"folder_name\" style=\"border-color: #0085CC; margin-left: 15%; margin-bottom: 0px\">info panel</span></h4>
            <h2 style=\"margin-bottom: 0px; padding: 0px; border-top: 0px solid #0085CC; font-size: 1px; line-height: 1px\"></h2>

        </td>

    </tr>

    <tr>

        <td style=\"width: auto; background-color: #212426; padding: 0px 0px 0px 0px; vertical-align: top\" valign=\"top\">

    ";

    $parameters = $_GET;
    $parameters['order_by'] = $_GET['order_by'];
    $parameters['order_dir'] = $_GET['order_dir'];
    $order_by_value =& $parameters['order_by'];

    $field_columns[0] = "id";
    $field_columns[1] = "username";
    $field_columns[2] = "filename";
    $field_columns[3] = "rating";
    $field_columns[5] = "extension";
    $field_columns[6] = "size";
    $field_columns[7] = "date";

    $results_per_page = 40;
    $field_columns = array_flip($field_columns);

    if  ( $order_by_value == NULL || $order_by_value == "" ) $order_by_value = "id";

    if  ( $_GET['page'] && is_numeric($_GET['page']) ){
    $parameters['page'] = $_GET['page']; $query_start = (( $parameters['page'] - 1 ) * $results_per_page + 1); }
    else{ $query_start = 0; }

    if   ( $parameters['order_dir'] == "ASC" || $parameters['order_dir'] == "DESC" ){ $order_dir = $parameters['order_dir']; }
    else { $order_dir = "DESC"; }

    if  ( $parameters['order_by'] ) { $order_by = "ORDER BY `{$parameters['order_by']}` {$order_dir}"; }
    else{ $order_by = "ORDER BY `id` {$order_dir}"; }

    if  ( $parameters['subact'] == "search" && strlen($parameters['subinput']) >= 2 ){

        //$DB->query("SELECT COUNT(*) FROM `phuct_uploads` WHERE `username` LIKE '%{$parameters['subinput']}%' OR `filename` LIKE '%{$parameters['subinput']}%' {$order_by}");
        //$sql_results = mysql_fetch_row($DB->result);
        //$sql_results = $sql_results[0];
        $DB->query("SELECT * FROM `phuct_uploads` WHERE `username` LIKE '%{$parameters['subinput']}%' OR `filename` LIKE '%{$parameters['subinput']}%' OR `title` LIKE '%{$parameters['subinput']}%' {$order_by} LIMIT {$query_start}, {$results_per_page}", true);

        } elseif ( isset($file_types["{$parameters['file_type']}"]) || isset($parameters['extension']) && strlen($parameters['extension']) >= 1 ){

        //$DB->query("SELECT COUNT(*) FROM `phuct_uploads` WHERE `{$parameters['subact']}` = {$parameters['subinput']} {$order_by}");
        //$sql_results = mysql_fetch_row($DB->result);
        //$sql_results = $sql_results[0];

        $extension_count = count($file_types["{$parameters['file_type']}"]);
        $query_conditionals = "WHERE";
        $or = " OR";
        $i = 1;


        foreach ( $file_types["{$parameters['file_type']}"] as $key => $val ){

                $query_conditionals .= " `extension` = '{$val}'{$or}";

                if  ( ++$i == $extension_count ) $or = "";

                }

        $DB->query("SELECT * FROM `phuct_uploads` {$query_conditionals} {$order_by} LIMIT {$query_start}, {$results_per_page}", true);

        } else {

        //$DB->query("SELECT COUNT(*) FROM `phuct_uploads` {$order_by}");
        //$sql_results = mysql_fetch_row($DB->result);
        //$sql_results = $sql_results[0];
        $DB->query("SELECT * FROM `phuct_uploads` {$order_by} LIMIT {$query_start}, {$results_per_page}", true);

        }

    // echo $DB->last_query;

    $page_links = 10;
    $pages = ( $sql_results / $results_per_page ) + 1;
    $i = 1;

    if  ( strpos($pages, '.') !== false ){

        $dec_pos = strpos($pages, '.');
        $pages = substr($pages, 0, $dec_pos);

        }

    $pages_str = "<a href=\"?" . http_edit_query("page", $i) . "\" class=\"orange\">{$i}</a>";
    $i++;

    while   ( $i <= $pages ){

            $pages_str .= ", <a href=\"?" . http_edit_query("page", $i) . "\" class=\"orange\">{$i}</a>";
            if  ( $i >= $page_links ) break;
            $i++;

            }

    if  ( $i < $pages ) $pages_str .= " .. <a href=\"?" . http_edit_query("page", $pages) . "\" class=\"orange\">{$pages}</a>";

    // $results = '. $sql_results .' $pages = '. $pages .' $pages_str = '. $pages_str .' $query_start = '. $query_start.'

    $order_classes["id"]        = "bloo_bar";
    $order_classes["username"]  = "bloo_bar";
    $order_classes["filename"]  = "bloo_bar";
    $order_classes["rating"]    = "bloo_bar";
    $order_classes["extension"]= "bloo_bar";
    $order_classes["size"]      = "bloo_bar";
    $order_classes["date"]      = "bloo_bar";

    $order_classes["$order_by_value"] = "orange_bar";

    echo    '

        <table cellpadding="0" cellspacing="1" style="margin: 0px 0px 0px 0px; padding: 0px 0px 0px 0px; background-color: #090909; color: #CCCCCC" width="100%" height="100%">
            <!--
            <tr>

                <td colspan="8" class="row1" style="height: 30px; vertical-align: middle; text-align: center; font-weight: bold; font-family: Arial, Tahoma, Verdana; middle; padding: 4px; font-size: 14px">

                browsing '. $DB->results .' results over '. $pages .' page(s) : '.$pages_str.'
                <div id="previewDiv" align="center" style="background-color: transparent; display: none"> </div>

                </td>

            </tr>
            -->
        ';

        $i = 1;
        $row_i = 1;
        $col_i = 1;


        if  ( $parameters["view"] == "list" ) {


        echo '

            <tr>

                <td class="'.$order_classes["id"].'" style="text-align: center" width="3%"><a href="?'. http_edit_query("order_by", "id") .'" class="black">id</a></td>
                <td class="'.$order_classes["username"].'"><a href="?'. http_edit_query("order_by", "username") .'" class="black">username</a></td>
                <td class="'.$order_classes["filename"].'"><a href="?'. http_edit_query("order_by", "filename") .'" class="black">filename</a></td>
                <td class="'.$order_classes["rating"].'" style="width: 200px"><a href="?'. http_edit_query("order_by", "rating") .'" class="black">rating</a></td>
                <td class="'.$order_classes["extension"].'" style="width: 10%"><a href="?'. http_edit_query("order_by", "extension") .'" class="black">ext</a></td>
                <td class="'.$order_classes["size"].'" style="width: 10%"><a href="?'. http_edit_query("order_by", "size") .'" class="black">size</a></td>
                <td class="'.$order_classes["date"].'" style="width: 10%"><a href="?'. http_edit_query("order_by", "date") .'" class="black">date</a></td>

            </tr>

            ';

            while   ( $row = mysql_fetch_array($DB->result, MYSQL_ASSOC) ){

                    $i = $query_start + 1;
                    $style = 1;

                    if  ( $style >= 3 ) $style = 1;

                    $style_str = "row" . $style;

                    $size = size($row['size']);
                    $rating = 100 - $row['rating'];
                    $bar_width = 100 - $row['rating'];
                    $rating_width = $row['rating'];


                    $cell_styles[0] = $style_str;
                    $cell_styles[1] = $style_str;
                    $cell_styles[2] = $style_str;
                    $cell_styles[3] = $style_str;
                    $cell_styles[4] = $style_str;
                    $cell_styles[5] = $style_str;
                    $cell_styles[6] = $style_str;
                    $cell_styles[7] = $style_str;


                    $selected_column = $field_columns["$order_by_value"];

                    if  ( $row['rating'] == "9999" ) { $rating = NULL; $bar_width = 0; $rating_width = "98"; }

                    if  ( $selected_column !== NULL ) $cell_styles["$selected_column"] = "row3";

                    // echo $selected_column . " - " . ${2} . $$selected_column;

                    $col_i = 0;


                    echo    "

                    <tr class=\"rowHover{$style}\">

                        <td class=\"{$cell_styles[$col_i++]}\" align=\"center\" style=\"padding-right: 4px\">{$i}</td>
                        <td class=\"{$cell_styles[$col_i++]}\"><a href=\"?act=browse&subact=search&subinput={$row['username']}\" class=\"orange\">". $row['username'] ."</a></td>
                        <td class=\"{$cell_styles[$col_i++]}\"><a href=\"?act=replayer&rid={$row['rid']}\">". $row['filename'] ."</td>
                        <td class=\"{$cell_styles[$col_i++]}\" style=\"padding: 0px 8px 0px 6px; text-align: center\" align=\"center\"><div align=\"right\" style=\"white-space: nowrap; background-image: url('images/tile_rating.gif'); background-position: center; background-repeat: repeat-x; background-color: #252525; padding: 0px; border: 1px solid #202020; width: 100%; text-align: right; height: 11px\"><div align=\"right\" style=\"white-space: nowrap; height: 100%; line-height: 100%; width: 100%; background-image: url('images/rating_gradient.gif'); background-repeat: no-repeat; background-position: center right; text-align: right; padding: 0px; font-size: 11px\">&nbsp;<div style=\"white-space: nowrap; display: inline; height: 100%; line-height: 100%; float: right; background-color: #353539; width: {$rating_width}%\" align=\"right\">&nbsp;</div></div></div></td>
                        <td class=\"{$cell_styles[$col_i++]}\"><a href=\"?act=browse&subact=type&subinput={$row['type']}\">". $row['extension'] ."</a></td>
                        <td class=\"{$cell_styles[$col_i++]}\"><a href=\"?act=browse&subact=level&subinput={$row['level']}\">". $row['size'] ."</a></td>
                        <td class=\"{$cell_styles[$col_i++]}\"><a href=\"?act=browse&subact=game&subinput={$row['game']}\">". $row['date'] ."</a></td>

                    </tr>

                            ";

                    $i++;
                    $style++;


                    }

            } else { // $DB->query("SELECT * FROM `thps_replays` LIMIT 0, 49", true);

            $style_i = 1;
            $styles["1"] = "file_r1";
            $styles["2"] = "file_r2";

            $styles["3"] = $styles["1"];
            $styles["4"] = $styles["2"];

            $width_1 = 1;
            $widths["1"] = "12";
            $widths["2"] = "13";
            $widths["3"] = "12";
            $widths["4"] = "13";

            $cols_per_row = 8;
            $i = 1;

            $title_str_limit = 16;

            echo '


                ';


            while ( $row = mysql_fetch_array($DB->result, MYSQL_ASSOC) ){

                    $style_alt = $style_i + 1;

                    if  ( $col_i == 1 ) { echo "<tr>"; }

                    if  ( $row['title'] == NULL ){  $title = preg_replace('/[\_@\^\%\$\#]/', ' ', pathinfo($row['filename'], PATHINFO_FILENAME)); }
                    else{ $title = $row['title']; }

                    $long_title = $title;

                    if  ( strlen($title) > $title_str_limit ) $title = substr($title, 0, $title_str_limit) . "..";

                    $extension = pathinfo($row['filename']);
                    $extension = $extension['extension'];

                    if  ( $extension == "jpg" || $extension == "jpeg" || $extension == "gif" || $extension == "bmp" || $extension == "png"  ){ $preview_string = "<!-- :: <a onclick=\"previewFile('" . $row['filename'] . "')\" href=\"javascript:void(0)\" class=\"orange\">view</a>-->"; }
                    else{ $preview_string = NULL; }

                    echo "
                    <td onclick=\"showdetails(".$row['id'].")\" align=\"center\" class=\"". $styles["$style_i"] ."\" style=\"text-align: center; font-size: 11px\" width=\"{$widths[$width_i]}%\" onmouseover=\"this.className='". $styles["$style_i"] ."_hover'\" onmouseout=\"this.className='". $styles["$style_i"] ."'\">

                    <a class=\"orange\" href=\"?prescript=download_file&file_id={$row['id']}\" title=\"Save [".$row['filename']."] as..\"><div class=\"filecell\" align=\"center\" style=\"margin-left: auto; margin-right: auto; margin-bottom: 5px; width: 32px; height: 42px; line-height: 42px; vertical-align: middle; background-image: url('images/icon_generic.gif'); background-repeat: no-repeat; color: #404040\">{$i}</div></a>

                    <a class=\"orange\" onclick=\"showDetails(".$row['id'].")\" href=\"javascript::void(0)\" title=\"show details for [".$long_title."]\">" . $title . "</a>{$preview_string}
                    <br /><a class=\"light\" href=\"?act=browse&subact=search&subinput={$row['username']}\">{$row['username']}</a>
                    </td>

                    ";

                    /*
                    <a class=\"orange\" href=\"uploads/{$row['filename']}\" title=\"open [".$long_title."]\" target=\"_blank\">" . $title . "</a>{$preview_string}
                    <br /><a class=\"light\" href=\"?act=browse&subact=search&subinput={$row['username']}\">{$row['username']}</a>
                    </td>
                    */

                    if  ( $col_i == $cols_per_row ) { echo "</tr>"; }

                    if  ( ++$width_i > 2 ) { $width_i = 1; }
                    if  ( ++$style_i > 2 || $col_i == $cols_per_row ) { $style_i = 1; }
                    if  ( $col_i == $cols_per_row ) { $col_i = 0; }

                    $i++;
                    $col_i++;

                    }

            }

        echo '
                <!-- 212426
                <tr style="background-color: #333d42">

                    <td colspan="8" style="background-color: #333d42; height: auto; border: 0px"></td>

                </tr>
                -->

            </table>


        </td>
        <td valign="top" style="width: 220px; background-color: #181818; text-align: left; vertical-align: top; padding: 12px 15px 12px 15px">

         <div id="txtHint"><b>

            <a href="javascript::void(0)" class="white">
                <div align="center" style="background-color: #003366; color: #EEEEEE; border: 2px solid #121212; height 30px; padding: 5px; font-weight: bold; font-size: 16px; font-family: \'Trebuchet MS\', Arial, Tahoma; width: 220px; margin: 8px 0px 8px 0px">

                    <span style="text-align: center; font-size: 14px; width: 100%"><-- select a file to dl</span>

                </div>
            </a>

         </b>

         click on the text title of any file to view it\'s information in this panel.

         </div>


        </td>

    </tr>

</table>

    </div>

            ';

    return;

    }

    function user_forms($parameters = false){

    global $root, $DB;

    //  echo read_file($root . "frontend/user_forms.php");
    require($root . "frontend/user_forms.php");

    }


    function send_login($pre_header = false){

    global $DB, $user;

    if  ( $_POST['username'] && $_POST['password'] ) {

        $password = md5($_POST['password']);
        addslashes($_POST);
        $username = $_POST['username'];
        $page = $_POST['page'];
        if  ( $_POST['previous_page'] ){ $pagelink = $_POST['previous_page']; } else { $pagelink = $page; }

        $query = "SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'";

        $DB->query($query);
        $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
        $id = $user_row['id'];

    //  if ( $pre_header == false || !isset($pre_header) ) return;

        if  ( $DB->error == NULL && $user_row !== false ){

            if  ( $pre_header == true || $pre_header == "1" ){

                setcookie("id", $id);
                setcookie("username", $username);
                setcookie("password", $password);

                return;

                }

            echo "<h2>success!</h2><div align=\"center\">Successfully logged in as {$username}! <br><br> Click <a href=\"?page={$pagelink}\">here</a> to return to ".str_replace("_", " ", $pagelink).".</a></div>";


            } else {

            echo "<h2 class=\"error\">error!</h2><div align=\"center\">Login failed. Please try again.</div>";
            echo $this->user_forms();

            }

        } else {

        echo "<h2 class=\"error\">error!</h2><div align=\"center\">Login failed. Please try again.</div>";
        echo $this->user_forms();

        }

    return;

    } // end send_login();

}

$modules = new modules();

?>