annex.php

make project on java

<?php
include'include/begin.php';
$aid = (int)$_GET["aid"];
$yt = 0;
$result = mysql_query("select * from {$db_prefix}annex where id='$aid' && fix='1'", $myconn);
if ($annexs = mysql_fetch_array($result)) {

    $tid = $annexs['tid'];
    if ($annexs['code'] != 'txt' && $annexs['code'] != 'url' && $annexs['code'] != 'file') {
        echoerror(10);
    } 
    $code = $annexs['code'];
    $annextype = explode("|", $annexs["type"]);
    if ($annextype[0]) {
        if (!$username) {
            echoerror(83);
        } 
        $result = mysql_query("select * from {$db_prefix}title where cid='$tid'", $myconn);
        if (!$trow = mysql_fetch_array($result)) {
            $yt = 1;
            $result = mysql_query("select * from {$db_prefix}posts where id='$tid'", $myconn);
            $row = mysql_fetch_array($result);
            $pauthor = $row["author"];
            $result = mysql_query("select * from {$db_prefix}title where cid='$row[tid]'", $myconn);
            $trow = mysql_fetch_array($result);
        } 
        $pauthor = $yt?$pauthor : $trow["author"];
        $fid = $trow["fid"];
        forumpurview();
        include language();
        if (!$userp3[3]) {
            echoerror(0);
        } 
        $trow[state] == 1 || $userp3[18] && $trow[state] == 0?null : echoerror(0);
        $trow[elite] == 0 || $userp3[37] && $trow[elite] == 1?null : echoerror(0);
        if ($yt) {
            !$row["state"] && !$userp3[18]?echoerror(0): null;
        } 
        $downuser = explode(",", $annexs["downuser"]);
        if (!@in_array($username, $downuser)) {
            if ($username != $pauthor) {
                $user[$annextype[0]] < $annextype[1]?echoerror(84): null;
                $annextype[0] == 'a' || $annextype[0] == 'b' || $annextype[0] == 'c'?$sql = $annextype[0]: echoerror(0);
                if (is_numeric($annextype[1]) && $annextype[1] != 0) {
                    @mysql_query("update {$db_prefix}members set $sql=$sql-'$annextype[1]' where id='$user[id]'" , $myconn);
                    @mysql_query("update {$db_prefix}members set $sql=$sql+'$annextype[1]' where username='$pauthor'" , $myconn);
                } 
            } 
            $downuser[] = $username;
            $downuser = @implode(",", $downuser);
            mysql_query("update {$db_prefix}annex set downuser='$downuser',downnum=downnum+'1' where id='$annexs[id]'" , $myconn);
        } else {
            mysql_query("update {$db_prefix}annex set downnum=downnum+'1' where id='$annexs[id]'", $myconn);
        } 
    } else {
        mysql_query("update {$db_prefix}annex set downnum=downnum+'1' where id='$annexs[id]'", $myconn);
    } 
    $result = mysql_query("select id,code,content from {$db_prefix}annex where  uptime < $time-3600 && fix=0" , $myconn);
    while (list($id, $tcode, $content) = mysql_fetch_array($result)) {
        if ($tcode == 'file') {
            @unlink("$softdir/uploads/$content");
        } 
        mysql_query("delete from {$db_prefix}annex where id='$id'", $myconn);
    } 
    switch ($code) {
        case "txt": echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />' . htmlspecialchars($annexs["content"]);
            break;
        case "url":
            header("Location: " . $annexs["content"]);
            break;
        case "file":
            header("Location: " . $softdir . "/uploads/" . $annexs["content"]);
            break;
        default:
            echoerror(0);
            break;
    } 
} else {
    echoerror(98);
} 

?>