$restrict_size) { error("INVALID_SIZE"); exit; } } if(!ereg("([^[:space:]]+)", $comment)) { error("INVALID_COMMENT"); exit; } //***********ȨÆäÀÌÁö¿¡ ÀԷ»çÇ×ÀÌ ¾øÀ» °æ¿ì NULL°ªÀ¸·Î ó¸® if ($homepage=="http://"){ $homepage=""; } //*********** µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù include "dbconn_info.php"; //*********** »õ·Î¿î °Ô½Ã¹°ÀÇ fid(family id), uid(unique id)°ªÀ» °áÁ¤ÇÑ´Ù $result = mysql_query("SELECT max(uid), max(fid) FROM $code",$dbconn); if (!$result) { error("QUERY_ERROR"); exit; } $row = mysql_fetch_row($result); if($row[0]) { $new_uid = $row[0] + 1; } else { $new_uid = 1; } if($row[1]) { $new_fid = $row[1] + 1; } else { $new_fid = 1; } $signdate = time(); //*********** Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿­¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù $subject = addslashes($subject); $comment = addslashes($comment); //*********** µî·ÏÆÄÀÏÀÌ ÀÖÀ» °æ¿ì if ($userfile_name) { //*********** ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù $savedir = $code . "_files"; //*********** µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù $full_filename = explode(".", "$userfile_name"); $extension = $full_filename[sizeof($full_filename)-1]; if(!strcmp($extension,"html") || !strcmp($extension,"htm") || !strcmp($extension,"php") || !strcmp($extension,"php3") || !strcmp($extension,"inc") || !strcmp($extension,"pl") || !strcmp($extension,"cgi") || !strcmp($extension,"asp") || // !strcmp($extension,"") || !strcmp($extension,"phtml")) { error("NO_ACCESS_UPLOAD"); exit; } //*********** µî·ÏÆÄÀÏÀÇ UNIQUEÀ̸§À» ¸¸µç´Ù $uufile = md5(uniqid(rand())); //*********** µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå //*********** if(!copy($userfile,"$savedir/$uufile")) { error("UPLOAD_COPY_FAILURE"); exit; } //*********** ÀÛ¾÷ÀÌ ³¡³­ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù if(!unlink($userfile)) { error("UPLOAD_DELETE_FAILURE"); exit; } }else{ // µî·ÏÆÄÀÏÀÌ ¾øÀ» °æ¿ì $userfile=""; $uufile=""; $file_size=0; } //*********** PDSCHECK °áÁ¤ if ($mode==0){ $pdscheck="B"; }else if($mode==1){ $pdscheck="P"; } //*********** µ¥ÀÌÅͺ£À̽º¿¡ ÀԷ°ªÀ» »ðÀÔÇÑ´Ù $query = "INSERT INTO $code (uid, fid, pdscheck, name, email, homepage, subject, comment, passwd, signdate, ref, userfile, uufile, filesize, thread) VALUES ('$new_uid', '$new_fid', '$pdscheck', '$name', '$email', '$homepage', '$subject', '$comment', password('$passwd'), '$signdate', 0,'$userfile_name', '$uufile', '$userfile_size', 'A')"; $result = mysql_query($query,$dbconn); if($result) { /* ¸ÞÀÏÅ뺸±â´É ½ÃÀÛ --------------UNIX(LINUX)ÀÏ °æ¿ì¿¡¸¸ REMARK¸¦ Á¦°ÅÇÏ½Ã°í »ç¿ëÇϼ¼¿ä. À©µµ¿ìȯ°æ¿¡¼­´Â ÀÛµ¿ÇÏÁö ¾Ê´Â ±â´ÉÀÔ´Ï´Ù. */ if($notify_admin) { $client = getenv('REMOTE_ADDR'); $browser = getenv('HTTP_USER_AGENT'); $signdate = date("Y³â m¿ù dÀÏ H½Ã iºÐ sÃÊ",$signdate); $mail_subject = stripslashes($subject); $mail_comment = stripslashes($comment); $filesize = $userfile_size/1000; $contents = "±Û¾´ÀÌ : $name\nÀüÀÚ¿ìÆí : $email\nÈ£½ºÆ® : $client\nºê¶ó¿ìÀú : $browser\n±Û¾´ ½Ã°¢ : $signdate\nÁ¦¸ñ : $mail_subject\nÆÄÀϸí : $userfile_name ($userfile_size KBytes)\n³»¿ë : \n\n$mail_comment\n"; mail($admin, "»õ±ÛÀÌ µî·ÏµÇ¾ú½À´Ï´Ù : $code", $contents); } /* ¸ÞÀÏÅ뺸±â´É ³¡----------------- */ //*********** ¸®½ºÆ® Ãâ·ÂÈ­¸éÀ¸·Î À̵¿ÇÑ´Ù echo (""); } else { error("QUERY_ERROR"); exit; } ?>