"); exit; } } $wdate=time(); $userip=getenv(REMOTE_ADDR); $comment=eregi_replace("","",$comment); $comment=eregi_replace("<title >","",$comment); function error($msg){ echo("<script>window.alert('$msg') history.back() </script> "); exit; } function fucking(&$data1,&$data2){ global $str; include "funcking.dat"; $count=count($str); for($i=0;$i<$count;$i++){ $wordcount=strlen($str[$i])/2; $xcount=""; for($j=0;$j<$wordcount;$j++){ $xcount.="O"; } $data1=ereg_replace("$str[$i]","$xcount",$data1); $data2=ereg_replace("$str[$i]","$xcount",$data2); } } function file_form(){ global $file_on,$temp; if($file_on){ $temp="<tr> <td width=13% height=11 align=right>file</td> <td width=87% height=11 colspan=3 align=left style='padding-left: 12'><input type='file' name='fileup' size='34' class='input'></td> </tr>";} else{ $temp="";} } function plus_gid(){ global $rtype,$dbcon,$board,$gid; if(!strcmp($rtype,out)){ $resultgid=mysql_query("select max(gid) from $board",$dbcon); $gidrow=mysql_fetch_row($resultgid); $gid=$gidrow[0]+1; } } function check_master(){ global $userpass,$you,$notice,$master,$adminpass,$input_pass; if($master){ $notice="<tr> <td width=13% height=11 align=right>notice</td> <td width=87% height=11 colspan=3 align='left' style='padding-left: 20'> <input type='radio' name='you' value='admin'>Yes <input type='radio' name='you' value='guest' checked>No (°øÁö»çÇ× ±ÛÀÓÀ» Ç¥½Ã) </td> </tr>"; $userpass=$adminpass; $input_pass="<td width=100% height=1 colspan=4 align='center'>"; } else{ $notice=""; $you="guest"; $input_pass="<td width=100% height=1 colspan=4> ºñ¹Ð¹øÈ£ <input type='password' name='userpass' size='12' class='input'>"; } } ################################## ÆÄÀÏ ÀúÀå ºÎºÐ ############################### function files(){ global $fileup_name,$file_dir,$fileup,$file_dir,$file_on; if($file_on){ if($fileup!=none){ $realfile=explode(".",$fileup_name); $exe=$realfile[count($realfile)-1]; $donot=array("php","asp","cgi","pl","htm","inc","txt"); for($i=0;$i<7;$i++){ if(eregi($donot[$i],$exe)){ error("¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´ÂÆÄÀÏÀÔ´Ï´Ù"); } } $exists=file_exists("$file_dir/$fileup_name"); if($exists){ error("$fileup_name ÆÄÀÏÀÌ ÀÌ¹Ì Á¸ÀçÇϰí ÀÖ½À´Ï´Ù!!"); } if(!copy($fileup,"$file_dir/$fileup_name")){ error("ÆÄÀϾ÷·Îµå ½ÇÆÐ!!"); } } else{ $fileup_name=""; } } } check_master(); ################################ Æû °Ë»ç #################################### if($upload){ if($master){ if(!ereg("([^[:space:]]+)",$name) or !ereg("([^[:space:]]+)",$subject) or !ereg("([^[:space:]]+)",$comment)){ error("[À̸§] [Á¦¸ñ] [³»¿ë]´Â Çϳª¶óµµ ºüÁ®¼± ¾ÈµÇ¿ä."); } } else{ if(!ereg("([^[:space:]]+)",$name) or !ereg("([^[:space:]]+)",$subject) or !ereg("([^[:space:]]+)",$comment) or !ereg("([^[:space:]]+)",$userpass)){ error("[À̸§] [Á¦¸ñ] [³»¿ë] [ÆÐ½º¿öµå]´Â Çϳª¶óµµ ºüÁ®¼± ¾ÈµÇ¿ä."); } } ###################################### ±Û ÀúÀå ################################## plus_gid(); files(); fucking($subject,$comment); if(!strcmp($rtype,out)){ $writeque="insert into $board values('','$gid','$name','$email','$link','$subject','$comment','$userpass' ,'$wdate','$userip','','a','','$fileup_name','$you')"; } else{ $writeque="insert into $board values('','$name','$email','$link','$subject','$comment','$userpass' ,'$wdate','$userip','','$fileup_name','$you')"; } $result=mysql_query($writeque,$dbcon); if($result){ echo ("<meta http-equiv='refresh' content='0; url=ebboard.html?board=${board}'>"); exit; } else{ error("±Û¾²±â ½ÇÆÐ!!"); } } ################################±Û¾²±â Æû Ãâ·Â ################################### file_form(); echo(" <form action=$PHP_SELF?board=$board ENCTYPE='multipart/form-data' method='post'> <div align='$table_align'> <table border=0 width=$table_width cellspacing='0' cellpadding='0'> <tr> <td> <div align='center'> <table border=0 width=360 cellspacing=0 cellpadding=4 height=54 style='border-style: dotted; border-width: 1' bordercolor='$header_line_color'> <tr> <td width=97% height=157 align=center> <table border=0 width=96% height=93 cellspacing=0 cellpadding=0> <tr> <td width=100% height=8 colspan=4> <p align=center><b>[±Û ¾²±â]</b></td> </tr> <tr> <td width='13%' height='15' align='right'>Name</td> <td width='27%' height='15' align='left' style='padding-left: 12'><input type=text name='name' size=10 maxlength='10' class='input' maxlength='12'></td> <td width=16% height=15 align='center'>Email</td> <td width=47% height=15 align=left style='padding-left: 3'><input type=text name='email' size=25 class='input'></td> </tr> <tr> <td width=13% height=8 align=right>Link</td> <td width=87% height=8 colspan=3 align='left' style='padding-left: 12'><input type=text name='link' size='50' class='input'></td> </tr> <tr> <td width=13% height=11 align=right>Subject</td> <td width=87% height=11 colspan=3 align=left style='padding-left: 12'><input type=text name='subject' size='50' class='input' maxlength='$subject_text_limit'></td> </tr>$temp $notice <tr> <td width=100% height=100 align=right colspan=4><textarea name='comment' rows='15' cols='60' wrap='on' class='input'></textarea></td> </tr> <tr> $input_pass <input type='submit' value='Àü¼Û' class='input2'> <input type='reset' value='¸®¼Â' class='input2'> <input type=hidden name='upload' value='ok'></td> </tr> </table> </td> </tr> </table> </tr> </td> </table> </div> </form> "); include "bottom.inc"; ?>