if(ereg("([^[:space:]]+)", $email) && (!ereg("(^[_0-9a-zA-Z-]+(\.[_0-9a-zA-Z-]+)*@[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*$)", $email)) ) {
echo("");
exit;
}
if(ereg("([^[:space:]]+)", $homepage) && (!ereg("http://([0-9a-zA-Z./@~?&=_]+)", $homepage)) ) {
echo("");
exit;
}
if(!ereg("([^[:space:]]+)", $subject)) {
echo("");
exit;
}
if(!ereg("(^[0-9a-zA-Z]{4,}$)", $passwd)) {
echo("");
exit;
}
if(!ereg("([^[:space:]]+)", $comment)) {
echo("");
exit;
}
########## µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù. ###########
include "../includes/dbconn.inc";
########## Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ##########
$subject = addslashes($subject);
$comment = addslashes($comment);
########## °ü¸®ÀÚ·Î ÀÎÁõµÈ °æ¿ì ¸ðµç ±ÛÀ» ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù. ##########
if($admin) {
if($userfile_name != "") {
########## ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù. ##########
$savedir = "data";
########## µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù. ##########
$full_filename = explode(".", "$userfile_name");
$extension = $full_filename[sizeof($full_filename)-1];
if(!strcmp($extension,"html") ||
!strcmp($extension,"htm") ||
!strcmp($extension,"php") ||
!strcmp($extension,"php3") ||
!strcmp($extension,"inc") ||
!strcmp($extension,"pl") ||
!strcmp($extension,"cgi") ||
!strcmp($extension,"txt") ||
!strcmp($extension,"asp") ||
!strcmp($extension,"inc") ||
!strcmp($extension,"") ||
!strcmp($extension,"phtml"))
{
echo("");
exit;
}
########## ÀÚ·á°¡ µî·ÏµÇ¾î ÀÖÀ» °æ¿ì ÀÚ·áµµ ÇÔ²² »èÁ¦ÇÑ´Ù. ##########
$query = "select userfile from pds where fid = $fid AND thread = '$thread'";
$result = mysql_query($query, $dbconn);
$my_userfile = mysql_result($result,0,0);
$savedir = "data";
if($my_userfile != "") {
unlink($savedir."/".$my_userfile);
rmdir($savedir."/".substr($my_userfile,0,strrpos($my_userfile,"/")+1));
}
########## ¾÷·Îµå À§Ä¡¸¦ ÁöÁ¤ÇÏ°í ¾øÀ» °æ¿ì µð·ºÅ丮 »ý¼º ##########
$uid = md5(uniqid(rand()));
if(!file_exists('./$savedir/'.$uid)){
mkdir("./$savedir/".$uid,0777);
}
$userfile_name = ereg_replace(" ","",$userfile_name);
$userfile_name = ereg_replace("\(","-",$userfile_name);
$userfile_name = ereg_replace("\)","-",$userfile_name);
$userfile_name = $uid."/".$userfile_name;
$dest = "./$savedir/$userfile_name";
########## µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå ##########
if(!copy($userfile,$dest)) {
echo("");
exit;
}
########## ÀÛ¾÷ÀÌ ³¡³ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. ##########
if(!unlink($userfile)) {
echo("");
exit;
}
}else {
########## ±âÁ¸ÀÇ ÀÚ·áÁ¤º¸¸¦ °Ë»öÇØ ¿Â´Ù. ##########
$query = "select userfile,filesize from pds where fid = $fid AND thread = '$thread'";
$result = mysql_query($query, $dbconn);
$userfile_name = mysql_result($result,0,0);
$userfile_size = mysql_result($result,0,1);
}
$query = "UPDATE pds SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment', userfile = '$userfile_name', filesize = $userfile_size WHERE uid = $number";
$result = mysql_query($query,$dbconn);
if (!$result) {
echo("");
exit;
}
echo ("");
}else {
########## ÇØ´ç°Ô½Ã¹°ÀÇ ¾ÏÈ£°ªÀ» »Ì¾Æ³½´Ù. ##########
$result = mysql_query("SELECT passwd FROM pds WHERE uid = $number",$dbconn);
if (!$result) {
echo("");
exit;
}
$real_pass = mysql_result($result,0,0);
########## »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£¹®ÀÚ¿À» ¾ÏÈ£ÈÇÑ´Ù. ##########
$result = mysql_query("SELECT password('$passwd')",$dbconn);
if (!$result) {
echo("");
exit;
}
$user_pass = mysql_result($result,0,0);
########## °Ô½Ã¹°ÀÇ ¾ÏÈ£¿Í »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£°¡ °°À¸¸é °Ô½Ã¹°À» ¼öÁ¤ÇÑ´Ù. ##########
if (!strcmp($real_pass,$user_pass)) {
if($userfile_name != "") {
########## ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù. ##########
$savedir = "data";
########## µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù. ##########
$full_filename = explode(".", "$userfile_name");
$extension = $full_filename[sizeof($full_filename)-1];
if(!strcmp($extension,"html") ||
!strcmp($extension,"htm") ||
!strcmp($extension,"php") ||
!strcmp($extension,"php3") ||
!strcmp($extension,"inc") ||
!strcmp($extension,"pl") ||
!strcmp($extension,"cgi") ||
!strcmp($extension,"txt") ||
!strcmp($extension,"asp") ||
!strcmp($extension,"inc") ||
!strcmp($extension,"") ||
!strcmp($extension,"phtml"))
{
echo("");
exit;
}
########## ÀÚ·á°¡ µî·ÏµÇ¾î ÀÖÀ» °æ¿ì ÀÚ·áµµ ÇÔ²² »èÁ¦ÇÑ´Ù. ##########
$query = "select userfile from pds where fid = $fid AND thread = '$thread'";
$result = mysql_query($query, $dbconn);
$my_userfile = mysql_result($result,0,0);
$savedir = "data";
if($my_userfile != "") {
unlink($savedir."/".$my_userfile);
rmdir($savedir."/".substr($my_userfile,0,strrpos($my_userfile,"/")+1));
}
########## ¾÷·Îµå À§Ä¡¸¦ ÁöÁ¤ÇÏ°í ¾øÀ» °æ¿ì µð·ºÅ丮 »ý¼º ##########
$uid = md5(uniqid(rand()));
if(!file_exists('./$savedir/'.$uid)){
mkdir("./$savedir/".$uid,0777);
}
$userfile_name = ereg_replace(" ","",$userfile_name);
$userfile_name = ereg_replace("\(","-",$userfile_name);
$userfile_name = ereg_replace("\)","-",$userfile_name);
$userfile_name = $uid."/".$userfile_name;
$dest = "./$savedir/$userfile_name";
########## µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå ##########
if(!copy($userfile,$dest)) {
echo("");
exit;
}
########## ÀÛ¾÷ÀÌ ³¡³ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. ##########
if(!unlink($userfile)) {
echo("");
exit;
}
}else {
########## ±âÁ¸ÀÇ ÀÚ·áÁ¤º¸¸¦ °Ë»öÇØ ¿Â´Ù. ##########
$query = "select userfile,filesize from pds where fid = $fid AND thread = '$thread'";
$result = mysql_query($query, $dbconn);
$userfile_name = mysql_result($result,0,0);
$userfile_size = mysql_result($result,0,1);
}
$query = "UPDATE pds SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment', userfile = '$userfile_name', filesize = $userfile_size WHERE uid = $number";
$result = mysql_query($query,$dbconn);
if (!$result) {
echo("");
exit;
}
echo ("");
}else {
echo("");
exit;
}
}
?>