alert('¿Ã¹Ù¸¥ À̸ÞÀÏ ÁÖ¼Ò°¡ ¾Æ´Õ´Ï´Ù.\\nÀ̸ÞÀÏ ÁÖ¼Ò¸¦ Á¤È®È÷ Àû¾îÁֽʽÿÀ.') history.go(-1) "); exit; } if(ereg("([^[:space:]]+)", $homepage) && (!ereg("http://([0-9a-zA-Z./@~?&=_]+)", $homepage)) ) { echo(""); exit; } if(!ereg("([^[:space:]]+)", $subject)) { echo(""); exit; } if(!ereg("(^[0-9a-zA-Z]{4,}$)", $passwd)) { echo(""); exit; } if(!ereg("([^[:space:]]+)", $comment)) { echo(""); exit; } ########## µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù. ########### include "../includes/dbconn.inc"; ########## Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿­¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ########## $subject = addslashes($subject); $comment = addslashes($comment); ########## °ü¸®ÀÚ·Î ÀÎÁõµÈ °æ¿ì ¸ðµç ±ÛÀ» ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù. ########## if($admin) { if($userfile_name != "") { ########## ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù. ########## $savedir = "data"; ########## µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù. ########## $full_filename = explode(".", "$userfile_name"); $extension = $full_filename[sizeof($full_filename)-1]; if(!strcmp($extension,"html") || !strcmp($extension,"htm") || !strcmp($extension,"php") || !strcmp($extension,"php3") || !strcmp($extension,"inc") || !strcmp($extension,"pl") || !strcmp($extension,"cgi") || !strcmp($extension,"txt") || !strcmp($extension,"asp") || !strcmp($extension,"inc") || !strcmp($extension,"") || !strcmp($extension,"phtml")) { echo(""); exit; } ########## ÀÚ·á°¡ µî·ÏµÇ¾î ÀÖÀ» °æ¿ì ÀÚ·áµµ ÇÔ²² »èÁ¦ÇÑ´Ù. ########## $query = "select userfile from pds where fid = $fid AND thread = '$thread'"; $result = mysql_query($query, $dbconn); $my_userfile = mysql_result($result,0,0); $savedir = "data"; if($my_userfile != "") { unlink($savedir."/".$my_userfile); rmdir($savedir."/".substr($my_userfile,0,strrpos($my_userfile,"/")+1)); } ########## ¾÷·Îµå À§Ä¡¸¦ ÁöÁ¤ÇÏ°í ¾øÀ» °æ¿ì µð·ºÅ丮 »ý¼º ########## $uid = md5(uniqid(rand())); if(!file_exists('./$savedir/'.$uid)){ mkdir("./$savedir/".$uid,0777); } $userfile_name = ereg_replace(" ","",$userfile_name); $userfile_name = ereg_replace("\(","-",$userfile_name); $userfile_name = ereg_replace("\)","-",$userfile_name); $userfile_name = $uid."/".$userfile_name; $dest = "./$savedir/$userfile_name"; ########## µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå ########## if(!copy($userfile,$dest)) { echo(""); exit; } ########## ÀÛ¾÷ÀÌ ³¡³­ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. ########## if(!unlink($userfile)) { echo(""); exit; } }else { ########## ±âÁ¸ÀÇ ÀÚ·áÁ¤º¸¸¦ °Ë»öÇØ ¿Â´Ù. ########## $query = "select userfile,filesize from pds where fid = $fid AND thread = '$thread'"; $result = mysql_query($query, $dbconn); $userfile_name = mysql_result($result,0,0); $userfile_size = mysql_result($result,0,1); } $query = "UPDATE pds SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment', userfile = '$userfile_name', filesize = $userfile_size WHERE uid = $number"; $result = mysql_query($query,$dbconn); if (!$result) { echo(""); exit; } echo (""); }else { ########## ÇØ´ç°Ô½Ã¹°ÀÇ ¾ÏÈ£°ªÀ» »Ì¾Æ³½´Ù. ########## $result = mysql_query("SELECT passwd FROM pds WHERE uid = $number",$dbconn); if (!$result) { echo(""); exit; } $real_pass = mysql_result($result,0,0); ########## »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£¹®ÀÚ¿­À» ¾ÏȣȭÇÑ´Ù. ########## $result = mysql_query("SELECT password('$passwd')",$dbconn); if (!$result) { echo(""); exit; } $user_pass = mysql_result($result,0,0); ########## °Ô½Ã¹°ÀÇ ¾ÏÈ£¿Í »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£°¡ °°À¸¸é °Ô½Ã¹°À» ¼öÁ¤ÇÑ´Ù. ########## if (!strcmp($real_pass,$user_pass)) { if($userfile_name != "") { ########## ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù. ########## $savedir = "data"; ########## µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù. ########## $full_filename = explode(".", "$userfile_name"); $extension = $full_filename[sizeof($full_filename)-1]; if(!strcmp($extension,"html") || !strcmp($extension,"htm") || !strcmp($extension,"php") || !strcmp($extension,"php3") || !strcmp($extension,"inc") || !strcmp($extension,"pl") || !strcmp($extension,"cgi") || !strcmp($extension,"txt") || !strcmp($extension,"asp") || !strcmp($extension,"inc") || !strcmp($extension,"") || !strcmp($extension,"phtml")) { echo(""); exit; } ########## ÀÚ·á°¡ µî·ÏµÇ¾î ÀÖÀ» °æ¿ì ÀÚ·áµµ ÇÔ²² »èÁ¦ÇÑ´Ù. ########## $query = "select userfile from pds where fid = $fid AND thread = '$thread'"; $result = mysql_query($query, $dbconn); $my_userfile = mysql_result($result,0,0); $savedir = "data"; if($my_userfile != "") { unlink($savedir."/".$my_userfile); rmdir($savedir."/".substr($my_userfile,0,strrpos($my_userfile,"/")+1)); } ########## ¾÷·Îµå À§Ä¡¸¦ ÁöÁ¤ÇÏ°í ¾øÀ» °æ¿ì µð·ºÅ丮 »ý¼º ########## $uid = md5(uniqid(rand())); if(!file_exists('./$savedir/'.$uid)){ mkdir("./$savedir/".$uid,0777); } $userfile_name = ereg_replace(" ","",$userfile_name); $userfile_name = ereg_replace("\(","-",$userfile_name); $userfile_name = ereg_replace("\)","-",$userfile_name); $userfile_name = $uid."/".$userfile_name; $dest = "./$savedir/$userfile_name"; ########## µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå ########## if(!copy($userfile,$dest)) { echo(""); exit; } ########## ÀÛ¾÷ÀÌ ³¡³­ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. ########## if(!unlink($userfile)) { echo(""); exit; } }else { ########## ±âÁ¸ÀÇ ÀÚ·áÁ¤º¸¸¦ °Ë»öÇØ ¿Â´Ù. ########## $query = "select userfile,filesize from pds where fid = $fid AND thread = '$thread'"; $result = mysql_query($query, $dbconn); $userfile_name = mysql_result($result,0,0); $userfile_size = mysql_result($result,0,1); } $query = "UPDATE pds SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment', userfile = '$userfile_name', filesize = $userfile_size WHERE uid = $number"; $result = mysql_query($query,$dbconn); if (!$result) { echo(""); exit; } echo (""); }else { echo(""); exit; } } ?>