alert('¿Ã¹Ù¸¥ À̸ÞÀÏ ÁÖ¼Ò°¡ ¾Æ´Õ´Ï´Ù.\\nÀ̸ÞÀÏ ÁÖ¼Ò¸¦ Á¤È®È÷ Àû¾îÁֽʽÿÀ.') history.go(-1) "); exit; } if(ereg("([^[:space:]]+)", $homepage) && (!ereg("http://([0-9a-zA-Z./@~?&=_]+)", $homepage)) ) { echo(""); exit; } if(!ereg("([^[:space:]]+)", $subject)) { echo(""); exit; } if(!ereg("(^[0-9a-zA-Z]{4,}$)", $passwd)) { echo(""); exit; } if(!ereg("([^[:space:]]+)", $comment)) { echo(""); exit; } ########## µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù. ########### include "../includes/dbconn.inc"; ######### ¿ø±ÛÀÇ ÀԷ°ªÀ¸·ÎºÎÅÍ ´äº¯±Û¿¡ ÀÔ·ÂÇÒ Á¤º¸(Á¤·Ä ¹× indent¿¡ ÇÊ¿äÇÑ threadÇʵ尪)¸¦ »Ì¾Æ³½´Ù. ########## $query = "SELECT thread,right(thread,1) FROM pds WHERE fid = $fid AND length(thread) = length('$thread')+1 AND locate('$thread',thread) = 1 ORDER BY thread DESC LIMIT 1"; $result = mysql_query($query,$dbconn); if(!$result) { echo(""); exit; } $rows = mysql_num_rows($result); if($rows) { $row = mysql_fetch_row($result); $thread_head = substr($row[0],0,-1); $thread_foot = ++$row[1]; $new_thread = $thread_head . $thread_foot; } else { $new_thread = $thread . "A"; } $signdate = time(); ########## Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿­¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ########## $subject = addslashes($subject); $comment = addslashes($comment); if($userfile_name != "") { ########## ÆÄÀÏÀÌ ÀúÀåµÉ ÀÚ·á½ÇÀÇ µð·ºÅ丮¸¦ ¼³Á¤ÇÑ´Ù. ########## $savedir = "data"; ########## µî·ÏÇÑ ÆÄÀÏÀÌ ¾÷·Îµå°¡ Çã¿ëµÇÁö ¾Ê´Â È®ÀåÀÚ¸¦ °®´Â ÆÄÀÏÀÎÁö¸¦ °Ë»çÇÑ´Ù. ########## $full_filename = explode(".", "$userfile_name"); $extension = $full_filename[sizeof($full_filename)-1]; if(!strcmp($extension,"html") || !strcmp($extension,"htm") || !strcmp($extension,"php") || !strcmp($extension,"php3") || !strcmp($extension,"inc") || !strcmp($extension,"pl") || !strcmp($extension,"cgi") || !strcmp($extension,"txt") || !strcmp($extension,"asp") || !strcmp($extension,"inc") || !strcmp($extension,"") || !strcmp($extension,"phtml")) { echo(""); exit; } ########## ¾÷·Îµå À§Ä¡¸¦ ÁöÁ¤ÇÏ°í ¾øÀ» °æ¿ì µð·ºÅ丮 »ý¼º ########## $uid = md5(uniqid(rand())); if(!file_exists('./$savedir/'.$uid)){ mkdir("./$savedir/".$uid,0777); } $userfile_name = ereg_replace(" ","",$userfile_name); $userfile_name = ereg_replace("\(","-",$userfile_name); $userfile_name = ereg_replace("\)","-",$userfile_name); $userfile_name = $uid."/".$userfile_name; $dest = "./$savedir/$userfile_name"; ########## µî·ÏÇÏ·Á´Â ÆÄÀÏÀ» ÇöÀç ÀÚ·á½ÇÀÇ ÁöÁ¤µð·ºÅ丮¿¡ ÀúÀå ########## if(!copy($userfile,$dest)) { echo(""); exit; } ########## ÀÛ¾÷ÀÌ ³¡³­ÈÄ Àӽõð·ºÅ丮¿¡ ÀúÀåµÈ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. ########## if(!unlink($userfile)) { echo(""); exit; } }else { $userfile_name = ""; $userfile_size = 0; } ########## µ¥ÀÌÅͺ£À̽º¿¡ ÀԷ°ªÀ» »ðÀÔÇÑ´Ù. ########## $query = "INSERT INTO pds (fid, name, email, homepage, subject, comment, passwd, signdate, ref, thread, userfile, filesize) VALUES ($fid, '$name', '$email', '$homepage', '$subject', '$comment', password('$passwd'), $signdate, 0,'$new_thread','$userfile_name',$userfile_size)"; $result = mysql_query($query,$dbconn); if($result) { ########## ¸®½ºÆ® Ãâ·ÂÈ­¸éÀ¸·Î À̵¿ÇÑ´Ù. ########## echo (""); } else { echo(""); exit; } ?>