$uid = $_GET[uid]; # ´äº¯ÇüÀϰæ¿ì
$mod = $_GET[mod]; # ¼öÁ¤Àϰæ¿ì
$name = htmlspecialchars($_POST[name]);
$title = htmlspecialchars($_POST[title]);
$kind = $_POST[kind];
$content = $_POST[content];
$email = htmlspecialchars($_POST[email]);
$homepage = htmlspecialchars($_POST[homepage]);
$signdate = time();
$pass = $_POST[pass];
$html = $_POST[html];
$ip_addr = $_SERVER["REMOTE_ADDR"];
/* À̸ÞÀÏ Ã¼Å© ºÎºÐ */
if($email){
$email = ismail($email);
if(!$email){
ALERT ('À̸ÞÀÏÀ» Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä');
}
}
########################### ÀÚ·á ¾÷·Îµå ºÎºÐ ###################################
$tail_name = "php|phtm|inc|class|htm|shtm|pl|cgi|ztx|dot"; # ¾÷·Îµå ±ÝÁö ÆÄÀÏ
$file_name = addslashes($_FILES["userfile"]["name"]); # ÆÄÀϸí
$file = $_FILES["userfile"]["tmp_name"]; # ÆÄÀÏ
$file_size = $_FILES["userfile"]["size"]; # ÆÄÀÏ »çÀÌÁî
if($file_name){
/* ÆÄÀÏ »çÀÌÁî Á¦ÇÑ */
if($file_size > 2000000){
ALERT ("ÆÄÀϿ뷮Àº 2¸Þ°¡ ÀÌÇÏ·Î Á¦ÇÑ ÇÕ´Ï´Ù.");
}
/* ÆÄÀÏ ¾÷·Îµå º¸¾È */
if (preg_match("/\.($tail_name)/i", $file_name)){
ALERT ("¾÷·ÎµåÇÏ½Ç ¼ö ¾ø´Â È®ÀåÀÚ ¹× ÆÄÀϸíÀÔ´Ï´Ù.");
}
$tail = strrchr($file_name, ".");
/* ÆÄÀϸíÀÌ °°Àº °æ¿ì ·£´ý¼ö¸¦ ÆÄÀÏ¸í¿¡ ¾Õ¿¡ ºÙ¿©ÁÜ */
$qry = "select uid from $board where dataname = '$file_name'";
$result = mysql_query($qry);
$row = mysql_fetch_array($result);
if($row[uid]){
$ranNo = mt_rand(1,100);
$file_name = $ranNo."_".$signdate.$tail;
}else{
$file_name = $signdate.$tail;
}
/* Æú´õ ÀúÀå ¹× Ã¼Å© ºÎºÐ */
if($file_name){
if(move_uploaded_file($file,$data_src.$file_name)){
echo "ÆÄÀÏ ¾÷·Îµå";
}else{
ALERT ("¾÷·Îµå¿¡ ¹®Á¦°¡ Àְųª, ¿ë·®ÀÌ 2M Ãʰú ÇÒ¼ö ¾ø½À´Ï´Ù.");
}
}
}
##############################################################################
if($mod != 1){
if(!$uid){
/* ±Û µî·Ï */
$pidQry ="select pid from $board order by uid desc";
$pidResult = mysql_query($pidQry);
$pidRow = mysql_fetch_array($pidResult);
if($pidRow[0]){
$pid = $pidRow[pid] - 1;
}else{
$pid = 9999999.0000; # ÃʱⰪ ¼³Á¤
}
$qry = "insert into $board (uid,pid,thread,kind,name,email,homepage,pass,html,title,content,dataname,signdate,ref,ip_addr) values ('','$pid','','$kind','$name','$email','$homepage','$pass','$html','$title','$content','$file_name','$signdate','','$ip_addr')";
$result = mysql_query($qry) OR die (mysql_error());
echo "";
}else{
/* ´äº¯±ÛÀÎ °æ¿ì */
$reply_qry = "select pid,thread from $board where uid=$uid";
$reply_result = mysql_query($reply_qry);
$reply_row = mysql_fetch_Array($reply_result);
if($reply_row[pid]){
$pid = $reply_row[pid] + 0.0001;
$Dpid = $reply_row[pid];
$Upid = intval($pid) + 1;
$thread = $reply_row[thread] + 1;
$up_qry = "update $board set pid = pid + 0.0001 where pid > $Dpid and pid < $Upid";
$up_result = mysql_query($up_qry) or die (mysql_error());
$data_qry = "insert into $board (uid,pid,thread,kind,name,email,homepage,pass,html,title,content,dataname,signdate,ref,ip_addr) values ('','$pid','$thread','$kind','$name','$email','$homepage','$pass','$html','$title','$content','$file_name','$signdate','','$ip_addr')";
$data_result = mysql_query($data_qry) or die (mysql_error());
}
echo "";
}
}else{
/* ¼öÁ¤±ÛÀÎ °æ¿ì */
$delQry = "select pass from $board where uid = $uid";
$delResult = mysql_query($delQry);
$delRow = mysql_fetch_array($delResult);
$delPass = $delRow[pass];
if($pass != $delPass || !$pass){ # »ç¿ëÀÚ È®ÀÎÀ» À§ÇÑ ÆÐ½º¿öµå üũºÎºÐ
ALERT ('ÆÐ½º¿öµå°¡ ¸ÂÁö ¾Ê½À´Ï´Ù. µî·ÏÀÚ¸¸ ¼öÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù.');
}else{
if(!$file){
$qry = "update $board set kind='$kind',name='$name',email='$email',homepage='$homepage',html='$html',title='$title',content='$content',ip_addr='$ip_addr' where uid='$uid'";
}else{
$qry = "update $board set kind='$kind',name='$name',email='$email',homepage='$homepage',html='$html',title='$title',content='$content',dataname='$file_name',ip_addr='$ip_addr' where uid='$uid'";
}
mysql_query($qry);
echo "";
}
}
?>