|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /home/queenjbs/jaejoong_X/admin/Proc/ |
Upload File : |
<? include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php"; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?
$todayfull = date("YmdHis");
$contents = addslashes($contents); //특수문자db에 들어가게..
$formChk = "view";
$tableName = "profile";
$division = $act;
if(!$is_secret) $is_secret="N";
//thump 이미지 저장 시작******************************************
if($thumnail_name) {
if($_FILES['thumnail_name']['size'] > "11162773"){
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
alert("10mb以下で保存することが可能です。");
history.back(-1);
//-->
</SCRIPT>
<?
}
$savedir = $_SERVER['DOCUMENT_ROOT']."/files/muti/profile";
$thumnail_name_ext = strtolower(substr($thumnail_name,-3)); // 확장자
$del_file="/files/muti/profile/".$thumnail_name;
if($fileName && is_file($del_file)) unlink($del_file);
//소문자.. 대문자.. 구분가능..
if($thumnail_name_ext!="com" or $thumnail_name_ext!="exe" or $thumnail_name_ext!="php" or $thumnail_name_ext!="htm"){
//$vName = $category."".$todayfull.".".$thumnail_name_ext; //화명명 변경 예)20061212_6437210.jpg
$realName1 = $thumnail_name;
//$file_count = 1;
if(!copy($thumnail, "$savedir/$thumnail_name")) {
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
alert("upload fail.");
//history.back(-1);
//-->
</SCRIPT>
<?
exit;
}
unlink($thumnail);
}else{
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
alert("添付ファイルはファイル(exe,com,php,html)のみアップロード可能です.");
history.back(-1);
//-->
</SCRIPT>
<?
}
}
//thump 이미지 저장 끝******************************************
//thump2 이미지 저장 시작******************************************
if($thumnail2_name) {
if($_FILES['thumnail2_name']['size'] > "11162773"){
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
alert("10mb以下で保存することが可能です。");
history.back(-1);
//-->
</SCRIPT>
<?
}
$savedir = $_SERVER['DOCUMENT_ROOT']."/files/muti/profile";
$thumnail2_name_ext = strtolower(substr($thumnail2_name,-3)); // 확장자
$del_file2="/files/muti/profile/".$thumnail2_name;
if($fileName2 && is_file($del_file2)) unlink($del_file2);
//소문자.. 대문자.. 구분가능..
if($thumnail2_name_ext!="com" or $thumnail2_name_ext!="exe" or $thumnail2_name_ext!="php" or $thumnail2_name_ext!="htm"){
//$vName = $category."".$todayfull.".".$thumnail2_name_ext; //화명명 변경 예)20061212_6437210.jpg
$realName2 = $thumnail2_name;
$file_count = 1;
if(!copy($thumnail2, "$savedir/$realName2")) {
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
//alert("upload fail.");
//history.back(-1);
//-->
</SCRIPT>
<?
exit;
}
unlink($thumnail2);
}else{
?>
<SCRIPT LANGUAGE="JavaScript">
<!--
alert("添付ファイルはファイル(exe,com,php,html)のみアップロード可能です.");
history.back(-1);
//-->
</SCRIPT>
<?
}
}
//thump 이미지 저장 끝******************************************
//쓰기
if($mode == "write"){
$query = "INSERT INTO board_$tableName
(
division,
module_no,
user_no,
user_id,
user_name,
reg_date,
is_secret,
subject,
contents,
subtitle,
sub_content,
img_file1,
img_file2,
ip
) VALUES (
'$division',
'$tableName',
'$sessionIDX',
'$sessionID',
'$sessionNickname',
now(),
'$is_secret',
'$subject',
'$contents',
'$subtitle',
'$sub_content',
'$realName1',
'$realName2',
'$REMOTE_ADDR'
)";
$result = mysql_query($query,$db_con);
$urlchk = "../profile_write.php";
//수정
}else if($mode == "proc"){
if($realName1){
$where =",img_file1='$realName1'";
}
if($realName2){
$where .=",img_file2='$realName2'";
}
$query = "update board_$tableName set subject='$subject',contents='$contents',subtitle='$subtitle',sub_content='$sub_content' $where ,is_secret='$is_secret' where no = '$idx'";
$result = mysql_query($query,$db_con);
$urlchk = "../profile_write.php";
//삭제
}else if($mode =="del"){
$qry = "delete from board_$tableName where no = '$idx'";
$query = mysql_query($qry,$db_con);
$urlchk = "../profile.php";
}
?>
<form name="form" method="post" action="<?=$urlchk?>" onsubmit="return validate();" enctype="multipart/form-data">
<input type="hidden" name="mode" value="<?=$mode?>">
<input type="hidden" name="idx" value="<?=$idx?>">
<input type="hidden" name="act" value="<?=$act?>">
</form>
<script>
//alert("<?=$saveName?> OK");
document.form.submit();
</script>