KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /home/queenjbs/yuchun/admin/Proc/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //home/queenjbs/yuchun/admin/Proc/profile_proc.php
<? include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php"; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<?
$todayfull = date("YmdHis");
$contents = addslashes($contents); //특수문자db에 들어가게..
$formChk = "view";
$tableName = "profile";
if(!$is_secret) $is_secret="N";
if(!$is_notice) $is_notice="N"; //new버튼
$FILES_PATH = $_SERVER['DOCUMENT_ROOT']."/files/muti/profile/";

//thump 이미지 저장 시작******************************************
if($thumnail) {
    //이미지 배열 재배치;
    $ImageName  =$_FILES['thumnail']["name"];
    $ImageSize    =$_FILES['thumnail']['size'];
    $TempSrc      =$_FILES['thumnail']['tmp_name'];
    $ImageType   =$_FILES['thumnail']['type'];
    $ImageTmp = array("name"=>$ImageName,"size"=>$ImageSize,"tmp_name"=>$TempSrc,"type"=>$ImageType);
    $resize_img_name ="rename_";
    $realName1 = img_file_upload($ImageTmp,$resize_img_width,$resize_img_name,$FILES_PATH);

    if($old_thumnail) {
     $data_file= $FILES_PATH.$old_thumnail;
     if(is_file($data_file)) unlink($data_file);
    }
}

//thump 이미지 저장 끝******************************************

	//쓰기

	if($mode == "write"){

				$query = "INSERT INTO board_$tableName
				(
				division,
				user_no,
				user_id,
				user_name,
				reg_date,
                is_notice,
				is_secret,
				subject,
				subtitle,
                contents,
				img_file1,
				ip
				) VALUES (
				'$division',
				'$sessionIDX',
				'$sessionID',
				'$sessionNickname',
				now(),
				'$is_secret',
                '$is_notice',
				'$subject',
				'$subtitle',
                '$contents',
				'$realName1',
				'$REMOTE_ADDR'
				)";

				$result = mysql_query($query,$db_con);
				$urlchk = "../profile.php";





	//수정
	}else if($mode == "proc"){
					if($realName1){
						$where =",img_file1='$realName1'";
					}


					$query = "update board_$tableName set division='$division',subject='$subject',subtitle='$subtitle' ,contents='$contents' $where ,is_secret='$is_secret' ,is_notice='$is_notice' where no = '$idx'";
					$result = mysql_query($query,$db_con);
					$urlchk = "../profile_write.php";




	//삭제
	}else if($mode =="del"){
             $tmp_thumnail = Get_db("select img_file1 from board_$tableName where no = '$idx'");
             if($tmp_thumnail) {
              $data_file= $FILES_PATH.$tmp_thumnail;
              if(is_file($data_file)) unlink($data_file);
             }

						$qry = "delete from board_$tableName  where no = '$idx'";
						$query =  mysql_query($qry,$db_con);
						$urlchk = "../profile.php";
	}

?>
<form name="form" method="post" action="<?=$urlchk?>" enctype="multipart/form-data">
<input type="hidden" name="mode" value="<?=$mode?>">
<input type="hidden" name="idx" value="<?=$idx?>">
<input type="hidden" name="act" value="<?=$division?>">
</form>
<script>
//alert("<?=$saveName?> OK");
document.form.submit();
</script>

Anon7 - 2021