session_start();
include "../util/user_function.inc";
include "conn.inc";
if(!$s_id){
back('¼Ò±¸¸® ȸ¿ø¸¸ ±ÛÀ» ¾²½Ç¼ö ÀÖÀ¾´Ï´Ù.');
}
if($mode) { //ÆûÀ¸·Î ÀüÇØÁø µ¥ÀÌŸ¸¦ ¹Þ¾ÒÀ»¶§¤Ó.
if (!$boardid || !$where) {
back('°Ô½ÃÆÇÀÇ ÄÚµå¿Í À§Ä¡°¡ ÇÊ¿äÇÕ´Ï´Ù.');
}
if (!$subject || !$comment) {
back('°Ô½ÃÆÇÀÇ Á¦¸ñ°ú ³»¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù.');
}
if(isset($photo) && !empty($photo_name)) { //»çÁøÀ» ¿Ã·ÈÀ¸¸é
if ($photo_size>200000) {
back("»çÁøÅ©±â´Â 200,000 ¹ÙÀÌÆ®¸¦ ³ÑÀ»¼ö ¾øÀ¾´Ï´Ù.");
}
// echo "$photo_size";
$file_tail=substr(strrchr($photo_name,"."),1); //ÆÄÀÏ È®ÀåÀÚ ±¸Çϱâ.
$file_tail=strtoupper($file_tail);
if($file_tail != 'JPG' && $file_tail != 'GIF') {
back("È®ÀåÀÚ°¡ JPG,GIF ÈÀϸ¸ ¿Ã¸±¼ö ÀÖÀ¾´Ï´Ù.");
}
/*****************************************************************
$photo_name=addslashes($photo_name);
$photo_name=ereg_replace(" ","",$photo_name);
$photo_name=ereg_replace("\|","",$photo_name);
$photo_dir="./photo/".$photo_name;
$exitst=file_exists("./photo/$photo_name");
if($exitst) {
back("¼±ÅÃÇϽŠÆÄÀÏ°ú µ¿ÀÏÇÑ À̸§ÀÇ ÆÄÀÏÀÌ ÀÌ¹Ì Á¸ÀçÇÕ´Ï´Ù.");
}
*******************************************************************/
$photo_dir="./photo/".date("U").$s_id.".".$file_tail;
// alert($photo_dir);
} // eof if (isset($photo))
mysql_select_db('woorinara');
$query="select * from member where id='$s_id'";
$result=mysql_query($query,$connect);
$row=mysql_fetch_array($result);
$line = explode("\n",$comment);
$line_count = sizeof($line);
$email=$row[email]."@".$row[emailserver];
$name=$row[name];
mysql_select_db('board');
$result = mysql_query("SELECT max(uid), max(fid) FROM $boardid",$connect);
if (!$result) {
back('Ä÷¸®¿¡·¯');
}
$row = mysql_fetch_row($result);
if($row[0]) {
$new_uid = $row[0] + 1;
} else {
$new_uid = 1;
}
if($row[1]) {
$new_fid = $row[1] + 1;
} else {
$new_fid = 1;
}
$signdate = time();
######### Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ##########
$subject = htmlspecialchars($subject);
if($comment_is_html=='N') {
$comment=htmlspecialchars($comment);
}
########## µ¥ÀÌÅͺ£À̽º¿¡ ÀԷ°ªÀ» »ðÀÔÇÑ´Ù. ##########
$query = "INSERT INTO $boardid VALUES ($new_uid, $new_fid, '$name', '$email', '$subject', '$comment', '', $signdate, 0,'A','$where',$line_count,'$REMOTE_ADDR','$s_id','$comment_is_html','$photo_dir','$photo_dir1','$photo_dir2','$photo_dir3','$photo_dir4','$photo_option')";
$result = mysql_query($query,$connect);
if(!$result) {
alert("$query");
back('ÀμƮ ¿¡·¯');
}
if(isset($photo_name) && !empty($photo_name)) { //»çÁøÀ» ¿Ã·ÈÀ¸¸é
if(!copy($photo,$photo_dir)) {
back("ÆÄÀÏÀ» ÁöÁ¤ÇÑ µð·ºÅ丮¿¡ º¹»çÇϴµ¥ ½ÇÆÐÇßÀ¾´Ï´Ù.");
}
if(!unlink($photo)) {
back("ÀÓ½ÃÆÄÀÏÀ» »èÁ¦Çϴµ¥ ½ÇÆÐÇß½À´Ï´Ù.");
}
}
goto_refresh_page("list.html?boardid=$boardid&where=$where",0);
}
?>
¼Ò±¸¸® ¹®ÈÁöµµ ±³Åë°Ô½ÃÆÇ ±Û¾²±â
include 'board_write.inc';
?>
¨Ï 1999-=date(Y);?> Soguri
|