@Ghazascanner
_2019runbot
Ghazascanner File Manager
server :Linux adweb87 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64
Current Path :
/
home
/
sanchung
/
public_html
/
board
/
Path :
Upload File :
New :
File
Dir
/home/sanchung/public_html/board/insert.php
<? session_start(); set_time_limit(0); include_once"$_SERVER[DOCUMENT_ROOT]/board/_setup.php"; include_once"$_path[board]/inc/image_resize.class.php"; /**** °Ô½ÃÆÇ È¯°æ ¼³Á¤ ****/ include_once"$_path[board]/_lib/bbsset.php"; /**** °Ô½ÃÆÇ »ç¿ëÇÔ¼ö ****/ include_once"$_path[board]/_lib/user.class.php"; /**** °Ô½ÃÆÇ ¾ð¾î ŸÀÌƲ ****/ include_once"$_path[board]/_lib/language.php"; // ½ºÅ©¸³Æ®ÀÔ·Â Á¦ÇÑ if($_board[script_allow] != "Y"){ $_search_txt[0] = "<script"; $_search_txt[1] = "</script"; while(list($key, $val) = each($_POST)){ $_new_data = preg_replace("($_search_txt[0])i", "<x-script", $val); $_new_data = preg_replace("($_search_txt[1])i", "</x-script", $_new_data); $_POST[$key] = $_new_data; } reset($_POST); while(list($key, $val) = each($_GET)){ $_new_data = preg_replace("($_search_txt[0])i", "<x-script", $val); $_new_data = preg_replace("($_search_txt[1])i", "</x-script", $_new_data); $_GET[$key] = $_new_data; } reset($_GET); } // ¾ÆÀÌÇÁ·¹ÀÓÀÔ·Â Á¦ÇÑ if($_board[iframe_allow] != "Y"){ $_search_txt[0] = "<iframe"; $_search_txt[1] = "</iframe"; while(list($key, $val) = each($_POST)){ $_new_data = preg_replace("($_search_txt[0])i", "<x-iframe", $val); $_new_data = preg_replace("($_search_txt[1])i", "</x-iframe", $_new_data); $_POST[$key] = $_new_data; } reset($_POST); while(list($key, $val) = each($_GET)){ $_new_data = preg_replace("($_search_txt[0])i", "<x-iframe", $val); $_new_data = preg_replace("($_search_txt[1])i", "</x-iframe", $_new_data); $_GET[$key] = $_new_data; } reset($_GET); } // °ü¸®ÀÚ ºñ¹ø Ãâ·Â $_adm_row = $mysql->row("adw_myinfo", "pass", ""); $admin_pass = $_adm_row[pass]; $search = "&db=$db&amode=$amode&column=$column&keyword=$keyword&sort=$sort"; // °øÁö ¼³Á¤ if($_POST[notice] != "Y") $_POST[notice] = "N"; $mysql->string_escape(); switch($type){ /**** °Ô½Ã¹° ÀúÀå ****/ case "insert": #### ½ºÆÔ¹æÁö ÄÚµå»ç¿ë½Ã #### $_BBS->spam_check(); // ÆÄÀÏ ¾÷·Îµå $file_upload = $_BBS->fileUpload(); $_POST[filename] = $file_upload["_file"]; $_POST[filename_true] = $file_upload["_name"]; $_POST[m_id] = $_mem_key[id]; $_POST[ip] = $_SERVER[REMOTE_ADDR]; $_POST[home] = str_replace("http://", "", $_POST[home]); if(!$_POST[open]) $_POST[open] = "Y"; if(!$_POST[pass]) $_POST[pass] = $admin_pass; $mysql->insert("$_board[table]", $_POST, 0); $_D[grp] = mysql_insert_id(); $mysql->update("$_board[table]", $_D, "where id='$_D[grp]'"); Header("Location: $_POST[BACK_URL]?db=$db&page=$page$search"); break; /**** °Ô½Ã¹° ¼öÁ¤ ****/ case "modify": // ÆÄÀÏ ¾÷·Îµå(¼öÁ¤) $file_upload = $_BBS->fileUpload_modify($id); $_POST[filename] = $file_upload["_file"]; $_POST[filename_true] = $file_upload["_name"]; //if(!$_POST[open]) $_POST[open] = "Y"; $_POST[home] = str_replace("http://", "", $_POST[home]); $_POST[ip] = $_SERVER[REMOTE_ADDR]; $mysql->update("$_board[table]", $_POST, "where id=$id"); // ¿ø±ÛÀ϶§ ´äº¯±Û ¿ÀÇÂÀ¯¹«¼öÁ¤ $_row = $mysql->row("$_board[table]", "grp, loc, stp, mstp, open", "where id='$id'"); if($_row[loc]==0 && $_row[stp]==0){ $_DA[open] = $_row[open]; $mysql->update("$_board[table]", $_DA, "where grp='$_row[grp]' && mstp=0"); } if($_board[board_shape] == "faq" || $_board[board_shape] == "guest") Header("Location: $BACK_URL?db=$db&page=$page$search"); else Header("Location: $BACK_URL?db=$db&page=$page$search&type=read&id=$id"); break; /**** ¸Þ¸ðÀúÀå ****/ case "memoinsert": #### ½ºÆÔ¹æÁö ÄÚµå»ç¿ë½Ã #### $_BBS->spam_check(); $row = $mysql->row("$_board[table]", "grp, loc, stp", "where id='$id'"); $_POST[grp] = $row[0]; $_POST[loc] = $row[1]; $_POST[stp] = $row[2]; $_row = $mysql->row("$_board[table]", "max(mstp)", "where grp=$_POST[grp]"); $_POST[mstp] = $_row[0] + 1; $_POST[m_id] = $_mem_key[id]; $_POST[ip] = $_SERVER[REMOTE_ADDR]; $mysql->insert("$_board[table]", $_POST); if($_board[board_shape] == "guest") Header("Location: $BACK_URL?db=$db&page=$page$search"); else Header("Location: $BACK_URL?db=$db&page=$page$search&type=read&id=$id"); break; /**** ´äº¯´Þ±â ****/ case "reinsert": #### ½ºÆÔ¹æÁö ÄÚµå»ç¿ë½Ã #### $_BBS->spam_check(); $row = $mysql->row("$_board[table]", "grp, stp, loc", "where id='$id'"); $grp = $row[grp]; $loc = $row[stp]; $stp = $row[loc]; $__row = $mysql->row("$_board[table]", "open", "where grp='$grp' && stp='0' && loc='0' && mstp='0'", 1); $_POST[open] = $__row[open]; $row1 = $mysql->row("$_board[table]", "grp, loc, stp", "where grp=$grp && stp>$stp && loc<=$loc order by stp"); if($row1[0]){ $br_str = $row1[2]; $row2 = $mysql->row("$_board[table]", "grp, loc, stp", "where grp=$grp && stp>$stp && stp<$br_str && loc>$loc order by stp desc"); } else { $row2 = $mysql->row("$_board[table]", "grp, loc, stp", "where grp=$grp && stp>$stp && loc>$loc order by stp desc"); } if($row2[0]){ $stp = $row2[2]; } $_sql = "update $_board[table] set stp=stp+1 where grp=$grp and stp>$stp"; @mysql_query($_sql); $stp = $stp+1; $loc = $loc+1; $subject = str_replace("Re:", "", $subject); // ÆÄÀÏ ¾÷·Îµå $file_upload = $_BBS->fileUpload(); $_POST[filename] = $file_upload["_file"]; $_POST[filename_true] = $file_upload["_name"]; $_POST[m_id] = $_mem_key[id]; $_POST[ip] = $_SERVER[REMOTE_ADDR]; //if(!$_POST[open]) $_POST[open] = "Y"; if(!$_POST[pass]) $_POST[pass] = $admin_pass; $_POST[grp] = $grp; $_POST[loc] = $loc; $_POST[stp] = $stp; $mysql->insert("$_board[table]", $_POST); $Mid = mysql_insert_id(); if($admin_read == "Y") Header("Location:$BACK_URL?db=$db&page=$page$search"); else Header("Location:$BACK_URL?db=$db&page=$page$search&type=read&id=$Mid"); break; /**** ¸Þ¸ð »èÁ¦ ****/ case "memodelete": if(!$_adm_key["admin"] && !$_adm_key["board"] && !$_adm_key["master"]){ $row = $mysql->row("$_board[table]", "id", "where pass='$pass' && db='$db' && id='$id'"); if(!$row) $lib->alert_back("ºñ¹Ð¹øÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù. "); } $sql = "delete from $_board[table] where db='$db' && id='$id'"; @mysql_query($sql); if($_board[board_shape] == "guest") Header("Location: $BACK_URL?db=$db&page=$page$search"); else Header("Location: $BACK_URL?db=$db&page=$page$search&type=read&id=$parent"); break; /**** ºñ¹Ð±Û ·Î±×ÀÎ ****/ case "bi_login": $row = $mysql->row("$_board[table]", "grp, pass", "where id='$id'"); $grp = $row[grp]; $_row = $mysql->row("$_board[table]", "pass", "where grp=$grp && stp=0 && loc=0 && mstp=0"); if($row[pass] != $pass && $_row[pass] != $pass) $lib->alert_back("º»¹® ºñ¹Ð¹øÈ£°¡ ¼·Î ´Ù¸¨´Ï´Ù. "); SetCookie("BI_COOKIE_", $id, "0", "/"); Header("Location: $BACK_URL?db=$db&page=$page&part=$part&word=$word&sort=$sort&id=$id&type=read"); break; /**** °Ô½Ã¹° Áö¿ì±â ****/ case "delete": // °ü¸®ÀÚÀ϶§ ºñ¹ø üũ¾ÈÇÔ if($_adm_key["admin"] || $_adm_key["board"] || $_adm_key["master"]){ $row = $mysql->row("$_board[table]", "id, grp, stp, loc, filename", "where db='$db' && id='$id'"); } else { $row = $mysql->row("$_board[table]", "id, grp, stp, loc, filename", "where db='$db' && id='$id' && pass='$pass'"); if(!$row) $lib->alert_back("ºñ¹Ð¹øÈ£°¡ ¼·Î ´Ù¸¨´Ï´Ù."); } $grp = $row[grp]; $stp = $row[stp]; $loc = $row[loc]; $oldfile = @explode(",", $row[filename]); $_row = $mysql->row("$_board[table]", "id", "where db='$db' and grp='$grp' && stp>'$stp'"); if($_row){ $lib->alert_back("´äº¯ÀÌ ÀÖ´Â °Ô½Ã¹°ÀÔ´Ï´Ù.\\n\\nÁ¦ÀÏ ÇÏÀ§ °Ô½Ã¹° ºÎÅÍ »èÁ¦ÇÏ¼Å¾ß ÇÕ´Ï´Ù. "); } else { $sql = "delete from $_board[table] where id=$id"; @mysql_query($sql); while(list($key , $val) = each($oldfile)){ @unlink("$_path[board]/data/$db/$val"); } //°Ô½Ã¹°ÀÇ ¸Þ¸ðÁö¿ì±â $sqlm = "delete from $_board[table] where grp='$grp' and loc='$loc' and stp='$stp' and mstp != 0"; @mysql_query($sqlm); Header("Location: $BACK_URL?db=$db&page=$page$search"); } break; /**** ¼±ÅÃµÈ °Ô½Ã¹° Çѹø¿¡ Áö¿ì±â ****/ case "list_del": if(!$_adm_key["admin"] && !$_adm_key["board"] && !$_adm_key["master"]){ $lib->alert_back("°ü¸®ÀÚ Á¤º¸°¡ ¾ø½À´Ï´Ù. "); } $id = explode(",", $del_ids); rsort($id); reset($id); for($jj=0; $jj<count($id); $jj++){ // START FOR // if(!$id[$jj]) continue; $row = $mysql->row("$_board[table]", "grp, stp, loc, filename, tmp_file", "where id='$id[$jj]'"); $grp = $row[grp]; $stp = $row[stp]; $loc = $row[loc]; $oldfile = @explode(",", $row[filename]); $_row = $mysql->row("$_board[table]", "id", "where db='$db' && grp=$grp && stp>$stp"); if(!$_row){ $sql = "delete from $_board[table] where id='$id[$jj]'"; @mysql_query($sql); //°Ô½Ã¹°ÀÇ ¸Þ¸ðÁö¿ì±â $sqlm = "delete from $_board[table] where grp='$grp' && loc='$loc' && stp='$stp' && mstp!=0"; @mysql_query($sqlm); while(list($key, $val) = each($oldfile)){ @unlink("$_path[board]/data/$db/$val"); } } else { $reply = "yes"; $renum++; //Error_Mesg("´äº¯ÀÌ ÀÖ´Â °Ô½Ã¹°ÀÔ´Ï´Ù. Á¦ÀÏ ÇÏÀ§ °Ô½Ã¹° ºÎÅÍ »èÁ¦ÇÏ¼Å¾ß ÇÕ´Ï´Ù."); } } // END FOR // if($reply == "yes"){ echo"<script> alert('´äº¯ÀÌ ÀÖ´Â °Ô½Ã¹°Àº Á¦ÀÏ ÇÏÀ§ °Ô½Ã¹° ºÎÅÍ »èÁ¦ ÇÏ¼Å¾ß ÇÕ´Ï´Ù.\\n\\n${renum}°³ÀÇ °Ô½Ã¹°ÀÌ »èÁ¦ µÇÁö ¾È¾Ò½À´Ï´Ù.'); location.href = '$BACK_URL?db=$db&page=$page$search'; </script>"; } else { Header("Location: $BACK_URL?db=$db&page=$page$search"); } break; } ?>