コード例 #1
0
ファイル: postnewthread.php プロジェクト: roniwahyu/AKEUDA
         $i = 1;
         foreach ($poll_opts as $poll_option) {
             $result = dbquery("INSERT INTO " . DB_FORUM_POLL_OPTIONS . " (thread_id, forum_poll_option_id, forum_poll_option_text, forum_poll_option_votes) VALUES('" . $thread_id . "', '" . $i . "', '" . $poll_option . "', '0')");
             $i++;
         }
     }
 }
 if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) {
     $attach = $_FILES['attach'];
     if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) {
         $attachname = substr($attach['name'], 0, strrpos($attach['name'], "."));
         $attachext = strtolower(strrchr($attach['name'], "."));
         if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $attachname) && $attach['size'] <= $settings['attachmax']) {
             $attachtypes = explode(",", $settings['attachtypes']);
             if (in_array($attachext, $attachtypes)) {
                 $attachname = attach_exists(strtolower($attach['name']));
                 move_uploaded_file($attach['tmp_name'], FORUM . "attachments/" . $attachname);
                 chmod(FORUM . "attachments/" . $attachname, 0644);
                 if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM . "attachments/" . $attachname) || !@verify_image(FORUM . "attachments/" . $attachname))) {
                     unlink(FORUM . "attachments/" . $attachname);
                     $error = 1;
                 }
                 if (!$error) {
                     $result = dbquery("INSERT INTO " . DB_FORUM_ATTACHMENTS . " (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('" . $thread_id . "', '" . $post_id . "', '{$attachname}', '{$attachext}', '" . $attach['size'] . "')");
                 }
             } else {
                 @unlink($attach['tmp_name']);
                 $error = 1;
             }
         } else {
             @unlink($attach['tmp_name']);
コード例 #2
0
ファイル: postnewthread.php プロジェクト: dioda/phpfusion
             $result = dbquery("INSERT INTO " . DB_FORUM_POLL_OPTIONS . " (thread_id, forum_poll_option_id, forum_poll_option_text, forum_poll_option_votes) VALUES('" . $thread_id . "', '" . $i . "', '" . $poll_option . "', '0')");
             $i++;
         }
     }
 }
 if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) {
     // $attach = $_FILES['attach'];
     foreach ($_FILES as $attach) {
         if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) {
             $attachname = stripfilename(substr($attach['name'], 0, strrpos($attach['name'], ".")));
             $attachext = strtolower(strrchr($attach['name'], "."));
             if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $attachname) && $attach['size'] <= $settings['attachmax']) {
                 $attachtypes = explode(",", $settings['attachtypes']);
                 if (in_array($attachext, $attachtypes)) {
                     $attachname .= $attachext;
                     $attachname = attach_exists(strtolower($attachname));
                     move_uploaded_file($attach['tmp_name'], FORUM . "attachments/" . $attachname);
                     chmod(FORUM . "attachments/" . $attachname, 0644);
                     if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM . "attachments/" . $attachname) || !@verify_image(FORUM . "attachments/" . $attachname))) {
                         unlink(FORUM . "attachments/" . $attachname);
                         $error = 1;
                     }
                     if (!$error) {
                         $result = dbquery("INSERT INTO " . DB_FORUM_ATTACHMENTS . " (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('" . $thread_id . "', '" . $post_id . "', '" . $attachname . "', '" . $attachext . "', '" . $attach['size'] . "')");
                     }
                 } else {
                     @unlink($attach['tmp_name']);
                     $error = 1;
                 }
             } else {
                 @unlink($attach['tmp_name']);