Untitled Document

0); //possible hacking else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking else if (substr($_REQUEST[del],0,6)==$upload_dir) { unlink($_REQUEST[del]); print ""; } } else if ($_FILES['userfile']) { $resource = fopen("log.txt","a"); fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]" .$_FILES['userfile']['name']." " .$_FILES['userfile']['type']."\n"); fclose($resource); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); //File Size Check if ( $_FILES['userfile']['size'] > $MAX_SIZE) $message = "The file size is over 2MB."; //File Type/Extension Check else if (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS) ) $message = "Sorry, $file_name($file_type) is not allowed to be uploaded."; else $message = do_upload($upload_dir, $upload_url); print ""; } else if (!$_FILES['userfile']); else $message = "Invalid File Specified."; /************************************************************ * List Files ************************************************************/ $handle=opendir($upload_dir); $filelist = ""; while ($file = readdir($handle)) { if(!is_dir($file) && !is_link($file)) { $filelist .= "".$file.""; if ($DELETABLE) $filelist .= " x"; $filelist .= "_{".date("d-m H:i", filemtime($upload_dir.$file))
."}"; $filelist .="
"; } } function do_upload($upload_dir, $upload_url) { $temp_name = $_FILES['userfile']['tmp_name']; $file_name = $_FILES['userfile']['name']; $file_name = str_replace("\\","",$file_name); $file_name = str_replace("'","",$file_name); $file_path = $upload_dir.$file_name; //File Name Check if ( $file_name =="") { $message = "Invalid File Name Specified"; return $message; } $result = move_uploaded_file($temp_name, $file_path); if (!chmod($file_path,0777)) $message = "change permission to 777 failed."; else $message = ($result)?"$file_name" : "Somthing is wrong with uploading a file."; return $message; } ?> ".$_REQUEST[message].""." "."Lên Server"." "."Thành Công"?>

"") { mysql_select_db("baitap"); $res = mysql_query("SELECT * FROM LOG"); $sql = "INSERT INTO log VALUES ('$a')"; $res =mysql_query($sql,$ctqlpo); echo ""; echo ""; exit(); } ?>