Файл: load.php
Строк: 30
<?
error_reporting(0);
require_once 'system/head.php';
$ifile = mysql_query ("select * from `avatar` order by `id`");
$avatars = mysql_query('SELECT * FROM `avatar` WHERE `id_us` = '.$user[id].'');
$avatar = mysql_fetch_array($avatars);
if($user){
echo'
<div class="menu">Не более 500Кб(JPG, JPEG, PNG, GIF)<br/>
<form action = "load.php" method = "post" enctype = "multipart/form-data">
<input type = "file" name = "somename" />
<input type = "submit" value = "Загрузить" />
</form></div> ';
require_once 'system/foot.php';
$rand=rand(0001,99999999);
$id=''.$user['id'].'';
$login=''.$user['login'].'';
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".html", ".htm");
foreach ($blacklist as $item)
if(preg_match("/$item$/i", $_FILES['somename']['name']=''.$rand.'.jpeg')) exit;
$type = $_FILES['somename']['type'];
$size = $_FILES['somename']['size'];
$avatar = $_FILES['somename']['name'];
if (($type != "image/jpg") && ($type != "image/jpeg") && ($type != "image/png") && ($type != "image/gif")) exit;
if ($size > 502400) exit;
$uploadfile = "images/".$_FILES['somename']['name'];
move_uploaded_file($_FILES['somename']['tmp_name'], $uploadfile);
mysql_query("UPDATE `user` SET `avatar`= '$avatar' WHERE `id`='$user[id]'");
echo'<div class="menu">Аватар изменен</div>'; }else{echo'<div class="menu">Вы не авторизованы</div>';}
require_once 'system/foot.php';
?>