Файл: avatar.php
Строк: 32
<?php
$title='Смена аватара';require_once 'system/head.php';
if($user){
echo'<div class="menu" style="text-align:center;"><a href="/profile.php?act=edit">Профиль</a> | Аватар</div>
<div class="menu">Не более 500Кб(JPG, JPEG, PNG, GIF)<br/>
<form action = "#" method = "post" enctype = "multipart/form-data">
<input type = "file" name = "somename" />
<input type = "submit" value = "Загрузить" />
</form></div> ';
back('/');
require_once 'system/foot.php';
$rand=rand(0001,99999999);
$id=$user['id'];
$login=$user['login'];
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".html", ".htm");
foreach ($blacklist as $item)
if(preg_match("/$item$/i", $_FILES['somename']['name']=''.$rand.'.jpeg')) exit;
$type = $_FILES['somename']['type'];
$size = $_FILES['somename']['size'];
$avatar = $_FILES['somename']['name'];
if (($type != "image/jpg") && ($type != "image/jpeg") && ($type != "image/png") && ($type != "image/gif")) exit;
if ($size > 502400) exit;
$uploadfile = "images/".$_FILES['somename']['name'];
move_uploaded_file($_FILES['somename']['tmp_name'], $uploadfile);
mysql_query("UPDATE `user` SET `avatar`= '$avatar' WHERE `id`='$user[id]'");
echo'<div class="menu">Аватар изменен</div>';
}else{echo'<div class="menu">Вы не авторизованы</div>';}
back('/');
require_once 'system/foot.php';
?>