Changeset 208


Ignore:
Timestamp:
Jun 19, 2009, 8:17:16 PM (16 years ago)
Author:
george
Message:
  • Přidáno: Kontrola existence proměnné "odkud přišli" a správnosti zadání obrázku.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/banners/banner.php

    r185 r208  
    33include('../includes/global.php');
    44
    5 header('Content-Type: image/png');
    6 $Referer = addslashes($_SERVER['HTTP_REFERER']);
    7 $Referer = substr($Referer, strpos($Referer, '/') + 2);
    8 $HostName = substr($Referer, 0, strpos($Referer, '/'));
    9 if(substr($HostName, -1) == '.') $HostName = substr($HostName, 0, -1);
    10 if($HostName != gethostbyname($HostName))
     5if(array_key_exists('image', $_GET))
    116{
    12   $Referer = 'http://'.$HostName.'/';
    13   $DbResult = mysql_query('SELECT * FROM `banner` WHERE `Web` = "'.$Referer.'"', $Database->id_connection);
    14   if(mysql_num_rows($DbResult) > 0)
    15     $Database->SQLCommand('UPDATE `banner` SET `DateLast` = NOW(), `LastURL` = "'.addslashes($_SERVER['HTTP_REFERER']).'" WHERE `Web` = "'.$Referer.'"');
    16     else mysql_query('INSERT INTO `banner` (`Web`, `DateFirst`, `DateLast`, LastURL`) VALUES ("'.$Referer.'", NOW(), NOW( ), "'.addslashes($_SERVER['HTTP_REFERER']).'")', $Database->id_connection);
    17 }
     7  if(file_exists($_GET['image']))
     8  {
     9    Header('Content-Type: image/png');
     10    if(array_key_exists('HTTP_REFERER', $_SERVER)) $Referer = addslashes($_SERVER['HTTP_REFERER']);
     11      else $Referer = '';
     12    $Referer = substr($Referer, strpos($Referer, '/') + 2);
     13    $HostName = substr($Referer, 0, strpos($Referer, '/'));
     14    if(substr($HostName, -1) == '.') $HostName = substr($HostName, 0, -1);
     15    if($HostName != gethostbyname($HostName))
     16    {
     17      $Referer = 'http://'.$HostName.'/';
     18      $DbResult = mysql_query('SELECT * FROM `banner` WHERE `Web` = "'.$Referer.'"', $Database->id_connection);
     19      if(mysql_num_rows($DbResult) > 0)
     20        $Database->SQLCommand('UPDATE `banner` SET `DateLast` = NOW(), `LastURL` = "'.addslashes($_SERVER['HTTP_REFERER']).'" WHERE `Web` = "'.$Referer.'"');
     21        else mysql_query('INSERT INTO `banner` (`Web`, `DateFirst`, `DateLast`, LastURL`) VALUES ("'.$Referer.'", NOW(), NOW( ), "'.addslashes($_SERVER['HTTP_REFERER']).'")', $Database->id_connection);
     22    }
    1823
    19 $Image = imagecreatefromjpeg(addslashes($_GET['image']));
    20 imagepng($Image);
     24    $Image = imagecreatefromjpeg($_GET['image']);
     25    imagepng($Image);
     26  } else echo('Zadaný obrázek neexistuje.');
     27} else echo('Nutno zadat parameter image.');
    2128
    2229?>
Note: See TracChangeset for help on using the changeset viewer.