ANTICHAT - Показать сообщение отдельно - Переименование дубликата

Обрати внимание на хак в виде кода:

Код:

if (file_exists($att_path."/".$uniq.".".$ext)) $uniq = $uniq . '(copy)';

PHP код:


		
			
<?

    include("include/common.php");

    

    if($loggedin){

        include("include/accmenu.php");

    }

    if( $_POST['submit'] && $_FILES['attached']['name'] ){

        $ok_filetypes = explode("|",$att_filetypes);

        if (!$_FILES['attached']['error'] && $_FILES['attached']['size'] > $att_max_size*1024){

            errform('<CENTER>Извините, слишком большой размер файла!</CENTER><BR><BR>'); // #err

            $step = 1;

        }

        $filename = (!$_FILES['attached']['error'] ? substr( basename($_FILES['attached']['name']), -30 ) : '');

        $x = strtolower( substr($_FILES['attached']['name'], -3));

        if($filename && !in_array($x, $ok_filetypes) ){

            errform('<CENTER>Не поддерживаемый тип файла!!!</CENTER><BR><BR>');

            $step = 1;

        }

        if(!$posterr){

            if(!isset($_GET["ipaddress"]) || ($_GET["ipaddress"] == "")) {

                $ipaddress = $_SERVER['REMOTE_ADDR'];

                $local = 1;

            } else {

                $ipaddress = $_GET["ipaddress"];

                $local = 0;

            }

    



                  $ru=array("а","б","в"," ","г","д","е","ё","ж","з","и","й","к","л","м","н","о","п","р","с","т","у","ф","х","ц","ч","ш","щ","ъ","ы","ь","э","ю","я");

                  $tr=array("a","b","v","_","g","d","e","oh","zh","z","i","j","k","l","m","n","o","p","r","s","t","u","f","x","c","ch","sh","w","qh","y","q","eh","ju","ja");

                  $uniq = strtolower(str_replace($ru,$tr,$_FILES['attached']['name']));

            if (file_exists($att_path."/".$uniq.".".$ext)) $uniq = $uniq . '(copy)';

            move_uploaded_file($_FILES['attached']['tmp_name'], $att_path."/".$uniq.".".$ext );

            $strQuery  = "INSERT INTO images25 SET ";

              $strQuery .= "filename='($uniq)',"; 

            if($myuid){

                $strQuery .= "user='{$myuid}',";

            }

            $strQuery .= "status='1'";

            $result = mysql_query($strQuery) or die( mysql_error() );

            $aid = mysql_insert_id();

            if($aid){

                $filen = $siteurl."/".str_replace('./', '', $att_path)."/".$uniq."";

                $filen = str_replace('http://','%%',$filen);

                $filen = str_replace('//','/',$filen);

                $filen = str_replace('%%','http://',$filen);



                

                //ITS AN IMAGE

                if($x=="jpg" or $x=="jpeg" or $x=="gif" or $x=="png" or $x=="jif" or $x=="jfif")

                {

                    $filenx=$filen;

                }

                else

                {

                    include("include/const.inc.php");

                    $filenx = $siteurl."/icons/".$Icons[$ext];

                }





                $step = 2;

            }else{

                $step = 1;

            }

        }

    }else{

        $step = 1;

    }

    if($step == 1){

    

?>