where("in_id", $id)->value("in_icon"); if (!db("admin")->where("in_adminid", $aid)->value("in_adminid") || md5(db("admin")->where("in_adminid", $aid)->value("in_adminpassword")) !== $apw) { exit("Access denied"); } if (!empty($_FILES)) { $in_icon = stristr($icon, "/") ? substr(strrchr($icon, "/"), 1) : $icon; $filepart = pathinfo($_FILES["file"]["name"]); if (in_array(strtolower($filepart["extension"]), array("jpg", "jpeg", "gif", "png"))) { $file = IN_ROOT . "data/attachment/" . $in_icon; @move_uploaded_file($_FILES["file"]["tmp_name"], $file); echo $in_icon; } else { echo "-1"; } } }