ada script saya diblokir oleh via webhosting krn bisa dipakai sebagai celah oleh hacker spt link ini & Kalo sdh berhasil upload pic dpt hasil spt gini:

Ne script view.php saya gmn fixnya?

<?

require "inc/config.php";

$file = $_GET['filename'];

 if ($file == "") {

 header("Location: " . $server_url);

 exit;

 }

$title_query = mysql_query("SELECT filealt FROM images where filename='$file'");

list($page_title) = mysql_fetch_row($title_query);

$pageTitle=$page_title; ?>

<? require "header.php"; 





 

 $file = $_GET['filename'];

 $view = $_GET['view'];

 if ($file == "") {

 header("Location: " . $server_url);

 exit;

 }

 $t1=mktime(0,0,0,date("m"),date("d"),date("y"));

 $t2=($t1+24*60*50)-1;

 

 $currentip = $_SERVER['REMOTE_ADDR'];

 

 $query1 = "select * from images where filename='$file'"; 

 $result1 = mysql_query($query1) or die("Query failed1.");

 if(mysql_num_rows($result1) ==0) { ?>

 <div id="error"><div class="msg" id="sucmsgid"> <?

 echo "We don't have a photo with that name!"; ?>

 </div></div>

 <META HTTP-EQUIV="refresh" CONTENT="3;URL=gallery.php">

 <?

 }



 while ($row = mysql_fetch_array($result1))

 {

 $uploaderid=$row['userid'];

 $filesize1=$row['filesize'];

 $file_path=$row['filepath'];

 $file_alt=$row['filealt'];

 $date_added=date("jS F Y", $row[added]);



 }

 



 if($filesize1=="" or $file_path=="")

 {

 $err = "Image Not found";



 $query2 = "select filesize,filepath,filename,tn_filename from images order by rand() limit 1"; 

 $result2 = mysql_query($query2) or die("Query failed2.");



 

 while ($line1 = mysql_fetch_array($result2)) { 

 $filesize1=$line1[filesize];

 $file_path=$line1[filepath];

 }

 }

 

 $query3 = "select count(*) as total from imagehits where filename='$file'"; 

 $result3 = mysql_query($query3) or die("Query failed3.");

 while ($line2 = mysql_fetch_array($result3)) { 

 $view1=$line2[total];

 }

 

 

 $referer = $_SERVER['HTTP_REFERER'];

 /* if($view1>0)

 $kb=$view1*$filesize1;

 else

 $kb=$filesize1;

 $timestamp=time();

 $sql="insert into imagehits set referer='".$referer."', kb=$kb, filename='".$file."',ip='".$currentip."',timestamp='".$timestamp."'";

 mysql_query($sql) or die("Query failed3.");

*/



 $timestamp=time();

 $sql="insert into imagehits set referer='".$referer."', kb=$filesize1, filename='".$file."',ip='".$currentip."',timestamp='".$timestamp."'";

 mysql_query($sql) or die("Query failed3.");





?>

<div id="wrapper2">



 <center>

 

 <?

 if($err!="")

 {

 echo '<br /><br /><br /><h2>The requested image does not exist!<br/>

 or it was removed for violating terms or using excessive bandwidth</h2>'; ?> 

 

 <META HTTP-EQUIV="Refresh"

 CONTENT="5; URL=gallery.php">

 <? 

 } else {

 ?> 



 

 </center>

 <br /><br />

 

 

 <div style="float:left;width:530px;padding-left:15px;text-align:center;">

<div id="title-container">

 <h2><?echo $file_alt;?></h2>

 </div>

 <div id="textform2">This photo was uploaded <?= $date_added ?> and has been viewed <?=$view1?> times since then.</div><br /><br />

<? 

list($file_width, $file_height, $ext) = getimagesize($file_path.$file);

if (!$ext) {echo "Invalid image file!";}

else {

if($file_width>"500") { 

$width=500;

} else {

$width=$file_width;

} }

?>

 <a href="<?= $file_path.$file ?>">



 <img id="photo" src="<?= $file_path.$file ?>" alt="<?=$line[filename]?>" title="<?=$line[filename]?>" border="0" width="<?=$width?>" />

 </a><br /><br /><br />

<div id="error" style="display:none;"><div class="msg" id="sucmsgid"></div><div class="error" id="msgid"></div></div>

<?if($usergid=="1" || $usergid=="2") { ?>



<form name="delete" action="<?= $_SERVER['PHP_SELF'] ?>" method="post" style="margin-top: 0px; margin-bottom: 0px;">



<input type="hidden" name="d_filename" id="d_filename" value="<?=$file?>" >





 <button type="submit" name="delete" value="Delete" class="btn btn-primary">Delete</button>

</form>

 <?} else {?>

<form name="config" action="<?= $_SERVER['PHP_SELF'] ?>" method="post" class="form">

<input type="hidden" name="reporterid" id="reporterid" value="<?=$userid?>" >

<input type="hidden" name="uploaderid" id="uploaderid" value="<?=$uploaderid?>" >

<input type="hidden" name="timestamp" id="timestamp" value="<?=$timestamp?>" >

<input type="hidden" name="imagename" id="imagename" value="<?=$file?>" >

<input type="hidden" name="ip" id="ip" value="<?=$currentip?>" >



 <button type="submit" name="report" value="report" class="btn btn-primary">Report</button>

</form>

 <? } ?>

<br />

<br />

<? 

 $query5 = "select * from images where filename='$file'"; 

 $result5 = mysql_query($query5) or die("Query failed5.");



while ($row = mysql_fetch_assoc($result5)) {



 $file_path=$row['filepath'];

 $file_name=$row['filename'];

 $file_tn=$row['tn_filename'];

 $file_link=$file_path.$file_name;

 $tn_link=$file_path.$file_tn;

}



?><center>

<div id="textform2">Link for viewing the photo </div><br><div class="form-group"><textarea class="textform" name="url1[]" cols="" wrap="virtual" READONLY><?echo $server_url;?>/view-<?echo $file_name;?></textarea></div><br>



<div id="textform2">Link directly to your photo</div><br><div class="form-group"><textarea class="textform" name="url2[]" cols="" wrap="virtual" READONLY><?echo $file_link;?></textarea></div><br>



<div id="textform2">Link directly to photo thumbnail</div><br><div class="form-group"><textarea class="textform" name="url3[]" cols="" wrap="virtual" READONLY><?echo $tn_link;?></textarea></div><br>



<div id="textform2">Code to post the photo in a forum:</div><br><div class="form-group"><textarea class="textform" name="url4[]" cols="" wrap="virtual" READONLY>[URL=<?echo $server_url;?>/view-<?echo $file_name;?>][img]<?echo $file_link;?>[/img][/URL]</textarea></div><br>



<div id="textform2">Code to post the thumbnail in a forum:</div><br><div class="form-group"><textarea class="textform"name="url5[]" cols="" wrap="virtual" READONLY>[URL=<?echo $server_url;?>/view-<?echo $file_name;?>][img]<?echo $tn_link;?>[/img][/URL]</textarea></div><br>



<div id="textform2">Code to post photo in your website:</div><br><div class="form-group"><textarea class="textform" name="url6[]" cols="" wrap="virtual" READONLY><a href="<?echo $server_url;?>/view-<?echo $file_name;?>" target="_blank"><img src="<?echo $file_link;?>" alt="<?echo $file_alt;?>"></a></textarea></div>

><br></center>





</div><br style="clear:both;" />

 <br /><br /><br /><center><?=$config[footer]?></center><br /><br />

<? }?>

</div> 

<br /> 

<? require "footer.php"; ?>

apa ada alternatif selalin script "getimagesize()"?