From a50f7ce802dd47776ab07b25449f7140b0bea711 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Tue, 15 Apr 2014 15:12:55 +0900
Subject: [PATCH 1/4] =?UTF-8?q?sms5=20=EC=BD=94=EB=93=9C=20=EC=B2=B4?=
 =?UTF-8?q?=ED=81=AC=20=EB=B0=8F=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/_common.php               |  2 +-
 adm/sms_admin/ajax.sms_write_person.php | 12 +++++-----
 adm/sms_admin/config.php                |  4 ++--
 adm/sms_admin/form_list.php             | 10 ++++-----
 adm/sms_admin/form_write.php            |  2 +-
 adm/sms_admin/history_list.php          |  4 ++--
 adm/sms_admin/history_member.php        |  6 ++---
 adm/sms_admin/history_num.php           | 29 ++++++++++++-------------
 adm/sms_admin/history_view.php          |  6 ++---
 adm/sms_admin/num_book.php              | 14 ++++++------
 adm/sms_admin/num_book_file.php         |  6 ++---
 adm/sms_admin/sms_write.php             |  8 +++----
 adm/sms_admin/sms_write_form.php        | 12 +++++-----
 13 files changed, 57 insertions(+), 58 deletions(-)

diff --git a/adm/sms_admin/_common.php b/adm/sms_admin/_common.php
index 289691141..c2c148c40 100644
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@@ -4,7 +4,7 @@ include_once ('../../common.php');
 include_once(G5_ADMIN_PATH.'/admin.lib.php');
 
 if (!strstr($_SERVER['PHP_SELF'], 'install.php')) {
-    if(!mysql_num_rows(mysql_query("show tables like '{$g5['sms5_config_table']}'")))
+    if(!mysql_num_rows(mysql_query(" show tables like '{$g5['sms5_config_table']}' ")))
         goto_url('install.php');
 
     // SMS 설정값 배열변수
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index 718fbe41b..e11a329f4 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -137,18 +137,18 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
 
 <label for="bg_no" class="sound_only">그룹</label>
 <select name="bg_no" id="bg_no">
-    <option value="" <?php echo $bg_no?'':'selected'?>> 전체 </option>
-    <option value="1" <?php echo $bg_no=='1'?'selected':''?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_receipt'])?> 명) </option>
+    <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
+    <option value="1"<?php echo get_selected(1, $bg_no); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_receipt'])?> 명) </option>
     <?php for($i=0; $i<count($group); $i++) {?>
-    <option value="<?php echo $group[$i]['bg_no']?>" <?php echo ($bg_no==$group[$i]['bg_no'])?'selected':''?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_receipt'])?> 명) </option>
+    <option value="<?php echo $group[$i]['bg_no']?>" <?php echo get_selected($bg_no, $group[$i]['bg_no']); ?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_receipt'])?> 명) </option>
     <?php } ?>
 </select>
 
 <label for="stt" class="sound_only">검색대상</label>
 <select name="st" id="stt">
-    <option value="all" <?php echo $st=='all'?'selected':''?>>이름 + 번호</option>
-    <option value="name" <?php echo $st=='name'?'selected':''?>>이름</option>
-    <option value="hp" <?php echo $st=='hp'?'selected':''?>>번호</option>
+    <option value="all"<?php echo get_selected('all', $st); ?>>이름 + 번호</option>
+    <option value="name"<?php echo get_selected('name', $st); ?>>이름</option>
+    <option value="hp"<?php echo get_selected('hp', $st); ?>>번호</option>
 </select>
 
 <label for="svv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
diff --git a/adm/sms_admin/config.php b/adm/sms_admin/config.php
index 1a9f1132b..5283094a3 100644
--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@@ -109,7 +109,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
         <th scope="row"><label for="cf_member">회원간 문자전송</label></th>
         <td>
             <?php echo help("허용에 체크하면 회원끼리 문자전송이 가능합니다.");?>
-            <input type="checkbox" name="cf_member" id="cf_member" <?php if ($sms5['cf_member']) echo 'checked'?>> 허용
+            <input type="checkbox" name="cf_member" value="1" id="cf_member" <?php get_checked(1, $sms5['cf_member']); ?>> 허용
         </td>
     </tr>
     <tr>
@@ -118,7 +118,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
             <?php echo help("문자전송을 허용할 회원레벨을 선택해주세요.");?>
             <select name="cf_level" id="cf_level">
                 <?php for ($i=1; $i<=10; $i++) { ?>
-                <option value='<?php echo $i?>' <?php if ($sms5['cf_level'] == $i) echo 'selected';?> > <?php echo $i?> </option>
+                <option value="<?php echo $i?>"<?php get_selected($i, $sms5['cf_level']);?>> <?php echo $i?> </option>
                 <?php } ?>
             </select>
             레벨 이상
diff --git a/adm/sms_admin/form_list.php b/adm/sms_admin/form_list.php
index c62704d98..008405441 100644
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@@ -29,7 +29,7 @@ if ($st == 'all') {
 }
 
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_form_table']} where 1 $sql_group $sql_search");
-$total_count = $total_res[cnt];
+$total_count = $total_res['cnt'];
 
 $total_page = (int)($total_count/$page_size) + ($total_count%$page_size==0 ? 0 : 1);
 $page_start = $page_size * ( $page - 1 );
@@ -41,7 +41,7 @@ $qry = sql_query("select * from {$g5['sms5_form_group_table']} order by fg_name"
 while ($res = sql_fetch_array($qry)) array_push($group, $res);
 
 $res = sql_fetch("select count(*) as cnt from {$g5['sms5_form_table']} where fg_no=0");
-$no_count = $res[cnt];
+$no_count = $res['cnt'];
 
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
@@ -122,9 +122,9 @@ function multi_update(sel)
     <input type="hidden" name="fg_no" value="<?php echo $fg_no;?>">
     <label for="st" class="sound_only">검색대상</label>
     <select name="st" id="st">
-        <option value="all" <?php echo $st=='all'?'selected':''?>>제목 + 이모티콘</option>
-        <option value="name" <?php echo $st=='name'?'selected':''?>>제목</option>
-        <option value="content" <?php echo $st=='content'?'selected':''?>>이모티콘</option>
+        <option value="all"<?php echo get_selected('all', $st); ?>>제목 + 이모티콘</option>
+        <option value="name"<?php echo get_selected('name', $st); ?>>제목</option>
+        <option value="content"<?php echo get_selected('content', $st); ?>>이모티콘</option>
     </select>
     <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
     <input type="text" name="sv" value="<?php echo $sv;?>" id="sv" required class="frm_input required" >
diff --git a/adm/sms_admin/form_write.php b/adm/sms_admin/form_write.php
index 35c2382bb..603bd2c03 100644
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@@ -41,7 +41,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
                 $qry = sql_query("select * from {$g5['sms5_form_group_table']} order by fg_name");
                 while($res = sql_fetch_array($qry)) {
                 ?>
-                <option value="<?php echo $res['fg_no']?>" <?php echo $res['fg_no']==$write['fg_no']?'selected':''?>><?php echo $res['fg_name']?></option>
+                <option value="<?php echo $res['fg_no']?>"<?php echo get_selected($res['fg_no'], $write['fg_no']); ?>><?php echo $res['fg_name']?></option>
                 <?php } ?>
             </select>
         </td>
diff --git a/adm/sms_admin/history_list.php b/adm/sms_admin/history_list.php
index bb2b10292..e4856f10f 100644
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@@ -17,7 +17,7 @@ else
     $sql_search = "";
 
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_write_table']} where wr_renum=0 $sql_search");
-$total_count = $total_res[cnt];
+$total_count = $total_res['cnt'];
 
 $total_page = (int)($total_count/$page_size) + ($total_count%$page_size==0 ? 0 : 1);
 $page_start = $page_size * ( $page - 1 );
@@ -31,7 +31,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
-    <option value="wr_message" <?php echo $st=="wr_message"?"selected":""?>>메세지</option>
+    <option value="wr_message">메세지</option>
 </select>
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv ?>" id="sv" required class="required frm_input">
diff --git a/adm/sms_admin/history_member.php b/adm/sms_admin/history_member.php
index 71cbe5425..21fe0c84e 100644
--- a/adm/sms_admin/history_member.php
+++ b/adm/sms_admin/history_member.php
@@ -30,9 +30,9 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="search_form" method="get" action="<?php echo $_SEVER['PHP_SELF']?>" class="local_sch01 local_sch">
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
-    <option value="mb_id" <?php echo $st=='mh_name'?'selected':''?>>아이디</option>
-    <option value="mh_hp" <?php echo $st=='mh_hp'?'selected':''?>>받는번호</option>
-    <option value="mh_reply" <?php echo $st=='mh_reply'?'selected':''?>>보내는번호</option>
+    <option value="mb_id"<?php echo get_selected('mh_name', $st); ?>>아이디</option>
+    <option value="mh_hp"<?php echo get_selected('mh_hp', $st); ?>>받는번호</option>
+    <option value="mh_reply"<?php echo get_selected('mh_reply', $st); ?>>보내는번호</option>
 </select>
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv ?>" id="sv" required class="required frm_input">
diff --git a/adm/sms_admin/history_num.php b/adm/sms_admin/history_num.php
index ce1ca1260..04f6c7ed2 100644
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@@ -1,6 +1,6 @@
 <?php
-$sub_menu = "900400";
-include_once("./_common.php");
+$sub_menu = '900400';
+include_once('./_common.php');
 
 $page_size = 20;
 $colspan = 10;
@@ -30,12 +30,12 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="search_form" method="get" action="<?echo $_SERVER['PHP_SELF']?>" class="local_sch01 local_sch" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
-    <option value="hs_name" <?php echo $st=='hs_name'?'selected':''?>>이름</option>
-    <option value="hs_hp" <?php echo $st=='hs_hp'?'selected':''?>>휴대폰번호</option>
-    <option value="bk_no" <?php echo $st=='bk_no'?'selected':''?>>고유번호</option>
+    <option value="hs_name"<?php echo get_selected('hs_name', $st); ?>>이름</option>
+    <option value="hs_hp"<?php echo get_selected('hs_hp', $st); ?>>휴대폰번호</option>
+    <option value="bk_no"<?php echo get_selected('bk_no', $st); ?>>고유번호</option>
 </select>
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
-<input type="text" name="sv" value="<?php echo $sv ?>" id="sv" required class="required frm_input">
+<input type="text" name="sv" value="<?php echo $sv; ?>" id="sv" required class="required frm_input">
 <input type="submit" value="검색" class="btn_submit">
 </form>
 
@@ -59,7 +59,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
      <tbody>
         <?php if (!$total_count) { ?>
         <tr>
-            <td colspan="<?php echo $colspan?>" class="empty_table" >
+            <td colspan="<?php echo $colspan; ?>" class="empty_table" >
                 데이터가 없습니다.
             </td>
         </tr>
@@ -77,23 +77,22 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
             $bg_name = '없음';
 
         if ($res['mb_id'])
-            $mb_id = "<a href=\"".G5_ADMIN_PATH."/member_form.php?&w=u&mb_id={$res['mb_id']}\">{$res['mb_id']}</a>";
+            $mb_id = '<a href="'.G5_ADMIN_URL.'/member_form.php?w=u&amp;mb_id='.$res['mb_id'].'">'.$res['mb_id'].'</a>';
         else
             $mb_id = '비회원';
     ?>
     <tr class="<?php echo $bg; ?>">
-        <td class="td_num"><?php echo $vnum--?></td>
-        <td class="td_mbname"><?php echo $bg_name?></td>
-        <td class="td_mbname"><a href="./num_book_write.php?w=u&bk_no=<?php echo $res['bk_no']?>"><?php echo $res['hs_name']?></a></td>
-        <td class="td_mbid"><?php echo $mb_id?></td>
-        <td class="td_numbig"><?php echo $res['hs_hp']?></td>
+        <td class="td_num"><?php echo $vnum--; ?></td>
+        <td class="td_mbname"><?php echo $bg_name; ?></td>
+        <td class="td_mbname"><a href="./num_book_write.php?w=u&amp;bk_no=<?php echo $res['bk_no']; ?>"><?php echo $res['hs_name']; ?></a></td>
+        <td class="td_mbid"><?php echo $mb_id; ?></td>
+        <td class="td_numbig"><?php echo $res['hs_hp']; ?></td>
         <td class="td_datetime"><?php echo date('Y-m-d H:i', strtotime($write['wr_datetime']))?></td>
         <td class="td_boolean"><?php echo $write['wr_booking']!='0000-00-00 00:00:00'?"<span title='{$write['wr_booking']}'>예약</span>":'';?></td>
         <td class="td_boolean"><?php echo $res['hs_flag']?'성공':'실패'?></td>
         <td><span title="<?php echo $write['wr_message']?>"><?php echo $write['wr_message']?></span></td>
         <td class="td_mngsmall">
-            <a href="./history_view.php?page=<?php echo $page?>&st=<?php echo $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $res['wr_no']?>">수정</a>
-            <!-- <a href="./history_del.php?page=<?php echo $page?>&st=<?php echo $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $res['wr_no']?>"><img src="./img/icon_delete.gif" alt="삭제" ></a> -->
+            <a href="./history_view.php?page=<?php echo $page; ?>&amp;st=<?php echo $st; ?>&amp;sv=<?php echo $sv; ?>&amp;wr_no=<?php echo $res['wr_no']; ?>">수정</a>
         </td>
     </tr>
     <?php } ?>
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index edf8dbfe2..58a5ed562 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -52,7 +52,7 @@ function re_send()
     act = window.open('sms_ing.php', 'act', 'width=300, height=200');
     act.focus();
 
-    location.href = './history_send.php?w=f&amp;page=<?php echo $page?>&amp;st=<?php echo  $st?>&amp;sv=<?php echo $sv?>&amp;wr_no=<?php echo $wr_no?>&amp;wr_renum=<?php echo $wr_renum?>';
+    location.href = './history_send.php?w=f&page=<?php echo $page?>&st=<?php echo  $st?>&sv=<?php echo $sv?>&wr_no=<?php echo $wr_no?>&wr_renum=<?php echo $wr_renum?>';
     <?php } ?>
 }
 function all_send()
@@ -71,8 +71,8 @@ function all_send()
 <input type="hidden" name="sv" value="<?php echo $sv?>">
 <label for="sst" class="sound_only">검색대상</label>
 <select name="sst" id="sst">
-    <option value="hs_name" <?php echo $sst=='hs_name'?'selected':''?>>이름</option>
-    <option value="hs_hp" <?php echo $sst=='hs_hp'?'selected':''?>>휴대폰번호</option>
+    <option value="hs_name" <?php echo get_selected('hs_name', $sst); ?>>이름</option>
+    <option value="hs_hp" <?php echo get_selected('hs_hp', $sst); ?>>휴대폰번호</option>
 </select>
 <label for="ssv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="ssv" value="<?php echo $ssv?>" id="ssv" class="frm_input">
diff --git a/adm/sms_admin/num_book.php b/adm/sms_admin/num_book.php
index 7ab18c7f5..0a7422410 100644
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@@ -52,7 +52,7 @@ if ($no_hp_checked == 'checked')
     $sql_no_hp = "and bk_hp <> ''";
 
 $total_res = sql_fetch("select count(*) as cnt from {$g5['sms5_book_table']} where 1 $sql_group $sql_search $sql_korean $sql_no_hp");
-$total_count = $total_res[cnt];
+$total_count = $total_res['cnt'];
 
 $total_page = (int)($total_count/$page_size) + ($total_count%$page_size==0 ? 0 : 1);
 $page_start = $page_size * ( $page - 1 );
@@ -111,9 +111,9 @@ function no_hp_click(val)
 <input type="hidden" name="bg_no" value="<?php echo $bg_no?>" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
-    <option value="all" <?php echo $st=='all'?'selected':''?>>이름 + 휴대폰번호</option>
-    <option value="name" <?php echo $st=='name'?'selected':''?>>이름</option>
-    <option value="hp" <?php echo $st=='hp'?'selected':''?>>휴대폰번호</option>
+    <option value="all"<?php echo get_selected('all', $st); ?>>이름 + 휴대폰번호</option>
+    <option value="name"<?php echo get_selected('name', $st); ?>>이름</option>
+    <option value="hp" <?php echo get_selected('hp', $st); ?>>휴대폰번호</option>
 </select>
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv?>" id="sv" required class="frm_input required">
@@ -123,10 +123,10 @@ function no_hp_click(val)
 <form name="search_form" class="local_sch01 local_sch">
 <label for="bg_no" class="sound_only">그룹명</label>
 <select name="bg_no" id="bg_no" onchange="location.href='<?php echo $_SERVER['PHP_SELF']?>?bg_no='+this.value;">
-    <option value="" <?php echo $bg_no?'':'selected'?>> 전체 </option>
-    <option value="<?php echo $no_group['bg_no']?>" <?php echo $bg_no==$no_group['bg_no']?'selected':''?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
+    <option value=""<?php echo get_selected('', $bg_no); ?>> 전체 </option>
+    <option value="<?php echo $no_group['bg_no']?>"<?php echo get_selected($bg_no, $no_group['bg_no']); ?>> <?php echo $no_group['bg_name']?> (<?php echo number_format($no_group['bg_count'])?> 명) </option>
     <?php for($i=0; $i<count($group); $i++) {?>
-    <option value="<?php echo $group[$i]['bg_no']?>" <?php echo ($bg_no==$group[$i]['bg_no'])?'selected':''?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
+    <option value="<?php echo $group[$i]['bg_no']?>"<?php echo get_selected($bg_no, $group[$i]['bg_no']);?>> <?php echo $group[$i]['bg_name']?> (<?php echo number_format($group[$i]['bg_count'])?> 명) </option>
     <?php } ?>
 </select>
 <input type="checkbox" name="no_hp" id="no_hp" <?php echo $no_hp_checked?> onclick="no_hp_click(this.checked)">
diff --git a/adm/sms_admin/num_book_file.php b/adm/sms_admin/num_book_file.php
index feeca56c4..e2784dc4c 100644
--- a/adm/sms_admin/num_book_file.php
+++ b/adm/sms_admin/num_book_file.php
@@ -97,7 +97,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 function upload(w)
 {
     var f = document.upload_form;
-    
+
     if (typeof w == 'undefined') {
         document.getElementById('upload_button').style.display = 'none';
         document.getElementById('uploading').style.display = 'inline';
@@ -138,8 +138,8 @@ function download()
     if (hyphen.checked) hyphen = 1; else hyphen = 0;
 
     par += '?bg_no=' + bg_no.value;
-    par += '&amp;no_hp=' + no_hp;
-    par += '&amp;hyphen=' + hyphen;
+    par += '&no_hp=' + no_hp;
+    par += '&hyphen=' + hyphen;
 
     (function($){
         if(!document.getElementById("fileupload_fr")){
diff --git a/adm/sms_admin/sms_write.php b/adm/sms_admin/sms_write.php
index 745e3f84d..4123546d9 100644
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@@ -148,19 +148,19 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
             <label for="wr_by">년</label><br>
             <select name="wr_bm" id="wr_bm" disabled>
                 <?php for ($i=1; $i<=12; $i++) { ?>
-                <option value="<?php echo sprintf("%02d",$i)?>" <?php echo date('m')==$i?'selected':''?>><?php echo sprintf("%02d",$i)?></option>
+                <option value="<?php echo sprintf("%02d",$i)?>"<?php echo get_selected(date('m'), $i); ?>><?php echo sprintf("%02d",$i)?></option>
             <?php } ?>
             </select>
             <label for="wr_bm">월</label>
             <select name="wr_bd" id="wr_bd" disabled>
                 <?php for ($i=1; $i<=31; $i++) { ?>
-                <option value="<?php echo sprintf("%02d",$i)?>" <?php echo date('d')==$i?'selected':''?>><?php echo sprintf("%02d",$i)?></option>
+                <option value="<?php echo sprintf("%02d",$i)?>"<?php echo get_selected(date('d'), $i); ?>><?php echo sprintf("%02d",$i)?></option>
                 <?php } ?>
             </select>
             <label for="wr_bd">일</label><br>
                 <select name="wr_bh" id="wr_bh" disabled>
                 <?php for ($i=0; $i<24; $i++) { ?>
-                <option value="<?php echo sprintf("%02d",$i)?>" <?php echo date('H')+1==$i?'selected':''?>><?php echo sprintf("%02d",$i)?></option>
+                <option value="<?php echo sprintf("%02d",$i)?>"<?php echo get_selected(date('H')+1, $i); ?>><?php echo sprintf("%02d",$i)?></option>
                 <?php } ?>
             </select>
             <label for="wr_bh">시</label>
@@ -452,7 +452,7 @@ hp_list.options[hp_list.length] = new Option(item, value);
 <?php
 if ($fo_no) {
     $row = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
-    $fo_content = str_replace("\r\n", "\\n", $row[fo_content]);
+    $fo_content = str_replace("\r\n", "\\n", $row['fo_content']);
     echo "add(\"$fo_content\");";
 }
 ?>
diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php
index 781b3fbb8..298d9f1ff 100644
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@@ -12,10 +12,10 @@ $no_count = $res['cnt'];
 <form name="emo_frm">
     <label for="emo_sel" class="sound_only">이모티콘 그룹</label>
     <select name="fg_no" id="emo_sel">
-        <option value="" <?php echo $fg_no?'':'selected'?>> 전체 </option>
-        <option value="0" <?php echo $fg_no=='0'?'selected':''?>> 미분류 (<?php echo number_format($no_count)?>) </option>
+        <option value=""<?php echo get_selected('', $fg_no); ?>> 전체 </option>
+        <option value="0"<?php echo get_selected(0, $fg_no); ?>> 미분류 (<?php echo number_format($no_count)?>) </option>
         <?php for($i=0; $i<count($group); $i++) {?>
-        <option value="<?php echo $group[$i]['fg_no']?>" <?php echo ($fg_no==$group[$i]['fg_no'])?'selected':''?>> <?php echo $group[$i]['fg_name']?> (<?php echo number_format($group[$i]['fg_count'])?>) </option>
+        <option value="<?php echo $group[$i]['fg_no']?>"<?php echo get_selected($fg_no, $group[$i]['fg_no']);?>> <?php echo $group[$i]['fg_name']?> (<?php echo number_format($group[$i]['fg_count'])?>) </option>
         <?php } ?>
     </select>
 </form>
@@ -29,9 +29,9 @@ $no_count = $res['cnt'];
 <input type="hidden" name="fg_no" id="hidden_fg_no" >
 <label for="st" class="sound_only">검색대상</label>
 <select name="st" id="st">
-    <option value="all" <?php echo $st=='all'?'selected':''?>>제목 + 이모티콘</option>
-    <option value="name" <?php echo $st=='name'?'selected':''?>>제목</option>
-    <option value="content" <?php echo $st=='content'?'selected':''?>>이모티콘</option>
+    <option value="all"<?php echo get_selected('all', $st); ?>>제목 + 이모티콘</option>
+    <option value="name"<?php echo get_selected('name', $st); ?>>제목</option>
+    <option value="content"<?php echo get_selected('content', $st); ?>>이모티콘</option>
 </select>
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv?>" id="sv" required class="frm_input required" size="15">

From 344a61d5a5a604541a3a61a3e8a6e8e9ee69b2e5 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 16 Apr 2014 13:24:59 +0900
Subject: [PATCH 2/4] =?UTF-8?q?sms5=20=EB=AC=B8=EC=9E=90=EC=97=B4=20?=
 =?UTF-8?q?=EC=B2=98=EB=A6=AC=20=EB=B0=8F=20=EA=B8=B0=ED=83=80=EB=AC=B8?=
 =?UTF-8?q?=EC=A0=9C=20=EB=B3=B4=EC=99=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/ajax.hp_chk.php           |  3 ++
 adm/sms_admin/ajax.sms_write_form.php   |  1 +
 adm/sms_admin/ajax.sms_write_group.php  |  1 +
 adm/sms_admin/ajax.sms_write_level.php  |  1 +
 adm/sms_admin/ajax.sms_write_person.php |  1 +
 adm/sms_admin/config.php                |  4 +--
 adm/sms_admin/config_update.php         |  2 +-
 adm/sms_admin/history_list.php          |  4 +--
 adm/sms_admin/history_send.php          |  2 +-
 adm/sms_admin/history_view.php          |  2 +-
 adm/sms_admin/install.php               |  1 +
 adm/sms_admin/num_book_file_upload.php  |  2 +-
 adm/sms_admin/num_book_update.php       |  6 ++--
 adm/sms_admin/num_group_update.php      |  4 +--
 adm/sms_admin/sms_write_form.php        |  2 +-
 adm/sms_admin/sms_write_send.php        |  2 ++
 plugin/sms5/sms5.lib.php                | 40 +++++++++++++++++++++++++
 plugin/sms5/write_update.php            |  1 +
 18 files changed, 64 insertions(+), 15 deletions(-)

diff --git a/adm/sms_admin/ajax.hp_chk.php b/adm/sms_admin/ajax.hp_chk.php
index 560257309..b0b29ac3d 100644
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900800";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
@@ -9,6 +10,8 @@ if( !function_exists('json_encode') ) {
     }
 }
 
+auth_check($auth[$sub_menu], "r");
+
 $err = '';
 $arr_ajax_msg = array();
 $exist_hplist = array();
diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index da3745c6b..9a7988129 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
diff --git a/adm/sms_admin/ajax.sms_write_group.php b/adm/sms_admin/ajax.sms_write_group.php
index 3e64577e4..702357183 100644
--- a/adm/sms_admin/ajax.sms_write_group.php
+++ b/adm/sms_admin/ajax.sms_write_group.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 
 $colspan = 3;
diff --git a/adm/sms_admin/ajax.sms_write_level.php b/adm/sms_admin/ajax.sms_write_level.php
index 593236d8e..a298b113f 100644
--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 @include_once(G5_PLUGIN_PATH."/sms5/JSON.php");
 
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index e11a329f4..686f4a8fa 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900300";
 include_once("./_common.php");
 
 $page_size = 10;
diff --git a/adm/sms_admin/config.php b/adm/sms_admin/config.php
index 5283094a3..f1fd649d4 100644
--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@@ -109,7 +109,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
         <th scope="row"><label for="cf_member">회원간 문자전송</label></th>
         <td>
             <?php echo help("허용에 체크하면 회원끼리 문자전송이 가능합니다.");?>
-            <input type="checkbox" name="cf_member" value="1" id="cf_member" <?php get_checked(1, $sms5['cf_member']); ?>> 허용
+            <input type="checkbox" name="cf_member" value="1" id="cf_member" <?php echo get_checked(1, $sms5['cf_member']); ?>> <label for="cf_member">허용</label>
         </td>
     </tr>
     <tr>
@@ -118,7 +118,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
             <?php echo help("문자전송을 허용할 회원레벨을 선택해주세요.");?>
             <select name="cf_level" id="cf_level">
                 <?php for ($i=1; $i<=10; $i++) { ?>
-                <option value="<?php echo $i?>"<?php get_selected($i, $sms5['cf_level']);?>> <?php echo $i?> </option>
+                <option value="<?php echo $i?>"<?php echo get_selected($i, $sms5['cf_level']);?>> <?php echo $i?> </option>
                 <?php } ?>
             </select>
             레벨 이상
diff --git a/adm/sms_admin/config_update.php b/adm/sms_admin/config_update.php
index 22fc6ea05..e89787730 100644
--- a/adm/sms_admin/config_update.php
+++ b/adm/sms_admin/config_update.php
@@ -20,7 +20,7 @@ $userinfo = array(
 if ($userinfo['code'] == '202')
     alert('아이코드 아이디와 패스워드가 맞지 않습니다.');
 
-if ($cf_member == 'on')
+if ($cf_member == '1')
     $cf_member = 1;
 else
     $cf_member = 0;
diff --git a/adm/sms_admin/history_list.php b/adm/sms_admin/history_list.php
index e4856f10f..193937878 100644
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@@ -30,9 +30,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="search_form" id="search_form" action=<?php echo $_SERVER['PHP_SELF'];?> class="local_sch01 local_sch" method="get">
 
 <label for="st" class="sound_only">검색대상</label>
-<select name="st" id="st">
-    <option value="wr_message">메세지</option>
-</select>
+<input type="hidden" name="st" id="st" value="wr_message" >
 <label for="sv" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
 <input type="text" name="sv" value="<?php echo $sv ?>" id="sv" required class="required frm_input">
 <input type="submit" value="검색" class="btn_submit">
diff --git a/adm/sms_admin/history_send.php b/adm/sms_admin/history_send.php
index 5494c2e00..488e25db5 100644
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@@ -116,7 +116,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
-            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='$hs_memo', hs_log='$log'");
+            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum='$new_wr_renum', bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='{$row['hs_name']}', hs_hp='{$row['hs_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'");
         }
         $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
 
diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php
index 58a5ed562..d65672290 100644
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@@ -239,7 +239,7 @@ function all_send()
     </div>
 </div>
 
-<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv&amp;spage="); ?>
+<?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['PHP_SELF']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>
 
 <?php
 include_once(G5_ADMIN_PATH.'/admin.tail.php');
diff --git a/adm/sms_admin/install.php b/adm/sms_admin/install.php
index 9ea6f2255..1d63070be 100644
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@@ -1,4 +1,5 @@
 <?php
+$sub_menu = "900000";
 include_once("./_common.php");
 
 auth_check($auth[$sub_menu], 'r');
diff --git a/adm/sms_admin/num_book_file_upload.php b/adm/sms_admin/num_book_file_upload.php
index f4596be41..c1fa4cdda 100644
--- a/adm/sms_admin/num_book_file_upload.php
+++ b/adm/sms_admin/num_book_file_upload.php
@@ -98,7 +98,7 @@ for ($i = 1; $i <= $num_rows; $i++) {
             } 
             else if (!$confirm && $hp) 
             {
-                sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$name', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
+                sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($name)."', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
                 sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, bg_receipt = bg_receipt + 1 where bg_no='$bg_no'");
                 $success++;
             }
diff --git a/adm/sms_admin/num_book_update.php b/adm/sms_admin/num_book_update.php
index 40eec9f4f..578c482df 100644
--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@@ -46,7 +46,7 @@ if ($w=='u') // 업데이트
             sql_query("update {$g5['sms5_book_group_table']} set bg_receipt = bg_receipt - 1, bg_reject = bg_reject + 1 where bg_no='$bg_no'");
     }
 
-    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='$bk_memo' where bk_no='$bk_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."' where bk_no='$bk_no'");
     if ($res['mb_id']){ //만약에 mb_id가 있다면...
         // 휴대폰번호 중복체크
         $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
@@ -54,7 +54,7 @@ if ($w=='u') // 업데이트
         if ($mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
             $is_hp_exist = true;
         } else {
-             sql_query("update {$g5['member_table']} set mb_name='$bk_name', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
+             sql_query("update {$g5['member_table']} set mb_name='".addslashes($bk_name)."', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
         }
     }
     $get_bg_no = $bg_no;
@@ -126,7 +126,7 @@ else // 등록
     else
         $sql_sms = "bg_reject = bg_reject + 1";
 
-    sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='$bk_name', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='$bk_memo'");
+    sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($bk_name)."', bk_hp='$bk_hp', bk_receipt='$bk_receipt', bk_datetime='".G5_TIME_YMDHIS."', bk_memo='".addslashes($bk_memo)."'");
     sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, $sql_sms where bg_no = '$bg_no'");
 
     $get_bg_no = $bg_no;
diff --git a/adm/sms_admin/num_group_update.php b/adm/sms_admin/num_group_update.php
index 3f7cc9990..ea9af2423 100644
--- a/adm/sms_admin/num_group_update.php
+++ b/adm/sms_admin/num_group_update.php
@@ -27,7 +27,7 @@ if ($w == 'u') // 업데이트
         if ($res)
             alert('같은 그룹명이 존재합니다.');
 
-        sql_query("update {$g5['sms5_book_group_table']} set bg_name='$bg_name' where bg_no='$bg_no'");
+        sql_query("update {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."' where bg_no='$bg_no'");
     }
 }
 else if ($w == 'de') // 그룹삭제
@@ -70,7 +70,7 @@ else // 등록
     if ($res)
         alert('같은 그룹명이 존재합니다.');
 
-    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
+    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='".addslashes($bg_name)."'");
 }
 
 goto_url('./num_group.php');
diff --git a/adm/sms_admin/sms_write_form.php b/adm/sms_admin/sms_write_form.php
index 298d9f1ff..23435005a 100644
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@@ -13,7 +13,7 @@ $no_count = $res['cnt'];
     <label for="emo_sel" class="sound_only">이모티콘 그룹</label>
     <select name="fg_no" id="emo_sel">
         <option value=""<?php echo get_selected('', $fg_no); ?>> 전체 </option>
-        <option value="0"<?php echo get_selected(0, $fg_no); ?>> 미분류 (<?php echo number_format($no_count)?>) </option>
+        <option value="0"<?php echo get_selected('0', $fg_no); ?>> 미분류 (<?php echo number_format($no_count)?>) </option>
         <?php for($i=0; $i<count($group); $i++) {?>
         <option value="<?php echo $group[$i]['fg_no']?>"<?php echo get_selected($fg_no, $group[$i]['fg_no']);?>> <?php echo $group[$i]['fg_name']?> (<?php echo number_format($group[$i]['fg_count'])?>) </option>
         <?php } ?>
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index 0276553a8..6eb1770e9 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -134,6 +134,7 @@ $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
 $reply = str_replace('-', '', trim($wr_reply));
+$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
 
 $result = $SMS->Add($list, $reply, '', '', $wr_message, $booking, $wr_total);
 
@@ -198,6 +199,7 @@ if ($result)
             $row['bk_hp'] = get_hp($row['bk_hp'], 1);
 
             $log = array_shift($SMS->Log);
+
             sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes(stripslashes($log))."'");
         }
         $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 7ff5fc61d..7db95a0f6 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -20,6 +20,46 @@ function get_sms5_skin_select($skin_gubun, $id, $name, $selected='', $event='')
     return $str;
 }
 
+// 한페이지에 보여줄 행, 현재페이지, 총페이지수, URL
+function sms5_sub_paging($write_pages, $cur_page, $total_page, $url, $add="", $starget="")
+{
+    if( $starget ){
+        $url = preg_replace('#&amp;'.$starget.'=[0-9]*#', '', $url) . '&amp;'.$starget.'=';
+    }
+    
+    $str = '';
+    if ($cur_page > 1) {
+        $str .= '<a href="'.$url.'1'.$add.'" class="pg_page pg_start">처음</a>'.PHP_EOL;
+    }
+
+    $start_page = ( ( (int)( ($cur_page - 1 ) / $write_pages ) ) * $write_pages ) + 1;
+    $end_page = $start_page + $write_pages - 1;
+
+    if ($end_page >= $total_page) $end_page = $total_page;
+
+    if ($start_page > 1) $str .= '<a href="'.$url.($start_page-1).$add.'" class="pg_page pg_prev">이전</a>'.PHP_EOL;
+
+    if ($total_page > 1) {
+        for ($k=$start_page;$k<=$end_page;$k++) {
+            if ($cur_page != $k)
+                $str .= '<a href="'.$url.$k.$add.'" class="pg_page">'.$k.'<span class="sound_only">페이지</span></a>'.PHP_EOL;
+            else
+                $str .= '<span class="sound_only">열린</span><strong class="pg_current">'.$k.'</strong><span class="sound_only">페이지</span>'.PHP_EOL;
+        }
+    }
+
+    if ($total_page > $end_page) $str .= '<a href="'.$url.($end_page+1).$add.'" class="pg_page pg_next">다음</a>'.PHP_EOL;
+
+    if ($cur_page < $total_page) {
+        $str .= '<a href="'.$url.$total_page.$add.'" class="pg_page pg_end">맨끝</a>'.PHP_EOL;
+    }
+
+    if ($str)
+        return "<nav class=\"pg_wrap\"><span class=\"pg\">{$str}</span></nav>";
+    else
+        return "";
+}
+
 if ( ! function_exists('array_overlap')) {
     function array_overlap($arr, $val) {
         for ($i=0, $m=count($arr); $i<$m; $i++) {
diff --git a/plugin/sms5/write_update.php b/plugin/sms5/write_update.php
index 735004fc7..ec105c3b0 100644
--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@@ -91,6 +91,7 @@ if ($mh_by && $mh_bm && $mh_bd && $mh_bh && $mh_bi) {
 $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
+$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
 $result = $SMS->Add($mh_hp, $mh_reply, '', '', $mh_message, $booking, $total);
 
 $is_success = null;

From f5583edec7a9608ea9d4690e7e8bed7ce2938c58 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 16 Apr 2014 14:06:58 +0900
Subject: [PATCH 3/4] =?UTF-8?q?sms5=EC=97=90=EC=84=9C=20=EC=9D=B8=EC=A6=9D?=
 =?UTF-8?q?=EC=B2=B4=ED=81=AC=20=ED=95=A8=EC=88=98=20=EB=94=B0=EB=A1=9C=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/ajax.hp_chk.php           |  4 +++-
 adm/sms_admin/ajax.sms_write_form.php   |  6 ++++--
 adm/sms_admin/ajax.sms_write_level.php  |  4 +++-
 adm/sms_admin/ajax.sms_write_person.php |  4 +++-
 plugin/sms5/sms5.lib.php                | 24 ++++++++++++++++++++++++
 5 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/adm/sms_admin/ajax.hp_chk.php b/adm/sms_admin/ajax.hp_chk.php
index b0b29ac3d..8fe487d00 100644
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@@ -10,7 +10,9 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-auth_check($auth[$sub_menu], "r");
+if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
+    die("{\"error\":\"$auth_check\"}");
+}
 
 $err = '';
 $arr_ajax_msg = array();
diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index 9a7988129..740ca3c46 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -10,9 +10,11 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-$page_size = 6;
+if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
+    die("{\"error\":\"$auth_check\"}");
+}
 
-auth_check($auth[$sub_menu], "r");
+$page_size = 6;
 
 if (!$page) $page = 1;
 
diff --git a/adm/sms_admin/ajax.sms_write_level.php b/adm/sms_admin/ajax.sms_write_level.php
index a298b113f..d5521efcc 100644
--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@@ -10,7 +10,9 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-auth_check($auth[$sub_menu], "r");
+if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
+    die("{\"error\":\"$auth_check\"}");
+}
 
 $lev = array();
 
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index 686f4a8fa..57c76d126 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -5,7 +5,9 @@ include_once("./_common.php");
 $page_size = 10;
 $colspan = 5;
 
-auth_check($auth[$sub_menu], "r");
+if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
+    die("{\"error\":\"$auth_check\"}");
+}
 
 $g5['title'] = "휴대폰번호 관리";
 
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 7db95a0f6..5185bbb14 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -60,6 +60,30 @@ function sms5_sub_paging($write_pages, $cur_page, $total_page, $url, $add="", $s
         return "";
 }
 
+// 권한 검사
+function ajax_auth_check($auth, $attr)
+{
+    global $is_admin;
+
+    if ($is_admin == 'super') return;
+
+    if (!trim($auth))
+        return '이 메뉴에는 접근 권한이 없습니다.\\n\\n접근 권한은 최고관리자만 부여할 수 있습니다.';
+
+    $attr = strtolower($attr);
+
+    if (!strstr($auth, $attr)) {
+        if ($attr == 'r')
+            return '읽을 권한이 없습니다.';
+        else if ($attr == 'w')
+            return '입력, 추가, 생성, 수정 권한이 없습니다.';
+        else if ($attr == 'd')
+            return '삭제 권한이 없습니다.';
+        else
+            return '속성이 잘못 되었습니다.';
+    }
+}
+
 if ( ! function_exists('array_overlap')) {
     function array_overlap($arr, $val) {
         for ($i=0, $m=count($arr); $i<$m; $i++) {

From 87014a0c5c63b40c733432534a6fdec08f874dbc Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 16 Apr 2014 15:51:24 +0900
Subject: [PATCH 4/4] =?UTF-8?q?sms5=20auth=20=EC=B2=B4=ED=81=AC=20?=
 =?UTF-8?q?=ED=95=A8=EC=88=98=20=EC=88=98=EC=A0=95=20=EB=B0=8F=20=EA=B8=B0?=
 =?UTF-8?q?=ED=83=80=20=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/sms_admin/ajax.hp_chk.php           |  4 +---
 adm/sms_admin/ajax.sms_write_form.php   |  4 +---
 adm/sms_admin/ajax.sms_write_level.php  |  4 +---
 adm/sms_admin/ajax.sms_write_person.php |  4 +---
 adm/sms_admin/member_update_run.php     |  6 +++++-
 adm/sms_admin/sms_write.php             |  4 ++--
 adm/sms_admin/sms_write_send.php        |  4 ++--
 plugin/sms5/sms5.lib.php                | 10 +++++-----
 plugin/sms5/write_update.php            |  3 ++-
 9 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/adm/sms_admin/ajax.hp_chk.php b/adm/sms_admin/ajax.hp_chk.php
index 8fe487d00..b1c303565 100644
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@@ -10,9 +10,7 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
-    die("{\"error\":\"$auth_check\"}");
-}
+ajax_auth_check($auth[$sub_menu], "r");
 
 $err = '';
 $arr_ajax_msg = array();
diff --git a/adm/sms_admin/ajax.sms_write_form.php b/adm/sms_admin/ajax.sms_write_form.php
index 740ca3c46..e82a01cef 100644
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@@ -10,9 +10,7 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
-    die("{\"error\":\"$auth_check\"}");
-}
+ajax_auth_check($auth[$sub_menu], "r");
 
 $page_size = 6;
 
diff --git a/adm/sms_admin/ajax.sms_write_level.php b/adm/sms_admin/ajax.sms_write_level.php
index d5521efcc..90684c5b2 100644
--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@@ -10,9 +10,7 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
-    die("{\"error\":\"$auth_check\"}");
-}
+ajax_auth_check($auth[$sub_menu], "r");
 
 $lev = array();
 
diff --git a/adm/sms_admin/ajax.sms_write_person.php b/adm/sms_admin/ajax.sms_write_person.php
index 57c76d126..686f4a8fa 100644
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@@ -5,9 +5,7 @@ include_once("./_common.php");
 $page_size = 10;
 $colspan = 5;
 
-if( $auth_check = ajax_auth_check($auth[$sub_menu], "r") ){
-    die("{\"error\":\"$auth_check\"}");
-}
+auth_check($auth[$sub_menu], "r");
 
 $g5['title'] = "휴대폰번호 관리";
 
diff --git a/adm/sms_admin/member_update_run.php b/adm/sms_admin/member_update_run.php
index 8d24ff329..323cbc9e0 100644
--- a/adm/sms_admin/member_update_run.php
+++ b/adm/sms_admin/member_update_run.php
@@ -10,7 +10,11 @@ if( !function_exists('json_encode') ) {
     }
 }
 
-auth_check($auth[$sub_menu], "w");
+if( $mtype == "json" ){
+    ajax_auth_check($auth[$sub_menu], "w");
+} else {
+    auth_check($auth[$sub_menu], "w");
+}
 
 $count      = 0;
 $hp_yes     = 0;
diff --git a/adm/sms_admin/sms_write.php b/adm/sms_admin/sms_write.php
index 4123546d9..c43d3d502 100644
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@@ -452,7 +452,7 @@ hp_list.options[hp_list.length] = new Option(item, value);
 <?php
 if ($fo_no) {
     $row = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
-    $fo_content = str_replace("\r\n", "\\n", $row['fo_content']);
+    $fo_content = str_replace(array("\r\n","\n"), "\\n", $row['fo_content']);
     echo "add(\"$fo_content\");";
 }
 ?>
@@ -472,7 +472,7 @@ if ($wr_no)
     echo "var hp_list = document.getElementById('hp_list');\n";
     //echo "add(\"$row[wr_message]\");\n";
     $wr_message = str_replace('"', '\"', $row['wr_message']);
-    $wr_message = str_replace("\r\n", "\\n", $wr_message);
+    $wr_message = str_replace(array("\r\n","\n"), "\\n", $wr_message);
     echo "add(\"$wr_message\");\n";
     echo "document.getElementById('wr_reply').value = '{$row['wr_reply']}';\n";
 
diff --git a/adm/sms_admin/sms_write_send.php b/adm/sms_admin/sms_write_send.php
index 6eb1770e9..d11a5b0fd 100644
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@@ -134,7 +134,7 @@ $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
 $reply = str_replace('-', '', trim($wr_reply));
-$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
+$wr_message = conv_unescape_nl($wr_message);
 
 $result = $SMS->Add($list, $reply, '', '', $wr_message, $booking, $wr_total);
 
@@ -200,7 +200,7 @@ if ($result)
 
             $log = array_shift($SMS->Log);
 
-            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes(stripslashes($log))."'");
+            sql_query("insert into {$g5['sms5_history_table']} set wr_no='$wr_no', wr_renum=0, bg_no='{$row['bg_no']}', mb_id='{$row['mb_id']}', bk_no='{$row['bk_no']}', hs_name='".addslashes($row['bk_name'])."', hs_hp='{$row['bk_hp']}', hs_datetime='".G5_TIME_YMDHIS."', hs_flag='$hs_flag', hs_code='$hs_code', hs_memo='".addslashes($hs_memo)."', hs_log='".addslashes($log)."'");
         }
         $SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
 
diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php
index 5185bbb14..ea587384a 100644
--- a/plugin/sms5/sms5.lib.php
+++ b/plugin/sms5/sms5.lib.php
@@ -68,19 +68,19 @@ function ajax_auth_check($auth, $attr)
     if ($is_admin == 'super') return;
 
     if (!trim($auth))
-        return '이 메뉴에는 접근 권한이 없습니다.\\n\\n접근 권한은 최고관리자만 부여할 수 있습니다.';
+        die("{\"error\":\"이 메뉴에는 접근 권한이 없습니다.\\n\\n접근 권한은 최고관리자만 부여할 수 있습니다.\"}");
 
     $attr = strtolower($attr);
 
     if (!strstr($auth, $attr)) {
         if ($attr == 'r')
-            return '읽을 권한이 없습니다.';
+            die("{\"error\":\"읽을 권한이 없습니다.\"}");
         else if ($attr == 'w')
-            return '입력, 추가, 생성, 수정 권한이 없습니다.';
+            die("{\"error\":\"입력, 추가, 생성, 수정 권한이 없습니다.\"}");
         else if ($attr == 'd')
-            return '삭제 권한이 없습니다.';
+            die("{\"error\":\"삭제 권한이 없습니다.\"}");
         else
-            return '속성이 잘못 되었습니다.';
+            die("{\"error\":\"속성이 잘못 되었습니다.\"}");
     }
 }
 
diff --git a/plugin/sms5/write_update.php b/plugin/sms5/write_update.php
index ec105c3b0..a25e50b7b 100644
--- a/plugin/sms5/write_update.php
+++ b/plugin/sms5/write_update.php
@@ -91,7 +91,8 @@ if ($mh_by && $mh_bm && $mh_bd && $mh_bh && $mh_bi) {
 $SMS = new SMS5;
 $SMS->SMS_con($config['cf_icode_server_ip'], $config['cf_icode_id'], $config['cf_icode_pw'], $config['cf_icode_server_port']);
 
-$wr_message = str_replace('\r\n', PHP_EOL, $wr_message); // common.php 에서 mysql_real_escape_string 함수로 인해 수정
+$mh_message = conv_unescape_nl($mh_message);
+
 $result = $SMS->Add($mh_hp, $mh_reply, '', '', $mh_message, $booking, $total);
 
 $is_success = null;