경로 수정 작업 중

2013-03-14 17:56:20 +09:00
parent 8ba59fe9b0
commit 1a60978568
1212 changed files with 39023 additions and 33180 deletions
--- a/adm/point_list.php
+++ b/adm/point_list.php
@ -1,22 +1,22 @@
 <?
 $sub_menu = "200200";
-include_once("./_common.php");
+include_once('./_common.php');

-auth_check($auth[$sub_menu], "r");
+auth_check($auth[$sub_menu], 'r');

 $token = get_token();

-$sql_common = " from $g4[point_table] ";
+$sql_common = " from {$g4['point_table']} ";

 $sql_search = " where (1) ";
 if ($stx) {
    $sql_search .= " and ( ";
    switch ($sfl) {
-        case "mb_id" :
-            $sql_search .= " ($sfl = '$stx') ";
+        case 'mb_id' :
+            $sql_search .= " ({$sfl} = '{$stx}') ";
            break;
-        default : 
-            $sql_search .= " ($sfl like '%$stx%') ";
+        default :
+            $sql_search .= " ({$sfl} like '%{$stx}%') ";
            break;
    }
    $sql_search .= " ) ";
@ -26,211 +26,202 @@ if (!$sst) {
    $sst  = "po_id";
    $sod = "desc";
 }
-$sql_order = " order by $sst $sod ";
+$sql_order = " order by {$sst} {$sod} ";

 $sql = " select count(*) as cnt
-         $sql_common 
-         $sql_search 
-         $sql_order ";
+            {$sql_common}
+            {$sql_search}
+            {$sql_order} ";
 $row = sql_fetch($sql);
-$total_count = $row[cnt];
+$total_count = $row['cnt'];

-$rows = $config[cf_page_rows];
+$rows = $config['cf_page_rows'];
 $total_page  = ceil($total_count / $rows);  // 전체 페이지 계산
-if ($page == "") $page = 1; // 페이지가 없으면 첫 페이지 (1 페이지)
+if ($page == '') $page = 1; // 페이지가 없으면 첫 페이지 (1 페이지)
 $from_record = ($page - 1) * $rows; // 시작 열을 구함

 $sql = " select *
-          $sql_common
-          $sql_search
-          $sql_order
-          limit $from_record, $rows ";
+            {$sql_common}
+            {$sql_search}
+            {$sql_order}
+            limit {$from_record}, {$rows} ";
 $result = sql_query($sql);

-$listall = "<a href='$_SERVER[PHP_SELF]'>처음</a>";
+$listall = '';
+if ($sfl || $stx) // 검색렬일 때만 처음 버튼을 보여줌
+    $listall = '<a href="'.$_SERVER['PHP_SELF'].'">전체목록</a>';

-if ($sfl == "mb_id" && $stx)
-    $mb = get_member($stx);
+$mb = array();
+if ($sfl == 'mb_id' && $stx)
+    $mb = get_member(isset($stx));

-$g4[title] = "포인트관리";
-include_once ("./admin.head.php");
+$g4['title'] = '포인트관리';
+include_once ('./admin.head.php');

 $colspan = 8;
 ?>

-<script type="text/javascript" src="<?=$g4[path]?>/js/sideview.js"></script>
-<script type="text/javascript">
-var list_update_php = "";
-var list_delete_php = "point_list_delete.php";
+<script>
+var list_update_php = '';
+var list_delete_php = 'point_list_delete.php';
 </script>

-<script type="text/javascript">
+<script>
 function point_clear()
 {
-    if (confirm("포인트 정리를 하시면 최근 50건 이전의 포인트 부여 내역을 삭제하므로\n\n포인트 부여 내역을 필요로 할때 찾지 못할 수도 있습니다.\n\n\n그래도 진행하시겠습니까?"))
+    if (confirm('포인트 정리를 하시면 최근 50건 이전의 포인트 부여 내역을 삭제하므로 포인트 부여 내역을 필요로 할때 찾지 못할 수도 있습니다. 그래도 진행하시겠습니까?'))
    {
        document.location.href = "./point_clear.php?ok=1";
    }
 }
 </script>

-<table width=100%>
-<form name=fsearch method=get>
-<tr>
-    <td width=50% align=left>
-        <?=$listall?> (건수 : <?=number_format($total_count)?>)
-        <? 
-        if ($mb[mb_id]) 
-            echo "&nbsp;(" . $mb[mb_id] ." 님 포인트 합계 : " . number_format($mb[mb_point]) . "점)";
-        else {
-            $row2 = sql_fetch(" select sum(po_point) as sum_point from $g4[point_table] ");
-            echo "&nbsp;(전체 포인트 합계 : " . number_format($row2[sum_point]) . "점)";
+<form name="fsearch" id="fsearch" method="get">
+<fieldset>
+    <legend>포인트 내역 검색</legend>
+    <span>
+        <?=$listall?>
+        전체 <?=number_format($total_count)?> 건
+        <?
+        if (isset($mb['mb_id']) && $mb['mb_id']) {
+            echo '&nbsp;(' . $mb['mb_id'] .' 님 포인트 합계 : ' . number_format($mb['mb_point']) . '점)';
+        } else {
+            $row2 = sql_fetch(" select sum(po_point) as sum_point from {$g4['point_table']} ");
+            echo '&nbsp;(전체 합계 '.number_format($row2['sum_point']).'점)';
        }
        ?>
-        <? if ($is_admin == "super") { ?><!-- <a href="javascript:point_clear();">포인트정리</a> --><? } ?>
-    </td>
-    <td width=50% align=right>
-        <select name=sfl class=cssfl>
-            <option value='mb_id'>회원아이디</option>
-            <option value='po_content'>내용</option>
-        </select>
-        <input type=text name=stx class=ed required itemname='검색어' value='<?=$stx?>'>
-        <input type=image src='<?=$g4[admin_path]?>/img/btn_search.gif' align=absmiddle></td>
-</tr>
+        <? if ($is_admin == 'super') { ?><!-- <a href="javascript:point_clear();">포인트정리</a> --><? } ?>
+    </span>
+    <select name="sfl" title="검색대상">
+        <option value="mb_id"<?=get_selected($_GET['sfl'], "mb_id");?>>회원아이디</option>
+        <option value="po_content"<?=get_selected($_GET['sfl'], "po_content");?>>내용</option>
+    </select>
+    <input type="text" name="stx" value="<?=$stx?>" title="검색어(필수)" required class="required frm_input">
+    <input type="submit" class="btn_submit" value="검색">
+</fieldset>
 </form>
-</table>

-<form name=fpointlist method=post>
-<input type=hidden name=sst   value='<?=$sst?>'>
-<input type=hidden name=sod   value='<?=$sod?>'>
-<input type=hidden name=sfl   value='<?=$sfl?>'>
-<input type=hidden name=stx   value='<?=$stx?>'>
-<input type=hidden name=page  value='<?=$page?>'>
-<input type=hidden name=token value='<?=$token?>'>
+<section class="cbox">
+    <h2>포인트 내역</h2>

-<table width=100% cellpadding=0 cellspacing=1>
-<colgroup width=30>
-<colgroup width=100>
-<colgroup width=80>
-<colgroup width=80>
-<colgroup width=140>
-<colgroup width=''>
-<colgroup width=50>
-<colgroup width=80>
-<tr><td colspan='<?=$colspan?>' class='line1'></td></tr>
-<tr class='bgcol1 bold col1 ht center'>
-    <td><input type=checkbox name=chkall value='1' onclick='check_all(this.form)'></td>
-    <td><?=subject_sort_link('mb_id')?>회원아이디</a></td>
-    <td>이름</td>
-    <td>별명</td>
-    <td><?=subject_sort_link('po_datetime')?>일시</a></td>
-    <td><?=subject_sort_link('po_content')?>포인트 내용</a></td>
-    <td><?=subject_sort_link('po_point')?>포인트</a></td>
-    <td>포인트합</td>
-</tr>
-<tr><td colspan='<?=$colspan?>' class='line2'></td></tr>
-<?
-for ($i=0; $row=sql_fetch_array($result); $i++) 
-{
-    if ($row2[mb_id] != $row[mb_id])
-    {
-        $sql2 = " select mb_id, mb_name, mb_nick, mb_email, mb_homepage, mb_point from $g4[member_table] where mb_id = '$row[mb_id]' ";
-        $row2 = sql_fetch($sql2);
+    <form name="fpointlist" id="fpointlist" method="post">
+    <input type="hidden" name="sst" value="<?=$sst?>">
+    <input type="hidden" name="sod" value="<?=$sod?>">
+    <input type="hidden" name="sfl" value="<?=$sfl?>">
+    <input type="hidden" name="stx" value="<?=$stx?>">
+    <input type="hidden" name="page" value="<?=$page?>">
+    <input type="hidden" name="token" value="<?=$token?>">
+
+    <table class="tbl_pt_list">
+    <thead>
+    <tr>
+        <th scope="col"><input type="checkbox" name="chkall" value="1" id="chkall" title="현재 페이지 포인트 내역 전체선택" onclick="check_all(this.form)"></th>
+        <th scope="col"><?=subject_sort_link('mb_id')?>회원아이디</a></th>
+        <th scope="col">이름</th>
+        <th scope="col">별명</th>
+        <th scope="col"><?=subject_sort_link('po_datetime')?>일시</a></th>
+        <th scope="col"><?=subject_sort_link('po_content')?>포인트 내용</a></th>
+        <th scope="col"><?=subject_sort_link('po_point')?>포인트</a></th>
+        <th scope="col">포인트합</th>
+    </tr>
+    </thead>
+    <tbody>
+    <?
+    for ($i=0; $row=sql_fetch_array($result); $i++) {
+        if ($i==0 || ($row2['mb_id'] != $row['mb_id'])) {
+            $sql2 = " select mb_id, mb_name, mb_nick, mb_email, mb_homepage, mb_point from {$g4['member_table']} where mb_id = '{$row['mb_id']}' ";
+            $row2 = sql_fetch($sql2);
+        }
+
+        $mb_nick = get_sideview($row['mb_id'], $row2['mb_nick'], $row2['mb_email'], $row2['mb_homepage']);
+
+        $link1 = $link2 = '';
+        if (!preg_match("/^\@/", $row['po_rel_table']) && $row['po_rel_table']) {
+            $link1 = '<a href="'.G4_BBS_URL.'/board.php?bo_table='.$row['po_rel_table'].'&amp;wr_id='.$row['po_rel_id'].'" target="_blank">';
+            $link2 = '</a>';
+        }
+    ?>
+
+    <tr>
+        <td class="td_chk">
+            <input type="hidden" id="mb_id_<?=$i?>" name="mb_id[<?=$i?>]" value="<?=$row['mb_id']?>">
+            <input type="hidden" id="po_id_<?=$i?>" name="po_id[<?=$i?>]" value="<?=$row['po_id']?>">
+            <input type="checkbox" id="chk_<?=$i?>" name="chk[]" value="<?=$i?>" title="내역선택">
+        </td>
+        <td class="td_mbid"><a href="?sfl=mb_id&amp;stx=<?=$row['mb_id']?>"><?=$row['mb_id']?></a></td>
+        <td class="td_mbname"><?=$row2['mb_name']?></td>
+        <td class="td_name"><div><?=$mb_nick?></div></td>
+        <td class="td_time"><?=$row['po_datetime']?></td>
+        <td class="td_pt_log"><?=$link1?><?=$row['po_content']?><?=$link2?></td>
+        <td class="td_num td_pt"><?=number_format($row['po_point'])?></td>
+        <td class="td_bignum td_pt"><?=number_format($row2['mb_point'])?></td>
+    </tr>
+
+    <?
    }

-    $mb_nick = get_sideview($row[mb_id], $row2[mb_nick], $row2[mb_email], $row2[mb_homepage]);
+    if ($i == 0)
+        echo '<tr><td colspan="'.$colspan.'" class="empty_table">자료가 없습니다.</td></tr>';
+    ?>
+    </tbody>
+    </table>

-    $link1 = $link2 = "";
-    if (!preg_match("/^\@/", $row[po_rel_table]) && $row[po_rel_table])
-    {
-        $link1 = "<a href='$g4[bbs_path]/board.php?bo_table={$row[po_rel_table]}&wr_id={$row[po_rel_id]}' target=_blank>";
-        $link2 = "</a>";
-    }
+    <div class="btn_list">
+        <button onclick="btn_check(this.form, 'delete')">선택삭제</button>
+    </div>

-    $list = $i%2;
-    echo "
-    <input type=hidden name=po_id[$i] value='$row[po_id]'>
-    <input type=hidden name=mb_id[$i] value='$row[mb_id]'>
-    <tr class='list$list col1 ht center'>
-        <td><input type=checkbox name=chk[] value='$i'></td>
-        <td><a href='?sfl=mb_id&stx=$row[mb_id]'>$row[mb_id]</a></td>
-        <td>$row2[mb_name]</td>
-        <td>$mb_nick</td>
-        <td>$row[po_datetime]</td>
-        <td align=left>&nbsp;{$link1}$row[po_content]{$link2}</td>
-        <td align=right>".number_format($row[po_point])."&nbsp;</td>
-        <td align=right>".number_format($row2[mb_point])."&nbsp;</td>
-    </tr> ";
-} 
+    </form>
+</section>

-if ($i == 0)
-    echo "<tr><td colspan='$colspan' align=center height=100 bgcolor=#ffffff>자료가 없습니다.</td></tr>";
+<?=get_paging(G4_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['PHP_SELF']}?$qstr&amp;page=");?>

-echo "<tr><td colspan='$colspan' class='line2'></td></tr>";
-echo "</table>";
+<section id="point_mng" class="cbox">
+    <h2>개별회원 포인트 증감 설정</h2>

-$pagelist = get_paging($config[cf_write_pages], $page, $total_page, "$_SERVER[PHP_SELF]?$qstr&page=");
-echo "<table width=100% cellpadding=3 cellspacing=1>";
-echo "<tr><td width=50%>";
-echo "<input type=button class='btn1' value='선택삭제' onclick=\"btn_check(this.form, 'delete')\">";
-echo "</td>";
-echo "<td width=50% align=right>$pagelist</td></tr></table>\n";
+    <form name="fpointlist2" method="post" id="fpointlist2" action="./point_update.php" autocomplete="off">
+    <input type="hidden" name="sfl" value="<?=$sfl?>">
+    <input type="hidden" name="stx" value="<?=$stx?>">
+    <input type="hidden" name="sst" value="<?=$sst?>">
+    <input type="hidden" name="sod" value="<?=$sod?>">
+    <input type="hidden" name="page" value="<?=$page?>">
+    <input type="hidden" name="token" value="<?=$token?>">

-if ($stx)
-    echo "<script type='text/javascript'>document.fsearch.sfl.value = '$sfl';</script>\n";
+    <table class="frm_tbl">
+    <colgroup>
+        <col class="grid_3">
+        <col>
+    </colgroup>
+    <tbody>
+    <tr>
+        <th scope="row"><label for="mb_id">회원아이디<strong class="sound_only">필수</strong></label></th>
+        <td><input type="text" name="mb_id" value="<?=$mb_id?>" id="mb_id" class="required frm_input" required></td>
+    </tr>
+    <tr>
+        <th scope="row"><label for="po_content">포인트 내용<strong class="sound_only">필수</strong></label></th>
+        <td><input type="text" name="po_content" id="po_content" required class="required frm_input" size="80"></td>
+    </tr>
+    <tr>
+        <th scope="row"><label for="po_point">포인트<strong class="sound_only">필수</strong></label></th>
+        <td><input type="text" name="po_point" id="po_point" required class="required frm_input"></td>
+    </tr>
+    </tbody>
+    </table>

-if (strstr($sfl, "mb_id"))
-    $mb_id = $stx;
-else
-    $mb_id = "";
-?>
-</form>
+    <fieldset id="admin_confirm">
+        <legend>XSS 혹은 CSRF 방지</legend>
+        <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
+        <label for="admin_password">관리자패스워드<strong class="sound_only">필수</strong></label>
+        <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
+    </fieldset>

-<script type='text/javascript'> document.fsearch.stx.focus(); </script>
+    <div class="btn_confirm">
+        <input type="submit" value="확인" class="btn_submit">
+    </div>

-<?$colspan=5?>
-<p>
-<form name=fpointlist2 method=post onsubmit="return fpointlist2_submit(this);" autocomplete="off">
-<input type=hidden name=sfl   value='<?=$sfl?>'>
-<input type=hidden name=stx   value='<?=$stx?>'>
-<input type=hidden name=sst   value='<?=$sst?>'>
-<input type=hidden name=sod   value='<?=$sod?>'>
-<input type=hidden name=page  value='<?=$page?>'>
-<input type=hidden name=token value='<?=$token?>'>
-<table width=100% cellpadding=0 cellspacing=1 class=tablebg>
-<colgroup width=150>
-<colgroup width=''>
-<colgroup width=100>
-<colgroup width=120>
-<colgroup width=100>
-<tr><td colspan='<?=$colspan?>' class='line1'></td></tr>
-<tr class='bgcol1 bold col1 ht center'>
-    <td>회원아이디</td>
-    <td>포인트 내용</td>
-    <td>포인트</td>
-    <td>관리자패스워드</td>
-    <td>입력</td>
-</tr>
-<tr><td colspan='<?=$colspan?>' class='line2'></td></tr>
-<tr class='ht center'>
-    <td><input type=text class=ed name=mb_id required itemname='회원아이디' value='<?=$mb_id?>'></td>
-    <td><input type=text class=ed name=po_content required itemname='내용' style='width:99%;'></td>
-    <td><input type=text class=ed name=po_point required itemname='포인트' size=10></td>
-    <td><input type=password class=ed name=admin_password required itemname='관리자 패스워드'></td>
-    <td><input type=submit class=btn1 value='  확  인  '></td>
-</tr>
-<tr><td colspan='<?=$colspan?>' class='line2'></td></tr>
-</form>
-</table>
+    </form>

-<script type="text/javascript">
-function fpointlist2_submit(f)
-{
-    f.action = "./point_update.php";
-    return true;
-}
-</script>
+</section>

 <?
-include_once ("./admin.tail.php");
+include_once ('./admin.tail.php');
 ?>