firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

사용자 코드 체크 및 정리

Browse Source
This commit is contained in:
chicpro
2014-03-26 17:14:30 +09:00
parent e61c402067
commit 1c9f0f6018
19 changed files with 65 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/current_connect.php
View File

@ -18,7 +18,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
$list[$i]['name'] = get_sideview($row['mb_id'], cut_str($row['mb_nick'], $config['cf_cut_name']), $row['mb_email'], $row['mb_homepage']);
} else {
if ($is_admin)
$list[$i]['name'] = $row[lo_ip];
$list[$i]['name'] = $row['lo_ip'];
else
$list[$i]['name'] = preg_replace("/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/", G5_IP_DISPLAY, $row['lo_ip']);
}

10
bbs/email_stop.php
View File

@ -1,15 +1,15 @@
<?php
include_once('./_common.php');
$sql = " select mb_id, mb_email, mb_datetime from {$g5[member_table]} where mb_id = '{$mb_id}' ";
$sql = " select mb_id, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' ";
$row = sql_fetch($sql);
if (!$row[mb_id])
alert('존재하는 회원이 아닙니다.', G5_PATH);
if (!$row['mb_id'])
alert('존재하는 회원이 아닙니다.', G5_URL);
if ($mb_md5) {
$tmp_md5 = md5($row[mb_id].$row[mb_email].$row[mb_datetime]);
$tmp_md5 = md5($row['mb_id'].$row['mb_email'].$row['mb_datetime']);
if ($mb_md5 == $tmp_md5) {
sql_query(" update {$g5[member_table]} set mb_mailling = 0 where mb_id = '{$mb_id}' ");
sql_query(" update {$g5['member_table']} set mb_mailling = 0 where mb_id = '{$mb_id}' ");
alert('정보메일을 보내지 않도록 수신거부 하였습니다.', G5_URL);
}

2
bbs/formmail_send.php
View File

@ -28,7 +28,7 @@ for ($i=1; $i<=$attach; $i++) {
$content = stripslashes($content);
if ($type == 2) {
$type = 1;
$content = preg_replace("/\n/", "<br>", $content);
$content = str_replace("\n", "<br>", $content);
}
// html 이면

12
bbs/link.php
View File

@ -1,23 +1,23 @@
<?php
include_once('./_common.php');
$html_title = '링크 &gt; '.conv_subject($write[wr_subject], 255);
$html_title = '링크 &gt; '.conv_subject($write['wr_subject'], 255);
if (!($bo_table && $wr_id && $no))
if (!($bo_table && $wr_id && $no))
alert_close('값이 제대로 넘어오지 않았습니다.');
// SQL Injection 예방
$row = sql_fetch(" select count(*) as cnt from {$g5[write_prefix]}{$bo_table} ", FALSE);
if (!$row[cnt])
$row = sql_fetch(" select count(*) as cnt from {$g5['write_prefix']}{$bo_table} ", FALSE);
if (!$row['cnt'])
alert_close('존재하는 게시판이 아닙니다.');
if (!$write['wr_link'.$no])
alert_close('링크가 없습니다.');
$ss_name = 'ss_link_'.$bo_table.'_'.$wr_id.'_'.$no;
if (empty($_SESSION[$ss_name]))
if (empty($_SESSION[$ss_name]))
{
$sql = " update {$g5[write_prefix]}{$bo_table} set wr_link{$no}_hit = wr_link{$no}_hit + 1 where wr_id = '{$wr_id}' ";
$sql = " update {$g5['write_prefix']}{$bo_table} set wr_link{$no}_hit = wr_link{$no}_hit + 1 where wr_id = '{$wr_id}' ";
sql_query($sql);
set_session($ss_name, true);

2
bbs/login_check.php
View File

@ -56,7 +56,7 @@ if ($auto_login) {
// 자동로그인 ---------------------------
// 쿠키 한달간 저장
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $mb['mb_password']);
set_cookie('ck_mb_id', $mb[mb_id], 86400 * 31);
set_cookie('ck_mb_id', $mb['mb_id'], 86400 * 31);
set_cookie('ck_auto', $key, 86400 * 31);
// 자동로그인 end ---------------------------
} else {

18
bbs/memo_delete.php
View File

@ -1,25 +1,25 @@
<?php
include_once('./_common.php');
if (!$member[mb_id])
if (!$is_member)
alert('회원만 이용하실 수 있습니다.');
$me_id = (int)$_REQUEST['me_id'];
$sql = " select * from {$g5[memo_table]} where me_id = '{$me_id}' ";
$sql = " select * from {$g5['memo_table']} where me_id = '{$me_id}' ";
$row = sql_fetch($sql);
if (!$row[mb_read_datetime][0]) // 메모 받기전이면
if (!$row['mb_read_datetime'][0]) // 메모 받기전이면
{
$sql = " update {$g5[member_table]}
$sql = " update {$g5['member_table']}
set mb_memo_call = ''
where mb_id = '{$row[me_recv_mb_id]}'
and mb_memo_call = '{$row[me_send_mb_id]}' ";
where mb_id = '{$row['me_recv_mb_id']}'
and mb_memo_call = '{$row['me_send_mb_id']}' ";
sql_query($sql);
}
$sql = " delete from {$g5[memo_table]}
where me_id = '{$me_id}'
and (me_recv_mb_id = '{$member[mb_id]}' or me_send_mb_id = '{$member[mb_id]}') ";
$sql = " delete from {$g5['memo_table']}
where me_id = '{$me_id}'
and (me_recv_mb_id = '{$member['mb_id']}' or me_send_mb_id = '{$member['mb_id']}') ";
sql_query($sql);
goto_url('./memo.php?kind='.$kind);

2
bbs/memo_form.php
View File

@ -25,7 +25,7 @@ if ($me_recv_mb_id)
{
$content = "\n\n\n".' >'
."\n".' >'
."\n".' >'.preg_replace("/\n/", "\n> ", get_text($row['me_memo'], 0))
."\n".' >'.str_replace("\n", "\n> ", get_text($row['me_memo'], 0))
."\n".' >'
.' >';

2
bbs/new.php
View File

@ -52,7 +52,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++) {
// 원글
$comment = "";
$comment_link = "";
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '$row[wr_id]' ");
$row2 = sql_fetch(" select * from {$tmp_write_table} where wr_id = '{$row['wr_id']}' ");
$list[$i] = $row2;
$name = get_sideview($row2['mb_id'], cut_str($row2['wr_name'], $config['cf_cut_name']), $row2['wr_email'], $row2['wr_homepage']);

13
bbs/new_delete.php
View File

@ -44,7 +44,7 @@ for($i=0;$i<count($_POST['chk_bn_id']);$i++)
if (!$row['wr_is_comment'])
{
if (!delete_point($row['mb_id'], $bo_table, $row['wr_id'], '쓰기'))
insert_point($row['mb_id'], $board['bo_write_point'] * (-1), "{$board['bo_subject']} $row[wr_id] 글삭제");
insert_point($row['mb_id'], $board['bo_write_point'] * (-1), "{$board['bo_subject']} {$row['wr_id']} 글삭제");
// 업로드된 파일이 있다면 파일삭제
$sql2 = " select * from {$g5['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row['wr_id']}' ";
@ -82,11 +82,16 @@ for($i=0;$i<count($_POST['chk_bn_id']);$i++)
sql_query(" delete from {$g5['scrap_table']} where bo_table = '$bo_table' and wr_id = '{$write['wr_id']}' ");
// 공지사항 삭제
$notice_array = explode("\n", trim($board['bo_notice']));
$notice_array = explode(",", trim($board['bo_notice']));
$bo_notice = "";
for ($k=0; $k<count($notice_array); $k++)
$lf = '';
for ($k=0; $k<count($notice_array); $k++) {
if ((int)$write['wr_id'] != (int)$notice_array[$k])
$bo_notice .= $notice_array[$k] . "\n";
$bo_notice .= $nl.$notice_array[$k];
if($bo_notice)
$lf = ',';
}
$bo_notice = trim($bo_notice);
sql_query(" update {$g5['board_table']} set bo_notice = '$bo_notice' where bo_table = '$bo_table' ");

4
bbs/password_check.php
View File

@ -6,12 +6,12 @@ if ($w == 's') {
$wr = get_write($write_table, $wr_id);
if (sql_password($wr_password) != $wr[wr_password])
if (sql_password($wr_password) != $wr['wr_password'])
alert('비밀번호가 틀립니다.');
// 세션에 아래 정보를 저장. 하위번호는 비밀번호없이 보아야 하기 때문임.
//$ss_name = 'ss_secret.'_'.$bo_table.'_'.$wr_id';
$ss_name = 'ss_secret_'.$bo_table.'_'.$wr[wr_num];
$ss_name = 'ss_secret_'.$bo_table.'_'.$wr['wr_num'];
//set_session("ss_secret", "$bo_table|$wr[wr_num]");
set_session($ss_name, TRUE);

18
bbs/poll_etc_update.php
View File

@ -2,18 +2,18 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
if ($w == '')
if ($w == '')
{
$po = sql_fetch(" select * from {$g5['poll_table']} where po_id = '{$po_id}' ");
if (!$po[po_id])
alert('po_id 값이 제대로 넘어오지 않았습니다.');
$tmp_row = sql_fetch(" select max(pc_id) as max_pc_id from {$g5[poll_etc_table]} ");
$pc_id = $tmp_row[max_pc_id] + 1;
$tmp_row = sql_fetch(" select max(pc_id) as max_pc_id from {$g5['poll_etc_table']} ");
$pc_id = $tmp_row['max_pc_id'] + 1;
$sql = " insert into {$g5[poll_etc_table]}
$sql = " insert into {$g5['poll_etc_table']}
( pc_id, po_id, mb_id, pc_name, pc_idea, pc_datetime )
values ( '{$pc_id}', '{$po_id}', '{$member[mb_id]}', '{$pc_name}', '{$pc_idea}', '".G5_TIME_YMDHIS."' ) ";
values ( '{$pc_id}', '{$po_id}', '{$member['mb_id']}', '{$pc_name}', '{$pc_idea}', '".G5_TIME_YMDHIS."' ) ";
sql_query($sql);
$pc_idea = stripslashes($pc_idea);
@ -39,12 +39,12 @@ if ($w == '')
$from_email = $member['mb_email'] ? $member['mb_email'] : $admin['mb_email'];
mailer($name, $from_email, $admin['mb_email'], '['.$config['cf_title'].'] 설문조사 기타의견 메일', $content, 1);
}
}
else if ($w == 'd')
}
else if ($w == 'd')
{
if ($member[mb_id] || $is_admin == 'super')
if ($member[mb_id] || $is_admin == 'super')
{
$sql = " delete from {$g5[poll_etc_table]} where pc_id = '{$pc_id}' ";
$sql = " delete from {$g5['poll_etc_table']} where pc_id = '{$pc_id}' ";
if (!$is_admin)
$sql .= " and mb_id = '{$member['mb_id']}' ";
sql_query($sql);

2
bbs/qalist.php
View File

@ -66,7 +66,7 @@ if(is_file($skin_file)) {
$page_rows = G5_IS_MOBILE ? $qaconfig['qa_mobile_page_rows'] : $qaconfig['qa_page_rows'];
$total_page = ceil($total_count / $page_rows); // 전체 페이지 계산
if (!$page) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
$from_record = ($page - 1) * $page_rows; // 시작 열을 구함
$sql = " select *

3
bbs/register_email.php
View File

@ -14,7 +14,7 @@ include_once('./_head.php');
<p>메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.</p>
<form method="post" name="fregister_email" onsubmit="return fregister_email_submit(this);">
<form method="post" name="fregister_email" action="<?php echo G5_HTTPS_BBS_URL.'/register_email_update.php'; ?>" onsubmit="return fregister_email_submit(this);">
<input type="hidden" name="mb_id" value="<?php echo $mb_id; ?>">
<div class="tbl_frm01 tbl_frm">
@ -43,7 +43,6 @@ function fregister_email_submit(f)
{
<?php echo chk_captcha_js(); ?>
f.action = "<?php echo G5_HTTPS_BBS_URL.'/register_email_update.php'; ?>";
return true;
}
</script>

4
bbs/register_form.php
View File

@ -51,10 +51,10 @@ if ($w == "") {
if ($is_admin)
alert('관리자의 회원정보는 관리자 화면에서 수정해 주십시오.', G5_URL);
if (!$member[mb_id])
if (!$is_member)
alert('로그인 후 이용하여 주십시오.', G5_URL);
if ($member[mb_id] != $mb_id)
if ($member['mb_id'] != $mb_id)
alert('로그인된 회원과 넘어온 정보가 서로 다릅니다.');
/*

5
bbs/rss.php
View File

@ -7,9 +7,14 @@ function specialchars_replace($str, $len=0) {
$str = substr($str, 0, $len);
}
$str = str_replace(array("&", "<", ">"), array("&amp;", "&lt;", "&gt;"), $str);
/*
$str = preg_replace("/&/", "&amp;", $str);
$str = preg_replace("/</", "&lt;", $str);
$str = preg_replace("/>/", "&gt;", $str);
*/
return $str;
}

2
bbs/scrap.php
View File

@ -18,7 +18,7 @@ $total_count = $row['cnt'];
$rows = $config['cf_page_rows'];
$total_page = ceil($total_count / $rows); // 전체 페이지 계산
if (!$page) $page = 1; // 페이지가 없으면 첫 페이지 (1 페이지)
if ($page < 1) $page = 1; // 페이지가 없으면 첫 페이지 (1 페이지)
$from_record = ($page - 1) * $rows; // 시작 열을 구함
$list = array();

4
bbs/search.php
View File

@ -140,7 +140,7 @@ if ($stx) {
$rows = $srows;
$total_page = ceil($total_count / $rows); // 전체 페이지 계산
if ($page == "") { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지)
$from_record = ($page - 1) * $rows; // 시작 열을 구함
for ($i=0; $i<count($search_table); $i++) {
@ -156,7 +156,7 @@ if ($stx) {
$k=0;
for ($idx=$table_index; $idx<count($search_table); $idx++) {
$sql = " select bo_subject from {$g5[board_table]} where bo_table = '{$search_table[$idx]}' ";
$sql = " select bo_subject from {$g5['board_table']} where bo_table = '{$search_table[$idx]}' ";
$row = sql_fetch($sql);
$bo_subject[$idx] = $row['bo_subject'];

7
bbs/view.php
View File

@ -122,7 +122,12 @@ $view['content'] = conv_content($view['wr_content'], $html);
if (strstr($sfl, 'content'))
$view['content'] = search_font($stx, $view['content']);
$view['rich_content'] = preg_replace("/{이미지\:([0-9]+)[:]?([^}]*)}/ie", "view_image(\$view, '\\1', '\\2')", $view['content']);
//$view['rich_content'] = preg_replace("/{이미지\:([0-9]+)[:]?([^}]*)}/ie", "view_image(\$view, '\\1', '\\2')", $view['content']);
$view['rich_content'] = preg_replace_callback("/{이미지\:([0-9]+)[:]?([^}]*)}/i",
function ($matches) {
global $view;
return view_image($view, $matches[1], $matches[2]);
}, $view['content']);
$is_signature = false;
$signature = '';

4
bbs/write.php
View File

@ -355,7 +355,7 @@ if ($w == '') {
$subject = "";
if (isset($write['wr_subject'])) {
$subject = preg_replace("/\"/", "&#034;", get_text(cut_str($write['wr_subject'], 255), 0));
$subject = str_replace("\"", "&#034;", get_text(cut_str($write['wr_subject'], 255), 0));
}
$content = '';
@ -365,7 +365,7 @@ if ($w == '') {
if (!strstr($write['wr_option'], 'html')) {
$content = "\n\n\n &gt; "
."\n &gt; "
."\n &gt; ".preg_replace("/\n/", "\n> ", get_text($write['wr_content'], 0))
."\n &gt; ".str_replace("\n", "\n> ", get_text($write['wr_content'], 0))
."\n &gt; "
."\n &gt; ";