firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

php8.0 버전 호환 코드 적용 및 PHP 끝 태그 삭제 일괄적용

Browse Source
This commit is contained in:
thisgun
2021-01-04 15:39:15 +09:00
parent 131b170b54
commit 27e9af5e42
1009 changed files with 12120 additions and 10849 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adm/shop_admin/_common.php
View File

@ -9,5 +9,4 @@ if (!defined('G5_USE_SHOP') || !G5_USE_SHOP)
include_once(G5_ADMIN_PATH.'/admin.lib.php');
include_once('./admin.shop.lib.php');
check_order_inicis_tmps();
?>
check_order_inicis_tmps();

3
adm/shop_admin/admin.shop.lib.php
View File

@ -218,5 +218,4 @@ function check_order_inicis_tmps(){
set_cookie('admin_visit_time', G5_SERVER_TIME, 3600); //1시간 간격으로 체크
}
} //end function check_order_inicis_tmps
?>
} //end function check_order_inicis_tmps;

7
adm/shop_admin/ajax.ca_id.php
View File

@ -1,17 +1,16 @@
<?php
include_once('./_common.php');
$ca_id = trim($_POST['ca_id']);
$ca_id = isset($_POST['ca_id']) ? trim($_POST['ca_id']) : '';
if (preg_match("/[^0-9a-z]/i", $ca_id)) {
die("{\"error\":\"분류코드는 영문자 숫자 만 입력 가능합니다.\"}");
}
$sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '{$ca_id}' ";
$row = sql_fetch($sql);
if ($row['ca_name']) {
if (isset($row['ca_name']) && $row['ca_name']) {
$ca_name = addslashes($row['ca_name']);
die("{\"error\":\"이미 등록된 분류코드 입니다.\\n\\n분류명 : {$ca_name}\"}");
}
die("{\"error\":\"\"}"); // 정상
?>
die("{\"error\":\"\"}"); // 정상;

5
adm/shop_admin/ajax.it_id.php
View File

@ -1,7 +1,7 @@
<?php
include_once('./_common.php');
$it_id = trim($_POST['it_id']);
$it_id = isset($_POST['it_id']) ? trim($_POST['it_id']) : '';
if (preg_match("/[^\w\-]/", $it_id)) { // \w : 0-9 A-Z a-z _
die("{\"error\":\"상품코드는 영문자 숫자 _ - 만 입력 가능합니다.\"}");
}
@ -12,5 +12,4 @@ if ($row['it_name']) {
die("{\"error\":\"이미 등록된 상품코드 입니다.\\n\\n상품명 : {$it_name}\"}");
}
die("{\"error\":\"\"}"); // 정상
?>
die("{\"error\":\"\"}"); // 정상;

4
adm/shop_admin/ajax.orderitem.php
View File

@ -2,9 +2,9 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$od_id = $_POST['od_id'];
$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : 0;
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql);

7
adm/shop_admin/ajax.skinfile.php
View File

@ -1,7 +1,9 @@
<?php
include_once('./_common.php');
if($type == 'mobile') {
$type = isset($_REQUEST['type']) ? clean_xss_tags($_REQUEST['type'], 1, 1) : '';
if($type === 'mobile') {
if(preg_match('#^theme/(.+)$#', $dir, $match))
$skin_dir = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/shop/'.$match[1];
else
@ -13,5 +15,4 @@ if($type == 'mobile') {
$skin_dir = G5_PATH.'/'.G5_SKIN_DIR.'/shop/'.$dir;
}
echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval);
?>
echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval);

16
adm/shop_admin/bannerform.php
View File

@ -2,9 +2,18 @@
$sub_menu = '500500';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$bn_id = preg_replace('/[^0-9]/', '', $bn_id);
$bn_id = isset($_REQUEST['bn_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['bn_id']) : 0;
$bn = array(
'bn_id'=>0,
'bn_alt'=>'',
'bn_device'=>'',
'bn_position'=>'',
'bn_border'=>'',
'bn_new_win'=>'',
'bn_order'=>''
);
$html_title = '배너';
$g5['title'] = $html_title.'관리';
@ -162,5 +171,4 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
</form>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

31
adm/shop_admin/bannerformupdate.php
View File

@ -4,20 +4,31 @@ include_once('./_common.php');
check_demo();
if ($W == 'd')
auth_check($auth[$sub_menu], "d");
$w = isset($_POST['w']) ? $_POST['w'] : '';
if ($w == 'd')
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@mkdir(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
$bn_bimg = $_FILES['bn_bimg']['tmp_name'];
$bn_bimg_name = $_FILES['bn_bimg']['name'];
$bn_id = (int) $bn_id;
$bn_bimg = isset($_FILES['bn_bimg']['tmp_name']) ? $_FILES['bn_bimg']['tmp_name'] : '';
$bn_bimg_name = isset($_FILES['bn_bimg']['name']) ? $_FILES['bn_bimg']['name'] : '';
$bn_id = isset($_POST['bn_id']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
$bn_bimg_del = (isset($_POST['bn_bimg_del']) && $_POST['bn_bimg_del']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
$bn_url = isset($_POST['bn_url']) ? strip_tags(clean_xss_attributes($bn_url)) : '';
$bn_alt = isset($_POST['bn_alt']) ? strip_tags(clean_xss_attributes($bn_alt)) : '';
$bn_device = isset($_POST['bn_device']) ? clean_xss_tags($_POST['bn_device'], 1, 1) : '';
$bn_position = isset($_POST['bn_position']) ? clean_xss_tags($_POST['bn_position'], 1, 1) : '';
$bn_border = isset($_POST['bn_border']) ? (int) $_POST['bn_border'] : 0;
$bn_new_win = isset($_POST['bn_new_win']) ? (int) $_POST['bn_new_win'] : 0;
$bn_begin_time = isset($_POST['bn_begin_time']) ? clean_xss_tags($_POST['bn_begin_time'], 1, 1) : '';
$bn_end_time = isset($_POST['bn_end_time']) ? clean_xss_tags($_POST['bn_end_time'], 1, 1) : '';
$bn_order = isset($_POST['bn_order']) ? (int) $_POST['bn_order'] : 0;
if ($bn_bimg_del) @unlink(G5_DATA_PATH."/banner/$bn_id");
@ -34,9 +45,6 @@ if( $bn_bimg || $bn_bimg_name ){
}
}
$bn_url = strip_tags(clean_xss_attributes($bn_url));
$bn_alt = strip_tags(clean_xss_attributes($bn_alt));
if ($w=="")
{
if (!$bn_bimg_name) alert('배너 이미지를 업로드 하세요.');
@ -91,5 +99,4 @@ if ($w == "" || $w == "u")
goto_url("./bannerform.php?w=u&amp;bn_id=$bn_id");
} else {
goto_url("./bannerlist.php");
}
?>
}

5
adm/shop_admin/bannerlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500500';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$bn_position = (isset($_GET['bn_position']) && in_array($_GET['bn_position'], array('메인', '왼쪽'))) ? $_GET['bn_position'] : '';
$bn_device = (isset($_GET['bn_device']) && in_array($_GET['bn_device'], array('pc', 'mobile'))) ? $_GET['bn_device'] : 'both';
@ -184,5 +184,4 @@ jQuery(function($) {
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

32
adm/shop_admin/categoryform.php
View File

@ -3,9 +3,32 @@ $sub_menu = '400200';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : '';
$ca_id = isset($_GET['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['ca_id']) : '';
$ca = array(
'ca_skin_dir'=>'',
'ca_mobile_skin_dir'=>'',
'ca_name'=>'',
'ca_order'=>'',
'ca_mb_id'=>'',
'ca_skin_dir'=>'',
'ca_cert_use'=>0,
'ca_adult_use'=>0,
'ca_sell_email'=>'',
'ca_nocoupon'=>0,
'ca_include_head'=>'',
'ca_include_tail'=>'',
'ca_head_html'=>'',
'ca_tail_html'=>'',
'ca_mobile_head_html'=>'',
'ca_mobile_tail_html'=>'',
);
for($i=0;$i<=10;$i++){
$ca['ca_'.$i.'_subj'] = '';
$ca['ca_'.$i] = '';
}
$sql_common = " from {$g5['g5_shop_category_table']} ";
if ($is_admin != 'super')
@ -69,7 +92,7 @@ else if ($w == "u")
{
$sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
$ca = sql_fetch($sql);
if (!$ca['ca_id'])
if (! (isset($ca['ca_id']) && $ca['ca_id']))
alert("자료가 없습니다.");
$html_title = $ca['ca_name'] . " 수정";
@ -616,5 +639,4 @@ jQuery(function($){
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

82
adm/shop_admin/categoryformupdate.php
View File

@ -2,7 +2,17 @@
$sub_menu = '400200';
include_once('./_common.php');
if ($file = $_POST['ca_include_head']) {
auth_check_menu($auth, $sub_menu, "w");
$ca_include_head = isset($_POST['ca_include_head']) ? trim($_POST['ca_include_head']) : '';
$ca_include_tail = isset($_POST['ca_include_tail']) ? trim($_POST['ca_include_tail']) : '';
$ca_id = isset($_REQUEST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_REQUEST['ca_id']) : '';
if( ! $ca_id ){
alert('', G5_SHOP_URL);
}
if ($file = $ca_include_head) {
$file_ext = pathinfo($file, PATHINFO_EXTENSION);
if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
@ -10,7 +20,7 @@ if ($file = $_POST['ca_include_head']) {
}
}
if ($file = $_POST['ca_include_tail']) {
if ($file = $ca_include_tail) {
$file_ext = pathinfo($file, PATHINFO_EXTENSION);
if (! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || !preg_match("/\.(php|htm[l]?)$/i", $file)) {
@ -18,12 +28,11 @@ if ($file = $_POST['ca_include_tail']) {
}
}
if( isset($_POST['ca_id']) ){
$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
if( $ca_id ){
$sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
$ca = sql_fetch($sql);
if (($ca['ca_include_head'] !== $_POST['ca_include_head'] || $ca['ca_include_tail'] !== $_POST['ca_include_tail']) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
if ($ca && ($ca['ca_include_head'] !== $ca_include_head || $ca['ca_include_tail'] !== $ca_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
if (!chk_captcha()) {
@ -32,11 +41,55 @@ if( isset($_POST['ca_id']) ){
}
}
if(!is_include_path_check($_POST['ca_include_head'], 1)) {
$check_str_keys = array(
'ca_order'=>'int',
'ca_img_width'=>'int',
'ca_img_height'=>'int',
'ca_name'=>'str',
'ca_mb_id'=>'str',
'ca_nocoupon'=>'str',
'ca_mobile_skin_dir'=>'str',
'ca_skin'=>'str',
'ca_mobile_skin'=>'str',
'ca_list_mod'=>'int',
'ca_list_row'=>'int',
'ca_mobile_img_width'=>'int',
'ca_mobile_img_height'=>'int',
'ca_mobile_list_mod'=>'int',
'ca_mobile_list_row'=>'int',
'ca_sell_email'=>'str',
'ca_use'=>'int',
'ca_stock_qty'=>'int',
'ca_explan_html'=>'int',
'ca_cert_use'=>'int',
'ca_adult_use'=>'int',
'ca_skin_dir'=>'str'
);
for($i=0;$i<=10;$i++){
$check_str_keys['ca_'.$i.'_subj'] = 'str';
$check_str_keys['ca_'.$i] = 'str';
}
foreach( $check_str_keys as $key=>$val ){
if( $val === 'int' ){
$value = isset($_POST[$key]) ? (int) $_POST[$key] : 0;
} else {
$value = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
$$key = $_POST[$key] = $value;
}
$ca_head_html = isset($_POST['ca_head_html']) ? $_POST['ca_head_html'] : '';
$ca_tail_html = isset($_POST['ca_tail_html']) ? $_POST['ca_tail_html'] : '';
$ca_mobile_head_html = isset($_POST['ca_mobile_head_html']) ? $_POST['ca_mobile_head_html'] : '';
$ca_mobile_tail_html = isset($_POST['ca_mobile_tail_html']) ? $_POST['ca_mobile_tail_html'] : '';
if(!is_include_path_check($ca_include_head, 1)) {
alert('상단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
}
if(!is_include_path_check($_POST['ca_include_tail'], 1)) {
if(!is_include_path_check($ca_include_tail, 1)) {
alert('하단 파일 경로에 포함시킬수 없는 문자열이 있습니다.');
}
@ -48,14 +101,6 @@ foreach( $check_keys as $key ){
}
}
$check_str_keys = array('ca_name', 'ca_mb_id', 'ca_sell_email');
foreach( $check_str_keys as $key ){
$$key = $_POST[$key] = strip_tags(clean_xss_attributes($_POST[$key]));
}
$ca_include_head = $_POST['ca_include_head'];
$ca_include_tail = $_POST['ca_include_tail'];
if( function_exists('filter_input_include_path') ){
$ca_include_head = filter_input_include_path($ca_include_head);
$ca_include_tail = filter_input_include_path($ca_include_tail);
@ -64,7 +109,7 @@ if( function_exists('filter_input_include_path') ){
if ($w == "u" || $w == "d")
check_demo();
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
check_admin_token();
@ -158,7 +203,7 @@ else if ($w == "u")
sql_query($sql);
// 하위분류를 똑같은 설정으로 반영
if ($sub_category) {
if (isset($_POST['sub_category']) && $_POST['sub_category']) {
$len = strlen($ca_id);
$sql = " update {$g5['g5_shop_category_table']}
set $sql_common
@ -208,5 +253,4 @@ if ($w == "" || $w == "u")
goto_url("./categoryform.php?w=u&amp;ca_id=$ca_id&amp;$qstr");
} else {
goto_url("./categorylist.php?$qstr");
}
?>
}

15
adm/shop_admin/categorylist.php
View File

@ -2,13 +2,16 @@
$sub_menu = '400200';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '분류관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
$where = " where ";
$sql_search = "";
$sfl = in_array($sfl, array('ca_name', 'ca_id', 'ca_mb_id')) ? $sfl : '';
if ($stx != "") {
if ($sfl != "") {
$sql_search .= " $where $sfl like '%$stx%' ";
@ -62,9 +65,9 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="ca_name"<?php echo get_selected($_GET['sfl'], "ca_name", true); ?>>분류명</option>
<option value="ca_id"<?php echo get_selected($_GET['sfl'], "ca_id", true); ?>>분류코드</option>
<option value="ca_mb_id"<?php echo get_selected($_GET['sfl'], "ca_mb_id", true); ?>>회원아이디</option>
<option value="ca_name"<?php echo get_selected($sfl, "ca_name", true); ?>>분류명</option>
<option value="ca_id"<?php echo get_selected($sfl, "ca_id", true); ?>>분류코드</option>
<option value="ca_mb_id"<?php echo get_selected($sfl, "ca_mb_id", true); ?>>회원아이디</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
@ -107,6 +110,7 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
</thead>
<tbody>
<?php
$s_add = $s_vie = $s_upd = $s_del = '';
for ($i=0; $row=sql_fetch_array($result); $i++)
{
$level = strlen($row['ca_id']) / 2 - 1;
@ -283,5 +287,4 @@ $(function() {
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

47
adm/shop_admin/categorylistupdate.php
View File

@ -4,11 +4,13 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
for ($i=0; $i<count($_POST['ca_id']); $i++)
$post_ca_id_count = (isset($_POST['ca_id']) && is_array($_POST['ca_id'])) ? count($_POST['ca_id']) : 0;
for ($i=0; $i<$post_ca_id_count; $i++)
{
$str_ca_mb_id = isset($_POST['ca_mb_id'][$i]) ? strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])) : '';
@ -61,28 +63,35 @@ for ($i=0; $i<count($_POST['ca_id']); $i++)
}
$p_ca_name = is_array($_POST['ca_name']) ? strip_tags(clean_xss_attributes($_POST['ca_name'][$i])) : '';
$posts = array();
$check_keys = array('ca_mb_id', 'ca_id', 'ca_use', 'ca_list_mod', 'ca_cert_use', 'ca_adult_use', 'ca_skin', 'ca_mobile_skin', 'ca_skin_dir', 'ca_mobile_skin_dir', 'ca_img_width', 'ca_img_height', 'ca_list_row', 'ca_mobile_list_mod', 'ca_mobile_list_row');
foreach($check_keys as $key){
$posts[$key] = (isset($_POST[$key]) && isset($_POST[$key][$i])) ? $_POST[$key][$i] : '';
}
$sql = " update {$g5['g5_shop_category_table']}
set ca_name = '".$p_ca_name."',
ca_mb_id = '".sql_real_escape_string(strip_tags(clean_xss_attributes($_POST['ca_mb_id'][$i])))."',
ca_use = '".sql_real_escape_string(strip_tags($_POST['ca_use'][$i]))."',
ca_list_mod = '".sql_real_escape_string(strip_tags($_POST['ca_list_mod'][$i]))."',
ca_cert_use = '".sql_real_escape_string(strip_tags($_POST['ca_cert_use'][$i]))."',
ca_adult_use = '".sql_real_escape_string(strip_tags($_POST['ca_adult_use'][$i]))."',
ca_skin = '".sql_real_escape_string(strip_tags($_POST['ca_skin'][$i]))."',
ca_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_skin'][$i]))."',
ca_skin_dir = '".sql_real_escape_string(strip_tags($_POST['ca_skin_dir'][$i]))."',
ca_mobile_skin_dir = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_skin_dir'][$i]))."',
ca_img_width = '".sql_real_escape_string(strip_tags($_POST['ca_img_width'][$i]))."',
ca_img_height = '".sql_real_escape_string(strip_tags($_POST['ca_img_height'][$i]))."',
ca_list_row = '".sql_real_escape_string(strip_tags($_POST['ca_list_row'][$i]))."',
ca_mobile_list_mod = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_list_mod'][$i]))."',
ca_mobile_list_row = '".sql_real_escape_string(strip_tags($_POST['ca_mobile_list_row'][$i]))."'
where ca_id = '".sql_real_escape_string($_POST['ca_id'][$i])."' ";
ca_mb_id = '".sql_real_escape_string(strip_tags(clean_xss_attributes($posts['ca_mb_id'])))."',
ca_use = '".sql_real_escape_string(strip_tags($posts['ca_use']))."',
ca_list_mod = '".sql_real_escape_string(strip_tags($posts['ca_list_mod']))."',
ca_cert_use = '".sql_real_escape_string(strip_tags($posts['ca_cert_use']))."',
ca_adult_use = '".sql_real_escape_string(strip_tags($posts['ca_adult_use']))."',
ca_skin = '".sql_real_escape_string(strip_tags($posts['ca_skin']))."',
ca_mobile_skin = '".sql_real_escape_string(strip_tags($posts['ca_mobile_skin']))."',
ca_skin_dir = '".sql_real_escape_string(strip_tags($posts['ca_skin_dir']))."',
ca_mobile_skin_dir = '".sql_real_escape_string(strip_tags($posts['ca_mobile_skin_dir']))."',
ca_img_width = '".sql_real_escape_string(strip_tags($posts['ca_img_width']))."',
ca_img_height = '".sql_real_escape_string(strip_tags($posts['ca_img_height']))."',
ca_list_row = '".sql_real_escape_string(strip_tags($posts['ca_list_row']))."',
ca_mobile_list_mod = '".sql_real_escape_string(strip_tags($posts['ca_mobile_list_mod']))."',
ca_mobile_list_row = '".sql_real_escape_string(strip_tags($posts['ca_mobile_list_row']))."'
where ca_id = '".sql_real_escape_string($posts['ca_id'])."' ";
sql_query($sql);
}
goto_url("./categorylist.php?$qstr");
?>
goto_url("./categorylist.php?$qstr");

3
adm/shop_admin/codedupcheck.php
View File

@ -17,5 +17,4 @@ else if ($ca_id)
$name = $row['ca_name'];
}
echo '{ "code": "' . $code . '", "name": "' . $name . '" }';
?>
echo '{ "code": "' . $code . '", "name": "' . $name . '" }';

22
adm/shop_admin/configform.php
View File

@ -3,11 +3,12 @@ $sub_menu = '400100';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
if (!$config['cf_icode_server_ip']) $config['cf_icode_server_ip'] = '211.172.232.124';
if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295';
$userinfo = array('payment'=>'');
if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
$userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
}
@ -1943,6 +1944,14 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
if($default['de_pg_service'] == 'lg') {
$log_path = G5_LGXPAY_PATH.'/lgdacom/log';
try {
if( ! is_dir($log_path) && is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){
@mkdir($log_path, G5_DIR_PERMISSION);
@chmod($log_path, G5_DIR_PERMISSION);
}
} catch(Exception $e) {
}
if(!is_dir($log_path)) {
if( is_writable(G5_LGXPAY_PATH.'/lgdacom/') ){
@ -1990,6 +1999,14 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
}
$log_path = G5_SHOP_PATH.'/inicis/log';
try {
if( ! is_dir($log_path) && is_writable(G5_SHOP_PATH.'/inicis/') ){
@mkdir($log_path, G5_DIR_PERMISSION);
@chmod($log_path, G5_DIR_PERMISSION);
}
} catch(Exception $e) {
}
if(!is_dir($log_path)) {
echo '<script>'.PHP_EOL;
@ -2030,5 +2047,4 @@ if($default['de_iche_use'] || $default['de_vbank_use'] || $default['de_hp_use']
}
}
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

31
adm/shop_admin/configformupdate.php
View File

@ -4,36 +4,30 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
// 대표전화번호 유효성 체크
if(!check_vaild_callback($_POST['de_admin_company_tel']))
if(! (isset($_POST['de_admin_company_tel']) && check_vaild_callback($_POST['de_admin_company_tel'])) )
alert('대표전화번호를 올바르게 입력해 주세요.');
// 로그인을 바로 이 주소로 하는 경우 쇼핑몰설정값이 사라지는 현상을 방지
if (!$_POST['de_admin_company_owner']) goto_url("./configform.php");
if ($_POST['logo_img_del']) @unlink(G5_DATA_PATH."/common/logo_img");
if ($_POST['logo_img_del2']) @unlink(G5_DATA_PATH."/common/logo_img2");
if ($_POST['mobile_logo_img_del']) @unlink(G5_DATA_PATH."/common/mobile_logo_img");
if ($_POST['mobile_logo_img_del2']) @unlink(G5_DATA_PATH."/common/mobile_logo_img2");
if (! empty($_POST['logo_img_del'])) @unlink(G5_DATA_PATH."/common/logo_img");
if (! empty($_POST['logo_img_del2'])) @unlink(G5_DATA_PATH."/common/logo_img2");
if (! empty($_POST['mobile_logo_img_del'])) @unlink(G5_DATA_PATH."/common/mobile_logo_img");
if (! empty($_POST['mobile_logo_img_del2'])) @unlink(G5_DATA_PATH."/common/mobile_logo_img2");
if ($_FILES['logo_img']['name']) upload_file($_FILES['logo_img']['tmp_name'], "logo_img", G5_DATA_PATH."/common");
if ($_FILES['logo_img2']['name']) upload_file($_FILES['logo_img2']['tmp_name'], "logo_img2", G5_DATA_PATH."/common");
if ($_FILES['mobile_logo_img']['name']) upload_file($_FILES['mobile_logo_img']['tmp_name'], "mobile_logo_img", G5_DATA_PATH."/common");
if ($_FILES['mobile_logo_img2']['name']) upload_file($_FILES['mobile_logo_img2']['tmp_name'], "mobile_logo_img2", G5_DATA_PATH."/common");
$de_kcp_mid = substr($_POST['de_kcp_mid'],0,3);
$de_kcp_mid = isset($_POST['de_kcp_mid']) ? substr($_POST['de_kcp_mid'], 0, 3) : '';
$cf_icode_server_port = isset($cf_icode_server_port) ? preg_replace('/[^0-9]/', '', $cf_icode_server_port) : '7295';
// kcp 전자결제를 사용할 때 site key 입력체크
if($_POST['de_pg_service'] == 'kcp' && !$_POST['de_card_test'] && ($_POST['de_iche_use'] || $_POST['de_vbank_use'] || $_POST['de_hp_use'] || $_POST['de_card_use'])) {
if(trim($_POST['de_kcp_site_key']) == '')
alert('NHN KCP SITE KEY를 입력해 주십시오.');
}
$de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_skin']) : 'basic';
$de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_mobile_skin']) : 'basic';
@ -244,11 +238,17 @@ $check_sanitize_keys = array(
);
foreach( $check_sanitize_keys as $key ){
$$key = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
$$key = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
$warning_msg = '';
// kcp 전자결제를 사용할 때 site key 입력체크
if($de_pg_service == 'kcp' && ! $de_card_test && ($de_iche_use || $de_vbank_use || $de_hp_use || $de_card_use)) {
if(! trim($de_kcp_site_key))
alert('NHN KCP SITE KEY를 입력해 주십시오.');
}
if( $de_kakaopay_enckey && ($de_pg_service === 'inicis' || $de_inicis_lpay_use || $de_inicis_kakaopay_use) ){
$warning_msg = 'KG 이니시스 결제 또는 L.pay 또는 KG이니시스 카카오페이를 사용시 결제모듈 중복문제로 카카오페이를 활성화 할수 없습니다. \\n\\n카카오페이 사용을 비활성화 합니다.';
@ -459,5 +459,4 @@ if( $warning_msg ){
alert($warning_msg, "./configform.php");
} else {
goto_url("./configform.php");
}
?>
}

18
adm/shop_admin/couponform.php
View File

@ -2,7 +2,20 @@
$sub_menu = '400800';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$cp_id = isset($_REQUEST['cp_id']) ? clean_xss_tags($_REQUEST['cp_id'], 1, 1) : '';
$cp = array(
'cp_method'=>'',
'cp_subject'=>'',
'cp_target'=>'',
'mb_id'=>'',
'cp_type'=>'',
'cp_price'=>'',
'cp_trunc'=>'',
'cp_minimum'=>'',
'cp_maximum'=>'',
);
$g5['title'] = '쿠폰관리';
@ -279,5 +292,4 @@ function form_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

6
adm/shop_admin/couponformupdate.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400800';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@ -21,6 +21,7 @@ $check_sanitize_keys = array(
'cp_trunc', // 절사금액
'cp_minimum', // 최소주문금액
'cp_maximum', // 최대할인금액
'chk_all_mb' // 전체회원 체크
);
foreach( $check_sanitize_keys as $key ){
@ -263,5 +264,4 @@ if($w == '' && ($_POST['cp_sms_send'] || $_POST['cp_email_send'])) {
}
}
goto_url('./couponlist.php');
?>
goto_url('./couponlist.php');

11
adm/shop_admin/couponlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400800';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql_common = " from {$g5['g5_shop_coupon_table']} ";
@ -56,9 +56,9 @@ $colspan = 9;
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<select name="sfl" title="검색대상">
<option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
<option value="cp_subject"<?php echo get_selected($_GET['sfl'], "cp_subject"); ?>>쿠폰이름</option>
<option value="cp_id"<?php echo get_selected($_GET['sfl'], "cp_id"); ?>>쿠폰코드</option>
<option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
<option value="cp_subject"<?php echo get_selected($sfl, "cp_subject"); ?>>쿠폰이름</option>
<option value="cp_id"<?php echo get_selected($sfl, "cp_id"); ?>>쿠폰코드</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -184,5 +184,4 @@ function fcouponlist_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

9
adm/shop_admin/couponlist_delete.php
View File

@ -4,22 +4,21 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sql = " delete from {$g5['g5_shop_coupon_table']} where cp_id = '".preg_replace('/[^a-z0-9_\-]/i', '', $_POST['cp_id'][$k])."' ";
sql_query($sql);
}
goto_url('./couponlist.php?'.$qstr);
?>
goto_url('./couponlist.php?'.$qstr);

7
adm/shop_admin/couponmember.php
View File

@ -2,7 +2,9 @@
$sub_menu = '400800';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$mb_name = isset($_REQUEST['mb_name']) ? clean_xss_tags($_REQUEST['mb_name'], 1, 1) : '';
$html_title = '회원검색';
@ -94,5 +96,4 @@ function sel_member_id(id)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

9
adm/shop_admin/coupontarget.php
View File

@ -2,10 +2,10 @@
$sub_menu = '400800';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$sch_target = substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1);
$sch_word = clean_xss_tags(strip_tags($_GET['sch_word']));
$sch_target = isset($_GET['sch_target']) ? substr(preg_replace('/[^a-zA-Z0-9]/', '', strip_tags($_GET['sch_target'])), 0, 1) : '';
$sch_word = isset($_GET['sch_word']) ? clean_xss_tags(strip_tags($_GET['sch_word'])) : '';
if($_GET['sch_target'] == 1) {
$html_title = '분류';
@ -124,5 +124,4 @@ function sel_target_id(id)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

22
adm/shop_admin/couponzoneform.php
View File

@ -2,9 +2,24 @@
$sub_menu = '400810';
include_once('./_common.php');
$cz_id = (int) $cz_id;
$cz_id = isset($_REQUEST['cz_id']) ? (int) $_REQUEST['cz_id'] : 0;
$cp = array(
'cp_method'=>'',
'cz_subject'=>'',
'cp_target'=>'',
'cp_price'=>'',
'cp_trunc'=>'',
'cp_type'=>'',
'mb_id'=>'',
'cz_type'=>'',
'cz_point'=>'',
'cp_price'=>'',
'cz_file'=>'',
'cp_minimum'=>'',
'cp_maximum'=>'',
);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$g5['title'] = '쿠폰존 쿠폰관리';
@ -303,5 +318,4 @@ function form_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/shop_admin/couponzoneformupdate.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400810';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@ -150,5 +150,4 @@ if($_FILES['cp_img']['tmp_name']) {
sql_query($sql);
}
goto_url('./couponzonelist.php?'.$qstr);
?>
goto_url('./couponzonelist.php?'.$qstr);

5
adm/shop_admin/couponzonelist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400810';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql_common = " from {$g5['g5_shop_coupon_zone_table']} ";
@ -174,5 +174,4 @@ function fcouponzonelist_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

11
adm/shop_admin/couponzonelist_delete.php
View File

@ -4,23 +4,22 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$ccz_id = (int) $_POST['cz_id'][$k];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$ccz_id = isset($_POST['cz_id'][$k]) ? (int) $_POST['cz_id'][$k] : 0;
$sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$ccz_id}' ";
sql_query($sql);
}
goto_url('./couponzonelist.php?'.$qstr);
?>
goto_url('./couponzonelist.php?'.$qstr);

9
adm/shop_admin/index.php
View File

@ -280,6 +280,7 @@ function get_max_value($arr)
$option_noti = (int)$row['cnt'];
// SMS 정보
$userinfo = array('coin'=>0);
if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
$userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
}
@ -341,10 +342,11 @@ function get_max_value($arr)
<tbody>
<?php
$case = array('신용카드', '계좌이체', '가상계좌', '무통장', '휴대폰', '포인트', '쿠폰');
$val_cnt = 0;
foreach($case as $val)
{
$val_cnt ++;
$val_cnt++;
?>
<tr>
<th scope="row" id="th_val_<?php echo $val_cnt; ?>" class="td_category"><?php echo $val; ?></th>
@ -538,5 +540,4 @@ function graph_draw()
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

21
adm/shop_admin/inorderform.php
View File

@ -2,7 +2,9 @@
$sub_menu = '400410';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
$g5['title'] = "미완료주문 내역";
include_once(G5_ADMIN_PATH.'/admin.head.php');
@ -33,7 +35,7 @@ $tot_cp_price = 0;
if($od['mb_id']) {
// 상품쿠폰
$tot_it_cp_price = $tot_od_cp_price = 0;
$it_cp_cnt = count($data['cp_id']);
$it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
$arr_it_cp_prc = array();
for($i=0; $i<$it_cp_cnt; $i++) {
$cid = $data['cp_id'][$i];
@ -44,7 +46,7 @@ if($od['mb_id']) {
and mb_id IN ( '{$od['mb_id']}', '전체회원' )
and cp_method IN ( 0, 1 ) ";
$cp = sql_fetch($sql);
if(!$cp['cp_id'])
if(! (isset($cp['cp_id']) && $cp['cp_id']))
continue;
// 사용한 쿠폰인지
@ -96,7 +98,7 @@ if($od['mb_id']) {
$tot_od_price -= $tot_it_cp_price;
// 주문쿠폰
if($data['od_cp_id']) {
if(isset($data['od_cp_id']) && $data['od_cp_id']) {
$sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
from {$g5['g5_shop_coupon_table']}
where cp_id = '{$data['od_cp_id']}'
@ -163,10 +165,10 @@ if($od['mb_id'] && $od_send_cost > 0) {
}
// 추가배송비
$od_send_cost2 = (int)$data['od_send_cost2'];
$od_send_cost2 = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
// 포인트
$od_temp_point = (int)$data['od_temp_point'];
$od_temp_point = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
$order_price = $tot_od_price + $od_send_cost + $od_send_cost2 - $tot_sc_cp_price - $od_temp_point;
@ -258,7 +260,7 @@ $pg_anchor = '<ul class="anchor">
$ct_point['stotal'] = $opt['ct_point'] * $opt['ct_qty'];
if($k == 0)
$opt_cp_price = (int)$arr_it_cp_prc[$row['it_id']];
$opt_cp_price = isset($arr_it_cp_prc[$row['it_id']]) ? (int) $arr_it_cp_prc[$row['it_id']] : 0;
else
$opt_cp_price = 0;
?>
@ -266,7 +268,7 @@ $pg_anchor = '<ul class="anchor">
<?php if($k == 0) { ?>
<td rowspan="<?php echo $rowspan; ?>">
<?php echo $image; ?> <?php echo stripslashes($row['it_name']); ?>
<?php if($od['od_tax_flag'] && $row['ct_notax']) echo '[비과세상품]'; ?>
<?php if(isset($od['od_tax_flag']) && $od['od_tax_flag'] && $row['ct_notax']) echo '[비과세상품]'; ?>
</td>
<?php } ?>
<td><?php echo $opt['ct_option']; ?></td>
@ -569,5 +571,4 @@ function del_confirm()
</script>
<?php
include_once(G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once(G5_ADMIN_PATH.'/admin.tail.php');

46
adm/shop_admin/inorderformupdate.php
View File

@ -5,18 +5,20 @@ include_once('./_common.php');
check_demo();
if($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
//------------------------------------------------------------------------------
// 주문서 정보
//------------------------------------------------------------------------------
$sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql);
if (!$od['od_id']) {
if (! (isset($od['od_id']) && $od['od_id'])) {
alert("해당 주문번호로 미완료 주문서가 존재하지 않습니다.");
}
@ -37,18 +39,18 @@ $row = sql_fetch($sql);
$tot_ct_price = $row['od_price'];
$cart_count = $row['cart_count'];
$tot_od_price = $tot_ct_price;
$i_price = (int)$data['od_price'];
$i_send_cost = (int)$data['od_send_cost'];
$i_send_cost2 = (int)$data['od_send_cost2'];
$i_send_coupon = (int)$data['od_send_coupon'];
$i_temp_point = (int)$data['od_temp_point'];
$i_price = isset($data['od_price']) ? (int) $data['od_price'] : 0;
$i_send_cost = isset($data['od_send_cost']) ? (int) $data['od_send_cost'] : 0;
$i_send_cost2 = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
$i_send_coupon = isset($data['od_send_coupon']) ? (int) $data['od_send_coupon'] : 0;
$i_temp_point = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
// 쿠폰금액
$tot_cp_price = 0;
if($od['mb_id']) {
// 상품쿠폰
$tot_it_cp_price = $tot_od_cp_price = 0;
$it_cp_cnt = count($data['cp_id']);
$it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
$arr_it_cp_prc = array();
for($i=0; $i<$it_cp_cnt; $i++) {
$cid = $data['cp_id'][$i];
@ -59,7 +61,7 @@ if($od['mb_id']) {
and mb_id IN ( '{$od['mb_id']}', '전체회원' )
and cp_method IN ( 0, 1 ) ";
$cp = sql_fetch($sql);
if(!$cp['cp_id'])
if(! (isset($cp['cp_id']) && $cp['cp_id']))
continue;
// 사용한 쿠폰인지
@ -111,7 +113,7 @@ if($od['mb_id']) {
$tot_od_price -= $tot_it_cp_price;
// 주문쿠폰
if($data['od_cp_id']) {
if(isset($data['od_cp_id']) && $data['od_cp_id']) {
$sql = " select cp_id, cp_type, cp_price, cp_trunc, cp_minimum, cp_maximum
from {$g5['g5_shop_coupon_table']}
where cp_id = '{$data['od_cp_id']}'
@ -178,10 +180,10 @@ if($od['mb_id'] && $od_send_cost > 0) {
}
// 추가배송비
$od_send_cost2 = (int)$data['od_send_cost2'];
$od_send_cost2 = isset($data['od_send_cost2']) ? (int) $data['od_send_cost2'] : 0;
// 포인트
$od_temp_point = (int)$data['od_temp_point'];
$od_temp_point = isset($data['od_temp_point']) ? (int) $data['od_temp_point'] : 0;
$i_price = $i_price + $i_send_cost + $i_send_cost2 - $i_temp_point - $i_send_coupon;
$order_price = $tot_od_price + $od_send_cost + $od_send_cost2 - $tot_sc_cp_price - $od_temp_point;
@ -238,6 +240,10 @@ $od_receipt_point = $od_temp_point;
$od_receipt_time = $od['dt_time'];
$od_misu = 0;
$od_status = '입금';
$od_bank_account = isset($data['od_bank_account']) ? clean_xss_tags($data['od_bank_account'], 1, 1) : '';
$od_tno = '';
$od_app_no = '';
$od_hope_date = isset($data['od_hope_date']) ? clean_xss_tags($data['od_hope_date'], 1, 1) : '';
// 주문서에 입력
$sql = " insert {$g5['g5_shop_order_table']}
@ -287,7 +293,7 @@ $sql = " insert {$g5['g5_shop_order_table']}
od_free_mny = '$od_free_mny',
od_status = '$od_status',
od_shop_memo = '',
od_hope_date = '{$data['od_hope_date']}',
od_hope_date = '{$od_hope_date}',
od_time = '{$od['dt_time']}',
od_ip = '{$data['od_ip']}',
od_settle_case = '{$data['od_settle_case']}',
@ -313,11 +319,11 @@ if ($od['mb_id'] && $od_receipt_point)
// 쿠폰사용내역기록
if($od['mb_id']) {
$it_cp_cnt = count($data['cp_id']);
$it_cp_cnt = (isset($data['cp_id']) && is_array($data['cp_id'])) ? count($data['cp_id']) : 0;
for($i=0; $i<$it_cp_cnt; $i++) {
$cid = $data['cp_id'][$i];
$cp_it_id = $data['it_id'][$i];
$cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
$cp_prc = isset($arr_it_cp_prc[$cp_it_id]) ? (int) $arr_it_cp_prc[$cp_it_id] : 0;
if(trim($cid)) {
$sql = " insert into {$g5['g5_shop_coupon_log_table']}
@ -330,7 +336,6 @@ if($od['mb_id']) {
}
// 쿠폰사용금액 cart에 기록
$cp_prc = (int)$arr_it_cp_prc[$cp_it_id];
$sql = " update {$g5['g5_shop_cart_table']}
set cp_price = '$cp_prc'
where od_id = '$od_id'
@ -341,7 +346,7 @@ if($od['mb_id']) {
sql_query($sql);
}
if($data['od_cp_id']) {
if(isset($data['od_cp_id']) && $data['od_cp_id']) {
$sql = " insert into {$g5['g5_shop_coupon_log_table']}
set cp_id = '{$data['od_cp_id']}',
mb_id = '{$od['mb_id']}',
@ -351,7 +356,7 @@ if($od['mb_id']) {
sql_query($sql);
}
if($data['sc_cp_id']) {
if(isset($data['sc_cp_id']) && $data['sc_cp_id']) {
$sql = " insert into {$g5['g5_shop_coupon_log_table']}
set cp_id = '{$data['sc_cp_id']}',
mb_id = '{$od['mb_id']}',
@ -385,5 +390,4 @@ echo 'if(confirm("복구하신 주문 상세페이지로 이동하시겠습니
echo 'document.location.href = "./orderform.php?od_id='.$od_id.'";'.PHP_EOL;
echo 'else'.PHP_EOL;
echo 'document.location.href = "./inorderlist.php?'.str_replace('&amp;', '&', $qstr).'";'.PHP_EOL;
echo '</script>'.PHP_EOL;
?>
echo '</script>'.PHP_EOL;

7
adm/shop_admin/inorderlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400410';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql_common = " from {$g5['g5_shop_order_data_table']} ";
@ -57,7 +57,7 @@ $colspan = 10;
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<select name="sfl" title="검색대상">
<option value="od_id"<?php echo get_selected($_GET['sfl'], "od_id"); ?>>주문번호</option>
<option value="od_id"<?php echo get_selected($sfl, "od_id"); ?>>주문번호</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -172,5 +172,4 @@ function finorderlist_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

13
adm/shop_admin/inorderlistdelete.php
View File

@ -4,22 +4,21 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sql = " delete from {$g5['g5_shop_order_data_table']} where od_id = '{$_POST['od_id'][$k]}' ";
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
$sql = " delete from {$g5['g5_shop_order_data_table']} where od_id = '{$od_id}' ";
sql_query($sql);
}
goto_url('./inorderlist.php');
?>
goto_url('./inorderlist.php');

5
adm/shop_admin/itemcopy.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
$ca_id = preg_replace('/[^0-9a-z]/i', '', $ca_id);
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '상품 복사';
include_once(G5_PATH.'/head.sub.php');
@ -51,5 +51,4 @@ function _copy(link)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
adm/shop_admin/itemcopyupdate.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@ -161,5 +161,4 @@ sql_query($sql);
$qstr = "ca_id=$ca_id&amp;sfl=$sfl&amp;sca=$sca&amp;page=$page&amp;stx=".urlencode($stx)."&amp;save_stx=".urlencode($save_stx);
goto_url("itemlist.php?$qstr");
?>
goto_url("itemlist.php?$qstr");

3
adm/shop_admin/itemdelete.inc.php
View File

@ -111,5 +111,4 @@ if (!function_exists("itemdelete")) {
run_event('shop_admin_delete_item_file', $it_id);
itemdelete($it_id);
?>
itemdelete($it_id);

5
adm/shop_admin/itemevent.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '이벤트관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -85,5 +85,4 @@ function itemeventwin(ev_id)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

25
adm/shop_admin/itemeventform.php
View File

@ -3,9 +3,18 @@ $sub_menu = '500300';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
$ev_id = isset($_REQUEST['ev_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['ev_id']) : '';
$ev = array(
'ev_subject'=>'',
'ev_subject_strong'=>'',
'ev_id'=>'',
'ev_head_html'=>'',
'ev_tail_html'=>''
);
$res_item = null;
$html_title = "이벤트";
$g5['title'] = $html_title.' 관리';
@ -232,6 +241,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<span class="srel_pad"></span>
<div id="reg_item_list" class="srel_sel">
<?php
if( $res_item ) {
for($i=0; $row=sql_fetch_array($res_item); $i++) {
$it_name = get_it_image($row['it_id'], 50, 50).' '.$row['it_name'];
@ -244,8 +254,8 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<div class="list_item_btn"><button type="button" class="del_item btn_frmline">삭제</button></div>
</li>
<?php
}
} // end for
} // end if
if($i > 0)
echo '</ul>';
else
@ -392,7 +402,7 @@ $(function() {
}
var cont = "<li>"+$li.html().replace("add_item", "del_item").replace("추가", "삭제")+"</li>";
var count = $("#reg_item_list li").size();
var count = $("#reg_item_list li").length;
if(count > 0) {
$("#reg_item_list li:last").after(cont);
@ -409,7 +419,7 @@ $(function() {
$(this).closest("li").remove();
var count = $("#reg_item_list li").size();
var count = $("#reg_item_list li").length;
if(count < 1)
$("#reg_item_list").html("<p>등록된 상품이 없습니다.</p>");
});
@ -443,5 +453,4 @@ function feventform_check(f)
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

31
adm/shop_admin/itemeventformupdate.php
View File

@ -6,15 +6,37 @@ if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@mkdir(G5_DATA_PATH."/event", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/event", G5_DIR_PERMISSION);
$ev_mimg_del = isset($_POST['ev_mimg_del']) ? (int) $_POST['ev_mimg_del'] : 0;
$ev_himg_del = isset($_POST['ev_himg_del']) ? (int) $_POST['ev_himg_del'] : 0;
$ev_timg_del = isset($_POST['ev_timg_del']) ? (int) $_POST['ev_timg_del'] : 0;
$ev_skin = isset($_POST['ev_skin']) ? clean_xss_tags($_POST['ev_skin'], 1, 1) : '';
$ev_mobile_skin = isset($_POST['ev_mobile_skin']) ? clean_xss_tags($_POST['ev_mobile_skin'], 1, 1) : '';
$ev_img_width = isset($_POST['ev_img_width']) ? (int) $_POST['ev_img_width'] : 0;
$ev_img_height = isset($_POST['ev_img_height']) ? (int) $_POST['ev_img_height'] : 0;
$ev_list_mod = isset($_POST['ev_list_mod']) ? (int) $_POST['ev_list_mod'] : 0;
$ev_list_row = isset($_POST['ev_list_row']) ? (int) $_POST['ev_list_row'] : 0;
$ev_mobile_img_width = isset($_POST['ev_mobile_img_width']) ? (int) $_POST['ev_mobile_img_width'] : 0;
$ev_mobile_img_height = isset($_POST['ev_mobile_img_height']) ? (int) $_POST['ev_mobile_img_height'] : 0;
$ev_mobile_list_mod = isset($_POST['ev_mobile_list_mod']) ? (int) $_POST['ev_mobile_list_mod'] : 0;
$ev_mobile_list_row = isset($_POST['ev_mobile_list_row']) ? (int) $_POST['ev_mobile_list_row'] : 0;
$ev_use = isset($_POST['ev_use']) ? (int) $_POST['ev_use'] : 0;
$ev_subject_strong = isset($_POST['ev_subject_strong']) ? (int) $_POST['ev_subject_strong'] : 0;
$ev_subject = isset($_POST['ev_subject']) ? clean_xss_tags($_POST['ev_subject'], 1, 1) : '';
$ev_head_html = isset($_POST['ev_head_html']) ? $_POST['ev_head_html'] : '';
$ev_tail_html = isset($_POST['ev_tail_html']) ? $_POST['ev_tail_html'] : '';
if ($ev_mimg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
@ -90,7 +112,7 @@ if ($w == "" || $w == "u")
$count = count($item);
for($i=0; $i<$count; $i++) {
$it_id = $item[$i];
$it_id = isset($item[$i]) ? $item[$i] : '';
if($it_id) {
$sql = " insert into {$g5['g5_shop_event_item_table']}
set ev_id = '$ev_id',
@ -104,5 +126,4 @@ if ($w == "" || $w == "u")
else
{
goto_url("./itemevent.php");
}
?>
}

19
adm/shop_admin/itemeventlist.php
View File

@ -2,15 +2,15 @@
$sub_menu = '500310';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$ev_id = preg_replace('/[^0-9]/', '', $ev_id);
$sort1 = strip_tags($sort1);
if (!in_array($sort1, array('a.it_id', 'it_name'))) $sort1 = "a.it_id";
$sel_field = in_array($sel_field, array('a.it_id', 'it_name')) ? strip_tags($sel_field) : 'it_name';
$sel_ca_id = get_search_string($sel_ca_id);
$search = get_search_string($search);
$ev_title = isset($ev_title) ? strip_tags($ev_title) : '';
$ev_id = isset($_GET['ev_id']) ? preg_replace('/[^0-9]/', '', $_GET['ev_id']) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('a.it_id', 'it_name'))) ? $_GET['sort1'] : 'a.it_id';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('a.it_id', 'it_name')) ) ? $_GET['sel_field'] : 'it_name';
$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
$ev_title = isset($ev_title) ? clean_xss_tags($ev_title, 1, 1) : '';
$g5['title'] = '이벤트일괄처리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -212,5 +212,4 @@ function fitemeventlistupdatecheck(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

11
adm/shop_admin/itemeventlistupdate.php
View File

@ -4,11 +4,13 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
for ($i=0; $i<count($_POST['it_id']); $i++)
$post_it_id_count = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
for ($i=0; $i<$post_it_id_count; $i++)
{
$iit_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]);
$iit_id = isset($_POST['it_id'][$i]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]) : '';
$sql = " delete from {$g5['g5_shop_event_item_table']}
where ev_id = '$ev_id'
@ -25,5 +27,4 @@ for ($i=0; $i<count($_POST['it_id']); $i++)
}
goto_url('./itemeventlist.php?ev_id='.$ev_id.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;sel_ca_id='.$sel_ca_id.'&amp;sel_field='.$sel_field.'&amp;search='.$search.'&amp;page='.$page);
?>
goto_url('./itemeventlist.php?ev_id='.$ev_id.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;sel_ca_id='.$sel_ca_id.'&amp;sel_field='.$sel_field.'&amp;search='.$search.'&amp;page='.$page);

5
adm/shop_admin/itemeventsearch.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$ca_id = trim($ca_id);
$it_name = trim(strip_tags($it_name));
@ -45,5 +45,4 @@ if($list)
else
$list = '<p>등록된 상품이 없습니다.</p>';
echo $list;
?>
echo $list;

5
adm/shop_admin/itemeventwin.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql = " select ev_subject from {$g5['g5_shop_event_table']} where ev_id = '$ev_id' ";
$ev = sql_fetch($sql);
@ -61,5 +61,4 @@ include_once(G5_PATH.'/head.sub.php');
</div>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

8
adm/shop_admin/itemeventwindel.php
View File

@ -4,10 +4,12 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
$ev_id = isset($_REQUEST['ev_id']) ? (int) $_REQUEST['ev_id'] : 0;
$it_id = isset($_REQUEST['it_id']) ? safe_replace_regex($_REQUEST['it_id'], 'it_id') : '';
$sql = " delete from {$g5['g5_shop_event_item_table']} where ev_id = '$ev_id' and it_id = '$it_id' ";
sql_query($sql);
goto_url("./itemeventwin.php?ev_id=$ev_id");
?>
goto_url("./itemeventwin.php?ev_id=$ev_id");

5
adm/shop_admin/itemexcel.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$g5['title'] = '엑셀파일로 상품 일괄 등록';
include_once(G5_PATH.'/head.sub.php');
@ -41,5 +41,4 @@ include_once(G5_PATH.'/head.sub.php');
</div>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

161
adm/shop_admin/itemexcelupdate.php
View File

@ -6,67 +6,29 @@ include_once('./_common.php');
set_time_limit ( 0 );
ini_set('memory_limit', '50M');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
function only_number($n)
{
return preg_replace('/[^0-9]/', '', $n);
}
if($_FILES['excelfile']['tmp_name']) {
$is_upload_file = (isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) ? 1 : 0;
if( ! $is_upload_file){
alert("엑셀 파일을 업로드해 주세요.");
}
if($is_upload_file) {
$file = $_FILES['excelfile']['tmp_name'];
include_once(G5_LIB_PATH.'/Excel/reader.php');
include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
$data = new Spreadsheet_Excel_Reader();
$objPHPExcel = PHPExcel_IOFactory::load($file);
$sheet = $objPHPExcel->getSheet(0);
// Set output Encoding.
$data->setOutputEncoding('UTF-8');
/***
* if you want you can change 'iconv' to mb_convert_encoding:
* $data->setUTFEncoder('mb');
*
**/
/***
* By default rows & cols indeces start with 1
* For change initial index use:
* $data->setRowColOffset(0);
*
**/
/***
* Some function for formatting output.
* $data->setDefaultFormat('%.2f');
* setDefaultFormat - set format for columns with unknown formatting
*
* $data->setColumnFormat(4, '%.3f');
* setColumnFormat - set format for column (apply only to number fields)
*
**/
$data->read($file);
/*
$data->sheets[0]['numRows'] - count rows
$data->sheets[0]['numCols'] - count columns
$data->sheets[0]['cells'][$i][$j] - data from $i-row $j-column
$data->sheets[0]['cellsInfo'][$i][$j] - extended info about cell
$data->sheets[0]['cellsInfo'][$i][$j]['type'] = "date" | "number" | "unknown"
if 'type' == "unknown" - use 'raw' value, because cell contain value with format '0.00';
$data->sheets[0]['cellsInfo'][$i][$j]['raw'] = value if cell without format
$data->sheets[0]['cellsInfo'][$i][$j]['colspan']
$data->sheets[0]['cellsInfo'][$i][$j]['rowspan']
*/
error_reporting(E_ALL ^ E_NOTICE);
$num_rows = $sheet->getHighestRow();
$highestColumn = $sheet->getHighestColumn();
$dup_it_id = array();
$fail_it_id = array();
@ -75,51 +37,56 @@ if($_FILES['excelfile']['tmp_name']) {
$fail_count = 0;
$succ_count = 0;
for ($i = 3; $i <= $data->sheets[0]['numRows']; $i++) {
for ($i = 3; $i <= $num_rows; $i++) {
$total_count++;
$j = 1;
$j = 0;
$it_id = addslashes($data->sheets[0]['cells'][$i][$j++]);
$ca_id = addslashes($data->sheets[0]['cells'][$i][$j++]);
$ca_id2 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$ca_id3 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_name = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_maker = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_origin = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_brand = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_model = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_type1 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_type2 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_type3 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_type4 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_type5 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_basic = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_explan = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_mobile_explan = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_cust_price = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_price = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_tel_inq = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_point = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_point_type = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_sell_email = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_use = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_stock_qty = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_noti_qty = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_buy_min_qty = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_buy_max_qty = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_notax = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_order = addslashes(only_number($data->sheets[0]['cells'][$i][$j++]));
$it_img1 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img2 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img3 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img4 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img5 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img6 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img7 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img8 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img9 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$it_img10 = addslashes($data->sheets[0]['cells'][$i][$j++]);
$rowData = $sheet->rangeToArray('A' . $i . ':' . $highestColumn . $i,
NULL,
TRUE,
FALSE);
$it_id = addslashes($rowData[0][$j++]);
$ca_id = addslashes($rowData[0][$j++]);
$ca_id2 = addslashes($rowData[0][$j++]);
$ca_id3 = addslashes($rowData[0][$j++]);
$it_name = addslashes($rowData[0][$j++]);
$it_maker = addslashes($rowData[0][$j++]);
$it_origin = addslashes($rowData[0][$j++]);
$it_brand = addslashes($rowData[0][$j++]);
$it_model = addslashes($rowData[0][$j++]);
$it_type1 = addslashes($rowData[0][$j++]);
$it_type2 = addslashes($rowData[0][$j++]);
$it_type3 = addslashes($rowData[0][$j++]);
$it_type4 = addslashes($rowData[0][$j++]);
$it_type5 = addslashes($rowData[0][$j++]);
$it_basic = addslashes($rowData[0][$j++]);
$it_explan = addslashes($rowData[0][$j++]);
$it_mobile_explan = addslashes($rowData[0][$j++]);
$it_cust_price = addslashes(only_number($rowData[0][$j++]));
$it_price = addslashes(only_number($rowData[0][$j++]));
$it_tel_inq = addslashes($rowData[0][$j++]);
$it_point = addslashes(only_number($rowData[0][$j++]));
$it_point_type = addslashes(only_number($rowData[0][$j++]));
$it_sell_email = addslashes($rowData[0][$j++]);
$it_use = addslashes($rowData[0][$j++]);
$it_stock_qty = addslashes(only_number($rowData[0][$j++]));
$it_noti_qty = addslashes(only_number($rowData[0][$j++]));
$it_buy_min_qty = addslashes(only_number($rowData[0][$j++]));
$it_buy_max_qty = addslashes(only_number($rowData[0][$j++]));
$it_notax = addslashes(only_number($rowData[0][$j++]));
$it_order = addslashes(only_number($rowData[0][$j++]));
$it_img1 = addslashes($rowData[0][$j++]);
$it_img2 = addslashes($rowData[0][$j++]);
$it_img3 = addslashes($rowData[0][$j++]);
$it_img4 = addslashes($rowData[0][$j++]);
$it_img5 = addslashes($rowData[0][$j++]);
$it_img6 = addslashes($rowData[0][$j++]);
$it_img7 = addslashes($rowData[0][$j++]);
$it_img8 = addslashes($rowData[0][$j++]);
$it_img9 = addslashes($rowData[0][$j++]);
$it_img10 = addslashes($rowData[0][$j++]);
$it_explan2 = strip_tags(trim($it_explan));
if(!$it_id || !$ca_id || !$it_name) {
@ -130,7 +97,7 @@ if($_FILES['excelfile']['tmp_name']) {
// it_id 중복체크
$sql2 = " select count(*) as cnt from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
$row2 = sql_fetch($sql2);
if($row2['cnt']) {
if(isset($row2['cnt']) && $row2['cnt']) {
$fail_it_id[] = $it_id;
$dup_it_id[] = $it_id;
$dup_count++;
@ -141,7 +108,7 @@ if($_FILES['excelfile']['tmp_name']) {
// 기본분류체크
$sql2 = " select count(*) as cnt from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
$row2 = sql_fetch($sql2);
if(!$row2['cnt']) {
if(! (isset($row2['cnt']) && $row2['cnt'])) {
$fail_it_id[] = $it_id;
$fail_count++;
continue;
@ -190,6 +157,7 @@ if($_FILES['excelfile']['tmp_name']) {
it_img8 = '$it_img8',
it_img9 = '$it_img9',
it_img10 = '$it_img10' ";
sql_query($sql);
$succ_count++;
@ -233,5 +201,4 @@ include_once(G5_PATH.'/head.sub.php');
</div>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

98
adm/shop_admin/itemform.php
View File

@ -4,10 +4,73 @@ include_once('./_common.php');
include_once(G5_EDITOR_LIB);
include_once(G5_LIB_PATH.'/iteminfo.lib.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$html_title = "상품 ";
$it = array(
'it_id'=>'',
'it_skin'=>'',
'it_mobile_skin'=>'',
'it_name'=>'',
'it_basic'=>'',
'it_order'=>0,
'it_type1'=>0,
'it_type2'=>0,
'it_type3'=>0,
'it_type4'=>0,
'it_type5'=>0,
'it_brand'=>'',
'it_model'=>'',
'it_tel_inq'=>0,
'it_use'=>0,
'it_nocoupon'=>0,
'ec_mall_pid'=>'',
'it_mobile_explan'=>'',
'it_sell_email'=>'',
'it_shop_memo'=>'',
'it_info_gubun'=>'',
'it_explan'=>'',
'it_point_type'=>0,
'it_cust_price'=>0,
'it_option_subject'=>'',
'it_price'=>0,
'it_point'=>0,
'it_supply_point'=>0,
'it_soldout'=>0,
'it_stock_sms'=>0,
'it_stock_qty'=>0,
'it_noti_qty'=>0,
'it_buy_min_qty'=>0,
'it_buy_max_qty'=>0,
'it_notax'=>0,
'it_supply_subject'=>'',
'it_sc_type'=>0,
'it_sc_method'=>0,
'it_sc_price'=>0,
'it_sc_minimum'=>0,
'it_sc_qty'=>0,
'it_img1'=>'',
'it_img2'=>'',
'it_img3'=>'',
'it_img4'=>'',
'it_img5'=>'',
'it_img6'=>'',
'it_img7'=>'',
'it_img8'=>'',
'it_img9'=>'',
'it_img10'=>'',
'it_head_html'=>'',
'it_tail_html'=>'',
'it_mobile_head_html'=>'',
'it_mobile_tail_html'=>'',
);
for($i=0;$i<=10;$i++){
$it['it_'.$i.'_subj'] = '';
$it['it_'.$i] = '';
}
if ($w == "")
{
$html_title .= "입력";
@ -21,7 +84,7 @@ if ($w == "")
{
$sql = " select ca_id from {$g5['g5_shop_category_table']} order by ca_order, ca_id limit 1 ";
$row = sql_fetch($sql);
if (!$row['ca_id'])
if (! (isset($row['ca_id']) && $row['ca_id']))
alert("등록된 분류가 없습니다. 우선 분류를 등록하여 주십시오.", './categorylist.php');
$it['ca_id'] = $row['ca_id'];
}
@ -50,7 +113,7 @@ else if ($w == "u")
if(!$it)
alert('상품정보가 존재하지 않습니다.');
if (!$ca_id)
if (! (isset($ca_id) && $ca_id))
$ca_id = $it['ca_id'];
$sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
@ -711,7 +774,7 @@ $(function(){
<tr>
<th scope="row">
<label for="opt1_subject">옵션1</label>
<input type="text" name="opt1_subject" value="<?php echo $opt_subject[0]; ?>" id="opt1_subject" class="frm_input" size="15">
<input type="text" name="opt1_subject" value="<?php echo isset($opt_subject[0]) ? $opt_subject[0] : ''; ?>" id="opt1_subject" class="frm_input" size="15">
</th>
<td>
<label for="opt1"><b>옵션1 항목</b></label>
@ -721,7 +784,7 @@ $(function(){
<tr>
<th scope="row">
<label for="opt2_subject">옵션2</label>
<input type="text" name="opt2_subject" value="<?php echo $opt_subject[1]; ?>" id="opt2_subject" class="frm_input" size="15">
<input type="text" name="opt2_subject" value="<?php echo isset($opt_subject[1]) ? $opt_subject[1] : ''; ?>" id="opt2_subject" class="frm_input" size="15">
</th>
<td>
<label for="opt2"><b>옵션2 항목</b></label>
@ -731,7 +794,7 @@ $(function(){
<tr>
<th scope="row">
<label for="opt3_subject">옵션3</label>
<input type="text" name="opt3_subject" value="<?php echo $opt_subject[2]; ?>" id="opt3_subject" class="frm_input" size="15">
<input type="text" name="opt3_subject" value="<?php echo isset($opt_subject[2]) ? $opt_subject[2] : ''; ?>" id="opt3_subject" class="frm_input" size="15">
</th>
<td>
<label for="opt3"><b>옵션3 항목</b></label>
@ -814,7 +877,7 @@ $(function(){
// 선택삭제
$(document).on("click", "#sel_option_delete", function() {
var $el = $("input[name='opt_chk[]']:checked");
if($el.size() < 1) {
if($el.length < 1) {
alert("삭제하려는 옵션을 하나 이상 선택해 주십시오.");
return false;
}
@ -824,7 +887,7 @@ $(function(){
// 일괄적용
$(document).on("click", "#opt_value_apply", function() {
if($(".opt_com_chk:checked").size() < 1) {
if($(".opt_com_chk:checked").length < 1) {
alert("일괄 수정할 항목을 하나이상 체크해 주십시오.");
return false;
}
@ -836,7 +899,7 @@ $(function(){
var $el = $("input[name='opt_chk[]']:checked");
// 체크된 옵션이 있으면 체크된 것만 적용
if($el.size() > 0) {
if($el.length > 0) {
var $tr;
$el.each(function() {
$tr = $(this).closest("tr");
@ -1020,7 +1083,7 @@ $(function(){
// 선택삭제
$(document).on("click", "#sel_supply_delete", function() {
var $el = $("input[name='spl_chk[]']:checked");
if($el.size() < 1) {
if($el.length < 1) {
alert("삭제하려는 옵션을 하나 이상 선택해 주십시오.");
return false;
}
@ -1030,7 +1093,7 @@ $(function(){
// 일괄적용
$(document).on("click", "#spl_value_apply", function() {
if($(".spl_com_chk:checked").size() < 1) {
if($(".spl_com_chk:checked").length < 1) {
alert("일괄 수정할 항목을 하나이상 체크해 주십시오.");
return false;
}
@ -1042,7 +1105,7 @@ $(function(){
var $el = $("input[name='spl_chk[]']:checked");
// 체크된 옵션이 있으면 체크된 것만 적용
if($el.size() > 0) {
if($el.length > 0) {
var $tr;
$el.each(function() {
$tr = $(this).closest("tr");
@ -1382,7 +1445,7 @@ $(function(){
}
var cont = "<li>"+$li.html().replace("add_item", "del_item").replace("추가", "삭제")+"</li>";
var count = $("#reg_relation li").size();
var count = $("#reg_relation li").length;
if(count > 0) {
$("#reg_relation li:last").after(cont);
@ -1399,7 +1462,7 @@ $(function(){
$(this).closest("li").remove();
var count = $("#reg_relation li").size();
var count = $("#reg_relation li").length;
if(count < 1)
$("#reg_relation").html("<p>선택된 상품이 없습니다.</p>");
});
@ -1501,7 +1564,7 @@ $(function(){
}
var cont = "<li>"+$li.html().replace("add_event", "del_event").replace("추가", "삭제")+"</li>";
var count = $("#reg_event_list li").size();
var count = $("#reg_event_list li").length;
if(count > 0) {
$("#reg_event_list li:last").after(cont);
@ -1516,7 +1579,7 @@ $(function(){
$(this).closest("li").remove();
var count = $("#reg_event_list li").size();
var count = $("#reg_event_list li").length;
if(count < 1)
$("#reg_event_list").html("<p>선택된 이벤트가 없습니다.</p>");
});
@ -1863,5 +1926,4 @@ categorychange(document.fitemform);
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/shop_admin/itemformrelation.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$ca_id = trim($ca_id);
$it_name = trim(strip_tags($it_name));
@ -44,5 +44,4 @@ if($list)
else
$list = '<p>등록된 상품이 없습니다.';
echo $list;
?>
echo $list;

46
adm/shop_admin/itemformupdate.php
View File

@ -6,9 +6,9 @@ if ($w == "u" || $w == "d")
check_demo();
if ($w == '' || $w == 'u')
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
else if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
check_admin_token();
@ -18,9 +18,9 @@ check_admin_token();
// input vars 체크
check_input_vars();
$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : '';
$ca_id2 = isset($ca_id2) ? preg_replace('/[^0-9a-z]/i', '', $ca_id2) : '';
$ca_id3 = isset($ca_id3) ? preg_replace('/[^0-9a-z]/i', '', $ca_id3) : '';
$ca_id = isset($_POST['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id']) : '';
$ca_id2 = isset($_POST['ca_id2']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id2']) : '';
$ca_id3 = isset($_POST['ca_id3']) ? preg_replace('/[^0-9a-z]/i', '', $_POST['ca_id3']) : '';
if ($is_admin != 'super') { // 최고관리자가 아니면 체크
$sql = "select b.ca_mb_id from {$g5['g5_shop_item_table']} a , {$g5['g5_shop_category_table']} b where (a.ca_id = b.ca_id) and a.it_id = '$it_id'";
@ -31,6 +31,7 @@ if ($is_admin != 'super') { // 최고관리자가 아니면 체크
}
}
$it_img1 = $it_img2 = $it_img3 = $it_img4 = $it_img5 = $it_img6 = $it_img7 = $it_img8 = $it_img9 = $it_img10 = '';
// 파일정보
if($w == "u") {
$sql = " select it_img1, it_img2, it_img3, it_img4, it_img5, it_img6, it_img7, it_img8, it_img9, it_img10
@ -52,6 +53,10 @@ if($w == "u") {
$it_img_dir = G5_DATA_PATH.'/item';
for($i=0;$i<=10;$i++){
${'it_img'.$i.'_del'} = ! empty($_POST['it_img1_del']) ? 1 : 0;
}
// 파일삭제
if ($it_img1_del) {
$file_img1 = $it_img_dir.'/'.$it_img1;
@ -223,18 +228,21 @@ sql_query(" delete from {$g5['g5_shop_event_item_table']} where it_id = '$it_id'
sql_query(" delete from {$g5['g5_shop_item_option_table']} where io_type = '0' and it_id = '$it_id' "); // 기존선택옵션삭제
$option_count = (isset($_POST['opt_id']) && is_array($_POST['opt_id'])) ? count($_POST['opt_id']) : array();
$it_option_subject = '';
$it_supply_subject = '';
if($option_count) {
// 옵션명
$opt1_cnt = $opt2_cnt = $opt3_cnt = 0;
for($i=0; $i<$option_count; $i++) {
$_POST['opt_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i]));
$post_opt_id = isset($_POST['opt_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['opt_id'][$i])) : '';
$opt_val = explode(chr(30), $_POST['opt_id'][$i]);
if($opt_val[0])
$opt_val = explode(chr(30), $post_opt_id);
if(isset($opt_val[0]) && $opt_val[0])
$opt1_cnt++;
if($opt_val[1])
if(isset($opt_val[1]) && $opt_val[1])
$opt2_cnt++;
if($opt_val[2])
if(isset($opt_val[2]) && $opt_val[2])
$opt3_cnt++;
}
@ -255,9 +263,9 @@ if($supply_count) {
// 추가옵션명
$arr_spl = array();
for($i=0; $i<$supply_count; $i++) {
$_POST['spl_id'][$i] = preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i]));
$post_spl_id = isset($_POST['spl_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', strip_tags($_POST['spl_id'][$i])) : '';
$spl_val = explode(chr(30), $_POST['spl_id'][$i]);
$spl_val = explode(chr(30), $post_spl_id);
if(!in_array($spl_val[0], $arr_spl))
$arr_spl[] = $spl_val[0];
}
@ -267,9 +275,10 @@ if($supply_count) {
// 상품요약정보
$value_array = array();
for($i=0; $i<count($_POST['ii_article']); $i++) {
$key = $_POST['ii_article'][$i];
$val = $_POST['ii_value'][$i];
$count_ii_article = (isset($_POST['ii_article']) && is_array($_POST['ii_article'])) ? count($_POST['ii_article']) : 0;
for($i=0; $i<$count_ii_article; $i++) {
$key = isset($_POST['ii_article'][$i]) ? $_POST['ii_article'][$i] : '';
$val = isset($_POST['ii_value'][$i]) ? $_POST['ii_value'][$i] : '';
$value_array[$key] = $val;
}
$it_info_value = addslashes(serialize($value_array));
@ -278,7 +287,7 @@ $it_info_value = addslashes(serialize($value_array));
if(($it_point_type == 1 || $it_point_type == 2) && $it_point > 99)
alert("포인트 비율을 0과 99 사이의 값으로 입력해 주십시오.");
$it_name = strip_tags(clean_xss_attributes(trim($_POST['it_name'])));
$it_name = isset($_POST['it_name']) ? strip_tags(clean_xss_attributes(trim($_POST['it_name']))) : '';
// KVE-2019-0708
$check_sanitize_keys = array(
@ -314,6 +323,7 @@ foreach( $check_sanitize_keys as $key ){
}
$it_basic = preg_replace('#<script(.*?)>(.*?)<\/script>#is', '', $it_basic);
$it_explan = isset($_POST['it_explan']) ? $_POST['it_explan'] : '';
if ($it_name == "")
alert("상품명을 입력해 주십시오.");
@ -337,7 +347,7 @@ $sql_common = " ca_id = '$ca_id',
it_type5 = '$it_type5',
it_basic = '$it_basic',
it_explan = '$it_explan',
it_explan2 = '".strip_tags(trim(clean_xss_attributes($_POST['it_explan'])))."',
it_explan2 = '".strip_tags(trim(clean_xss_attributes($it_explan)))."',
it_mobile_explan = '$it_mobile_explan',
it_cust_price = '$it_cust_price',
it_price = '$it_price',
@ -404,7 +414,7 @@ $sql_common = " ca_id = '$ca_id',
if ($w == "")
{
$it_id = $_POST['it_id'];
$it_id = isset($_POST['it_id']) ? $_POST['it_id'] : '';
if (!trim($it_id)) {
alert('상품 코드가 없으므로 상품을 추가하실 수 없습니다.');

25
adm/shop_admin/iteminfo.php
View File

@ -2,15 +2,19 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/iteminfo.lib.php');
if($it['it_id']) {
if(isset($it['it_id']) && $it['it_id']) {
//$it_id = $it['it_id'];
$gubun = $it['it_info_gubun'];
} else {
$it_id = trim($_POST['it_id']);
$gubun = $_POST['gubun'] ? $_POST['gubun'] : 'wear';
$sql = " select it_id, it_info_gubun, it_info_value from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
$it = sql_fetch($sql);
$it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
$gubun = isset($_POST['gubun']) ? clean_xss_tags($_POST['gubun'], 1, 1) : 'wear';
if ( $it_id ){
$sql = " select it_id, it_info_gubun, it_info_value from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
if( $items = sql_fetch($sql) ) {
$it = $items;
}
}
}
?>
@ -24,20 +28,23 @@ if($it['it_id']) {
</colgroup>
<tbody>
<?php
if($it['it_info_value'])
if(isset($it['it_info_value']) && $it['it_info_value'])
$info_value = unserialize($it['it_info_value']);
$article = $item_info[$gubun]['article'];
$article = isset($item_info[$gubun]['article']) ? $item_info[$gubun]['article'] : array();
if ($article) {
// $el_no : 분류적용, 전체적용을 한번만 넣기 위해, $el_length : 수직병합할 셀 값 - 지운아빠 2013-05-20
$el_no = 0;
$el_length = count($article);
$it_info_gubun = isset($it['it_info_gubun']) ? $it['it_info_gubun'] : '';
foreach($article as $key=>$value) {
$el_name = $key;
$el_title = $value[0];
$el_example = $value[1];
$el_value = '상품페이지 참고';
if($gubun == $it['it_info_gubun'] && $info_value[$key])
if($gubun == $it_info_gubun && isset($info_value[$key]))
$el_value = $info_value[$key];
?>

5
adm/shop_admin/itemlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400300';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '상품관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -296,5 +296,4 @@ function excelform(url)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

56
adm/shop_admin/itemlistupdate.php
View File

@ -6,36 +6,39 @@ check_demo();
check_admin_token();
if (!count($_POST['chk'])) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$post_act_button = isset($_POST['act_button']) ? $_POST['act_button'] : '';
if (! $count_post_chk) {
alert($post_act_button." 하실 항목을 하나 이상 체크하세요.");
}
if ($_POST['act_button'] == "선택수정") {
if ($post_act_button == "선택수정") {
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i< $count_post_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
if( ! $_POST['ca_id'][$k]) {
if( ! (isset($_POST['ca_id'][$k]) && $_POST['ca_id'][$k])) {
alert("기본분류는 반드시 선택해야 합니다.");
}
$p_ca_id = is_array($_POST['ca_id']) ? strip_tags($_POST['ca_id'][$k]) : '';
$p_ca_id2 = is_array($_POST['ca_id2']) ? strip_tags($_POST['ca_id2'][$k]) : '';
$p_ca_id3 = is_array($_POST['ca_id3']) ? strip_tags($_POST['ca_id3'][$k]) : '';
$p_it_name = is_array($_POST['it_name']) ? strip_tags(clean_xss_attributes($_POST['it_name'][$k])) : '';
$p_it_cust_price = is_array($_POST['it_cust_price']) ? strip_tags($_POST['it_cust_price'][$k]) : '';
$p_it_price = is_array($_POST['it_price']) ? strip_tags($_POST['it_price'][$k]) : '';
$p_it_stock_qty = is_array($_POST['it_stock_qty']) ? strip_tags($_POST['it_stock_qty'][$k]) : '';
$p_it_skin = is_array($_POST['it_skin']) ? strip_tags($_POST['it_skin'][$k]) : '';
$p_it_mobile_skin = is_array($_POST['it_mobile_skin']) ? strip_tags($_POST['it_mobile_skin'][$k]) : '';
$p_it_use = is_array($_POST['it_use']) ? strip_tags($_POST['it_use'][$k]) : '';
$p_it_soldout = is_array($_POST['it_soldout']) ? strip_tags($_POST['it_soldout'][$k]) : '';
$p_it_order = is_array($_POST['it_order']) ? strip_tags($_POST['it_order'][$k]) : '';
$p_it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
$p_ca_id = (isset($_POST['ca_id']) && is_array($_POST['ca_id'])) ? strip_tags($_POST['ca_id'][$k]) : '';
$p_ca_id2 = (isset($_POST['ca_id2']) && is_array($_POST['ca_id2'])) ? strip_tags($_POST['ca_id2'][$k]) : '';
$p_ca_id3 = (isset($_POST['ca_id3']) && is_array($_POST['ca_id3'])) ? strip_tags($_POST['ca_id3'][$k]) : '';
$p_it_name = (isset($_POST['it_name']) && is_array($_POST['it_name'])) ? strip_tags(clean_xss_attributes($_POST['it_name'][$k])) : '';
$p_it_cust_price = (isset($_POST['it_cust_price']) && is_array($_POST['it_cust_price'])) ? strip_tags($_POST['it_cust_price'][$k]) : '';
$p_it_price = (isset($_POST['it_price']) && is_array($_POST['it_price'])) ? strip_tags($_POST['it_price'][$k]) : '';
$p_it_stock_qty = (isset($_POST['it_stock_qty']) && is_array($_POST['it_stock_qty'])) ? strip_tags($_POST['it_stock_qty'][$k]) : '';
$p_it_skin = (isset($_POST['it_skin']) && is_array($_POST['it_skin'])) ? strip_tags($_POST['it_skin'][$k]) : '';
$p_it_mobile_skin = (isset($_POST['it_mobile_skin']) && is_array($_POST['it_mobile_skin'])) ? strip_tags($_POST['it_mobile_skin'][$k]) : '';
$p_it_use = (isset($_POST['it_use']) && is_array($_POST['it_use'])) ? strip_tags($_POST['it_use'][$k]) : '';
$p_it_soldout = (isset($_POST['it_soldout']) && is_array($_POST['it_soldout'])) ? strip_tags($_POST['it_soldout'][$k]) : '';
$p_it_order = (isset($_POST['it_order']) && is_array($_POST['it_order'])) ? strip_tags($_POST['it_order'][$k]) : '';
$p_it_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
if ($is_admin != 'super') { // 최고관리자가 아니면 체크
$sql = "select a.it_id, b.ca_mb_id from {$g5['g5_shop_item_table']} a , {$g5['g5_shop_category_table']} b where (a.ca_id = b.ca_id) and a.it_id = '$p_it_id'";
@ -66,25 +69,24 @@ if ($_POST['act_button'] == "선택수정") {
if( function_exists('shop_seo_title_update') ) shop_seo_title_update($p_it_id, true);
}
} else if ($_POST['act_button'] == "선택삭제") {
} else if ($post_act_button == "선택삭제") {
if ($is_admin != 'super')
alert('상품 삭제는 최고관리자만 가능합니다.');
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
// _ITEM_DELETE_ 상수를 선언해야 itemdelete.inc.php 가 정상 작동함
define('_ITEM_DELETE_', true);
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$count_post_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
// include 전에 $it_id 값을 반드시 넘겨야 함
$it_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]);
$it_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
include ('./itemdelete.inc.php');
}
}
goto_url("./itemlist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
?>
goto_url("./itemlist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");

43
adm/shop_admin/itemoption.php
View File

@ -3,24 +3,24 @@ include_once('./_common.php');
$po_run = false;
if($it['it_id']) {
if(isset($it['it_id']) && $it['it_id']) {
$opt_subject = explode(',', $it['it_option_subject']);
$opt1_subject = $opt_subject[0];
$opt2_subject = $opt_subject[1];
$opt3_subject = $opt_subject[2];
$opt1_subject = isset($opt_subject[0]) ? $opt_subject[0] : '';
$opt2_subject = isset($opt_subject[1]) ? $opt_subject[1] : '';
$opt3_subject = isset($opt_subject[2]) ? $opt_subject[2] : '';
$sql = " select * from {$g5['g5_shop_item_option_table']} where io_type = '0' and it_id = '{$it['it_id']}' order by io_no asc ";
$result = sql_query($sql);
if(sql_num_rows($result))
$po_run = true;
} else if(!empty($_POST)) {
$opt1_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject'])));
$opt2_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject'])));
$opt3_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject'])));
$opt1_subject = isset($_POST['opt1_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1_subject']))) : '';
$opt2_subject = isset($_POST['opt2_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2_subject']))) : '';
$opt3_subject = isset($_POST['opt3_subject']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3_subject']))) : '';
$opt1_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1'])));
$opt2_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2'])));
$opt3_val = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3'])));
$opt1_val = isset($_POST['opt1']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt1']))) : '';
$opt2_val = isset($_POST['opt2']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt2']))) : '';
$opt3_val = isset($_POST['opt3']) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['opt3']))) : '';
if(!$opt1_subject || !$opt1_val) {
echo '옵션1과 옵션1 항목을 입력해 주십시오.';
@ -68,13 +68,13 @@ if($po_run) {
</thead>
<tbody>
<?php
if($it['it_id']) {
if(isset($it['it_id']) && $it['it_id']) {
for($i=0; $row=sql_fetch_array($result); $i++) {
$opt_id = $row['io_id'];
$opt_val = explode(chr(30), $opt_id);
$opt_1 = $opt_val[0];
$opt_2 = $opt_val[1];
$opt_3 = $opt_val[2];
$opt_2 = isset($opt_val[1]) ? $opt_val[1] : '';
$opt_3 = isset($opt_val[2]) ? $opt_val[2] : '';
$opt_2_len = strlen($opt_2);
$opt_3_len = strlen($opt_3);
$opt_price = $row['io_price'];
@ -112,14 +112,18 @@ if($po_run) {
<?php
} // for
} else {
$w = isset($_POST['w']) ? $_POST['w'] : '';
$post_it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
for($i=0; $i<$opt1_count; $i++) {
$j = 0;
do {
$k = 0;
do {
$opt_1 = strip_tags(trim($opt1[$i]));
$opt_2 = strip_tags(trim($opt2[$j]));
$opt_3 = strip_tags(trim($opt3[$k]));
$opt_1 = isset($opt1[$i]) ? strip_tags(trim($opt1[$i])) : '';
$opt_2 = isset($opt2[$j]) ? strip_tags(trim($opt2[$j])) : '';
$opt_3 = isset($opt3[$k]) ? strip_tags(trim($opt3[$k])) : '';
$opt_2_len = strlen($opt_2);
$opt_3_len = strlen($opt_3);
@ -135,10 +139,10 @@ if($po_run) {
$opt_use = 1;
// 기존에 설정된 값이 있는지 체크
if($_POST['w'] == 'u') {
if($w === 'u') {
$sql = " select io_price, io_stock_qty, io_noti_qty, io_use
from {$g5['g5_shop_item_option_table']}
where it_id = '{$_POST['it_id']}'
where it_id = '{$post_it_id}'
and io_id = '$opt_id'
and io_type = '0' ";
$row = sql_fetch($sql);
@ -216,5 +220,4 @@ if($po_run) {
<button type="button" id="opt_value_apply" class="btn_frmline">일괄적용</button>
</fieldset>
<?php
}
?>
}

5
adm/shop_admin/itemqaform.php
View File

@ -3,7 +3,7 @@ $sub_menu = '400660';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$sql = " select *
from {$g5['g5_shop_item_qa_table']} a
@ -92,5 +92,4 @@ function fitemqaform_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

7
adm/shop_admin/itemqaformupdate.php
View File

@ -5,9 +5,9 @@ include_once('./_common.php');
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@ -84,5 +84,4 @@ if ($w == "u")
}
else {
alert();
}
?>
}

5
adm/shop_admin/itemqalist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400660';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '상품문의';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -204,5 +204,4 @@ $(function(){
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

15
adm/shop_admin/itemqalistupdate.php
View File

@ -6,23 +6,24 @@ check_demo();
check_admin_token();
if (!count($_POST['chk'])) {
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if (! $count_post_chk) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
}
if ($_POST['act_button'] == "선택삭제") {
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$count_post_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$iiq_id = (int) $_POST['iq_id'][$k];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$iiq_id = isset($_POST['iq_id'][$i]) ? (int) $_POST['iq_id'][$k] : 0;
$sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$iiq_id}' ";
sql_query($sql);
}
}
goto_url("./itemqalist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
?>
goto_url("./itemqalist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");

20
adm/shop_admin/itemsellrank.php
View File

@ -2,23 +2,20 @@
$sub_menu = '500100';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '상품판매순위';
include_once (G5_ADMIN_PATH.'/admin.head.php');
include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
if (!$to_date) $to_date = date("Ymd", time());
$fr_date = (isset($_GET['fr_date']) && preg_match("/[0-9]/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
$to_date = (isset($_GET['to_date']) && preg_match("/[0-9]/", $_GET['to_date'])) ? $_GET['to_date'] : date("Ymd", time());
if ($sort1 == "") $sort1 = "ct_status_sum";
if (!in_array($sort1, array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) $sort1 = "ct_status_sum";
if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('ct_status_1', 'ct_status_2', 'ct_status_3', 'ct_status_4', 'ct_status_5', 'ct_status_6', 'ct_status_7', 'ct_status_8', 'ct_status_9', 'ct_status_sum'))) ? $_GET['sort1'] : 'ct_status_sum';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
$sql = " select a.it_id,
b.*,
@ -179,5 +176,4 @@ $(function() {
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

20
adm/shop_admin/itemstocklist.php
View File

@ -2,14 +2,14 @@
$sub_menu = '400620';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$doc = strip_tags($doc);
$sort1 = in_array($sort1, array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms')) ? $sort1 : '';
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_ca_id = get_search_string($sel_ca_id);
$sel_field = get_search_string($sel_field);
$search = get_search_string($search);
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms'))) ? $_GET['sort1'] : '';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('it_id', 'it_name', 'it_stock_qty', 'it_use', 'it_soldout', 'it_stock_sms')) ) ? $_GET['sel_field'] : '';
$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
$g5['title'] = '상품재고관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -48,7 +48,8 @@ $sql = " select it_id,
it_stock_qty,
it_stock_sms,
it_noti_qty,
it_soldout
it_soldout,
ca_id
$sql_common
order by $sort1 $sort2
limit $from_record, $rows ";
@ -213,5 +214,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

34
adm/shop_admin/itemstocklistupdate.php
View File

@ -4,22 +4,36 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_ca_id = isset($_REQUEST['sel_ca_id']) ? clean_xss_tags($_REQUEST['sel_ca_id'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
// 재고 일괄수정
for ($i=0; $i<count($_POST['it_id']); $i++)
for ($i=0; $i<$count_post_it_id; $i++)
{
$it_stock_qty = isset($_POST['it_stock_qty'][$i]) ? (int) $_POST['it_stock_qty'][$i] : 0;
$it_noti_qty = isset($_POST['it_noti_qty'][$i]) ? (int) $_POST['it_noti_qty'][$i] : 0;
$it_use = isset($_POST['it_use'][$i]) ? (int) $_POST['it_use'][$i] : 0;
$it_soldout = isset($_POST['it_soldout'][$i]) ? (int) $_POST['it_soldout'][$i] : 0;
$it_stock_sms = isset($_POST['it_stock_sms'][$i]) ? (int) $_POST['it_stock_sms'][$i] : 0;
$it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
$sql = "update {$g5['g5_shop_item_table']}
set it_stock_qty = '".sql_real_escape_string($_POST['it_stock_qty'][$i])."',
it_noti_qty = '".sql_real_escape_string($_POST['it_noti_qty'][$i])."',
it_use = '".sql_real_escape_string($_POST['it_use'][$i])."',
it_soldout = '".sql_real_escape_string($_POST['it_soldout'][$i])."',
it_stock_sms = '".sql_real_escape_string($_POST['it_stock_sms'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
set it_stock_qty = '".$it_stock_qty."',
it_noti_qty = '".$it_noti_qty."',
it_use = '".$it_use."',
it_soldout = '".$it_soldout."',
it_stock_sms = '".$it_stock_sms."'
where it_id = '".$it_id."' ";
sql_query($sql);
}
goto_url("./itemstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
?>
goto_url("./itemstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");

19
adm/shop_admin/itemstocksms.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '재입고SMS 알림';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -24,15 +24,11 @@ if(!sql_query(" select ss_id from {$g5['g5_shop_item_stocksms_table']} limit 1",
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ", true);
}
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sel_field = strip_tags($sel_field);
$search = get_search_string($search);
$sel_field = in_array($sel_field, array('it_id', 'ss_hp', 'ss_send')) ? $sel_field : 'it_id';
if ($sort1 == "") $sort1 = "ss_send";
if (!in_array($sort1, array('it_id', 'ss_hp', 'ss_send', 'ss_send_time', 'ss_datetime'))) $sort1 = "ss_send";
if ($sort2 == "" || $sort2 != "desc") $sort2 = "asc";
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('it_id', 'ss_hp', 'ss_send', 'ss_send_time', 'ss_datetime'))) ? $_GET['sort1'] : 'ss_send';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'asc';
$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('it_id', 'ss_hp', 'ss_send')) ) ? $_GET['sel_field'] : 'it_id';
$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
$sql_search = " where 1 ";
if ($search != "") {
@ -185,5 +181,4 @@ function fitemstocksms_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

29
adm/shop_admin/itemstocksmsupdate.php
View File

@ -6,25 +6,27 @@ check_demo();
check_admin_token();
if (!count($_POST['chk'])) {
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if (! $count_post_chk) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
}
if ($_POST['act_button'] == "선택SMS전송") {
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$sms_messages = array();
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$count_post_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$ss_id = isset($_POST['ss_id'][$k]) ? (int) $_POST['ss_id'][$k] : 0;
$sql = " select a.ss_id, a.ss_hp, a.ss_send, b.it_id, b.it_name
from {$g5['g5_shop_item_stocksms_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )
where a.ss_id = '$sss_id' ";
where a.ss_id = '$ss_id' ";
$row = sql_fetch($sql);
if(!$row['ss_id'] || !$row['it_id'] || $row['ss_send'])
@ -44,7 +46,7 @@ if ($_POST['act_button'] == "선택SMS전송") {
$sql = " update {$g5['g5_shop_item_stocksms_table']}
set ss_send = '1',
ss_send_time = '".G5_TIME_YMDHIS."'
where ss_id = '{$sss_id}' ";
where ss_id = '{$ss_id}' ";
sql_query($sql);
}
@ -101,14 +103,14 @@ if ($_POST['act_button'] == "선택SMS전송") {
if ($is_admin != 'super')
alert('자료의 삭제는 최고관리자만 가능합니다.');
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$count_post_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$ss_id = isset($_POST['ss_id'][$k]) ? (int) $_POST['ss_id'][$k] : 0;
$sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$sss_id}' ";
$sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$ss_id}' ";
sql_query($sql);
}
}
@ -117,5 +119,4 @@ if ($_POST['act_button'] == "선택SMS전송") {
$qstr1 = 'sel_field='.$sel_field.'&amp;search='.$search;
$qstr = $qstr1.'&amp;sort1='.$sort1.'&amp;sort2='.$sort2.'&amp;page='.$page;
goto_url('./itemstocksms.php?'.$qstr);
?>
goto_url('./itemstocksms.php?'.$qstr);

22
adm/shop_admin/itemsupply.php
View File

@ -2,15 +2,16 @@
include_once('./_common.php');
$ps_run = false;
$post_it_id = isset($_POST['it_id']) ? safe_replace_regex($_POST['it_id'], 'it_id') : '';
if($it['it_id']) {
if(isset($it['it_id']) && $it['it_id']) {
$sql = " select * from {$g5['g5_shop_item_option_table']} where io_type = '1' and it_id = '{$it['it_id']}' order by io_no asc ";
$result = sql_query($sql);
if(sql_num_rows($result))
$ps_run = true;
} else if(!empty($_POST)) {
$subject_count = count($_POST['subject']);
$supply_count = count($_POST['supply']);
$subject_count = (isset($_POST['subject']) && is_array($_POST['subject'])) ? count($_POST['subject']) : 0;
$supply_count = (isset($_POST['supply']) && is_array($_POST['supply'])) ? count($_POST['supply']) : 0;
if(!$subject_count || !$supply_count) {
echo '추가옵션명과 추가옵션항목을 입력해 주십시오.';
@ -41,7 +42,7 @@ if($ps_run) {
</thead>
<tbody>
<?php
if($it['it_id']) {
if(isset($it['it_id']) && $it['it_id']) {
for($i=0; $row=sql_fetch_array($result); $i++) {
$spl_id = $row['io_id'];
$spl_val = explode(chr(30), $spl_id);
@ -84,12 +85,12 @@ if($ps_run) {
} // for
} else {
for($i=0; $i<$subject_count; $i++) {
$spl_subject = preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i])));
$spl_val = explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i]))));
$spl_subject = isset($_POST['subject'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['subject'][$i]))) : '';
$spl_val = isset($_POST['supply'][$i]) ? explode(',', preg_replace(G5_OPTION_ID_FILTER, '', trim(stripslashes($_POST['supply'][$i])))) : '';
$spl_count = count($spl_val);
for($j=0; $j<$spl_count; $j++) {
$spl = strip_tags(trim($spl_val[$j]));
$spl = isset($spl_val[$j]) ? strip_tags(trim($spl_val[$j])) : '';
if($spl_subject && strlen($spl)) {
$spl_id = $spl_subject.chr(30).$spl;
$spl_price = 0;
@ -98,10 +99,10 @@ if($ps_run) {
$spl_use = 1;
// 기존에 설정된 값이 있는지 체크
if($_POST['w'] == 'u') {
if(isset($_POST['w']) && $_POST['w'] === 'u') {
$sql = " select io_price, io_stock_qty, io_noti_qty, io_use
from {$g5['g5_shop_item_option_table']}
where it_id = '{$_POST['it_id']}'
where it_id = '{$post_it_id}'
and io_id = '$spl_id'
and io_type = '1' ";
$row = sql_fetch($sql);
@ -176,5 +177,4 @@ if($ps_run) {
<button type="button" id="spl_value_apply" class="btn_frmline">일괄적용</button>
</fieldset>
<?php
}
?>
}

11
adm/shop_admin/itemtypelist.php
View File

@ -2,9 +2,10 @@
$sub_menu = '400610';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$doc = strip_tags($doc);
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sfl = in_array($sfl, array('it_name', 'it_id')) ? $sfl : '';
$g5['title'] = '상품유형관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -66,7 +67,8 @@ $sql = " select it_id,
it_type2,
it_type3,
it_type4,
it_type5
it_type5,
ca_id
$sql_common
$sql_order
limit $from_record, $rows ";
@ -190,5 +192,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

30
adm/shop_admin/itemtypelistupdate.php
View File

@ -4,22 +4,30 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
for ($i=0; $i<count($_POST['it_id']); $i++)
$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
for ($i=0; $i<$count_post_it_id; $i++)
{
$it_type1 = isset($_POST['it_type1'][$i]) ? (int) $_POST['it_type1'][$i] : 0;
$it_type2 = isset($_POST['it_type2'][$i]) ? (int) $_POST['it_type2'][$i] : 0;
$it_type3 = isset($_POST['it_type3'][$i]) ? (int) $_POST['it_type3'][$i] : 0;
$it_type4 = isset($_POST['it_type4'][$i]) ? (int) $_POST['it_type4'][$i] : 0;
$it_type5 = isset($_POST['it_type5'][$i]) ? (int) $_POST['it_type5'][$i] : 0;
$it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
$sql = "update {$g5['g5_shop_item_table']}
set it_type1 = '".sql_real_escape_string($_POST['it_type1'][$i])."',
it_type2 = '".sql_real_escape_string($_POST['it_type2'][$i])."',
it_type3 = '".sql_real_escape_string($_POST['it_type3'][$i])."',
it_type4 = '".sql_real_escape_string($_POST['it_type4'][$i])."',
it_type5 = '".sql_real_escape_string($_POST['it_type5'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
set it_type1 = '".$it_type1."',
it_type2 = '".$it_type2."',
it_type3 = '".$it_type3."',
it_type4 = '".$it_type4."',
it_type5 = '".$it_type5."'
where it_id = '".$it_id."' ";
sql_query($sql);
}
//goto_url("./itemtypelist.php?sort1=$sort&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
goto_url("itemtypelist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
?>
goto_url("itemtypelist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");

7
adm/shop_admin/itemuseform.php
View File

@ -3,9 +3,9 @@ $sub_menu = '400650';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
$is_id = preg_replace('/[^0-9]/', '', $is_id);
$is_id = isset($_GET['is_id']) ? preg_replace('/[^0-9]/', '', $_GET['is_id']) : 0;
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$sql = " select *
from {$g5['g5_shop_item_use_table']} a
@ -117,5 +117,4 @@ function fitemuseform_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

32
adm/shop_admin/itemuseformupdate.php
View File

@ -5,31 +5,39 @@ include_once('./_common.php');
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$posts = array();
$check_keys = array('is_subject', 'is_content', 'is_confirm', 'is_reply_subject', 'is_reply_content', 'is_id');
foreach($check_keys as $key){
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
if ($w == "u")
{
$sql = "update {$g5['g5_shop_item_use_table']}
set is_subject = '$is_subject',
is_content = '$is_content',
is_confirm = '$is_confirm',
is_reply_subject = '$is_reply_subject',
is_reply_content = '$is_reply_content',
set is_subject = '".$posts['is_subject']."',
is_content = '".$posts['is_content']."',
is_confirm = '".$posts['is_confirm']."',
is_reply_subject = '".$posts['is_reply_subject']."',
is_reply_content = '".$posts['is_reply_content']."',
is_reply_name = '".$member['mb_nick']."'
where is_id = '$is_id' ";
where is_id = '".$posts['is_id']."'";
sql_query($sql);
update_use_cnt($_POST['it_id']);
update_use_avg($_POST['it_id']);
if( isset($_POST['it_id']) ) {
update_use_cnt($_POST['it_id']);
update_use_avg($_POST['it_id']);
}
goto_url("./itemuseform.php?w=$w&amp;is_id=$is_id&amp;sca=$sca&amp;$qstr");
}
else
{
alert();
}
?>
}

5
adm/shop_admin/itemuselist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400650';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '사용후기';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -213,5 +213,4 @@ $(function(){
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

19
adm/shop_admin/itemuselistupdate.php
View File

@ -6,21 +6,23 @@ check_demo();
check_admin_token();
if (!count($_POST['chk'])) {
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if (! $count_post_chk) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
}
if ($_POST['act_button'] == "선택수정") {
auth_check($auth[$sub_menu], 'w');
} else if ($_POST['act_button'] == "선택삭제") {
auth_check($auth[$sub_menu], 'd');
if ($_POST['act_button'] === "선택수정") {
auth_check_menu($auth, $sub_menu, 'w');
} else if ($_POST['act_button'] === "선택삭제") {
auth_check_menu($auth, $sub_menu, 'd');
} else {
alert("선택수정이나 선택삭제 작업이 아닙니다.");
}
for ($i=0; $i<count($_POST['chk']); $i++)
for ($i=0; $i<$count_post_chk; $i++)
{
$k = $_POST['chk'][$i]; // 실제 번호를 넘김
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0; // 실제 번호를 넘김
$iit_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
$iis_id = isset($_POST['is_id'][$k]) ? (int) $_POST['is_id'][$k] : 0;
$iis_score = isset($_POST['is_score'][$k]) ? (int) $_POST['is_score'][$k] : 0;
@ -46,5 +48,4 @@ for ($i=0; $i<count($_POST['chk']); $i++)
}
}
goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
?>
goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");

20
adm/shop_admin/optionstocklist.php
View File

@ -2,14 +2,14 @@
$sub_menu = '400500';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_ca_id = get_search_string($sel_ca_id);
$sel_field = get_search_string($sel_field);
$search = get_search_string($search);
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('b.it_name', 'a.io_stock_qty', 'a.io_use'))) ? $_GET['sort1'] : '';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'asc';
$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('b.it_name', 'a.it_id')) ) ? $_GET['sel_field'] : '';
$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
$g5['title'] = '상품옵션재고관리';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -50,7 +50,8 @@ $sql = " select a.it_id,
a.io_noti_qty,
a.io_use,
b.it_name,
b.it_option_subject
b.it_option_subject,
b.ca_id
$sql_common
order by $sort1 $sort2
limit $from_record, $rows ";
@ -227,5 +228,4 @@ $listall = '<a href="'.$_SERVER['SCRIPT_NAME'].'" class="ov_listall">전체목
<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

34
adm/shop_admin/optionstocklistupdate.php
View File

@ -4,22 +4,36 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$count_post_it_id = (isset($_POST['it_id']) && is_array($_POST['it_id'])) ? count($_POST['it_id']) : 0;
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
$sel_ca_id = isset($_REQUEST['sel_ca_id']) ? clean_xss_tags($_REQUEST['sel_ca_id'], 1, 1) : '';
// 재고 일괄수정
for ($i=0; $i<count($_POST['it_id']); $i++)
for ($i=0; $i<$count_post_it_id; $i++)
{
$it_stock_qty = isset($_POST['it_stock_qty'][$i]) ? (int) $_POST['it_stock_qty'][$i] : 0;
$it_noti_qty = isset($_POST['it_noti_qty'][$i]) ? (int) $_POST['it_noti_qty'][$i] : 0;
$it_use = isset($_POST['it_use'][$i]) ? (int) $_POST['it_use'][$i] : 0;
$it_id = isset($_POST['it_id'][$i]) ? safe_replace_regex($_POST['it_id'][$i], 'it_id') : '';
$io_id = isset($_POST['io_id'][$i]) ? preg_replace(G5_OPTION_ID_FILTER, '', $_POST['io_id'][$i]) : '';
$io_type = isset($_POST['io_type'][$i]) ? (int) $_POST['io_type'][$i] : 0;
$sql = "update {$g5['g5_shop_item_option_table']}
set io_stock_qty = '".sql_real_escape_string($_POST['io_stock_qty'][$i])."',
io_noti_qty = '".sql_real_escape_string($_POST['io_noti_qty'][$i])."',
io_use = '".sql_real_escape_string($_POST['io_use'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."'
and io_id = '".sql_real_escape_string($_POST['io_id'][$i])."'
and io_type = '".sql_real_escape_string($_POST['io_type'][$i])."' ";
set io_stock_qty = '".$it_stock_qty."',
io_noti_qty = '".$it_noti_qty."',
io_use = '".$it_use."'
where it_id = '".$it_id."'
and io_id = '".sql_real_escape_string($io_id)."'
and io_type = '".$io_type."' ";
sql_query($sql);
}
goto_url("./optionstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");
?>
goto_url("./optionstocklist.php?sort1=$sort1&amp;sort2=$sort2&amp;sel_ca_id=$sel_ca_id&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page");

5
adm/shop_admin/orderdelivery.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$g5['title'] = '엑셀 배송일괄처리';
include_once(G5_PATH.'/head.sub.php');
@ -51,5 +51,4 @@ include_once(G5_PATH.'/head.sub.php');
</div>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

12
adm/shop_admin/orderdeliveryexcel.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
// 주문정보
$sql = " select *
@ -15,7 +15,11 @@ $result = sql_query($sql);
if(!@sql_num_rows($result))
alert_close('배송처리할 주문 내역이 없습니다.');
function column_char($i) { return chr( 65 + $i ); }
if(! function_exists('column_char')) {
function column_char($i) {
return chr( 65 + $i );
}
}
if (phpversion() >= '5.2.0') {
include_once(G5_LIB_PATH.'/PHPExcel.php');
@ -24,6 +28,7 @@ if (phpversion() >= '5.2.0') {
$widths = array(18, 15, 15, 15, 15, 15, 15, 50, 20, 20);
$header_bgcolor = 'FFABCDEF';
$last_char = column_char(count($headers) - 1);
$rows = array();
for($i=1; $row=sql_fetch_array($result); $i++) {
$rows[] =
@ -96,5 +101,4 @@ if (phpversion() >= '5.2.0') {
$fh=fopen($fname, "rb");
fpassthru($fh);
unlink($fname);
}
?>
}

84
adm/shop_admin/orderdeliveryupdate.php
View File

@ -4,67 +4,23 @@ include_once('./_common.php');
include_once('./admin.shop.lib.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
define("_ORDERMAIL_", true);
$sms_count = 0;
$sms_messages = array();
if($_FILES['excelfile']['tmp_name']) {
if(isset($_FILES['excelfile']['tmp_name']) && $_FILES['excelfile']['tmp_name']) {
$file = $_FILES['excelfile']['tmp_name'];
include_once(G5_LIB_PATH.'/Excel/reader.php');
include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
$data = new Spreadsheet_Excel_Reader();
$objPHPExcel = PHPExcel_IOFactory::load($file);
$sheet = $objPHPExcel->getSheet(0);
// Set output Encoding.
$data->setOutputEncoding('UTF-8');
/***
* if you want you can change 'iconv' to mb_convert_encoding:
* $data->setUTFEncoder('mb');
*
**/
/***
* By default rows & cols indeces start with 1
* For change initial index use:
* $data->setRowColOffset(0);
*
**/
/***
* Some function for formatting output.
* $data->setDefaultFormat('%.2f');
* setDefaultFormat - set format for columns with unknown formatting
*
* $data->setColumnFormat(4, '%.3f');
* setColumnFormat - set format for column (apply only to number fields)
*
**/
$data->read($file);
/*
$data->sheets[0]['numRows'] - count rows
$data->sheets[0]['numCols'] - count columns
$data->sheets[0]['cells'][$i][$j] - data from $i-row $j-column
$data->sheets[0]['cellsInfo'][$i][$j] - extended info about cell
$data->sheets[0]['cellsInfo'][$i][$j]['type'] = "date" | "number" | "unknown"
if 'type' == "unknown" - use 'raw' value, because cell contain value with format '0.00';
$data->sheets[0]['cellsInfo'][$i][$j]['raw'] = value if cell without format
$data->sheets[0]['cellsInfo'][$i][$j]['colspan']
$data->sheets[0]['cellsInfo'][$i][$j]['rowspan']
*/
error_reporting(E_ALL ^ E_NOTICE);
$num_rows = $sheet->getHighestRow();
$highestColumn = $sheet->getHighestColumn();
$fail_od_id = array();
$total_count = 0;
@ -72,12 +28,17 @@ if($_FILES['excelfile']['tmp_name']) {
$succ_count = 0;
// $i 사용시 ordermail.inc.php의 $i 때문에 무한루프에 빠짐
for ($k = 2; $k <= $data->sheets[0]['numRows']; $k++) {
for ($k = 2; $k <= $num_rows; $k++) {
$total_count++;
$od_id = addslashes(trim($data->sheets[0]['cells'][$k][1]));
$od_delivery_company = addslashes($data->sheets[0]['cells'][$k][9]);
$od_invoice = addslashes($data->sheets[0]['cells'][$k][10]);
$rowData = $sheet->rangeToArray('A' . $k . ':' . $highestColumn . $k,
NULL,
TRUE,
FALSE);
$od_id = isset($rowData[0][0]) ? addslashes(trim($rowData[0][0])) : '';
$od_delivery_company = isset($rowData[0][8]) ? addslashes($rowData[0][8]) : '';
$od_invoice = isset($rowData[0][9]) ? addslashes($rowData[0][9]) : '';
if(!$od_id || !$od_delivery_company || !$od_invoice) {
$fail_count++;
@ -108,9 +69,13 @@ if($_FILES['excelfile']['tmp_name']) {
change_status($od_id, '준비', '배송');
$succ_count++;
$send_sms = isset($_POST['send_sms']) ? clean_xss_tags($_POST['send_sms'], 1, 1) : '';
$od_send_mail = isset($_POST['od_send_mail']) ? clean_xss_tags($_POST['od_send_mail'], 1, 1) : '';
$send_escrow = isset($_POST['send_escrow']) ? clean_xss_tags($_POST['send_escrow'], 1, 1) : '';
// SMS
if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use5']) {
if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use5']) {
$sms_contents = conv_sms_contents($od_id, $default['de_sms_cont5']);
if($sms_contents) {
$receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']); // 수신자번호
@ -122,11 +87,11 @@ if($_FILES['excelfile']['tmp_name']) {
}
// 메일
if($config['cf_email_use'] && $_POST['od_send_mail'])
if($config['cf_email_use'] && $od_send_mail)
include './ordermail.inc.php';
// 에스크로 배송
if($_POST['send_escrow'] && $od['od_tno'] && $od['od_escrow']) {
if($send_escrow && $od['od_tno'] && $od['od_escrow']) {
$escrow_tno = $od['od_tno'];
$escrow_numb = $od_invoice;
$escrow_corp = $od_delivery_company;
@ -216,5 +181,4 @@ include_once(G5_PATH.'/head.sub.php');
</div>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

29
adm/shop_admin/orderform.php
View File

@ -5,11 +5,27 @@ include_once('./_common.php');
$cart_title3 = '주문번호';
$cart_title4 = '배송완료';
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$g5['title'] = "주문 내역 수정";
include_once(G5_ADMIN_PATH.'/admin.head.php');
$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['fr_date']) : '';
$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :\-]/i', '', $_REQUEST['to_date']) : '';
$od_status = isset($_REQUEST['od_status']) ? clean_xss_tags($_REQUEST['od_status'], 1, 1) : '';
$od_settle_case = isset($_REQUEST['od_settle_case']) ? clean_xss_tags($_REQUEST['od_settle_case'], 1, 1) : '';
$od_misu = isset($_REQUEST['od_misu']) ? clean_xss_tags($_REQUEST['od_misu'], 1, 1) : '';
$od_cancel_price = isset($_REQUEST['od_cancel_price']) ? clean_xss_tags($_REQUEST['od_cancel_price'], 1, 1) : '';
$od_refund_price = isset($_REQUEST['od_refund_price']) ? clean_xss_tags($_REQUEST['od_refund_price'], 1, 1) : '';
$od_receipt_point = isset($_REQUEST['od_receipt_point']) ? clean_xss_tags($_REQUEST['od_receipt_point'], 1, 1) : '';
$od_coupon = isset($_REQUEST['od_coupon']) ? clean_xss_tags($_REQUEST['od_coupon'], 1, 1) : '';
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
$od_escrow = isset($_REQUEST['od_escrow']) ? clean_xss_tags($_REQUEST['od_escrow'], 1, 1) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
// 완료된 주문에 포인트를 적립한다.
save_order_point("완료");
@ -281,7 +297,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
<?php if($od['od_pg'] === 'inicis' && !$od['od_test']) {
$sql = "select P_TID from {$g5['g5_shop_inicis_log_table']} where oid = '$od_id' and P_STATUS = 'cancel' ";
$tmp_row = sql_fetch($sql);
if($tmp_row['P_TID']){
if(isset($tmp_row['P_TID']) && $tmp_row['P_TID']){
?>
<div class="od_test_caution">주의) 이 주문은 결제취소된 내역이 있습니다. 이니시스 관리자 상점에서 반드시 재확인을 해 주세요.</div>
<?php
@ -645,7 +661,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
{
// 은행계좌를 배열로 만든후
$str = explode("\n", $default['de_bank_account']);
$bank_account .= '<select name="od_bank_account" id="od_bank_account">'.PHP_EOL;
$bank_account = '<select name="od_bank_account" id="od_bank_account">'.PHP_EOL;
$bank_account .= '<option value="">선택하십시오</option>'.PHP_EOL;
for ($i=0; $i<count($str); $i++) {
$str[$i] = str_replace("\r", "", $str[$i]);
@ -1062,8 +1078,8 @@ function form_submit(f)
<?php if($od['od_settle_case'] == '신용카드' || $od['od_settle_case'] == 'KAKAOPAY' || $od['od_settle_case'] == '간편결제' || ($od['od_pg'] == 'inicis' && is_inicis_order_pay($od['od_settle_case']) )) { ?>
if(status == "취소" || status == "반품" || status == "품절") {
var $ct_chk = $("input[name^=ct_chk]");
var chk_cnt = $ct_chk.size();
var chked_cnt = $ct_chk.filter(":checked").size();
var chk_cnt = $ct_chk.length;
var chked_cnt = $ct_chk.filter(":checked").length;
<?php if($od['od_pg'] == 'KAKAOPAY') { ?>
var cancel_pg = "카카오페이";
<?php } else { ?>
@ -1124,5 +1140,4 @@ function chk_receipt_price()
</script>
<?php
include_once(G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once(G5_ADMIN_PATH.'/admin.tail.php');

25
adm/shop_admin/orderformcartupdate.php
View File

@ -2,11 +2,11 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$ct_chk_count = count($_POST['ct_chk']);
$ct_chk_count = isset($_POST['ct_chk']) ? count($_POST['ct_chk']) : 0;
if(!$ct_chk_count)
alert('처리할 자료를 하나 이상 선택해 주십시오.');
@ -19,14 +19,19 @@ if (in_array($_POST['ct_status'], $status_normal) || in_array($_POST['ct_status'
alert('변경할 상태가 올바르지 않습니다.');
}
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
$mod_history = '';
$cnt = count($_POST['ct_id']);
$cnt = (isset($_POST['ct_id']) && is_array($_POST['ct_id'])) ? count($_POST['ct_id']) : 0;
$arr_it_id = array();
for ($i=0; $i<$cnt; $i++)
{
$k = $_POST['ct_chk'][$i];
$ct_id = $_POST['ct_id'][$k];
$k = isset($_POST['ct_chk'][$i]) ? (int) $_POST['ct_chk'][$i] : 0;
$ct_id = isset($_POST['ct_id'][$k]) ? (int) $_POST['ct_id'][$k] : 0;
if(!$ct_id)
continue;
@ -37,7 +42,7 @@ for ($i=0; $i<$cnt; $i++)
continue;
// 수량이 변경됐다면
$ct_qty = $_POST['ct_qty'][$k];
$ct_qty = isset($_POST['ct_qty'][$k]) ? (int) $_POST['ct_qty'][$k] : 0;
if($ct['ct_qty'] != $ct_qty) {
$diff_qty = $ct['ct_qty'] - $ct_qty;
@ -273,7 +278,8 @@ if (in_array($_POST['ct_status'], $status_cancel)) {
$c_PayPlus = new C_PP_CLI_T;
$c_PayPlus->mf_clear();
$ordr_idxx = $od['od_id'];
$tno = $od['od_tno'];
$tran_cd = '00200000';
$cancel_msg = iconv_euckr('쇼핑몰 운영자 승인 취소');
@ -344,7 +350,7 @@ if ($mod_history) { // 주문변경 히스토리 기록
if($cancel_change) {
$sql .= " , od_status = '취소' "; // 주문상품 모두 취소, 반품, 품절이면 주문 취소
} else {
if (in_array($_POST['ct_status'], $status_normal)) { // 정상인 주문상태만 기록
if (isset($_POST['ct_status']) && in_array($_POST['ct_status'], $status_normal)) { // 정상인 주문상태만 기록
$sql .= " , od_status = '{$_POST['ct_status']}' ";
}
}
@ -366,5 +372,4 @@ if($pg_cancel == 1 && $pg_res_cd && $pg_res_msg) {
alert("포인트로 결제한 주문은,\\n\\n주문상태 변경으로 인해 포인트의 가감이 발생하는 경우\\n\\n회원관리 > 포인트관리에서 수작업으로 포인트를 맞추어 주셔야 합니다.", $url);
else
goto_url($url);
}
?>
}

79
adm/shop_admin/orderformreceiptupdate.php
View File

@ -4,33 +4,65 @@ include_once('./_common.php');
include_once('./admin.shop.lib.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
$check_keys = array(
'od_deposit_name',
'od_bank_account',
'od_receipt_time',
'od_receipt_price',
'od_receipt_point',
'od_refund_price',
'od_delivery_company',
'od_invoice',
'od_invoice_time',
'od_send_cost',
'od_send_cost2',
'od_tno',
'od_escrow',
'od_send_mail'
);
$posts = array();
foreach($check_keys as $key){
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
$od_send_mail = $posts['od_send_mail'];
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql);
if(!$od['od_id'])
if(! (isset($od['od_id']) && $od['od_id']))
alert('주문자료가 존재하지 않습니다.');
if ($od_receipt_time) {
if (check_datetime($od_receipt_time) == false)
if ($posts['od_receipt_time']) {
if (check_datetime($posts['od_receipt_time']) == false)
alert('결제일시 오류입니다.');
}
// 결제정보 반영
$sql = " update {$g5['g5_shop_order_table']}
set od_deposit_name = '{$_POST['od_deposit_name']}',
od_bank_account = '{$_POST['od_bank_account']}',
od_receipt_time = '{$_POST['od_receipt_time']}',
od_receipt_price = '{$_POST['od_receipt_price']}',
od_receipt_point = '{$_POST['od_receipt_point']}',
od_refund_price = '{$_POST['od_refund_price']}',
od_delivery_company= '{$_POST['od_delivery_company']}',
od_invoice = '{$_POST['od_invoice']}',
od_invoice_time = '{$_POST['od_invoice_time']}',
od_send_cost = '{$_POST['od_send_cost']}',
od_send_cost2 = '{$_POST['od_send_cost2']}'
set od_deposit_name = '{$posts['od_deposit_name']}',
od_bank_account = '{$posts['od_bank_account']}',
od_receipt_time = '{$posts['od_receipt_time']}',
od_receipt_price = '{$posts['od_receipt_price']}',
od_receipt_point = '{$posts['od_receipt_point']}',
od_refund_price = '{$posts['od_refund_price']}',
od_delivery_company= '{$posts['od_delivery_company']}',
od_invoice = '{$posts['od_invoice']}',
od_invoice_time = '{$posts['od_invoice_time']}',
od_send_cost = '{$posts['od_send_cost']}',
od_send_cost2 = '{$posts['od_send_cost2']}'
where od_id = '$od_id' ";
sql_query($sql);
@ -51,16 +83,16 @@ if($info['od_misu'] == 0 && $od['od_status'] == '주문')
// 배송정보가 있으면 주문상태 배송으로 변경
$order_status = array('입금', '준비');
if($_POST['od_delivery_company'] && $_POST['od_invoice'] && in_array($od['od_status'], $order_status))
if($posts['od_delivery_company'] && $posts['od_invoice'] && in_array($od['od_status'], $order_status))
{
$od_status = '배송';
$cart_status = true;
}
// 미수금액
$od_misu = ( $od['od_cart_price'] - $od['od_cancel_price'] + $_POST['od_send_cost'] + $_POST['od_send_cost2'] )
$od_misu = ( $od['od_cart_price'] - $od['od_cancel_price'] + (int) $posts['od_send_cost'] + (int) $posts['od_send_cost2'] )
- ( $od['od_cart_coupon'] + $od['od_coupon'] + $od['od_send_coupon'] )
- ( $_POST['od_receipt_price'] + $_POST['od_receipt_point'] - $_POST['od_refund_price'] );
- ( (int) $posts['od_receipt_price'] + (int) $posts['od_receipt_point'] - (int) $posts['od_refund_price'] );
// 미수금 정보 등 반영
$sql = " update {$g5['g5_shop_order_table']}
@ -131,11 +163,11 @@ include "./ordersms.inc.php";
// 에스크로 배송처리
if($_POST['od_tno'] && $_POST['od_escrow'] == 1)
if($posts['od_tno'] && $posts['od_escrow'] == 1)
{
$escrow_tno = $_POST['od_tno'];
$escrow_corp = $_POST['od_delivery_company'];
$escrow_numb = $_POST['od_invoice'];
$escrow_tno = $posts['od_tno'];
$escrow_corp = $posts['od_delivery_company'];
$escrow_numb = $posts['od_invoice'];
include(G5_SHOP_PATH.'/'.$od['od_pg'].'/escrow.register.php');
}
@ -143,5 +175,4 @@ if($_POST['od_tno'] && $_POST['od_escrow'] == 1)
$qstr = "sort1=$sort1&amp;sort2=$sort2&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page";
goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
?>
goto_url("./orderform.php?od_id=$od_id&amp;$qstr");

38
adm/shop_admin/orderformupdate.php
View File

@ -4,14 +4,35 @@ include_once('./_common.php');
check_admin_token();
$od_shop_memo = strip_tags($od_shop_memo);
$od_shop_memo = isset($_POST['od_shop_memo']) ? strip_tags($_POST['od_shop_memo']) : '';
$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
if($_POST['mod_type'] == 'info') {
$od_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3));
$od_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3));
$od_b_zip1 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3));
$od_b_zip2 = preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3));
$od_email = strip_tags(clean_xss_attributes($od_email));
$search = isset($_REQUEST['search']) ? get_search_string($_REQUEST['search']) : '';
$sort1 = isset($_REQUEST['sort1']) ? clean_xss_tags($_REQUEST['sort1'], 1, 1) : '';
$sort2 = isset($_REQUEST['sort2']) ? clean_xss_tags($_REQUEST['sort2'], 1, 1) : '';
$sel_field = isset($_REQUEST['sel_field']) ? clean_xss_tags($_REQUEST['sel_field'], 1, 1) : '';
if(isset($_POST['mod_type']) && $_POST['mod_type'] === 'info') {
$od_zip1 = isset($_POST['od_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 0, 3)) : '';
$od_zip2 = isset($_POST['od_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_zip'], 3)) : '';
$od_b_zip1 = isset($_POST['od_b_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 0, 3)) : '';
$od_b_zip2 = isset($_POST['od_b_zip']) ? preg_replace('/[^0-9]/', '', substr($_POST['od_b_zip'], 3)) : '';
$od_email = isset($_POST['od_email']) ? strip_tags(clean_xss_attributes($_POST['od_email'])) : '';
$od_name = isset($_POST['od_name']) ? clean_xss_tags($_POST['od_name'], 1, 1) : '';
$od_tel = isset($_POST['od_tel']) ? clean_xss_tags($_POST['od_tel'], 1, 1) : '';
$od_hp = isset($_POST['od_hp']) ? clean_xss_tags($_POST['od_hp'], 1, 1) : '';
$od_addr1 = isset($_POST['od_addr1']) ? clean_xss_tags($_POST['od_addr1'], 1, 1) : '';
$od_addr2 = isset($_POST['od_addr2']) ? clean_xss_tags($_POST['od_addr2'], 1, 1) : '';
$od_addr3 = isset($_POST['od_addr3']) ? clean_xss_tags($_POST['od_addr3'], 1, 1) : '';
$od_addr_jibeon = isset($_POST['od_addr_jibeon']) ? clean_xss_tags($_POST['od_addr_jibeon'], 1, 1) : '';
$od_b_name = isset($_POST['od_b_name']) ? clean_xss_tags($_POST['od_b_name'], 1, 1) : '';
$od_b_tel = isset($_POST['od_b_tel']) ? clean_xss_tags($_POST['od_b_tel'], 1, 1) : '';
$od_b_hp = isset($_POST['od_b_hp']) ? clean_xss_tags($_POST['od_b_hp'], 1, 1) : '';
$od_b_addr1 = isset($_POST['od_b_addr1']) ? clean_xss_tags($_POST['od_b_addr1'], 1, 1) : '';
$od_b_addr2 = isset($_POST['od_b_addr2']) ? clean_xss_tags($_POST['od_b_addr2'], 1, 1) : '';
$od_b_addr3 = isset($_POST['od_b_addr3']) ? clean_xss_tags($_POST['od_b_addr3'], 1, 1) : '';
$od_b_addr_jibeon = isset($_POST['od_b_addr_jibeon']) ? clean_xss_tags($_POST['od_b_addr_jibeon'], 1, 1) : '';
$od_hope_date = isset($_POST['od_hope_date']) ? clean_xss_tags($_POST['od_hope_date'], 1, 1) : '';
$sql = " update {$g5['g5_shop_order_table']}
set od_name = '$od_name',
@ -45,5 +66,4 @@ sql_query($sql);
$qstr = "sort1=$sort1&amp;sort2=$sort2&amp;sel_field=$sel_field&amp;search=$search&amp;page=$page";
goto_url("./orderform.php?od_id=$od_id&amp;$qstr");
?>
goto_url("./orderform.php?od_id=$od_id&amp;$qstr");

40
adm/shop_admin/orderlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '주문내역';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -10,24 +10,25 @@ include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
$where = array();
$doc = strip_tags($doc);
$sort1 = in_array($sort1, array('od_id', 'od_cart_price', 'od_receipt_price', 'od_cancel_price', 'od_misu', 'od_cash')) ? $sort1 : '';
$sort2 = in_array($sort2, array('desc', 'asc')) ? $sort2 : 'desc';
$sel_field = get_search_string($sel_field);
if( !in_array($sel_field, array('od_id', 'mb_id', 'od_name', 'od_tel', 'od_hp', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_deposit_name', 'od_invoice')) ){ //검색할 필드 대상이 아니면 값을 제거
$sel_field = '';
}
$od_status = get_search_string($od_status);
$search = get_search_string($search);
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = '';
if(! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = '';
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('od_id', 'od_cart_price', 'od_receipt_price', 'od_cancel_price', 'od_misu', 'od_cash'))) ? $_GET['sort1'] : '';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
$sel_field = (isset($_GET['sel_field']) && in_array($_GET['sel_field'], array('od_id', 'mb_id', 'od_name', 'od_tel', 'od_hp', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_deposit_name', 'od_invoice')) ) ? $_GET['sel_field'] : '';
$od_status = isset($_GET['od_status']) ? get_search_string($_GET['od_status']) : '';
$search = isset($_GET['search']) ? get_search_string($_GET['search']) : '';
$od_misu = preg_replace('/[^0-9a-z]/i', '', $od_misu);
$od_cancel_price = preg_replace('/[^0-9a-z]/i', '', $od_cancel_price);
$od_refund_price = preg_replace('/[^0-9a-z]/i', '', $od_refund_price);
$od_receipt_point = preg_replace('/[^0-9a-z]/i', '', $od_receipt_point);
$od_coupon = preg_replace('/[^0-9a-z]/i', '', $od_coupon);
$fr_date = (isset($_GET['fr_date']) && preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
$to_date = (isset($_GET['to_date']) && preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $_GET['to_date'])) ? $_GET['to_date'] : '';
$od_misu = isset($_GET['od_misu']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_misu']) : '';
$od_cancel_price = isset($_GET['od_cancel_price']) ? preg_replace('/[^0-9a-z]/', '', $_GET['od_cancel_price']) : '';
$od_refund_price = isset($_GET['od_refund_price']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_refund_price']) : '';
$od_receipt_point = isset($_GET['od_receipt_point']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_receipt_point']) : '';
$od_coupon = isset($_GET['od_coupon']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['od_coupon']) : '';
$od_settle_case = isset($_GET['od_settle_case']) ? clean_xss_tags($_GET['od_settle_case'], 1, 1) : '';
$od_escrow = isset($_GET['od_escrow']) ? clean_xss_tags($_GET['od_escrow'], 1, 1) : '';
$tot_itemcount = $tot_orderprice = $tot_receiptprice = $tot_ordercancel = $tot_misu = $tot_couponprice = 0;
$sql_search = "";
if ($search != "") {
if ($sel_field != "") {
@ -506,7 +507,7 @@ $(function(){
var $this = $(this);
var od_id = $this.text().replace(/[^0-9]/g, "");
if($this.next("#orderitemlist").size())
if($this.next("#orderitemlist").length)
return false;
$("#orderitemlist").remove();
@ -679,5 +680,4 @@ function forderlist_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

23
adm/shop_admin/orderlistdelete.php
View File

@ -6,11 +6,25 @@ include_once('./_common.php');
check_admin_token();
for ($i=0; $i<count($_POST['chk']); $i++)
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$sort1 = isset($_POST['sort1']) ? clean_xss_tags($_POST['sort1'], 1, 1) : '';
$sort2 = isset($_POST['sort2']) ? clean_xss_tags($_POST['sort2'], 1, 1) : '';
$sel_field = isset($_POST['sel_field']) ? clean_xss_tags($_POST['sel_field'], 1, 1) : '';
$od_status = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
$od_settle_case = isset($_POST['od_settle_case']) ? clean_xss_tags($_POST['od_settle_case'], 1, 1) : '';
$od_misu = isset($_POST['od_misu']) ? clean_xss_tags($_POST['od_misu'], 1, 1) : '';
$od_cancel_price = isset($_POST['od_cancel_price']) ? clean_xss_tags($_POST['od_cancel_price'], 1, 1) : '';
$od_receipt_price = isset($_POST['od_receipt_price']) ? clean_xss_tags($_POST['od_receipt_price'], 1, 1) : '';
$od_receipt_point = isset($_POST['od_receipt_point']) ? clean_xss_tags($_POST['od_receipt_point'], 1, 1) : '';
$od_receipt_coupon = isset($_POST['od_receipt_coupon']) ? clean_xss_tags($_POST['od_receipt_coupon'], 1, 1) : '';
$search = isset($_POST['search']) ? get_search_string($_POST['search']) : '';
for ($i=0; $i<$count_post_chk; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$od_id = $_POST['od_id'][$k];
$k = isset($_POST['chk'][$i]) ? $_POST['chk'][$i] : 0;
$od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
$od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
if (!$od) continue;
@ -40,5 +54,4 @@ $qstr .= "&amp;od_receipt_price=$od_receipt_price";
$qstr .= "&amp;od_receipt_point=$od_receipt_point";
$qstr .= "&amp;od_receipt_coupon=$od_receipt_coupon";
goto_url("./orderlist.php?$qstr");
?>
goto_url("./orderlist.php?$qstr");

54
adm/shop_admin/orderlistupdate.php
View File

@ -13,15 +13,32 @@ define("_ORDERMAIL_", true);
$sms_count = 0;
$sms_messages = array();
for ($i=0; $i<count($_POST['chk']); $i++)
$count_post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$send_sms = isset($_POST['send_sms']) ? clean_xss_tags($_POST['send_sms'], 1, 1) : '';
$od_send_mail = isset($_POST['od_send_mail']) ? clean_xss_tags($_POST['od_send_mail'], 1, 1) : '';
$send_escrow = isset($_POST['send_escrow']) ? clean_xss_tags($_POST['send_escrow'], 1, 1) : '';
$sort1 = isset($_POST['sort1']) ? clean_xss_tags($_POST['sort1'], 1, 1) : '';
$sort2 = isset($_POST['sort2']) ? clean_xss_tags($_POST['sort2'], 1, 1) : '';
$sel_field = isset($_POST['sel_field']) ? clean_xss_tags($_POST['sel_field'], 1, 1) : '';
$od_status = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
$od_settle_case = isset($_POST['od_settle_case']) ? clean_xss_tags($_POST['od_settle_case'], 1, 1) : '';
$od_misu = isset($_POST['od_misu']) ? clean_xss_tags($_POST['od_misu'], 1, 1) : '';
$od_cancel_price = isset($_POST['od_cancel_price']) ? clean_xss_tags($_POST['od_cancel_price'], 1, 1) : '';
$od_receipt_price = isset($_POST['od_receipt_price']) ? clean_xss_tags($_POST['od_receipt_price'], 1, 1) : '';
$od_receipt_point = isset($_POST['od_receipt_point']) ? clean_xss_tags($_POST['od_receipt_point'], 1, 1) : '';
$od_receipt_coupon = isset($_POST['od_receipt_coupon']) ? clean_xss_tags($_POST['od_receipt_coupon'], 1, 1) : '';
$search = isset($_POST['search']) ? get_search_string($_POST['search']) : '';
for ($i=0; $i<$count_post_chk; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$od_id = $_POST['od_id'][$k];
$k = isset($_POST['chk'][$i]) ? $_POST['chk'][$i] : 0;
$od_id = isset($_POST['od_id'][$k]) ? safe_replace_regex($_POST['od_id'][$k], 'od_id') : '';
$invoice = $_POST['od_invoice'][$k];
$invoice_time = $_POST['od_invoice_time'][$k];
$delivery_company = $_POST['od_delivery_company'][$k];
$invoice = isset($_POST['od_invoice'][$k]) ? clean_xss_tags($_POST['od_invoice'][$k], 1, 1) : '';
$invoice_time = isset($_POST['od_invoice_time'][$k]) ? safe_replace_regex($_POST['od_invoice_time'][$k], 'time') : '';
$delivery_company = isset($_POST['od_delivery_company'][$k]) ? clean_xss_tags($_POST['od_delivery_company'][$k], 1, 1) : '';
$od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
if (!$od) continue;
@ -30,18 +47,18 @@ for ($i=0; $i<count($_POST['chk']); $i++)
//echo $od_id . "<br>";
$current_status = $od['od_status'];
$change_status = $_POST['od_status'];
$change_status = isset($_POST['od_status']) ? clean_xss_tags($_POST['od_status'], 1, 1) : '';
switch ($current_status)
{
case '주문' :
if ($change_status != '입금') continue;
if ($od['od_settle_case'] != '무통장') continue;
if ($change_status != '입금') continue 2;
if ($od['od_settle_case'] != '무통장') continue 2;
change_status($od_id, '주문', '입금');
order_update_receipt($od_id);
// SMS
if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use4']) {
if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use4']) {
$sms_contents = conv_sms_contents($od_id, $default['de_sms_cont4']);
if($sms_contents) {
$receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']); // 수신자번호
@ -53,18 +70,18 @@ for ($i=0; $i<count($_POST['chk']); $i++)
}
// 메일
if($config['cf_email_use'] && $_POST['od_send_mail'])
if($config['cf_email_use'] && $od_send_mail)
include './ordermail.inc.php';
break;
case '입금' :
if ($change_status != '준비') continue;
if ($change_status != '준비') continue 2;
change_status($od_id, '입금', '준비');
break;
case '준비' :
if ($change_status != '배송') continue;
if ($change_status != '배송') continue 2;
$delivery['invoice'] = $invoice;
$delivery['invoice_time'] = $invoice_time;
@ -74,7 +91,7 @@ for ($i=0; $i<count($_POST['chk']); $i++)
change_status($od_id, '준비', '배송');
// SMS
if($config['cf_sms_use'] == 'icode' && $_POST['send_sms'] && $default['de_sms_use5']) {
if($config['cf_sms_use'] == 'icode' && $send_sms && $default['de_sms_use5']) {
$sms_contents = conv_sms_contents($od_id, $default['de_sms_cont5']);
if($sms_contents) {
$receive_number = preg_replace("/[^0-9]/", "", $od['od_hp']); // 수신자번호
@ -86,11 +103,11 @@ for ($i=0; $i<count($_POST['chk']); $i++)
}
// 메일
if($config['cf_email_use'] && $_POST['od_send_mail'])
if($config['cf_email_use'] && $od_send_mail)
include './ordermail.inc.php';
// 에스크로 배송
if($_POST['send_escrow'] && $od['od_tno'] && $od['od_escrow']) {
if($send_escrow && $od['od_tno'] && $od['od_escrow']) {
$escrow_tno = $od['od_tno'];
$escrow_numb = $invoice;
$escrow_corp = $delivery_company;
@ -101,7 +118,7 @@ for ($i=0; $i<count($_POST['chk']); $i++)
break;
case '배송' :
if ($change_status != '완료') continue;
if ($change_status != '완료') continue 2;
change_status($od_id, '배송', '완료');
// 완료인 경우에만 상품구입 합계수량을 상품테이블에 저장한다.
@ -203,5 +220,4 @@ $qstr .= "&amp;od_receipt_coupon=$od_receipt_coupon";
//exit;
goto_url("./orderlist.php?$qstr");
?>
goto_url("./orderlist.php?$qstr");

15
adm/shop_admin/ordermail.inc.php
View File

@ -9,13 +9,13 @@ if ($od_send_mail)
{
$od = sql_fetch(" select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ");
$addmemo = nl2br(stripslashes($addmemo));
$addmemo = isset($addmemo) ? nl2br(stripslashes($addmemo)) : '';
unset($cart_list);
unset($card_list);
unset($bank_list);
unset($point_list);
unset($delivery_list);
$cart_list = array();
$card_list = array();
$bank_list = array();
$point_list = array();
$delivery_list = array();
$sql = " select *
from {$g5['g5_shop_cart_table']}
@ -105,5 +105,4 @@ if ($od_send_mail)
mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $email, $title, $content, 1);
}
}
?>
}

9
adm/shop_admin/orderpartcancel.php
View File

@ -2,12 +2,14 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql);
if(!$od['od_id'])
if(! (isset($od['od_id']) && $od['od_id']))
alert_close('주문정보가 존해하지 않습니다.');
if($od['od_pg'] == 'inicis' && $od['od_settle_case'] == '계좌이체')
@ -102,5 +104,4 @@ function form_check(f)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

11
adm/shop_admin/orderpartcancelupdate.php
View File

@ -2,10 +2,10 @@
$sub_menu = '400400';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$tax_mny = preg_replace('/[^0-9]/', '', $_POST['mod_tax_mny']);
$free_mny = preg_replace('/[^0-9]/', '', $_POST['mod_free_mny']);
$tax_mny = isset($_POST['mod_tax_mny']) ? preg_replace('/[^0-9]/', '', $_POST['mod_tax_mny']) : 0;
$free_mny = isset($_POST['mod_free_mny']) ? preg_replace('/[^0-9]/', '', $_POST['mod_free_mny']) : 0;
if(!$tax_mny && !$free_mny)
alert('과세 취소금액 또는 비과세 취소금액을 입력해 주십시오.');
@ -17,7 +17,7 @@ if(!trim($mod_memo))
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql);
if(!$od['od_id'])
if(! (isset($od['od_id']) && $od['od_id']))
alert_close('주문정보가 존재하지 않습니다.');
if($od['od_settle_case'] == '계좌이체' && substr($od['od_receipt_time'], 0, 10) >= G5_TIME_YMD)
@ -48,5 +48,4 @@ self.close();
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
adm/shop_admin/orderprint.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500120';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '주문내역출력';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -106,5 +106,4 @@ function forderprintcheck(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

244
adm/shop_admin/orderprintresult.php
View File

@ -2,10 +2,17 @@
$sub_menu = '500120';
include_once('./_common.php');
$fr_date = preg_replace('/[^0-9_\-]/', '', $fr_date);
$to_date = preg_replace('/[^0-9_\-]/', '', $to_date);
$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_date']) : '';
$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_date']) : '';
$fr_od_id = isset($_REQUEST['fr_od_id']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['fr_od_id']) : '';
$to_od_id = isset($_REQUEST['to_od_id']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['to_od_id']) : '';
auth_check($auth[$sub_menu], "r");
$csv = isset($_REQUEST['csv']) ? clean_xss_tags($_REQUEST['csv'], 1, 1) : '';
$tot_tot_qty = 0;
$tot_tot_price = 0;
auth_check_menu($auth, $sub_menu, "r");
//print_r2($_GET); exit;
@ -134,6 +141,12 @@ if ($csv == 'csv')
exit;
}
if(! function_exists('column_char')) {
function column_char($i) {
return chr( 65 + $i );
}
}
// MS엑셀 XLS 데이터로 다운로드 받음
if ($csv == 'xls')
{
@ -155,94 +168,176 @@ if ($csv == 'xls')
if (!$cnt)
alert("출력할 내역이 없습니다.");
/*================================================================================
php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
=================================================================================*/
if (phpversion() >= '5.2.0') {
include_once(G5_LIB_PATH.'/PHPExcel.php');
include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
$headers = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
$widths = array(10, 30, 10, 15, 15, 15, 10, 10, 20, 15, 20, 20, 50);
$header_bgcolor = 'FFABCDEF';
$last_char = column_char(count($headers) - 1);
$fname = tempnam(G5_DATA_PATH, "tmp-orderlist.xls");
$workbook = new writeexcel_workbook($fname);
$worksheet = $workbook->addworksheet();
for($i=1; $row=sql_fetch_array($result); $i++) {
// Put Excel data
$data = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
$data = array_map('iconv_euckr', $data);
$pull_address = print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']);
$save_it_id = '';
$ct_send_cost = '';
if($save_it_id != $row['it_id']) {
// 합계금액 계산
$sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
SUM(ct_qty) as qty
from {$g5['g5_shop_cart_table']}
where it_id = '{$row['it_id']}'
and od_id = '{$row['od_id']}' ";
$sum = sql_fetch($sql);
$col = 0;
foreach($data as $cell) {
$worksheet->write(0, $col++, $cell);
}
switch($row['ct_send_cost'])
{
case 1:
$ct_send_cost = '착불';
break;
case 2:
$ct_send_cost = '무료';
break;
default:
$ct_send_cost = '선불';
break;
}
$save_it_id = '';
for($i=1; $row=sql_fetch_array($result); $i++)
{
if($save_it_id != $row['it_id']) {
// 합계금액 계산
$sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
SUM(ct_qty) as qty
from {$g5['g5_shop_cart_table']}
where it_id = '{$row['it_id']}'
and od_id = '{$row['od_id']}' ";
$sum = sql_fetch($sql);
// 조건부무료
if($row['it_sc_type'] == 2) {
$sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
switch($row['ct_send_cost'])
{
case 1:
$ct_send_cost = '착불';
break;
case 2:
$ct_send_cost = '무료';
break;
default:
$ct_send_cost = '선불';
break;
if($sendcost == 0)
$ct_send_cost = '무료';
}
$save_it_id = $row['it_id'];
$ct_send_cost = $ct_send_cost;
}
// 조건부무료
if($row['it_sc_type'] == 2) {
$sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
if($sendcost == 0)
$ct_send_cost = '무료';
}
$save_it_id = $row['it_id'];
$ct_send_cost = iconv_euckr($ct_send_cost);
$rows[] = array(' '.$row['od_b_zip1'].$row['od_b_zip2'],
$pull_address,
$row['od_b_name'],
' '.conv_telno($row['od_b_tel']),
' '.conv_telno($row['od_b_hp']),
preg_replace("/\"/", "&#034;", $row['it_name']),
' '.$row['ct_qty'],
$row['ct_option'],
$ct_send_cost,
' '.$row['it_id'],
' '.$row['od_id'],
' '.$row['od_invoice'],
preg_replace("/\"/", "&#034;", $row['od_memo']));
}
$pull_address = iconv('UTF-8', 'UHC', print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']));
$data = array_merge(array($headers), $rows);
$row = array_map('iconv_euckr', $row);
$excel = new PHPExcel();
$excel->setActiveSheetIndex(0)->getStyle( "A1:${last_char}1" )->getFill()->setFillType(PHPExcel_Style_Fill::FILL_SOLID)->getStartColor()->setARGB($header_bgcolor);
$excel->setActiveSheetIndex(0)->getStyle( "A:$last_char" )->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_CENTER)->setWrapText(true);
foreach($widths as $i => $w) $excel->setActiveSheetIndex(0)->getColumnDimension( column_char($i) )->setWidth($w);
$excel->getActiveSheet()->fromArray($data,NULL,'A1');
$worksheet->write($i, 0, ' '.$row['od_b_zip1'].$row['od_b_zip2']);
$worksheet->write($i, 1, $pull_address);
$worksheet->write($i, 2, $row['od_b_name']);
$worksheet->write($i, 3, ' '.$row['od_b_tel']);
$worksheet->write($i, 4, ' '.$row['od_b_hp']);
$worksheet->write($i, 5, $row['it_name']);
$worksheet->write($i, 6, $row['ct_qty']);
$worksheet->write($i, 7, $row['ct_option']);
$worksheet->write($i, 8, $ct_send_cost);
$worksheet->write($i, 9, ' '.$row['it_id']);
$worksheet->write($i, 10, ' '.$row['od_id']);
$worksheet->write($i, 11, $row['od_invoice']);
$worksheet->write($i, 12, $row['od_memo']);
}
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"orderlist-".date("ymd", time()).".xls\"");
header("Cache-Control: max-age=0");
$workbook->close();
$writer = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
$writer->save('php://output');
header("Content-Type: application/x-msexcel; name=\"orderlist-".date("ymd", time()).".xls\"");
header("Content-Disposition: inline; filename=\"orderlist-".date("ymd", time()).".xls\"");
$fh=fopen($fname, "rb");
fpassthru($fh);
unlink($fname);
} else {
/*================================================================================
php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
=================================================================================*/
exit;
include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
$fname = tempnam(G5_DATA_PATH, "tmp-orderlist.xls");
$workbook = new writeexcel_workbook($fname);
$worksheet = $workbook->addworksheet();
// Put Excel data
$data = array('우편번호', '주소', '이름', '전화1', '전화2', '상품명', '수량', '선택사항', '배송비', '상품코드', '주문번호', '운송장번호', '전하실말씀');
$data = array_map('iconv_euckr', $data);
$col = 0;
foreach($data as $cell) {
$worksheet->write(0, $col++, $cell);
}
$save_it_id = '';
for($i=1; $row=sql_fetch_array($result); $i++)
{
if($save_it_id != $row['it_id']) {
// 합계금액 계산
$sql = " select SUM(IF(io_type = 1, (io_price * ct_qty), ((ct_price + io_price) * ct_qty))) as price,
SUM(ct_qty) as qty
from {$g5['g5_shop_cart_table']}
where it_id = '{$row['it_id']}'
and od_id = '{$row['od_id']}' ";
$sum = sql_fetch($sql);
switch($row['ct_send_cost'])
{
case 1:
$ct_send_cost = '착불';
break;
case 2:
$ct_send_cost = '무료';
break;
default:
$ct_send_cost = '선불';
break;
}
// 조건부무료
if($row['it_sc_type'] == 2) {
$sendcost = get_item_sendcost($row['it_id'], $sum['price'], $sum['qty'], $row['od_id']);
if($sendcost == 0)
$ct_send_cost = '무료';
}
$save_it_id = $row['it_id'];
$ct_send_cost = iconv_euckr($ct_send_cost);
}
$pull_address = iconv('UTF-8', 'UHC', print_address($row['od_b_addr1'], $row['od_b_addr2'], $row['od_b_addr3'], $row['od_b_addr_jibeon']));
$row = array_map('iconv_euckr', $row);
$worksheet->write($i, 0, ' '.$row['od_b_zip1'].$row['od_b_zip2']);
$worksheet->write($i, 1, $pull_address);
$worksheet->write($i, 2, $row['od_b_name']);
$worksheet->write($i, 3, ' '.$row['od_b_tel']);
$worksheet->write($i, 4, ' '.$row['od_b_hp']);
$worksheet->write($i, 5, $row['it_name']);
$worksheet->write($i, 6, $row['ct_qty']);
$worksheet->write($i, 7, $row['ct_option']);
$worksheet->write($i, 8, $ct_send_cost);
$worksheet->write($i, 9, ' '.$row['it_id']);
$worksheet->write($i, 10, ' '.$row['od_id']);
$worksheet->write($i, 11, $row['od_invoice']);
$worksheet->write($i, 12, $row['od_memo']);
}
$workbook->close();
header("Content-Type: application/x-msexcel; name=\"orderlist-".date("ymd", time()).".xls\"");
header("Content-Disposition: inline; filename=\"orderlist-".date("ymd", time()).".xls\"");
$fh=fopen($fname, "rb");
fpassthru($fh);
unlink($fname);
exit;
} //end if php 5.2.0
}
function get_order($od_id)
{
global $g5;
@ -271,6 +366,7 @@ else
if ($ct_status)
$sql .= " and b.ct_status = '$ct_status' ";
$sql .= " order by a.od_id ";
$result = sql_query($sql);
if (sql_num_rows($result) == 0)
{

3
adm/shop_admin/ordersms.inc.php
View File

@ -87,5 +87,4 @@ if ($config['cf_sms_use']) {
$SMS->Init(); // 보관하고 있던 결과값을 지웁니다.
}
}
}
?>
}

5
adm/shop_admin/personalpaycopy.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400440';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$g5['title'] = '개인결제 복사';
include_once(G5_PATH.'/head.sub.php');
@ -64,5 +64,4 @@ function form_check(f)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

5
adm/shop_admin/personalpaycopyupdate.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400440';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$_POST = array_map('trim', $_POST);
@ -50,5 +50,4 @@ self.close();
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

11
adm/shop_admin/personalpayform.php
View File

@ -2,10 +2,16 @@
$sub_menu = '400440';
include_once('./_common.php');
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$g5['title'] = '개인결제 관리';
$pp_id = isset($_REQUEST['pp_id']) ? safe_replace_regex($_REQUEST['pp_id'], 'pp_id') : '';
$popup = isset($_REQUEST['popup']) ? clean_xss_tags($_REQUEST['popup'], 1, 1) : '';
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
$pp = array('pp_name'=>'', 'pp_price'=>0, 'od_id'=>'', 'pp_content'=>'', 'pp_settle_case'=>'', 'pp_receipt_time'=>'', 'pp_receipt_price'=>0, 'pp_shop_memo'=>'');
if ($w == 'u') {
$html_title = '개인결제 수정';
@ -274,5 +280,4 @@ if($popup == 'yes') {
include_once(G5_PATH.'/tail.sub.php');
} else {
include_once (G5_ADMIN_PATH.'/admin.tail.php');
}
?>
}

58
adm/shop_admin/personalpayformupdate.php
View File

@ -4,51 +4,56 @@ include_once('./_common.php');
check_admin_token();
if( isset($_POST['pp_name']) ){
$_POST['pp_name'] = strip_tags(clean_xss_attributes($_POST['pp_name']));
}
$pp_name = isset($_POST['pp_name']) ? strip_tags(clean_xss_attributes($_POST['pp_name'])) : '';
$pp_id = isset($_REQUEST['pp_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_id']) : 0;
$pp_price = isset($_POST['pp_price']) ? preg_replace('/[^0-9]/', '', $_REQUEST['pp_price']) : 0;
if($w == 'd') {
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
$sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_GET['pp_id']}' ";
$sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ";
$row = sql_fetch($sql);
if(!$row['pp_id'])
alert('삭제하시려는 자료가 존재하지 않습니다.');
sql_query(" delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_GET['pp_id']}' ");
sql_query(" delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ");
goto_url('./personalpaylist.php?'.$qstr);
} else {
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$_POST = array_map('trim', $_POST);
if(!$_POST['pp_name'])
if(! $pp_name)
alert('이름을 입력해 주십시오.');
if(!$_POST['pp_price'])
if(! $pp_price)
alert('주문금액을 입력해 주십시오.');
if(preg_match('/[^0-9]/', $_POST['pp_price']))
if(preg_match('/[^0-9]/', $pp_price))
alert('주문금액은 숫자만 입력해 주십시오.');
$od_id = preg_replace('/[^0-9]/', '', $_POST['od_id']);
$od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
if($_POST['od_id']) {
if($od_id) {
$sql = " select od_id from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$row = sql_fetch($sql);
if(!$row['od_id'])
if(! (isset($row['od_id']) && $row['od_id']))
alert('입력하신 주문번호는 존재하지 않는 주문 자료입니다.');
}
$sql_common = " pp_name = '{$_POST['pp_name']}',
pp_price = '{$_POST['pp_price']}',
$post_pp_content = isset($_POST['pp_content']) ? $_POST['pp_content'] : '';
$post_pp_receipt_price = isset($_POST['pp_receipt_price']) ? (int) $_POST['pp_receipt_price'] : 0;
$post_pp_settle_case = isset($_POST['pp_settle_case']) ? clean_xss_tags($_POST['pp_settle_case'], 1, 1) : '';
$post_pp_receipt_time = isset($_POST['pp_receipt_time']) ? clean_xss_tags($_POST['pp_receipt_time'], 1, 1) : '';
$post_pp_shop_memo = isset($_POST['pp_shop_memo']) ? $_POST['pp_shop_memo'] : '';
$post_pp_use = isset($_POST['pp_use']) ? (int) $_POST['pp_use'] : 0;
$sql_common = " pp_name = '{$pp_name}',
pp_price = '{$pp_price}',
od_id = '$od_id',
pp_content = '{$_POST['pp_content']}',
pp_receipt_price = '{$_POST['pp_receipt_price']}',
pp_settle_case = '{$_POST['pp_settle_case']}',
pp_receipt_time = '{$_POST['pp_receipt_time']}',
pp_shop_memo = '{$_POST['pp_shop_memo']}',
pp_use = '{$_POST['pp_use']}' ";
pp_content = '{$post_pp_content}',
pp_receipt_price = '{$post_pp_receipt_price}',
pp_settle_case = '{$post_pp_settle_case}',
pp_receipt_time = '{$post_pp_receipt_time}',
pp_shop_memo = '{$post_pp_shop_memo}',
pp_use = '{$post_pp_use}' ";
}
if($w == '') {
@ -60,19 +65,18 @@ if($w == '') {
pp_time = '".G5_TIME_YMDHIS."' ";
sql_query($sql);
} else if($w == 'u') {
$sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id']}' ";
$sql = " select pp_id from {$g5['g5_shop_personalpay_table']} where pp_id = '{$pp_id}' ";
$row = sql_fetch($sql);
if(!$row['pp_id'])
alert('수정하시려는 자료가 존재하지 않습니다.');
$sql = " update {$g5['g5_shop_personalpay_table']}
set $sql_common
where pp_id = '{$_POST['pp_id']}' ";
where pp_id = '{$pp_id}' ";
sql_query($sql);
}
if($popup == 'yes')
alert_close('개인결제가 추가됐습니다.');
else
goto_url('./personalpayform.php?w=u&amp;pp_id='.$pp_id.'&amp;'.$qstr);
?>
goto_url('./personalpayform.php?w=u&amp;pp_id='.$pp_id.'&amp;'.$qstr);

11
adm/shop_admin/personalpaylist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400440';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql_common = " from {$g5['g5_shop_personalpay_table']} ";
@ -60,9 +60,9 @@ $colspan = 10;
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<select name="sfl" title="검색대상">
<option value="pp_id"<?php echo get_selected($_GET['sfl'], "pp_id"); ?>>개인결제번호</option>
<option value="pp_name"<?php echo get_selected($_GET['sfl'], "pp_name"); ?>>이름</option>
<option value="od_id"<?php echo get_selected($_GET['sfl'], "od_id"); ?>>주문번호</option>
<option value="pp_id"<?php echo get_selected($sfl, "pp_id"); ?>>개인결제번호</option>
<option value="pp_name"<?php echo get_selected($sfl, "pp_name"); ?>>이름</option>
<option value="od_id"<?php echo get_selected($sfl, "od_id"); ?>>주문번호</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -175,5 +175,4 @@ function fpersonalpaylist_submit(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

11
adm/shop_admin/personalpaylistdelete.php
View File

@ -4,23 +4,22 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) ? 0;
if(!$count)
alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$ppp_id = (int) $_POST['pp_id'][$k];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$ppp_id = isset($_POST['pp_id'][$i]) ? (int) $_POST['pp_id'][$k] : 0;
$sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' ";
sql_query($sql);
}
goto_url('./personalpaylist.php');
?>
goto_url('./personalpaylist.php');

5
adm/shop_admin/price.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500210';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '가격비교사이트';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -54,5 +54,4 @@ $pg_anchor = '<ul class="anchor">
</section>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/shop_admin/sale1.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500110';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '매출현황';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -69,5 +69,4 @@ $(function() {
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

16
adm/shop_admin/sale1date.php
View File

@ -2,10 +2,10 @@
$sub_menu = '500110';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$fr_date = preg_replace('/[^0-9]/i', '', $fr_date);
$to_date = preg_replace('/[^0-9]/i', '', $to_date);
$fr_date = isset($_REQUEST['fr_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_date']) : '';
$to_date = isset($_REQUEST['to_date']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_date']) : '';
$fr_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $fr_date);
$to_date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $to_date);
@ -75,8 +75,9 @@ $result = sql_query($sql);
</thead>
<tbody>
<?php
unset($save);
unset($tot);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
for ($i=0; $row=sql_fetch_array($result); $i++)
{
if ($i == 0)
@ -84,7 +85,7 @@ $result = sql_query($sql);
if ($save['od_date'] != $row['od_date']) {
print_line($save);
unset($save);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$save['od_date'] = $row['od_date'];
}
@ -156,5 +157,4 @@ $result = sql_query($sql);
</div>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

16
adm/shop_admin/sale1month.php
View File

@ -2,10 +2,10 @@
$sub_menu = '500110';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$fr_month = preg_replace('/[^0-9]/i', '', $fr_month);
$to_month = preg_replace('/[^0-9]/i', '', $to_month);
$fr_month = isset($_REQUEST['fr_month']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_month']) : '';
$to_month = isset($_REQUEST['to_month']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_month']) : '';
$fr_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $fr_month);
$to_month = preg_replace("/([0-9]{4})([0-9]{2})/", "\\1-\\2", $to_month);
@ -76,8 +76,9 @@ $result = sql_query($sql);
</thead>
<tbody>
<?php
unset($save);
unset($tot);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
for ($i=0; $row=sql_fetch_array($result); $i++)
{
if ($i == 0)
@ -85,7 +86,7 @@ $result = sql_query($sql);
if ($save['od_date'] != $row['od_date']) {
print_line($save);
unset($save);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$save['od_date'] = $row['od_date'];
}
@ -158,5 +159,4 @@ $result = sql_query($sql);
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

22
adm/shop_admin/sale1today.php
View File

@ -2,10 +2,22 @@
$sub_menu = '500110';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
$date = preg_replace('/[^0-9]/i', '', $date);
auth_check_menu($auth, $sub_menu, "r");
$date = isset($_GET['date']) ? preg_replace('/[^0-9]/i', '', $_GET['date']) : '';
$tot = array(
'orderprice'=>0,
'coupon'=>0,
'receipt_bank'=>0,
'receipt_vbank'=>0,
'receipt_iche'=>0,
'receipt_card'=>0,
'receipt_easy'=>0,
'receipt_hp'=>0,
'receipt_point'=>0,
'ordercancel'=>0,
'misu'=>0,
);
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1-\\2-\\3", $date);
$g5['title'] = "$date 일 매출현황";
@ -50,7 +62,6 @@ $result = sql_query($sql);
</thead>
<tbody>
<?php
unset($tot);
for ($i=0; $row=sql_fetch_array($result); $i++)
{
if ($row['mb_id'] == '') { // 비회원일 경우는 주문자로 링크
@ -128,5 +139,4 @@ $result = sql_query($sql);
</div>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

16
adm/shop_admin/sale1year.php
View File

@ -2,10 +2,10 @@
$sub_menu = '500110';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$fr_year = preg_replace('/[^0-9]/i', '', $fr_year);
$to_year = preg_replace('/[^0-9]/i', '', $to_year);
$fr_year = isset($_REQUEST['fr_year']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['fr_year']) : '';
$to_year = isset($_REQUEST['to_year']) ? preg_replace('/[^0-9 :_\-]/i', '', $_REQUEST['to_year']) : '';
$g5['title'] = $fr_year.' ~ '.$to_year.' 연간 매출현황';
include_once (G5_ADMIN_PATH.'/admin.head.php');
@ -70,8 +70,9 @@ $result = sql_query($sql);
</thead>
<tbody>
<?php
unset($save);
unset($tot);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$tot = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
for ($i=0; $row=sql_fetch_array($result); $i++)
{
if ($i == 0)
@ -79,7 +80,7 @@ $result = sql_query($sql);
if ($save['od_date'] != $row['od_date']) {
print_line($save);
unset($save);
$save = array('ordercount'=>0, 'orderprice'=>0, 'ordercancel'=>0, 'ordercoupon'=>0, 'receiptbank'=>0, 'receiptvbank'=>0, 'receiptiche'=>0, 'receipthp'=>0, 'receiptcard'=>0, 'receiptpoint'=>0, 'misu'=>0, 'receipteasy'=>0);
$save['od_date'] = $row['od_date'];
}
@ -151,5 +152,4 @@ $result = sql_query($sql);
</div>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/shop_admin/sendcostlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '400750';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$sql_common = " from {$g5['g5_shop_sendcost_table']} ";
@ -151,5 +151,4 @@ function fsendcost_submit(f)
</script>
<?php
include_once(G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once(G5_ADMIN_PATH.'/admin.tail.php');

21
adm/shop_admin/sendcostupdate.php
View File

@ -4,28 +4,28 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$w = $_POST['w'];
$w = isset($_POST['w']) ? $_POST['w'] : '';
if($w == 'd') {
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert('삭제하실 항목을 하나이상 선택해 주십시오.');
for($i=0; $i<$count; $i++) {
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sc_id = (int) $_POST['sc_id'][$k];
$sc_id = isset($_POST['sc_id'][$i]) ? (int) $_POST['sc_id'][$k] : 0;
sql_query(" delete from {$g5['g5_shop_sendcost_table']} where sc_id = '$sc_id' ");
}
} else {
$sc_name = trim(strip_tags(clean_xss_attributes($_POST['sc_name'])));
$sc_zip1 = preg_replace('/[^0-9]/', '', $_POST['sc_zip1']);
$sc_zip2 = preg_replace('/[^0-9]/', '', $_POST['sc_zip2']);
$sc_price = preg_replace('/[^0-9]/', '', $_POST['sc_price']);
$sc_name = isset($_POST['sc_name']) ? trim(strip_tags(clean_xss_attributes($_POST['sc_name']))) : '';
$sc_zip1 = isset($_POST['sc_zip1']) ? preg_replace('/[^0-9]/', '', $_POST['sc_zip1']) : '';
$sc_zip2 = isset($_POST['sc_zip2']) ? preg_replace('/[^0-9]/', '', $_POST['sc_zip2']) : '';
$sc_price = isset($_POST['sc_price']) ? preg_replace('/[^0-9]/', '', $_POST['sc_price']) : '';
if(!$sc_name)
alert('지역명을 입력해 주십시오.');
@ -43,5 +43,4 @@ if($w == 'd') {
sql_query($sql);
}
goto_url('./sendcostlist.php?page='.$page);
?>
goto_url('./sendcostlist.php?page='.$page);

21
adm/shop_admin/wishlist.php
View File

@ -2,24 +2,20 @@
$sub_menu = '500140';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '보관함현황';
include_once (G5_ADMIN_PATH.'/admin.head.php');
include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
if (!$to_date) $to_date = date("Ymd", time());
$fr_date = (isset($_GET['fr_date']) && preg_match("/[0-9]/", $_GET['fr_date'])) ? $_GET['fr_date'] : '';
$to_date = (isset($_GET['to_date']) && preg_match("/[0-9]/", $_GET['to_date'])) ? $_GET['to_date'] : '';
$doc = strip_tags($doc);
$sort1 = strip_tags($sort1);
$sel_ca_id = get_search_string($sel_ca_id);
$doc = isset($_GET['doc']) ? clean_xss_tags($_GET['doc'], 1, 1) : '';
$sort1 = (isset($_GET['sort1']) && in_array($_GET['sort1'], array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) ? $_GET['sort1'] : 'it_id_cnt';
$sort2 = (isset($_GET['sort2']) && in_array($_GET['sort2'], array('desc', 'asc'))) ? $_GET['sort2'] : 'desc';
if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';
if ($sort1 == "") $sort1 = "it_id_cnt";
if (!in_array($sort1, array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) $sort1 = "it_id_cnt";
if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";
$sel_ca_id = isset($_GET['sel_ca_id']) ? get_search_string($_GET['sel_ca_id']) : '';
$sql = " select a.it_id,
b.it_name,
@ -149,5 +145,4 @@ $(function() {
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');