firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

php8.0 버전 호환 코드 적용 및 PHP 끝 태그 삭제 일괄적용

Browse Source
This commit is contained in:
thisgun
2021-01-04 15:39:15 +09:00
parent 131b170b54
commit 27e9af5e42
1009 changed files with 12120 additions and 10849 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
_common.php
View File

@ -8,4 +8,3 @@ if(defined('G5_COMMUNITY_USE') && G5_COMMUNITY_USE === false) {
define('_SHOP_', true); define('_SHOP_', true);
} }
?>

1
_head.php
View File

@ -2,4 +2,3 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/head.php'); include_once(G5_PATH.'/head.php');
?>

1
_tail.php
View File

@ -2,4 +2,3 @@
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/tail.php'); include_once(G5_PATH.'/tail.php');
?>

1
adm/_common.php
View File

@ -8,4 +8,3 @@ if( isset($token) ){
} }
run_event('admin_common'); run_event('admin_common');
?>

16
adm/admin.head.php
View File

@ -32,17 +32,23 @@ function print_menu2($key, $no='')
{ {
global $menu, $auth_menu, $is_admin, $auth, $g5, $sub_menu; global $menu, $auth_menu, $is_admin, $auth, $g5, $sub_menu;
$str .= "<ul>"; $str = "<ul>";
for($i=1; $i<count($menu[$key]); $i++) for($i=1; $i<count($menu[$key]); $i++)
{ {
if( ! isset($menu[$key][$i]) ){
continue;
}
if ($is_admin != 'super' && (!array_key_exists($menu[$key][$i][0],$auth) || !strstr($auth[$menu[$key][$i][0]], 'r'))) if ($is_admin != 'super' && (!array_key_exists($menu[$key][$i][0],$auth) || !strstr($auth[$menu[$key][$i][0]], 'r')))
continue; continue;
if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div'; $gnb_grp_div = $gnb_grp_style = '';
else $gnb_grp_div = '';
if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style'; if (isset($menu[$key][$i][4])){
else $gnb_grp_style = ''; if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div';
if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style';
}
$current_class = ''; $current_class = '';

19
adm/admin.lib.php
View File

@ -230,6 +230,14 @@ function get_member_id_select($name, $level, $selected="", $event="")
return $str; return $str;
} }
// php8 버전 호환 권한 검사 함수
function auth_check_menu($auth, $sub_menu, $attr, $return=false) {
$check_auth = isset($auth[$sub_menu]) ? $auth[$sub_menu] : '';
return auth_check($check_auth, $attr, $return);
}
// 권한 검사 // 권한 검사
function auth_check($auth, $attr, $return=false) function auth_check($auth, $attr, $return=false)
{ {
@ -440,7 +448,7 @@ function check_admin_token()
// 관리자 페이지 referer 체크 // 관리자 페이지 referer 체크
function admin_referer_check($return=false) function admin_referer_check($return=false)
{ {
$referer = trim($_SERVER['HTTP_REFERER']); $referer = isset($_SERVER['HTTP_REFERER']) ? trim($_SERVER['HTTP_REFERER']) : '';
if(!$referer) { if(!$referer) {
$msg = '정보가 올바르지 않습니다.'; $msg = '정보가 올바르지 않습니다.';
@ -516,7 +524,7 @@ function admin_menu_find_by($call, $search_key){
} }
if( isset($cache_menu[$call]) && isset($cache_menu[$call][$search_key]) ){ if( isset($cache_menu[$call]) && isset($cache_menu[$call][$search_key]) ){
return$cache_menu[$call][$search_key]; return $cache_menu[$call][$search_key];
} }
return ''; return '';
@ -556,7 +564,11 @@ if (get_session('ss_mb_key') !== $admin_key) {
alert_close('정상적으로 로그인하여 접근하시기 바랍니다.'); alert_close('정상적으로 로그인하여 접근하시기 바랍니다.');
} }
@ksort($auth); if(isset($auth) && is_array($auth)) {
@ksort($auth);
} else {
$auth = array();
}
// 가변 메뉴 // 가변 메뉴
unset($auth_menu); unset($auth_menu);
@ -598,4 +610,3 @@ if ( isset($_REQUEST) && $_REQUEST ){
// 관리자에서는 추가 스크립트는 사용하지 않는다. // 관리자에서는 추가 스크립트는 사용하지 않는다.
//$config['cf_add_script'] = ''; //$config['cf_add_script'] = '';
?>

1
adm/admin.menu100.php
View File

@ -21,4 +21,3 @@ if(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE') &&
$menu['menu100'][] = array('100410', 'DB업그레이드', G5_ADMIN_URL.'/dbupgrade.php', 'db_upgrade'); $menu['menu100'][] = array('100410', 'DB업그레이드', G5_ADMIN_URL.'/dbupgrade.php', 'db_upgrade');
$menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service'); $menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service');
?>

1
adm/admin.menu200.php
View File

@ -9,4 +9,3 @@ $menu['menu200'] = array (
array('200200', '포인트관리', G5_ADMIN_URL.'/point_list.php', 'mb_point'), array('200200', '포인트관리', G5_ADMIN_URL.'/point_list.php', 'mb_point'),
array('200900', '투표관리', G5_ADMIN_URL.'/poll_list.php', 'mb_poll') array('200900', '투표관리', G5_ADMIN_URL.'/poll_list.php', 'mb_poll')
); );
?>

1
adm/admin.menu300.php
View File

@ -10,4 +10,3 @@ $menu['menu300'] = array (
array('300700', 'FAQ관리', G5_ADMIN_URL.'/faqmasterlist.php', 'scf_faq', 1), array('300700', 'FAQ관리', G5_ADMIN_URL.'/faqmasterlist.php', 'scf_faq', 1),
array('300820', '글,댓글 현황', G5_ADMIN_URL.'/write_count.php', 'scf_write_count'), array('300820', '글,댓글 현황', G5_ADMIN_URL.'/write_count.php', 'scf_write_count'),
); );
?>

1
adm/admin.menu400.shop_1of2.php
View File

@ -19,4 +19,3 @@ $menu['menu400'] = array (
array('400750', '추가배송비관리', G5_ADMIN_URL.'/shop_admin/sendcostlist.php', 'scf_sendcost', 1), array('400750', '추가배송비관리', G5_ADMIN_URL.'/shop_admin/sendcostlist.php', 'scf_sendcost', 1),
array('400410', '미완료주문', G5_ADMIN_URL.'/shop_admin/inorderlist.php', 'scf_inorder', 1), array('400410', '미완료주문', G5_ADMIN_URL.'/shop_admin/inorderlist.php', 'scf_inorder', 1),
); );
?>

1
adm/admin.menu500.shop_2of2.php
View File

@ -13,4 +13,3 @@ $menu['menu500'] = array (
array('500140', '보관함현황', G5_ADMIN_URL.'/shop_admin/wishlist.php', 'sst_wish'), array('500140', '보관함현황', G5_ADMIN_URL.'/shop_admin/wishlist.php', 'sst_wish'),
array('500210', '가격비교사이트', G5_ADMIN_URL.'/shop_admin/price.php', 'sst_compare', 1) array('500210', '가격비교사이트', G5_ADMIN_URL.'/shop_admin/price.php', 'sst_compare', 1)
); );
?>

1
adm/admin.menu900.php
View File

@ -12,4 +12,3 @@ $menu["menu900"] = array (
array('900800', '휴대폰번호 관리', ''.G5_SMS5_ADMIN_URL.'/num_book.php', 'hp_manage', 1), array('900800', '휴대폰번호 관리', ''.G5_SMS5_ADMIN_URL.'/num_book.php', 'hp_manage', 1),
array('900900', '휴대폰번호 파일', ''.G5_SMS5_ADMIN_URL.'/num_book_file.php' , 'hp_file', 1) array('900900', '휴대폰번호 파일', ''.G5_SMS5_ADMIN_URL.'/num_book_file.php' , 'hp_file', 1)
); );
?>

1
adm/admin.tail.php
View File

@ -151,4 +151,3 @@ function menu_rearrange(el)
<?php <?php
include_once(G5_PATH.'/tail.sub.php'); include_once(G5_PATH.'/tail.sub.php');
?>

1
adm/ajax.token.php
View File

@ -11,4 +11,3 @@ if($error)
$token = get_admin_token(); $token = get_admin_token();
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>''))); die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
?>

1
adm/ajax.use_captcha.php
View File

@ -4,4 +4,3 @@ include_once('./_common.php');
if( isset($_POST['admin_use_captcha']) ){ if( isset($_POST['admin_use_captcha']) ){
set_session('ss_admin_use_captcha', true); set_session('ss_admin_use_captcha', true);
} }
?>

1
adm/auth_list.php
View File

@ -267,4 +267,3 @@ function fauthlist_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

8
adm/auth_list_delete.php
View File

@ -10,6 +10,7 @@ if ($is_admin != 'super')
check_admin_token(); check_admin_token();
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0; $count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$post_act_button = isset($_POST['act_button']) ? clean_xss_tags($_POST['act_button'], 1, 1) : '';
if (!$count) if (!$count)
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
@ -21,10 +22,10 @@ if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['a
for ($i=0; $i<$count; $i++) for ($i=0; $i<$count; $i++)
{ {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $chk[$i]; $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]); $mb_id = isset($_POST['mb_id'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]) : '';
$au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]); $au_menu = isset($_POST['au_menu'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]) : '';
$sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' "; $sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' ";
sql_query($sql); sql_query($sql);
@ -33,4 +34,3 @@ for ($i=0; $i<$count; $i++)
} }
goto_url('./auth_list.php?'.$qstr); goto_url('./auth_list.php?'.$qstr);
?>

18
adm/auth_update.php
View File

@ -3,6 +3,11 @@ $sub_menu = "100200";
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_LIB_PATH.'/mailer.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php');
$au_menu = isset($_POST['au_menu']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['au_menu']) : '';
$post_r = isset($_POST['r']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['r']) : '';
$post_w = isset($_POST['w']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['w']) : '';
$post_d = isset($_POST['d']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['d']) : '';
if ($is_admin != 'super') if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.'); alert('최고관리자만 접근 가능합니다.');
@ -19,15 +24,15 @@ if (!chk_captcha()) {
} }
$sql = " insert into {$g5['auth_table']} $sql = " insert into {$g5['auth_table']}
set mb_id = '{$_POST['mb_id']}', set mb_id = '$mb_id',
au_menu = '{$_POST['au_menu']}', au_menu = '$au_menu',
au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}' "; au_auth = '{$post_r},{$post_w},{$post_d}' ";
$result = sql_query($sql, FALSE); $result = sql_query($sql, FALSE);
if (!$result) { if (!$result) {
$sql = " update {$g5['auth_table']} $sql = " update {$g5['auth_table']}
set au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}' set au_auth = '{$post_r},{$post_w},{$post_d}'
where mb_id = '{$_POST['mb_id']}' where mb_id = '$mb_id'
and au_menu = '{$_POST['au_menu']}' "; and au_menu = '$au_menu' ";
sql_query($sql); sql_query($sql);
} }
@ -46,4 +51,3 @@ if( str_replace('-', '', G5_TIME_YMD) !== get_session('adm_auth_update') ){
run_event('adm_auth_update', $mb); run_event('adm_auth_update', $mb);
goto_url('./auth_list.php?'.$qstr); goto_url('./auth_list.php?'.$qstr);
?>

3
adm/board_copy.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300100"; $sub_menu = "300100";
include_once("./_common.php"); include_once("./_common.php");
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$g5['title'] = '게시판 복사'; $g5['title'] = '게시판 복사';
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
@ -83,4 +83,3 @@ function fboardcopy_check(f)
<?php <?php
include_once(G5_PATH.'/tail.sub.php'); include_once(G5_PATH.'/tail.sub.php');
?>

8
adm/board_copy_update.php
View File

@ -4,12 +4,12 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$target_table = trim($_POST['target_table']); $target_table = isset($_POST['target_table']) ? trim($_POST['target_table']) : '';
$target_subject = trim($_POST['target_subject']); $target_subject = isset($_POST['target_subject']) ? trim($_POST['target_subject']) : '';
$target_subject = strip_tags(clean_xss_attributes($target_subject)); $target_subject = strip_tags(clean_xss_attributes($target_subject));
@ -74,6 +74,7 @@ $sql = " insert into {$g5['board_table']}
bo_use_ip_view = '{$board['bo_use_ip_view']}', bo_use_ip_view = '{$board['bo_use_ip_view']}',
bo_use_list_view = '{$board['bo_use_list_view']}', bo_use_list_view = '{$board['bo_use_list_view']}',
bo_use_list_content = '{$board['bo_use_list_content']}', bo_use_list_content = '{$board['bo_use_list_content']}',
bo_use_list_file = '{$board['bo_use_list_file']}',
bo_table_width = '{$board['bo_table_width']}', bo_table_width = '{$board['bo_table_width']}',
bo_subject_len = '{$board['bo_subject_len']}', bo_subject_len = '{$board['bo_subject_len']}',
bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}', bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}',
@ -220,4 +221,3 @@ delete_cache_latest($target_table);
echo "<script>opener.document.location.reload();</script>"; echo "<script>opener.document.location.reload();</script>";
alert("복사에 성공 했습니다.", './board_copy.php?bo_table='.$bo_table.'&amp;'.$qstr); alert("복사에 성공 했습니다.", './board_copy.php?bo_table='.$bo_table.'&amp;'.$qstr);
?>

1
adm/board_delete.inc.php
View File

@ -33,4 +33,3 @@ delete_cache_latest($tmp_bo_table);
// 게시판 폴더 전체 삭제 // 게시판 폴더 전체 삭제
rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table); rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table);
?>

56
adm/board_form.php
View File

@ -3,7 +3,7 @@ $sub_menu = "300100";
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$sql = " select count(*) as cnt from {$g5['group_table']} "; $sql = " select count(*) as cnt from {$g5['group_table']} ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
@ -11,6 +11,8 @@ if (!$row['cnt'])
alert('게시판그룹이 한개 이상 생성되어야 합니다.', './boardgroup_form.php'); alert('게시판그룹이 한개 이상 생성되어야 합니다.', './boardgroup_form.php');
$html_title = '게시판'; $html_title = '게시판';
$reaonly = '';
$required_valid = '';
if (!isset($board['bo_device'])) { if (!isset($board['bo_device'])) {
// 게시판 사용 필드 추가 // 게시판 사용 필드 추가
@ -84,6 +86,57 @@ if (!isset($board['bo_select_editor'])) {
sql_query(" ALTER TABLE `{$g5['board_table']}` ADD `bo_select_editor` VARCHAR(50) NOT NULL DEFAULT '' AFTER `bo_use_dhtml_editor` ", false); sql_query(" ALTER TABLE `{$g5['board_table']}` ADD `bo_select_editor` VARCHAR(50) NOT NULL DEFAULT '' AFTER `bo_use_dhtml_editor` ", false);
} }
$board_default = array(
'bo_mobile_subject'=>'',
'bo_device'=>'',
'bo_use_category'=>0,
'bo_category_list'=>'',
'bo_admin'=>'',
'bo_list_level'=>0,
'bo_read_level'=>0,
'bo_write_level'=>0,
'bo_reply_level'=>0,
'bo_comment_level'=>0,
'bo_link_level'=>0,
'bo_upload_level'=>0,
'bo_download_level'=>0,
'bo_html_level'=>0,
'bo_use_sideview'=>0,
'bo_select_editor'=>'',
'bo_use_rss_view'=>0,
'bo_use_good'=>0,
'bo_use_nogood'=>0,
'bo_use_name'=>0,
'bo_use_signature'=>0,
'bo_use_ip_view'=>0,
'bo_use_list_content'=>0,
'bo_use_list_file'=>0,
'bo_use_list_view'=>0,
'bo_use_email'=>0,
'bo_use_file_content'=>0,
'bo_use_cert'=>'',
'bo_write_min'=>0,
'bo_write_max'=>0,
'bo_comment_min'=>0,
'bo_comment_max'=>0,
'bo_use_sns'=>0,
'bo_order'=>0,
'bo_use_captcha'=>0,
'bo_content_head'=>'',
'bo_content_tail'=>'',
'bo_mobile_content_head'=>'',
'bo_mobile_content_tail'=>'',
'bo_insert_content'=>'',
'bo_sort_field'=>'',
);
for($i=0;$i<=10;$i++){
$board_default['bo_'.$i.'_subj'] = '';
$board_default['bo_'.$i] = '';
}
$board = array_merge($board_default, $board);
run_event('adm_board_form_before', $board, $w); run_event('adm_board_form_before', $board, $w);
$required = ""; $required = "";
@ -1440,4 +1493,3 @@ function fboardform_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

278
adm/board_form_update.php
View File

@ -5,25 +5,27 @@ include_once('./_common.php');
if ($w == 'u') if ($w == 'u')
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$gr_id = isset($_POST['gr_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['gr_id']) : ''; $gr_id = isset($_POST['gr_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['gr_id']) : '';
$bo_admin = isset($_POST['bo_admin']) ? preg_replace('/[^a-z0-9_\, \|\#]/i', '', $_POST['bo_admin']) : ''; $bo_admin = isset($_POST['bo_admin']) ? preg_replace('/[^a-z0-9_\, \|\#]/i', '', $_POST['bo_admin']) : '';
$bo_subject = isset($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'])) : '';
$bo_mobile_subject = isset($_POST['bo_mobile_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_mobile_subject'])) : '';
if (!$gr_id) { alert('그룹 ID는 반드시 선택하세요.'); } if (!$gr_id) { alert('그룹 ID는 반드시 선택하세요.'); }
if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); } if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); } if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }
if (!$_POST['bo_subject']) { alert('게시판 제목을 입력하세요.'); } if (!$bo_subject) { alert('게시판 제목을 입력하세요.'); }
// 게시판명이 금지된 단어로 되어 있으면 // 게시판명이 금지된 단어로 되어 있으면
if ( $w == '' && in_array($bo_table, get_bo_table_banned_word()) ){ if ( $w == '' && in_array($bo_table, get_bo_table_banned_word()) ){
alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.'); alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.');
} }
$bo_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_head, 0, 255)); $bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_head'], 0, 255)) : '';
$bo_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_tail, 0, 255)); $bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : '';
// 관리자가 자동등록방지를 사용해야 할 경우 // 관리자가 자동등록방지를 사용해야 할 경우
if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
@ -40,7 +42,6 @@ if ($file = $bo_include_head) {
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) { if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.'); alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
} }
$_POST['bo_include_head'] = $file;
} }
if ($file = $bo_include_tail) { if ($file = $bo_include_tail) {
@ -49,7 +50,6 @@ if ($file = $bo_include_tail) {
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) { if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.'); alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
} }
$_POST['bo_include_tail'] = $file;
} }
if(!is_include_path_check($bo_include_head, 1)) { if(!is_include_path_check($bo_include_head, 1)) {
@ -73,10 +73,11 @@ $board_path = G5_DATA_PATH.'/file/'.$bo_table;
// 디렉토리에 있는 파일의 목록을 보이지 않게 한다. // 디렉토리에 있는 파일의 목록을 보이지 않게 한다.
$file = $board_path . '/index.php'; $file = $board_path . '/index.php';
$f = @fopen($file, 'w'); if( $f = @fopen($file, 'w') ){
@fwrite($f, ''); @fwrite($f, '');
@fclose($f); @fclose($f);
@chmod($file, G5_FILE_PERMISSION); @chmod($file, G5_FILE_PERMISSION);
}
// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다. // 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
$src_char = array('&', '='); $src_char = array('&', '=');
@ -85,108 +86,178 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치 //https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list); $str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);
$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject'])); $bo_use_category = isset($_POST['bo_use_category']) ? (int) $_POST['bo_use_category'] : 0;
$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject'])); $bo_use_sideview = isset($_POST['bo_use_sideview']) ? (int) $_POST['bo_use_sideview'] : 0;
$bo_use_dhtml_editor = isset($_POST['bo_use_dhtml_editor']) ? (int) $_POST['bo_use_dhtml_editor'] : 0;
$bo_use_good = isset($_POST['bo_use_good']) ? (int) $_POST['bo_use_good'] : 0;
$bo_use_nogood = isset($_POST['bo_use_nogood']) ? (int) $_POST['bo_use_nogood'] : 0;
$bo_use_name = isset($_POST['bo_use_name']) ? (int) $_POST['bo_use_name'] : 0;
$bo_use_signature = isset($_POST['bo_use_signature']) ? (int) $_POST['bo_use_signature'] : 0;
$bo_use_ip_view = isset($_POST['bo_use_ip_view']) ? (int) $_POST['bo_use_ip_view'] : 0;
$bo_use_list_view = isset($_POST['bo_use_list_view']) ? (int) $_POST['bo_use_list_view'] : 0;
$bo_use_list_file = isset($_POST['bo_use_list_file']) ? (int) $_POST['bo_use_list_file'] : 0;
$bo_use_list_content = isset($_POST['bo_use_list_content']) ? (int) $_POST['bo_use_list_content'] : 0;
$bo_use_email = isset($_POST['bo_use_email']) ? (int) $_POST['bo_use_email'] : 0;
$bo_use_sns = isset($_POST['bo_use_sns']) ? (int) $_POST['bo_use_sns'] : 0;
$bo_use_captcha = isset($_POST['bo_use_captcha']) ? (int) $_POST['bo_use_captcha'] : 0;
$bo_table_width = isset($_POST['bo_table_width']) ? (int) $_POST['bo_table_width'] : 0;
$bo_subject_len = isset($_POST['bo_subject_len']) ? (int) $_POST['bo_subject_len'] : 0;
$bo_mobile_subject_len = isset($_POST['bo_mobile_subject_len']) ? (int) $_POST['bo_mobile_subject_len'] : 0;
$bo_page_rows = isset($_POST['bo_page_rows']) ? (int) $_POST['bo_page_rows'] : 0;
$bo_mobile_page_rows = isset($_POST['bo_mobile_page_rows']) ? (int) $_POST['bo_mobile_page_rows'] : 0;
$bo_use_rss_view = isset($_POST['bo_use_rss_view']) ? (int) $_POST['bo_use_rss_view'] : 0;
$bo_use_secret = isset($_POST['bo_use_secret']) ? (int) $_POST['bo_use_secret'] : 0;
$bo_use_file_content = isset($_POST['bo_use_file_content']) ? (int) $_POST['bo_use_file_content'] : 0;
$bo_new = isset($_POST['bo_new']) ? (int) $_POST['bo_new'] : 0;
$bo_hot = isset($_POST['bo_hot']) ? (int) $_POST['bo_hot'] : 0;
$bo_image_width = isset($_POST['bo_image_width']) ? (int) $_POST['bo_image_width'] : 0;
$bo_use_search = isset($_POST['bo_use_search']) ? (int) $_POST['bo_use_search'] : 0;
$bo_use_cert = isset($_POST['bo_use_cert']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['bo_use_cert']) : '';
$bo_device = isset($_POST['bo_device']) ? clean_xss_tags($_POST['bo_device'], 1, 1) : '';
$bo_list_level = isset($_POST['bo_list_level']) ? (int) $_POST['bo_list_level'] : 0;
$bo_read_level = isset($_POST['bo_read_level']) ? (int) $_POST['bo_read_level'] : 0;
$bo_write_level = isset($_POST['bo_write_level']) ? (int) $_POST['bo_write_level'] : 0;
$bo_reply_level = isset($_POST['bo_reply_level']) ? (int) $_POST['bo_reply_level'] : 0;
$bo_comment_level = isset($_POST['bo_comment_level']) ? (int) $_POST['bo_comment_level'] : 0;
$bo_html_level = isset($_POST['bo_html_level']) ? (int) $_POST['bo_html_level'] : 0;
$bo_link_level = isset($_POST['bo_link_level']) ? (int) $_POST['bo_link_level'] : 0;
$bo_count_modify = isset($_POST['bo_count_modify']) ? (int) $_POST['bo_count_modify'] : 0;
$bo_count_delete = isset($_POST['bo_count_delete']) ? (int) $_POST['bo_count_delete'] : 0;
$bo_upload_level = isset($_POST['bo_upload_level']) ? (int) $_POST['bo_upload_level'] : 0;
$bo_download_level = isset($_POST['bo_download_level']) ? (int) $_POST['bo_download_level'] : 0;
$bo_read_point = isset($_POST['bo_read_point']) ? (int) $_POST['bo_read_point'] : 0;
$bo_write_point = isset($_POST['bo_write_point']) ? (int) $_POST['bo_write_point'] : 0;
$bo_comment_point = isset($_POST['bo_comment_point']) ? (int) $_POST['bo_comment_point'] : 0;
$bo_download_point = isset($_POST['bo_download_point']) ? (int) $_POST['bo_download_point'] : 0;
$bo_select_editor = isset($_POST['bo_select_editor']) ? clean_xss_tags($_POST['bo_select_editor'], 1, 1) : '';
$bo_skin = isset($_POST['bo_skin']) ? clean_xss_tags($_POST['bo_skin'], 1, 1) : '';
$bo_mobile_skin = isset($_POST['bo_mobile_skin']) ? clean_xss_tags($_POST['bo_mobile_skin'], 1, 1) : '';
$bo_content_head = isset($_POST['bo_content_head']) ? $_POST['bo_content_head'] : '';
$bo_content_tail = isset($_POST['bo_content_tail']) ? $_POST['bo_content_tail'] : '';
$bo_mobile_content_head = isset($_POST['bo_mobile_content_head']) ? $_POST['bo_mobile_content_head'] : '';
$bo_mobile_content_tail = isset($_POST['bo_mobile_content_tail']) ? $_POST['bo_mobile_content_tail'] : '';
$bo_insert_content = isset($_POST['bo_insert_content']) ? $_POST['bo_insert_content'] : '';
$bo_gallery_cols = isset($_POST['bo_gallery_cols']) ? (int) $_POST['bo_gallery_cols'] : 0;
$bo_gallery_width = isset($_POST['bo_gallery_width']) ? (int) $_POST['bo_gallery_width'] : 0;
$bo_gallery_height = isset($_POST['bo_gallery_height']) ? (int) $_POST['bo_gallery_height'] : 0;
$bo_mobile_gallery_width = isset($_POST['bo_mobile_gallery_width']) ? (int) $_POST['bo_mobile_gallery_width'] : 0;
$bo_mobile_gallery_height = isset($_POST['bo_mobile_gallery_height']) ? (int) $_POST['bo_mobile_gallery_height'] : 0;
$bo_upload_count = isset($_POST['bo_upload_count']) ? (int) $_POST['bo_upload_count'] : 0;
$bo_upload_size = isset($_POST['bo_upload_size']) ? (int) $_POST['bo_upload_size'] : 0;
$bo_reply_order = isset($_POST['bo_reply_order']) ? (int) $_POST['bo_reply_order'] : 0;
$bo_order = isset($_POST['bo_order']) ? (int) $_POST['bo_order'] : 0;
$bo_write_min = isset($_POST['bo_write_min']) ? (int) $_POST['bo_write_min'] : 0;
$bo_write_max = isset($_POST['bo_write_max']) ? (int) $_POST['bo_write_max'] : 0;
$bo_comment_min = isset($_POST['bo_comment_min']) ? (int) $_POST['bo_comment_min'] : 0;
$bo_comment_max = isset($_POST['bo_comment_max']) ? (int) $_POST['bo_comment_max'] : 0;
$bo_sort_field = isset($_POST['bo_sort_field']) ? clean_xss_tags($_POST['bo_sort_field'], 1, 1) : '';
$etcs = array();
for($i=1;$i<=10;$i++){
$etcs['bo_'.$i.'_subj'] = ${'bo_'.$i.'_subj'} = isset($_POST['bo_'.$i.'_subj']) ? $_POST['bo_'.$i.'_subj'] : '';
$etcs['bo_'.$i] = ${'bo_'.$i} = isset($_POST['bo_'.$i]) ? $_POST['bo_'.$i] : '';
}
$sql_common = " gr_id = '{$gr_id}', $sql_common = " gr_id = '{$gr_id}',
bo_subject = '{$_POST['bo_subject']}', bo_subject = '{$bo_subject}',
bo_mobile_subject = '{$_POST['bo_mobile_subject']}', bo_mobile_subject = '{$bo_mobile_subject}',
bo_device = '{$_POST['bo_device']}', bo_device = '{$bo_device}',
bo_admin = '{$bo_admin}', bo_admin = '{$bo_admin}',
bo_list_level = '{$_POST['bo_list_level']}', bo_list_level = '{$bo_list_level}',
bo_read_level = '{$_POST['bo_read_level']}', bo_read_level = '{$bo_read_level}',
bo_write_level = '{$_POST['bo_write_level']}', bo_write_level = '{$bo_write_level}',
bo_reply_level = '{$_POST['bo_reply_level']}', bo_reply_level = '{$bo_reply_level}',
bo_comment_level = '{$_POST['bo_comment_level']}', bo_comment_level = '{$bo_comment_level}',
bo_html_level = '{$_POST['bo_html_level']}', bo_html_level = '{$bo_html_level}',
bo_link_level = '{$_POST['bo_link_level']}', bo_link_level = '{$bo_link_level}',
bo_count_modify = '{$_POST['bo_count_modify']}', bo_count_modify = '{$bo_count_modify}',
bo_count_delete = '{$_POST['bo_count_delete']}', bo_count_delete = '{$bo_count_delete}',
bo_upload_level = '{$_POST['bo_upload_level']}', bo_upload_level = '{$bo_upload_level}',
bo_download_level = '{$_POST['bo_download_level']}', bo_download_level = '{$bo_download_level}',
bo_read_point = '{$_POST['bo_read_point']}', bo_read_point = '{$bo_read_point}',
bo_write_point = '{$_POST['bo_write_point']}', bo_write_point = '{$bo_write_point}',
bo_comment_point = '{$_POST['bo_comment_point']}', bo_comment_point = '{$bo_comment_point}',
bo_download_point = '{$_POST['bo_download_point']}', bo_download_point = '{$bo_download_point}',
bo_use_category = '{$_POST['bo_use_category']}', bo_use_category = '{$bo_use_category}',
bo_category_list = '{$str_bo_category_list}', bo_category_list = '{$str_bo_category_list}',
bo_use_sideview = '{$_POST['bo_use_sideview']}', bo_use_sideview = '{$bo_use_sideview}',
bo_use_file_content = '{$_POST['bo_use_file_content']}', bo_use_file_content = '{$bo_use_file_content}',
bo_use_secret = '{$_POST['bo_use_secret']}', bo_use_secret = '{$bo_use_secret}',
bo_use_dhtml_editor = '{$_POST['bo_use_dhtml_editor']}', bo_use_dhtml_editor = '{$bo_use_dhtml_editor}',
bo_select_editor = '{$_POST['bo_select_editor']}', bo_select_editor = '{$bo_select_editor}',
bo_use_rss_view = '{$_POST['bo_use_rss_view']}', bo_use_rss_view = '{$bo_use_rss_view}',
bo_use_good = '{$_POST['bo_use_good']}', bo_use_good = '{$bo_use_good}',
bo_use_nogood = '{$_POST['bo_use_nogood']}', bo_use_nogood = '{$bo_use_nogood}',
bo_use_name = '{$_POST['bo_use_name']}', bo_use_name = '{$bo_use_name}',
bo_use_signature = '{$_POST['bo_use_signature']}', bo_use_signature = '{$bo_use_signature}',
bo_use_ip_view = '{$_POST['bo_use_ip_view']}', bo_use_ip_view = '{$bo_use_ip_view}',
bo_use_list_view = '{$_POST['bo_use_list_view']}', bo_use_list_view = '{$bo_use_list_view}',
bo_use_list_file = '{$_POST['bo_use_list_file']}', bo_use_list_file = '{$bo_use_list_file}',
bo_use_list_content = '{$_POST['bo_use_list_content']}', bo_use_list_content = '{$bo_use_list_content}',
bo_use_email = '{$_POST['bo_use_email']}', bo_use_email = '{$bo_use_email}',
bo_use_cert = '{$_POST['bo_use_cert']}', bo_use_cert = '{$bo_use_cert}',
bo_use_sns = '{$_POST['bo_use_sns']}', bo_use_sns = '{$bo_use_sns}',
bo_use_captcha = '{$_POST['bo_use_captcha']}', bo_use_captcha = '{$bo_use_captcha}',
bo_table_width = '{$_POST['bo_table_width']}', bo_table_width = '{$bo_table_width}',
bo_subject_len = '{$_POST['bo_subject_len']}', bo_subject_len = '{$bo_subject_len}',
bo_mobile_subject_len = '{$_POST['bo_mobile_subject_len']}', bo_mobile_subject_len = '{$bo_mobile_subject_len}',
bo_page_rows = '{$_POST['bo_page_rows']}', bo_page_rows = '{$bo_page_rows}',
bo_mobile_page_rows = '{$_POST['bo_mobile_page_rows']}', bo_mobile_page_rows = '{$bo_mobile_page_rows}',
bo_new = '{$_POST['bo_new']}', bo_new = '{$bo_new}',
bo_hot = '{$_POST['bo_hot']}', bo_hot = '{$bo_hot}',
bo_image_width = '{$_POST['bo_image_width']}', bo_image_width = '{$bo_image_width}',
bo_skin = '{$_POST['bo_skin']}', bo_skin = '{$bo_skin}',
bo_mobile_skin = '{$_POST['bo_mobile_skin']}', bo_mobile_skin = '{$bo_mobile_skin}',
"; ";
// 최고 관리자인 경우에만 수정가능 // 최고 관리자인 경우에만 수정가능
if ($is_admin === 'super'){ if ($is_admin === 'super'){
$sql_common .= " bo_include_head = '".$bo_include_head."', $sql_common .= " bo_include_head = '".$bo_include_head."',
bo_include_tail = '".$bo_include_tail."', bo_include_tail = '".$bo_include_tail."',
bo_content_head = '{$_POST['bo_content_head']}', bo_content_head = '{$bo_content_head}',
bo_content_tail = '{$_POST['bo_content_tail']}', bo_content_tail = '{$bo_content_tail}',
bo_mobile_content_head = '{$_POST['bo_mobile_content_head']}', bo_mobile_content_head = '{$bo_mobile_content_head}',
bo_mobile_content_tail = '{$_POST['bo_mobile_content_tail']}', bo_mobile_content_tail = '{$bo_mobile_content_tail}',
"; ";
} }
$sql_common .= " bo_insert_content = '{$_POST['bo_insert_content']}', $sql_common .= " bo_insert_content = '{$bo_insert_content}',
bo_gallery_cols = '{$_POST['bo_gallery_cols']}', bo_gallery_cols = '{$bo_gallery_cols}',
bo_gallery_width = '{$_POST['bo_gallery_width']}', bo_gallery_width = '{$bo_gallery_width}',
bo_gallery_height = '{$_POST['bo_gallery_height']}', bo_gallery_height = '{$bo_gallery_height}',
bo_mobile_gallery_width = '{$_POST['bo_mobile_gallery_width']}', bo_mobile_gallery_width = '{$bo_mobile_gallery_width}',
bo_mobile_gallery_height= '{$_POST['bo_mobile_gallery_height']}', bo_mobile_gallery_height= '{$bo_mobile_gallery_height}',
bo_upload_count = '{$_POST['bo_upload_count']}', bo_upload_count = '{$bo_upload_count}',
bo_upload_size = '{$_POST['bo_upload_size']}', bo_upload_size = '{$bo_upload_size}',
bo_reply_order = '{$_POST['bo_reply_order']}', bo_reply_order = '{$bo_reply_order}',
bo_use_search = '{$_POST['bo_use_search']}', bo_use_search = '{$bo_use_search}',
bo_order = '{$_POST['bo_order']}', bo_order = '{$bo_order}',
bo_write_min = '{$_POST['bo_write_min']}', bo_write_min = '{$bo_write_min}',
bo_write_max = '{$_POST['bo_write_max']}', bo_write_max = '{$bo_write_max}',
bo_comment_min = '{$_POST['bo_comment_min']}', bo_comment_min = '{$bo_comment_min}',
bo_comment_max = '{$_POST['bo_comment_max']}', bo_comment_max = '{$bo_comment_max}',
bo_sort_field = '{$_POST['bo_sort_field']}', bo_sort_field = '{$bo_sort_field}',
bo_1_subj = '{$_POST['bo_1_subj']}', bo_1_subj = '{$bo_1_subj}',
bo_2_subj = '{$_POST['bo_2_subj']}', bo_2_subj = '{$bo_2_subj}',
bo_3_subj = '{$_POST['bo_3_subj']}', bo_3_subj = '{$bo_3_subj}',
bo_4_subj = '{$_POST['bo_4_subj']}', bo_4_subj = '{$bo_4_subj}',
bo_5_subj = '{$_POST['bo_5_subj']}', bo_5_subj = '{$bo_5_subj}',
bo_6_subj = '{$_POST['bo_6_subj']}', bo_6_subj = '{$bo_6_subj}',
bo_7_subj = '{$_POST['bo_7_subj']}', bo_7_subj = '{$bo_7_subj}',
bo_8_subj = '{$_POST['bo_8_subj']}', bo_8_subj = '{$bo_8_subj}',
bo_9_subj = '{$_POST['bo_9_subj']}', bo_9_subj = '{$bo_9_subj}',
bo_10_subj = '{$_POST['bo_10_subj']}', bo_10_subj = '{$bo_10_subj}',
bo_1 = '{$_POST['bo_1']}', bo_1 = '{$bo_1}',
bo_2 = '{$_POST['bo_2']}', bo_2 = '{$bo_2}',
bo_3 = '{$_POST['bo_3']}', bo_3 = '{$bo_3}',
bo_4 = '{$_POST['bo_4']}', bo_4 = '{$bo_4}',
bo_5 = '{$_POST['bo_5']}', bo_5 = '{$bo_5}',
bo_6 = '{$_POST['bo_6']}', bo_6 = '{$bo_6}',
bo_7 = '{$_POST['bo_7']}', bo_7 = '{$bo_7}',
bo_8 = '{$_POST['bo_8']}', bo_8 = '{$bo_8}',
bo_9 = '{$_POST['bo_9']}', bo_9 = '{$bo_9}',
bo_10 = '{$_POST['bo_10']}' "; bo_10 = '{$bo_10}' ";
if ($w == '') { if ($w == '') {
@ -355,8 +426,8 @@ if (is_checked('chk_grp_use_search')) $grp_fields .= " , bo_use_search
if (is_checked('chk_grp_order')) $grp_fields .= " , bo_order = '{$bo_order}' "; if (is_checked('chk_grp_order')) $grp_fields .= " , bo_order = '{$bo_order}' ";
for ($i=1; $i<=10; $i++) { for ($i=1; $i<=10; $i++) {
if (is_checked('chk_grp_'.$i)) { if (is_checked('chk_grp_'.$i)) {
$grp_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' "; $grp_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
$grp_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' "; $grp_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
} }
} }
@ -445,8 +516,8 @@ if (is_checked('chk_all_use_search')) $all_fields .= " , bo_use_search
if (is_checked('chk_all_order')) $all_fields .= " , bo_order = '{$bo_order}' "; if (is_checked('chk_all_order')) $all_fields .= " , bo_order = '{$bo_order}' ";
for ($i=1; $i<=10; $i++) { for ($i=1; $i<=10; $i++) {
if (is_checked('chk_all_'.$i)) { if (is_checked('chk_all_'.$i)) {
$all_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' "; $all_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
$all_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' "; $all_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
} }
} }
@ -462,4 +533,3 @@ if(function_exists('get_admin_captcha_by'))
run_event('admin_board_form_update', $bo_table, $w); run_event('admin_board_form_update', $bo_table, $w);
goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}"); goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");
?>

11
adm/board_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300100"; $sub_menu = "300100";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['board_table']} a "; $sql_common = " from {$g5['board_table']} a ";
$sql_search = " where (1) "; $sql_search = " where (1) ";
@ -63,9 +63,9 @@ $colspan = 15;
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_table", true); ?>>TABLE</option> <option value="bo_table"<?php echo get_selected($sfl, "bo_table", true); ?>>TABLE</option>
<option value="bo_subject"<?php echo get_selected($_GET['sfl'], "bo_subject"); ?>>제목</option> <option value="bo_subject"<?php echo get_selected($sfl, "bo_subject"); ?>>제목</option>
<option value="a.gr_id"<?php echo get_selected($_GET['sfl'], "a.gr_id"); ?>>그룹ID</option> <option value="a.gr_id"<?php echo get_selected($sfl, "a.gr_id"); ?>>그룹ID</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -81,7 +81,7 @@ $colspan = 15;
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>"> <input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
<table> <table>
@ -236,4 +236,3 @@ $(function(){
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

71
adm/board_list_update.php
View File

@ -4,28 +4,42 @@ include_once('./_common.php');
check_demo(); check_demo();
if (!count($_POST['chk'])) { $post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); $chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
if (! $post_count_chk) {
alert($act_button." 하실 항목을 하나 이상 체크하세요.");
} }
check_admin_token(); check_admin_token();
$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : ''; if ($act_button === "선택수정") {
$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
if ($_POST['act_button'] == "선택수정") { auth_check_menu($auth, $sub_menu, 'w');
auth_check($auth[$sub_menu], 'w'); for ($i=0; $i<$post_count_chk; $i++) {
for ($i=0; $i<count($_POST['chk']); $i++) {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$post_gr_id = isset($_POST['gr_id'][$k]) ? clean_xss_tags($_POST['gr_id'][$k], 1, 1) : '';
$post_bo_device = isset($_POST['bo_device'][$k]) ? clean_xss_tags($_POST['bo_device'][$k], 1, 1) : '';
$post_bo_skin = isset($_POST['bo_skin'][$k]) ? clean_xss_tags($_POST['bo_skin'][$k], 1, 1) : '';
$post_bo_mobile_skin = isset($_POST['bo_mobile_skin'][$k]) ? clean_xss_tags($_POST['bo_mobile_skin'][$k], 1, 1) : '';
$post_bo_read_point = isset($_POST['bo_read_point'][$k]) ? clean_xss_tags($_POST['bo_read_point'][$k], 1, 1) : '';
$post_bo_write_point = isset($_POST['bo_write_point'][$k]) ? clean_xss_tags($_POST['bo_write_point'][$k], 1, 1) : '';
$post_bo_comment_point = isset($_POST['bo_comment_point'][$k]) ? clean_xss_tags($_POST['bo_comment_point'][$k], 1, 1) : '';
$post_bo_download_point = isset($_POST['bo_download_point'][$k]) ? clean_xss_tags($_POST['bo_download_point'][$k], 1, 1) : '';
$post_bo_use_search = isset($_POST['bo_use_search'][$k]) ? clean_xss_tags($_POST['bo_use_search'][$k], 1, 1) : '';
$post_bo_use_sns = isset($_POST['bo_use_sns'][$k]) ? clean_xss_tags($_POST['bo_use_sns'][$k], 1, 1) : '';
$post_bo_order = isset($_POST['bo_order'][$k]) ? clean_xss_tags($_POST['bo_order'][$k], 1, 1) : '';
$post_board_table = isset($_POST['board_table'][$k]) ? clean_xss_tags($_POST['board_table'][$k], 1, 1) : '';
if ($is_admin != 'super') { if ($is_admin != 'super') {
$sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b $sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b
where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."' where a.gr_id = '".sql_real_escape_string($post_gr_id)."'
and a.gr_id = b.gr_id and a.gr_id = b.gr_id
and b.gr_admin = '{$member['mb_id']}' "; and b.gr_admin = '{$member['mb_id']}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
@ -36,39 +50,39 @@ if ($_POST['act_button'] == "선택수정") {
$p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : ''; $p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';
$sql = " update {$g5['board_table']} $sql = " update {$g5['board_table']}
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."', set gr_id = '".sql_real_escape_string($post_gr_id)."',
bo_subject = '".$p_bo_subject."', bo_subject = '".$p_bo_subject."',
bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."', bo_device = '".sql_real_escape_string($post_bo_device)."',
bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."', bo_skin = '".sql_real_escape_string($post_bo_skin)."',
bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."', bo_mobile_skin = '".sql_real_escape_string($post_bo_mobile_skin)."',
bo_read_point = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."', bo_read_point = '".sql_real_escape_string($post_bo_read_point)."',
bo_write_point = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."', bo_write_point = '".sql_real_escape_string($post_bo_write_point)."',
bo_comment_point = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."', bo_comment_point = '".sql_real_escape_string($post_bo_comment_point)."',
bo_download_point = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."', bo_download_point = '".sql_real_escape_string($post_bo_download_point)."',
bo_use_search = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."', bo_use_search = '".sql_real_escape_string($post_bo_use_search)."',
bo_use_sns = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."', bo_use_sns = '".sql_real_escape_string($post_bo_use_sns)."',
bo_order = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."' bo_order = '".sql_real_escape_string($post_bo_order)."'
where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' "; where bo_table = '".sql_real_escape_string($post_board_table)."' ";
sql_query($sql); sql_query($sql);
} }
} else if ($_POST['act_button'] == "선택삭제") { } else if ($act_button === "선택삭제") {
if ($is_admin != 'super') if ($is_admin != 'super')
alert('게시판 삭제는 최고관리자만 가능합니다.'); alert('게시판 삭제는 최고관리자만 가능합니다.');
auth_check($auth[$sub_menu], 'd'); auth_check_menu($auth, $sub_menu, 'd');
// _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함 // _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함
define('_BOARD_DELETE_', true); define('_BOARD_DELETE_', true);
for ($i=0; $i<count($_POST['chk']); $i++) { for ($i=0; $i<$post_count_chk; $i++) {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
// include 전에 $bo_table 값을 반드시 넘겨야 함 // include 전에 $bo_table 값을 반드시 넘겨야 함
$tmp_bo_table = trim($_POST['board_table'][$k]); $tmp_bo_table = isset($_POST['board_table'][$k]) ? trim(clean_xss_tags($_POST['board_table'][$k], 1, 1)) : '';
if( preg_match("/^[A-Za-z0-9_]+$/", $tmp_bo_table) ){ if( preg_match("/^[A-Za-z0-9_]+$/", $tmp_bo_table) ){
include ('./board_delete.inc.php'); include ('./board_delete.inc.php');
@ -81,4 +95,3 @@ if ($_POST['act_button'] == "선택수정") {
run_event('admin_board_list_update', $act_button, $chk, $board_table, $qstr); run_event('admin_board_list_update', $act_button, $chk, $board_table, $qstr);
goto_url('./board_list.php?'.$qstr); goto_url('./board_list.php?'.$qstr);
?>

3
adm/board_thumbnail_delete.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300100'; $sub_menu = '300100';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
if(!$board['bo_table']) if(!$board['bo_table'])
alert('존재하지 않는 게시판입니다.'); alert('존재하지 않는 게시판입니다.');
@ -49,4 +49,3 @@ if(is_dir($dir)) {
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

16
adm/boardgroup_form.php
View File

@ -2,17 +2,24 @@
$sub_menu = "300200"; $sub_menu = "300200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.'); if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
$html_title = '게시판그룹'; $html_title = '게시판그룹';
$gr_id_attr = ''; $gr_id_attr = '';
$sound_only = ''; $sound_only = '';
if( ! isset($group['gr_id']) ){
$group['gr_id'] = '';
$group['gr_subject'] = '';
$group['gr_device'] = '';
}
if ($w == '') { if ($w == '') {
$gr_id_attr = 'required'; $gr_id_attr = 'required';
$sound_only = '<strong class="sound_only"> 필수</strong>'; $sound_only = '<strong class="sound_only"> 필수</strong>';
$gr = array('gr_use_access' => 0); $gr = array('gr_use_access' => 0, 'gr_admin'=>'');
$html_title .= ' 생성'; $html_title .= ' 생성';
} else if ($w == 'u') { } else if ($w == 'u') {
$gr_id_attr = 'readonly'; $gr_id_attr = 'readonly';
@ -115,9 +122,9 @@ include_once('./admin.head.php');
<th scope="row">여분필드<?php echo $i ?></th> <th scope="row">여분필드<?php echo $i ?></th>
<td class="td_extra"> <td class="td_extra">
<label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label> <label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
<input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input"> <input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo isset($group['gr_'.$i.'_subj']) ? get_text($group['gr_'.$i.'_subj']) : ''; ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
<label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label> <label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input"> <input type="text" name="gr_<?php echo $i ?>" value="<?php echo isset($gr['gr_'.$i]) ? get_sanitize_input($gr['gr_'.$i]) : ''; ?>" id="gr_<?php echo $i ?>" class="frm_input">
</td> </td>
</tr> </tr>
<?php } ?> <?php } ?>
@ -149,4 +156,3 @@ function fboardgroup_check(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

80
adm/boardgroup_form_update.php
View File

@ -5,42 +5,63 @@ include_once('./_common.php');
if ($w == 'u') if ($w == 'u')
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.'); if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
check_admin_token(); check_admin_token();
if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id'])) $gr_id = isset($_POST['gr_id']) ? $_POST['gr_id'] : '';
if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $gr_id))
alert('그룹 ID는 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (10자 이내)'); alert('그룹 ID는 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (10자 이내)');
if (!$gr_subject) alert('그룹 제목을 입력하세요.'); if (!$gr_subject) alert('그룹 제목을 입력하세요.');
$gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : ''; $posts = array();
$sql_common = " gr_subject = '{$gr_subject}', $check_keys = array(
gr_device = '{$_POST['gr_device']}', 'gr_subject',
gr_admin = '{$_POST['gr_admin']}', 'gr_device',
gr_1_subj = '{$_POST['gr_1_subj']}', 'gr_admin'
gr_2_subj = '{$_POST['gr_2_subj']}', );
gr_3_subj = '{$_POST['gr_3_subj']}',
gr_4_subj = '{$_POST['gr_4_subj']}', for($i=1;$i<=10;$i++){
gr_5_subj = '{$_POST['gr_5_subj']}', $check_keys['gr_'.$i.'_subj'] = isset($_POST['gr_'.$i.'_subj']) ? $_POST['gr_'.$i.'_subj'] : '';
gr_6_subj = '{$_POST['gr_6_subj']}', $check_keys['gr_'.$i] = isset($_POST['gr_'.$i]) ? $_POST['gr_'.$i] : '';
gr_7_subj = '{$_POST['gr_7_subj']}', }
gr_8_subj = '{$_POST['gr_8_subj']}',
gr_9_subj = '{$_POST['gr_9_subj']}', foreach( $check_keys as $key ){
gr_10_subj = '{$_POST['gr_10_subj']}', if( $key === 'gr_subject' ){
gr_1 = '{$_POST['gr_1']}', $posts[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
gr_2 = '{$_POST['gr_2']}', } else {
gr_3 = '{$_POST['gr_3']}', $posts[$key] = isset($_POST[$key]) ? $_POST[$key] : '';
gr_4 = '{$_POST['gr_4']}', }
gr_5 = '{$_POST['gr_5']}', }
gr_6 = '{$_POST['gr_6']}',
gr_7 = '{$_POST['gr_7']}', $sql_common = " gr_subject = '{$posts['gr_subject']}',
gr_8 = '{$_POST['gr_8']}', gr_device = '{$posts['gr_device']}',
gr_9 = '{$_POST['gr_9']}', gr_admin = '{$posts['gr_admin']}',
gr_10 = '{$_POST['gr_10']}' "; gr_1_subj = '{$posts['gr_1_subj']}',
gr_2_subj = '{$posts['gr_2_subj']}',
gr_3_subj = '{$posts['gr_3_subj']}',
gr_4_subj = '{$posts['gr_4_subj']}',
gr_5_subj = '{$posts['gr_5_subj']}',
gr_6_subj = '{$posts['gr_6_subj']}',
gr_7_subj = '{$posts['gr_7_subj']}',
gr_8_subj = '{$posts['gr_8_subj']}',
gr_9_subj = '{$posts['gr_9_subj']}',
gr_10_subj = '{$posts['gr_10_subj']}',
gr_1 = '{$posts['gr_1']}',
gr_2 = '{$posts['gr_2']}',
gr_3 = '{$posts['gr_3']}',
gr_4 = '{$posts['gr_4']}',
gr_5 = '{$posts['gr_5']}',
gr_6 = '{$posts['gr_6']}',
gr_7 = '{$posts['gr_7']}',
gr_8 = '{$posts['gr_8']}',
gr_9 = '{$posts['gr_9']}',
gr_10 = '{$posts['gr_10']}' ";
if (isset($_POST['gr_use_access'])) if (isset($_POST['gr_use_access']))
$sql_common .= ", gr_use_access = '{$_POST['gr_use_access']}' "; $sql_common .= ", gr_use_access = '{$_POST['gr_use_access']}' ";
else else
@ -48,13 +69,13 @@ else
if ($w == '') { if ($w == '') {
$sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$_POST['gr_id']}' "; $sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$gr_id}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['cnt']) if ($row['cnt'])
alert('이미 존재하는 그룹 ID 입니다.'); alert('이미 존재하는 그룹 ID 입니다.');
$sql = " insert into {$g5['group_table']} $sql = " insert into {$g5['group_table']}
set gr_id = '{$_POST['gr_id']}', set gr_id = '{$gr_id}',
{$sql_common} "; {$sql_common} ";
sql_query($sql); sql_query($sql);
@ -62,7 +83,7 @@ if ($w == '') {
$sql = " update {$g5['group_table']} $sql = " update {$g5['group_table']}
set {$sql_common} set {$sql_common}
where gr_id = '{$_POST['gr_id']}' "; where gr_id = '{$gr_id}' ";
sql_query($sql); sql_query($sql);
} else { } else {
@ -72,4 +93,3 @@ if ($w == '') {
run_event('admin_boardgroup_form_update', $gr_id, $w); run_event('admin_boardgroup_form_update', $gr_id, $w);
goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr); goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr);
?>

11
adm/boardgroup_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300200"; $sub_menu = "300200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
if (!isset($group['gr_device'])) { if (!isset($group['gr_device'])) {
// 게시판 그룹 사용 필드 추가 // 게시판 그룹 사용 필드 추가
@ -10,7 +10,7 @@ if (!isset($group['gr_device'])) {
// pc : pc 전용 사용 // pc : pc 전용 사용
// mobile : mobile 전용 사용 // mobile : mobile 전용 사용
// none : 사용 안함 // none : 사용 안함
sql_query(" ALTER TABLE `{$g5['board_group_table']}` ADD `gr_device` ENUM( 'both', 'pc', 'mobile' ) NOT NULL DEFAULT 'both' AFTER `gr_subject` ", false); sql_query(" ALTER TABLE `{$g5['group_table']}` ADD `gr_device` ENUM( 'both', 'pc', 'mobile' ) NOT NULL DEFAULT 'both' AFTER `gr_subject` ", false);
} }
$sql_common = " from {$g5['group_table']} "; $sql_common = " from {$g5['group_table']} ";
@ -66,9 +66,9 @@ $colspan = 10;
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get"> <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="gr_subject"<?php echo get_selected($_GET['sfl'], "gr_subject"); ?>>제목</option> <option value="gr_subject"<?php echo get_selected($sfl, "gr_subject"); ?>>제목</option>
<option value="gr_id"<?php echo get_selected($_GET['sfl'], "gr_id"); ?>>ID</option> <option value="gr_id"<?php echo get_selected($sfl, "gr_id"); ?>>ID</option>
<option value="gr_admin"<?php echo get_selected($_GET['sfl'], "gr_admin"); ?>>그룹관리자</option> <option value="gr_admin"<?php echo get_selected($sfl, "gr_admin"); ?>>그룹관리자</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" id="stx" value="<?php echo $stx ?>" required class="required frm_input"> <input type="text" name="stx" id="stx" value="<?php echo $stx ?>" required class="required frm_input">
@ -208,4 +208,3 @@ function fboardgrouplist_submit(f)
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

20
adm/boardgroup_list_update.php
View File

@ -6,7 +6,7 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
@ -21,18 +21,21 @@ if(!$count)
for ($i=0; $i<$count; $i++) for ($i=0; $i<$count; $i++)
{ {
$k = $post_chk[$i]; $k = isset($post_chk[$i]) ? (int) $post_chk[$i] : 0;
$gr_id = preg_replace('/[^a-z0-9_]/i', '', $post_group_id[$k]); $gr_id = preg_replace('/[^a-z0-9_]/i', '', $post_group_id[$k]);
$gr_subject = is_array($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : ''; $gr_subject = isset($_POST['gr_subject'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
$gr_admin = is_array($_POST['gr_admin']) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : ''; $gr_admin = isset($_POST['gr_admin'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
$gr_device = isset($_POST['gr_device'][$k]) ? clean_xss_tags($_POST['gr_device'][$k], 1, 1, 10) : '';
$gr_use_access = isset($_POST['gr_use_access'][$k]) ? (int) $_POST['gr_use_access'][$k] : 0;
$gr_order = isset($_POST['gr_order'][$k]) ? (int) $_POST['gr_order'][$k] : 0;
if($act_button == '선택수정') { if($act_button == '선택수정') {
$sql = " update {$g5['group_table']} $sql = " update {$g5['group_table']}
set gr_subject = '{$gr_subject}', set gr_subject = '{$gr_subject}',
gr_device = '".sql_real_escape_string($_POST['gr_device'][$k])."', gr_device = '".sql_real_escape_string($gr_device)."',
gr_admin = '".sql_real_escape_string($_POST['gr_admin'][$k])."', gr_admin = '".sql_real_escape_string($gr_admin)."',
gr_use_access = '".sql_real_escape_string($_POST['gr_use_access'][$k])."', gr_use_access = '".$gr_use_access."',
gr_order = '".sql_real_escape_string($_POST['gr_order'][$k])."' gr_order = '".$gr_order."'
where gr_id = '{$gr_id}' "; where gr_id = '{$gr_id}' ";
if ($is_admin != 'super') if ($is_admin != 'super')
$sql .= " and gr_admin = '{$gr_admin}' "; $sql .= " and gr_admin = '{$gr_admin}' ";
@ -53,4 +56,3 @@ for ($i=0; $i<$count; $i++)
run_event('admin_boardgroup_list_update', $act_button, $chk, $post_group_id, $qstr); run_event('admin_boardgroup_list_update', $act_button, $chk, $post_group_id, $qstr);
goto_url('./boardgroup_list.php?'.$qstr); goto_url('./boardgroup_list.php?'.$qstr);
?>

9
adm/boardgroupmember_form.php
View File

@ -2,10 +2,12 @@
$sub_menu = "300200"; $sub_menu = "300200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$mb = get_member($mb_id); $mb = get_member($mb_id);
if (!$mb['mb_id']) $token = isset($token) ? $token : '';
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('존재하지 않는 회원입니다.'); alert('존재하지 않는 회원입니다.');
$g5['title'] = '접근가능그룹'; $g5['title'] = '접근가능그룹';
@ -51,7 +53,7 @@ $colspan = 4;
<input type="hidden" name="sfl" value="<?php echo $sfl ?>" id="sfl"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>" id="sfl">
<input type="hidden" name="stx" value="<?php echo $stx ?>" id="stx"> <input type="hidden" name="stx" value="<?php echo $stx ?>" id="stx">
<input type="hidden" name="page" value="<?php echo $page ?>" id="page"> <input type="hidden" name="page" value="<?php echo $page ?>" id="page">
<input type="hidden" name="token" value="<?php echo $token ?>" id="token"> <input type="hidden" name="token" value="<?php echo get_sanitize_input($token); ?>" id="token">
<input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id"> <input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
<input type="hidden" name="w" value="d" id="w"> <input type="hidden" name="w" value="d" id="w">
@ -129,4 +131,3 @@ function boardgroupmember_form_check(f)
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

5
adm/boardgroupmember_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300200"; $sub_menu = "300200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$gr = get_group($gr_id); $gr = get_group($gr_id);
if (!$gr['gr_id']) { if (!$gr['gr_id']) {
@ -59,7 +59,7 @@ $colspan = 7;
<input type="hidden" name="gr_id" value="<?php echo $gr_id ?>"> <input type="hidden" name="gr_id" value="<?php echo $gr_id ?>">
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="a.mb_id"<?php echo get_selected($_GET['sfl'], "a.mb_id") ?>>회원아이디</option> <option value="a.mb_id"<?php echo get_selected($sfl, "a.mb_id") ?>>회원아이디</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -153,4 +153,3 @@ function fboardgroupmember_submit(f)
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

5
adm/boardgroupmember_update.php
View File

@ -6,7 +6,7 @@ sql_query(" ALTER TABLE {$g5['group_member_table']} CHANGE `gm_id` `gm_id` INT(
if ($w == '') if ($w == '')
{ {
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$mb = get_member($mb_id); $mb = get_member($mb_id);
if (!$mb['mb_id']) { if (!$mb['mb_id']) {
@ -39,7 +39,7 @@ if ($w == '')
} }
else if ($w == 'd' || $w == 'ld') else if ($w == 'd' || $w == 'ld')
{ {
auth_check($auth[$sub_menu], 'd'); auth_check_menu($auth, $sub_menu, 'd');
$count = count($_POST['chk']); $count = count($_POST['chk']);
if(!$count) if(!$count)
@ -67,4 +67,3 @@ if ($w == 'ld')
goto_url('./boardgroupmember_list.php?gr_id='.$gr_id); goto_url('./boardgroupmember_list.php?gr_id='.$gr_id);
else else
goto_url('./boardgroupmember_form.php?mb_id='.$mb_id); goto_url('./boardgroupmember_form.php?mb_id='.$mb_id);
?>

1
adm/browscap.php
View File

@ -42,4 +42,3 @@ $(function() {
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/browscap_convert.php
View File

@ -8,7 +8,7 @@ if(!(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE')
if ($is_admin != 'super') if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.'); alert('최고관리자만 접근 가능합니다.');
$rows = preg_replace('#[^0-9]#', '', $_GET['rows']); $rows = isset($_GET['rows']) ? preg_replace('#[^0-9]#', '', $_GET['rows']) : 0;
if(!$rows) if(!$rows)
$rows = 100; $rows = 100;
@ -43,4 +43,3 @@ $(function() {
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

1
adm/browscap_converter.php
View File

@ -72,4 +72,3 @@ if(($total_count - $cnt) == 0 || $total_count == 0)
echo '<div class="check_processing"></div><p>변환완료</p>'; echo '<div class="check_processing"></div><p>변환완료</p>';
else else
echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>'; echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>';
?>

1
adm/browscap_update.php
View File

@ -21,4 +21,3 @@ $browscap->cacheFilename = 'browscap_cache.php';
$browscap->updateCache(); $browscap->updateCache();
die(''); die('');
?>

1
adm/cache_file_delete.php
View File

@ -57,4 +57,3 @@ echo '<div class="local_desc01 local_desc"><p><strong>최신글 캐시파일 '.$
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

1
adm/captcha_file_delete.php
View File

@ -50,4 +50,3 @@ echo '<div class="local_desc01 local_desc"><p><strong>캡챠파일 '.$cnt.'건
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

8
adm/config_form.php
View File

@ -2,7 +2,7 @@
$sub_menu = "100100"; $sub_menu = "100100";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
if ($is_admin != 'super') if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.'); alert('최고관리자만 접근 가능합니다.');
@ -304,6 +304,7 @@ $pg_anchor = '<ul class="anchor">
if (!$config['cf_icode_server_ip']) $config['cf_icode_server_ip'] = '211.172.232.124'; if (!$config['cf_icode_server_ip']) $config['cf_icode_server_ip'] = '211.172.232.124';
if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295'; if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295';
$userinfo = array('payment'=>'');
if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
$userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']); $userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
} }
@ -569,14 +570,14 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<td colspan="3"> <td colspan="3">
<?php if (!function_exists('curl_init')) echo help('<b>경고) curl이 지원되지 않아 네이버 신디케이션을 사용할수 없습니다.</b>'); ?> <?php if (!function_exists('curl_init')) echo help('<b>경고) curl이 지원되지 않아 네이버 신디케이션을 사용할수 없습니다.</b>'); ?>
<?php echo help('네이버 신디케이션 연동키(token)을 입력하면 네이버 신디케이션을 사용할 수 있습니다.<br>연동키는 <a href="http://webmastertool.naver.com/" target="_blank"><u>네이버 웹마스터도구</u></a> -> 네이버 신디케이션에서 발급할 수 있습니다.') ?> <?php echo help('네이버 신디케이션 연동키(token)을 입력하면 네이버 신디케이션을 사용할 수 있습니다.<br>연동키는 <a href="http://webmastertool.naver.com/" target="_blank"><u>네이버 웹마스터도구</u></a> -> 네이버 신디케이션에서 발급할 수 있습니다.') ?>
<input type="text" name="cf_syndi_token" value="<?php echo $config['cf_syndi_token'] ?>" id="cf_syndi_token" class="frm_input" size="70"> <input type="text" name="cf_syndi_token" value="<?php echo get_sanitize_input($config['cf_syndi_token']); ?>" id="cf_syndi_token" class="frm_input" size="70">
</td> </td>
</tr> </tr>
<tr> <tr>
<th scope="row"><label for="cf_syndi_except">네이버 신디케이션 제외게시판</label></th> <th scope="row"><label for="cf_syndi_except">네이버 신디케이션 제외게시판</label></th>
<td colspan="3"> <td colspan="3">
<?php echo help('네이버 신디케이션 수집에서 제외할 게시판 아이디를 | 로 구분하여 입력하십시오. 예) notice|adult<br>참고로 그룹접근사용 게시판, 글읽기 권한 2 이상 게시판, 비밀글은 신디케이션 수집에서 제외됩니다.') ?> <?php echo help('네이버 신디케이션 수집에서 제외할 게시판 아이디를 | 로 구분하여 입력하십시오. 예) notice|adult<br>참고로 그룹접근사용 게시판, 글읽기 권한 2 이상 게시판, 비밀글은 신디케이션 수집에서 제외됩니다.') ?>
<input type="text" name="cf_syndi_except" value="<?php echo $config['cf_syndi_except'] ?>" id="cf_syndi_except" class="frm_input" size="70"> <input type="text" name="cf_syndi_except" value="<?php echo get_sanitize_input($config['cf_syndi_except']); ?>" id="cf_syndi_except" class="frm_input" size="70">
</td> </td>
</tr> </tr>
</tbody> </tbody>
@ -1530,4 +1531,3 @@ if($config['cf_cert_use']) {
} }
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

154
adm/config_form_update.php
View File

@ -4,39 +4,33 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super') if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.'); alert('최고관리자만 접근 가능합니다.');
$cf_title = isset($_POST['cf_title']) ? strip_tags(clean_xss_attributes($_POST['cf_title'])) : '';
$cf_admin = isset($_POST['cf_admin']) ? clean_xss_tags($_POST['cf_admin'], 1, 1) : '';
$posts = array();
$mb = get_member($cf_admin); $mb = get_member($cf_admin);
if (!$mb['mb_id'])
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('최고관리자 회원아이디가 존재하지 않습니다.'); alert('최고관리자 회원아이디가 존재하지 않습니다.');
check_admin_token(); check_admin_token();
// 본인확인을 사용할 경우 아이핀, 휴대폰인증 중 하나는 선택되어야 함
if($_POST['cf_cert_use'] && !$_POST['cf_cert_ipin'] && !$_POST['cf_cert_hp'])
alert('본인확인을 위해 아이핀 또는 휴대폰 본인학인 서비스를 하나이상 선택해 주십시오');
if(!$_POST['cf_cert_use']) {
$_POST['cf_cert_ipin'] = '';
$_POST['cf_cert_hp'] = '';
}
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : ''; $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$_POST['cf_title'] = strip_tags(clean_xss_attributes($_POST['cf_title']));
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret'); $check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){ foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){ if ( isset($_POST[$key]) && $_POST[$key] ){
$_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]); $posts[$key] = $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
} }
} }
$_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295'; $posts['cf_icode_server_port'] = $_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295';
if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){ if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){
@ -56,9 +50,134 @@ if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){
} }
} }
$check_keys = array(
'cf_use_email_certify' => 'int',
'cf_use_homepage' => 'int',
'cf_req_homepage' => 'int',
'cf_use_tel' => 'int',
'cf_req_tel' => 'int',
'cf_use_hp' => 'int',
'cf_req_hp' => 'int',
'cf_use_addr' => 'int',
'cf_req_addr' => 'int',
'cf_use_signature' => 'int',
'cf_req_signature' => 'int',
'cf_use_profile' => 'int',
'cf_req_profile' => 'int',
'cf_register_level' => 'int',
'cf_register_point' => 'int',
'cf_icon_level' => 'int',
'cf_use_recommend' => 'int',
'cf_leave_day' => 'int',
'cf_search_part' => 'int',
'cf_email_use' => 'int',
'cf_email_wr_super_admin' => 'int',
'cf_email_wr_group_admin' => 'int',
'cf_email_wr_board_admin' => 'int',
'cf_email_wr_write' => 'int',
'cf_email_wr_comment_all' => 'int',
'cf_email_mb_super_admin' => 'int',
'cf_email_mb_member' => 'int',
'cf_email_po_super_admin' => 'int',
'cf_prohibit_id' => 'text',
'cf_prohibit_email' => 'text',
'cf_new_del' => 'int',
'cf_memo_del' => 'int',
'cf_visit_del' => 'int',
'cf_popular_del' => 'int',
'cf_use_member_icon' => 'int',
'cf_member_icon_size' => 'int',
'cf_member_icon_width' => 'int',
'cf_member_icon_height' => 'int',
'cf_member_img_size' => 'int',
'cf_member_img_width' => 'int',
'cf_member_img_height' => 'int',
'cf_login_minutes' => 'int',
'cf_formmail_is_member' => 'int',
'cf_page_rows' => 'int',
'cf_mobile_page_rows' => 'int',
'cf_social_login_use' => 'int',
'cf_cert_req' => 'int',
'cf_cert_use' => 'int',
'cf_cert_ipin' => 'char',
'cf_cert_hp' => 'char',
'cf_admin_email' => 'char',
'cf_admin_email_name' => 'char',
'cf_add_script' => 'text',
'cf_use_point' => 'int',
'cf_point_term' => 'int',
'cf_use_copy_log' => 'int',
'cf_login_point' => 'int',
'cf_cut_name' => 'int',
'cf_nick_modify' => 'int',
'cf_new_skin' => 'char',
'cf_new_rows' => 'int',
'cf_search_skin' => 'char',
'cf_connect_skin' => 'char',
'cf_faq_skin' => 'char',
'cf_read_point' => 'int',
'cf_write_point' => 'int',
'cf_comment_point' => 'int',
'cf_download_point' => 'int',
'cf_write_pages' => 'int',
'cf_mobile_pages' => 'int',
'cf_link_target' => 'char',
'cf_delay_sec' => 'int',
'cf_filter' => 'text',
'cf_possible_ip' => 'text',
'cf_analytics' => 'text',
'cf_add_meta' => 'text',
'cf_member_skin' => 'char',
'cf_image_extension' => 'char',
'cf_flash_extension' => 'char',
'cf_movie_extension' => 'char',
'cf_visit' => 'char',
'cf_stipulation' => 'text',
'cf_privacy' => 'text',
'cf_open_modify' => 'int',
'cf_memo_send_point' => 'int',
'cf_mobile_new_skin' => 'char',
'cf_mobile_search_skin' => 'char',
'cf_mobile_connect_skin' => 'char',
'cf_mobile_faq_skin' => 'char',
'cf_mobile_member_skin' => 'char',
'cf_captcha_mp3' => 'char',
'cf_cert_limit' => 'int',
'cf_sms_use' => 'char',
'cf_sms_type' => 'char',
'cf_icode_id' => 'char',
'cf_icode_pw' => 'char',
'cf_icode_server_ip' => 'char',
'cf_captcha' => 'char',
'cf_syndi_token' => '',
'cf_syndi_except' => ''
);
for($i=1;$i<=10;$i++){
$check_keys['cf_'.$i.'_subj'] = isset($_POST['cf_'.$i.'_subj']) ? $_POST['cf_'.$i.'_subj'] : '';
$check_keys['cf_'.$i] = isset($_POST['cf_'.$i]) ? $_POST['cf_'.$i] : '';
}
foreach( $check_keys as $k => $v ){
if( $v === 'int' ){
$posts[$key] = $_POST[$k] = isset($_POST[$k]) ? (int) $_POST[$k] : 0;
} else {
$posts[$key] = $_POST[$k] = isset($_POST[$k]) ? $_POST[$k] : '';
}
}
// 본인확인을 사용할 경우 아이핀, 휴대폰인증 중 하나는 선택되어야 함
if($_POST['cf_cert_use'] && !$_POST['cf_cert_ipin'] && !$_POST['cf_cert_hp'])
alert('본인확인을 위해 아이핀 또는 휴대폰 본인학인 서비스를 하나이상 선택해 주십시오');
if(!$_POST['cf_cert_use']) {
$posts[$key] = $_POST['cf_cert_ipin'] = '';
$posts[$key] = $_POST['cf_cert_hp'] = '';
}
$sql = " update {$g5['config_table']} $sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}', set cf_title = '{$cf_title}',
cf_admin = '{$_POST['cf_admin']}', cf_admin = '{$cf_admin}',
cf_admin_email = '{$_POST['cf_admin_email']}', cf_admin_email = '{$_POST['cf_admin_email']}',
cf_admin_email_name = '{$_POST['cf_admin_email_name']}', cf_admin_email_name = '{$_POST['cf_admin_email_name']}',
cf_add_script = '{$_POST['cf_add_script']}', cf_add_script = '{$_POST['cf_add_script']}',
@ -218,4 +337,3 @@ run_event('admin_config_form_update');
update_rewrite_rules(); update_rewrite_rules();
goto_url('./config_form.php', false); goto_url('./config_form.php', false);
?>

14
adm/contentform.php
View File

@ -3,7 +3,9 @@ $sub_menu = '300600';
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : '';
// 상단, 하단 파일경로 필드 추가 // 상단, 하단 파일경로 필드 추가
if(!sql_query(" select co_include_head from {$g5['content_table']} limit 1 ", false)) { if(!sql_query(" select co_include_head from {$g5['content_table']} limit 1 ", false)) {
@ -51,6 +53,13 @@ else
{ {
$html_title .= ' 입력'; $html_title .= ' 입력';
$co = array( $co = array(
'co_id' => '',
'co_subject' => '',
'co_content' => '',
'co_mobile_content' => '',
'co_include_head' => '',
'co_include_tail' => '',
'co_tag_filter_use' => 1,
'co_html' => 2, 'co_html' => 2,
'co_skin' => 'basic', 'co_skin' => 'basic',
'co_mobile_skin' => 'basic' 'co_mobile_skin' => 'basic'
@ -153,6 +162,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="co_himg" id="co_himg"> <input type="file" name="co_himg" id="co_himg">
<?php <?php
$himg = G5_DATA_PATH.'/content/'.$co['co_id'].'_h'; $himg = G5_DATA_PATH.'/content/'.$co['co_id'].'_h';
$himg_str = '';
if (file_exists($himg)) { if (file_exists($himg)) {
$size = @getimagesize($himg); $size = @getimagesize($himg);
if($size[0] && $size[0] > 750) if($size[0] && $size[0] > 750)
@ -177,6 +187,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="co_timg" id="co_timg"> <input type="file" name="co_timg" id="co_timg">
<?php <?php
$timg = G5_DATA_PATH.'/content/'.$co['co_id'].'_t'; $timg = G5_DATA_PATH.'/content/'.$co['co_id'].'_t';
$timg_str = '';
if (file_exists($timg)) { if (file_exists($timg)) {
$size = @getimagesize($timg); $size = @getimagesize($timg);
if($size[0] && $size[0] > 750) if($size[0] && $size[0] > 750)
@ -285,4 +296,3 @@ function frmcontentform_check(f)
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

11
adm/contentformupdate.php
View File

@ -6,25 +6,27 @@ if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($w == 'd') if ($w == 'd')
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
else else
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
check_admin_token(); check_admin_token();
if ($w == "" || $w == "u") if ($w == "" || $w == "u")
{ {
if(preg_match("/[^a-z0-9_]/i", $co_id)) alert("ID 는 영문자, 숫자, _ 만 가능합니다."); if(isset($_POST['co_id']) && preg_match("/[^a-z0-9_]/i", $_POST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다.");
$sql = " select * from {$g5['content_table']} where co_id = '$co_id' "; $sql = " select * from {$g5['content_table']} where co_id = '$co_id' ";
$co_row = sql_fetch($sql); $co_row = sql_fetch($sql);
} }
$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id); $co_id = isset($_POST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['co_id']) : '';
$co_subject = strip_tags(clean_xss_attributes($co_subject)); $co_subject = strip_tags(clean_xss_attributes($co_subject));
$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255)); $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255)); $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1; $co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
$co_himg_del = (isset($_POST['co_himg_del']) && $_POST['co_himg_del']) ? 1 : 0;
$co_timg_del = (isset($_POST['co_timg_del']) && $_POST['co_timg_del']) ? 1 : 0;
// 관리자가 자동등록방지를 사용해야 할 경우 // 관리자가 자동등록방지를 사용해야 할 경우
if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
@ -146,4 +148,3 @@ else
{ {
goto_url("./contentlist.php"); goto_url("./contentlist.php");
} }
?>

3
adm/contentlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300600'; $sub_menu = '300600';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
if( !isset($g5['content_table']) ){ if( !isset($g5['content_table']) ){
die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'content_table\'] = G5_TABLE_PREFIX.\'content\';</strong> 를 추가해 주세요.'); die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'content_table\'] = G5_TABLE_PREFIX.\'content\';</strong> 를 추가해 주세요.');
@ -95,4 +95,3 @@ $result = sql_query($sql);
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

3
adm/dbupgrade.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100410'; $sub_menu = '100410';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = 'DB 업그레이드'; $g5['title'] = 'DB 업그레이드';
include_once('./admin.head.php'); include_once('./admin.head.php');
@ -206,4 +206,3 @@ $db_upgrade_msg = $is_check ? 'DB 업그레이드가 완료되었습니다.' : '
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

9
adm/faqform.php
View File

@ -3,16 +3,18 @@ $sub_menu = '300700';
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$fm_id = (int) $fm_id; $fm_id = isset($_GET['fm_id']) ? (int) $_GET['fm_id'] : 0;
$fa_id = isset($fa_id) ? (int) $fa_id : 0; $fa_id = isset($_GET['fa_id']) ? (int) $_GET['fa_id'] : 0;
$sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' "; $sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
$fm = sql_fetch($sql); $fm = sql_fetch($sql);
$html_title = 'FAQ '.$fm['fm_subject']; $html_title = 'FAQ '.$fm['fm_subject'];
$fa = array('fa_id'=>0, 'fm_id'=>0, 'fa_subject'=>'', 'fa_content'=>'', 'fa_order'=>0);
if ($w == "u") if ($w == "u")
{ {
$html_title .= " 수정"; $html_title .= " 수정";
@ -98,4 +100,3 @@ function frmfaqform_check(f)
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

11
adm/faqformupdate.php
View File

@ -6,12 +6,18 @@ if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($w == 'd') if ($w == 'd')
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
else else
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
check_admin_token(); check_admin_token();
$fm_id = isset($_POST['fm_id']) ? (int) $_POST['fm_id'] : 0;
$fa_subject = isset($_POST['fa_subject']) ? $_POST['fa_subject'] : '';
$fa_content = isset($_POST['fa_content']) ? $_POST['fa_content'] : '';
$fa_order = isset($_POST['fa_order']) ? (int) $_POST['fa_order'] : 0;
$fa_id = isset($_POST['fa_id']) ? (int) $_POST['fa_id'] : 0;
$sql_common = " fa_subject = '$fa_subject', $sql_common = " fa_subject = '$fa_subject',
fa_content = '$fa_content', fa_content = '$fa_content',
fa_order = '$fa_order' "; fa_order = '$fa_order' ";
@ -42,4 +48,3 @@ if ($w == 'd')
goto_url("./faqlist.php?fm_id=$fm_id"); goto_url("./faqlist.php?fm_id=$fm_id");
else else
goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id"); goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id");
?>

7
adm/faqlist.php
View File

@ -2,11 +2,11 @@
$sub_menu = '300700'; $sub_menu = '300700';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = 'FAQ 상세관리'; $g5['title'] = 'FAQ 상세관리';
if ($fm_subject){ if (isset($_REQUEST['fm_subject'])){
$fm_subject = clean_xss_tags(strip_tags($fm_subject)); $fm_subject = clean_xss_tags($_REQUEST['fm_subject'], 1, 1, 255);
$g5['title'] .= ' : '.$fm_subject; $g5['title'] .= ' : '.$fm_subject;
} }
@ -97,4 +97,3 @@ $result = sql_query($sql);
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

9
adm/faqmasterform.php
View File

@ -3,11 +3,11 @@ $sub_menu = '300700';
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$html_title = 'FAQ'; $html_title = 'FAQ';
$fm_id = preg_replace('/[^0-9]/', '', $fm_id); $fm_id = isset($_GET['fm_id']) ? preg_replace('/[^0-9]/', '', $_GET['fm_id']) : 0;
if ($w == "u") if ($w == "u")
{ {
@ -21,7 +21,7 @@ if ($w == "u")
else else
{ {
$html_title .= ' 입력'; $html_title .= ' 입력';
$fm = array(); $fm = array('fm_order'=>'', 'fm_subject'=>'', 'fm_id'=>0, 'fm_head_html'=> '', 'fm_tail_html'=> '', 'fm_mobile_head_html' => '', 'fm_mobile_tail_html' => '');
} }
$g5['title'] = $html_title.' 관리'; $g5['title'] = $html_title.' 관리';
@ -72,6 +72,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="fm_himg" id="fm_himg"> <input type="file" name="fm_himg" id="fm_himg">
<?php <?php
$himg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_h'; $himg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_h';
$himg_str = '';
if (file_exists($himg)) { if (file_exists($himg)) {
$size = @getimagesize($himg); $size = @getimagesize($himg);
if($size[0] && $size[0] > 750) if($size[0] && $size[0] > 750)
@ -96,6 +97,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="fm_timg" id="fm_timg"> <input type="file" name="fm_timg" id="fm_timg">
<?php <?php
$timg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_t'; $timg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_t';
$timg_str = '';
if (file_exists($timg)) { if (file_exists($timg)) {
$size = @getimagesize($timg); $size = @getimagesize($timg);
if($size[0] && $size[0] > 750) if($size[0] && $size[0] > 750)
@ -163,4 +165,3 @@ function frmfaqmasterform_check(f)
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

19
adm/faqmasterformupdate.php
View File

@ -5,21 +5,29 @@ include_once('./_common.php');
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($W == 'd') if ($w == 'd')
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
else else
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
check_admin_token(); check_admin_token();
@mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); @mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
$fm_id = isset($_POST['fm_id']) ? (int) $_POST['fm_id'] : 0;
$fm_himg_del = isset($_POST['fm_himg_del']) ? (int) $_POST['fm_himg_del'] : 0;
$fm_timg_del = isset($_POST['fm_timg_del']) ? (int) $_POST['fm_timg_del'] : 0;
$fm_subject = isset($_POST['fm_subject']) ? strip_tags(clean_xss_attributes($_POST['fm_subject'])) : '';
$fm_head_html = isset($_POST['fm_head_html']) ? $_POST['fm_head_html'] : '';
$fm_tail_html = isset($_POST['fm_tail_html']) ? $_POST['fm_tail_html'] : '';
$fm_mobile_head_html = isset($_POST['fm_mobile_head_html']) ? $_POST['fm_mobile_head_html'] : '';
$fm_mobile_tail_html = isset($_POST['fm_mobile_tail_html']) ? $_POST['fm_mobile_tail_html'] : '';
$fm_order = isset($_POST['fm_order']) ? (int) $_POST['fm_order'] : 0;
if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h"); if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t"); if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
$fm_subject = strip_tags(clean_xss_attributes($fm_subject));
$sql_common = " set fm_subject = '$fm_subject', $sql_common = " set fm_subject = '$fm_subject',
fm_head_html = '$fm_head_html', fm_head_html = '$fm_head_html',
fm_tail_html = '$fm_tail_html', fm_tail_html = '$fm_tail_html',
@ -73,4 +81,3 @@ if ($w == "" || $w == "u")
} }
else else
goto_url("./faqmasterlist.php"); goto_url("./faqmasterlist.php");
?>

3
adm/faqmasterlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300700'; $sub_menu = '300700';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
//dbconfig파일에 $g5['faq_table'] , $g5['faq_master_table'] 배열변수가 있는지 체크 //dbconfig파일에 $g5['faq_table'] , $g5['faq_master_table'] 배열변수가 있는지 체크
if( !isset($g5['faq_table']) || !isset($g5['faq_master_table']) ){ if( !isset($g5['faq_table']) || !isset($g5['faq_master_table']) ){
@ -125,4 +125,3 @@ $result = sql_query($sql);
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

3
adm/index.php
View File

@ -138,7 +138,7 @@ $sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['g
if ($gr_id) if ($gr_id)
$sql_common .= " and b.gr_id = '$gr_id' "; $sql_common .= " and b.gr_id = '$gr_id' ";
if ($view) { if (isset($view) && $view) {
if ($view == 'w') if ($view == 'w')
$sql_common .= " and a.wr_id = a.wr_parent "; $sql_common .= " and a.wr_id = a.wr_parent ";
else if ($view == 'c') else if ($view == 'c')
@ -315,4 +315,3 @@ $colspan = 7;
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

7
adm/mail_delete.php
View File

@ -4,21 +4,20 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'd'); auth_check_menu($auth, $sub_menu, 'd');
check_admin_token(); check_admin_token();
$count = count($_POST['chk']); $post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count) if(!$count)
alert('삭제할 메일목록을 1개이상 선택해 주세요.'); alert('삭제할 메일목록을 1개이상 선택해 주세요.');
for($i=0; $i<$count; $i++) { for($i=0; $i<$count; $i++) {
$ma_id = $_POST['chk'][$i]; $ma_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sql = " delete from {$g5['mail_table']} where ma_id = '$ma_id' "; $sql = " delete from {$g5['mail_table']} where ma_id = '$ma_id' ";
sql_query($sql); sql_query($sql);
} }
goto_url('./mail_list.php'); goto_url('./mail_list.php');
?>

8
adm/mail_form.php
View File

@ -3,16 +3,17 @@ $sub_menu = "200300";
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$html_title = '회원메일'; $html_title = '회원메일';
$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
$ma = array('ma_id'=>0, 'ma_subject'=>'', 'ma_content'=>'');
if ($w == 'u') { if ($w == 'u') {
$html_title .= '수정'; $html_title .= '수정';
$readonly = ' readonly'; $readonly = ' readonly';
$ma_id = (int) $ma_id;
$sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' "; $sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
$ma = sql_fetch($sql); $ma = sql_fetch($sql);
if (!$ma['ma_id']) if (!$ma['ma_id'])
@ -83,4 +84,3 @@ document.fmailform.ma_subject.focus();
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/mail_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = '200300'; $sub_menu = '200300';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['mail_table']} "; $sql_common = " from {$g5['mail_table']} ";
@ -102,4 +102,3 @@ $(function() {
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

4
adm/mail_preview.php
View File

@ -3,7 +3,9 @@ $sub_menu = "200300";
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_LIB_PATH.'/mailer.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
$se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' "); $se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");

19
adm/mail_select_form.php
View File

@ -5,7 +5,9 @@ include_once('./_common.php');
if (!$config['cf_email_use']) if (!$config['cf_email_use'])
alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.'); alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
$sql = " select * from {$g5['mail_table']} where ma_id = '$ma_id' "; $sql = " select * from {$g5['mail_table']} where ma_id = '$ma_id' ";
$ma = sql_fetch($sql); $ma = sql_fetch($sql);
@ -26,8 +28,8 @@ $last_option = explode('||', $ma['ma_last_option']);
for ($i=0; $i<count($last_option); $i++) { for ($i=0; $i<count($last_option); $i++) {
$option = explode('=', $last_option[$i]); $option = explode('=', $last_option[$i]);
// 동적변수 // 동적변수
$var = $option[0]; $var = isset($option[0]) ? $option[0] : '';
$$var = $option[1]; if( isset($option[1]) ) $$var = $option[1];
} }
if (!isset($mb_id1)) $mb_id1 = 1; if (!isset($mb_id1)) $mb_id1 = 1;
@ -35,6 +37,10 @@ if (!isset($mb_level_from)) $mb_level_from = 1;
if (!isset($mb_level_to)) $mb_level_to = 10; if (!isset($mb_level_to)) $mb_level_to = 10;
if (!isset($mb_mailling)) $mb_mailling = 1; if (!isset($mb_mailling)) $mb_mailling = 1;
$mb_id1_from = isset($mb_id1_from) ? clean_xss_tags($mb_id1_from, 1, 1, 30) : '';
$mb_id1_to = isset($mb_id1_to) ? clean_xss_tags($mb_id1_to, 1, 1, 30) : '';
$mb_email = isset($mb_email) ? clean_xss_tags($mb_email, 1, 1, 100) : '';
$g5['title'] = '회원메일발송'; $g5['title'] = '회원메일발송';
include_once('./admin.head.php'); include_once('./admin.head.php');
?> ?>
@ -55,15 +61,15 @@ include_once('./admin.head.php');
<td> <td>
<input type="radio" name="mb_id1" value="1" id="mb_id1_all" <?php echo $mb_id1?"checked":""; ?>> <label for="mb_id1_all">전체</label> <input type="radio" name="mb_id1" value="1" id="mb_id1_all" <?php echo $mb_id1?"checked":""; ?>> <label for="mb_id1_all">전체</label>
<input type="radio" name="mb_id1" value="0" id="mb_id1_section" <?php echo !$mb_id1?"checked":""; ?>> <label for="mb_id1_section">구간</label> <input type="radio" name="mb_id1" value="0" id="mb_id1_section" <?php echo !$mb_id1?"checked":""; ?>> <label for="mb_id1_section">구간</label>
<input type="text" name="mb_id1_from" value="<?php echo $mb_id1_from ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서 <input type="text" name="mb_id1_from" value="<?php echo get_sanitize_input($mb_id1_from); ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서
<input type="text" name="mb_id1_to" value="<?php echo $mb_id1_to ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지 <input type="text" name="mb_id1_to" value="<?php echo get_sanitize_input($mb_id1_to); ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지
</td> </td>
</tr> </tr>
<tr> <tr>
<th scope="row"><label for="mb_email">E-mail</label></th> <th scope="row"><label for="mb_email">E-mail</label></th>
<td> <td>
<?php echo help("메일 주소에 단어 포함 (예 : @".preg_replace('#^(www[^\.]*\.){1}#', '', $_SERVER['HTTP_HOST']).")") ?> <?php echo help("메일 주소에 단어 포함 (예 : @".preg_replace('#^(www[^\.]*\.){1}#', '', $_SERVER['HTTP_HOST']).")") ?>
<input type="text" name="mb_email" value="<?php echo $mb_email ?>" id="mb_email" class="frm_input" size="50"> <input type="text" name="mb_email" value="<?php echo get_sanitize_input($mb_email); ?>" id="mb_email" class="frm_input" size="50">
</td> </td>
</tr> </tr>
<tr> <tr>
@ -119,4 +125,3 @@ include_once('./admin.head.php');
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/mail_select_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200300"; $sub_menu = "200300";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$ma_last_option = ""; $ma_last_option = "";
@ -118,4 +118,3 @@ include_once('./admin.head.php');
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

8
adm/mail_select_update.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200300"; $sub_menu = "200300";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$html_title = '회원메일 발송'; $html_title = '회원메일 발송';
@ -26,14 +26,12 @@ echo "</span>";
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>
<?php
flush(); flush();
ob_flush(); ob_flush();
$ma_id = trim($_POST['ma_id']); $ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
$select_member_list = trim($_POST['ma_list']); $select_member_list = isset($_POST['ma_list']) ? trim($_POST['ma_list']) : '';
//print_r2($_POST); EXIT; //print_r2($_POST); EXIT;
$member_list = explode("\n", conv_unescape_nl($select_member_list)); $member_list = explode("\n", conv_unescape_nl($select_member_list));

4
adm/mail_test.php
View File

@ -7,7 +7,7 @@ if (!$config['cf_email_use'])
include_once(G5_LIB_PATH.'/mailer.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_demo(); check_demo();
@ -17,6 +17,7 @@ $name = get_text($member['mb_name']);
$nick = $member['mb_nick']; $nick = $member['mb_nick'];
$mb_id = $member['mb_id']; $mb_id = $member['mb_id'];
$email = $member['mb_email']; $email = $member['mb_email'];
$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
$sql = "select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' "; $sql = "select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
$ma = sql_fetch($sql); $ma = sql_fetch($sql);
@ -36,4 +37,3 @@ $content = $content . '<p>더 이상 정보 수신을 원치 않으시면 [<a hr
mailer($config['cf_title'], $member['mb_email'], $member['mb_email'], $subject, $content, 1); mailer($config['cf_title'], $member['mb_email'], $member['mb_email'], $subject, $content, 1);
alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.'); alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.');
?>

8
adm/mail_update.php
View File

@ -5,18 +5,19 @@ include_once('./_common.php');
if ($w == 'u' || $w == 'd') if ($w == 'u' || $w == 'd')
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0; $ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
$ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : ''; $ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : '';
$ma_content = isset($_POST['ma_content']) ? $_POST['ma_content'] : '';
if ($w == '') if ($w == '')
{ {
$sql = " insert {$g5['mail_table']} $sql = " insert {$g5['mail_table']}
set ma_subject = '{$ma_subject}', set ma_subject = '{$ma_subject}',
ma_content = '{$_POST['ma_content']}', ma_content = '{$ma_content}',
ma_time = '".G5_TIME_YMDHIS."', ma_time = '".G5_TIME_YMDHIS."',
ma_ip = '{$_SERVER['REMOTE_ADDR']}' "; ma_ip = '{$_SERVER['REMOTE_ADDR']}' ";
sql_query($sql); sql_query($sql);
@ -25,7 +26,7 @@ else if ($w == 'u')
{ {
$sql = " update {$g5['mail_table']} $sql = " update {$g5['mail_table']}
set ma_subject = '{$ma_subject}', set ma_subject = '{$ma_subject}',
ma_content = '{$_POST['ma_content']}', ma_content = '{$ma_content}',
ma_time = '".G5_TIME_YMDHIS."', ma_time = '".G5_TIME_YMDHIS."',
ma_ip = '{$_SERVER['REMOTE_ADDR']}' ma_ip = '{$_SERVER['REMOTE_ADDR']}'
where ma_id = '{$ma_id}' "; where ma_id = '{$ma_id}' ";
@ -38,4 +39,3 @@ else if ($w == 'd')
} }
goto_url('./mail_list.php'); goto_url('./mail_list.php');
?>

7
adm/member_delete.php
View File

@ -4,11 +4,11 @@ include_once("./_common.php");
check_demo(); check_demo();
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
$mb = get_member($_POST['mb_id']); $mb = isset($_POST['mb_id']) ? get_member($_POST['mb_id']) : array();
if (!$mb['mb_id']) if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert("회원자료가 존재하지 않습니다."); alert("회원자료가 존재하지 않습니다.");
else if ($member['mb_id'] == $mb['mb_id']) else if ($member['mb_id'] == $mb['mb_id'])
alert("로그인 중인 관리자는 삭제 할 수 없습니다."); alert("로그인 중인 관리자는 삭제 할 수 없습니다.");
@ -26,4 +26,3 @@ if ($url)
goto_url("{$url}?$qstr&amp;w=u&amp;mb_id=$mb_id"); goto_url("{$url}?$qstr&amp;w=u&amp;mb_id=$mb_id");
else else
goto_url("./member_list.php?$qstr"); goto_url("./member_list.php?$qstr");
?>

43
adm/member_form.php
View File

@ -2,7 +2,46 @@
$sub_menu = "200100"; $sub_menu = "200100";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$mb = array(
'mb_certify' => null,
'mb_adult' => null,
'mb_sms' => null,
'mb_intercept_date' => null,
'mb_id' => null,
'mb_name' => null,
'mb_nick' => null,
'mb_point' => null,
'mb_email' => null,
'mb_homepage' => null,
'mb_hp' => null,
'mb_tel' => null,
'mb_zip1' => null,
'mb_zip2' => null,
'mb_addr1' => null,
'mb_addr2' => null,
'mb_addr3' => null,
'mb_addr_jibeon' => null,
'mb_signature' => null,
'mb_profile' => null,
'mb_memo' => null,
'mb_leave_date' => null,
'mb_1' => null,
'mb_2' => null,
'mb_3' => null,
'mb_4' => null,
'mb_5' => null,
'mb_6' => null,
'mb_7' => null,
'mb_8' => null,
'mb_9' => null,
'mb_10' => null,
);
$sound_only = '';
$required_mb_id_class = '';
$required_mb_password = '';
if ($w == '') if ($w == '')
{ {
@ -26,7 +65,6 @@ else if ($w == 'u')
alert('자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.'); alert('자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.');
$required_mb_id = 'readonly'; $required_mb_id = 'readonly';
$required_mb_password = '';
$html_title = '수정'; $html_title = '수정';
$mb['mb_name'] = get_text($mb['mb_name']); $mb['mb_name'] = get_text($mb['mb_name']);
@ -482,4 +520,3 @@ function fmember_submit(f)
run_event('admin_member_form_after', $mb, $w); run_event('admin_member_form_after', $mb, $w);
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

119
adm/member_form_update.php
View File

@ -7,11 +7,14 @@ include_once(G5_LIB_PATH.'/thumbnail.lib.php');
if ($w == 'u') if ($w == 'u')
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$mb_id = trim($_POST['mb_id']); $mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
$mb_certify_case = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
$mb_certify = isset($_POST['mb_certify']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify']) : '';
$mb_zip = isset($_POST['mb_zip']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_zip']) : '';
// 휴대폰번호 체크 // 휴대폰번호 체크
$mb_hp = hyphen_hp_number($_POST['mb_hp']); $mb_hp = hyphen_hp_number($_POST['mb_hp']);
@ -22,72 +25,101 @@ if($mb_hp) {
} }
// 인증정보처리 // 인증정보처리
if($_POST['mb_certify_case'] && $_POST['mb_certify']) { if($mb_certify_case && $mb_certify) {
$mb_certify = $_POST['mb_certify_case']; $mb_certify = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
$mb_adult = $_POST['mb_adult']; $mb_adult = isset($_POST['mb_adult']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_adult']) : '';
} else { } else {
$mb_certify = ''; $mb_certify = '';
$mb_adult = 0; $mb_adult = 0;
} }
$mb_zip1 = substr($_POST['mb_zip'], 0, 3); $mb_zip1 = substr($mb_zip, 0, 3);
$mb_zip2 = substr($_POST['mb_zip'], 3); $mb_zip2 = substr($mb_zip, 3);
$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : ''; $mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
$mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : ''; $mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : '';
if ($msg = valid_mb_nick($mb_nick)) alert($msg, "", true, true); if ($msg = valid_mb_nick($mb_nick)) alert($msg, "", true, true);
$sql_common = " mb_name = '{$_POST['mb_name']}', $posts = array();
$check_keys = array(
'mb_name',
'mb_homepage',
'mb_tel',
'mb_addr1',
'mb_addr2',
'mb_addr3',
'mb_addr_jibeon',
'mb_signature',
'mb_leave_date',
'mb_intercept_date',
'mb_mailling',
'mb_sms',
'mb_open',
'mb_profile',
'mb_level'
);
for($i=1;$i<=10;$i++){
$check_keys[] = 'mb_'.$i;
}
foreach( $check_keys as $key ){
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
$mb_memo = isset($_POST['mb_memo']) ? $_POST['mb_memo'] : '';
$sql_common = " mb_name = '{$posts['mb_name']}',
mb_nick = '{$mb_nick}', mb_nick = '{$mb_nick}',
mb_email = '{$mb_email}', mb_email = '{$mb_email}',
mb_homepage = '{$_POST['mb_homepage']}', mb_homepage = '{$posts['mb_homepage']}',
mb_tel = '{$_POST['mb_tel']}', mb_tel = '{$posts['mb_tel']}',
mb_hp = '{$mb_hp}', mb_hp = '{$mb_hp}',
mb_certify = '{$mb_certify}', mb_certify = '{$mb_certify}',
mb_adult = '{$mb_adult}', mb_adult = '{$mb_adult}',
mb_zip1 = '$mb_zip1', mb_zip1 = '$mb_zip1',
mb_zip2 = '$mb_zip2', mb_zip2 = '$mb_zip2',
mb_addr1 = '{$_POST['mb_addr1']}', mb_addr1 = '{$posts['mb_addr1']}',
mb_addr2 = '{$_POST['mb_addr2']}', mb_addr2 = '{$posts['mb_addr2']}',
mb_addr3 = '{$_POST['mb_addr3']}', mb_addr3 = '{$posts['mb_addr3']}',
mb_addr_jibeon = '{$_POST['mb_addr_jibeon']}', mb_addr_jibeon = '{$posts['mb_addr_jibeon']}',
mb_signature = '{$_POST['mb_signature']}', mb_signature = '{$posts['mb_signature']}',
mb_leave_date = '{$_POST['mb_leave_date']}', mb_leave_date = '{$posts['mb_leave_date']}',
mb_intercept_date='{$_POST['mb_intercept_date']}', mb_intercept_date='{$posts['mb_intercept_date']}',
mb_memo = '{$_POST['mb_memo']}', mb_memo = '{$mb_memo}',
mb_mailling = '{$_POST['mb_mailling']}', mb_mailling = '{$posts['mb_mailling']}',
mb_sms = '{$_POST['mb_sms']}', mb_sms = '{$posts['mb_sms']}',
mb_open = '{$_POST['mb_open']}', mb_open = '{$posts['mb_open']}',
mb_profile = '{$_POST['mb_profile']}', mb_profile = '{$posts['mb_profile']}',
mb_level = '{$_POST['mb_level']}', mb_level = '{$posts['mb_level']}',
mb_1 = '{$_POST['mb_1']}', mb_1 = '{$posts['mb_1']}',
mb_2 = '{$_POST['mb_2']}', mb_2 = '{$posts['mb_2']}',
mb_3 = '{$_POST['mb_3']}', mb_3 = '{$posts['mb_3']}',
mb_4 = '{$_POST['mb_4']}', mb_4 = '{$posts['mb_4']}',
mb_5 = '{$_POST['mb_5']}', mb_5 = '{$posts['mb_5']}',
mb_6 = '{$_POST['mb_6']}', mb_6 = '{$posts['mb_6']}',
mb_7 = '{$_POST['mb_7']}', mb_7 = '{$posts['mb_7']}',
mb_8 = '{$_POST['mb_8']}', mb_8 = '{$posts['mb_8']}',
mb_9 = '{$_POST['mb_9']}', mb_9 = '{$posts['mb_9']}',
mb_10 = '{$_POST['mb_10']}' "; mb_10 = '{$posts['mb_10']}' ";
if ($w == '') if ($w == '')
{ {
$mb = get_member($mb_id); $mb = get_member($mb_id);
if ($mb['mb_id']) if (isset($mb['mb_id']) && $mb['mb_id'])
alert('이미 존재하는 회원아이디입니다.\\n : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']); alert('이미 존재하는 회원아이디입니다.\\n : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']);
// 닉네임중복체크 // 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' "; $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['mb_id']) if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크 // 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' "; $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['mb_id']) if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".get_encrypt_string($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} "); sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".get_encrypt_string($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} ");
@ -95,7 +127,7 @@ if ($w == '')
else if ($w == 'u') else if ($w == 'u')
{ {
$mb = get_member($mb_id); $mb = get_member($mb_id);
if (!$mb['mb_id']) if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('존재하지 않는 회원자료입니다.'); alert('존재하지 않는 회원자료입니다.');
if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level']) if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level'])
@ -105,19 +137,19 @@ else if ($w == 'u')
alert('최고관리자의 비밀번호를 수정할수 없습니다.'); alert('최고관리자의 비밀번호를 수정할수 없습니다.');
} }
if ($_POST['mb_id'] == $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level']) if ($mb_id === $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.'); alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
// 닉네임중복체크 // 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' "; $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['mb_id']) if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크 // 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' "; $sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['mb_id']) if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
if ($mb_password) if ($mb_password)
@ -125,7 +157,7 @@ else if ($w == 'u')
else else
$sql_password = ""; $sql_password = "";
if ($passive_certify) if (isset($passive_certify) && $passive_certify)
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' "; $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
else else
$sql_certify = ""; $sql_certify = "";
@ -146,7 +178,7 @@ if( $w == '' || $w == 'u' ){
$mb_icon_img = get_mb_icon_name($mb_id).'.gif'; $mb_icon_img = get_mb_icon_name($mb_id).'.gif';
// 회원 아이콘 삭제 // 회원 아이콘 삭제
if ($del_mb_icon) if (isset($del_mb_icon) && $del_mb_icon)
@unlink(G5_DATA_PATH.'/member/'.$mb_dir.'/'.$mb_icon_img); @unlink(G5_DATA_PATH.'/member/'.$mb_dir.'/'.$mb_icon_img);
$image_regex = "/(\.(gif|jpe?g|png))$/i"; $image_regex = "/(\.(gif|jpe?g|png))$/i";
@ -196,7 +228,7 @@ if( $w == '' || $w == 'u' ){
$mb_img_dir .= substr($mb_id,0,2); $mb_img_dir .= substr($mb_id,0,2);
// 회원 이미지 삭제 // 회원 이미지 삭제
if ($del_mb_img) if (isset($del_mb_img) && $del_mb_img)
@unlink($mb_img_dir.'/'.$mb_icon_img); @unlink($mb_img_dir.'/'.$mb_icon_img);
// 아이콘 업로드 // 아이콘 업로드
@ -239,4 +271,3 @@ if( $w == '' || $w == 'u' ){
run_event('admin_member_form_update', $w, $mb_id); run_event('admin_member_form_update', $w, $mb_id);
goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false); goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
?>

25
adm/member_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200100"; $sub_menu = "200100";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['member_table']} "; $sql_common = " from {$g5['member_table']} ";
@ -78,17 +78,17 @@ $colspan = 16;
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option> <option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
<option value="mb_nick"<?php echo get_selected($_GET['sfl'], "mb_nick"); ?>>닉네임</option> <option value="mb_nick"<?php echo get_selected($sfl, "mb_nick"); ?>>닉네임</option>
<option value="mb_name"<?php echo get_selected($_GET['sfl'], "mb_name"); ?>>이름</option> <option value="mb_name"<?php echo get_selected($sfl, "mb_name"); ?>>이름</option>
<option value="mb_level"<?php echo get_selected($_GET['sfl'], "mb_level"); ?>>권한</option> <option value="mb_level"<?php echo get_selected($sfl, "mb_level"); ?>>권한</option>
<option value="mb_email"<?php echo get_selected($_GET['sfl'], "mb_email"); ?>>E-MAIL</option> <option value="mb_email"<?php echo get_selected($sfl, "mb_email"); ?>>E-MAIL</option>
<option value="mb_tel"<?php echo get_selected($_GET['sfl'], "mb_tel"); ?>>전화번호</option> <option value="mb_tel"<?php echo get_selected($sfl, "mb_tel"); ?>>전화번호</option>
<option value="mb_hp"<?php echo get_selected($_GET['sfl'], "mb_hp"); ?>>휴대폰번호</option> <option value="mb_hp"<?php echo get_selected($sfl, "mb_hp"); ?>>휴대폰번호</option>
<option value="mb_point"<?php echo get_selected($_GET['sfl'], "mb_point"); ?>>포인트</option> <option value="mb_point"<?php echo get_selected($sfl, "mb_point"); ?>>포인트</option>
<option value="mb_datetime"<?php echo get_selected($_GET['sfl'], "mb_datetime"); ?>>가입일시</option> <option value="mb_datetime"<?php echo get_selected($sfl, "mb_datetime"); ?>>가입일시</option>
<option value="mb_ip"<?php echo get_selected($_GET['sfl'], "mb_ip"); ?>>IP</option> <option value="mb_ip"<?php echo get_selected($sfl, "mb_ip"); ?>>IP</option>
<option value="mb_recommend"<?php echo get_selected($_GET['sfl'], "mb_recommend"); ?>>추천인</option> <option value="mb_recommend"<?php echo get_selected($sfl, "mb_recommend"); ?>>추천인</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -331,4 +331,3 @@ function fmemberlist_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

3
adm/member_list_delete.php
View File

@ -4,7 +4,7 @@ include_once("./_common.php");
check_demo(); check_demo();
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
check_admin_token(); check_admin_token();
@ -34,4 +34,3 @@ if ($msg)
echo "<script type='text/javascript'> alert('$msg'); </script>"; echo "<script type='text/javascript'> alert('$msg'); </script>";
goto_url("./member_list.php?$qstr"); goto_url("./member_list.php?$qstr");
?>

37
adm/member_list_update.php
View File

@ -4,46 +4,54 @@ include_once('./_common.php');
check_demo(); check_demo();
if (!count($_POST['chk'])) { if (! (isset($_POST['chk']) && is_array($_POST['chk']))) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요."); alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
} }
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$mb_datas = array(); $mb_datas = array();
$msg = '';
if ($_POST['act_button'] == "선택수정") { if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++) for ($i=0; $i<count($_POST['chk']); $i++)
{ {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$post_mb_certify = (isset($_POST['mb_certify'][$k]) && $_POST['mb_certify'][$k]) ? clean_xss_tags($_POST['mb_certify'][$k], 1, 1, 20) : '';
$post_mb_level = isset($_POST['mb_level'][$k]) ? (int) $_POST['mb_level'][$k] : 0;
$post_mb_intercept_date = (isset($_POST['mb_intercept_date'][$k]) && $_POST['mb_intercept_date'][$k]) ? clean_xss_tags($_POST['mb_intercept_date'][$k], 1, 1, 8) : '';
$post_mb_mailling = isset($_POST['mb_mailling'][$k]) ? (int) $_POST['mb_mailling'][$k] : 0;
$post_mb_sms = isset($_POST['mb_sms'][$k]) ? (int) $_POST['mb_sms'][$k] : 0;
$post_mb_open = isset($_POST['mb_open'][$k]) ? (int) $_POST['mb_open'][$k] : 0;
$mb_datas[] = $mb = get_member($_POST['mb_id'][$k]); $mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
if (!$mb['mb_id']) { if (! (isset($mb['mb_id']) && $mb['mb_id'])) {
$msg .= $mb['mb_id'].' : 회원자료가 존재하지 않습니다.\\n'; $msg .= $mb['mb_id'].' : 회원자료가 존재하지 않습니다.\\n';
} else if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level']) { } else if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level']) {
$msg .= $mb['mb_id'].' : 자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.\\n'; $msg .= $mb['mb_id'].' : 자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.\\n';
} else if ($member['mb_id'] == $mb['mb_id']) { } else if ($member['mb_id'] == $mb['mb_id']) {
$msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n'; $msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n';
} else { } else {
if($_POST['mb_certify'][$k]) if($post_mb_certify)
$mb_adult = (int) $_POST['mb_adult'][$k]; $mb_adult = isset($_POST['mb_adult'][$k]) ? (int) $_POST['mb_adult'][$k] : 0;
else else
$mb_adult = 0; $mb_adult = 0;
$sql = " update {$g5['member_table']} $sql = " update {$g5['member_table']}
set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."', set mb_level = '".$post_mb_level."',
mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."', mb_intercept_date = '".sql_real_escape_string($post_mb_intercept_date)."',
mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."', mb_mailling = '".$post_mb_mailling."',
mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."', mb_sms = '".$post_mb_sms."',
mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."', mb_open = '".$post_mb_open."',
mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."', mb_certify = '".sql_real_escape_string($post_mb_certify)."',
mb_adult = '{$mb_adult}' mb_adult = '{$mb_adult}'
where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' "; where mb_id = '".sql_real_escape_string($mb['mb_id'])."' ";
sql_query($sql); sql_query($sql);
} }
} }
@ -53,7 +61,7 @@ if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++) for ($i=0; $i<count($_POST['chk']); $i++)
{ {
// 실제 번호를 넘김 // 실제 번호를 넘김
$k = $_POST['chk'][$i]; $k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$mb_datas[] = $mb = get_member($_POST['mb_id'][$k]); $mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
@ -79,4 +87,3 @@ if ($msg)
run_event('admin_member_list_update', $_POST['act_button'], $mb_datas); run_event('admin_member_list_update', $_POST['act_button'], $mb_datas);
goto_url('./member_list.php?'.$qstr); goto_url('./member_list.php?'.$qstr);
?>

7
adm/menu_form.php
View File

@ -8,7 +8,7 @@ if ($is_admin != 'super')
$g5['title'] = '메뉴 추가'; $g5['title'] = '메뉴 추가';
include_once(G5_PATH.'/head.sub.php'); include_once(G5_PATH.'/head.sub.php');
$code = isset($code) ? preg_replace('/[^0-9a-zA-Z]/', '', strip_tags($code)) : ''; $code = isset($_GET['code']) ? preg_replace('/[^0-9a-zA-Z]/', '', $_GET['code']) : '';
// 코드 // 코드
if($new == 'new' || !$code) { if($new == 'new' || !$code) {
@ -174,10 +174,10 @@ function add_menu_list(name, link, code)
else else
$menu_last = $menulist.find("tr.menu_list:last"); $menu_last = $menulist.find("tr.menu_list:last");
if($menu_last.size() > 0) { if($menu_last.length > 0) {
$menu_last.after(list); $menu_last.after(list);
} else { } else {
if($menulist.find("#empty_menu_list").size() > 0) if($menulist.find("#empty_menu_list").length > 0)
$menulist.find("#empty_menu_list").remove(); $menulist.find("#empty_menu_list").remove();
$menulist.find("table tbody").append(list); $menulist.find("table tbody").append(list);
@ -194,4 +194,3 @@ function add_menu_list(name, link, code)
<?php <?php
include_once(G5_PATH.'/tail.sub.php'); include_once(G5_PATH.'/tail.sub.php');
?>

6
adm/menu_form_search.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if ($is_admin != 'super') if ($is_admin != 'super')
die('최고관리자만 접근 가능합니다.'); die('최고관리자만 접근 가능합니다.');
$type = isset($_REQUEST['type']) ? preg_replace('/[^0-9a-z_]/i', '', $_REQUEST['type']) : '';
switch($type) { switch($type) {
case 'group': case 'group':
$sql = " select gr_id as id, gr_subject as subject $sql = " select gr_id as id, gr_subject as subject
@ -24,9 +26,7 @@ switch($type) {
$sql = ''; $sql = '';
break; break;
} }
?>
<?php
if($sql) { if($sql) {
$result = sql_query($sql); $result = sql_query($sql);
@ -123,4 +123,4 @@ if($sql) {
<button type="button" id="add_manual" class="btn_submit btn">추가</button> <button type="button" id="add_manual" class="btn_submit btn">추가</button>
<button type="button" class="btn_02 btn" onclick="window.close();">창닫기</button> <button type="button" class="btn_02 btn" onclick="window.close();">창닫기</button>
</div> </div>
<?php } ?> <?php } // end if;

6
adm/menu_list.php
View File

@ -31,6 +31,7 @@ $g5['title'] = "메뉴설정";
include_once('./admin.head.php'); include_once('./admin.head.php');
$colspan = 7; $colspan = 7;
$sub_menu_info = '';
?> ?>
<div class="local_desc01 local_desc"> <div class="local_desc01 local_desc">
@ -143,14 +144,14 @@ $(function() {
return false; return false;
var $tr = $(this).closest("tr"); var $tr = $(this).closest("tr");
if($tr.find("td.sub_menu_class").size() > 0) { if($tr.find("td.sub_menu_class").length > 0) {
$tr.remove(); $tr.remove();
} else { } else {
var code = $(this).closest("tr").find("input[name='code[]']").val().substr(0, 2); var code = $(this).closest("tr").find("input[name='code[]']").val().substr(0, 2);
$("tr.menu_group_"+code).remove(); $("tr.menu_group_"+code).remove();
} }
if($("#menulist tr.menu_list").size() < 1) { if($("#menulist tr.menu_list").length < 1) {
var list = "<tr id=\"empty_menu_list\"><td colspan=\"<?php echo $colspan; ?>\" class=\"empty_table\">자료가 없습니다.</td></tr>\n"; var list = "<tr id=\"empty_menu_list\"><td colspan=\"<?php echo $colspan; ?>\" class=\"empty_table\">자료가 없습니다.</td></tr>\n";
$("#menulist table tbody").append(list); $("#menulist table tbody").append(list);
} else { } else {
@ -216,4 +217,3 @@ function fmenulist_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

1
adm/menu_list_update.php
View File

@ -71,4 +71,3 @@ for ($i=0; $i<$count; $i++)
run_event('admin_menu_list_update'); run_event('admin_menu_list_update');
goto_url('./menu_list.php'); goto_url('./menu_list.php');
?>

13
adm/newwinform.php
View File

@ -3,9 +3,15 @@ $sub_menu = '100310';
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$nw_id = preg_replace('/[^0-9]/', '', $nw_id); $nw_id = isset($_REQUEST['nw_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['nw_id']) : 0;
$nw = array(
'nw_begin_time'=>'',
'nw_end_time'=>'',
'nw_subject'=>'',
'nw_content'=>'',
);
$html_title = "팝업레이어"; $html_title = "팝업레이어";
@ -18,7 +24,7 @@ if ($w == "u")
$html_title .= " 수정"; $html_title .= " 수정";
$sql = " select * from {$g5['new_win_table']} where nw_id = '$nw_id' "; $sql = " select * from {$g5['new_win_table']} where nw_id = '$nw_id' ";
$nw = sql_fetch($sql); $nw = sql_fetch($sql);
if (!$nw['nw_id']) alert("등록된 자료가 없습니다."); if (! (isset($nw['nw_id']) && $nw['nw_id'])) alert("등록된 자료가 없습니다.");
} }
else else
{ {
@ -163,4 +169,3 @@ function frmnewwin_check(f)
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

53
adm/newwinformupdate.php
View File

@ -2,31 +2,55 @@
$sub_menu = '100310'; $sub_menu = '100310';
include_once('./_common.php'); include_once('./_common.php');
$nw_id = isset($_POST['nw_id']) ? preg_replace('/[^0-9]/', '', $_POST['nw_id']) : 0;
if ($w == "u" || $w == "d") if ($w == "u" || $w == "d")
check_demo(); check_demo();
if ($w == 'd') if ($w == 'd')
auth_check($auth[$sub_menu], "d"); auth_check_menu($auth, $sub_menu, "d");
else else
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
check_admin_token(); check_admin_token();
$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : ''; $nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';
$posts = array();
$sql_common = " nw_division = '{$_POST['nw_division']}', $check_keys = array(
nw_device = '{$_POST['nw_device']}', 'nw_device'=>'str',
nw_begin_time = '{$_POST['nw_begin_time']}', 'nw_begin_time'=>'str',
nw_end_time = '{$_POST['nw_end_time']}', 'nw_end_time'=>'str',
nw_disable_hours = '{$_POST['nw_disable_hours']}', 'nw_disable_hours'=>'int',
nw_left = '{$_POST['nw_left']}', 'nw_left'=>'int',
nw_top = '{$_POST['nw_top']}', 'nw_top'=>'int',
nw_height = '{$_POST['nw_height']}', 'nw_height'=>'int',
nw_width = '{$_POST['nw_width']}', 'nw_width'=>'int',
'nw_content'=>'text',
'nw_content_html'=>'text',
);
foreach($check_keys as $key=>$val){
if($val === 'int'){
$posts[$key] = isset($_POST[$key]) ? (int) $_POST[$key] : 0;
} else if ($val === 'str') {
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : 0;
} else {
$posts[$key] = isset($_POST[$key]) ? trim($_POST[$key]) : 0;
}
}
$sql_common = " nw_device = '{$posts['nw_device']}',
nw_begin_time = '{$posts['nw_begin_time']}',
nw_end_time = '{$posts['nw_end_time']}',
nw_disable_hours = '{$posts['nw_disable_hours']}',
nw_left = '{$posts['nw_left']}',
nw_top = '{$posts['nw_top']}',
nw_height = '{$posts['nw_height']}',
nw_width = '{$posts['nw_width']}',
nw_subject = '{$nw_subject}', nw_subject = '{$nw_subject}',
nw_content = '{$_POST['nw_content']}', nw_content = '{$posts['nw_content']}',
nw_content_html = '{$_POST['nw_content_html']}' "; nw_content_html = '{$posts['nw_content_html']}' ";
if($w == "") if($w == "")
{ {
@ -54,4 +78,3 @@ else
{ {
goto_url("./newwinform.php?w=u&amp;nw_id=$nw_id"); goto_url("./newwinform.php?w=u&amp;nw_id=$nw_id");
} }
?>

3
adm/newwinlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100310'; $sub_menu = '100310';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
if( !isset($g5['new_win_table']) ){ if( !isset($g5['new_win_table']) ){
die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'new_win_table\'] = G5_TABLE_PREFIX.\'new_win\';</strong> 를 추가해 주세요.'); die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'new_win_table\'] = G5_TABLE_PREFIX.\'new_win\';</strong> 를 추가해 주세요.');
@ -116,4 +116,3 @@ $result = sql_query($sql);
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

3
adm/phpinfo.php
View File

@ -4,7 +4,6 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
phpinfo(); phpinfo();
?>

9
adm/point_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200200"; $sub_menu = "200200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['point_table']} "; $sql_common = " from {$g5['point_table']} ";
@ -84,8 +84,8 @@ else
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get"> <form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option> <option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
<option value="po_content"<?php echo get_selected($_GET['sfl'], "po_content"); ?>>내용</option> <option value="po_content"<?php echo get_selected($sfl, "po_content"); ?>>내용</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -190,7 +190,7 @@ else
<input type="hidden" name="sst" value="<?php echo $sst ?>"> <input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>"> <input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>"> <input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_frm01 tbl_wrap"> <div class="tbl_frm01 tbl_wrap">
<table> <table>
@ -249,4 +249,3 @@ function fpointlist_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

5
adm/point_list_delete.php
View File

@ -4,11 +4,11 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'd'); auth_check_menu($auth, $sub_menu, 'd');
check_admin_token(); check_admin_token();
$count = count($_POST['chk']); $count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count) if(!$count)
alert($_POST['act_button'].' 하실 항목을 하나 이상 체크하세요.'); alert($_POST['act_button'].' 하실 항목을 하나 이상 체크하세요.');
@ -58,4 +58,3 @@ for ($i=0; $i<$count; $i++)
} }
goto_url('./point_list.php?'.$qstr); goto_url('./point_list.php?'.$qstr);
?>

11
adm/point_update.php
View File

@ -2,14 +2,14 @@
$sub_menu = "200200"; $sub_menu = "200200";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id'])); $mb_id = isset($_POST['mb_id']) ? strip_tags(clean_xss_attributes($_POST['mb_id'])) : '';
$po_point = strip_tags(clean_xss_attributes($_POST['po_point'])); $po_point = isset($_POST['po_point']) ? strip_tags(clean_xss_attributes($_POST['po_point'])) : 0;
$po_content = strip_tags(clean_xss_attributes($_POST['po_content'])); $po_content = isset($_POST['po_content']) ? strip_tags(clean_xss_attributes($_POST['po_content'])) : '';
$expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']); $expire = isset($_POST['po_expire_term']) ? preg_replace('/[^0-9]/', '', $_POST['po_expire_term']) : '';
$mb = get_member($mb_id); $mb = get_member($mb_id);
@ -22,4 +22,3 @@ if (($po_point < 0) && ($po_point * (-1) > $mb['mb_point']))
insert_point($mb_id, $po_point, $po_content, '@passive', $mb_id, $member['mb_id'].'-'.uniqid(''), $expire); insert_point($mb_id, $po_point, $po_content, '@passive', $mb_id, $member['mb_id'].'-'.uniqid(''), $expire);
goto_url('./point_list.php?'.$qstr); goto_url('./point_list.php?'.$qstr);
?>

7
adm/poll_delete.php
View File

@ -4,17 +4,17 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'd'); auth_check_menu($auth, $sub_menu, 'd');
check_admin_token(); check_admin_token();
$count = count($_POST['chk']); $count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count) if(!$count)
alert('삭제할 투표목록을 1개이상 선택해 주세요.'); alert('삭제할 투표목록을 1개이상 선택해 주세요.');
for($i=0; $i<$count; $i++) { for($i=0; $i<$count; $i++) {
$po_id = $_POST['chk'][$i]; $po_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sql = " delete from {$g5['poll_table']} where po_id = '$po_id' "; $sql = " delete from {$g5['poll_table']} where po_id = '$po_id' ";
sql_query($sql); sql_query($sql);
@ -24,4 +24,3 @@ for($i=0; $i<$count; $i++) {
} }
goto_url('./poll_list.php?'.$qstr); goto_url('./poll_list.php?'.$qstr);
?>

14
adm/poll_form.php
View File

@ -2,9 +2,15 @@
$sub_menu = "200900"; $sub_menu = "200900";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
$po_id = isset($po_id) ? (int) $po_id : 0; $po_id = isset($po_id) ? (int) $po_id : 0;
$po = array(
'po_subject'=>'',
'po_etc'=>'',
'po_level'=>'',
'po_point'=>'',
);
$html_title = '투표'; $html_title = '투표';
if ($w == '') if ($w == '')
@ -48,7 +54,8 @@ include_once('./admin.head.php');
$sound_only = '<strong class="sound_only">필수</strong>'; $sound_only = '<strong class="sound_only">필수</strong>';
} }
$po_poll = get_text($po['po_poll'.$i]); $po_poll = isset($po['po_poll'.$i]) ? get_text($po['po_poll'.$i]) : '';
$po_cnt = isset($po['po_cnt'.$i]) ? get_text($po['po_cnt'.$i]) : 0;
?> ?>
<tr> <tr>
@ -56,7 +63,7 @@ include_once('./admin.head.php');
<td> <td>
<input type="text" name="po_poll<?php echo $i ?>" value="<?php echo $po_poll ?>" id="po_poll<?php echo $i ?>" <?php echo $required ?> class="frm_input <?php echo $required ?>" maxlength="125"> <input type="text" name="po_poll<?php echo $i ?>" value="<?php echo $po_poll ?>" id="po_poll<?php echo $i ?>" <?php echo $required ?> class="frm_input <?php echo $required ?>" maxlength="125">
<label for="po_cnt<?php echo $i ?>">항목 <?php echo $i ?> 투표수</label> <label for="po_cnt<?php echo $i ?>">항목 <?php echo $i ?> 투표수</label>
<input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po['po_cnt'.$i] ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3"> <input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po_cnt; ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3">
</td> </td>
</tr> </tr>
@ -112,4 +119,3 @@ include_once('./admin.head.php');
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/poll_form_update.php
View File

@ -6,7 +6,7 @@ $w = $_POST['w'];
if ($w == 'u' || $w == 'd') if ($w == 'u' || $w == 'd')
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
@ -100,4 +100,3 @@ if ($w == 'd')
goto_url('./poll_list.php?'.$qstr); goto_url('./poll_list.php?'.$qstr);
else else
goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr); goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr);
?>

5
adm/poll_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200900"; $sub_menu = "200900";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['poll_table']} "; $sql_common = " from {$g5['poll_table']} ";
@ -59,7 +59,7 @@ $colspan = 7;
<div class="sch_last"> <div class="sch_last">
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="po_subject"<?php echo get_selected($_GET['sfl'], "po_subject"); ?>>제목</option> <option value="po_subject"<?php echo get_selected($sfl, "po_subject"); ?>>제목</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -155,4 +155,3 @@ $(function() {
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

9
adm/popular_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300300"; $sub_menu = "300300";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
// 체크된 자료 삭제 // 체크된 자료 삭제
if (isset($_POST['chk']) && is_array($_POST['chk'])) { if (isset($_POST['chk']) && is_array($_POST['chk'])) {
@ -79,8 +79,8 @@ var list_delete_php = 'popular_list.php';
<div class="sch_last"> <div class="sch_last">
<label for="sfl" class="sound_only">검색대상</label> <label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl"> <select name="sfl" id="sfl">
<option value="pp_word"<?php echo get_selected($_GET['sfl'], "pp_word"); ?>>검색어</option> <option value="pp_word"<?php echo get_selected($sfl, "pp_word"); ?>>검색어</option>
<option value="pp_date"<?php echo get_selected($_GET['sfl'], "pp_date"); ?>>등록일</option> <option value="pp_date"<?php echo get_selected($sfl, "pp_date"); ?>>등록일</option>
</select> </select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label> <label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input"> <input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -94,7 +94,7 @@ var list_delete_php = 'popular_list.php';
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>"> <input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
<table> <table>
@ -168,4 +168,3 @@ $(function() {
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

10
adm/popular_rank.php
View File

@ -2,7 +2,10 @@
$sub_menu = "300400"; $sub_menu = "300400";
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$fr_date = isset($_REQUEST['fr_date']) ? $_REQUEST['fr_date'] : '';
$to_date = isset($_REQUEST['to_date']) ? $_REQUEST['to_date'] : '';
if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD; if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD;
if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD; if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD;
@ -64,7 +67,7 @@ $(function(){
<input type="hidden" name="sfl" value="<?php echo $sfl ?>"> <input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>"> <input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>"> <input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>"> <input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
<table> <table>
@ -105,8 +108,5 @@ $(function(){
<?php <?php
echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
?>
<?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/qa_config.php
View File

@ -3,7 +3,7 @@ $sub_menu = "300500";
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = '1:1문의 설정'; $g5['title'] = '1:1문의 설정';
include_once ('./admin.head.php'); include_once ('./admin.head.php');
@ -397,4 +397,3 @@ function fqaconfigform_submit(f)
<?php <?php
include_once ('./admin.tail.php'); include_once ('./admin.tail.php');
?>

3
adm/qa_config_update.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
check_demo(); check_demo();
auth_check($auth[$sub_menu], 'w'); auth_check_menu($auth, $sub_menu, 'w');
check_admin_token(); check_admin_token();
@ -108,4 +108,3 @@ if($error_msg){
} else { } else {
goto_url('./qa_config.php'); goto_url('./qa_config.php');
} }
?>

1
adm/safe_check.php
View File

@ -14,4 +14,3 @@ function social_log_file_delete($second=0){
} }
} }
} }
?>

3
adm/sendmail_test.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100300'; $sub_menu = '100300';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
if (!$config['cf_email_use']) if (!$config['cf_email_use'])
alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.'); alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
@ -73,4 +73,3 @@ if (isset($_POST['email'])) {
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

3
adm/service.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100400'; $sub_menu = '100400';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], 'r'); auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = '부가서비스'; $g5['title'] = '부가서비스';
include_once('./admin.head.php'); include_once('./admin.head.php');
@ -57,4 +57,3 @@ include_once('./admin.head.php');
<?php <?php
include_once('./admin.tail.php'); include_once('./admin.tail.php');
?>

1
adm/session_file_delete.php
View File

@ -58,4 +58,3 @@ include_once("./admin.head.php");
<?php <?php
include_once("./admin.tail.php"); include_once("./admin.tail.php");
?>

1
adm/shop_admin/_common.php
View File

@ -10,4 +10,3 @@ include_once(G5_ADMIN_PATH.'/admin.lib.php');
include_once('./admin.shop.lib.php'); include_once('./admin.shop.lib.php');
check_order_inicis_tmps(); check_order_inicis_tmps();
?>

3
adm/shop_admin/admin.shop.lib.php
View File

@ -218,5 +218,4 @@ function check_order_inicis_tmps(){
set_cookie('admin_visit_time', G5_SERVER_TIME, 3600); //1시간 간격으로 체크 set_cookie('admin_visit_time', G5_SERVER_TIME, 3600); //1시간 간격으로 체크
} }
} //end function check_order_inicis_tmps } //end function check_order_inicis_tmps;
?>

7
adm/shop_admin/ajax.ca_id.php
View File

@ -1,17 +1,16 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
$ca_id = trim($_POST['ca_id']); $ca_id = isset($_POST['ca_id']) ? trim($_POST['ca_id']) : '';
if (preg_match("/[^0-9a-z]/i", $ca_id)) { if (preg_match("/[^0-9a-z]/i", $ca_id)) {
die("{\"error\":\"분류코드는 영문자 숫자 만 입력 가능합니다.\"}"); die("{\"error\":\"분류코드는 영문자 숫자 만 입력 가능합니다.\"}");
} }
$sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '{$ca_id}' "; $sql = " select ca_name from {$g5['g5_shop_category_table']} where ca_id = '{$ca_id}' ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
if ($row['ca_name']) { if (isset($row['ca_name']) && $row['ca_name']) {
$ca_name = addslashes($row['ca_name']); $ca_name = addslashes($row['ca_name']);
die("{\"error\":\"이미 등록된 분류코드 입니다.\\n\\n분류명 : {$ca_name}\"}"); die("{\"error\":\"이미 등록된 분류코드 입니다.\\n\\n분류명 : {$ca_name}\"}");
} }
die("{\"error\":\"\"}"); // 정상 die("{\"error\":\"\"}"); // 정상;
?>

5
adm/shop_admin/ajax.it_id.php
View File

@ -1,7 +1,7 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
$it_id = trim($_POST['it_id']); $it_id = isset($_POST['it_id']) ? trim($_POST['it_id']) : '';
if (preg_match("/[^\w\-]/", $it_id)) { // \w : 0-9 A-Z a-z _ if (preg_match("/[^\w\-]/", $it_id)) { // \w : 0-9 A-Z a-z _
die("{\"error\":\"상품코드는 영문자 숫자 _ - 만 입력 가능합니다.\"}"); die("{\"error\":\"상품코드는 영문자 숫자 _ - 만 입력 가능합니다.\"}");
} }
@ -12,5 +12,4 @@ if ($row['it_name']) {
die("{\"error\":\"이미 등록된 상품코드 입니다.\\n\\n상품명 : {$it_name}\"}"); die("{\"error\":\"이미 등록된 상품코드 입니다.\\n\\n상품명 : {$it_name}\"}");
} }
die("{\"error\":\"\"}"); // 정상 die("{\"error\":\"\"}"); // 정상;
?>

4
adm/shop_admin/ajax.orderitem.php
View File

@ -2,9 +2,9 @@
$sub_menu = '400400'; $sub_menu = '400400';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
$od_id = $_POST['od_id']; $od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : 0;
$sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' "; $sql = " select * from {$g5['g5_shop_order_table']} where od_id = '$od_id' ";
$od = sql_fetch($sql); $od = sql_fetch($sql);

5
adm/shop_admin/ajax.skinfile.php
View File

@ -1,7 +1,9 @@
<?php <?php
include_once('./_common.php'); include_once('./_common.php');
if($type == 'mobile') { $type = isset($_REQUEST['type']) ? clean_xss_tags($_REQUEST['type'], 1, 1) : '';
if($type === 'mobile') {
if(preg_match('#^theme/(.+)$#', $dir, $match)) if(preg_match('#^theme/(.+)$#', $dir, $match))
$skin_dir = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/shop/'.$match[1]; $skin_dir = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/shop/'.$match[1];
else else
@ -14,4 +16,3 @@ if($type == 'mobile') {
} }
echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval); echo get_list_skin_options("^list.[0-9]+\.skin\.php", $skin_dir, $sval);
?>

14
adm/shop_admin/bannerform.php
View File

@ -2,9 +2,18 @@
$sub_menu = '500500'; $sub_menu = '500500';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$bn_id = preg_replace('/[^0-9]/', '', $bn_id); $bn_id = isset($_REQUEST['bn_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['bn_id']) : 0;
$bn = array(
'bn_id'=>0,
'bn_alt'=>'',
'bn_device'=>'',
'bn_position'=>'',
'bn_border'=>'',
'bn_new_win'=>'',
'bn_order'=>''
);
$html_title = '배너'; $html_title = '배너';
$g5['title'] = $html_title.'관리'; $g5['title'] = $html_title.'관리';
@ -163,4 +172,3 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

29
adm/shop_admin/bannerformupdate.php
View File

@ -4,20 +4,31 @@ include_once('./_common.php');
check_demo(); check_demo();
if ($W == 'd') $w = isset($_POST['w']) ? $_POST['w'] : '';
auth_check($auth[$sub_menu], "d");
if ($w == 'd')
auth_check_menu($auth, $sub_menu, "d");
else else
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
check_admin_token(); check_admin_token();
@mkdir(G5_DATA_PATH."/banner", G5_DIR_PERMISSION); @mkdir(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/banner", G5_DIR_PERMISSION); @chmod(G5_DATA_PATH."/banner", G5_DIR_PERMISSION);
$bn_bimg = $_FILES['bn_bimg']['tmp_name']; $bn_bimg = isset($_FILES['bn_bimg']['tmp_name']) ? $_FILES['bn_bimg']['tmp_name'] : '';
$bn_bimg_name = $_FILES['bn_bimg']['name']; $bn_bimg_name = isset($_FILES['bn_bimg']['name']) ? $_FILES['bn_bimg']['name'] : '';
$bn_id = isset($_POST['bn_id']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
$bn_id = (int) $bn_id; $bn_bimg_del = (isset($_POST['bn_bimg_del']) && $_POST['bn_bimg_del']) ? preg_replace('/[^0-9]/', '', $_POST['bn_id']) : 0;
$bn_url = isset($_POST['bn_url']) ? strip_tags(clean_xss_attributes($bn_url)) : '';
$bn_alt = isset($_POST['bn_alt']) ? strip_tags(clean_xss_attributes($bn_alt)) : '';
$bn_device = isset($_POST['bn_device']) ? clean_xss_tags($_POST['bn_device'], 1, 1) : '';
$bn_position = isset($_POST['bn_position']) ? clean_xss_tags($_POST['bn_position'], 1, 1) : '';
$bn_border = isset($_POST['bn_border']) ? (int) $_POST['bn_border'] : 0;
$bn_new_win = isset($_POST['bn_new_win']) ? (int) $_POST['bn_new_win'] : 0;
$bn_begin_time = isset($_POST['bn_begin_time']) ? clean_xss_tags($_POST['bn_begin_time'], 1, 1) : '';
$bn_end_time = isset($_POST['bn_end_time']) ? clean_xss_tags($_POST['bn_end_time'], 1, 1) : '';
$bn_order = isset($_POST['bn_order']) ? (int) $_POST['bn_order'] : 0;
if ($bn_bimg_del) @unlink(G5_DATA_PATH."/banner/$bn_id"); if ($bn_bimg_del) @unlink(G5_DATA_PATH."/banner/$bn_id");
@ -34,9 +45,6 @@ if( $bn_bimg || $bn_bimg_name ){
} }
} }
$bn_url = strip_tags(clean_xss_attributes($bn_url));
$bn_alt = strip_tags(clean_xss_attributes($bn_alt));
if ($w=="") if ($w=="")
{ {
if (!$bn_bimg_name) alert('배너 이미지를 업로드 하세요.'); if (!$bn_bimg_name) alert('배너 이미지를 업로드 하세요.');
@ -92,4 +100,3 @@ if ($w == "" || $w == "u")
} else { } else {
goto_url("./bannerlist.php"); goto_url("./bannerlist.php");
} }
?>

3
adm/shop_admin/bannerlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '500500'; $sub_menu = '500500';
include_once('./_common.php'); include_once('./_common.php');
auth_check($auth[$sub_menu], "r"); auth_check_menu($auth, $sub_menu, "r");
$bn_position = (isset($_GET['bn_position']) && in_array($_GET['bn_position'], array('메인', '왼쪽'))) ? $_GET['bn_position'] : ''; $bn_position = (isset($_GET['bn_position']) && in_array($_GET['bn_position'], array('메인', '왼쪽'))) ? $_GET['bn_position'] : '';
$bn_device = (isset($_GET['bn_device']) && in_array($_GET['bn_device'], array('pc', 'mobile'))) ? $_GET['bn_device'] : 'both'; $bn_device = (isset($_GET['bn_device']) && in_array($_GET['bn_device'], array('pc', 'mobile'))) ? $_GET['bn_device'] : 'both';
@ -185,4 +185,3 @@ jQuery(function($) {
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

30
adm/shop_admin/categoryform.php
View File

@ -3,9 +3,32 @@ $sub_menu = '400200';
include_once('./_common.php'); include_once('./_common.php');
include_once(G5_EDITOR_LIB); include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w"); auth_check_menu($auth, $sub_menu, "w");
$ca_id = isset($ca_id) ? preg_replace('/[^0-9a-z]/i', '', $ca_id) : ''; $ca_id = isset($_GET['ca_id']) ? preg_replace('/[^0-9a-z]/i', '', $_GET['ca_id']) : '';
$ca = array(
'ca_skin_dir'=>'',
'ca_mobile_skin_dir'=>'',
'ca_name'=>'',
'ca_order'=>'',
'ca_mb_id'=>'',
'ca_skin_dir'=>'',
'ca_cert_use'=>0,
'ca_adult_use'=>0,
'ca_sell_email'=>'',
'ca_nocoupon'=>0,
'ca_include_head'=>'',
'ca_include_tail'=>'',
'ca_head_html'=>'',
'ca_tail_html'=>'',
'ca_mobile_head_html'=>'',
'ca_mobile_tail_html'=>'',
);
for($i=0;$i<=10;$i++){
$ca['ca_'.$i.'_subj'] = '';
$ca['ca_'.$i] = '';
}
$sql_common = " from {$g5['g5_shop_category_table']} "; $sql_common = " from {$g5['g5_shop_category_table']} ";
if ($is_admin != 'super') if ($is_admin != 'super')
@ -69,7 +92,7 @@ else if ($w == "u")
{ {
$sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' "; $sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '$ca_id' ";
$ca = sql_fetch($sql); $ca = sql_fetch($sql);
if (!$ca['ca_id']) if (! (isset($ca['ca_id']) && $ca['ca_id']))
alert("자료가 없습니다."); alert("자료가 없습니다.");
$html_title = $ca['ca_name'] . " 수정"; $html_title = $ca['ca_name'] . " 수정";
@ -617,4 +640,3 @@ jQuery(function($){
<?php <?php
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>

Some files were not shown because too many files have changed in this diff Show More