From 37dd3232c900880ea1ca56501352c7ee5e37c12b Mon Sep 17 00:00:00 2001
From: gnuboard <kagla@naver.com>
Date: Mon, 20 May 2013 17:45:39 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=99=94?=
 =?UTF-8?q?=EB=A9=B4=EC=97=90=EC=84=9C=20=EB=8B=A4=EC=8B=9C=20=EA=B4=80?=
 =?UTF-8?q?=EB=A6=AC=EC=9E=90=20=EB=B9=84=EB=B2=88=EC=9D=84=20=EC=9E=85?=
 =?UTF-8?q?=EB=A0=A5=ED=95=98=EB=8A=94=20=EA=B8=B0=EB=8A=A5=EC=9D=84=20?=
 =?UTF-8?q?=EB=AA=A8=EB=91=90=20=EC=82=AD=EC=A0=9C=20=EB=A1=9C=EA=B7=B8?=
 =?UTF-8?q?=EC=9D=B8=EC=8B=9C=20=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=99=98?=
 =?UTF-8?q?=EA=B2=BD=EC=9D=84=20=EC=84=B8=EC=85=98=EC=97=90=20=EC=A0=80?=
 =?UTF-8?q?=EC=9E=A5=ED=95=B4=20=EB=86=93=EA=B3=A0=20CSRF=20=EB=A1=9C=20?=
 =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=EC=95=84=EC=9D=B4=EB=94=94?=
 =?UTF-8?q?=EA=B0=80=20=EB=9A=AB=EB=A6=AC=EB=8D=94=EB=9D=BC=EB=8F=84=20?=
 =?UTF-8?q?=EB=8B=A4=EB=A5=B8=20=ED=99=98=EA=B2=BD=EC=9D=98=20=EA=B4=80?=
 =?UTF-8?q?=EB=A6=AC=EC=9E=90=EA=B0=80=20=EB=93=A4=EC=96=B4=EC=98=A4?=
 =?UTF-8?q?=EB=A9=B4=20=EB=A1=9C=EA=B7=B8=EC=95=84=EC=9B=83=EC=9D=84=20?=
 =?UTF-8?q?=EC=8B=9C=ED=82=A4=EB=8A=94=20=EA=B8=B0=EB=8A=A5=EC=9D=B4=20?=
 =?UTF-8?q?=EC=9D=B4=EB=AF=B8=20=EB=93=A4=EC=96=B4=EA=B0=80=20=EC=9E=88?=
 =?UTF-8?q?=EC=9D=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/auth_list.php          | 7 -------
 adm/auth_update.php        | 4 ----
 adm/board_form.php         | 7 -------
 adm/board_form_update.php  | 9 ---------
 adm/config_form.php        | 7 -------
 adm/config_form_update.php | 4 ----
 adm/member_form.php        | 7 -------
 adm/member_form_update.php | 4 ----
 adm/point_list.php         | 7 -------
 adm/point_update.php       | 4 ----
 10 files changed, 60 deletions(-)

diff --git a/adm/auth_list.php b/adm/auth_list.php
index 66b60279d..80d9fcb3e 100644
--- a/adm/auth_list.php
+++ b/adm/auth_list.php
@@ -203,13 +203,6 @@ $colspan = 5;
     </tbody>
     </table>
 
-    <fieldset id="admin_confirm">
-        <legend>XSS 혹은 CSRF 방지</legend>
-        <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
-        <label for="admin_password">관리자 패스워드</label>
-        <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
-    </fieldset>
-
     <div class="btn_confirm">
         <input type="submit" value="완료" class="btn_submit">
     </div>
diff --git a/adm/auth_update.php b/adm/auth_update.php
index 9b4b9ca44..231e5cd7c 100644
--- a/adm/auth_update.php
+++ b/adm/auth_update.php
@@ -11,10 +11,6 @@ if (!$mb['mb_id'])
 
 check_token();
 
-if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
-    alert('패스워드가 다릅니다.');
-}
-
 $sql = " insert into {$g4['auth_table']}
             set mb_id   = '{$_POST['mb_id']}',
                 au_menu = '{$_POST['au_menu']}',
diff --git a/adm/board_form.php b/adm/board_form.php
index f090ceed7..0aaa328a4 100644
--- a/adm/board_form.php
+++ b/adm/board_form.php
@@ -1164,13 +1164,6 @@ $pg_anchor = '<ul class="anchor">
     </table>
 </section>
 
-<fieldset id="admin_confirm">
-    <legend>XSS 혹은 CSRF 방지</legend>
-    <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
-    <label for="admin_password">관리자 패스워드<strong class="sound_only">필수</strong></label>
-    <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
-</fieldset>
-
 <div class="btn_confirm">
     <p>
         작성하신 내용을 제출하시려면 <strong>확인</strong> 버튼을, 작성을 취소하고 목록으로 돌아가시려면 <strong>목록</strong> 링크를 누르세요.
diff --git a/adm/board_form_update.php b/adm/board_form_update.php
index 4c98c8a4a..5b2f431a9 100644
--- a/adm/board_form_update.php
+++ b/adm/board_form_update.php
@@ -7,15 +7,6 @@ if ($w == 'u')
 
 auth_check($auth[$sub_menu], 'w');
 
-if ($_POST['admin_password']) {
-    if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
-        alert('관리자 패스워드가 틀립니다.');
-    }
-} else {
-    alert('관리자 패스워드를 입력하세요.');
-}
-
-
 if (!$_POST['gr_id']) { alert('그룹 ID는 반드시 선택하세요.'); }
 if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
 if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }
diff --git a/adm/config_form.php b/adm/config_form.php
index 6756b5d0b..30dbc0184 100644
--- a/adm/config_form.php
+++ b/adm/config_form.php
@@ -727,13 +727,6 @@ $pg_anchor = '<ul class="anchor">
     </table>
 </section>
 
-<fieldset id="admin_confirm">
-    <legend>XSS 혹은 CSRF 방지</legend>
-    <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
-    <label for="admin_password">관리자 패스워드<strong class="sound_only">필수</strong></label>
-    <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
-</fieldset>
-
 <div class="btn_confirm">
     <p>
         작성하신 내용을 제출하시려면 <strong>확인</strong> 버튼을, 작성을 취소하고 목록으로 돌아가시려면 <strong>목록</strong> 링크를 누르세요.
diff --git a/adm/config_form_update.php b/adm/config_form_update.php
index fa050ba99..cb348003c 100644
--- a/adm/config_form_update.php
+++ b/adm/config_form_update.php
@@ -9,10 +9,6 @@ auth_check($auth[$sub_menu], 'w');
 if ($is_admin != 'super')
     alert('최고관리자만 접근 가능합니다.');
 
-if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
-    alert('패스워드가 다릅니다.');
-}
-
 $mb = get_member($cf_admin);
 if (!$mb['mb_id'])
     alert('최고관리자 회원아이디가 존재하지 않습니다.');
diff --git a/adm/member_form.php b/adm/member_form.php
index 5ccb22501..ffd76b406 100644
--- a/adm/member_form.php
+++ b/adm/member_form.php
@@ -295,13 +295,6 @@ include_once('./admin.head.php');
 
 </div>
 
-<fieldset id="admin_confirm">
-    <legend>XSS 혹은 CSRF 방지</legend>
-    <p>관리자 권한을 탈취 당하는 경우를 대비하여 관리자의 패스워드를 다시 한번 확인합니다.</p>
-    <label for="admin_password">관리자 패스워드<strong class="sound_only">필수</strong></label>
-    <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
-</fieldset>
-
 <div class="btn_confirm">
     <p>
         작성하신 내용을 제출하시려면 <strong>확인</strong> 버튼을, 작성을 취소하고 목록으로 돌아가시려면 <strong>목록</strong> 링크를 누르세요.
diff --git a/adm/member_form_update.php b/adm/member_form_update.php
index a081eef61..fdb97cb05 100644
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@@ -10,10 +10,6 @@ auth_check($auth[$sub_menu], 'w');
 
 check_token();
 
-if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
-    alert('패스워드가 다릅니다.');
-}
-
 $mb_id = escape_trim($_POST['mb_id']);
 
 // 휴대폰번호 체크
diff --git a/adm/point_list.php b/adm/point_list.php
index bd87ac001..3619b6734 100644
--- a/adm/point_list.php
+++ b/adm/point_list.php
@@ -207,13 +207,6 @@ function point_clear()
     </tbody>
     </table>
 
-    <fieldset id="admin_confirm">
-        <legend>XSS 혹은 CSRF 방지</legend>
-        <p>관리자 권한을 탈취당하는 경우를 대비하여 패스워드를 다시 한번 확인합니다.</p>
-        <label for="admin_password">관리자패스워드<strong class="sound_only">필수</strong></label>
-        <input type="password" name="admin_password" id="admin_password" required class="required frm_input">
-    </fieldset>
-
     <div class="btn_confirm">
         <input type="submit" value="확인" class="btn_submit">
     </div>
diff --git a/adm/point_update.php b/adm/point_update.php
index 365cabbab..fbd2f1a9d 100644
--- a/adm/point_update.php
+++ b/adm/point_update.php
@@ -6,10 +6,6 @@ auth_check($auth[$sub_menu], 'w');
 
 check_token();
 
-if ($member['mb_password'] != sql_password($_POST['admin_password'])) {
-    alert('패스워드가 다릅니다.');
-}
-
 $mb_id = $_POST['mb_id'];
 $po_point = $_POST['po_point'];
 $po_content = $_POST['po_content'];