firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

관리자모드 일부 원본 복구

Browse Source
This commit is contained in:
whitedot
2012-11-02 11:53:34 +09:00
parent d3ab4acee1
commit 50732cfc3b
54 changed files with 2758 additions and 2802 deletions
Download Patch File Download Diff File Expand all files Collapse all files

349
adm/member_form.php
View File

@ -8,8 +8,8 @@ $token = get_token();
if ($w == "")
{
$required_mb_id = 'required minlength="3" alphanumericunderline id="회원아이디" name="회원아이디"';
$required_mb_password = 'required id="패스워드" name="패스워드"';
$required_mb_id = "required minlength=3 alphanumericunderline itemname='회원아이디'";
$required_mb_password = "required itemname='패스워드'";
$mb[mb_mailling] = 1;
$mb[mb_open] = 1;
@ -19,9 +19,8 @@ if ($w == "")
else if ($w == "u")
{
$mb = get_member($mb_id);
if (!$mb['mb_id'])
alert('존재하지 않는 회원자료입니다.');
if (!$mb[mb_id])
alert("존재하지 않는 회원자료입니다.");
if ($is_admin != 'super' && $mb[mb_level] >= $member[mb_level])
alert("자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.");
@ -56,231 +55,185 @@ else if ($w == "u")
else
alert("제대로 된 값이 넘어오지 않았습니다.");
if ($mb[mb_mailling]) $mailling_checked = 'checked'; // 메일 수신
if ($mb[mb_sms]) $sms_checked = 'checked'; // SMS 수신
if ($mb[mb_open]) $open_checked = 'checked'; // 정보 공개
if ($mb[mb_mailling]) $mailling_checked = "checked"; // 메일 수신
if ($mb[mb_sms]) $sms_checked = "checked"; // SMS 수신
if ($mb[mb_open]) $open_checked = "checked"; // 정보 공개
$g4['title'] = '회원정보 ' . $html_title;
$g4[title] = "회원정보 " . $html_title;
include_once("./admin.head.php");
?>
<h2><span></span>회원정보 입력</h2>
<form id="fmember" name="fmember" method="post" onsubmit="return fmember_submit(this);" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" id="w" name="w" value="<?=$w?>">
<input type="hidden" id="sfl" name="sfl" value="<?=$sfl?>">
<input type="hidden" id="stx" name="stx" value="<?=$stx?>">
<input type="hidden" id="sst" name="sst" value="<?=$sst?>">
<input type="hidden" id="sod" name="sod" value="<?=$sod?>">
<input type="hidden" id="page" name="page" value="<?=$page?>">
<input type="hidden" id="token" name="token" value="<?=$token?>">
<table>
<caption>
회원의 사이트 기본정보 <?=$html_title?>
</caption>
<tbody>
<table width=100% align=center cellpadding=0 cellspacing=0>
<form name=fmember method=post onsubmit="return fmember_submit(this);" enctype="multipart/form-data" autocomplete="off">
<input type=hidden name=w value='<?=$w?>'>
<input type=hidden name=sfl value='<?=$sfl?>'>
<input type=hidden name=stx value='<?=$stx?>'>
<input type=hidden name=sst value='<?=$sst?>'>
<input type=hidden name=sod value='<?=$sod?>'>
<input type=hidden name=page value='<?=$page?>'>
<input type=hidden name=token value='<?=$token?>'>
<colgroup width=20% class='col1 pad1 bold right'>
<colgroup width=30% class='col2 pad2'>
<colgroup width=20% class='col1 pad1 bold right'>
<colgroup width=30% class='col2 pad2'>
<tr>
<th scope="row" id="th101"><label for="mb_id">아이디</label></th>
<td headers="th101">
<input type="text" id="mb_id" name="mb_id" maxlength="20" minlength="2" <?=$required_mb_id?> value='<?=$mb['mb_id'] ?>'>
<?if ($w=="u"){?><a href='./boardgroupmember_form.php?mb_id=<?=$mb['mb_id']?>'>접근가능그룹보기</a><?}?>
<td colspan=4 class=title align=left><img src='<?=$g4[admin_path]?>/img/icon_title.gif'> <?=$g4[title]?></td>
</tr>
<tr><td colspan=4 class=line1></td></tr>
<tr class='ht'>
<td>아이디</td>
<td>
<input type=text class=ed name='mb_id' size=20 maxlength=20 minlength=2 <?=$required_mb_id?> itemname='아이디' value='<? echo $mb[mb_id] ?>'>
<?if ($w=="u"){?><a href='./boardgroupmember_form.php?mb_id=<?=$mb[mb_id]?>'>접근가능그룹보기</a><?}?>
</td>
<td>패스워드</td>
<td><input type=password class=ed name='mb_password' size=20 maxlength=20 <?=$required_mb_password?> itemname='암호'></td>
</tr>
<tr>
<th scope="row" id="th102"><label for="mb_password">패스워드</label></th>
<td headers="th102"><input type="password" id="mb_password" name="mb_password" maxlength="20" <?=$required_mb_password?>></td>
<tr class='ht'>
<td>이름(실명)</td>
<td><input type=text class=ed name='mb_name' maxlength=20 minlength=2 required itemname='이름(실명)' value='<? echo $mb[mb_name] ?>'></td>
<td>별명</td>
<td><input type=text class=ed name='mb_nick' maxlength=20 minlength=2 required itemname='별명' value='<? echo $mb[mb_nick] ?>'></td>
</tr>
<tr>
<th scope="row" id="th103"><label for="mb_level">회원 권한</label></th>
<td headers="th103"><?=get_member_level_select("mb_level", 1, $member[mb_level], $mb[mb_level])?></td>
<tr class='ht'>
<td>회원 권한</td>
<td><?=get_member_level_select("mb_level", 1, $member[mb_level], $mb[mb_level])?></td>
<td>포인트</td>
<td><a href='./point_list.php?sfl=mb_id&stx=<?=$mb[mb_id]?>' class='bold'><?=number_format($mb[mb_point])?></a> 점</td>
</tr>
<tr>
<th scope="row" id="th104">포인트</th>
<td headers="th104"><a href="./point_list.php?sfl=mb_id&amp;stx=<?=$mb['mb_id']?>"><?=number_format($mb[mb_point])?></a> 점</td>
<tr class='ht'>
<td>E-mail</td>
<td><input type=text class=ed name='mb_email' size=40 maxlength=100 required email itemname='e-mail' value='<? echo $mb[mb_email] ?>'></td>
<td>홈페이지</td>
<td><input type=text class=ed name='mb_homepage' size=40 maxlength=255 itemname='홈페이지' value='<? echo $mb[mb_homepage] ?>'></td>
</tr>
</tbody>
</table>
<table>
<caption>
회원의 개인정보를 <?=$html_title?>
</caption>
<tbody>
<tr>
<th scope="row" id="th201"><label for="mb_name">이름(실명)</label></th>
<td headers="th201"><input type="text" id="mb_name" name="mb_name" maxlength="20" minlength="2" required value="<?=$mb['mb_name']?>"></td>
<tr class='ht'>
<td>전화번호</td>
<td><input type=text class=ed name='mb_tel' maxlength=20 itemname='전화번호' value='<? echo $mb[mb_tel] ?>'></td>
<td>핸드폰번호</td>
<td><input type=text class=ed name='mb_hp' maxlength=20 itemname='핸드폰번호' value='<? echo $mb[mb_hp] ?>'></td>
</tr>
<tr>
<th scope="row" id="th202"><label for="mb_nick">별명</label></th>
<td headers="th202"><input type="text" id="mb_nick" name="mb_nick" maxlength="20" minlength="2" required value="<?=$mb['mb_nick']?>"></td>
</tr>
<tr>
<th scope="row" id="th203"><label for="mb_birth">생년월일</label></th>
<td headers="th203"><input type="text" id="mb_birth" name="mb_birth" maxlength="8" value='<? echo $mb['mb_birth'] ?>'></td>
</tr>
<tr>
<th scope="row" id="th204"><label for="mb_sex">성별</label></th>
<td headers="th204">
<select id="mb_sex" name="mb_sex">
<option value=''>선택</option>
<option value="F">여자</option>
<option value="M">남자</option>
</select>
<script> document.fmember.mb_sex.value = "<?=$mb['mb_sex']?>"; </script>
</td>
</tr>
<tr>
<th scope="row" id="th205"><label for="mb_email">E-mail</label></th>
<td headers="th205"><input type="text" id="mb_email" name="mb_email" maxlength="100" required id="e-mail" name="e-mail" value="<?=$mb['mb_email'] ?>"></td>
</tr>
<tr>
<th scope="row" id="th206"><label for="mb_homepage">홈페이지</label></th>
<td headers="th206"><input type="text" id="mb_homepage" name="mb_homepage" maxlength="255" value="<?=$mb['mb_homepage']?>"></td>
</tr>
<tr>
<th scope="row" id="th207"><label for="mb_tel">전화번호</label></th>
<td headers="th207"><input type="text" id="mb_tel" name="mb_tel" maxlength="20" value="<?=$mb['mb_tel']?>"></td>
</tr>
<tr>
<th scope="row" id="th208"><label for="mb_hp">핸드폰번호</label></th>
<td headers="th208"><input type="text" id="mb_hp" name="mb_hp" maxlength="20" value="<?=$mb['mb_hp']?>"></td>
</tr>
<tr>
<th scope="row" id="th209">주소</th>
<td headers="th209">
<input type="text" id="mb_zip1" name="mb_zip1" maxlength="3" readonly value="<?=$mb[mb_zip1]?>" title="우편번호 앞자리"> -
<input type="text" id="mb_zip2" name="mb_zip2" maxlength="3" readonly value="<?=$mb[mb_zip2]?>" title="우편번호 뒷자리">
<a href="javascript:;" onclick="win_zip('fmember', 'mb_zip1', 'mb_zip2', 'mb_addr1', 'mb_addr2');">우편번호 검색</a>
<input type="text" id="mb_addr1" name="mb_addr1" readonly value="<?=$mb['mb_addr1'] ?>" title="기본주소">
<label for="mb_addr2" class="visibility_hidden_label">상세주소</label>
<input type="text" id="mb_addr2" name="mb_addr2" value="<?=$mb['mb_addr2']?>"> 상세주소 입력
</td>
</tr>
<tr>
<th scope="row" id="th210"><label for="mb_signature">서명</label></th>
<td headers="th210"><textarea id="mb_signature" name="mb_signature"><? echo $mb['mb_signature'] ?></textarea></td>
</tr>
<tr>
<th scope="row" id="th211"><label for="mb_icon">회원아이콘</label></th>
<td headers="th211">
<input type="file" id="mb_icon" name="mb_icon">
이미지 크기는 <?=$config[cf_member_icon_width]?>x<?=$config[cf_member_icon_height]?>으로 해주세요.
<tr class='ht'>
<td>주소</td>
<td>
<input type=text class=ed name='mb_zip1' size=4 maxlength=3 readonly itemname='우편번호 앞자리' value='<? echo $mb[mb_zip1] ?>'> -
<input type=text class=ed name='mb_zip2' size=4 maxlength=3 readonly itemname='우편번호 뒷자리' value='<? echo $mb[mb_zip2] ?>'>
<a href="javascript:;" onclick="win_zip('fmember', 'mb_zip1', 'mb_zip2', 'mb_addr1', 'mb_addr2');"><img src='<?=$g4[bbs_img_path]?>/btn_zip.gif' align=absmiddle border=0></a>
<br><input type=text class=ed name='mb_addr1' size=40 readonly value='<? echo $mb[mb_addr1] ?>'>
<br><input type=text class=ed name='mb_addr2' size=25 itemname='상세주소' value='<? echo $mb[mb_addr2] ?>'> 상세주소 입력</td>
<td>회원아이콘</td>
<td colspan=3>
<input type=file name='mb_icon' class=ed><br>이미지 크기는 <?=$config[cf_member_icon_width]?>x<?=$config[cf_member_icon_height]?>으로 해주세요.
<?
$mb_dir = substr($mb['mb_id'],0,2);
$icon_file = $g4['path'].'/data/member/'.$mb_dir.'/'.$mb['mb_id'].'.gif';
$mb_dir = substr($mb[mb_id],0,2);
$icon_file = "$g4[path]/data/member/$mb_dir/$mb[mb_id].gif";
if (file_exists($icon_file)) {
echo '<img src="$icon_file">';
echo '<input type="checkbox" id="del_mb_icon" name="del_mb_icon" value="1">삭제';
}
echo "<br><img src='$icon_file' align=absmiddle>";
echo " <input type=checkbox name='del_mb_icon' value='1' class='csscheck'>삭제";
}
?>
</td>
</tr>
<tr>
<th scope="row" id="th212"><label for="mb_profile">자기 소개</label></th>
<td headers="th212"><textarea id="mb_profile" name="mb_profile"><? echo $mb['mb_profile'] ?></textarea></td>
<tr class='ht'>
<td>생년월일</td>
<td><input type=text class=ed name=mb_birth size=9 maxlength=8 value='<? echo $mb[mb_birth] ?>'></td>
<td>남녀</td>
<td>
<select name=mb_sex><option value=''>----<option value='F'>여자<option value='M'>남자</select>
<script type="text/javascript"> document.fmember.mb_sex.value = "<?=$mb[mb_sex]?>"; </script></td>
</tr>
<tr>
<th scope="row" id="th213"><label for="mb_memo">메모</label></th>
<td headers="th213"><textarea id="mb_memo" name="mb_memo"><? echo $mb[mb_memo] ?></textarea></td>
<tr class='ht'>
<td>메일 수신</td>
<td><input type=checkbox name=mb_mailling value='1' <?=$mailling_checked?>> 정보 메일을 받음</td>
<td>SMS 수신</td>
<td><input type=checkbox name=mb_sms value='1' <?=$sms_checked?>> 문자메세지를 받음</td>
</tr>
<tr class='ht'>
<td>정보 공개</td>
<td colspan=3><input type=checkbox name=mb_open value='1' <?=$open_checked?>> 타인에게 자신의 정보를 공개</td>
</tr>
<tr class='ht'>
<td>서명</td>
<td><textarea class=ed name=mb_signature rows=5 style='width:99%; word-break:break-all;'><? echo $mb[mb_signature] ?></textarea></td>
<td>자기 소개</td>
<td><textarea class=ed name=mb_profile rows=5 style='width:99%; word-break:break-all;'><? echo $mb[mb_profile] ?></textarea></td>
</tr>
<tr class='ht'>
<td>메모</td>
<td colspan=3><textarea class=ed name=mb_memo rows=5 style='width:99%; word-break:break-all;'><? echo $mb[mb_memo] ?></textarea></td>
</tr>
</tbody>
</table>
<table>
<caption>
회원의 정보 수신 및 공개 여부 <?=$html_title?>
</caption>
<tbody>
<tr>
<th scope="row" id="th301"><label for="mb_mailing">메일 수신</label></th>
<td headers="th301"><input type="checkbox" id="mb_mailling" name="mb_mailling" value="1" <?=$mailling_checked?>> 정보 메일을 받음</td>
</tr>
<tr>
<th scope="row" id="th302"><label for="mb_sms">SMS 수신</label></th>
<td headers="th302"><input type="checkbox" id="mb_sms" name="mb_sms" value="1" <?=$sms_checked?>> 문자메세지를 받음</td>
</tr>
<tr>
<th scope="row" id="th302"><label for="mb_open">정보 공개</label></th>
<td headers="th302"><input type="checkbox" id="mb_open" name="mb_open" value="1" <?=$open_checked?>> 타인에게 자신의 정보를 공개</td>
</tr></tbody>
</table>
<table>
<caption>회원의 사이트 이용상태 확인 (혹은 <?=$html_title?>)</caption>
<tbody>
<? if ($w == "u") { ?>
<tr>
<th scope="row" id="th401">회원가입일</th>
<td headers="th401"><?=$mb[mb_datetime]?></td>
<tr class='ht'>
<td>회원가입일</td>
<td><?=$mb[mb_datetime]?></td>
<td>최근접속일</td>
<td><?=$mb[mb_today_login]?></td>
</tr>
<tr>
<th scope="row" id="th402">최근접속일</th>
<td headers="th402"><?=$mb[mb_today_login]?></td>
</tr>
<tr>
<th scope="row" id="th403">IP</th>
<td headers="th403"><?=$mb[mb_ip]?></td>
</tr>
<? if ($config[cf_use_email_certify]) { ?>
<tr>
<th scope="row" id="th404"><? if ($mb['mb_email_certify'] == "0000-00-00 00:00:00") {?><label for="passive_certify">인증일시</label><?}else{?>인증일시<?}?></th>
<td headers="th404">
<?=$mb['mb_email_certify']?>
<? if ($mb['mb_email_certify'] == "0000-00-00 00:00:00") { echo '<input type="checkbox" id="passive_certify" name="passive_certify">수동인증'; } ?>
</td>
<tr class='ht'>
<td>IP</td>
<td><?=$mb[mb_ip]?></td>
<? if ($config[cf_use_email_certify]) { ?>
<td>인증일시</td>
<td><?=$mb[mb_email_certify]?>
<? if ($mb[mb_email_certify] == "0000-00-00 00:00:00") { echo "<input type=checkbox name=passive_certify>수동인증"; } ?></td>
<? } else { ?>
<td></td>
<td></td>
<? } ?>
</tr>
<? } ?>
<? } ?>
<? if ($config[cf_use_recommend]) { // 추천인 사용 ?>
<tr>
<th scope="row" id="th405">추천인</th>
<td headers="th405"><?=($mb['mb_recommend'] ? get_text($mb['mb_recommend']) : "없음"); // 081022 : CSRF 보안 결함으로 인한 코드 수정 ?></td>
<tr class='ht'>
<td>추천인</td>
<td colspan=3><?=($mb[mb_recommend] ? get_text($mb[mb_recommend]) : "없음"); // 081022 : CSRF 보안 결함으로 인한 코드 수정 ?></td>
</tr>
<? } ?>
<tr>
<th scope="row" id="th406"><label for="mb_leave_date">탈퇴일자</label></th>
<td headers="th406"><input type="text" id="mb_leave_date" name="mb_leave_date" maxlength="8" value="<?=$mb['mb_leave_date']?>"></td>
</tr>
<tr>
<th scope="row" id="th407"><label for="mb_intercept_date">접근차단일자</label></th>
<td headers="th407">
<input type="text" id="mb_intercept_date" name="mb_intercept_date" maxlength="8" value="<?=$mb['mb_intercept_date']?>">
<input type="checkbox" id="mb_intercept_today" name="mb_intercept_today" value='<? echo date("Ymd"); ?>' onclick='if (this.form.mb_intercept_date.value==this.form.mb_intercept_date.defaultValue) { this.form.mb_intercept_date.value="this".value; } else { this.form.mb_intercept_date.value="this".form.mb_intercept_date.defaultValue; } '>
<label for="mb_intercept_today">오늘</label>
</td>
</tr></tbody>
</table>
<table>
<caption>
회원과 관련되어 미리 정의된 추가사항 <?=$html_title?>
</caption>
<tbody>
<tr class='ht'>
<td>탈퇴일자</td>
<td><input type=text class=ed name=mb_leave_date size=9 maxlength=8 value='<? echo $mb[mb_leave_date] ?>'></td>
<td>접근차단일자</td>
<td><input type=text class=ed name=mb_intercept_date size=9 maxlength=8 value='<? echo $mb[mb_intercept_date] ?>'> <input type=checkbox value='<? echo date("Ymd"); ?>' onclick='if (this.form.mb_intercept_date.value==this.form.mb_intercept_date.defaultValue) { this.form.mb_intercept_date.value=this.value; } else { this.form.mb_intercept_date.value=this.form.mb_intercept_date.defaultValue; } '>오늘</td>
</tr>
<? for ($i=1; $i<=10; $i=$i+2) { $k=$i+1; ?>
<tr>
<th scope="row" id="th5<?=$i?>"><label for="mb_<?=$i?>">여분 필드 <?=$i?></label></th>
<td headers="th5<?=$i?>"><input type="text" id="mb_<?=$i?>" name="mb_<?=$i?>" maxlength="255" value="<?=$mb['mb_{$i}']?>"></td>
<th scope="row" id="th5<?=$k?>"><label for="mb_<?=$k?>">여분 필드 <?=$k?></label></th>
<td headers="th5<?=$k?>"><input type="text" id="mb_<?=$k?>" name="mb_<?=$k?>" maxlength="255" value="<?=$mb['mb_{$k}']?>"></td>
<tr class='ht'>
<td>여분 필드 <?=$i?></td>
<td><input type=text class=ed style='width:99%;' name='mb_<?=$i?>' maxlength=255 value='<?=$mb["mb_$i"]?>'></td>
<td>여분 필드 <?=$k?></td>
<td><input type=text class=ed style='width:99%;' name='mb_<?=$k?>' maxlength=255 value='<?=$mb["mb_$k"]?>'></td>
</tr>
<? } ?>
</tbody>
<tr class='ht'>
<td colspan=4 align=left>
<?=subtitle("XSS / CSRF 방지")?>
</td>
</tr>
<tr><td colspan=4 class=line1></td></tr>
<tr class='ht'>
<td>
관리자 패스워드
</td>
<td colspan=3>
<input class='ed' type='password' name='admin_password' itemname="관리자 패스워드" required>
<?=help("관리자 권한을 빼앗길 것에 대비하여 로그인한 관리자의 패스워드를 한번 더 묻는것 입니다.");?>
</td>
</tr>
<tr><td colspan=4 class=line2></td></tr>
</table>
<fieldset>
<legend><span></span>XSS/CSRF 방지 관리자 패스워드 확인</legend>
<p>관리자 권한을 빼앗길 것에 대비하여 로그인한 관리자의 패스워드를 한번 더 묻는것 입니다.</p>
<label for="admin_password">관리자 패스워드</label>
<input type="password" id="admin_password" name="admin_password" name="관리자 패스워드" required>
<input type="submit" accesskey="s" value="확인">
<input type="button" value="목록" onclick="document.location.href='./member_list.php?<?=$qstr?>';">
<? if ($w != '') { ?>
<input type="button" value="삭제" onclick="del('./member_delete.php?<?=$qstr?>&amp;w=d&amp;mb_id=<?=$mb['mb_id']?>&amp;url=<?=$_SERVER['PHP_SELF']?>');">
<? } ?>
</fieldset>
<p align=center>
<input type=submit class=btn1 accesskey='s' value=' 확 인 '>&nbsp;
<input type=button class=btn1 value=' 목 록 ' onclick="document.location.href='./member_list.php?<?=$qstr?>';">&nbsp;
<? if ($w != '') { ?>
<input type=button class=btn1 value=' 삭 제 ' onclick="del('./member_delete.php?<?=$qstr?>&w=d&mb_id=<?=$mb[mb_id]?>&url=<?=$_SERVER[PHP_SELF]?>');">&nbsp;
<? } ?>
</form>
<script type='text/javascript'>