php8.0 버전 호환 코드 적용 및 PHP 끝 태그 삭제 일괄적용

2021-01-04 15:33:29 +09:00
parent 10d377de7d
commit 582d1a01f4
852 changed files with 120617 additions and 6307 deletions
--- a/adm/sms_admin/_common.php
+++ b/adm/sms_admin/_common.php
@ -19,5 +19,4 @@ if( isset($token) ){
    $token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
 }

-add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
-?>
+add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
--- a/adm/sms_admin/ajax.hp_chk.php
+++ b/adm/sms_admin/ajax.hp_chk.php
@ -10,12 +10,14 @@ if( !function_exists('json_encode') ) {
    }
 }

-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");

 $err = '';
 $arr_ajax_msg = array();
 $exist_hplist = array();

+$bk_hp = isset($_REQUEST['bk_hp']) ? clean_xss_tags($_REQUEST['bk_hp'], 1, 1) : '';
+
 if( !$bk_hp )
    $err = '휴대폰번호를 입력해 주십시오.';

@ -46,6 +48,4 @@ if(!$row['cnt'] && $w == 'u') {
 $arr_ajax_msg['error'] = $err;
 $arr_ajax_msg['exist'] = $exist_hplist;

-die( json_encode($arr_ajax_msg) );
-
-?>
+die( json_encode($arr_ajax_msg) );
--- a/adm/sms_admin/ajax.sms_write_form.php
+++ b/adm/sms_admin/ajax.sms_write_form.php
@ -10,7 +10,9 @@ if( !function_exists('json_encode') ) {
    }
 }

-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");
+
+$fg_no = isset($_REQUEST['fg_no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['fg_no']) : '';

 $page_size = 6;

@ -82,5 +84,4 @@ $arr_ajax_msg = array(
 'total_page'=>$total_page
 );

-die( json_encode($arr_ajax_msg) );
-?>
+die( json_encode($arr_ajax_msg) );
--- a/adm/sms_admin/ajax.sms_write_group.php
+++ b/adm/sms_admin/ajax.sms_write_group.php
@ -4,7 +4,7 @@ include_once("./_common.php");

 $colspan = 3;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $no_group = sql_fetch("select * from {$g5['sms5_book_group_table']} where bg_no=1");

--- a/adm/sms_admin/ajax.sms_write_level.php
+++ b/adm/sms_admin/ajax.sms_write_level.php
@ -10,7 +10,7 @@ if( !function_exists('json_encode') ) {
    }
 }

-ajax_auth_check($auth[$sub_menu], "r");
+ajax_auth_check_menu($auth, $sub_menu, "r");

 $lev = array();

@ -26,6 +26,7 @@ while ($row = sql_fetch_array($qry))
    $lev[$row['mb_level']] = $row['cnt'];
 }
 $str_json = array();
+$line = 0;
 $tmp_str = '';
 $tmp_str .= '
 <div class="tbl_head01 tbl_wrap">
@ -53,5 +54,4 @@ $tmp_str .= '
 </div>';

 $str_json['html'] = $tmp_str;
-echo json_encode($str_json);
-?>
+echo json_encode($str_json);
--- a/adm/sms_admin/ajax.sms_write_person.php
+++ b/adm/sms_admin/ajax.sms_write_person.php
@ -5,7 +5,11 @@ include_once("./_common.php");
 $page_size = 10;
 $colspan = 5;

-auth_check($auth[$sub_menu], "r");
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$ap = isset($_REQUEST['ap']) ? (int) $_REQUEST['ap'] : 0;
+$no_hp = isset($_REQUEST['no_hp']) ? clean_xss_tags($_REQUEST['no_hp'], 1, 1) : '';
+
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "휴대폰번호 관리";

--- a/adm/sms_admin/config.php
+++ b/adm/sms_admin/config.php
@ -2,7 +2,7 @@
 $sub_menu = "900100";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "SMS 기본설정";

@ -25,7 +25,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw'])
 if (!$config['cf_icode_id'])
    $config['cf_icode_id'] = 'sir_';

-if (!$sms5['cf_skin'])
+if (! (isset($sms5['cf_skin']) && $sms5['cf_skin']))
    $sms5['cf_skin'] = 'basic';

 include_once(G5_ADMIN_PATH.'/admin.head.php');
@ -117,7 +117,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
        <th scope="row"><label for="cf_phone">회신번호<strong class="sound_only"> 필수</strong></label></th>
        <td>
            <?php echo help("회신받을 휴대폰 번호를 입력하세요. 회신번호는 발신번호로 사전등록된 번호와 동일해야 합니다.<br>예) 010-123-4567"); ?>
-            <input type="text" name="cf_phone" value="<?php echo $sms5['cf_phone']; ?>" id="cf_phone" required class="frm_input required" size="13">
+            <input type="text" name="cf_phone" value="<?php echo isset($sms5['cf_phone']) ? get_sanitize_input($sms5['cf_phone']) : ''; ?>" id="cf_phone" required class="frm_input required" size="13">
        </td>
    </tr>
    </tbody>
@ -144,5 +144,4 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
 <?php } ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/config_update.php
+++ b/adm/sms_admin/config_update.php
@ -2,7 +2,7 @@
 $sub_menu = "900100";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 check_demo();

@ -10,6 +10,15 @@ check_admin_token();

 $g5['title'] = "SMS 기본설정";

+$cf_phone = isset($_REQUEST['cf_phone']) ? clean_xss_tags($_REQUEST['cf_phone'], 1, 1) : '';
+$cf_sms_use = isset($_REQUEST['cf_sms_use']) ? clean_xss_tags($_REQUEST['cf_sms_use'], 1, 1) : '';
+$cf_sms_type = isset($_REQUEST['cf_sms_type']) ? clean_xss_tags($_REQUEST['cf_sms_type'], 1, 1) : '';
+$cf_icode_id = isset($_REQUEST['cf_icode_id']) ? clean_xss_tags($_REQUEST['cf_icode_id'], 1, 1) : '';
+$cf_icode_pw = isset($_REQUEST['cf_icode_pw']) ? clean_xss_tags($_REQUEST['cf_icode_pw'], 1, 1) : '';
+$cf_icode_server_ip = isset($_REQUEST['cf_icode_server_ip']) ? clean_xss_tags($_REQUEST['cf_icode_server_ip'], 1, 1) : '';
+$cf_icode_server_port = isset($_REQUEST['cf_icode_server_port']) ? clean_xss_tags($_REQUEST['cf_icode_server_port'], 1, 1) : '';
+$cf_icode_token_key = isset($_REQUEST['cf_icode_token_key']) ? clean_xss_tags($_REQUEST['cf_icode_token_key'], 1, 1) : '';
+
 // 회신번호 체크
 if(!check_vaild_callback($cf_phone))
    alert('회신번호가 올바르지 않습니다.');
@ -42,5 +51,4 @@ $sql = " update {$g5['config_table']}
                cf_icode_token_key      = '$cf_icode_token_key'";
 sql_query($sql);

-goto_url("./config.php");
-?>
+goto_url("./config.php");
--- a/adm/sms_admin/emoticon_move.php
+++ b/adm/sms_admin/emoticon_move.php
@ -6,7 +6,7 @@ if ($sw != 'move'){
    alert('sw 값이 제대로 넘어오지 않았습니다.');
 }

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = '이모티콘그룹 이동';
 include_once(G5_PATH.'/head.sub.php');
@ -111,5 +111,4 @@ function fboardmoveall_submit(f)
 </script>

 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
--- a/adm/sms_admin/emoticon_move_update.php
+++ b/adm/sms_admin/emoticon_move_update.php
@ -1,12 +1,14 @@
 <?php
 include_once('./_common.php');

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

-if(!count($_POST['chk_fg_no']))
+$post_chk_fg_no = (isset($_POST['chk_fg_no']) && is_array($_POST['chk_fg_no'])) ? $_POST['chk_fg_no'] : array();
+
+if(!count($post_chk_fg_no))
    alert('이모티콘을 이동할 그룹을 한개 이상 선택해 주십시오.', $url);

-$fo_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $fo_no_list);
+$fo_no_list = isset($_POST['fo_no_list']) ? preg_replace('/[^a-zA-Z0-9\, ]/', '', $_POST['fo_no_list']) : '';

 $sql = "select * from {$g5['sms5_form_table']} where fo_no in ($fo_no_list) order by fo_no desc ";
 $result = sql_query($sql);
@ -14,9 +16,9 @@ $save = array();
 for ($kk=0;$row = sql_fetch_array($result);$kk++)
 {
    $fo_no = $row['fo_no'];
-    for ($i=0; $i<count($_POST['chk_fg_no']); $i++)
+    for ($i=0; $i<count($post_chk_fg_no); $i++)
    {
-        $fg_no = $_POST['chk_fg_no'][$i];
+        $fg_no = $post_chk_fg_no[$i];
        if( !$fg_no ) continue;
        $group = sql_fetch("select * from {$g5['sms5_form_group_table']} where fg_no = '$fg_no'");
        $sql = " insert into {$g5['sms5_form_table']}
@ -58,5 +60,4 @@ window.close();
 </p>
 <a href="$opener_href">돌아가기</a>
 </noscript>
-HEREDOC;
-?>
+HEREDOC;
--- a/adm/sms_admin/form_group.php
+++ b/adm/sms_admin/form_group.php
@ -4,7 +4,7 @@ include_once("./_common.php");

 $colspan = 5;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "이모티콘 그룹";

@ -67,8 +67,8 @@ function grouplist_submit(f)

 </script>

-<form name="group<?php echo $res['fg_no']?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
-<input type="hidden" name="fg_no" value="<?php echo $res['fg_no']?>">
+<form name="group<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
+<input type="hidden" name="fg_no" value="<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>">
 <div>
    <label for="fg_name">그룹명<strong class="sound_only"> 필수</strong></label>
    <input type="text" id="fg_name" name="fg_name" required class="required frm_input">
@ -83,7 +83,7 @@ function grouplist_submit(f)
    <p>그룹명순으로 정렬됩니다.</p>
 </div>

-<form name="group<?php echo $group[$i]['fg_no']?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
+<form name="group<?php echo isset($group[$i]['fg_no']) ? $group[$i]['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
 <input type="hidden" name="w" value="u">

 <div class="tbl_head01 tbl_wrap">
@ -173,5 +173,4 @@ function grouplist_submit(f)
 </form>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/form_group_move.php
+++ b/adm/sms_admin/form_group_move.php
@ -3,7 +3,10 @@
 $sub_menu = "900500";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
+$move_no = isset($_REQUEST['move_no']) ? (int) $_REQUEST['move_no'] : 0;

 if ($fg_no) 
 {
@ -26,5 +29,4 @@ $group = sql_fetch("select * from {$g5['sms5_form_group_table']} where fg_no = '

 sql_query("update {$g5['sms5_form_table']} set fg_no = '$move_no', fg_member = '{$group['fg_member']}' where fg_no = '$fg_no'");

-goto_url('./form_group.php');
-?>
+goto_url('./form_group.php');
--- a/adm/sms_admin/form_group_update.php
+++ b/adm/sms_admin/form_group_update.php
@ -2,15 +2,17 @@
 $sub_menu = "900500";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$post_cnk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();

 if ($w == 'u') // 업데이트
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;
        $fg_name = isset($_POST['fg_name'][$k]) ? addslashes(strip_tags($_POST['fg_name'][$k])) : '';
        $fg_member = isset($_POST['fg_member'][$k]) ? addslashes(strip_tags($_POST['fg_member'][$k])) : '';

@ -34,11 +36,11 @@ if ($w == 'u') // 업데이트
 }
 else if ($w == 'de') // 그룹삭제
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;

        if (!is_numeric($fg_no))
            alert('그룹 고유번호가 없습니다.');
@ -53,11 +55,11 @@ else if ($w == 'de') // 그룹삭제
 }
 else if ($w == 'em') 
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_cnk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $fg_no = (int) $_POST['fg_no'][$k];
+        $k = $post_cnk[$i];
+        $fg_no = isset($_POST['fg_no'][$k]) ? (int) $_POST['fg_no'][$k] : 0;

        if ($fg_no == 'no') $fg_no = 0;

@ -92,5 +94,4 @@ else // 등록
    sql_query("insert into {$g5['sms5_form_group_table']} set fg_name = '$fg_name'");
 }

-goto_url('./form_group.php');
-?>
+goto_url('./form_group.php');
--- a/adm/sms_admin/form_list.php
+++ b/adm/sms_admin/form_list.php
@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 12;
 $colspan = 2;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $token = get_token();

@ -13,7 +13,7 @@ $g5['title'] = "이모티콘 관리";

 if ($page < 1) $page = 1;

-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;

 if (is_numeric($fg_no))
    $sql_group = " and fg_no='$fg_no' ";
@ -237,5 +237,4 @@ function select_copy(sw, f) {
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?fg_no=$fg_no&amp;st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/form_multi_update.php
+++ b/adm/sms_admin/form_multi_update.php
@ -2,19 +2,22 @@
 $sub_menu = "900600";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 check_admin_token();

+$post_fo_no = (isset($_POST['fo_no']) && is_array($_POST['fo_no'])) ? $_POST['fo_no'] : array();
+$atype = isset($_POST['atype']) ? clean_xss_tags($_POST['atype'], 1, 1) : '';
+
 if($atype == "del"){
-    $count = count($_POST['fo_no']);
+    $count = count($post_fo_no);
    if(!$count)
        alert('선택삭제 하실 항목을 하나이상 선택해 주세요.');

    for ($i=0; $i<$count; $i++)
    {
        // 실제 번호를 넘김
-        $fo_no = (int) $_POST['fo_no'][$i];
+        $fo_no = (int) $post_fo_no[$i];
        if (!trim($fo_no)) continue;

        $res = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
--- a/adm/sms_admin/form_update.php
+++ b/adm/sms_admin/form_update.php
@ -2,10 +2,11 @@
 $sub_menu = "900600";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

-$fo_name = isset($fo_name) ? strip_tags(clean_xss_attributes($fo_name)) : '';
-$fo_content = isset($fo_content) ? strip_tags(clean_xss_attributes($fo_content)) : '';
+$fo_name = isset($_REQUEST['fo_name']) ? strip_tags(clean_xss_attributes($_REQUEST['fo_name'])) : '';
+$fo_content = isset($_REQUEST['fo_content']) ? strip_tags(clean_xss_attributes($_REQUEST['fo_content'])) : '';
+$fo_receipt = isset($_REQUEST['fo_receipt']) ? clean_xss_tags($_REQUEST['fo_receipt'], 1, 1) : '';

 $g5['title'] = "이모티콘 업데이트";

@ -77,5 +78,4 @@ else // 등록
 }

 $go_url = './form_list.php?page='.$page.'&amp;fg_no='.$get_fg_no;
-goto_url($go_url);
-?>
+goto_url($go_url);
--- a/adm/sms_admin/form_write.php
+++ b/adm/sms_admin/form_write.php
@ -2,11 +2,19 @@
 $sub_menu = "900600";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 $g5['title'] = "이모티콘 ";

-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fo_no = isset($_REQUEST['fo_no']) ? (int) $_REQUEST['fo_no'] : 0;
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : '';
+
+$write = array(
+'fg_no'=>null,
+'fo_no'=>null,
+'fo_name'=>'',
+'fo_content'=>''
+);

 if ($w == 'u' && is_numeric($fo_no)) {
    $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
@ -14,6 +22,7 @@ if ($w == 'u' && is_numeric($fo_no)) {
 }
 else  {
    $write['fg_no'] = $fg_no;
+    $write['fo_no'] = $fo_no;
    $g5['title'] .= '추가';
 }

@ -23,7 +32,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <form name="book_form" method="post" action="form_update.php">
 <input type="hidden" name="w" value="<?php echo $w?>">
 <input type="hidden" name="page" value="<?php echo $page?>">
-<input type="hidden" name="fo_no" value="<?php echo $write['fo_no']?>">
+<input type="hidden" name="fo_no" value="<?php echo $write['fo_no']; ?>">
 <input type="hidden" name="get_fg_no" value="<?php echo $fg_no?>">

    <div class="tbl_frm01 tbl_wrap">
@ -231,5 +240,4 @@ $(function(){
 </script>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_list.php
+++ b/adm/sms_admin/history_list.php
@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 20;
 $colspan = 11;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "문자전송 내역";

@ -23,7 +23,7 @@ $total_page = (int)($total_count/$page_size) + ($total_count%$page_size==0 ? 0 :
 $page_start = $page_size * ( $page - 1 );

 $vnum = $total_count - (($page-1) * $page_size);
-
+$line = 0;
 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>

@ -68,7 +68,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    while($res = sql_fetch_array($qry)) {
        $bg = 'bg'.($line++%2);
        $tmp_wr_memo = @unserialize($res['wr_memo']);
-        $dupli_count = $tmp_wr_memo['total'] ? $tmp_wr_memo['total'] : 0;
+        $dupli_count = (isset($tmp_wr_memo['total']) && $tmp_wr_memo['total']) ? (int) $tmp_wr_memo['total'] : 0;
    ?>
    <tr class="<?php echo $bg; ?>">
        <td class="td_numsmall"><?php echo $vnum--?></td>
@ -94,5 +94,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_num.php
+++ b/adm/sms_admin/history_num.php
@ -5,12 +5,14 @@ include_once('./_common.php');
 $page_size = 20;
 $colspan = 10;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "문자전송 내역 (번호별)";

 if ($page < 1) $page = 1;

+$line = 0;
+
 if( isset($st) && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
    $st = '';
 }
@ -107,5 +109,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?st=$st&amp;sv=$sv&amp;page="); ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_send.php
+++ b/adm/sms_admin/history_send.php
@ -2,7 +2,9 @@
 $sub_menu = "900400";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;

 $g5['title'] = "문자전송중";

@ -229,5 +231,4 @@ if($config['cf_sms_type'] == 'LMS') {
 location.href = 'history_view.php?wr_no=<?php echo $wr_no?>&wr_renum=<?php echo $new_wr_renum?>';
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/history_view.php
+++ b/adm/sms_admin/history_view.php
@ -6,8 +6,12 @@ $spage_size = 20;
 $colspan = 10;
 $re_text = '';

-$st = isset($st) ? strip_tags($st) : '';
-$ssv = isset($ssv) ? strip_tags($ssv) : '';
+$st = isset($_REQUEST['st']) ? clean_xss_tags($_REQUEST['st'], 1, 1) : '';
+$ssv = isset($_REQUEST['ssv']) ? clean_xss_tags($_REQUEST['ssv'], 1, 1) : '';
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;
+$wr_renum = isset($_REQUEST['wr_renum']) ? (int) $_REQUEST['wr_renum'] : 0;
+$spage = isset($_REQUEST['spage']) ? (int) $_REQUEST['spage'] : 0;
+$line = 0;

 if( $st && !in_array($st, array('hs_name', 'hs_hp', 'bk_no')) ){
    $st = '';
@ -17,7 +21,7 @@ if( $sst && !in_array($sst, array('mb_id', 'bk_no', 'hs_name', 'hs_hp', 'hs_date
    $sst = '';
 }

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "문자전송 상세내역";

@ -261,5 +265,4 @@ function all_send()
 <?php echo sms5_sub_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $spage, $total_spage, $_SERVER['SCRIPT_NAME']."?wr_no=$wr_no&amp;wr_renum=$wr_renum&amp;page=$page&amp;st=$st&amp;sv=$sv&amp;sst=$sst&amp;ssv=$ssv", "", "spage"); ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/install.php
+++ b/adm/sms_admin/install.php
@ -2,11 +2,11 @@
 $sub_menu = "900000";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], 'r');
+auth_check_menu($auth, $sub_menu, 'r');

 $g5['title'] = "SMS5 솔루션 설치";

-$setup = $_POST['setup'];
+$setup = (isset($_POST['setup']) && $_POST['setup']) ? 1 : 0;

 include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>
@ -83,5 +83,4 @@ flush(); usleep(50000);
 <script>document.getElementById('sms5_btn_next').focus();</script>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/member_update.php
+++ b/adm/sms_admin/member_update.php
@ -2,7 +2,7 @@
 $sub_menu = "900200";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "회원정보 업데이트";

@ -19,7 +19,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
    </div>
    <div class="local_desc01 local_desc">
        <p>
-            마지막 업데이트 일시 : <span id="datetime"><?php echo $sms5['cf_datetime']?></span> <br>
+            마지막 업데이트 일시 : <span id="datetime"><?php echo isset($sms5['cf_datetime']) ? get_sanitize_input($sms5['cf_datetime']) : ''; ?></span> <br>
        </p>
    </div>

@ -64,5 +64,4 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 </script>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/member_update_run.php
+++ b/adm/sms_admin/member_update_run.php
@ -3,6 +3,8 @@ $sub_menu = "900200";
 include_once("./_common.php");
@include_once(G5_PLUGIN_PATH."/sms5/JSON.php");

+$mtype = isset($_REQUEST['mtype']) ? clean_xss_tags($_REQUEST['mtype'], 1, 1) : '';
+
 if(empty($config['cf_sms_use'])){
    if( $mtype == "json" ){
        die("{\"error\":\"환경 설정의 SMS 사용에서 아이코드를 사용설정해 주셔야 실행할수 있습니다.\"}");
@ -19,9 +21,9 @@ if( !function_exists('json_encode') ) {
 }

 if( $mtype == "json" ){
-    ajax_auth_check($auth[$sub_menu], "w");
+    ajax_auth_check_menu($auth, $sub_menu, "w");
 } else {
-    auth_check($auth[$sub_menu], "w");
+    auth_check_menu($auth, $sub_menu, "w");
 }

 $count      = 0;
@ -126,5 +128,4 @@ if( $mtype == "json" ){
    die( json_encode($json_msg) );
 } else {
    die( $msg );
-}
-?>
+}
--- a/adm/sms_admin/num_book.php
+++ b/adm/sms_admin/num_book.php
@ -5,7 +5,7 @@ include_once("./_common.php");
 $page_size = 20;
 $colspan = 9;

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $token = get_token();

@ -13,8 +13,8 @@ $g5['title'] = "휴대폰번호 관리";

 if ($page < 1) $page = 1;

-$bg_no = isset($bg_no) ? preg_replace('/[^0-9]/i', '', $bg_no) : '';
-$st = isset($st) ? preg_replace('/[^a-z0-9]/i', '', $st) : '';
+$bg_no = isset($_REQUEST['bg_no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['bg_no']) : '';
+$st = isset($_REQUEST['st']) ? preg_replace('/[^a-z0-9]/i', '', $_REQUEST['st']) : '';

 $sql_korean = $sql_group = $sql_search = $sql_no_hp = '';

@ -33,6 +33,9 @@ if ($st == 'all') {
    $sql_search = '';
 }

+$ap = isset($_GET['ap']) ? (int) $_GET['ap'] : 0;
+$no_hp = isset($_GET['no_hp']) ? preg_replace('/[^0-9a-z_]/i', '', $_GET['no_hp']) : 0;
+
 if ($ap > 0)
    $sql_korean = korean_index('bk_name', $ap-1);
 else {
@ -104,7 +107,7 @@ function no_hp_click(val)
 </script>

 <div class="local_ov01 local_ov">
-    <span class="btn_ov01"><span class="ov_txt">업데이트 </span><span class="ov_num"><?php echo $sms5['cf_datetime']?></span></span>
+    <span class="btn_ov01"><span class="ov_txt">업데이트 </span><span class="ov_num"><?php echo isset($sms5['cf_datetime']) ? $sms5['cf_datetime'] : ''; ?></span></span>
    <span class="btn_ov01"><span class="ov_txt"> 건수  </span><span class="ov_num"><?php echo number_format($total_count)?>명</span></span>
    <span class="btn_ov01"><span class="ov_txt"> 회원  </span><span class="ov_num"> <?php echo number_format($member_count)?>명</span></span>
    <span class="btn_ov01"><span class="ov_txt"> 비회원  </span><span class="ov_num"> <?php echo number_format($no_member_count)?>명</span></span>
@ -262,5 +265,4 @@ function select_copy(sw, f) {
 <?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, $_SERVER['SCRIPT_NAME']."?bg_no=$bg_no&amp;st=$st&amp;sv=$sv&amp;ap=$ap&amp;page="); ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/num_book_file.php
+++ b/adm/sms_admin/num_book_file.php
@ -2,7 +2,7 @@
 $sub_menu = "900900";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "휴대폰번호 파일";

@ -154,5 +154,4 @@ function download()
 }
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/num_book_file_download.php
+++ b/adm/sms_admin/num_book_file_download.php
@ -2,7 +2,10 @@
 $sub_menu = "900900";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+$bg_no = isset($_REQUEST['bg_no']) ? clean_xss_tags($_REQUEST['bg_no'], 1, 1) : '';
+$no_hp = isset($_REQUEST['no_hp']) ? clean_xss_tags($_REQUEST['no_hp'], 1, 1) : '';
+
+auth_check_menu($auth, $sub_menu, "r");

 if ($bg_no != 'all' && $bg_no < 1)
    alert_just('다운로드 할 휴대폰번호 그룹을 선택해주세요.');
@ -18,50 +21,49 @@ if (!$total['cnt']) alert_just('데이터가 없습니다.');

 $qry = sql_query("select * from {$g5['sms5_book_table']} where 1 $sql_bg $sql_hp order by bk_name");

-/*================================================================================
-php_writeexcel http://www.bettina-attack.de/jonny/view.php/projects/php_writeexcel/
-=================================================================================*/
+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}

-include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_workbook.inc.php');
-include_once(G5_LIB_PATH.'/Excel/php_writeexcel/class.writeexcel_worksheet.inc.php');
+include_once(G5_LIB_PATH.'/PHPExcel.php');
+$excel = new PHPExcel();

-$fname = tempnam(G5_DATA_PATH, "tmp.xls");
-$workbook = new writeexcel_workbook($fname);
-$worksheet = $workbook->addworksheet();
-
-$num2_format =& $workbook->addformat(array(num_format => '\0#'));
-
-// Put Excel data
-$data = array('이름', '전화번호');
-$data = array_map('iconv_euckr', $data);
+$headers = array('이름', '전화번호');
+$widths  = array(18, 25);
+$header_bgcolor = 'FFABCDEF';
+$last_char = column_char(count($headers) - 1);
+$rows = array();

 $col = 0;
-foreach($data as $cell) {
-    $worksheet->write(0, $col++, $cell);
-}

 for($i=1; $res=sql_fetch_array($qry); $i++)
 {
-    $res = array_map('iconv_euckr', $res);
+    //$res = array_map('iconv_euckr', $res);

    $hp = get_hp($res['bk_hp'], $hyphen);

    if ($no_hp && $res['bk_hp'] != '' && !$hp) continue;

-    $worksheet->write($i, 0, $res['bk_name']);
-    $worksheet->write($i, 1, $hp, $num2_format);
+    $rows[] = array($res['bk_name'], ' '.$hp);
 }

-$workbook->close();
+$data = array_merge(array($headers), $rows);
+
+$excel->setActiveSheetIndex(0)->getStyle( "A1:${last_char}1" )->getFill()->setFillType(PHPExcel_Style_Fill::FILL_SOLID)->getStartColor()->setARGB($header_bgcolor);
+$excel->setActiveSheetIndex(0)->getStyle( "A:$last_char" )->getAlignment()->setVertical(PHPExcel_Style_Alignment::VERTICAL_CENTER)->setWrapText(true);
+foreach($widths as $i => $w) $excel->setActiveSheetIndex(0)->getColumnDimension( column_char($i) )->setWidth($w);
+$excel->getActiveSheet()->fromArray($data,NULL,'A1');

 $filename = "휴대폰번호목록-".date("ymd", time()).".xls";
 if( is_ie() ) $filename = utf2euc($filename);

-header("Content-Type: application/x-msexcel; name=".$filename);
-header("Content-Disposition: inline; filename=".$filename);
-$fh=fopen($fname, "rb");
-fpassthru($fh);
-unlink($fname);
+header("Content-Type: application/octet-stream");
+header("Content-Disposition: attachment; filename=".$filename);
+header("Cache-Control: max-age=0");

-exit;
-?>
+$writer = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
+$writer->save('php://output');
+
+exit;
--- a/adm/sms_admin/num_book_file_upload.php
+++ b/adm/sms_admin/num_book_file_upload.php
@ -2,14 +2,17 @@
 $sub_menu = "900900";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");
+
+$upload_bg_no = isset($_REQUEST['upload_bg_no']) ? clean_xss_tags($_REQUEST['upload_bg_no'], 1, 1) : '';
+$confirm = isset($_REQUEST['confirm']) ? clean_xss_tags($_REQUEST['confirm'], 1, 1) : '';

 if (!$upload_bg_no)
    alert_after('그룹을 선택해주세요.');

 $bg_no = $upload_bg_no;

-if (!$_FILES['csv']['size']) 
+if (! (isset($_FILES['csv']['size']) && $_FILES['csv']['size'])) 
    alert_after('파일을 선택해주세요.');

 $file = $_FILES['csv']['tmp_name'];
@ -18,6 +21,12 @@ $filename = $_FILES['csv']['name'];
 $pos = strrpos($filename, '.');
 $ext = strtolower(substr($filename, $pos, strlen($filename)));

+if(! function_exists('column_char')) {
+    function column_char($i) {
+        return chr( 65 + $i );
+    }
+}
+
 switch ($ext) {
    case '.csv' :
        $data = file($file);
@ -36,16 +45,17 @@ switch ($ext) {
        }
        break;
    case '.xls' :
-        include_once(G5_LIB_PATH.'/Excel/reader.php');
-        $data = new Spreadsheet_Excel_Reader();
+    case '.xlsx' :
+        include_once(G5_LIB_PATH.'/PHPExcel/IOFactory.php');
+        $objPHPExcel = PHPExcel_IOFactory::load($file);
+        $sheet = $objPHPExcel->getSheet(0);
+
+        $num_rows = $sheet->getHighestRow();
+        $highestColumn = $sheet->getHighestColumn();

-        // Set output Encoding.
-        $data->setOutputEncoding('UTF-8');
-        $data->read($file);
-        $num_rows = $data->sheets[0]['numRows'];
        break;
    default :
-        alert_after('xls파일과 csv파일만 허용합니다.');
+        alert_after('xls파일 xlsx파일과 csv파일만 허용합니다.');
 }

 $counter = 0;
@ -54,6 +64,8 @@ $failure = 0;
 $inner_overlap = 0;
 $overlap = 0;
 $arr_hp = array();
+$dupl_hp = array();
+$regi_hp = array();
 $encode = array('ASCII','UTF-8','EUC-KR');

 for ($i = 1; $i <= $num_rows; $i++) {
@ -71,18 +83,25 @@ for ($i = 1; $i <= $num_rows; $i++) {
            $hp   = addslashes($csv[$i][1]);
            break;
        case '.xls' :
-            $name = addslashes($data->sheets[0]['cells'][$i][$j++]);
-            $str_encode = @mb_detect_encoding($name, $encode);
-            if( $str_encode == "EUC-KR" ){
-                $name = iconv_utf8( $name );
+        case '.xlsx' :
+            $rowData = $sheet->rangeToArray('A' . $i . ':' . $highestColumn . $i,
+                                                NULL,
+                                                TRUE,
+                                                FALSE);
+            $name = isset($rowData[0][0]) ? addslashes($rowData[0][0]) : '';
+            if( $name ){
+                $str_encode = @mb_detect_encoding($name, $encode);
+                if( $str_encode == "EUC-KR" ){
+                    $name = iconv_utf8( $name );
+                }
            }
-            $hp   = addslashes(get_hp($data->sheets[0]['cells'][$i][$j++]));
+            $hp   = isset($rowData[0][1]) ? addslashes(get_hp($rowData[0][1])) : '';
            break;
    }
+
    if (!(strlen($name)&&$hp))
    {
        $failure++;
-
    } else {
        if (in_array($hp, $arr_hp))
        {
@ -92,15 +111,17 @@ for ($i = 1; $i <= $num_rows; $i++) {
            array_push($arr_hp, $hp);

            $res = sql_fetch("select * from {$g5['sms5_book_table']} where bk_hp='$hp'");
-            if ($res) 
+
+            if (isset($res['bk_hp']) && $res['bk_hp']) 
            {
+                array_push($dupl_hp, $hp);
                $overlap++;
-            } 
-            else if (!$confirm && $hp) 
-            {
+            } else if (!$confirm && $hp) {
                sql_query("insert into {$g5['sms5_book_table']} set bg_no='$bg_no', bk_name='".addslashes($name)."', bk_hp='$hp', bk_receipt=1, bk_datetime='".G5_TIME_YMDHIS."'");
                sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + 1, bg_nomember = bg_nomember + 1, bg_receipt = bg_receipt + 1 where bg_no='$bg_no'");
                $success++;
+            } else {
+                array_push($regi_hp, $hp);
            }
        }
    }
@ -127,7 +148,7 @@ html += \"<li>중복번호 ".number_format($overlap)." 건<div id=\\\"overlap\\\
 if ($result)
 {
    if ($confirm) {
-        echo "html += \"<li class=\\\"sms5_txt_success\\\">등록가능 ".number_format($result)." 건\";";
+        echo "html += \"<li class=\\\"sms5_txt_success\\\">등록가능 ".number_format($result)." 건<div id=\\\"regi_hps\\\" class=\\\"local_desc01 local_desc\\\"></div>\";";
        echo "html += \"<br><button type=\\\"button\\\" id=\\\"btn_fileup\\\" class=\\\"btn_submit\\\" onclick=\\\"upload(1)\\\">등록하기</button>\";";
    }
    else
@ -143,16 +164,27 @@ parent.document.getElementById('uploading').style.display = 'none';
 parent.document.getElementById('register').style.display = 'none';

 info.style.display = 'block';
-info.innerHTML = html;
+info.innerHTML = html;";

-parent.document.getElementById('overlap').innerHTML = '<p><b>중복번호 목록</b><br>';";
+if( $dupl_hp ) {
+    echo "parent.document.getElementById('overlap').innerHTML = '<p><b>중복번호 목록</b><br>';";

-for ($i=0; $i<count($arr_hp); $i++){
-echo "parent.document.getElementById('overlap').innerHTML += '".$arr_hp[$i]."<br>';\n";
+    for ($i=0; $i<count($dupl_hp); $i++){
+        echo "parent.document.getElementById('overlap').innerHTML += '".$dupl_hp[$i]."<br>';\n";
+    }
+    echo "parent.document.getElementById('overlap').innerHTML += '</p>';\n";
 }
-echo "parent.document.getElementById('overlap').innerHTML += '</p>';\n";
-echo "</script>";

+if( $regi_hp ) {
+    echo "parent.document.getElementById('regi_hps').innerHTML = '<p><b>등록가능 목록</b><br>';";
+
+    for ($i=0; $i<count($regi_hp); $i++){
+        echo "parent.document.getElementById('regi_hps').innerHTML += '".$regi_hp[$i]."<br>';\n";
+    }
+    echo "parent.document.getElementById('regi_hps').innerHTML += '</p>';\n";
+}
+
+echo "</script>";

 function alert_after($str) {
    echo "<script>
@ -162,5 +194,4 @@ function alert_after($str) {
    parent.document.getElementById('upload_info').style.display = 'none';
    </script>";
    alert_just($str);
-}
-?>
+}
--- a/adm/sms_admin/num_book_move.php
+++ b/adm/sms_admin/num_book_move.php
@ -11,12 +11,12 @@ if ($sw == 'move'){
    alert('sw 값이 제대로 넘어오지 않았습니다.');
 }

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = '번호그룹 ' . $act;
 include_once(G5_PATH.'/head.sub.php');

-$bk_no_list = implode(',', $_POST['bk_no']);
+$bk_no_list = isset($_POST['bk_no']) ? implode(',', $_POST['bk_no']) : '';

 $sql = " select * from {$g5['sms5_book_group_table']} order by bg_no ";
 $result = sql_query($sql);
@ -124,5 +124,4 @@ function fboardmoveall_submit(f)
 </script>

 <?php
-include_once(G5_PATH.'/tail.sub.php');
-?>
+include_once(G5_PATH.'/tail.sub.php');
--- a/adm/sms_admin/num_book_multi_update.php
+++ b/adm/sms_admin/num_book_multi_update.php
@ -2,13 +2,15 @@
 $sub_menu = "900800";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 $g5['title'] = "전화번호부";

-for ($i=0; $i<count($_POST['bk_no']); $i++) 
+$post_bk_no = (isset($_POST['bk_no']) && is_array($_POST['bk_no'])) ? $_POST['bk_no'] : array();
+
+for ($i=0; $i<count($post_bk_no); $i++) 
 {
-    $bk_no = $_POST['bk_no'][$i];
+    $bk_no = $post_bk_no[$i];
    if (!trim($bk_no)) continue;

    $res = sql_fetch("select * from {$g5['sms5_book_table']} where bk_no='$bk_no'");
@ -59,5 +61,4 @@ for ($i=0; $i<count($_POST['bk_no']); $i++)
 if( $str_query ){
    $str_query = '?'.$str_query;
 }
-goto_url('./num_book.php'.$str_query);
-?>
+goto_url('./num_book.php'.$str_query);
--- a/adm/sms_admin/num_book_update.php
+++ b/adm/sms_admin/num_book_update.php
@ -2,7 +2,7 @@
 $sub_menu = "900800";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 $g5['title'] = "휴대폰번호 업데이트";

@ -10,10 +10,11 @@ $g5['sms5_demo'] = 0;

 $is_hp_exist = false;

-$bk_hp = get_hp($bk_hp);
+$bk_hp = isset($_REQUEST['bk_hp']) ? get_hp($_REQUEST['bk_hp']) : '';

-$bk_memo = strip_tags($bk_memo);
-$bk_name = strip_tags($bk_name);
+$bk_memo = isset($_REQUEST['bk_memo']) ? strip_tags($_REQUEST['bk_memo']) : '';
+$bk_name = isset($_REQUEST['bk_name']) ? strip_tags($_REQUEST['bk_name']) : '';
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;

 if ($w=='u') // 업데이트
 {
@ -54,7 +55,7 @@ if ($w=='u') // 업데이트
        // 휴대폰번호 중복체크
        $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$res['mb_id']}' and mb_hp = '{$bk_hp}' ";
        $mb_hp_exist = sql_fetch($sql);
-        if ($mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
+        if (isset($mb_hp_exist['mb_id']) && $mb_hp_exist['mb_id']) { //중복된 회원 휴대폰번호가 있다면
            $is_hp_exist = true;
        } else {
             sql_query("update {$g5['member_table']} set mb_name='".addslashes($bk_name)."', mb_hp='$bk_hp', mb_sms='$bk_receipt' where mb_id='{$res['mb_id']}'", false);
@ -136,5 +137,4 @@ else // 등록
 }

 $go_url = './num_book.php?page='.$page.'&amp;bg_no='.$get_bg_no.'&amp;ap='.$ap;
-goto_url($go_url);
-?>
+goto_url($go_url);
--- a/adm/sms_admin/num_book_write.php
+++ b/adm/sms_admin/num_book_write.php
@ -3,8 +3,11 @@ $sub_menu = "900800";
 include_once("./_common.php");

 $colspan = 4;
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$ap = isset($_REQUEST['ap']) ? clean_xss_tags($_REQUEST['ap'], 1, 1) : '';

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "휴대폰번호 ";

@ -184,12 +187,12 @@ function book_submit(){
                var $check_msg = $("#hp_check_el");

                if( !list_text ){ // 중복 휴대폰 번호가 없다면 submit
-                    if($check_msg.size()> 0)
+                    if($check_msg.length > 0)
                        $check_msg.remove();

                    is_submit = true;
                } else {
-                    if($check_msg.size() < 1)
+                    if($check_msg.length < 1)
                        $("input#bk_hp").after("<div id=\"hp_check_el\"><h3>이 번호를 쓰는 회원 정보</h3><ul></ul></div>");

                    $("#hp_check_el").find("ul").html( list_text );
@ -210,5 +213,4 @@ function book_submit(){
 }
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/num_group.php
+++ b/adm/sms_admin/num_group.php
@ -2,7 +2,7 @@
 $sub_menu = "900700";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

 $g5['title'] = "휴대폰번호 그룹";

@ -77,8 +77,8 @@ function num_group_submit(f)
    <span class="btn_ov01"><span class="ov_txt">건수</span><span class="ov_num"> <?php echo $total_count; ?>건 </span></span>
 </div>

-<form name="group<?php echo $res['bg_no']?>" method="get" action="./num_group_update.php" class="local_sch02 local_sch">
-<input type="hidden" name="bg_no" value="<?php echo $res['bg_no']?>">
+<form name="group<?php echo isset($res['bg_no']) ? $res['bg_no'] : ''; ?>" method="get" action="./num_group_update.php" class="local_sch02 local_sch">
+<input type="hidden" name="bg_no" value="<?php echo isset($res['bg_no']) ? $res['bg_no'] : ''; ?>">

 <div>
    <label for="bg_name" class="sound_only">그룹추가<strong class="sound_only"> 필수</strong></label>
@ -185,5 +185,4 @@ function num_group_submit(f)

 </form>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/num_group_move.php
+++ b/adm/sms_admin/num_group_move.php
@ -3,12 +3,18 @@
 $sub_menu = "900700";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
+$move_no = isset($_REQUEST['move_no']) ? (int) $_REQUEST['move_no'] : 0;
+
+auth_check_menu($auth, $sub_menu, "w");

 $res = sql_fetch("select * from {$g5['sms5_book_group_table']} where bg_no='$bg_no'");
-sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + {$res['bg_count']}, bg_member = bg_member + {$res['bg_member']}, bg_nomember = bg_nomember + {$res['bg_nomember']}, bg_receipt = bg_receipt + {$res['bg_receipt']}, bg_reject = bg_reject + {$res['bg_reject']} where bg_no='$move_no'");
-sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
-sql_query("update {$g5['sms5_book_table']} set bg_no='$move_no' where bg_no='$bg_no'");

-goto_url('./num_group.php');
-?>
+if( $res ) {
+    sql_query("update {$g5['sms5_book_group_table']} set bg_count = bg_count + {$res['bg_count']}, bg_member = bg_member + {$res['bg_member']}, bg_nomember = bg_nomember + {$res['bg_nomember']}, bg_receipt = bg_receipt + {$res['bg_receipt']}, bg_reject = bg_reject + {$res['bg_reject']} where bg_no='$move_no'");
+    sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
+    sql_query("update {$g5['sms5_book_table']} set bg_no='$move_no' where bg_no='$bg_no'");
+}
+
+goto_url('./num_group.php');
--- a/adm/sms_admin/num_group_update.php
+++ b/adm/sms_admin/num_group_update.php
@ -2,16 +2,18 @@
 $sub_menu = "900700";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+$post_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
+
+auth_check_menu($auth, $sub_menu, "w");

 if ($w == 'u') // 업데이트
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
-        $bg_name = strip_tags(clean_xss_attributes($_POST['bg_name'][$k]));
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;
+        $bg_name = isset($_POST['bg_name'][$k]) ? strip_tags(clean_xss_attributes($_POST['bg_name'][$k])) : '';

        if (!is_numeric($bg_no))
            alert('그룹 고유번호가 없습니다.');
@ -32,11 +34,11 @@ if ($w == 'u') // 업데이트
 }
 else if ($w == 'de') // 그룹삭제
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;

        if (!is_numeric($bg_no))
            alert('그룹 고유번호가 없습니다.');
@ -51,11 +53,11 @@ else if ($w == 'de') // 그룹삭제
 }
 else if ($w == 'em') // 비우기
 {
-    for ($i=0; $i<count($_POST['chk']); $i++)
+    for ($i=0; $i<count($post_chk); $i++)
    {
        // 실제 번호를 넘김
-        $k = $_POST['chk'][$i];
-        $bg_no = (int) $_POST['bg_no'][$k];
+        $k = $post_chk[$i];
+        $bg_no = isset($_POST['bg_no'][$k]) ? (int) $_POST['bg_no'][$k] : 0;

        sql_query("update {$g5['sms5_book_group_table']} set bg_count = 0, bg_member = 0, bg_nomember = 0, bg_receipt = 0, bg_reject = 0 where bg_no='$bg_no'");
        sql_query("delete from {$g5['sms5_book_table']} where bg_no='$bg_no'");
@ -63,7 +65,7 @@ else if ($w == 'em') // 비우기
 }
 else // 등록
 {
-    $bg_name = strip_tags(clean_xss_attributes($bg_name));
+    $bg_name = isset($_POST['bg_name']) ? strip_tags(clean_xss_attributes($_POST['bg_name'])) : '';

    if (!strlen(trim($bg_name)))
        alert('그룹명을 입력해주세요');
@ -75,5 +77,4 @@ else // 등록
    sql_query("insert into {$g5['sms5_book_group_table']} set bg_name='$bg_name'");
 }

-goto_url('./num_group.php');
-?>
+goto_url('./num_group.php');
--- a/adm/sms_admin/number_move_update.php
+++ b/adm/sms_admin/number_move_update.php
@ -1,12 +1,14 @@
 <?php
 include_once('./_common.php');

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");

-if(!count($_POST['chk_bg_no']))
+$post_chk_bg_no = isset($_POST['chk_bg_no']) ? $_POST['chk_bg_no'] : array();
+
+if(!count($post_chk_bg_no))
    alert('번호를 '.$act.'할 그룹을 한개 이상 선택해 주십시오.', $url);

-$bk_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $bk_no_list);
+$bk_no_list = isset($_POST['bk_no_list']) ? preg_replace('/[^a-zA-Z0-9\, ]/', '', $_POST['bk_no_list']) : '';

 $sql = "select * from {$g5['sms5_book_table']} where bk_no in ($bk_no_list) order by bk_no desc ";
 $result = sql_query($sql);
@ -16,9 +18,9 @@ $save_group = array();
 for ($kk=0;$row = sql_fetch_array($result);$kk++)
 {
    $bk_no = $row['bk_no'];
-    for ($i=0; $i<count($_POST['chk_bg_no']); $i++)
+    for ($i=0; $i<count($post_chk_bg_no); $i++)
    {
-        $bg_no = $_POST['chk_bg_no'][$i];
+        $bg_no = $post_chk_bg_no[$i];
        if( !$bg_no ) continue;

        $sql = " insert into {$g5['sms5_book_table']}
@ -82,5 +84,4 @@ window.close();
 </p>
 <a href="$opener_href">돌아가기</a>
 </noscript>
-HEREDOC;
-?>
+HEREDOC;
--- a/adm/sms_admin/sms_write.php
+++ b/adm/sms_admin/sms_write.php
@ -2,7 +2,11 @@
 $sub_menu = "900300";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "r");
+auth_check_menu($auth, $sub_menu, "r");
+
+$wr_no = isset($_REQUEST['wr_no']) ? (int) $_REQUEST['wr_no'] : 0;
+$bk_no = isset($_REQUEST['bk_no']) ? (int) $_REQUEST['bk_no'] : 0;
+$fo_no = isset($_REQUEST['fo_no']) ? (int) $_REQUEST['fo_no'] : 0;

 $g5['title'] = "문자 보내기";

@ -10,7 +14,7 @@ include_once(G5_ADMIN_PATH.'/admin.head.php');
 ?>

 <div class="local_ov01 local_ov">
-    회원정보 최근 업데이트 : <?php echo $sms5['cf_datetime']?>
+    회원정보 최근 업데이트 : <?php echo isset($sms5['cf_datetime']) ? $sms5['cf_datetime'] : ''; ?>
 </div>

 <?php
@ -114,7 +118,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용

        <div id="write_reply">
            <label for="wr_reply">회신<strong class="sound_only"> 필수</strong></label>
-            <input type="text" name="wr_reply" value="<?php echo $sms5['cf_phone']?>" id="wr_reply" required class="frm_input required" size="17" maxlength="20" readonly="readonly">
+            <input type="text" name="wr_reply" value="<?php echo isset($sms5['cf_phone']) ? get_sanitize_input($sms5['cf_phone']) : ''; ?>" id="wr_reply" required class="frm_input required" size="17" maxlength="20" readonly="readonly">
        </div>

        <div id="write_recv" class="write_inner">
@ -831,5 +835,4 @@ var sms_obj={
 <?php } ?>

 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');
--- a/adm/sms_admin/sms_write_form.php
+++ b/adm/sms_admin/sms_write_form.php
@ -6,9 +6,9 @@ $qry = sql_query("select * from {$g5['sms5_form_group_table']} order by fg_name"
 while ($res = sql_fetch_array($qry)) array_push($group, $res);

 $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
-$no_count = $res['cnt'];
+$no_count = isset($res['cnt']) ? $res['cnt'] : 0;

-$fg_no = isset($fg_no) ? (int) $fg_no : '';
+$fg_no = isset($_REQUEST['fg_no']) ? (int) $_REQUEST['fg_no'] : 0;
 ?>

 <form name="emo_frm">
--- a/adm/sms_admin/sms_write_overlap_check.php
+++ b/adm/sms_admin/sms_write_overlap_check.php
@ -2,12 +2,14 @@
 $sub_menu = "900300";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 $list = $hps = array();

 $overlap = 0;

+$send_list = isset($_REQUEST['send_list']) ? clean_xss_tags($_REQUEST['send_list'], 1, 1) : '';
+
 if( !$send_list ){
    die("넘어온 데이터 값이 없습니다.");
 }
@ -65,5 +67,4 @@ while ($row = array_shift($send_list))
 if ($overlap)
    die("중복되는 휴대폰번호가 $overlap 건 있습니다. ");
 else
-    die("중복되는 휴대폰번호가 없습니다. ");
-?>
+    die("중복되는 휴대폰번호가 없습니다. ");
--- a/adm/sms_admin/sms_write_send.php
+++ b/adm/sms_admin/sms_write_send.php
@ -2,7 +2,7 @@
 $sub_menu = "900300";
 include_once("./_common.php");

-auth_check($auth[$sub_menu], "w");
+auth_check_menu($auth, $sub_menu, "w");

 check_admin_token();

@ -24,8 +24,15 @@ if ( ! (($config['cf_icode_id'] && $config['cf_icode_pw']) || $config['cf_icode_
    alert('아이코드 설정값이 존재하지 않습니다.');
 }

-$wr_reply   = preg_replace('#[^0-9\-]#', '', trim($wr_reply));
-$wr_message = clean_xss_tags(trim($wr_message));
+$wr_reply   = isset($_REQUEST['wr_reply']) ? preg_replace('#[^0-9\-]#', '', trim($_REQUEST['wr_reply'])) : '';
+$wr_message = isset($_REQUEST['wr_message']) ? clean_xss_tags(trim($_REQUEST['wr_message'])) : '';
+$send_list = isset($_REQUEST['send_list']) ? clean_xss_tags(trim($_REQUEST['send_list']), 1, 1) : '';
+
+$wr_by = isset($_REQUEST['wr_by']) ? clean_xss_tags(trim($_REQUEST['wr_by']), 1, 1) : '';
+$wr_bm = isset($_REQUEST['wr_bm']) ? clean_xss_tags(trim($_REQUEST['wr_bm']), 1, 1) : '';
+$wr_bd = isset($_REQUEST['wr_bd']) ? clean_xss_tags(trim($_REQUEST['wr_bd']), 1, 1) : '';
+$wr_bh = isset($_REQUEST['wr_bh']) ? clean_xss_tags(trim($_REQUEST['wr_bh']), 1, 1) : '';
+$wr_bi = isset($_REQUEST['wr_bi']) ? clean_xss_tags(trim($_REQUEST['wr_bi']), 1, 1) : '';

 if (!$wr_reply)
    win_close_alert('회신 번호를 숫자, - 로 입력해주세요.');
@ -359,5 +366,4 @@ function win_close_alert($msg) {
 location.href = 'history_view.php?wr_no=<?php echo $wr_no?>';
 </script>
 <?php
-include_once(G5_ADMIN_PATH.'/admin.tail.php');
-?>
+include_once(G5_ADMIN_PATH.'/admin.tail.php');