firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

관리페이지 메뉴 접근 권한이 부여된 경우 관리페이지의 index 페이지의 정보가 노출되는 문제 #258

Browse Source
This commit is contained in:
thisgun
2023-08-16 11:44:42 +09:00
parent e43e424d80
commit 5d4ba1030e
3 changed files with 353 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/admin.tail.php
View File

@ -5,7 +5,7 @@ if (!defined('_GNUBOARD_')) {
// 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전이 통합됨에 따라 그누보드 버전만 표시 // 그누보드5.4.5.5 버전과 영카트5.4.5.5.1 버전이 통합됨에 따라 그누보드 버전만 표시
// $print_version = defined('G5_YOUNGCART_VER') ? 'YoungCart Version '.G5_YOUNGCART_VER : 'Version '.G5_GNUBOARD_VER; // $print_version = defined('G5_YOUNGCART_VER') ? 'YoungCart Version '.G5_YOUNGCART_VER : 'Version '.G5_GNUBOARD_VER;
$print_version = 'Version ' . G5_GNUBOARD_VER; $print_version = ($is_admin == 'super') ? 'Version ' . G5_GNUBOARD_VER : '';
?> ?>
<noscript> <noscript>

111
adm/index.php
View File

@ -14,42 +14,44 @@ $new_member_rows = 5;
$new_point_rows = 5; $new_point_rows = 5;
$new_write_rows = 5; $new_write_rows = 5;
$sql_common = " from {$g5['member_table']} "; if (! auth_check_menu($auth, '200100', 'r', true)) {
$sql_search = " where (1) "; $sql_common = " from {$g5['member_table']} ";
if ($is_admin != 'super') { $sql_search = " where (1) ";
if ($is_admin != 'super') {
$sql_search .= " and mb_level <= '{$member['mb_level']}' "; $sql_search .= " and mb_level <= '{$member['mb_level']}' ";
} }
if (!$sst) { if (!$sst) {
$sst = "mb_datetime"; $sst = "mb_datetime";
$sod = "desc"; $sod = "desc";
} }
$sql_order = " order by {$sst} {$sod} "; $sql_order = " order by {$sst} {$sod} ";
$sql = " select count(*) as cnt {$sql_common} {$sql_search} {$sql_order} "; $sql = " select count(*) as cnt {$sql_common} {$sql_search} {$sql_order} ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
$total_count = $row['cnt']; $total_count = $row['cnt'];
// 탈퇴회원수 // 탈퇴회원수
$sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_leave_date <> '' {$sql_order} "; $sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_leave_date <> '' {$sql_order} ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
$leave_count = $row['cnt']; $leave_count = $row['cnt'];
// 차단회원수 // 차단회원수
$sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_intercept_date <> '' {$sql_order} "; $sql = " select count(*) as cnt {$sql_common} {$sql_search} and mb_intercept_date <> '' {$sql_order} ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
$intercept_count = $row['cnt']; $intercept_count = $row['cnt'];
$sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$new_member_rows} "; $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$new_member_rows} ";
$result = sql_query($sql); $result = sql_query($sql);
$colspan = 12; $colspan = 12;
?> ?>
<section> <section>
<h2>신규가입회원 <?php echo $new_member_rows ?>건 목록</h2> <h2>신규가입회원 <?php echo $new_member_rows ?>건 목록</h2>
<div class="local_desc02 local_desc"> <div class="local_desc02 local_desc">
총회원수 <?php echo number_format($total_count) ?>명 중 차단 <?php echo number_format($intercept_count) ?>명, 탈퇴 : <?php echo number_format($leave_count) ?>명 총회원수 <?php echo number_format($total_count) ?>명 중 차단 <?php echo number_format($intercept_count) ?>명, 탈퇴 : <?php echo number_format($leave_count) ?>명
@ -127,31 +129,35 @@ $colspan = 12;
<a href="./member_list.php">회원 전체보기</a> <a href="./member_list.php">회원 전체보기</a>
</div> </div>
</section> </section>
<?php <?php
$sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['group_table']} c where a.bo_table = b.bo_table and b.gr_id = c.gr_id "; } //endif 최신 회원
if ($gr_id) { if (! auth_check_menu($auth, '300100', 'r', true)) {
$sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['group_table']} c where a.bo_table = b.bo_table and b.gr_id = c.gr_id ";
if ($gr_id) {
$sql_common .= " and b.gr_id = '$gr_id' "; $sql_common .= " and b.gr_id = '$gr_id' ";
} }
if (isset($view) && $view) { if (isset($view) && $view) {
if ($view == 'w') { if ($view == 'w') {
$sql_common .= " and a.wr_id = a.wr_parent "; $sql_common .= " and a.wr_id = a.wr_parent ";
} elseif ($view == 'c') { } elseif ($view == 'c') {
$sql_common .= " and a.wr_id <> a.wr_parent "; $sql_common .= " and a.wr_id <> a.wr_parent ";
} }
} }
$sql_order = " order by a.bn_id desc "; $sql_order = " order by a.bn_id desc ";
$sql = " select count(*) as cnt {$sql_common} "; $sql = " select count(*) as cnt {$sql_common} ";
$row = sql_fetch($sql); $row = sql_fetch($sql);
$total_count = $row['cnt']; $total_count = $row['cnt'];
$colspan = 5; $colspan = 5;
?> ?>
<section> <section>
<h2>최근게시물</h2> <h2>최근게시물</h2>
<div class="tbl_head01 tbl_wrap"> <div class="tbl_head01 tbl_wrap">
@ -230,24 +236,28 @@ $colspan = 5;
<div class="btn_list03 btn_list"> <div class="btn_list03 btn_list">
<a href="<?php echo G5_BBS_URL ?>/new.php">최근게시물 더보기</a> <a href="<?php echo G5_BBS_URL ?>/new.php">최근게시물 더보기</a>
</div> </div>
</section> </section>
<?php <?php
$sql_common = " from {$g5['point_table']} "; } //endif 최근게시물
$sql_search = " where (1) ";
$sql_order = " order by po_id desc ";
$sql = " select count(*) as cnt {$sql_common} {$sql_search} {$sql_order} "; if (! auth_check_menu($auth, '200200', 'r', true)) {
$row = sql_fetch($sql);
$total_count = $row['cnt'];
$sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$new_point_rows} "; $sql_common = " from {$g5['point_table']} ";
$result = sql_query($sql); $sql_search = " where (1) ";
$sql_order = " order by po_id desc ";
$colspan = 7; $sql = " select count(*) as cnt {$sql_common} {$sql_search} {$sql_order} ";
?> $row = sql_fetch($sql);
$total_count = $row['cnt'];
<section> $sql = " select * {$sql_common} {$sql_search} {$sql_order} limit {$new_point_rows} ";
$result = sql_query($sql);
$colspan = 7;
?>
<section>
<h2>최근 포인트 발생내역</h2> <h2>최근 포인트 발생내역</h2>
<div class="local_desc02 local_desc"> <div class="local_desc02 local_desc">
전체 <?php echo number_format($total_count) ?> 건 중 <?php echo $new_point_rows ?>건 목록 전체 <?php echo number_format($total_count) ?> 건 중 <?php echo $new_point_rows ?>건 목록
@ -311,7 +321,8 @@ $colspan = 7;
<div class="btn_list03 btn_list"> <div class="btn_list03 btn_list">
<a href="./point_list.php">포인트내역 전체보기</a> <a href="./point_list.php">포인트내역 전체보기</a>
</div> </div>
</section> </section>
<?php <?php
} //endif
require_once './admin.tail.php'; require_once './admin.tail.php';

122
adm/shop_admin/index.php
View File

@ -112,7 +112,7 @@ function get_max_value($arr)
return array_pop($arr); return array_pop($arr);
} }
?> ?>
<?php if (! auth_check_menu($auth, '400400', 'r', true)) { ?>
<div class="sidx"> <div class="sidx">
<section id="anc_sidx_ord"> <section id="anc_sidx_ord">
<h2>주문현황</h2> <h2>주문현황</h2>
@ -368,6 +368,66 @@ function get_max_value($arr)
</div> </div>
</section> </section>
<script>
jQuery(function($) {
graph_draw();
$("#sidx_graph_area div").hover(
function() {
if($(this).is(":animated"))
return false;
var title = $(this).attr("title");
if(title && $(this).data("title") == undefined)
$(this).data("title", title);
var left = parseInt($(this).css("left")) + 10;
var bottom = $(this).height() + 5;
$(this)
.attr("title", "")
.append("<div id=\"price_tooltip\"><div></div></div>");
$("#price_tooltip")
.find("div")
.html(title)
.end()
// .css({ left: left+"px", bottom: bottom+"px" })
.show(200);
},
function() {
if($(this).is(":animated"))
return false;
$(this).attr("title", $(this).data("title"));
$("#price_tooltip").remove();
}
);
});
function graph_draw()
{
var g_h1 = new Array("<?php echo implode('", "', $h_val['order']); ?>");
var g_h2 = new Array("<?php echo implode('", "', $h_val['cancel']); ?>");
var duration = 600;
var $el = $("#sidx_graph_area li");
var h1, h2;
var $g1, $g2;
$el.each(function(index) {
h1 = g_h1[index];
h2 = g_h2[index];
$g1 = $(this).find(".order");
$g2 = $(this).find(".cancel");
$g1.animate({ height: h1+"px" }, duration);
$g2.animate({ height: h2+"px" }, duration);
});
}
</script>
<?php } //endif ?>
<?php if ($is_admin === 'super') { ?>
<div class="sidx sidx_cs"> <div class="sidx sidx_cs">
<section id="anc_sidx_oneq"> <section id="anc_sidx_oneq">
<h2>1:1문의</h2> <h2>1:1문의</h2>
@ -480,64 +540,6 @@ function get_max_value($arr)
</div> </div>
</section> </section>
</div> </div>
<script>
$(function() {
graph_draw();
$("#sidx_graph_area div").hover(
function() {
if($(this).is(":animated"))
return false;
var title = $(this).attr("title");
if(title && $(this).data("title") == undefined)
$(this).data("title", title);
var left = parseInt($(this).css("left")) + 10;
var bottom = $(this).height() + 5;
$(this)
.attr("title", "")
.append("<div id=\"price_tooltip\"><div></div></div>");
$("#price_tooltip")
.find("div")
.html(title)
.end()
// .css({ left: left+"px", bottom: bottom+"px" })
.show(200);
},
function() {
if($(this).is(":animated"))
return false;
$(this).attr("title", $(this).data("title"));
$("#price_tooltip").remove();
}
);
});
function graph_draw()
{
var g_h1 = new Array("<?php echo implode('", "', $h_val['order']); ?>");
var g_h2 = new Array("<?php echo implode('", "', $h_val['cancel']); ?>");
var duration = 600;
var $el = $("#sidx_graph_area li");
var h1, h2;
var $g1, $g2;
$el.each(function(index) {
h1 = g_h1[index];
h2 = g_h2[index];
$g1 = $(this).find(".order");
$g2 = $(this).find(".cancel");
$g1.animate({ height: h1+"px" }, duration);
$g2.animate({ height: h2+"px" }, duration);
});
}
</script>
<?php <?php
} //end if
include_once (G5_ADMIN_PATH.'/admin.tail.php'); include_once (G5_ADMIN_PATH.'/admin.tail.php');