firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

취약점 보안 및 코드 개선

Browse Source
This commit is contained in:
thisgun
2019-02-14 09:56:47 +09:00
parent d0eb0601ad
commit 9c03cd85b6
5 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
adm/member_form_update.php
View File

@ -33,9 +33,14 @@ if($_POST['mb_certify_case'] && $_POST['mb_certify']) {
$mb_zip1 = substr($_POST['mb_zip'], 0, 3);
$mb_zip2 = substr($_POST['mb_zip'], 3);
$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
$mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : '';
if ($msg = valid_mb_nick($mb_nick)) alert($msg, "", true, true);
$sql_common = " mb_name = '{$_POST['mb_name']}',
mb_nick = '{$_POST['mb_nick']}',
mb_email = '{$_POST['mb_email']}',
mb_nick = '{$mb_nick}',
mb_email = '{$mb_email}',
mb_homepage = '{$_POST['mb_homepage']}',
mb_tel = '{$_POST['mb_tel']}',
mb_hp = '{$mb_hp}',
@ -74,13 +79,13 @@ if ($w == '')
alert('이미 존재하는 회원아이디입니다.\\n : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']);
// 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$_POST['mb_nick']}' ";
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$_POST['mb_email']}' ";
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
@ -104,13 +109,13 @@ else if ($w == 'u')
alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
// 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$_POST['mb_nick']}' and mb_id <> '$mb_id' ";
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$_POST['mb_email']}' and mb_id <> '$mb_id' ";
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);