댓글 삭제 토큰 코드 수정

2016-06-28 10:25:55 +09:00
parent 2a9e72da41
commit cb327e902f
3 changed files with 5 additions and 5 deletions
--- a/bbs/delete_comment.php
+++ b/bbs/delete_comment.php
@ -2,8 +2,8 @@
 // 코멘트 삭제
 include_once('./_common.php');

-$delete_comment_token = get_session('ss_delete_comment_token');
-set_session('ss_delete_comment_token', '');
+$delete_comment_token = get_session('ss_delete_comment_'.$comment_id.'_token');
+set_session('ss_delete_comment_'.$comment_id.'_token', '');

 if (!($token && $delete_comment_token == $token))
    alert('토큰 에러로 삭제 불가합니다.');
--- a/bbs/password.php
+++ b/bbs/password.php
@ -14,7 +14,7 @@ switch ($w) {
        $return_url = './board.php?bo_table='.$bo_table.'&amp;wr_id='.$wr_id;
        break;
    case 'x' :
-        set_session('ss_delete_comment_token', $token = uniqid(time()));
+        set_session('ss_delete_comment_'.$comment_id.'_token', $token = uniqid(time()));
        $action = './delete_comment.php?token='.$token;
        $row = sql_fetch(" select wr_parent from $write_table where wr_id = '$comment_id' ");
        $return_url = './board.php?bo_table='.$bo_table.'&amp;wr_id='.$row['wr_parent'];
--- a/bbs/view_comment.php
+++ b/bbs/view_comment.php
@ -73,7 +73,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
        {
            if ($row['mb_id'] == $member['mb_id'] || $is_admin)
            {
-                set_session('ss_delete_comment_token', $token = uniqid(time()));
+                set_session('ss_delete_comment_'.$row['wr_id'].'_token', $token = uniqid(time()));
                $list[$i]['del_link']  = './delete_comment.php?bo_table='.$bo_table.'&amp;comment_id='.$row['wr_id'].'&amp;token='.$token.'&amp;page='.$page.$qstr;
                $list[$i]['is_edit']   = true;
                $list[$i]['is_del']    = true;
@ -82,7 +82,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
        else
        {
            if (!$row['mb_id']) {
-                $list[$i]['del_link'] = './password.php?w=x&amp;bo_table='.$bo_table.'&amp;comment_id='.$row['wr_id'].'&amp;token='.$token.'&amp;page='.$page.$qstr;
+                $list[$i]['del_link'] = './password.php?w=x&amp;bo_table='.$bo_table.'&amp;comment_id='.$row['wr_id'].'&amp;page='.$page.$qstr;
                $list[$i]['is_del']   = true;
            }
        }