firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge branch 'master' of github.com:gnuboard/yc5

Browse Source
This commit is contained in:
whitedot
2014-02-24 09:45:41 +09:00
parent b8caab8103 37cbaeec06
commit d3a04513db
51 changed files with 338 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adm/board_copy_update.php
View File

@ -4,8 +4,8 @@ include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
$target_table = escape_trim($_POST['target_table']);
$target_subject = escape_trim($_POST['target_subject']);
$target_table = trim($_POST['target_table']);
$target_subject = trim($_POST['target_subject']);
if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
@ -61,7 +61,7 @@ $sql = " insert into {$g5['board_table']}
bo_use_nogood = '{$board[bo_use_nogood]}',
bo_use_signature = '{$board[bo_use_signature]}',
bo_use_ip_view = '{$board[bo_use_ip_view]}',
bo_use_list_view = '{$board['o_use_list_view']}',
bo_use_list_view = '{$board['bo_use_list_view']}',
bo_use_list_content = '{$board[bo_use_list_content]}',
bo_table_width = '{$board[bo_table_width]}',
bo_subject_len = '{$board[bo_subject_len]}',

2
adm/board_list_update.php
View File

@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") {
$k = $_POST['chk'][$i];
// include 전에 $bo_table 값을 반드시 넘겨야 함
$tmp_bo_table = escape_trim($_POST['board_table'][$k]);
$tmp_bo_table = trim($_POST['board_table'][$k]);
include ('./board_delete.inc.php');
}

2
adm/member_form_update.php
View File

@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w');
check_token();
$mb_id = escape_trim($_POST['mb_id']);
$mb_id = trim($_POST['mb_id']);
// 휴대폰번호 체크
$mb_hp = $_POST['mb_hp'];

2
adm/shop_admin/orderlist.php
View File

@ -108,7 +108,7 @@ $sql = " select *,
limit $from_record, $rows ";
$result = sql_query($sql);
$qstr1 = "sel_field=$sel_field&search=$search&save_search=$search";
$qstr1 = "od_status=$od_status&sel_field=$sel_field&search=$search&save_search=$search";
$qstr = "$qstr1&sort1=$sort1&sort2=$sort2&page=$page";
$listall = '<a href="'.$_SERVER['PHP_SELF'].'" class="ov_listall">전체목록</a>';

4
adm/visit_search.php
View File

@ -9,8 +9,8 @@ $g5['title'] = '접속자검색';
include_once('./admin.head.php');
include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');
$search_word = escape_trim($_GET['search_word']);
$search_sort = escape_trim($_GET['search_sort']);
$search_word = trim($_GET['search_word']);
$search_sort = trim($_GET['search_sort']);
$colspan = 5;
$qstr = 'search_word='.$search_word.'&amp;search_sort='.$search_sort; //페이징 처리관련 변수

6
bbs/ajax.autosave.php
View File

@ -3,9 +3,9 @@ include_once('./_common.php');
if (!$is_member) die('0');
$uid = escape_trim($_REQUEST['uid']);
$subject = escape_trim(stripslashes($_REQUEST['subject']));
$content = escape_trim(stripslashes($_REQUEST['content']));
$uid = trim($_REQUEST['uid']);
$subject = trim(stripslashes($_REQUEST['subject']));
$content = trim(stripslashes($_REQUEST['content']));
if ($subject && $content) {
$sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' ";

4
bbs/ajax.mb_email.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_email = escape_trim($_POST['reg_mb_email']);
$mb_id = escape_trim($_POST['reg_mb_id']);
$mb_email = trim($_POST['reg_mb_email']);
$mb_id = trim($_POST['reg_mb_id']);
if ($msg = empty_mb_email($mb_email)) die($msg);
if ($msg = valid_mb_email($mb_email)) die($msg);

4
bbs/ajax.mb_hp.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_hp = escape_trim($_POST['reg_mb_hp']);
$mb_id = escape_trim($_POST['reg_mb_id']);
$mb_hp = trim($_POST['reg_mb_hp']);
$mb_id = trim($_POST['reg_mb_id']);
if ($msg = valid_mb_hp($mb_hp)) die($msg);
if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg);

2
bbs/ajax.mb_id.php
View File

@ -2,7 +2,7 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_id = escape_trim($_POST['reg_mb_id']);
$mb_id = trim($_POST['reg_mb_id']);
if ($msg = empty_mb_id($mb_id)) die($msg);
if ($msg = valid_mb_id($mb_id)) die($msg);

4
bbs/ajax.mb_nick.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/register.lib.php');
$mb_nick = escape_trim($_POST['reg_mb_nick']);
$mb_id = escape_trim($_POST['reg_mb_id']);
$mb_nick = trim($_POST['reg_mb_nick']);
$mb_id = trim($_POST['reg_mb_id']);
if ($msg = empty_mb_nick($mb_nick)) die($msg);
if ($msg = valid_mb_nick($mb_nick)) die($msg);

2
bbs/ajax.mb_recommend.php
View File

@ -2,7 +2,7 @@
include_once("./_common.php");
include_once(G5_LIB_PATH."/register.lib.php");
$mb_recommend = escape_trim($_POST["reg_mb_recommend"]);
$mb_recommend = trim($_POST["reg_mb_recommend"]);
if ($msg = valid_mb_id($mb_recommend)) {
die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요.");

6
bbs/login_check.php
View File

@ -3,10 +3,10 @@ include_once('./_common.php');
$g5['title'] = "로그인 검사";
$mb_id = escape_trim($_POST['mb_id']);
$mb_password = escape_trim($_POST['mb_password']);
$mb_id = trim($_POST['mb_id']);
$mb_password = trim($_POST['mb_password']);
if (!trim($mb_id) || !trim($mb_password))
if (!$mb_id || !$mb_password)
alert('회원아이디나 비밀번호가 공백이면 안됩니다.');
$mb = get_member($mb_id);

4
bbs/newwin.inc.php
View File

@ -23,8 +23,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++)
?>
<!-- 팝업레이어 시작 { -->
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;width:<?php echo $nw['nw_width'] ?>px;height:<?php echo $nw['nw_height'] ?>px">
<div class="hd_pops_con">
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px">
<div class="hd_pops_con" style="width:<?php echo $nw['nw_width'] ?>px;height:<?php echo $nw['nw_height'] ?>px">
<?php echo conv_content($nw['nw_content'], 1); ?>
</div>
<div class="hd_pops_footer">

2
bbs/password_lost2.php
View File

@ -11,7 +11,7 @@ if (!chk_captcha()) {
alert('자동등록방지 숫자가 틀렸습니다.');
}
$email = escape_trim($_POST['mb_email']);
$email = trim($_POST['mb_email']);
if (!$email)
alert_close('메일주소 오류입니다.');

2
bbs/qawrite_update.php
View File

@ -52,7 +52,7 @@ for ($i=1; $i<=5; $i++) {
$var = "qa_$i";
$$var = "";
if (isset($_POST['qa_'.$i]) && $_POST['qa_'.$i]) {
$$var = escape_trim($_POST['qa_'.$i]);
$$var = trim($_POST['qa_'.$i]);
}
}

4
bbs/register_email_update.php
View File

@ -3,8 +3,8 @@ include_once('./_common.php');
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
$mb_id = escape_trim($_POST['mb_id']);
$mb_email = escape_trim($_POST['mb_email']);
$mb_id = trim($_POST['mb_id']);
$mb_email = trim($_POST['mb_email']);
$sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' ";
$mb = sql_fetch($sql);

64
bbs/register_form_update.php
View File

@ -20,38 +20,38 @@ if (!chk_captcha()) {
alert('자동등록방지 숫자가 틀렸습니다.');
}
$mb_id = escape_trim($_POST['mb_id']);
$mb_password = escape_trim($_POST['mb_password']);
$mb_password_re = escape_trim($_POST['mb_password_re']);
$mb_name = escape_trim($_POST['mb_name']);
$mb_nick = escape_trim($_POST['mb_nick']);
$mb_email = escape_trim($_POST['mb_email']);
$mb_sex = isset($_POST['mb_sex']) ? escape_trim($_POST['mb_sex']) : "";
$mb_birth = isset($_POST['mb_birth']) ? escape_trim($_POST['mb_birth']) : "";
$mb_homepage = isset($_POST['mb_homepage']) ? escape_trim($_POST['mb_homepage']) : "";
$mb_tel = isset($_POST['mb_tel']) ? escape_trim($_POST['mb_tel']) : "";
$mb_hp = isset($_POST['mb_hp']) ? escape_trim($_POST['mb_hp']) : "";
$mb_zip1 = isset($_POST['mb_zip1']) ? escape_trim($_POST['mb_zip1']) : "";
$mb_zip2 = isset($_POST['mb_zip2']) ? escape_trim($_POST['mb_zip2']) : "";
$mb_addr1 = isset($_POST['mb_addr1']) ? escape_trim($_POST['mb_addr1']) : "";
$mb_addr2 = isset($_POST['mb_addr2']) ? escape_trim($_POST['mb_addr2']) : "";
$mb_addr3 = isset($_POST['mb_addr3']) ? escape_trim($_POST['mb_addr3']) : "";
$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? escape_trim($_POST['mb_addr_jibeon']) : "";
$mb_signature = isset($_POST['mb_signature']) ? escape_trim($_POST['mb_signature']) : "";
$mb_profile = isset($_POST['mb_profile']) ? escape_trim($_POST['mb_profile']) : "";
$mb_recommend = isset($_POST['mb_recommend']) ? escape_trim($_POST['mb_recommend']) : "";
$mb_mailling = isset($_POST['mb_mailling']) ? escape_trim($_POST['mb_mailling']) : "";
$mb_sms = isset($_POST['mb_sms']) ? escape_trim($_POST['mb_sms']) : "";
$mb_1 = isset($_POST['mb_1']) ? escape_trim($_POST['mb_1']) : "";
$mb_2 = isset($_POST['mb_2']) ? escape_trim($_POST['mb_2']) : "";
$mb_3 = isset($_POST['mb_3']) ? escape_trim($_POST['mb_3']) : "";
$mb_4 = isset($_POST['mb_4']) ? escape_trim($_POST['mb_4']) : "";
$mb_5 = isset($_POST['mb_5']) ? escape_trim($_POST['mb_5']) : "";
$mb_6 = isset($_POST['mb_6']) ? escape_trim($_POST['mb_6']) : "";
$mb_7 = isset($_POST['mb_7']) ? escape_trim($_POST['mb_7']) : "";
$mb_8 = isset($_POST['mb_8']) ? escape_trim($_POST['mb_8']) : "";
$mb_9 = isset($_POST['mb_9']) ? escape_trim($_POST['mb_9']) : "";
$mb_10 = isset($_POST['mb_10']) ? escape_trim($_POST['mb_10']) : "";
$mb_id = trim($_POST['mb_id']);
$mb_password = trim($_POST['mb_password']);
$mb_password_re = trim($_POST['mb_password_re']);
$mb_name = trim($_POST['mb_name']);
$mb_nick = trim($_POST['mb_nick']);
$mb_email = trim($_POST['mb_email']);
$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : "";
$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : "";
$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : "";
$mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : "";
$mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : "";
$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : "";
$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : "";
$mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : "";
$mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : "";
$mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : "";
$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? trim($_POST['mb_addr_jibeon']) : "";
$mb_signature = isset($_POST['mb_signature']) ? trim($_POST['mb_signature']) : "";
$mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) : "";
$mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : "";
$mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : "";
$mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : "";
$mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : "";
$mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : "";
$mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : "";
$mb_4 = isset($_POST['mb_4']) ? trim($_POST['mb_4']) : "";
$mb_5 = isset($_POST['mb_5']) ? trim($_POST['mb_5']) : "";
$mb_6 = isset($_POST['mb_6']) ? trim($_POST['mb_6']) : "";
$mb_7 = isset($_POST['mb_7']) ? trim($_POST['mb_7']) : "";
$mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8']) : "";
$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : "";
$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : "";
if ($w == '' || $w == 'u') {

10
bbs/visit_insert.inc.php
View File

@ -1,8 +1,8 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
// 컴퓨터의 아이피와 쿠키에 저장된 아이피가 다르다면 테이블에 반영함
if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
{
set_cookie('ck_visit_ip', $_SERVER['REMOTE_ADDR'], 86400); // 하루동안 저장
@ -22,7 +22,7 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
if ($result) {
$sql = " insert {$g5['visit_sum_table']} ( vs_count, vs_date) values ( 1, '".G5_TIME_YMD."' ) ";
$result = sql_query($sql, FALSE);
// DUPLICATE 오류가 발생한다면 이미 날짜별 행이 생성되었으므로 UPDATE 실행
if (!$result) {
$sql = " update {$g5['visit_sum_table']} set vs_count = vs_count + 1 where vs_date = '".G5_TIME_YMD."' ";
@ -48,13 +48,13 @@ if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR'])
$vi_max = $row['cnt'];
// 전체
$sql = " select sum(vs_count) as total from {$g5['visit_sum_table']} ";
$sql = " select sum(vs_count) as total from {$g5['visit_sum_table']} ";
$row = sql_fetch($sql);
$vi_sum = $row['total'];
$visit = '오늘:'.$vi_today.',어제:'.$vi_yesterday.',최대:'.$vi_max.',전체:'.$vi_sum;
// 기본설정 테이블에 방문자수를 기록한 후
// 기본설정 테이블에 방문자수를 기록한 후
// 방문자수 테이블을 읽지 않고 출력한다.
// 쿼리의 수를 상당부분 줄임
sql_query(" update {$g5['config_table']} set cf_visit = '{$visit}' ");

4
bbs/write_comment_update.php
View File

@ -12,10 +12,10 @@ if (substr_count($wr_content, "&#") > 50) {
@include_once($board_skin_path.'/write_comment_update.head.skin.php');
$w = $_POST["w"];
$wr_name = escape_trim($_POST['wr_name']);
$wr_name = trim($_POST['wr_name']);
$wr_email = '';
if (!empty($_POST['wr_email']))
$wr_email = escape_trim($_POST['wr_email']);
$wr_email = trim($_POST['wr_email']);
// 비회원의 경우 이름이 누락되는 경우가 있음
if ($is_guest) {

8
bbs/write_update.php
View File

@ -50,8 +50,8 @@ if (empty($_POST)) {
}
$w = $_POST['w'];
$wr_link1 = escape_trim(strip_tags($_POST['wr_link1']));
$wr_link2 = escape_trim(strip_tags($_POST['wr_link2']));
$wr_link1 = trim(strip_tags($_POST['wr_link1']));
$wr_link2 = trim(strip_tags($_POST['wr_link2']));
$notice_array = explode(",", $board['bo_notice']);
@ -91,7 +91,7 @@ for ($i=1; $i<=10; $i++) {
$var = "wr_$i";
$$var = "";
if (isset($_POST['wr_'.$i]) && $_POST['wr_'.$i]) {
$$var = escape_trim($_POST['wr_'.$i]);
$$var = trim($_POST['wr_'.$i]);
}
}
@ -291,7 +291,7 @@ if ($w == '' || $w == 'r') {
} else {
$mb_id = '';
// 비회원의 경우 이름이 누락되는 경우가 있음
$wr_name = escape_trim($_POST['wr_name']);
$wr_name = trim($_POST['wr_name']);
if (!$wr_name)
alert('이름은 필히 입력하셔야 합니다.');
$wr_password = sql_password($wr_password);

68
common.php
View File

@ -11,30 +11,6 @@ if (!defined('G5_SET_TIME_LIMIT')) define('G5_SET_TIME_LIMIT', 0);
@set_time_limit(G5_SET_TIME_LIMIT);
//==============================================================================
// php.ini 의 magic_quotes_gpc 값이 Off 인 경우 addslashes() 적용
// SQL Injection 등으로 부터 보호
// http://kr.php.net/manual/en/function.get-magic-quotes-gpc.php#97783
//------------------------------------------------------------------------------
if (!get_magic_quotes_gpc()) {
$escape_function = 'addslashes($value)';
$addslashes_deep = create_function('&$value, $fn', '
if (is_string($value)) {
$value = ' . $escape_function . ';
} else if (is_array($value)) {
foreach ($value as &$v) $fn($v, $fn);
}
');
// Escape data
$addslashes_deep($_POST, $addslashes_deep);
$addslashes_deep($_GET, $addslashes_deep);
$addslashes_deep($_COOKIE, $addslashes_deep);
$addslashes_deep($_REQUEST, $addslashes_deep);
}
//==============================================================================
//==========================================================================================================================
// extract($_GET); 명령으로 인해 page.php?_POST[var1]=data1&_POST[var2]=data2 와 같은 코드가 _POST 변수로 사용되는 것을 막음
// 081029 : letsgolee 님께서 도움 주셨습니다.
@ -49,12 +25,6 @@ for ($i=0; $i<$ext_cnt; $i++) {
}
//==========================================================================================================================
// PHP 4.1.0 부터 지원됨
// php.ini 의 register_globals=off 일 경우
@extract($_GET);
@extract($_POST);
@extract($_SERVER);
// 완두콩님이 알려주신 보안관련 오류 수정
// $member 에 값을 직접 넘길 수 있음
$config = array();
@ -97,6 +67,30 @@ if (file_exists($dbconfig_file)) {
@mysql_query(" set names utf8 ");
if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) @mysql_query("SET SESSION sql_mode = ''");
if (defined(G5_TIMEZONE)) @mysql_query(" set time_zone = '".G5_TIMEZONE."'");
//==============================================================================
// SQL Injection 등으로 부터 보호를 위해 mysql_real_escape_string() 적용
//------------------------------------------------------------------------------
// magic_quotes_gpc 에 의한 backslashes 제거
if (get_magic_quotes_gpc()) {
$_POST = array_map_deep('stripslashes', $_POST);
$_GET = array_map_deep('stripslashes', $_GET);
$_COOKIE = array_map_deep('stripslashes', $_COOKIE);
$_REQUEST = array_map_deep('stripslashes', $_REQUEST);
}
// mysql_real_escape_string 적용
$_POST = array_map_deep('mysql_real_escape_string', $_POST);
$_GET = array_map_deep('mysql_real_escape_string', $_GET);
$_COOKIE = array_map_deep('mysql_real_escape_string', $_COOKIE);
$_REQUEST = array_map_deep('mysql_real_escape_string', $_REQUEST);
//==============================================================================
// PHP 4.1.0 부터 지원됨
// php.ini 의 register_globals=off 일 경우
@extract($_GET);
@extract($_POST);
@extract($_SERVER);
} else {
?>
@ -211,7 +205,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id())
$qstr = '';
if (isset($_REQUEST['sca'])) {
$sca = escape_trim($_REQUEST['sca']);
$sca = trim($_REQUEST['sca']);
if ($sca)
$qstr .= '&amp;sca=' . urlencode($sca);
} else {
@ -219,7 +213,7 @@ if (isset($_REQUEST['sca'])) {
}
if (isset($_REQUEST['sfl'])) {
$sfl = escape_trim($_REQUEST['sfl']);
$sfl = trim($_REQUEST['sfl']);
$sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl);
if ($sfl)
$qstr .= '&amp;sfl=' . urlencode($sfl); // search field (검색 필드)
@ -229,7 +223,7 @@ if (isset($_REQUEST['sfl'])) {
if (isset($_REQUEST['stx'])) { // search text (검색어)
$stx = escape_trim($_REQUEST['stx']);
$stx = trim($_REQUEST['stx']);
if ($stx)
$qstr .= '&amp;stx=' . urlencode($stx);
} else {
@ -237,7 +231,7 @@ if (isset($_REQUEST['stx'])) { // search text (검색어)
}
if (isset($_REQUEST['sst'])) {
$sst = escape_trim($_REQUEST['sst']);
$sst = trim($_REQUEST['sst']);
if ($sst)
$qstr .= '&amp;sst=' . urlencode($sst); // search sort (검색 정렬 필드)
} else {
@ -289,7 +283,7 @@ if (isset($_REQUEST['wr_id'])) {
}
if (isset($_REQUEST['bo_table'])) {
$bo_table = escape_trim($_REQUEST['bo_table']);
$bo_table = trim($_REQUEST['bo_table']);
$bo_table = substr($bo_table, 0, 20);
} else {
$bo_table = '';
@ -297,7 +291,7 @@ if (isset($_REQUEST['bo_table'])) {
// URL ENCODING
if (isset($_REQUEST['url'])) {
$url = escape_trim($_REQUEST['url']);
$url = trim($_REQUEST['url']);
$urlencode = urlencode($url);
} else {
$url = '';
@ -309,7 +303,7 @@ if (isset($_REQUEST['url'])) {
}
if (isset($_REQUEST['gr_id'])) {
$gr_id = escape_trim($_REQUEST['gr_id']);
$gr_id = trim($_REQUEST['gr_id']);
} else {
$gr_id = '';
}

3
css/admin.css
View File

@ -145,7 +145,8 @@ h3 {margin:0 20px}
.btn_submit {background:#ff3061;cursor:pointer}
.btn_confirm .btn_submit {padding:0 15px;border:0;height:30px;color:#fff}
.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none;line-height:2.5em;vertical-align:middle}
.btn_cancel {display:inline-block;padding:0 15px;height:30px;border:0;background:#617d46;color:#fff;text-decoration:none}
a.btn_cancel {line-height:2.5em;vertical-align:middle}
.btn_frmline {display:inline-block;padding:0 7px;height:24px;border:0;background:#444;color:#fff !important;letter-spacing:-0.1em;text-decoration:none;vertical-align:middle;line-height:2em} /* 우편번호검색버튼 등 */
.btn_frmline:focus, .btn_frmline:hover, .btn_frmline:active {text-decoration:none}

4
css/default.css
View File

@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline}
#hd_pop {z-index:1000;position:relative;margin:0 auto;width:1000px;height:0}
#hd_pop h2 {position:absolute;font-size:0;line-height:0;overflow:hidden}
.hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff}
.hd_pops_con {margin:0 0 30px}
.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right}
.hd_pops_con {}
.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right}
.hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff}
/* 상단 레이아웃 */

4
css/mobile.css
View File

@ -26,8 +26,8 @@ a:hover, a:focus, a:active {color:#000;text-decoration:underline}
#hd_pop {z-index:1000;position:relative;margin:0 auto;width:100%;height:1px}
#hd_pop h2 {position:absolute;font-size:0;text-indent:-9999em;line-height:0;overflow:hidden}
.hd_pops {position:absolute;border:1px solid #e9e9e9;background:#fff}
.hd_pops_con {margin:0 0 30px}
.hd_pops_footer {position:absolute;bottom:0;left:0;padding:10px 0;width:100%;background:#000;color:#fff;text-align:right}
.hd_pops_con {}
.hd_pops_footer {padding:10px 0;background:#000;color:#fff;text-align:right}
.hd_pops_footer button {margin-right:5px;padding:5px 10px;border:0;background:#393939;color:#fff}
/* 상단 레이아웃 */

2
install/install_config.php
View File

@ -75,7 +75,7 @@ if (!isset($_POST['agree']) || $_POST['agree'] != '동의함') {
<tr>
<th scope="row"><label for="">쇼핑몰설치</label></th>
<td>
<input name="g5_shop_install" type="checkbox" value="1" id="g5_shop_install">설치
<input name="g5_shop_install" type="checkbox" value="1" id="g5_shop_install" checked="checked">설치
</td>
</tr>
</tbody>

95
js/kakao.link.js Normal file
View File

@ -0,0 +1,95 @@
/*
Copyright 2012 KAKAO
*/
(function (window, undefined) {
var kakao = {};
window.kakao = window.kakao || kakao;
var uagent = navigator.userAgent.toLocaleLowerCase();
if (uagent.search("android") > -1) {
kakao.os = "android";
if (uagent.search("chrome") > -1) {
kakao.browser = "android+chrome";
}
} else if (uagent.search("iphone") > -1 || uagent.search("ipod") > -1 || uagent.search("ipad") > -1) {
kakao.os = "ios";
}
var app = {
talk: {
base_url: "kakaolink://sendurl?",
apiver: "2.0.1",
store: {
android: "market://details?id=com.kakao.talk",
ios: "http://itunes.apple.com/app/id362057947"
},
package: "com.kakao.talk"
},
story: {
base_url: "storylink://posting?",
apiver: "1.0",
store: {
android: "market://details?id=com.kakao.story",
ios: "http://itunes.apple.com/app/id486244601"
},
package: "com.kakao.story"
}
};
kakao.link = function (name) {
var link_app = app[name];
if (!link_app) return { send: function () {
throw "No App exists";
}};
return {
send: function (params) {
var _app = this.app;
params['apiver'] = _app.apiver;
var full_url = _app.base_url + serialized(params);
var install_block = (function (os) {
return function () {
window.location = _app.store[os];
};
})(this.os);
if (this.os == "ios") {
var timer = setTimeout(install_block, 2 * 1000);
window.addEventListener('pagehide', clearTimer(timer));
window.location = full_url;
} else if (this.os == "android") {
if (this.browser == "android+chrome") {
window.location = "intent:" + full_url + "#Intent;package=" + _app.package + ";end;";
} else {
var iframe = document.createElement('iframe');
iframe.style.display = 'none';
iframe.src = full_url;
iframe.onload = install_block;
document.body.appendChild(iframe);
}
}
},
app: link_app,
os: kakao.os,
browser: kakao.browser
};
function serialized(params) {
var stripped = [];
for (var k in params) {
if (params.hasOwnProperty(k)) {
stripped.push(k + "=" + encodeURIComponent(params[k]));
}
}
return stripped.join("&");
}
function clearTimer(timer) {
return function () {
clearTimeout(timer);
window.removeEventListener('pagehide', arguments.callee);
};
}
};
}(window));

27
lib/common.lib.php
View File

@ -7,6 +7,24 @@ if (!defined('_GNUBOARD_')) exit;
**
*************************************************************************/
// multi-dimensional array에 사용자지정 함수적용
function array_map_deep($fn, $array)
{
if(is_array($array)) {
foreach($array as $key => $value) {
if(is_array($value)) {
$array[$key] = array_map_deep($fn, $value);
} else {
$array[$key] = call_user_func($fn, $value);
}
}
} else {
$array = call_user_func($fn, $array);
}
return $array;
}
// 마이크로 타임을 얻어 계산 형식으로 만듦
function get_microtime()
{
@ -1867,8 +1885,8 @@ function escape_trim($field)
if ($field) {
$str = mysql_real_escape_string(@trim($field));
if(PHP_VERSION < '5.3.0')
$str = stripslashes($str);
//if(PHP_VERSION < '5.3.0')
// $str = stripslashes($str);
return $str;
}
@ -2302,10 +2320,11 @@ function https_url($dir, $https=true)
// 게시판의 공지사항을 , 로 구분하여 업데이트 한다.
function board_notice($bo_notice, $wr_id, $insert=false)
{
if(strpos($bo_notice, strval($wr_id)) !== false)
$notice_array = explode(",", trim($bo_notice));
if($insert && in_array($wr_id, $notice_array))
return $bo_notice;
$notice_array = explode(",", trim($bo_notice));
$notice_array = array_merge(array($wr_id), $notice_array);
$notice_array = array_unique($notice_array);
foreach ($notice_array as $key=>$value) {

26
lib/shop.lib.php
View File

@ -1421,6 +1421,9 @@ function get_sns_share_link($sns, $url, $title, $img)
case 'googleplus':
$str = '<a href="https://plus.google.com/share?url='.urlencode($url).'" class="share-googleplus" target="_blank"><img src="'.$img.'" alt="구글플러스에 공유"></a>';
break;
case 'kakaotalk':
$str = '<button type="button" onclick="kakaolink_message(this);"><img src="'.$img.'" alt="카카오톡링크 보내기"></button>';
break;
}
return $str;
@ -1469,29 +1472,6 @@ function get_coupon_id()
}
// array_map() 대체
function array_add_callback($func, $array)
{
if(!$func) {
return;
}
if(is_array($array)) {
foreach($array as $key => $value) {
if(is_array($value)) {
$array[$key] = array_add_callback($func, $value);
} else {
$array[$key] = call_user_func($func, $value);
}
}
} else {
$array = call_user_func($func, $array);
}
return $array;
}
// 주문의 금액, 배송비 과세금액 등의 정보를 가져옴
function get_order_info($od_id)
{

4
mobile/newwin.inc.php
View File

@ -23,8 +23,8 @@ for ($i=0; $row_nw=sql_fetch_array($result); $i++)
?>
<!-- 팝업레이어 시작 { -->
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;width:<?php echo $nw['nw_width'] ?>px;height:<?php echo $nw['nw_height'] ?>px">
<div class="hd_pops_con">
<div id="hd_pops_<?php echo $nw['nw_id'] ?>" class="hd_pops" style="top:<?php echo $nw['nw_top']?>px;left:<?php echo $nw['nw_left']?>px;">
<div class="hd_pops_con" style="width:<?php echo $nw['nw_width'] ?>px;height:<?php echo $nw['nw_height'] ?>px">
<?php echo conv_content($nw['nw_content'], 1); ?>
</div>
<div class="hd_pops_footer">

2
mobile/shop/item.php
View File

@ -2,7 +2,7 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/iteminfo.lib.php');
$it_id = escape_trim($_GET['it_id']);
$it_id = trim($_GET['it_id']);
// 분류사용, 상품사용하는 상품의 정보를 얻음
$sql = " select a.*,

6
mobile/shop/itemqaform.php
View File

@ -6,9 +6,9 @@ if (!$is_member) {
alert_close("상품문의는 회원만 작성 가능합니다.");
}
$w = escape_trim($_REQUEST['w']);
$it_id = escape_trim($_REQUEST['it_id']);
$iq_id = escape_trim($_REQUEST['iq_id']);
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$iq_id = trim($_REQUEST['iq_id']);
$chk_secret = '';

4
mobile/shop/itemqalist.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/thumb.lib.php');
$sfl = escape_trim($_REQUEST['sfl']);
$stx = escape_trim($_REQUEST['stx']);
$sfl = trim($_REQUEST['sfl']);
$stx = trim($_REQUEST['stx']);
$g5['title'] = '상품문의';
include_once(G5_MSHOP_PATH.'/_head.php');

6
mobile/shop/itemuseform.php
View File

@ -6,9 +6,9 @@ if (!$is_member) {
alert_close("사용후기는 회원만 작성 가능합니다.");
}
$w = escape_trim($_REQUEST['w']);
$it_id = escape_trim($_REQUEST['it_id']);
$is_id = escape_trim($_REQUEST['is_id']);
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$is_id = trim($_REQUEST['is_id']);
// 사용후기 작성 설정에 따른 체크
check_itemuse_write();

4
mobile/shop/itemuselist.php
View File

@ -2,8 +2,8 @@
include_once('./_common.php');
include_once(G5_LIB_PATH.'/thumb.lib.php');
$sfl = escape_trim($_REQUEST['sfl']);
$stx = escape_trim($_REQUEST['stx']);
$sfl = trim($_REQUEST['sfl']);
$stx = trim($_REQUEST['stx']);
$g5['title'] = '사용후기';
include_once(G5_MSHOP_PATH.'/_head.php');

8
mobile/shop/orderformupdate.php
View File

@ -1,14 +1,6 @@
<?php
include_once('./_common.php');
if(get_magic_quotes_gpc())
{
$_GET = array_add_callback("stripslashes", $_GET);
$_POST = array_add_callback("stripslashes", $_POST);
}
$_GET = array_add_callback("mysql_real_escape_string", $_GET);
$_POST = array_add_callback("mysql_real_escape_string", $_POST);
// 결제등록 완료 체크
if($od_settle_case != '무통장') {
if($_POST['tran_cd'] == '' || $_POST['enc_info'] == '' || $_POST['enc_data'] == '')

8
mobile/shop/personalpayformupdate.php
View File

@ -1,14 +1,6 @@
<?php
include_once('./_common.php');
if(get_magic_quotes_gpc())
{
$_GET = array_add_callback("stripslashes", $_GET);
$_POST = array_add_callback("stripslashes", $_POST);
}
$_GET = array_add_callback("mysql_real_escape_string", $_GET);
$_POST = array_add_callback("mysql_real_escape_string", $_POST);
// 결제등록 완료 체크
if($_POST['tran_cd'] == '' || $_POST['enc_info'] == '' || $_POST['enc_data'] == '')
alert('결제등록 요청 후 주문해 주십시오.');

16
mobile/shop/search.php
View File

@ -4,14 +4,14 @@ include_once('./_common.php');
$g5['title'] = "상품 검색 결과";
include_once(G5_MSHOP_PATH.'/_head.php');
$q = utf8_strcut(escape_trim($_GET['q']), 30, "");
$qname = escape_trim($_GET['qname']);
$qexplan = escape_trim($_GET['qexplan']);
$qid = escape_trim($_GET['qid']);
$qcaid = escape_trim($_GET['qcaid']);
$qfrom = escape_trim($_GET['qfrom']);
$qto = escape_trim($_GET['qto']);
$qsort = escape_trim($_GET['qsort']);
$q = utf8_strcut(trim($_GET['q']), 30, "");
$qname = trim($_GET['qname']);
$qexplan = trim($_GET['qexplan']);
$qid = trim($_GET['qid']);
$qcaid = trim($_GET['qcaid']);
$qfrom = trim($_GET['qfrom']);
$qto = trim($_GET['qto']);
$qsort = trim($_GET['qsort']);
// QUERY 문에 공통적으로 들어가는 내용
// 상품명에 검색어가 포한된것과 상품판매가능인것만

1
mobile/shop/shop.head.php
View File

@ -74,6 +74,7 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
<li><a href="<?php echo G5_SHOP_URL; ?>/mypage.php">마이페이지</a></li>
<li><a href="<?php echo G5_SHOP_URL; ?>/cart.php">장바구니</a></li>
<li><a href="<?php echo G5_SHOP_URL; ?>/personalpay.php">개인결제</a></li>
<li><a href="<?php echo G5_BBS_URL; ?>/faq.php">FAQ</a></li>
<li><a href="<?php echo G5_BBS_URL; ?>/qalist.php">1:1문의</a></li>
<?php if(!$default['de_root_index_use']) { ?>
<li><a href="<?php echo G5_URL; ?>/">커뮤니티</a></li>

95
mobile/skin/shop/basic/item.form.skin.php
View File

@ -7,6 +7,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
<script src="<?php echo G5_JS_URL; ?>/jquery.nicescroll.min.js"></script>
<script src="<?php echo G5_JS_URL; ?>/jquery.fancyalert.js"></script>
<script src="<?php echo G5_JS_URL; ?>/kakao.link.js"></script>
<form name="fitem" action="<?php echo $action_url; ?>" method="post" onsubmit="return fitem_submit(this);">
<input type="hidden" name="it_id[]" value="<?php echo $it['it_id']; ?>">
@ -64,6 +65,7 @@ add_stylesheet('<link rel="stylesheet" href="'.G5_MSHOP_SKIN_URL.'/style.css">',
<?php echo get_sns_share_link('facebook', $sns_url, $sns_title, G5_MSHOP_SKIN_URL.'/img/sns_fb2.png'); ?>
<?php echo get_sns_share_link('twitter', $sns_url, $sns_title, G5_MSHOP_SKIN_URL.'/img/sns_twt2.png'); ?>
<?php echo get_sns_share_link('googleplus', $sns_url, $sns_title, G5_MSHOP_SKIN_URL.'/img/sns_goo2.png'); ?>
<?php echo get_sns_share_link('kakaotalk', $sns_url, $sns_title, G5_MSHOP_SKIN_URL.'/img/sns_kko2.png'); ?>
</div>
<table class="sit_ov_tbl">
<colgroup>
@ -364,52 +366,6 @@ $(function(){
});
});
function content_swipe(direction)
{
// 로딩 레이어
load_message();
var next_href = '<?php echo $next_href; ?>';
var prev_href = '<?php echo $prev_href; ?>';
var str;
if(direction == "left") {
str = next_href;
} else {
str = prev_href;
}
var href = str.match(/https?:\/{2}[^\"]+/gi);
setTimeout(function() {
document.location.href = href[0];
}, 500);
}
function load_message()
{
var w = $(window).width();
var h = $(window).height();
var img_w = 64;
var img_h = 64;
var top, left;
var scr_top = $(window).scrollTop();
if (/iP(hone|od|ad)/.test(navigator.platform)) {
if(window.innerHeight - $(window).outerHeight(true) > 0)
h += (window.innerHeight - $(window).outerHeight(true));
}
top = parseInt((h - img_h) / 2);
left = parseInt((w - img_w) / 2);
var img = "<div id=\"loading_message\" style=\"top:"+scr_top+"px;width:"+w+"px;height:"+h+"px;\">";
img += "<img src=\"<?php echo G5_MSHOP_SKIN_URL; ?>/img/loading.gif\" style=\"top:"+top+"px;left:"+left+"px;\" />";
img += "</div>";
$("body").append(img);
}
// 상품보관
function item_wish(f, it_id)
{
@ -502,4 +458,51 @@ function fitem_submit(f)
return true;
}
// 카카오톡 링크 보내기 메세지 입력
function kakaolink_message()
{
var popup = "<div id=\"kakao_message\">";
popup += "<form name=\"fkakao\" onsubmit=\"return kakaolink_send(this);\">";
popup += "<label for=\"message\">메세지</label>";
popup += "<textarea id=\"message\" name=\"message\"></textarea>";
popup += "<input type=\"submit\" value=\"보내기\">";
popup += "<button type=\"button\" onclick=\"send_cancel();\">취소</button>";
popup += "</form>";
popup += "</div>";
$("form[name=fitem]").before(popup);
}
function send_cancel()
{
$("#kakao_message").remove();
}
// 카카오톡 링크 보내기
function kakaolink_send(f)
{
var msg = f.message.value;
if(!msg) {
alert("메세지를 입력해 주세요");
return false;
}
/*
msg, url, appid, appname은 실제 서비스에서 사용하는 정보로 업데이트되어야 합니다.
*/
kakao.link("talk").send({
msg : msg,
url : "<?php echo $sns_url; ?>",
appid : "<?php echo $_SERVER['HTTP_HOST']; ?>",
appver : "2.0",
appname : "<?php echo $config['cf_title']; ?>",
type : "link"
});
$("#kakao_message").remove();
return false;
}
</script>

4
shop/cartupdate.php
View File

@ -160,7 +160,7 @@ else // 장바구니에 담기
and io_id = '$io_id'
and io_type = '$io_type'
and ct_stock_use = 0
and ct_status in ('주문', '입금', '준비') ";
and ct_status = '쇼핑' ";
$row = sql_fetch($sql);
$sum_qty = $row['cnt'];
@ -173,7 +173,7 @@ else // 장바구니에 담기
if ($ct_qty + $sum_qty > $it_stock_qty)
{
alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty) . "");
alert($io_value." 의 재고수량이 부족합니다.\\n\\n현재 재고수량 : " . number_format($it_stock_qty - $sum_qty) . "");
}
}
//--------------------------------------------------------

2
shop/item.php
View File

@ -6,7 +6,7 @@ if (G5_IS_MOBILE) {
return;
}
$it_id = escape_trim($_GET['it_id']);
$it_id = trim($_GET['it_id']);
include_once(G5_LIB_PATH.'/iteminfo.lib.php');

6
shop/itemqaform.php
View File

@ -12,9 +12,9 @@ if (!$is_member) {
alert_close("상품문의는 회원만 작성 가능합니다.");
}
$w = escape_trim($_REQUEST['w']);
$it_id = escape_trim($_REQUEST['it_id']);
$iq_id = escape_trim($_REQUEST['iq_id']);
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$iq_id = trim($_REQUEST['iq_id']);
$chk_secret = '';

10
shop/itemqaformupdate.php
View File

@ -5,11 +5,11 @@ if (!$is_member) {
alert_close("상품문의는 회원만 작성이 가능합니다.");
}
$iq_id = escape_trim($_REQUEST['iq_id']);
$iq_subject = escape_trim($_POST['iq_subject']);
$iq_question = escape_trim(stripslashes($_POST['iq_question']));
$iq_answer = escape_trim(stripslashes($_POST['iq_answer']));
$hash = escape_trim($_REQUEST['hash']);
$iq_id = trim($_REQUEST['iq_id']);
$iq_subject = trim($_POST['iq_subject']);
$iq_question = trim(stripslashes($_POST['iq_question']));
$iq_answer = trim(stripslashes($_POST['iq_answer']));
$hash = trim($_REQUEST['hash']);
if ($w == "" || $w == "u") {
$iq_name = $member['mb_name'];

4
shop/itemqalist.php
View File

@ -8,8 +8,8 @@ if (G5_IS_MOBILE) {
include_once(G5_LIB_PATH.'/thumb.lib.php');
$sfl = escape_trim($_REQUEST['sfl']);
$stx = escape_trim($_REQUEST['stx']);
$sfl = trim($_REQUEST['sfl']);
$stx = trim($_REQUEST['stx']);
$g5['title'] = '상품문의';
include_once('./_head.php');

6
shop/itemuseform.php
View File

@ -12,9 +12,9 @@ if (!$is_member) {
alert_close("사용후기는 회원만 작성 가능합니다.");
}
$w = escape_trim($_REQUEST['w']);
$it_id = escape_trim($_REQUEST['it_id']);
$is_id = escape_trim($_REQUEST['is_id']);
$w = trim($_REQUEST['w']);
$it_id = trim($_REQUEST['it_id']);
$is_id = trim($_REQUEST['is_id']);
// 사용후기 작성 설정에 따른 체크
check_itemuse_write();

10
shop/itemuseformupdate.php
View File

@ -8,11 +8,11 @@ if (!$is_member) {
// 사용후기 작성 설정에 따른 체크
check_itemuse_write();
$it_id = escape_trim($_REQUEST['it_id']);
$is_subject = escape_trim($_POST['is_subject']);
$is_content = escape_trim($_POST['is_content']);
$is_name = escape_trim($_POST['is_name']);
$is_password = escape_trim($_POST['is_password']);
$it_id = trim($_REQUEST['it_id']);
$is_subject = trim($_POST['is_subject']);
$is_content = trim($_POST['is_content']);
$is_name = trim($_POST['is_name']);
$is_password = trim($_POST['is_password']);
$is_score = (int)$_POST['is_score'] > 5 ? 0 : (int)$_POST['is_score'];
if ($w == "" || $w == "u") {

4
shop/itemuselist.php
View File

@ -8,8 +8,8 @@ if (G5_IS_MOBILE) {
include_once(G5_LIB_PATH.'/thumb.lib.php');
$sfl = escape_trim($_REQUEST['sfl']);
$stx = escape_trim($_REQUEST['stx']);
$sfl = trim($_REQUEST['sfl']);
$stx = trim($_REQUEST['stx']);
$g5['title'] = '사용후기';
include_once('./_head.php');

9
shop/orderformupdate.php
View File

@ -1,15 +1,6 @@
<?php
include_once('./_common.php');
if(get_magic_quotes_gpc())
{
$_GET = array_add_callback("stripslashes", $_GET);
$_POST = array_add_callback("stripslashes", $_POST);
}
$_GET = array_add_callback("mysql_real_escape_string", $_GET);
$_POST = array_add_callback("mysql_real_escape_string", $_POST);
// 장바구니가 비어있는가?
if (get_session("ss_direct"))
$tmp_cart_id = get_session('ss_cart_direct');

8
shop/personalpayformupdate.php
View File

@ -1,14 +1,6 @@
<?php
include_once('./_common.php');
if(get_magic_quotes_gpc())
{
$_GET = array_add_callback("stripslashes", $_GET);
$_POST = array_add_callback("stripslashes", $_POST);
}
$_GET = array_add_callback("mysql_real_escape_string", $_GET);
$_POST = array_add_callback("mysql_real_escape_string", $_POST);
// 개인결제 정보
$pp_check = false;
$sql = " select * from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id']}' and pp_use = '1' ";

26
shop/search.php
View File

@ -9,14 +9,14 @@ if (G5_IS_MOBILE) {
$g5['title'] = "상품 검색 결과";
include_once('./_head.php');
$q = utf8_strcut(escape_trim($_GET['q']), 30, "");
$qname = escape_trim($_GET['qname']);
$qexplan = escape_trim($_GET['qexplan']);
$qid = escape_trim($_GET['qid']);
$qcaid = escape_trim($_GET['qcaid']);
$qfrom = escape_trim($_GET['qfrom']);
$qto = escape_trim($_GET['qto']);
$qsort = escape_trim($_GET['qsort']);
$q = utf8_strcut(trim($_GET['q']), 30, "");
$qname = trim($_GET['qname']);
$qexplan = trim($_GET['qexplan']);
$qid = trim($_GET['qid']);
$qcaid = trim($_GET['qcaid']);
$qfrom = trim($_GET['qfrom']);
$qto = trim($_GET['qto']);
$qsort = trim($_GET['qsort']);
// QUERY 문에 공통적으로 들어가는 내용
// 상품명에 검색어가 포한된것과 상품판매가능인것만
@ -36,9 +36,9 @@ if ($q) {
for ($i=0; $i<count($arr); $i++) {
$word = trim($arr[$i]);
if (!$word) continue;
$concat = array();
if ($search_all || $qname)
if ($search_all || $qname)
$concat[] = "a.it_name";
if ($search_all || $qexplan)
$concat[] = "a.it_explan2";
@ -49,7 +49,7 @@ if ($q) {
$detail_where[] = $concat_fields." like '%$word%' ";
// 인기검색어
$sql = " insert into {$g5['popular_table']} set pp_word = '$word', pp_date = '".G5_TIME_YMD."', pp_ip = '{$_SERVER['REMOTE_ADDR']}' ";
$sql = " insert into {$g5['popular_table']} set pp_word = '$word', pp_date = '".G5_TIME_YMD."', pp_ip = '{$_SERVER['REMOTE_ADDR']}' ";
sql_query($sql, FALSE);
}
@ -59,7 +59,7 @@ if ($q) {
if ($qcaid)
$where[] = " a.ca_id like '$qcaid%' ";
if ($qfrom || $qto)
if ($qfrom || $qto)
$where[] = " a.it_price between '$qfrom' and '$qto' ";
$sql_where = " where " . implode(" and ", $where);
@ -69,7 +69,7 @@ $qsort = strtolower($qsort);
$qorder = strtolower($qorder);
$order_by = "";
// 아래의 $qsort 필드만 정렬이 가능하게 하여 다른 필드로 하여금 유추해 볼수 없게함
if (($qsort == "it_sum_qty" || $qsort == "it_price" || $qsort == "it_use_avg" || $qsort == "it_use_cnt" || $qsort == "it_update_time") &&
if (($qsort == "it_sum_qty" || $qsort == "it_price" || $qsort == "it_use_avg" || $qsort == "it_use_cnt" || $qsort == "it_update_time") &&
($qorder == "asc" || $qorder == "desc")) {
$order_by = ' order by ' . $qsort . ' ' . $qorder . ' , it_order, it_id desc';
}

1
shop/shop.head.php
View File

@ -74,6 +74,7 @@ include_once(G5_LIB_PATH.'/latest.lib.php');
<li><a href="<?php echo G5_BBS_URL; ?>/login.php?url=<?php echo $urlencode; ?>"><b>로그인</b></a></li>
<?php } ?>
<li><a href="<?php echo G5_SHOP_URL; ?>/mypage.php">마이페이지</a></li>
<li><a href="<?php echo G5_BBS_URL; ?>/faq.php">FAQ</a></li>
<li><a href="<?php echo G5_BBS_URL; ?>/qalist.php">1:1문의</a></li>
<li><a href="<?php echo G5_SHOP_URL; ?>/personalpay.php">개인결제</a></li>
<li><a href="<?php echo G5_SHOP_URL; ?>/itemuselist.php">사용후기</a></li>