firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Merge remote-tracking branch 'upstream/main'

Browse Source
This commit is contained in:
kit rio
2021-03-26 02:12:49 +09:00
parent ccd463170f c223847301
commit fdc8faf6d0
927 changed files with 124076 additions and 7490 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
_common.php
View File

@ -1,3 +1,2 @@
<?php
include_once('./common.php');
?>
include_once('./common.php');

3
_head.php
View File

@ -1,5 +1,4 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/head.php');
?>
include_once(G5_PATH.'/head.php');

3
_tail.php
View File

@ -1,5 +1,4 @@
<?php
if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
include_once(G5_PATH.'/tail.php');
?>
include_once(G5_PATH.'/tail.php');

3
adm/_common.php
View File

@ -7,5 +7,4 @@ if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
}
run_event('admin_common');
?>
run_event('admin_common');

18
adm/admin.head.php
View File

@ -32,17 +32,23 @@ function print_menu2($key, $no='')
{
global $menu, $auth_menu, $is_admin, $auth, $g5, $sub_menu;
$str .= "<ul>";
$str = "<ul>";
for($i=1; $i<count($menu[$key]); $i++)
{
if( ! isset($menu[$key][$i]) ){
continue;
}
if ($is_admin != 'super' && (!array_key_exists($menu[$key][$i][0],$auth) || !strstr($auth[$menu[$key][$i][0]], 'r')))
continue;
$gnb_grp_div = $gnb_grp_style = '';
if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div';
else $gnb_grp_div = '';
if (isset($menu[$key][$i][4])){
if (($menu[$key][$i][4] == 1 && $gnb_grp_style == false) || ($menu[$key][$i][4] != 1 && $gnb_grp_style == true)) $gnb_grp_div = 'gnb_grp_div';
if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style';
else $gnb_grp_style = '';
if ($menu[$key][$i][4] == 1) $gnb_grp_style = 'gnb_grp_style';
}
$current_class = '';
@ -124,7 +130,7 @@ function imageview(id, w, h)
foreach($amenu as $key=>$value) {
$href1 = $href2 = '';
if ($menu['menu'.$key][0][2]) {
if (isset($menu['menu'.$key][0][2]) && $menu['menu'.$key][0][2]) {
$href1 = '<a href="'.$menu['menu'.$key][0][2].'" class="gnb_1da">';
$href2 = '</a>';
} else {

23
adm/admin.lib.php
View File

@ -184,7 +184,7 @@ function get_theme_config_value($dir, $key='*')
} else {
$keys = array_map('trim', explode(',', $key));
foreach($keys as $v) {
$tconfig[$v] = trim($theme_config[$v]);
$tconfig[$v] = isset($theme_config[$v]) ? trim($theme_config[$v]) : '';
}
}
}
@ -230,6 +230,14 @@ function get_member_id_select($name, $level, $selected="", $event="")
return $str;
}
// php8 버전 호환 권한 검사 함수
function auth_check_menu($auth, $sub_menu, $attr, $return=false) {
$check_auth = isset($auth[$sub_menu]) ? $auth[$sub_menu] : '';
return auth_check($check_auth, $attr, $return);
}
// 권한 검사
function auth_check($auth, $attr, $return=false)
{
@ -435,7 +443,7 @@ function check_admin_token()
// 관리자 페이지 referer 체크
function admin_referer_check($return=false)
{
$referer = trim($_SERVER['HTTP_REFERER']);
$referer = isset($_SERVER['HTTP_REFERER']) ? trim($_SERVER['HTTP_REFERER']) : '';
if(!$referer) {
$msg = '정보가 올바르지 않습니다.';
@ -511,7 +519,7 @@ function admin_menu_find_by($call, $search_key){
}
if( isset($cache_menu[$call]) && isset($cache_menu[$call][$search_key]) ){
return$cache_menu[$call][$search_key];
return $cache_menu[$call][$search_key];
}
return '';
@ -551,7 +559,11 @@ if (get_session('ss_mb_key') !== $admin_key) {
alert_close('정상적으로 로그인하여 접근하시기 바랍니다.');
}
@ksort($auth);
if(isset($auth) && is_array($auth)) {
@ksort($auth);
} else {
$auth = array();
}
// 가변 메뉴
unset($auth_menu);
@ -592,5 +604,4 @@ if ( isset($_REQUEST) && $_REQUEST ){
}
// 관리자에서는 추가 스크립트는 사용하지 않는다.
//$config['cf_add_script'] = '';
?>
//$config['cf_add_script'] = '';

3
adm/admin.menu100.php
View File

@ -20,5 +20,4 @@ if(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE') &&
}
$menu['menu100'][] = array('100410', 'DB업그레이드', G5_ADMIN_URL.'/dbupgrade.php', 'db_upgrade');
$menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service');
?>
$menu['menu100'][] = array('100400', '부가서비스', G5_ADMIN_URL.'/service.php', 'cf_service');

3
adm/admin.menu200.php
View File

@ -8,5 +8,4 @@ $menu['menu200'] = array (
array('200820', '접속자로그삭제', G5_ADMIN_URL.'/visit_delete.php', 'mb_delete', 1),
array('200200', '포인트관리', G5_ADMIN_URL.'/point_list.php', 'mb_point'),
array('200900', '투표관리', G5_ADMIN_URL.'/poll_list.php', 'mb_poll')
);
?>
);

3
adm/admin.menu300.php
View File

@ -9,5 +9,4 @@ $menu['menu300'] = array (
array('300600', '내용관리', G5_ADMIN_URL.'/contentlist.php', 'scf_contents', 1),
array('300700', 'FAQ관리', G5_ADMIN_URL.'/faqmasterlist.php', 'scf_faq', 1),
array('300820', '글,댓글 현황', G5_ADMIN_URL.'/write_count.php', 'scf_write_count'),
);
?>
);

3
adm/admin.menu900.php
View File

@ -11,5 +11,4 @@ $menu["menu900"] = array (
array('900700', '휴대폰번호 그룹', ''.G5_SMS5_ADMIN_URL.'/num_group.php' , 'hp_group', 1),
array('900800', '휴대폰번호 관리', ''.G5_SMS5_ADMIN_URL.'/num_book.php', 'hp_manage', 1),
array('900900', '휴대폰번호 파일', ''.G5_SMS5_ADMIN_URL.'/num_book_file.php' , 'hp_file', 1)
);
?>
);

3
adm/admin.tail.php
View File

@ -150,5 +150,4 @@ function menu_rearrange(el)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

3
adm/ajax.token.php
View File

@ -10,5 +10,4 @@ if($error)
$token = get_admin_token();
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));
?>
die(json_encode(array('error'=>'', 'token'=>$token, 'url'=>'')));

3
adm/ajax.use_captcha.php
View File

@ -3,5 +3,4 @@ include_once('./_common.php');
if( isset($_POST['admin_use_captcha']) ){
set_session('ss_admin_use_captcha', true);
}
?>
}

3
adm/auth_list.php
View File

@ -266,5 +266,4 @@ function fauthlist_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

10
adm/auth_list_delete.php
View File

@ -10,6 +10,7 @@ if ($is_admin != 'super')
check_admin_token();
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$post_act_button = isset($_POST['act_button']) ? clean_xss_tags($_POST['act_button'], 1, 1) : '';
if (!$count)
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
@ -21,10 +22,10 @@ if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['a
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $chk[$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]);
$au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]);
$mb_id = isset($_POST['mb_id'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]) : '';
$au_menu = isset($_POST['au_menu'][$k]) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]) : '';
$sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' ";
sql_query($sql);
@ -32,5 +33,4 @@ for ($i=0; $i<$count; $i++)
run_event('adm_auth_delete_member', $mb_id, $au_menu);
}
goto_url('./auth_list.php?'.$qstr);
?>
goto_url('./auth_list.php?'.$qstr);

20
adm/auth_update.php
View File

@ -3,6 +3,11 @@ $sub_menu = "100200";
include_once('./_common.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
$au_menu = isset($_POST['au_menu']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['au_menu']) : '';
$post_r = isset($_POST['r']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['r']) : '';
$post_w = isset($_POST['w']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['w']) : '';
$post_d = isset($_POST['d']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['d']) : '';
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.');
@ -19,15 +24,15 @@ if (!chk_captcha()) {
}
$sql = " insert into {$g5['auth_table']}
set mb_id = '{$_POST['mb_id']}',
au_menu = '{$_POST['au_menu']}',
au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}' ";
set mb_id = '$mb_id',
au_menu = '$au_menu',
au_auth = '{$post_r},{$post_w},{$post_d}' ";
$result = sql_query($sql, FALSE);
if (!$result) {
$sql = " update {$g5['auth_table']}
set au_auth = '{$_POST['r']},{$_POST['w']},{$_POST['d']}'
where mb_id = '{$_POST['mb_id']}'
and au_menu = '{$_POST['au_menu']}' ";
set au_auth = '{$post_r},{$post_w},{$post_d}'
where mb_id = '$mb_id'
and au_menu = '$au_menu' ";
sql_query($sql);
}
@ -45,5 +50,4 @@ if( str_replace('-', '', G5_TIME_YMD) !== get_session('adm_auth_update') ){
run_event('adm_auth_update', $mb);
goto_url('./auth_list.php?'.$qstr);
?>
goto_url('./auth_list.php?'.$qstr);

5
adm/board_copy.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300100";
include_once("./_common.php");
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$g5['title'] = '게시판 복사';
include_once(G5_PATH.'/head.sub.php');
@ -82,5 +82,4 @@ function fboardcopy_check(f)
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

8
adm/board_copy_update.php
View File

@ -4,12 +4,12 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$target_table = trim($_POST['target_table']);
$target_subject = trim($_POST['target_subject']);
$target_table = isset($_POST['target_table']) ? trim($_POST['target_table']) : '';
$target_subject = isset($_POST['target_subject']) ? trim($_POST['target_subject']) : '';
$target_subject = strip_tags(clean_xss_attributes($target_subject));
@ -74,6 +74,7 @@ $sql = " insert into {$g5['board_table']}
bo_use_ip_view = '{$board['bo_use_ip_view']}',
bo_use_list_view = '{$board['bo_use_list_view']}',
bo_use_list_content = '{$board['bo_use_list_content']}',
bo_use_list_file = '{$board['bo_use_list_file']}',
bo_table_width = '{$board['bo_table_width']}',
bo_subject_len = '{$board['bo_subject_len']}',
bo_mobile_subject_len = '{$board['bo_mobile_subject_len']}',
@ -220,4 +221,3 @@ delete_cache_latest($target_table);
echo "<script>opener.document.location.reload();</script>";
alert("복사에 성공 했습니다.", './board_copy.php?bo_table='.$bo_table.'&amp;'.$qstr);
?>

3
adm/board_delete.inc.php
View File

@ -32,5 +32,4 @@ sql_query(" delete from {$g5['board_good_table']} where bo_table = '{$tmp_bo_tab
delete_cache_latest($tmp_bo_table);
// 게시판 폴더 전체 삭제
rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table);
?>
rm_rf(G5_DATA_PATH.'/file/'.$tmp_bo_table);

60
adm/board_form.php
View File

@ -3,7 +3,7 @@ $sub_menu = "300100";
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$sql = " select count(*) as cnt from {$g5['group_table']} ";
$row = sql_fetch($sql);
@ -11,6 +11,8 @@ if (!$row['cnt'])
alert('게시판그룹이 한개 이상 생성되어야 합니다.', './boardgroup_form.php');
$html_title = '게시판';
$reaonly = '';
$required_valid = '';
if (!isset($board['bo_device'])) {
// 게시판 사용 필드 추가
@ -84,6 +86,57 @@ if (!isset($board['bo_select_editor'])) {
sql_query(" ALTER TABLE `{$g5['board_table']}` ADD `bo_select_editor` VARCHAR(50) NOT NULL DEFAULT '' AFTER `bo_use_dhtml_editor` ", false);
}
$board_default = array(
'bo_mobile_subject'=>'',
'bo_device'=>'',
'bo_use_category'=>0,
'bo_category_list'=>'',
'bo_admin'=>'',
'bo_list_level'=>0,
'bo_read_level'=>0,
'bo_write_level'=>0,
'bo_reply_level'=>0,
'bo_comment_level'=>0,
'bo_link_level'=>0,
'bo_upload_level'=>0,
'bo_download_level'=>0,
'bo_html_level'=>0,
'bo_use_sideview'=>0,
'bo_select_editor'=>'',
'bo_use_rss_view'=>0,
'bo_use_good'=>0,
'bo_use_nogood'=>0,
'bo_use_name'=>0,
'bo_use_signature'=>0,
'bo_use_ip_view'=>0,
'bo_use_list_content'=>0,
'bo_use_list_file'=>0,
'bo_use_list_view'=>0,
'bo_use_email'=>0,
'bo_use_file_content'=>0,
'bo_use_cert'=>'',
'bo_write_min'=>0,
'bo_write_max'=>0,
'bo_comment_min'=>0,
'bo_comment_max'=>0,
'bo_use_sns'=>0,
'bo_order'=>0,
'bo_use_captcha'=>0,
'bo_content_head'=>'',
'bo_content_tail'=>'',
'bo_mobile_content_head'=>'',
'bo_mobile_content_tail'=>'',
'bo_insert_content'=>'',
'bo_sort_field'=>'',
);
for($i=0;$i<=10;$i++){
$board_default['bo_'.$i.'_subj'] = '';
$board_default['bo_'.$i] = '';
}
$board = array_merge($board_default, $board);
run_event('adm_board_form_before', $board, $w);
$required = "";
@ -188,7 +241,7 @@ $pg_anchor = '<ul class="anchor">
<tr>
<th scope="row"><label for="bo_table">TABLE<?php echo $sound_only ?></label></th>
<td colspan="2">
<input type="text" name="bo_table" value="<?php echo $board['bo_table'] ?>" id="bo_table" <?php echo $required ?> <?php echo $readonly ?> class="frm_input <?php echo $reaonly ?> <?php echo $required ?> <?php echo $required_valid ?>" maxlength="20">
<input type="text" name="bo_table" value="<?php echo $board['bo_table'] ?>" id="bo_table" <?php echo $required ?> <?php echo $readonly ?> class="frm_input <?php echo $readonly ?> <?php echo $required ?> <?php echo $required_valid ?>" maxlength="20">
<?php if ($w == '') { ?>
영문자, 숫자, _ 만 가능 (공백없이 20자 이내)
<?php } else { ?>
@ -1439,5 +1492,4 @@ function fboardform_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

280
adm/board_form_update.php
View File

@ -5,25 +5,27 @@ include_once('./_common.php');
if ($w == 'u')
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$gr_id = isset($_POST['gr_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_POST['gr_id']) : '';
$bo_admin = isset($_POST['bo_admin']) ? preg_replace('/[^a-z0-9_\, \|\#]/i', '', $_POST['bo_admin']) : '';
$bo_subject = isset($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'])) : '';
$bo_mobile_subject = isset($_POST['bo_mobile_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_mobile_subject'])) : '';
if (!$gr_id) { alert('그룹 ID는 반드시 선택하세요.'); }
if (!$bo_table) { alert('게시판 TABLE명은 반드시 입력하세요.'); }
if (!preg_match("/^([A-Za-z0-9_]{1,20})$/", $bo_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); }
if (!$_POST['bo_subject']) { alert('게시판 제목을 입력하세요.'); }
if (!$bo_subject) { alert('게시판 제목을 입력하세요.'); }
// 게시판명이 금지된 단어로 되어 있으면
if ( $w == '' && in_array($bo_table, get_bo_table_banned_word()) ){
alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.');
}
$bo_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_head, 0, 255));
$bo_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($bo_include_tail, 0, 255));
$bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_head'], 0, 255)) : '';
$bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : '';
// 관리자가 자동등록방지를 사용해야 할 경우
if ($board && ($board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
@ -40,7 +42,6 @@ if ($file = $bo_include_head) {
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
alert('상단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
$_POST['bo_include_head'] = $file;
}
if ($file = $bo_include_tail) {
@ -49,7 +50,6 @@ if ($file = $bo_include_tail) {
if( ! $file_ext || ! in_array($file_ext, array('php', 'htm', 'html')) || ! preg_match('/^.*\.(php|htm|html)$/i', $file) ) {
alert('하단 파일 경로의 확장자는 php, htm, html 만 허용합니다.');
}
$_POST['bo_include_tail'] = $file;
}
if(!is_include_path_check($bo_include_head, 1)) {
@ -73,10 +73,11 @@ $board_path = G5_DATA_PATH.'/file/'.$bo_table;
// 디렉토리에 있는 파일의 목록을 보이지 않게 한다.
$file = $board_path . '/index.php';
$f = @fopen($file, 'w');
@fwrite($f, '');
@fclose($f);
@chmod($file, G5_FILE_PERMISSION);
if( $f = @fopen($file, 'w') ){
@fwrite($f, '');
@fclose($f);
@chmod($file, G5_FILE_PERMISSION);
}
// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
$src_char = array('&', '=');
@ -85,108 +86,178 @@ $bo_category_list = isset($_POST['bo_category_list']) ? str_replace($src_char, $
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$str_bo_category_list = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $bo_category_list);
$_POST['bo_subject'] = strip_tags(clean_xss_attributes($_POST['bo_subject']));
$_POST['bo_mobile_subject'] = strip_tags(clean_xss_attributes($_POST['bo_mobile_subject']));
$bo_use_category = isset($_POST['bo_use_category']) ? (int) $_POST['bo_use_category'] : 0;
$bo_use_sideview = isset($_POST['bo_use_sideview']) ? (int) $_POST['bo_use_sideview'] : 0;
$bo_use_dhtml_editor = isset($_POST['bo_use_dhtml_editor']) ? (int) $_POST['bo_use_dhtml_editor'] : 0;
$bo_use_good = isset($_POST['bo_use_good']) ? (int) $_POST['bo_use_good'] : 0;
$bo_use_nogood = isset($_POST['bo_use_nogood']) ? (int) $_POST['bo_use_nogood'] : 0;
$bo_use_name = isset($_POST['bo_use_name']) ? (int) $_POST['bo_use_name'] : 0;
$bo_use_signature = isset($_POST['bo_use_signature']) ? (int) $_POST['bo_use_signature'] : 0;
$bo_use_ip_view = isset($_POST['bo_use_ip_view']) ? (int) $_POST['bo_use_ip_view'] : 0;
$bo_use_list_view = isset($_POST['bo_use_list_view']) ? (int) $_POST['bo_use_list_view'] : 0;
$bo_use_list_file = isset($_POST['bo_use_list_file']) ? (int) $_POST['bo_use_list_file'] : 0;
$bo_use_list_content = isset($_POST['bo_use_list_content']) ? (int) $_POST['bo_use_list_content'] : 0;
$bo_use_email = isset($_POST['bo_use_email']) ? (int) $_POST['bo_use_email'] : 0;
$bo_use_sns = isset($_POST['bo_use_sns']) ? (int) $_POST['bo_use_sns'] : 0;
$bo_use_captcha = isset($_POST['bo_use_captcha']) ? (int) $_POST['bo_use_captcha'] : 0;
$bo_table_width = isset($_POST['bo_table_width']) ? (int) $_POST['bo_table_width'] : 0;
$bo_subject_len = isset($_POST['bo_subject_len']) ? (int) $_POST['bo_subject_len'] : 0;
$bo_mobile_subject_len = isset($_POST['bo_mobile_subject_len']) ? (int) $_POST['bo_mobile_subject_len'] : 0;
$bo_page_rows = isset($_POST['bo_page_rows']) ? (int) $_POST['bo_page_rows'] : 0;
$bo_mobile_page_rows = isset($_POST['bo_mobile_page_rows']) ? (int) $_POST['bo_mobile_page_rows'] : 0;
$bo_use_rss_view = isset($_POST['bo_use_rss_view']) ? (int) $_POST['bo_use_rss_view'] : 0;
$bo_use_secret = isset($_POST['bo_use_secret']) ? (int) $_POST['bo_use_secret'] : 0;
$bo_use_file_content = isset($_POST['bo_use_file_content']) ? (int) $_POST['bo_use_file_content'] : 0;
$bo_new = isset($_POST['bo_new']) ? (int) $_POST['bo_new'] : 0;
$bo_hot = isset($_POST['bo_hot']) ? (int) $_POST['bo_hot'] : 0;
$bo_image_width = isset($_POST['bo_image_width']) ? (int) $_POST['bo_image_width'] : 0;
$bo_use_search = isset($_POST['bo_use_search']) ? (int) $_POST['bo_use_search'] : 0;
$bo_use_cert = isset($_POST['bo_use_cert']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['bo_use_cert']) : '';
$bo_device = isset($_POST['bo_device']) ? clean_xss_tags($_POST['bo_device'], 1, 1) : '';
$bo_list_level = isset($_POST['bo_list_level']) ? (int) $_POST['bo_list_level'] : 0;
$bo_read_level = isset($_POST['bo_read_level']) ? (int) $_POST['bo_read_level'] : 0;
$bo_write_level = isset($_POST['bo_write_level']) ? (int) $_POST['bo_write_level'] : 0;
$bo_reply_level = isset($_POST['bo_reply_level']) ? (int) $_POST['bo_reply_level'] : 0;
$bo_comment_level = isset($_POST['bo_comment_level']) ? (int) $_POST['bo_comment_level'] : 0;
$bo_html_level = isset($_POST['bo_html_level']) ? (int) $_POST['bo_html_level'] : 0;
$bo_link_level = isset($_POST['bo_link_level']) ? (int) $_POST['bo_link_level'] : 0;
$bo_count_modify = isset($_POST['bo_count_modify']) ? (int) $_POST['bo_count_modify'] : 0;
$bo_count_delete = isset($_POST['bo_count_delete']) ? (int) $_POST['bo_count_delete'] : 0;
$bo_upload_level = isset($_POST['bo_upload_level']) ? (int) $_POST['bo_upload_level'] : 0;
$bo_download_level = isset($_POST['bo_download_level']) ? (int) $_POST['bo_download_level'] : 0;
$bo_read_point = isset($_POST['bo_read_point']) ? (int) $_POST['bo_read_point'] : 0;
$bo_write_point = isset($_POST['bo_write_point']) ? (int) $_POST['bo_write_point'] : 0;
$bo_comment_point = isset($_POST['bo_comment_point']) ? (int) $_POST['bo_comment_point'] : 0;
$bo_download_point = isset($_POST['bo_download_point']) ? (int) $_POST['bo_download_point'] : 0;
$bo_select_editor = isset($_POST['bo_select_editor']) ? clean_xss_tags($_POST['bo_select_editor'], 1, 1) : '';
$bo_skin = isset($_POST['bo_skin']) ? clean_xss_tags($_POST['bo_skin'], 1, 1) : '';
$bo_mobile_skin = isset($_POST['bo_mobile_skin']) ? clean_xss_tags($_POST['bo_mobile_skin'], 1, 1) : '';
$bo_content_head = isset($_POST['bo_content_head']) ? $_POST['bo_content_head'] : '';
$bo_content_tail = isset($_POST['bo_content_tail']) ? $_POST['bo_content_tail'] : '';
$bo_mobile_content_head = isset($_POST['bo_mobile_content_head']) ? $_POST['bo_mobile_content_head'] : '';
$bo_mobile_content_tail = isset($_POST['bo_mobile_content_tail']) ? $_POST['bo_mobile_content_tail'] : '';
$bo_insert_content = isset($_POST['bo_insert_content']) ? $_POST['bo_insert_content'] : '';
$bo_gallery_cols = isset($_POST['bo_gallery_cols']) ? (int) $_POST['bo_gallery_cols'] : 0;
$bo_gallery_width = isset($_POST['bo_gallery_width']) ? (int) $_POST['bo_gallery_width'] : 0;
$bo_gallery_height = isset($_POST['bo_gallery_height']) ? (int) $_POST['bo_gallery_height'] : 0;
$bo_mobile_gallery_width = isset($_POST['bo_mobile_gallery_width']) ? (int) $_POST['bo_mobile_gallery_width'] : 0;
$bo_mobile_gallery_height = isset($_POST['bo_mobile_gallery_height']) ? (int) $_POST['bo_mobile_gallery_height'] : 0;
$bo_upload_count = isset($_POST['bo_upload_count']) ? (int) $_POST['bo_upload_count'] : 0;
$bo_upload_size = isset($_POST['bo_upload_size']) ? (int) $_POST['bo_upload_size'] : 0;
$bo_reply_order = isset($_POST['bo_reply_order']) ? (int) $_POST['bo_reply_order'] : 0;
$bo_order = isset($_POST['bo_order']) ? (int) $_POST['bo_order'] : 0;
$bo_write_min = isset($_POST['bo_write_min']) ? (int) $_POST['bo_write_min'] : 0;
$bo_write_max = isset($_POST['bo_write_max']) ? (int) $_POST['bo_write_max'] : 0;
$bo_comment_min = isset($_POST['bo_comment_min']) ? (int) $_POST['bo_comment_min'] : 0;
$bo_comment_max = isset($_POST['bo_comment_max']) ? (int) $_POST['bo_comment_max'] : 0;
$bo_sort_field = isset($_POST['bo_sort_field']) ? clean_xss_tags($_POST['bo_sort_field'], 1, 1) : '';
$etcs = array();
for($i=1;$i<=10;$i++){
$etcs['bo_'.$i.'_subj'] = ${'bo_'.$i.'_subj'} = isset($_POST['bo_'.$i.'_subj']) ? $_POST['bo_'.$i.'_subj'] : '';
$etcs['bo_'.$i] = ${'bo_'.$i} = isset($_POST['bo_'.$i]) ? $_POST['bo_'.$i] : '';
}
$sql_common = " gr_id = '{$gr_id}',
bo_subject = '{$_POST['bo_subject']}',
bo_mobile_subject = '{$_POST['bo_mobile_subject']}',
bo_device = '{$_POST['bo_device']}',
bo_subject = '{$bo_subject}',
bo_mobile_subject = '{$bo_mobile_subject}',
bo_device = '{$bo_device}',
bo_admin = '{$bo_admin}',
bo_list_level = '{$_POST['bo_list_level']}',
bo_read_level = '{$_POST['bo_read_level']}',
bo_write_level = '{$_POST['bo_write_level']}',
bo_reply_level = '{$_POST['bo_reply_level']}',
bo_comment_level = '{$_POST['bo_comment_level']}',
bo_html_level = '{$_POST['bo_html_level']}',
bo_link_level = '{$_POST['bo_link_level']}',
bo_count_modify = '{$_POST['bo_count_modify']}',
bo_count_delete = '{$_POST['bo_count_delete']}',
bo_upload_level = '{$_POST['bo_upload_level']}',
bo_download_level = '{$_POST['bo_download_level']}',
bo_read_point = '{$_POST['bo_read_point']}',
bo_write_point = '{$_POST['bo_write_point']}',
bo_comment_point = '{$_POST['bo_comment_point']}',
bo_download_point = '{$_POST['bo_download_point']}',
bo_use_category = '{$_POST['bo_use_category']}',
bo_list_level = '{$bo_list_level}',
bo_read_level = '{$bo_read_level}',
bo_write_level = '{$bo_write_level}',
bo_reply_level = '{$bo_reply_level}',
bo_comment_level = '{$bo_comment_level}',
bo_html_level = '{$bo_html_level}',
bo_link_level = '{$bo_link_level}',
bo_count_modify = '{$bo_count_modify}',
bo_count_delete = '{$bo_count_delete}',
bo_upload_level = '{$bo_upload_level}',
bo_download_level = '{$bo_download_level}',
bo_read_point = '{$bo_read_point}',
bo_write_point = '{$bo_write_point}',
bo_comment_point = '{$bo_comment_point}',
bo_download_point = '{$bo_download_point}',
bo_use_category = '{$bo_use_category}',
bo_category_list = '{$str_bo_category_list}',
bo_use_sideview = '{$_POST['bo_use_sideview']}',
bo_use_file_content = '{$_POST['bo_use_file_content']}',
bo_use_secret = '{$_POST['bo_use_secret']}',
bo_use_dhtml_editor = '{$_POST['bo_use_dhtml_editor']}',
bo_select_editor = '{$_POST['bo_select_editor']}',
bo_use_rss_view = '{$_POST['bo_use_rss_view']}',
bo_use_good = '{$_POST['bo_use_good']}',
bo_use_nogood = '{$_POST['bo_use_nogood']}',
bo_use_name = '{$_POST['bo_use_name']}',
bo_use_signature = '{$_POST['bo_use_signature']}',
bo_use_ip_view = '{$_POST['bo_use_ip_view']}',
bo_use_list_view = '{$_POST['bo_use_list_view']}',
bo_use_list_file = '{$_POST['bo_use_list_file']}',
bo_use_list_content = '{$_POST['bo_use_list_content']}',
bo_use_email = '{$_POST['bo_use_email']}',
bo_use_cert = '{$_POST['bo_use_cert']}',
bo_use_sns = '{$_POST['bo_use_sns']}',
bo_use_captcha = '{$_POST['bo_use_captcha']}',
bo_table_width = '{$_POST['bo_table_width']}',
bo_subject_len = '{$_POST['bo_subject_len']}',
bo_mobile_subject_len = '{$_POST['bo_mobile_subject_len']}',
bo_page_rows = '{$_POST['bo_page_rows']}',
bo_mobile_page_rows = '{$_POST['bo_mobile_page_rows']}',
bo_new = '{$_POST['bo_new']}',
bo_hot = '{$_POST['bo_hot']}',
bo_image_width = '{$_POST['bo_image_width']}',
bo_skin = '{$_POST['bo_skin']}',
bo_mobile_skin = '{$_POST['bo_mobile_skin']}',
bo_use_sideview = '{$bo_use_sideview}',
bo_use_file_content = '{$bo_use_file_content}',
bo_use_secret = '{$bo_use_secret}',
bo_use_dhtml_editor = '{$bo_use_dhtml_editor}',
bo_select_editor = '{$bo_select_editor}',
bo_use_rss_view = '{$bo_use_rss_view}',
bo_use_good = '{$bo_use_good}',
bo_use_nogood = '{$bo_use_nogood}',
bo_use_name = '{$bo_use_name}',
bo_use_signature = '{$bo_use_signature}',
bo_use_ip_view = '{$bo_use_ip_view}',
bo_use_list_view = '{$bo_use_list_view}',
bo_use_list_file = '{$bo_use_list_file}',
bo_use_list_content = '{$bo_use_list_content}',
bo_use_email = '{$bo_use_email}',
bo_use_cert = '{$bo_use_cert}',
bo_use_sns = '{$bo_use_sns}',
bo_use_captcha = '{$bo_use_captcha}',
bo_table_width = '{$bo_table_width}',
bo_subject_len = '{$bo_subject_len}',
bo_mobile_subject_len = '{$bo_mobile_subject_len}',
bo_page_rows = '{$bo_page_rows}',
bo_mobile_page_rows = '{$bo_mobile_page_rows}',
bo_new = '{$bo_new}',
bo_hot = '{$bo_hot}',
bo_image_width = '{$bo_image_width}',
bo_skin = '{$bo_skin}',
bo_mobile_skin = '{$bo_mobile_skin}',
";
// 최고 관리자인 경우에만 수정가능
if ($is_admin === 'super'){
$sql_common .= " bo_include_head = '".$bo_include_head."',
bo_include_tail = '".$bo_include_tail."',
bo_content_head = '{$_POST['bo_content_head']}',
bo_content_tail = '{$_POST['bo_content_tail']}',
bo_mobile_content_head = '{$_POST['bo_mobile_content_head']}',
bo_mobile_content_tail = '{$_POST['bo_mobile_content_tail']}',
bo_content_head = '{$bo_content_head}',
bo_content_tail = '{$bo_content_tail}',
bo_mobile_content_head = '{$bo_mobile_content_head}',
bo_mobile_content_tail = '{$bo_mobile_content_tail}',
";
}
$sql_common .= " bo_insert_content = '{$_POST['bo_insert_content']}',
bo_gallery_cols = '{$_POST['bo_gallery_cols']}',
bo_gallery_width = '{$_POST['bo_gallery_width']}',
bo_gallery_height = '{$_POST['bo_gallery_height']}',
bo_mobile_gallery_width = '{$_POST['bo_mobile_gallery_width']}',
bo_mobile_gallery_height= '{$_POST['bo_mobile_gallery_height']}',
bo_upload_count = '{$_POST['bo_upload_count']}',
bo_upload_size = '{$_POST['bo_upload_size']}',
bo_reply_order = '{$_POST['bo_reply_order']}',
bo_use_search = '{$_POST['bo_use_search']}',
bo_order = '{$_POST['bo_order']}',
bo_write_min = '{$_POST['bo_write_min']}',
bo_write_max = '{$_POST['bo_write_max']}',
bo_comment_min = '{$_POST['bo_comment_min']}',
bo_comment_max = '{$_POST['bo_comment_max']}',
bo_sort_field = '{$_POST['bo_sort_field']}',
bo_1_subj = '{$_POST['bo_1_subj']}',
bo_2_subj = '{$_POST['bo_2_subj']}',
bo_3_subj = '{$_POST['bo_3_subj']}',
bo_4_subj = '{$_POST['bo_4_subj']}',
bo_5_subj = '{$_POST['bo_5_subj']}',
bo_6_subj = '{$_POST['bo_6_subj']}',
bo_7_subj = '{$_POST['bo_7_subj']}',
bo_8_subj = '{$_POST['bo_8_subj']}',
bo_9_subj = '{$_POST['bo_9_subj']}',
bo_10_subj = '{$_POST['bo_10_subj']}',
bo_1 = '{$_POST['bo_1']}',
bo_2 = '{$_POST['bo_2']}',
bo_3 = '{$_POST['bo_3']}',
bo_4 = '{$_POST['bo_4']}',
bo_5 = '{$_POST['bo_5']}',
bo_6 = '{$_POST['bo_6']}',
bo_7 = '{$_POST['bo_7']}',
bo_8 = '{$_POST['bo_8']}',
bo_9 = '{$_POST['bo_9']}',
bo_10 = '{$_POST['bo_10']}' ";
$sql_common .= " bo_insert_content = '{$bo_insert_content}',
bo_gallery_cols = '{$bo_gallery_cols}',
bo_gallery_width = '{$bo_gallery_width}',
bo_gallery_height = '{$bo_gallery_height}',
bo_mobile_gallery_width = '{$bo_mobile_gallery_width}',
bo_mobile_gallery_height= '{$bo_mobile_gallery_height}',
bo_upload_count = '{$bo_upload_count}',
bo_upload_size = '{$bo_upload_size}',
bo_reply_order = '{$bo_reply_order}',
bo_use_search = '{$bo_use_search}',
bo_order = '{$bo_order}',
bo_write_min = '{$bo_write_min}',
bo_write_max = '{$bo_write_max}',
bo_comment_min = '{$bo_comment_min}',
bo_comment_max = '{$bo_comment_max}',
bo_sort_field = '{$bo_sort_field}',
bo_1_subj = '{$bo_1_subj}',
bo_2_subj = '{$bo_2_subj}',
bo_3_subj = '{$bo_3_subj}',
bo_4_subj = '{$bo_4_subj}',
bo_5_subj = '{$bo_5_subj}',
bo_6_subj = '{$bo_6_subj}',
bo_7_subj = '{$bo_7_subj}',
bo_8_subj = '{$bo_8_subj}',
bo_9_subj = '{$bo_9_subj}',
bo_10_subj = '{$bo_10_subj}',
bo_1 = '{$bo_1}',
bo_2 = '{$bo_2}',
bo_3 = '{$bo_3}',
bo_4 = '{$bo_4}',
bo_5 = '{$bo_5}',
bo_6 = '{$bo_6}',
bo_7 = '{$bo_7}',
bo_8 = '{$bo_8}',
bo_9 = '{$bo_9}',
bo_10 = '{$bo_10}' ";
if ($w == '') {
@ -355,8 +426,8 @@ if (is_checked('chk_grp_use_search')) $grp_fields .= " , bo_use_search
if (is_checked('chk_grp_order')) $grp_fields .= " , bo_order = '{$bo_order}' ";
for ($i=1; $i<=10; $i++) {
if (is_checked('chk_grp_'.$i)) {
$grp_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' ";
$grp_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' ";
$grp_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
$grp_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
}
}
@ -445,8 +516,8 @@ if (is_checked('chk_all_use_search')) $all_fields .= " , bo_use_search
if (is_checked('chk_all_order')) $all_fields .= " , bo_order = '{$bo_order}' ";
for ($i=1; $i<=10; $i++) {
if (is_checked('chk_all_'.$i)) {
$all_fields .= " , bo_{$i}_subj = '".$_POST['bo_'.$i.'_subj']."' ";
$all_fields .= " , bo_{$i} = '".$_POST['bo_'.$i]."' ";
$all_fields .= " , bo_{$i}_subj = '".$etcs['bo_'.$i.'_subj']."' ";
$all_fields .= " , bo_{$i} = '".$etcs['bo_'.$i]."' ";
}
}
@ -461,5 +532,4 @@ if(function_exists('get_admin_captcha_by'))
run_event('admin_board_form_update', $bo_table, $w);
goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");
?>
goto_url("./board_form.php?w=u&bo_table={$bo_table}&amp;{$qstr}");

13
adm/board_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300100";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['board_table']} a ";
$sql_search = " where (1) ";
@ -63,9 +63,9 @@ $colspan = 15;
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="bo_table"<?php echo get_selected($_GET['sfl'], "bo_table", true); ?>>TABLE</option>
<option value="bo_subject"<?php echo get_selected($_GET['sfl'], "bo_subject"); ?>>제목</option>
<option value="a.gr_id"<?php echo get_selected($_GET['sfl'], "a.gr_id"); ?>>그룹ID</option>
<option value="bo_table"<?php echo get_selected($sfl, "bo_table", true); ?>>TABLE</option>
<option value="bo_subject"<?php echo get_selected($sfl, "bo_subject"); ?>>제목</option>
<option value="a.gr_id"<?php echo get_selected($sfl, "a.gr_id"); ?>>그룹ID</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -81,7 +81,7 @@ $colspan = 15;
<input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>">
<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap">
<table>
@ -235,5 +235,4 @@ $(function(){
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

73
adm/board_list_update.php
View File

@ -4,28 +4,42 @@ include_once('./_common.php');
check_demo();
if (!count($_POST['chk'])) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
$post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
if (! $post_count_chk) {
alert($act_button." 하실 항목을 하나 이상 체크하세요.");
}
check_admin_token();
$act_button = isset($_POST['act_button']) ? strip_tags($_POST['act_button']) : '';
$chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? $_POST['chk'] : array();
$board_table = (isset($_POST['board_table']) && is_array($_POST['board_table'])) ? $_POST['board_table'] : array();
if ($act_button === "선택수정") {
if ($_POST['act_button'] == "선택수정") {
auth_check_menu($auth, $sub_menu, 'w');
auth_check($auth[$sub_menu], 'w');
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$post_count_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$post_gr_id = isset($_POST['gr_id'][$k]) ? clean_xss_tags($_POST['gr_id'][$k], 1, 1) : '';
$post_bo_device = isset($_POST['bo_device'][$k]) ? clean_xss_tags($_POST['bo_device'][$k], 1, 1) : '';
$post_bo_skin = isset($_POST['bo_skin'][$k]) ? clean_xss_tags($_POST['bo_skin'][$k], 1, 1) : '';
$post_bo_mobile_skin = isset($_POST['bo_mobile_skin'][$k]) ? clean_xss_tags($_POST['bo_mobile_skin'][$k], 1, 1) : '';
$post_bo_read_point = isset($_POST['bo_read_point'][$k]) ? clean_xss_tags($_POST['bo_read_point'][$k], 1, 1) : '';
$post_bo_write_point = isset($_POST['bo_write_point'][$k]) ? clean_xss_tags($_POST['bo_write_point'][$k], 1, 1) : '';
$post_bo_comment_point = isset($_POST['bo_comment_point'][$k]) ? clean_xss_tags($_POST['bo_comment_point'][$k], 1, 1) : '';
$post_bo_download_point = isset($_POST['bo_download_point'][$k]) ? clean_xss_tags($_POST['bo_download_point'][$k], 1, 1) : '';
$post_bo_use_search = isset($_POST['bo_use_search'][$k]) ? clean_xss_tags($_POST['bo_use_search'][$k], 1, 1) : '';
$post_bo_use_sns = isset($_POST['bo_use_sns'][$k]) ? clean_xss_tags($_POST['bo_use_sns'][$k], 1, 1) : '';
$post_bo_order = isset($_POST['bo_order'][$k]) ? clean_xss_tags($_POST['bo_order'][$k], 1, 1) : '';
$post_board_table = isset($_POST['board_table'][$k]) ? clean_xss_tags($_POST['board_table'][$k], 1, 1) : '';
if ($is_admin != 'super') {
$sql = " select count(*) as cnt from {$g5['board_table']} a, {$g5['group_table']} b
where a.gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."'
where a.gr_id = '".sql_real_escape_string($post_gr_id)."'
and a.gr_id = b.gr_id
and b.gr_admin = '{$member['mb_id']}' ";
$row = sql_fetch($sql);
@ -36,39 +50,39 @@ if ($_POST['act_button'] == "선택수정") {
$p_bo_subject = is_array($_POST['bo_subject']) ? strip_tags(clean_xss_attributes($_POST['bo_subject'][$k])) : '';
$sql = " update {$g5['board_table']}
set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."',
set gr_id = '".sql_real_escape_string($post_gr_id)."',
bo_subject = '".$p_bo_subject."',
bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."',
bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."',
bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."',
bo_read_point = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."',
bo_write_point = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."',
bo_comment_point = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."',
bo_download_point = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."',
bo_use_search = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."',
bo_use_sns = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."',
bo_order = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."'
where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' ";
bo_device = '".sql_real_escape_string($post_bo_device)."',
bo_skin = '".sql_real_escape_string($post_bo_skin)."',
bo_mobile_skin = '".sql_real_escape_string($post_bo_mobile_skin)."',
bo_read_point = '".sql_real_escape_string($post_bo_read_point)."',
bo_write_point = '".sql_real_escape_string($post_bo_write_point)."',
bo_comment_point = '".sql_real_escape_string($post_bo_comment_point)."',
bo_download_point = '".sql_real_escape_string($post_bo_download_point)."',
bo_use_search = '".sql_real_escape_string($post_bo_use_search)."',
bo_use_sns = '".sql_real_escape_string($post_bo_use_sns)."',
bo_order = '".sql_real_escape_string($post_bo_order)."'
where bo_table = '".sql_real_escape_string($post_board_table)."' ";
sql_query($sql);
}
} else if ($_POST['act_button'] == "선택삭제") {
} else if ($act_button === "선택삭제") {
if ($is_admin != 'super')
alert('게시판 삭제는 최고관리자만 가능합니다.');
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
// _BOARD_DELETE_ 상수를 선언해야 board_delete.inc.php 가 정상 작동함
define('_BOARD_DELETE_', true);
for ($i=0; $i<count($_POST['chk']); $i++) {
for ($i=0; $i<$post_count_chk; $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
// include 전에 $bo_table 값을 반드시 넘겨야 함
$tmp_bo_table = trim($_POST['board_table'][$k]);
$tmp_bo_table = isset($_POST['board_table'][$k]) ? trim(clean_xss_tags($_POST['board_table'][$k], 1, 1)) : '';
if( preg_match("/^[A-Za-z0-9_]+$/", $tmp_bo_table) ){
include ('./board_delete.inc.php');
@ -80,5 +94,4 @@ if ($_POST['act_button'] == "선택수정") {
run_event('admin_board_list_update', $act_button, $chk, $board_table, $qstr);
goto_url('./board_list.php?'.$qstr);
?>
goto_url('./board_list.php?'.$qstr);

5
adm/board_thumbnail_delete.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300100';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
if(!$board['bo_table'])
alert('존재하지 않는 게시판입니다.');
@ -48,5 +48,4 @@ if(is_dir($dir)) {
<div class="btn_confirm01 btn_confirm"><a href="./board_form.php?w=u&amp;bo_table=<?php echo $bo_table; ?>&amp;<?php echo $qstr; ?>">게시판 수정으로 돌아가기</a></div>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

18
adm/boardgroup_form.php
View File

@ -2,17 +2,24 @@
$sub_menu = "300200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
$html_title = '게시판그룹';
$gr_id_attr = '';
$sound_only = '';
if( ! isset($group['gr_id']) ){
$group['gr_id'] = '';
$group['gr_subject'] = '';
$group['gr_device'] = '';
}
if ($w == '') {
$gr_id_attr = 'required';
$sound_only = '<strong class="sound_only"> 필수</strong>';
$gr = array('gr_use_access' => 0);
$gr = array('gr_use_access' => 0, 'gr_admin'=>'');
$html_title .= ' 생성';
} else if ($w == 'u') {
$gr_id_attr = 'readonly';
@ -115,9 +122,9 @@ include_once('./admin.head.php');
<th scope="row">여분필드<?php echo $i ?></th>
<td class="td_extra">
<label for="gr_<?php echo $i ?>_subj">여분필드 <?php echo $i ?> 제목</label>
<input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo get_text($group['gr_'.$i.'_subj']) ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
<input type="text" name="gr_<?php echo $i ?>_subj" value="<?php echo isset($group['gr_'.$i.'_subj']) ? get_text($group['gr_'.$i.'_subj']) : ''; ?>" id="gr_<?php echo $i ?>_subj" class="frm_input">
<label for="gr_<?php echo $i ?>">여분필드 <?php echo $i ?> 내용</label>
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo get_sanitize_input($gr['gr_'.$i]); ?>" id="gr_<?php echo $i ?>" class="frm_input">
<input type="text" name="gr_<?php echo $i ?>" value="<?php echo isset($gr['gr_'.$i]) ? get_sanitize_input($gr['gr_'.$i]) : ''; ?>" id="gr_<?php echo $i ?>" class="frm_input">
</td>
</tr>
<?php } ?>
@ -148,5 +155,4 @@ function fboardgroup_check(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

82
adm/boardgroup_form_update.php
View File

@ -5,42 +5,63 @@ include_once('./_common.php');
if ($w == 'u')
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super' && $w == '') alert('최고관리자만 접근 가능합니다.');
check_admin_token();
if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $_POST['gr_id']))
$gr_id = isset($_POST['gr_id']) ? $_POST['gr_id'] : '';
if (!preg_match("/^([A-Za-z0-9_]{1,10})$/", $gr_id))
alert('그룹 ID는 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (10자 이내)');
if (!$gr_subject) alert('그룹 제목을 입력하세요.');
$gr_subject = isset($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'])) : '';
$posts = array();
$sql_common = " gr_subject = '{$gr_subject}',
gr_device = '{$_POST['gr_device']}',
gr_admin = '{$_POST['gr_admin']}',
gr_1_subj = '{$_POST['gr_1_subj']}',
gr_2_subj = '{$_POST['gr_2_subj']}',
gr_3_subj = '{$_POST['gr_3_subj']}',
gr_4_subj = '{$_POST['gr_4_subj']}',
gr_5_subj = '{$_POST['gr_5_subj']}',
gr_6_subj = '{$_POST['gr_6_subj']}',
gr_7_subj = '{$_POST['gr_7_subj']}',
gr_8_subj = '{$_POST['gr_8_subj']}',
gr_9_subj = '{$_POST['gr_9_subj']}',
gr_10_subj = '{$_POST['gr_10_subj']}',
gr_1 = '{$_POST['gr_1']}',
gr_2 = '{$_POST['gr_2']}',
gr_3 = '{$_POST['gr_3']}',
gr_4 = '{$_POST['gr_4']}',
gr_5 = '{$_POST['gr_5']}',
gr_6 = '{$_POST['gr_6']}',
gr_7 = '{$_POST['gr_7']}',
gr_8 = '{$_POST['gr_8']}',
gr_9 = '{$_POST['gr_9']}',
gr_10 = '{$_POST['gr_10']}' ";
$check_keys = array(
'gr_subject'=>'',
'gr_device'=>'',
'gr_admin'=>'',
);
for($i=1;$i<=10;$i++){
$check_keys['gr_'.$i.'_subj'] = isset($_POST['gr_'.$i.'_subj']) ? $_POST['gr_'.$i.'_subj'] : '';
$check_keys['gr_'.$i] = isset($_POST['gr_'.$i]) ? $_POST['gr_'.$i] : '';
}
foreach( $check_keys as $key=>$value ){
if( $key === 'gr_subject' ){
$posts[$key] = isset($_POST[$key]) ? strip_tags(clean_xss_attributes($_POST[$key])) : '';
} else {
$posts[$key] = isset($_POST[$key]) ? $_POST[$key] : '';
}
}
$sql_common = " gr_subject = '{$posts['gr_subject']}',
gr_device = '{$posts['gr_device']}',
gr_admin = '{$posts['gr_admin']}',
gr_1_subj = '{$posts['gr_1_subj']}',
gr_2_subj = '{$posts['gr_2_subj']}',
gr_3_subj = '{$posts['gr_3_subj']}',
gr_4_subj = '{$posts['gr_4_subj']}',
gr_5_subj = '{$posts['gr_5_subj']}',
gr_6_subj = '{$posts['gr_6_subj']}',
gr_7_subj = '{$posts['gr_7_subj']}',
gr_8_subj = '{$posts['gr_8_subj']}',
gr_9_subj = '{$posts['gr_9_subj']}',
gr_10_subj = '{$posts['gr_10_subj']}',
gr_1 = '{$posts['gr_1']}',
gr_2 = '{$posts['gr_2']}',
gr_3 = '{$posts['gr_3']}',
gr_4 = '{$posts['gr_4']}',
gr_5 = '{$posts['gr_5']}',
gr_6 = '{$posts['gr_6']}',
gr_7 = '{$posts['gr_7']}',
gr_8 = '{$posts['gr_8']}',
gr_9 = '{$posts['gr_9']}',
gr_10 = '{$posts['gr_10']}' ";
if (isset($_POST['gr_use_access']))
$sql_common .= ", gr_use_access = '{$_POST['gr_use_access']}' ";
else
@ -48,13 +69,13 @@ else
if ($w == '') {
$sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$_POST['gr_id']}' ";
$sql = " select count(*) as cnt from {$g5['group_table']} where gr_id = '{$gr_id}' ";
$row = sql_fetch($sql);
if ($row['cnt'])
alert('이미 존재하는 그룹 ID 입니다.');
$sql = " insert into {$g5['group_table']}
set gr_id = '{$_POST['gr_id']}',
set gr_id = '{$gr_id}',
{$sql_common} ";
sql_query($sql);
@ -62,7 +83,7 @@ if ($w == '') {
$sql = " update {$g5['group_table']}
set {$sql_common}
where gr_id = '{$_POST['gr_id']}' ";
where gr_id = '{$gr_id}' ";
sql_query($sql);
} else {
@ -71,5 +92,4 @@ if ($w == '') {
run_event('admin_boardgroup_form_update', $gr_id, $w);
goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr);
?>
goto_url('./boardgroup_form.php?w=u&amp;gr_id='.$gr_id.'&amp;'.$qstr);

13
adm/boardgroup_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
if (!isset($group['gr_device'])) {
// 게시판 그룹 사용 필드 추가
@ -10,7 +10,7 @@ if (!isset($group['gr_device'])) {
// pc : pc 전용 사용
// mobile : mobile 전용 사용
// none : 사용 안함
sql_query(" ALTER TABLE `{$g5['board_group_table']}` ADD `gr_device` ENUM( 'both', 'pc', 'mobile' ) NOT NULL DEFAULT 'both' AFTER `gr_subject` ", false);
sql_query(" ALTER TABLE `{$g5['group_table']}` ADD `gr_device` ENUM( 'both', 'pc', 'mobile' ) NOT NULL DEFAULT 'both' AFTER `gr_subject` ", false);
}
$sql_common = " from {$g5['group_table']} ";
@ -66,9 +66,9 @@ $colspan = 10;
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="gr_subject"<?php echo get_selected($_GET['sfl'], "gr_subject"); ?>>제목</option>
<option value="gr_id"<?php echo get_selected($_GET['sfl'], "gr_id"); ?>>ID</option>
<option value="gr_admin"<?php echo get_selected($_GET['sfl'], "gr_admin"); ?>>그룹관리자</option>
<option value="gr_subject"<?php echo get_selected($sfl, "gr_subject"); ?>>제목</option>
<option value="gr_id"<?php echo get_selected($sfl, "gr_id"); ?>>ID</option>
<option value="gr_admin"<?php echo get_selected($sfl, "gr_admin"); ?>>그룹관리자</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" id="stx" value="<?php echo $stx ?>" required class="required frm_input">
@ -207,5 +207,4 @@ function fboardgrouplist_submit(f)
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

22
adm/boardgroup_list_update.php
View File

@ -6,7 +6,7 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
@ -21,18 +21,21 @@ if(!$count)
for ($i=0; $i<$count; $i++)
{
$k = $post_chk[$i];
$k = isset($post_chk[$i]) ? (int) $post_chk[$i] : 0;
$gr_id = preg_replace('/[^a-z0-9_]/i', '', $post_group_id[$k]);
$gr_subject = is_array($_POST['gr_subject']) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
$gr_admin = is_array($_POST['gr_admin']) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
$gr_subject = isset($_POST['gr_subject'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_subject'][$k])) : '';
$gr_admin = isset($_POST['gr_admin'][$k]) ? strip_tags(clean_xss_attributes($_POST['gr_admin'][$k])) : '';
$gr_device = isset($_POST['gr_device'][$k]) ? clean_xss_tags($_POST['gr_device'][$k], 1, 1, 10) : '';
$gr_use_access = isset($_POST['gr_use_access'][$k]) ? (int) $_POST['gr_use_access'][$k] : 0;
$gr_order = isset($_POST['gr_order'][$k]) ? (int) $_POST['gr_order'][$k] : 0;
if($act_button == '선택수정') {
$sql = " update {$g5['group_table']}
set gr_subject = '{$gr_subject}',
gr_device = '".sql_real_escape_string($_POST['gr_device'][$k])."',
gr_admin = '".sql_real_escape_string($_POST['gr_admin'][$k])."',
gr_use_access = '".sql_real_escape_string($_POST['gr_use_access'][$k])."',
gr_order = '".sql_real_escape_string($_POST['gr_order'][$k])."'
gr_device = '".sql_real_escape_string($gr_device)."',
gr_admin = '".sql_real_escape_string($gr_admin)."',
gr_use_access = '".$gr_use_access."',
gr_order = '".$gr_order."'
where gr_id = '{$gr_id}' ";
if ($is_admin != 'super')
$sql .= " and gr_admin = '{$gr_admin}' ";
@ -52,5 +55,4 @@ for ($i=0; $i<$count; $i++)
run_event('admin_boardgroup_list_update', $act_button, $chk, $post_group_id, $qstr);
goto_url('./boardgroup_list.php?'.$qstr);
?>
goto_url('./boardgroup_list.php?'.$qstr);

11
adm/boardgroupmember_form.php
View File

@ -2,10 +2,12 @@
$sub_menu = "300200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$mb = get_member($mb_id);
if (!$mb['mb_id'])
$token = isset($token) ? $token : '';
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('존재하지 않는 회원입니다.');
$g5['title'] = '접근가능그룹';
@ -51,7 +53,7 @@ $colspan = 4;
<input type="hidden" name="sfl" value="<?php echo $sfl ?>" id="sfl">
<input type="hidden" name="stx" value="<?php echo $stx ?>" id="stx">
<input type="hidden" name="page" value="<?php echo $page ?>" id="page">
<input type="hidden" name="token" value="<?php echo $token ?>" id="token">
<input type="hidden" name="token" value="<?php echo get_sanitize_input($token); ?>" id="token">
<input type="hidden" name="mb_id" value="<?php echo $mb['mb_id'] ?>" id="mb_id">
<input type="hidden" name="w" value="d" id="w">
@ -128,5 +130,4 @@ function boardgroupmember_form_check(f)
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

7
adm/boardgroupmember_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$gr = get_group($gr_id);
if (!$gr['gr_id']) {
@ -59,7 +59,7 @@ $colspan = 7;
<input type="hidden" name="gr_id" value="<?php echo $gr_id ?>">
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="a.mb_id"<?php echo get_selected($_GET['sfl'], "a.mb_id") ?>>회원아이디</option>
<option value="a.mb_id"<?php echo get_selected($sfl, "a.mb_id") ?>>회원아이디</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -152,5 +152,4 @@ function fboardgroupmember_submit(f)
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

7
adm/boardgroupmember_update.php
View File

@ -6,7 +6,7 @@ sql_query(" ALTER TABLE {$g5['group_member_table']} CHANGE `gm_id` `gm_id` INT(
if ($w == '')
{
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$mb = get_member($mb_id);
if (!$mb['mb_id']) {
@ -39,7 +39,7 @@ if ($w == '')
}
else if ($w == 'd' || $w == 'ld')
{
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
$count = count($_POST['chk']);
if(!$count)
@ -66,5 +66,4 @@ else if ($w == 'd' || $w == 'ld')
if ($w == 'ld')
goto_url('./boardgroupmember_list.php?gr_id='.$gr_id);
else
goto_url('./boardgroupmember_form.php?mb_id='.$mb_id);
?>
goto_url('./boardgroupmember_form.php?mb_id='.$mb_id);

3
adm/browscap.php
View File

@ -41,5 +41,4 @@ $(function() {
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/browscap_convert.php
View File

@ -8,7 +8,7 @@ if(!(version_compare(phpversion(), '5.3.0', '>=') && defined('G5_BROWSCAP_USE')
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.');
$rows = preg_replace('#[^0-9]#', '', $_GET['rows']);
$rows = isset($_GET['rows']) ? preg_replace('#[^0-9]#', '', $_GET['rows']) : 0;
if(!$rows)
$rows = 100;
@ -42,5 +42,4 @@ $(function() {
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

3
adm/browscap_converter.php
View File

@ -71,5 +71,4 @@ for($i=0; $row=sql_fetch_array($result); $i++) {
if(($total_count - $cnt) == 0 || $total_count == 0)
echo '<div class="check_processing"></div><p>변환완료</p>';
else
echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>';
?>
echo '<p>총 '.number_format($total_count).'건 중 '.number_format($cnt).'건 변환완료<br><br>접속로그를 추가로 변환하시려면 아래 업데이트 버튼을 클릭해 주세요.</p><button type="button" id="run_update">업데이트</button>';

3
adm/browscap_update.php
View File

@ -20,5 +20,4 @@ $browscap->updateMethod = 'cURL';
$browscap->cacheFilename = 'browscap_cache.php';
$browscap->updateCache();
die('');
?>
die('');

3
adm/cache_file_delete.php
View File

@ -56,5 +56,4 @@ echo '<div class="local_desc01 local_desc"><p><strong>최신글 캐시파일 '.$
?>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

3
adm/captcha_file_delete.php
View File

@ -49,5 +49,4 @@ echo '<div class="local_desc01 local_desc"><p><strong>캡챠파일 '.$cnt.'건
?>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

174
adm/config_form.php
View File

@ -2,7 +2,7 @@
$sub_menu = "100100";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.');
@ -304,6 +304,7 @@ $pg_anchor = '<ul class="anchor">
if (!$config['cf_icode_server_ip']) $config['cf_icode_server_ip'] = '211.172.232.124';
if (!$config['cf_icode_server_port']) $config['cf_icode_server_port'] = '7295';
$userinfo = array('payment'=>'');
if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
$userinfo = get_icode_userinfo($config['cf_icode_id'], $config['cf_icode_pw']);
}
@ -338,14 +339,14 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_admin_email">관리자 메일 주소<strong class="sound_only">필수</strong></label></th>
<td colspan="3">
<?php echo help('관리자가 보내고 받는 용도로 사용하는 메일 주소를 입력합니다. (회원가입, 인증메일, 테스트, 회원메일발송 등에서 사용)') ?>
<input type="text" name="cf_admin_email" value="<?php echo $config['cf_admin_email'] ?>" id="cf_admin_email" required class="required email frm_input" size="40">
<input type="text" name="cf_admin_email" value="<?php echo get_sanitize_input($config['cf_admin_email']); ?>" id="cf_admin_email" required class="required email frm_input" size="40">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_admin_email_name">관리자 메일 발송이름<strong class="sound_only">필수</strong></label></th>
<td colspan="3">
<?php echo help('관리자가 보내고 받는 용도로 사용하는 메일의 발송이름을 입력합니다. (회원가입, 인증메일, 테스트, 회원메일발송 등에서 사용)') ?>
<input type="text" name="cf_admin_email_name" value="<?php echo $config['cf_admin_email_name'] ?>" id="cf_admin_email_name" required class="required frm_input" size="40">
<input type="text" name="cf_admin_email_name" value="<?php echo get_sanitize_input($config['cf_admin_email_name']); ?>" id="cf_admin_email_name" required class="required frm_input" size="40">
</td>
</tr>
<tr>
@ -356,79 +357,79 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_login_point">로그인시 포인트<strong class="sound_only">필수</strong></label></th>
<td>
<?php echo help('회원이 로그인시 하루에 한번만 적립') ?>
<input type="text" name="cf_login_point" value="<?php echo $config['cf_login_point'] ?>" id="cf_login_point" required class="required frm_input" size="5"> 점
<input type="text" name="cf_login_point" value="<?php echo (int) $config['cf_login_point'] ?>" id="cf_login_point" required class="required frm_input" size="5"> 점
</td>
<th scope="row"><label for="cf_memo_send_point">쪽지보낼시 차감 포인트<strong class="sound_only">필수</strong></label></th>
<td>
<?php echo help('양수로 입력하십시오. 0점은 쪽지 보낼시 포인트를 차감하지 않습니다.') ?>
<input type="text" name="cf_memo_send_point" value="<?php echo $config['cf_memo_send_point'] ?>" id="cf_memo_send_point" required class="required frm_input" size="5"> 점
<input type="text" name="cf_memo_send_point" value="<?php echo (int) $config['cf_memo_send_point']; ?>" id="cf_memo_send_point" required class="required frm_input" size="5"> 점
</td>
</tr>
<tr>
<th scope="row"><label for="cf_cut_name">이름(닉네임) 표시</label></th>
<td colspan="3">
<input type="text" name="cf_cut_name" value="<?php echo $config['cf_cut_name'] ?>" id="cf_cut_name" class="frm_input" size="5"> 자리만 표시
<input type="text" name="cf_cut_name" value="<?php echo (int) $config['cf_cut_name'] ?>" id="cf_cut_name" class="frm_input" size="5"> 자리만 표시
</td>
</tr>
<tr>
<th scope="row"><label for="cf_nick_modify">닉네임 수정</label></th>
<td>수정하면 <input type="text" name="cf_nick_modify" value="<?php echo $config['cf_nick_modify'] ?>" id="cf_nick_modify" class="frm_input" size="3"> 일 동안 바꿀 수 없음</td>
<td>수정하면 <input type="text" name="cf_nick_modify" value="<?php echo (int) $config['cf_nick_modify'] ?>" id="cf_nick_modify" class="frm_input" size="3"> 일 동안 바꿀 수 없음</td>
<th scope="row"><label for="cf_open_modify">정보공개 수정</label></th>
<td>수정하면 <input type="text" name="cf_open_modify" value="<?php echo $config['cf_open_modify'] ?>" id="cf_open_modify" class="frm_input" size="3"> 일 동안 바꿀 수 없음</td>
<td>수정하면 <input type="text" name="cf_open_modify" value="<?php echo (int) $config['cf_open_modify'] ?>" id="cf_open_modify" class="frm_input" size="3"> 일 동안 바꿀 수 없음</td>
</tr>
<tr>
<th scope="row"><label for="cf_new_del">최근게시물 삭제</label></th>
<td>
<?php echo help('설정일이 지난 최근게시물 자동 삭제') ?>
<input type="text" name="cf_new_del" value="<?php echo $config['cf_new_del'] ?>" id="cf_new_del" class="frm_input" size="5"> 일
<input type="text" name="cf_new_del" value="<?php echo (int) $config['cf_new_del'] ?>" id="cf_new_del" class="frm_input" size="5"> 일
</td>
<th scope="row"><label for="cf_memo_del">쪽지 삭제</label></th>
<td>
<?php echo help('설정일이 지난 쪽지 자동 삭제') ?>
<input type="text" name="cf_memo_del" value="<?php echo $config['cf_memo_del'] ?>" id="cf_memo_del" class="frm_input" size="5"> 일
<input type="text" name="cf_memo_del" value="<?php echo (int) $config['cf_memo_del'] ?>" id="cf_memo_del" class="frm_input" size="5"> 일
</td>
</tr>
<tr>
<th scope="row"><label for="cf_visit_del">접속자로그 삭제</label></th>
<td>
<?php echo help('설정일이 지난 접속자 로그 자동 삭제') ?>
<input type="text" name="cf_visit_del" value="<?php echo $config['cf_visit_del'] ?>" id="cf_visit_del" class="frm_input" size="5"> 일
<input type="text" name="cf_visit_del" value="<?php echo (int) $config['cf_visit_del'] ?>" id="cf_visit_del" class="frm_input" size="5"> 일
</td>
<th scope="row"><label for="cf_popular_del">인기검색어 삭제</label></th>
<td>
<?php echo help('설정일이 지난 인기검색어 자동 삭제') ?>
<input type="text" name="cf_popular_del" value="<?php echo $config['cf_popular_del'] ?>" id="cf_popular_del" class="frm_input" size="5"> 일
<input type="text" name="cf_popular_del" value="<?php echo (int) $config['cf_popular_del'] ?>" id="cf_popular_del" class="frm_input" size="5"> 일
</td>
</tr>
<tr>
<th scope="row"><label for="cf_login_minutes">현재 접속자</label></th>
<td>
<?php echo help('설정값 이내의 접속자를 현재 접속자로 인정') ?>
<input type="text" name="cf_login_minutes" value="<?php echo $config['cf_login_minutes'] ?>" id="cf_login_minutes" class="frm_input" size="3"> 분
<input type="text" name="cf_login_minutes" value="<?php echo (int) $config['cf_login_minutes'] ?>" id="cf_login_minutes" class="frm_input" size="3"> 분
</td>
<th scope="row"><label for="cf_new_rows">최근게시물 라인수</label></th>
<td>
<?php echo help('목록 한페이지당 라인수') ?>
<input type="text" name="cf_new_rows" value="<?php echo $config['cf_new_rows'] ?>" id="cf_new_rows" class="frm_input" size="3"> 라인
<input type="text" name="cf_new_rows" value="<?php echo (int) $config['cf_new_rows'] ?>" id="cf_new_rows" class="frm_input" size="3"> 라인
</td>
</tr>
<tr>
<th scope="row"><label for="cf_page_rows">한페이지당 라인수</label></th>
<td>
<?php echo help('목록(리스트) 한페이지당 라인수') ?>
<input type="text" name="cf_page_rows" value="<?php echo $config['cf_page_rows'] ?>" id="cf_page_rows" class="frm_input" size="3"> 라인
<input type="text" name="cf_page_rows" value="<?php echo (int) $config['cf_page_rows'] ?>" id="cf_page_rows" class="frm_input" size="3"> 라인
</td>
<th scope="row"><label for="cf_mobile_page_rows">모바일 한페이지당 라인수</label></th>
<td>
<?php echo help('모바일 목록 한페이지당 라인수') ?>
<input type="text" name="cf_mobile_page_rows" value="<?php echo $config['cf_mobile_page_rows'] ?>" id="cf_mobile_page_rows" class="frm_input" size="3"> 라인
<input type="text" name="cf_mobile_page_rows" value="<?php echo (int) $config['cf_mobile_page_rows'] ?>" id="cf_mobile_page_rows" class="frm_input" size="3"> 라인
</td>
</tr>
<tr>
<th scope="row"><label for="cf_write_pages">페이지 표시 수<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="cf_write_pages" value="<?php echo $config['cf_write_pages'] ?>" id="cf_write_pages" required class="required numeric frm_input" size="3"> 페이지씩 표시</td>
<td><input type="text" name="cf_write_pages" value="<?php echo (int) $config['cf_write_pages'] ?>" id="cf_write_pages" required class="required numeric frm_input" size="3"> 페이지씩 표시</td>
<th scope="row"><label for="cf_mobile_pages">모바일 페이지 표시 수<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="cf_mobile_pages" value="<?php echo $config['cf_mobile_pages'] ?>" id="cf_mobile_pages" required class="required numeric frm_input" size="3"> 페이지씩 표시</td>
<td><input type="text" name="cf_mobile_pages" value="<?php echo (int) $config['cf_mobile_pages'] ?>" id="cf_mobile_pages" required class="required numeric frm_input" size="3"> 페이지씩 표시</td>
</tr>
<tr>
<th scope="row"><label for="cf_new_skin">최근게시물 스킨<strong class="sound_only">필수</strong></label></th>
@ -515,13 +516,13 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_recaptcha_site_key">구글 reCAPTCHA Site key</label></th>
<td colspan="3">
<?php echo help('reCAPTCHA V2와 Invisible reCAPTCHA 캡챠의 sitekey 와 secret 키는 동일하지 않고, 서로 발급받는 키가 다릅니다.') ?>
<input type="text" name="cf_recaptcha_site_key" value="<?php echo $config['cf_recaptcha_site_key']; ?>" id="cf_recaptcha_site_key" class="frm_input" size="52"> <a href="https://www.google.com/recaptcha/admin" target="_blank" class="btn_frmline">reCAPTCHA 등록하기</a>
<input type="text" name="cf_recaptcha_site_key" value="<?php echo get_sanitize_input($config['cf_recaptcha_site_key']); ?>" id="cf_recaptcha_site_key" class="frm_input" size="52"> <a href="https://www.google.com/recaptcha/admin" target="_blank" class="btn_frmline">reCAPTCHA 등록하기</a>
</td>
</tr>
<tr>
<th scope="row"><label for="cf_recaptcha_secret_key">구글 reCAPTCHA Secret key</label></th>
<td colspan="3">
<input type="text" name="cf_recaptcha_secret_key" value="<?php echo $config['cf_recaptcha_secret_key']; ?>" id="cf_recaptcha_secret_key" class="frm_input" size="52">
<input type="text" name="cf_recaptcha_secret_key" value="<?php echo get_sanitize_input($config['cf_recaptcha_secret_key']); ?>" id="cf_recaptcha_secret_key" class="frm_input" size="52">
</td>
</tr>
<tr>
@ -535,33 +536,33 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_point_term">포인트 유효기간</label></th>
<td colspan="3">
<?php echo help('기간을 0으로 설정시 포인트 유효기간이 적용되지 않습니다.') ?>
<input type="text" name="cf_point_term" value="<?php echo $config['cf_point_term']; ?>" id="cf_point_term" required class="required frm_input" size="5"> 일
<input type="text" name="cf_point_term" value="<?php echo (int) $config['cf_point_term']; ?>" id="cf_point_term" required class="required frm_input" size="5"> 일
</td>
</tr>
<tr>
<th scope="row"><label for="cf_possible_ip">접근가능 IP</label></th>
<td>
<?php echo help('입력된 IP의 컴퓨터만 접근할 수 있습니다.<br>123.123.+ 도 입력 가능. (엔터로 구분)') ?>
<textarea name="cf_possible_ip" id="cf_possible_ip"><?php echo $config['cf_possible_ip'] ?></textarea>
<textarea name="cf_possible_ip" id="cf_possible_ip"><?php echo get_sanitize_input($config['cf_possible_ip']); ?></textarea>
</td>
<th scope="row"><label for="cf_intercept_ip">접근차단 IP</label></th>
<td>
<?php echo help('입력된 IP의 컴퓨터는 접근할 수 없음.<br>123.123.+ 도 입력 가능. (엔터로 구분)') ?>
<textarea name="cf_intercept_ip" id="cf_intercept_ip"><?php echo $config['cf_intercept_ip'] ?></textarea>
<textarea name="cf_intercept_ip" id="cf_intercept_ip"><?php echo get_sanitize_input($config['cf_intercept_ip']); ?></textarea>
</td>
</tr>
<tr>
<th scope="row"><label for="cf_analytics">방문자분석 스크립트</label></th>
<td colspan="3">
<?php echo help('방문자분석 스크립트 코드를 입력합니다. 예) 구글 애널리틱스'); ?>
<textarea name="cf_analytics" id="cf_analytics"><?php echo $config['cf_analytics']; ?></textarea>
<textarea name="cf_analytics" id="cf_analytics"><?php echo get_text($config['cf_analytics']); ?></textarea>
</td>
</tr>
<tr>
<th scope="row"><label for="cf_add_meta">추가 메타태그</label></th>
<td colspan="3">
<?php echo help('추가로 사용하실 meta 태그를 입력합니다.'); ?>
<textarea name="cf_add_meta" id="cf_add_meta"><?php echo $config['cf_add_meta']; ?></textarea>
<textarea name="cf_add_meta" id="cf_add_meta"><?php echo get_text($config['cf_add_meta']); ?></textarea>
</td>
</tr>
<tr>
@ -569,14 +570,14 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<td colspan="3">
<?php if (!function_exists('curl_init')) echo help('<b>경고) curl이 지원되지 않아 네이버 신디케이션을 사용할수 없습니다.</b>'); ?>
<?php echo help('네이버 신디케이션 연동키(token)을 입력하면 네이버 신디케이션을 사용할 수 있습니다.<br>연동키는 <a href="http://webmastertool.naver.com/" target="_blank"><u>네이버 웹마스터도구</u></a> -> 네이버 신디케이션에서 발급할 수 있습니다.') ?>
<input type="text" name="cf_syndi_token" value="<?php echo $config['cf_syndi_token'] ?>" id="cf_syndi_token" class="frm_input" size="70">
<input type="text" name="cf_syndi_token" value="<?php echo isset($config['cf_syndi_token']) ? get_sanitize_input($config['cf_syndi_token']) : ''; ?>" id="cf_syndi_token" class="frm_input" size="70">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_syndi_except">네이버 신디케이션 제외게시판</label></th>
<td colspan="3">
<?php echo help('네이버 신디케이션 수집에서 제외할 게시판 아이디를 | 로 구분하여 입력하십시오. 예) notice|adult<br>참고로 그룹접근사용 게시판, 글읽기 권한 2 이상 게시판, 비밀글은 신디케이션 수집에서 제외됩니다.') ?>
<input type="text" name="cf_syndi_except" value="<?php echo $config['cf_syndi_except'] ?>" id="cf_syndi_except" class="frm_input" size="70">
<input type="text" name="cf_syndi_except" value="<?php echo isset($config['cf_syndi_except']) ? get_sanitize_input($config['cf_syndi_except']) : ''; ?>" id="cf_syndi_except" class="frm_input" size="70">
</td>
</tr>
</tbody>
@ -604,7 +605,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<tbody>
<tr>
<th scope="row"><label for="cf_delay_sec">글쓰기 간격<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="cf_delay_sec" value="<?php echo $config['cf_delay_sec'] ?>" id="cf_delay_sec" required class="required numeric frm_input" size="3"> 초 지난후 가능</td>
<td><input type="text" name="cf_delay_sec" value="<?php echo (int) $config['cf_delay_sec'] ?>" id="cf_delay_sec" required class="required numeric frm_input" size="3"> 초 지난후 가능</td>
<th scope="row"><label for="cf_link_target">새창 링크</label></th>
<td>
<?php echo help('글내용중 자동 링크되는 타켓을 지정합니다.') ?>
@ -618,46 +619,46 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
</tr>
<tr>
<th scope="row"><label for="cf_read_point">글읽기 포인트<strong class="sound_only">필수</strong></label></th>
<td><input type="text" name="cf_read_point" value="<?php echo $config['cf_read_point'] ?>" id="cf_read_point" required class="required frm_input" size="3"> 점</td>
<td><input type="text" name="cf_read_point" value="<?php echo (int) $config['cf_read_point'] ?>" id="cf_read_point" required class="required frm_input" size="3"> 점</td>
<th scope="row"><label for="cf_write_point">글쓰기 포인트</label></th>
<td><input type="text" name="cf_write_point" value="<?php echo $config['cf_write_point'] ?>" id="cf_write_point" required class="required frm_input" size="3"> 점</td>
<td><input type="text" name="cf_write_point" value="<?php echo (int) $config['cf_write_point'] ?>" id="cf_write_point" required class="required frm_input" size="3"> 점</td>
</tr>
<tr>
<th scope="row"><label for="cf_comment_point">댓글쓰기 포인트</label></th>
<td><input type="text" name="cf_comment_point" value="<?php echo $config['cf_comment_point'] ?>" id="cf_comment_point" required class="required frm_input" size="3"> 점</td>
<td><input type="text" name="cf_comment_point" value="<?php echo (int) $config['cf_comment_point'] ?>" id="cf_comment_point" required class="required frm_input" size="3"> 점</td>
<th scope="row"><label for="cf_download_point">다운로드 포인트</label></th>
<td><input type="text" name="cf_download_point" value="<?php echo $config['cf_download_point'] ?>" id="cf_download_point" required class="required frm_input" size="3"> 점</td>
<td><input type="text" name="cf_download_point" value="<?php echo (int) $config['cf_download_point'] ?>" id="cf_download_point" required class="required frm_input" size="3"> 점</td>
</tr>
<tr>
<th scope="row"><label for="cf_search_part">검색 단위</label></th>
<td colspan="3"><input type="text" name="cf_search_part" value="<?php echo $config['cf_search_part'] ?>" id="cf_search_part" class="frm_input" size="4"> 건 단위로 검색</td>
<td colspan="3"><input type="text" name="cf_search_part" value="<?php echo (int) $config['cf_search_part'] ?>" id="cf_search_part" class="frm_input" size="4"> 건 단위로 검색</td>
</tr>
<tr>
<th scope="row"><label for="cf_image_extension">이미지 업로드 확장자</label></th>
<td colspan="3">
<?php echo help('게시판 글작성시 이미지 파일 업로드 가능 확장자. | 로 구분') ?>
<input type="text" name="cf_image_extension" value="<?php echo $config['cf_image_extension'] ?>" id="cf_image_extension" class="frm_input" size="70">
<input type="text" name="cf_image_extension" value="<?php echo get_sanitize_input($config['cf_image_extension']); ?>" id="cf_image_extension" class="frm_input" size="70">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_flash_extension">플래쉬 업로드 확장자</label></th>
<td colspan="3">
<?php echo help('게시판 글작성시 플래쉬 파일 업로드 가능 확장자. | 로 구분') ?>
<input type="text" name="cf_flash_extension" value="<?php echo $config['cf_flash_extension'] ?>" id="cf_flash_extension" class="frm_input" size="70">
<input type="text" name="cf_flash_extension" value="<?php echo get_sanitize_input($config['cf_flash_extension']); ?>" id="cf_flash_extension" class="frm_input" size="70">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_movie_extension">동영상 업로드 확장자</label></th>
<td colspan="3">
<?php echo help('게시판 글작성시 동영상 파일 업로드 가능 확장자. | 로 구분') ?>
<input type="text" name="cf_movie_extension" value="<?php echo $config['cf_movie_extension'] ?>" id="cf_movie_extension" class="frm_input" size="70">
<input type="text" name="cf_movie_extension" value="<?php echo get_sanitize_input($config['cf_movie_extension']); ?>" id="cf_movie_extension" class="frm_input" size="70">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_filter">단어 필터링</label></th>
<td colspan="3">
<?php echo help('입력된 단어가 포함된 내용은 게시할 수 없습니다. 단어와 단어 사이는 ,로 구분합니다.') ?>
<textarea name="cf_filter" id="cf_filter" rows="7"><?php echo $config['cf_filter'] ?></textarea>
<textarea name="cf_filter" id="cf_filter" rows="7"><?php echo get_sanitize_input($config['cf_filter']); ?></textarea>
</td>
</tr>
</tbody>
@ -732,11 +733,11 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_register_level">회원가입시 권한</label></th>
<td><?php echo get_member_level_select('cf_register_level', 1, 9, $config['cf_register_level']) ?></td>
<th scope="row"><label for="cf_register_point">회원가입시 포인트</label></th>
<td><input type="text" name="cf_register_point" value="<?php echo $config['cf_register_point'] ?>" id="cf_register_point" class="frm_input" size="5"> 점</td>
<td><input type="text" name="cf_register_point" value="<?php echo (int) $config['cf_register_point'] ?>" id="cf_register_point" class="frm_input" size="5"> 점</td>
</tr>
<tr>
<th scope="row" id="th310"><label for="cf_leave_day">회원탈퇴후 삭제일</label></th>
<td colspan="3"><input type="text" name="cf_leave_day" value="<?php echo $config['cf_leave_day'] ?>" id="cf_leave_day" class="frm_input" size="2"> 일 후 자동 삭제</td>
<td colspan="3"><input type="text" name="cf_leave_day" value="<?php echo (int) $config['cf_leave_day'] ?>" id="cf_leave_day" class="frm_input" size="2"> 일 후 자동 삭제</td>
</tr>
<tr>
<th scope="row"><label for="cf_use_member_icon">회원아이콘 사용</label></th>
@ -753,25 +754,25 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
</tr>
<tr>
<th scope="row"><label for="cf_member_icon_size">회원아이콘 용량</label></th>
<td><input type="text" name="cf_member_icon_size" value="<?php echo $config['cf_member_icon_size'] ?>" id="cf_member_icon_size" class="frm_input" size="10"> 바이트 이하</td>
<td><input type="text" name="cf_member_icon_size" value="<?php echo (int) $config['cf_member_icon_size'] ?>" id="cf_member_icon_size" class="frm_input" size="10"> 바이트 이하</td>
<th scope="row">회원아이콘 사이즈</th>
<td>
<label for="cf_member_icon_width">가로</label>
<input type="text" name="cf_member_icon_width" value="<?php echo $config['cf_member_icon_width'] ?>" id="cf_member_icon_width" class="frm_input" size="2">
<input type="text" name="cf_member_icon_width" value="<?php echo (int) $config['cf_member_icon_width'] ?>" id="cf_member_icon_width" class="frm_input" size="2">
<label for="cf_member_icon_height">세로</label>
<input type="text" name="cf_member_icon_height" value="<?php echo $config['cf_member_icon_height'] ?>" id="cf_member_icon_height" class="frm_input" size="2">
<input type="text" name="cf_member_icon_height" value="<?php echo (int) $config['cf_member_icon_height'] ?>" id="cf_member_icon_height" class="frm_input" size="2">
픽셀 이하
</td>
</tr>
<tr>
<th scope="row"><label for="cf_member_img_size">회원이미지 용량</label></th>
<td><input type="text" name="cf_member_img_size" value="<?php echo $config['cf_member_img_size'] ?>" id="cf_member_img_size" class="frm_input" size="10"> 바이트 이하</td>
<td><input type="text" name="cf_member_img_size" value="<?php echo (int) $config['cf_member_img_size'] ?>" id="cf_member_img_size" class="frm_input" size="10"> 바이트 이하</td>
<th scope="row">회원이미지 사이즈</th>
<td>
<label for="cf_member_img_width">가로</label>
<input type="text" name="cf_member_img_width" value="<?php echo $config['cf_member_img_width'] ?>" id="cf_member_img_width" class="frm_input" size="2">
<input type="text" name="cf_member_img_width" value="<?php echo (int) $config['cf_member_img_width'] ?>" id="cf_member_img_width" class="frm_input" size="2">
<label for="cf_member_img_height">세로</label>
<input type="text" name="cf_member_img_height" value="<?php echo $config['cf_member_img_height'] ?>" id="cf_member_img_height" class="frm_input" size="2">
<input type="text" name="cf_member_img_height" value="<?php echo (int) $config['cf_member_img_height'] ?>" id="cf_member_img_height" class="frm_input" size="2">
픽셀 이하
</td>
</tr>
@ -779,27 +780,27 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row"><label for="cf_use_recommend">추천인제도 사용</label></th>
<td><input type="checkbox" name="cf_use_recommend" value="1" id="cf_use_recommend" <?php echo $config['cf_use_recommend']?'checked':''; ?>> 사용</td>
<th scope="row"><label for="cf_recommend_point">추천인 포인트</label></th>
<td><input type="text" name="cf_recommend_point" value="<?php echo $config['cf_recommend_point'] ?>" id="cf_recommend_point" class="frm_input"> 점</td>
<td><input type="text" name="cf_recommend_point" value="<?php echo (int) $config['cf_recommend_point'] ?>" id="cf_recommend_point" class="frm_input"> 점</td>
</tr>
<tr>
<th scope="row"><label for="cf_prohibit_id">아이디,닉네임 금지단어</label></th>
<td>
<?php echo help('회원아이디, 닉네임으로 사용할 수 없는 단어를 정합니다. 쉼표 (,) 로 구분') ?>
<textarea name="cf_prohibit_id" id="cf_prohibit_id" rows="5"><?php echo $config['cf_prohibit_id'] ?></textarea>
<textarea name="cf_prohibit_id" id="cf_prohibit_id" rows="5"><?php echo get_sanitize_input($config['cf_prohibit_id']); ?></textarea>
</td>
<th scope="row"><label for="cf_prohibit_email">입력 금지 메일</label></th>
<td>
<?php echo help('입력 받지 않을 도메인을 지정합니다. 엔터로 구분 ex) hotmail.com') ?>
<textarea name="cf_prohibit_email" id="cf_prohibit_email" rows="5"><?php echo $config['cf_prohibit_email'] ?></textarea>
<textarea name="cf_prohibit_email" id="cf_prohibit_email" rows="5"><?php echo get_sanitize_input($config['cf_prohibit_email']); ?></textarea>
</td>
</tr>
<tr>
<th scope="row"><label for="cf_stipulation">회원가입약관</label></th>
<td colspan="3"><textarea name="cf_stipulation" id="cf_stipulation" rows="10"><?php echo $config['cf_stipulation'] ?></textarea></td>
<td colspan="3"><textarea name="cf_stipulation" id="cf_stipulation" rows="10"><?php echo html_purifier($config['cf_stipulation']); ?></textarea></td>
</tr>
<tr>
<th scope="row"><label for="cf_privacy">개인정보처리방침</label></th>
<td colspan="3"><textarea id="cf_privacy" name="cf_privacy" rows="10"><?php echo $config['cf_privacy'] ?></textarea></td>
<td colspan="3"><textarea id="cf_privacy" name="cf_privacy" rows="10"><?php echo html_purifier($config['cf_privacy']); ?></textarea></td>
</tr>
</tbody>
</table>
@ -861,7 +862,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<th scope="row" class="cf_cert_service"><label for="cf_cert_kcb_cd">코리아크레딧뷰로<br>KCB 회원사ID</label></th>
<td class="cf_cert_service">
<?php echo help('KCB 회원사ID를 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, KCB와 계약체결 후 회원사ID를 발급 받으실 수 있습니다.<br>이용하시려는 서비스에 대한 계약을 아이핀, 휴대폰 본인확인 각각 체결해주셔야 합니다.<br>아이핀 본인확인 테스트의 경우에는 KCB 회원사ID가 필요 없으나,<br>휴대폰 본인확인 테스트의 경우 KCB 에서 따로 발급 받으셔야 합니다.') ?>
<input type="text" name="cf_cert_kcb_cd" value="<?php echo $config['cf_cert_kcb_cd'] ?>" id="cf_cert_kcb_cd" class="frm_input" size="20"> <a href="http://sir.kr/main/service/b_ipin.php" target="_blank" class="btn_frmline">KCB 아이핀 서비스 신청페이지</a>
<input type="text" name="cf_cert_kcb_cd" value="<?php echo get_sanitize_input($config['cf_cert_kcb_cd']); ?>" id="cf_cert_kcb_cd" class="frm_input" size="20"> <a href="http://sir.kr/main/service/b_ipin.php" target="_blank" class="btn_frmline">KCB 아이핀 서비스 신청페이지</a>
<a href="http://sir.kr/main/service/b_cert.php" target="_blank" class="btn_frmline">KCB 휴대폰 본인확인 서비스 신청페이지</a>
</td>
</tr>
@ -870,7 +871,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<td class="cf_cert_service">
<?php echo help('SM으로 시작하는 5자리 사이트 코드중 뒤의 3자리만 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 사이트코드를 발급 받으실 수 있습니다.') ?>
<span class="sitecode">SM</span>
<input type="text" name="cf_cert_kcp_cd" value="<?php echo $config['cf_cert_kcp_cd'] ?>" id="cf_cert_kcp_cd" class="frm_input" size="3"> <a href="http://sir.kr/main/service/p_cert.php" target="_blank" class="btn_frmline">NHN KCP 휴대폰 본인확인 서비스 신청페이지</a>
<input type="text" name="cf_cert_kcp_cd" value="<?php echo get_sanitize_input($config['cf_cert_kcp_cd']); ?>" id="cf_cert_kcp_cd" class="frm_input" size="3"> <a href="http://sir.kr/main/service/p_cert.php" target="_blank" class="btn_frmline">NHN KCP 휴대폰 본인확인 서비스 신청페이지</a>
</td>
</tr>
<tr>
@ -878,21 +879,21 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) {
<td class="cf_cert_service">
<?php echo help('LG유플러스 상점아이디 중 si_를 제외한 나머지 아이디만 입력해 주십시오.<br>서비스에 가입되어 있지 않다면, 본인확인 서비스 신청페이지에서 서비스 신청 후 상점아이디를 발급 받으실 수 있습니다.<br><strong>LG유플러스 휴대폰본인확인은 ActiveX 설치가 필요하므로 Internet Explorer 에서만 사용할 수 있습니다.</strong>') ?>
<span class="sitecode">si_</span>
<input type="text" name="cf_lg_mid" value="<?php echo $config['cf_lg_mid'] ?>" id="cf_lg_mid" class="frm_input" size="20"> <a href="http://sir.kr/main/service/lg_cert.php" target="_blank" class="btn_frmline">LG유플러스 본인확인 서비스 신청페이지</a>
<input type="text" name="cf_lg_mid" value="<?php echo get_sanitize_input($config['cf_lg_mid']); ?>" id="cf_lg_mid" class="frm_input" size="20"> <a href="http://sir.kr/main/service/lg_cert.php" target="_blank" class="btn_frmline">LG유플러스 본인확인 서비스 신청페이지</a>
</td>
</tr>
<tr>
<th scope="row" class="cf_cert_service"><label for="cf_lg_mert_key">LG유플러스 MERT KEY</label></th>
<td class="cf_cert_service">
<?php echo help('LG유플러스 상점MertKey는 상점관리자 -> 계약정보 -> 상점정보관리에서 확인하실 수 있습니다.') ?>
<input type="text" name="cf_lg_mert_key" value="<?php echo $config['cf_lg_mert_key'] ?>" id="cf_lg_mert_key" class="frm_input" size="40">
<input type="text" name="cf_lg_mert_key" value="<?php echo get_sanitize_input($config['cf_lg_mert_key']); ?>" id="cf_lg_mert_key" class="frm_input" size="40">
</td>
</tr>
<tr>
<th scope="row" class="cf_cert_service"><label for="cf_cert_limit">본인확인 이용제한</label></th>
<td class="cf_cert_service">
<?php echo help('하루동안 아이핀과 휴대폰 본인확인 인증 이용회수를 제한할 수 있습니다.<br>회수제한은 실서비스에서 아이핀과 휴대폰 본인확인 인증에 개별 적용됩니다.<br>0 으로 설정하시면 회수제한이 적용되지 않습니다.'); ?>
<input type="text" name="cf_cert_limit" value="<?php echo $config['cf_cert_limit']; ?>" id="cf_cert_limit" class="frm_input" size="3"> 회
<input type="text" name="cf_cert_limit" value="<?php echo (int) $config['cf_cert_limit']; ?>" id="cf_cert_limit" class="frm_input" size="3"> 회
</td>
</tr>
<tr>
@ -1129,7 +1130,7 @@ include_once('_rewrite_config_form.php');
<label for="check_social_payco">페이코 로그인을 사용합니다</label>
<div>
<h3>페이코 CallbackURL</h3>
<p><?php echo get_social_callbackurl('payco'); ?></p>
<p><?php echo get_social_callbackurl('payco', false, true); ?></p>
</div>
</div>
</td>
@ -1137,73 +1138,73 @@ include_once('_rewrite_config_form.php');
<tr>
<th scope="row"><label for="cf_naver_clientid">네이버 Client ID</label></th>
<td>
<input type="text" name="cf_naver_clientid" value="<?php echo $config['cf_naver_clientid'] ?>" id="cf_naver_clientid" class="frm_input" size="40"> <a href="https://developers.naver.com/apps/#/register" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_naver_clientid" value="<?php echo get_sanitize_input($config['cf_naver_clientid']); ?>" id="cf_naver_clientid" class="frm_input" size="40"> <a href="https://developers.naver.com/apps/#/register" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_naver_secret">네이버 Client Secret</label></th>
<td>
<input type="text" name="cf_naver_secret" value="<?php echo $config['cf_naver_secret'] ?>" id="cf_naver_secret" class="frm_input" size="45">
<input type="text" name="cf_naver_secret" value="<?php echo get_sanitize_input($config['cf_naver_secret']); ?>" id="cf_naver_secret" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_facebook_appid">페이스북 앱 ID</label></th>
<td>
<input type="text" name="cf_facebook_appid" value="<?php echo $config['cf_facebook_appid'] ?>" id="cf_facebook_appid" class="frm_input" size="40"> <a href="https://developers.facebook.com/apps" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_facebook_appid" value="<?php echo get_sanitize_input($config['cf_facebook_appid']); ?>" id="cf_facebook_appid" class="frm_input" size="40"> <a href="https://developers.facebook.com/apps" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_facebook_secret">페이스북 앱 Secret</label></th>
<td>
<input type="text" name="cf_facebook_secret" value="<?php echo $config['cf_facebook_secret'] ?>" id="cf_facebook_secret" class="frm_input" size="45">
<input type="text" name="cf_facebook_secret" value="<?php echo get_sanitize_input($config['cf_facebook_secret']); ?>" id="cf_facebook_secret" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_twitter_key">트위터 컨슈머 Key</label></th>
<td>
<input type="text" name="cf_twitter_key" value="<?php echo $config['cf_twitter_key'] ?>" id="cf_twitter_key" class="frm_input" size="40"> <a href="https://dev.twitter.com/apps" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_twitter_key" value="<?php echo get_sanitize_input($config['cf_twitter_key']); ?>" id="cf_twitter_key" class="frm_input" size="40"> <a href="https://developer.twitter.com/en/apps" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_twitter_secret">트위터 컨슈머 Secret</label></th>
<td>
<input type="text" name="cf_twitter_secret" value="<?php echo $config['cf_twitter_secret'] ?>" id="cf_twitter_secret" class="frm_input" size="45">
<input type="text" name="cf_twitter_secret" value="<?php echo get_sanitize_input($config['cf_twitter_secret']); ?>" id="cf_twitter_secret" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_google_clientid">구글 Client ID</label></th>
<td>
<input type="text" name="cf_google_clientid" value="<?php echo $config['cf_google_clientid'] ?>" id="cf_google_clientid" class="frm_input" size="40"> <a href="https://console.developers.google.com" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_google_clientid" value="<?php echo get_sanitize_input($config['cf_google_clientid']); ?>" id="cf_google_clientid" class="frm_input" size="40"> <a href="https://console.developers.google.com" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_google_secret">구글 Client Secret</label></th>
<td>
<input type="text" name="cf_google_secret" value="<?php echo $config['cf_google_secret'] ?>" id="cf_google_secret" class="frm_input" size="45">
<input type="text" name="cf_google_secret" value="<?php echo get_sanitize_input($config['cf_google_secret']); ?>" id="cf_google_secret" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_googl_shorturl_apikey">구글 짧은주소 API Key</label></th>
<td colspan="3">
<input type="text" name="cf_googl_shorturl_apikey" value="<?php echo $config['cf_googl_shorturl_apikey'] ?>" id="cf_googl_shorturl_apikey" class="frm_input" size="40"> <a href="http://code.google.com/apis/console/" target="_blank" class="btn_frmline">API Key 등록하기</a>
<input type="text" name="cf_googl_shorturl_apikey" value="<?php echo get_sanitize_input($config['cf_googl_shorturl_apikey']); ?>" id="cf_googl_shorturl_apikey" class="frm_input" size="40"> <a href="http://code.google.com/apis/console/" target="_blank" class="btn_frmline">API Key 등록하기</a>
</td>
</tr>
<tr>
<th scope="row"><label for="cf_kakao_rest_key">카카오 REST API 키</label></th>
<td>
<input type="text" name="cf_kakao_rest_key" value="<?php echo $config['cf_kakao_rest_key'] ?>" id="cf_kakao_rest_key" class="frm_input" size="40"> <a href="https://developers.kakao.com/product/kakaoLogin" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_kakao_rest_key" value="<?php echo get_sanitize_input($config['cf_kakao_rest_key']); ?>" id="cf_kakao_rest_key" class="frm_input" size="40"> <a href="https://developers.kakao.com/product/kakaoLogin" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_kakao_client_secret">카카오 Client Secret</label></th>
<td>
<input type="text" name="cf_kakao_client_secret" value="<?php echo $config['cf_kakao_client_secret'] ?>" id="cf_kakao_client_secret" class="frm_input" size="45">
<input type="text" name="cf_kakao_client_secret" value="<?php echo get_sanitize_input($config['cf_kakao_client_secret']); ?>" id="cf_kakao_client_secret" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_kakao_js_apikey">카카오 JavaScript 키</label></th>
<td colspan="3">
<input type="text" name="cf_kakao_js_apikey" value="<?php echo $config['cf_kakao_js_apikey'] ?>" id="cf_kakao_js_apikey" class="frm_input" size="45">
<input type="text" name="cf_kakao_js_apikey" value="<?php echo get_sanitize_input($config['cf_kakao_js_apikey']); ?>" id="cf_kakao_js_apikey" class="frm_input" size="45">
</td>
</tr>
<tr>
<th scope="row"><label for="cf_payco_clientid">페이코 Client ID</label></th>
<td>
<input type="text" name="cf_payco_clientid" value="<?php echo $config['cf_payco_clientid']; ?>" id="cf_payco_clientid" class="frm_input" size="40"> <a href="https://developers.payco.com/guide" target="_blank" class="btn_frmline">앱 등록하기</a>
<input type="text" name="cf_payco_clientid" value="<?php echo get_sanitize_input($config['cf_payco_clientid']); ?>" id="cf_payco_clientid" class="frm_input" size="40"> <a href="https://developers.payco.com/guide" target="_blank" class="btn_frmline">앱 등록하기</a>
</td>
<th scope="row"><label for="cf_payco_secret">페이코 Secret</label></th>
<td>
<input type="text" name="cf_payco_secret" value="<?php echo $config['cf_payco_secret']; ?>" id="cf_payco_secret" class="frm_input" size="45">
<input type="text" name="cf_payco_secret" value="<?php echo get_sanitize_input($config['cf_payco_secret']); ?>" id="cf_payco_secret" class="frm_input" size="45">
</td>
</tr>
</tbody>
@ -1275,20 +1276,20 @@ include_once('_rewrite_config_form.php');
<th scope="row"><label for="cf_icode_id">아이코드 회원아이디<br>(구버전)</label></th>
<td>
<?php echo help("아이코드에서 사용하시는 회원아이디를 입력합니다."); ?>
<input type="text" name="cf_icode_id" value="<?php echo $config['cf_icode_id']; ?>" id="cf_icode_id" class="frm_input" size="20">
<input type="text" name="cf_icode_id" value="<?php echo get_sanitize_input($config['cf_icode_id']); ?>" id="cf_icode_id" class="frm_input" size="20">
</td>
</tr>
<tr class="icode_old_version">
<th scope="row"><label for="cf_icode_pw">아이코드 비밀번호<br>(구버전)</label></th>
<td>
<?php echo help("아이코드에서 사용하시는 비밀번호를 입력합니다."); ?>
<input type="password" name="cf_icode_pw" value="<?php echo $config['cf_icode_pw']; ?>" id="cf_icode_pw" class="frm_input">
<input type="password" name="cf_icode_pw" value="<?php echo get_sanitize_input($config['cf_icode_pw']); ?>" id="cf_icode_pw" class="frm_input">
</td>
</tr>
<tr class="icode_old_version <?php if(!(isset($userinfo['payment']) && $userinfo['payment'])){ echo 'cf_tr_hide'; } ?>">
<th scope="row">요금제<br>(구버전)</th>
<td>
<input type="hidden" name="cf_icode_server_ip" value="<?php echo $config['cf_icode_server_ip']; ?>">
<input type="hidden" name="cf_icode_server_ip" value="<?php echo get_sanitize_input($config['cf_icode_server_ip']); ?>">
<?php
if ($userinfo['payment'] == 'A') {
echo '충전제';
@ -1308,7 +1309,7 @@ include_once('_rewrite_config_form.php');
<th scope="row">충전 잔액<br>(구버전)</th>
<td>
<?php echo number_format($userinfo['coin']); ?> 원.
<a href="http://www.icodekorea.com/smsbiz/credit_card_amt.php?icode_id=<?php echo $config['cf_icode_id']; ?>&amp;icode_passwd=<?php echo $config['cf_icode_pw']; ?>" target="_blank" class="btn_frmline">충전하기</a>
<a href="http://www.icodekorea.com/smsbiz/credit_card_amt.php?icode_id=<?php echo get_text($config['cf_icode_id']); ?>&amp;icode_passwd=<?php echo get_text($config['cf_icode_pw']); ?>" target="_blank" class="btn_frmline">충전하기</a>
</td>
</tr>
<?php } ?>
@ -1316,7 +1317,7 @@ include_once('_rewrite_config_form.php');
<th scope="row"><label for="cf_icode_token_key">아이코드 토큰키<br>(JSON버전)</label></th>
<td>
<?php echo help("아이코드 JSON 버전의 경우 아이코드 토큰키를 입력시 실행됩니다.<br>SMS 전송유형을 LMS로 설정시 90바이트 이내는 SMS, 90 ~ 2000 바이트는 LMS 그 이상은 절삭 되어 LMS로 발송됩니다."); ?>
<input type="text" name="cf_icode_token_key" value="<?php echo $config['cf_icode_token_key']; ?>" id="cf_icode_token_key" class="frm_input" size="40">
<input type="text" name="cf_icode_token_key" value="<?php echo isset($config['cf_icode_token_key']) ? get_sanitize_input($config['cf_icode_token_key']) : ''; ?>" id="cf_icode_token_key" class="frm_input" size="40">
<?php echo help("아이코드 사이트 -> 토큰키관리 메뉴에서 생성한 토큰키를 입력합니다."); ?>
<br>
서버아이피 : <?php echo $_SERVER['SERVER_ADDR']; ?>
@ -1434,6 +1435,26 @@ $(function(){
function fconfigform_submit(f)
{
var current_user_ip = "<?php echo $_SERVER['REMOTE_ADDR']; ?>";
var cf_intercept_ip_val = f.cf_intercept_ip.value;
if( cf_intercept_ip_val && current_user_ip ){
var cf_intercept_ips = cf_intercept_ip_val.split("\n");
for(var i=0; i < cf_intercept_ips.length; i++){
if ( cf_intercept_ips[i].trim() ) {
cf_intercept_ips[i] = cf_intercept_ips[i].replace(".", "\.");
cf_intercept_ips[i] = cf_intercept_ips[i].replace("+", "[0-9\.]+");
var re = new RegExp(cf_intercept_ips[i]);
if ( re.test(current_user_ip) ){
alert("현재 접속 IP : "+ current_user_ip +" 가 차단될수 있기 때문에, 다른 IP를 입력해 주세요.");
return false;
}
}
}
}
f.action = "./config_form_update.php";
return true;
}
@ -1509,5 +1530,4 @@ if($config['cf_cert_use']) {
}
}
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

184
adm/config_form_update.php
View File

@ -4,43 +4,184 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
if ($is_admin != 'super')
alert('최고관리자만 접근 가능합니다.');
$cf_title = isset($_POST['cf_title']) ? strip_tags(clean_xss_attributes($_POST['cf_title'])) : '';
$cf_admin = isset($_POST['cf_admin']) ? clean_xss_tags($_POST['cf_admin'], 1, 1) : '';
$posts = array();
$mb = get_member($cf_admin);
if (!$mb['mb_id'])
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('최고관리자 회원아이디가 존재하지 않습니다.');
check_admin_token();
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){
$posts[$key] = $_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
}
}
$posts['cf_icode_server_port'] = $_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295';
if(isset($_POST['cf_intercept_ip']) && $_POST['cf_intercept_ip']){
$pattern = explode("\n", trim($_POST['cf_intercept_ip']));
for ($i=0; $i<count($pattern); $i++) {
$pattern[$i] = trim($pattern[$i]);
if (empty($pattern[$i]))
continue;
$pattern[$i] = str_replace(".", "\.", $pattern[$i]);
$pattern[$i] = str_replace("+", "[0-9\.]+", $pattern[$i]);
$pat = "/^{$pattern[$i]}$/";
if( preg_match($pat, $_SERVER['REMOTE_ADDR']) ){
alert("현재 접속 IP : ".$_SERVER['REMOTE_ADDR']." 가 차단될수 있기 때문에, 다른 IP를 입력해 주세요.");
}
}
}
$check_keys = array(
'cf_use_email_certify' => 'int',
'cf_use_homepage' => 'int',
'cf_req_homepage' => 'int',
'cf_use_tel' => 'int',
'cf_req_tel' => 'int',
'cf_use_hp' => 'int',
'cf_req_hp' => 'int',
'cf_use_addr' => 'int',
'cf_req_addr' => 'int',
'cf_use_signature' => 'int',
'cf_req_signature' => 'int',
'cf_use_profile' => 'int',
'cf_req_profile' => 'int',
'cf_register_level' => 'int',
'cf_register_point' => 'int',
'cf_icon_level' => 'int',
'cf_use_recommend' => 'int',
'cf_leave_day' => 'int',
'cf_search_part' => 'int',
'cf_email_use' => 'int',
'cf_email_wr_super_admin' => 'int',
'cf_email_wr_group_admin' => 'int',
'cf_email_wr_board_admin' => 'int',
'cf_email_wr_write' => 'int',
'cf_email_wr_comment_all' => 'int',
'cf_email_mb_super_admin' => 'int',
'cf_email_mb_member' => 'int',
'cf_email_po_super_admin' => 'int',
'cf_prohibit_id' => 'text',
'cf_prohibit_email' => 'text',
'cf_new_del' => 'int',
'cf_memo_del' => 'int',
'cf_visit_del' => 'int',
'cf_popular_del' => 'int',
'cf_use_member_icon' => 'int',
'cf_member_icon_size' => 'int',
'cf_member_icon_width' => 'int',
'cf_member_icon_height' => 'int',
'cf_member_img_size' => 'int',
'cf_member_img_width' => 'int',
'cf_member_img_height' => 'int',
'cf_login_minutes' => 'int',
'cf_formmail_is_member' => 'int',
'cf_page_rows' => 'int',
'cf_mobile_page_rows' => 'int',
'cf_social_login_use' => 'int',
'cf_cert_req' => 'int',
'cf_cert_use' => 'int',
'cf_cert_ipin' => 'char',
'cf_cert_hp' => 'char',
'cf_admin_email' => 'char',
'cf_admin_email_name' => 'char',
'cf_add_script' => 'text',
'cf_use_point' => 'int',
'cf_point_term' => 'int',
'cf_use_copy_log' => 'int',
'cf_login_point' => 'int',
'cf_cut_name' => 'int',
'cf_nick_modify' => 'int',
'cf_new_skin' => 'char',
'cf_new_rows' => 'int',
'cf_search_skin' => 'char',
'cf_connect_skin' => 'char',
'cf_faq_skin' => 'char',
'cf_read_point' => 'int',
'cf_write_point' => 'int',
'cf_comment_point' => 'int',
'cf_download_point' => 'int',
'cf_write_pages' => 'int',
'cf_mobile_pages' => 'int',
'cf_link_target' => 'char',
'cf_delay_sec' => 'int',
'cf_filter' => 'text',
'cf_possible_ip' => 'text',
'cf_analytics' => 'text',
'cf_add_meta' => 'text',
'cf_member_skin' => 'char',
'cf_image_extension' => 'char',
'cf_flash_extension' => 'char',
'cf_movie_extension' => 'char',
'cf_visit' => 'char',
'cf_stipulation' => 'text',
'cf_privacy' => 'text',
'cf_open_modify' => 'int',
'cf_memo_send_point' => 'int',
'cf_mobile_new_skin' => 'char',
'cf_mobile_search_skin' => 'char',
'cf_mobile_connect_skin' => 'char',
'cf_mobile_faq_skin' => 'char',
'cf_mobile_member_skin' => 'char',
'cf_captcha_mp3' => 'char',
'cf_cert_limit' => 'int',
'cf_sms_use' => 'char',
'cf_sms_type' => 'char',
'cf_icode_id' => 'char',
'cf_icode_pw' => 'char',
'cf_icode_server_ip' => 'char',
'cf_captcha' => 'char',
'cf_syndi_token' => '',
'cf_syndi_except' => ''
);
for($i=1;$i<=10;$i++){
$check_keys['cf_'.$i.'_subj'] = isset($_POST['cf_'.$i.'_subj']) ? $_POST['cf_'.$i.'_subj'] : '';
$check_keys['cf_'.$i] = isset($_POST['cf_'.$i]) ? $_POST['cf_'.$i] : '';
}
foreach( $check_keys as $k => $v ){
if( $v === 'int' ){
$posts[$key] = $_POST[$k] = isset($_POST[$k]) ? (int) $_POST[$k] : 0;
} else {
if(in_array($k, array('cf_analytics', 'cf_add_meta', 'cf_add_script', 'cf_stipulation', 'cf_privacy'))){
$posts[$key] = $_POST[$k] = isset($_POST[$k]) ? $_POST[$k] : '';
} else {
$posts[$key] = $_POST[$k] = isset($_POST[$k]) ? strip_tags(clean_xss_attributes($_POST[$k])) : '';
}
}
}
// 본인확인을 사용할 경우 아이핀, 휴대폰인증 중 하나는 선택되어야 함
if($_POST['cf_cert_use'] && !$_POST['cf_cert_ipin'] && !$_POST['cf_cert_hp'])
alert('본인확인을 위해 아이핀 또는 휴대폰 본인학인 서비스를 하나이상 선택해 주십시오');
if(!$_POST['cf_cert_use']) {
$_POST['cf_cert_ipin'] = '';
$_POST['cf_cert_hp'] = '';
$posts[$key] = $_POST['cf_cert_ipin'] = '';
$posts[$key] = $_POST['cf_cert_hp'] = '';
}
$cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_social_servicelist']) : '';
$_POST['cf_title'] = strip_tags(clean_xss_attributes($_POST['cf_title']));
$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret');
foreach( $check_keys as $key ){
if ( isset($_POST[$key]) && $_POST[$key] ){
$_POST[$key] = preg_replace('/[^a-z0-9_\-\.]/i', '', $_POST[$key]);
}
}
$_POST['cf_icode_server_port'] = isset($_POST['cf_icode_server_port']) ? preg_replace('/[^0-9]/', '', $_POST['cf_icode_server_port']) : '7295';
$sql = " update {$g5['config_table']}
set cf_title = '{$_POST['cf_title']}',
cf_admin = '{$_POST['cf_admin']}',
set cf_title = '{$cf_title}',
cf_admin = '{$cf_admin}',
cf_admin_email = '{$_POST['cf_admin_email']}',
cf_admin_email_name = '{$_POST['cf_admin_email_name']}',
cf_add_script = '{$_POST['cf_add_script']}',
@ -199,5 +340,4 @@ run_event('admin_config_form_update');
update_rewrite_rules();
goto_url('./config_form.php', false);
?>
goto_url('./config_form.php', false);

16
adm/contentform.php
View File

@ -3,7 +3,9 @@ $sub_menu = '300600';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : '';
// 상단, 하단 파일경로 필드 추가
if(!sql_query(" select co_include_head from {$g5['content_table']} limit 1 ", false)) {
@ -51,6 +53,13 @@ else
{
$html_title .= ' 입력';
$co = array(
'co_id' => '',
'co_subject' => '',
'co_content' => '',
'co_mobile_content' => '',
'co_include_head' => '',
'co_include_tail' => '',
'co_tag_filter_use' => 1,
'co_html' => 2,
'co_skin' => 'basic',
'co_mobile_skin' => 'basic'
@ -153,6 +162,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="co_himg" id="co_himg">
<?php
$himg = G5_DATA_PATH.'/content/'.$co['co_id'].'_h';
$himg_str = '';
if (file_exists($himg)) {
$size = @getimagesize($himg);
if($size[0] && $size[0] > 750)
@ -177,6 +187,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="co_timg" id="co_timg">
<?php
$timg = G5_DATA_PATH.'/content/'.$co['co_id'].'_t';
$timg_str = '';
if (file_exists($timg)) {
$size = @getimagesize($timg);
if($size[0] && $size[0] > 750)
@ -284,5 +295,4 @@ function frmcontentform_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

30
adm/contentformupdate.php
View File

@ -6,28 +6,37 @@ if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$co_row = array('co_id'=>'', 'co_include_head'=>'', 'co_include_tail'=>'');
if ($w == "" || $w == "u")
{
if(preg_match("/[^a-z0-9_]/i", $co_id)) alert("ID 는 영문자, 숫자, _ 만 가능합니다.");
if(isset($_REQUEST['co_id']) && preg_match("/[^a-z0-9_]/i", $_REQUEST['co_id'])) alert("ID 는 영문자, 숫자, _ 만 가능합니다.");
$sql = " select * from {$g5['content_table']} where co_id = '$co_id' ";
$co_row = sql_fetch($sql);
}
$co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id);
$co_subject = strip_tags(clean_xss_attributes($co_subject));
$co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255));
$co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255));
$co_id = isset($_REQUEST['co_id']) ? preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['co_id']) : '';
$co_subject = isset($_POST['co_subject']) ? strip_tags(clean_xss_attributes($_POST['co_subject'])) : '';
$co_include_head = isset($_POST['co_include_head']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['co_include_head'], 0, 255)) : '';
$co_include_tail = isset($_POST['co_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['co_include_tail'], 0, 255)) : '';
$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1;
$co_himg_del = (isset($_POST['co_himg_del']) && $_POST['co_himg_del']) ? 1 : 0;
$co_timg_del = (isset($_POST['co_timg_del']) && $_POST['co_timg_del']) ? 1 : 0;
$co_html = isset($_POST['co_html']) ? (int) $_POST['co_html'] : 0;
$co_content = isset($_POST['co_content']) ? $_POST['co_content'] : '';
$co_mobile_content = isset($_POST['co_mobile_content']) ? $_POST['co_mobile_content'] : '';
$co_skin = isset($_POST['co_skin']) ? clean_xss_tags($_POST['co_skin'], 1, 1) : '';
$co_mobile_skin = isset($_POST['co_mobile_skin']) ? clean_xss_tags($_POST['co_mobile_skin'], 1, 1) : '';
// 관리자가 자동등록방지를 사용해야 할 경우
if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
if ((( isset($co_row['co_include_head']) && $co_row['co_include_head'] !== $co_include_head ) || ( isset($co_row['co_include_tail']) && $co_row['co_include_tail'] !== $co_include_tail )) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){
include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
if (!chk_captcha()) {
@ -92,7 +101,7 @@ $sql_common = " co_include_head = '$co_include_head',
if ($w == "")
{
$row = $co_row;
if ($row['co_id'])
if (isset($row['co_id']) && $row['co_id'])
alert("이미 같은 ID로 등록된 내용이 있습니다.");
$sql = " insert {$g5['content_table']}
@ -145,5 +154,4 @@ if ($w == "" || $w == "u")
else
{
goto_url("./contentlist.php");
}
?>
}

5
adm/contentlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300600';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
if( !isset($g5['content_table']) ){
die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'content_table\'] = G5_TABLE_PREFIX.\'content\';</strong> 를 추가해 주세요.');
@ -94,5 +94,4 @@ $result = sql_query($sql);
<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/dbupgrade.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100410';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = 'DB 업그레이드';
include_once('./admin.head.php');
@ -189,5 +189,4 @@ $db_upgrade_msg = $is_check ? 'DB 업그레이드가 완료되었습니다.' : '
</div>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

11
adm/faqform.php
View File

@ -3,16 +3,18 @@ $sub_menu = '300700';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$fm_id = (int) $fm_id;
$fa_id = isset($fa_id) ? (int) $fa_id : 0;
$fm_id = isset($_GET['fm_id']) ? (int) $_GET['fm_id'] : 0;
$fa_id = isset($_GET['fa_id']) ? (int) $_GET['fa_id'] : 0;
$sql = " select * from {$g5['faq_master_table']} where fm_id = '$fm_id' ";
$fm = sql_fetch($sql);
$html_title = 'FAQ '.$fm['fm_subject'];
$fa = array('fa_id'=>0, 'fm_id'=>0, 'fa_subject'=>'', 'fa_content'=>'', 'fa_order'=>0);
if ($w == "u")
{
$html_title .= " 수정";
@ -97,5 +99,4 @@ function frmfaqform_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

13
adm/faqformupdate.php
View File

@ -6,12 +6,18 @@ if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$fm_id = isset($_REQUEST['fm_id']) ? (int) $_REQUEST['fm_id'] : 0;
$fa_id = isset($_REQUEST['fa_id']) ? (int) $_REQUEST['fa_id'] : 0;
$fa_subject = isset($_POST['fa_subject']) ? $_POST['fa_subject'] : '';
$fa_content = isset($_POST['fa_content']) ? $_POST['fa_content'] : '';
$fa_order = isset($_POST['fa_order']) ? (int) $_POST['fa_order'] : 0;
$sql_common = " fa_subject = '$fa_subject',
fa_content = '$fa_content',
fa_order = '$fa_order' ";
@ -41,5 +47,4 @@ else if ($w == "d")
if ($w == 'd')
goto_url("./faqlist.php?fm_id=$fm_id");
else
goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id");
?>
goto_url("./faqform.php?w=u&amp;fm_id=$fm_id&amp;fa_id=$fa_id");

9
adm/faqlist.php
View File

@ -2,11 +2,11 @@
$sub_menu = '300700';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = 'FAQ 상세관리';
if ($fm_subject){
$fm_subject = clean_xss_tags(strip_tags($fm_subject));
if (isset($_REQUEST['fm_subject'])){
$fm_subject = clean_xss_tags($_REQUEST['fm_subject'], 1, 1, 255);
$g5['title'] .= ' : '.$fm_subject;
}
@ -96,5 +96,4 @@ $result = sql_query($sql);
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

11
adm/faqmasterform.php
View File

@ -3,11 +3,11 @@ $sub_menu = '300700';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$html_title = 'FAQ';
$fm_id = preg_replace('/[^0-9]/', '', $fm_id);
$fm_id = isset($_GET['fm_id']) ? preg_replace('/[^0-9]/', '', $_GET['fm_id']) : 0;
if ($w == "u")
{
@ -21,7 +21,7 @@ if ($w == "u")
else
{
$html_title .= ' 입력';
$fm = array();
$fm = array('fm_order'=>'', 'fm_subject'=>'', 'fm_id'=>0, 'fm_head_html'=> '', 'fm_tail_html'=> '', 'fm_mobile_head_html' => '', 'fm_mobile_tail_html' => '');
}
$g5['title'] = $html_title.' 관리';
@ -72,6 +72,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="fm_himg" id="fm_himg">
<?php
$himg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_h';
$himg_str = '';
if (file_exists($himg)) {
$size = @getimagesize($himg);
if($size[0] && $size[0] > 750)
@ -96,6 +97,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
<input type="file" name="fm_timg" id="fm_timg">
<?php
$timg = G5_DATA_PATH.'/faq/'.$fm['fm_id'].'_t';
$timg_str = '';
if (file_exists($timg)) {
$size = @getimagesize($timg);
if($size[0] && $size[0] > 750)
@ -162,5 +164,4 @@ function frmfaqmasterform_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

21
adm/faqmasterformupdate.php
View File

@ -5,21 +5,29 @@ include_once('./_common.php');
if ($w == "u" || $w == "d")
check_demo();
if ($W == 'd')
auth_check($auth[$sub_menu], "d");
if ($w == 'd')
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
@mkdir(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
@chmod(G5_DATA_PATH."/faq", G5_DIR_PERMISSION);
$fm_id = isset($_REQUEST['fm_id']) ? (int) $_REQUEST['fm_id'] : 0;
$fm_himg_del = isset($_POST['fm_himg_del']) ? (int) $_POST['fm_himg_del'] : 0;
$fm_timg_del = isset($_POST['fm_timg_del']) ? (int) $_POST['fm_timg_del'] : 0;
$fm_subject = isset($_POST['fm_subject']) ? strip_tags(clean_xss_attributes($_POST['fm_subject'])) : '';
$fm_head_html = isset($_POST['fm_head_html']) ? $_POST['fm_head_html'] : '';
$fm_tail_html = isset($_POST['fm_tail_html']) ? $_POST['fm_tail_html'] : '';
$fm_mobile_head_html = isset($_POST['fm_mobile_head_html']) ? $_POST['fm_mobile_head_html'] : '';
$fm_mobile_tail_html = isset($_POST['fm_mobile_tail_html']) ? $_POST['fm_mobile_tail_html'] : '';
$fm_order = isset($_POST['fm_order']) ? (int) $_POST['fm_order'] : 0;
if ($fm_himg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_h");
if ($fm_timg_del) @unlink(G5_DATA_PATH."/faq/{$fm_id}_t");
$fm_subject = strip_tags(clean_xss_attributes($fm_subject));
$sql_common = " set fm_subject = '$fm_subject',
fm_head_html = '$fm_head_html',
fm_tail_html = '$fm_tail_html',
@ -72,5 +80,4 @@ if ($w == "" || $w == "u")
goto_url("./faqmasterform.php?w=u&amp;fm_id=$fm_id");
}
else
goto_url("./faqmasterlist.php");
?>
goto_url("./faqmasterlist.php");

5
adm/faqmasterlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '300700';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
//dbconfig파일에 $g5['faq_table'] , $g5['faq_master_table'] 배열변수가 있는지 체크
if( !isset($g5['faq_table']) || !isset($g5['faq_master_table']) ){
@ -124,5 +124,4 @@ $result = sql_query($sql);
<?php echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page="); ?>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

10
adm/index.php
View File

@ -100,11 +100,6 @@ $colspan = 12;
$mb_nick = get_sideview($row['mb_id'], get_text($row['mb_nick']), $row['mb_email'], $row['mb_homepage']);
$mb_id = $row['mb_id'];
if ($row['mb_leave_date'])
$mb_id = $mb_id;
else if ($row['mb_intercept_date'])
$mb_id = $mb_id;
?>
<tr>
<td class="td_mbid"><?php echo $mb_id ?></td>
@ -138,7 +133,7 @@ $sql_common = " from {$g5['board_new_table']} a, {$g5['board_table']} b, {$g5['g
if ($gr_id)
$sql_common .= " and b.gr_id = '$gr_id' ";
if ($view) {
if (isset($view) && $view) {
if ($view == 'w')
$sql_common .= " and a.wr_id = a.wr_parent ";
else if ($view == 'c')
@ -314,5 +309,4 @@ $colspan = 7;
</section>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

13
adm/mail_delete.php
View File

@ -4,21 +4,20 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$post_count_chk = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
if(! $post_count_chk)
alert('삭제할 메일목록을 1개이상 선택해 주세요.');
for($i=0; $i<$count; $i++) {
$ma_id = $_POST['chk'][$i];
for($i=0; $i<$post_count_chk; $i++) {
$ma_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sql = " delete from {$g5['mail_table']} where ma_id = '$ma_id' ";
sql_query($sql);
}
goto_url('./mail_list.php');
?>
goto_url('./mail_list.php');

10
adm/mail_form.php
View File

@ -3,15 +3,16 @@ $sub_menu = "200300";
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$html_title = '회원메일';
$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
$ma = array('ma_id'=>0, 'ma_subject'=>'', 'ma_content'=>'');
if ($w == 'u') {
$html_title .= '수정';
$readonly = ' readonly';
$ma_id = (int) $ma_id;
$sql = " select * from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
$ma = sql_fetch($sql);
@ -82,5 +83,4 @@ document.fmailform.ma_subject.focus();
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/mail_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = '200300';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['mail_table']} ";
@ -101,5 +101,4 @@ $(function() {
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

4
adm/mail_preview.php
View File

@ -3,7 +3,9 @@ $sub_menu = "200300";
include_once('./_common.php');
include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
$se = sql_fetch("select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ");

21
adm/mail_select_form.php
View File

@ -5,7 +5,9 @@ include_once('./_common.php');
if (!$config['cf_email_use'])
alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$ma_id = isset($_GET['ma_id']) ? (int) $_GET['ma_id'] : 0;
$sql = " select * from {$g5['mail_table']} where ma_id = '$ma_id' ";
$ma = sql_fetch($sql);
@ -26,8 +28,8 @@ $last_option = explode('||', $ma['ma_last_option']);
for ($i=0; $i<count($last_option); $i++) {
$option = explode('=', $last_option[$i]);
// 동적변수
$var = $option[0];
$$var = $option[1];
$var = isset($option[0]) ? $option[0] : '';
if( isset($option[1]) ) $$var = $option[1];
}
if (!isset($mb_id1)) $mb_id1 = 1;
@ -35,6 +37,10 @@ if (!isset($mb_level_from)) $mb_level_from = 1;
if (!isset($mb_level_to)) $mb_level_to = 10;
if (!isset($mb_mailling)) $mb_mailling = 1;
$mb_id1_from = isset($mb_id1_from) ? clean_xss_tags($mb_id1_from, 1, 1, 30) : '';
$mb_id1_to = isset($mb_id1_to) ? clean_xss_tags($mb_id1_to, 1, 1, 30) : '';
$mb_email = isset($mb_email) ? clean_xss_tags($mb_email, 1, 1, 100) : '';
$g5['title'] = '회원메일발송';
include_once('./admin.head.php');
?>
@ -55,15 +61,15 @@ include_once('./admin.head.php');
<td>
<input type="radio" name="mb_id1" value="1" id="mb_id1_all" <?php echo $mb_id1?"checked":""; ?>> <label for="mb_id1_all">전체</label>
<input type="radio" name="mb_id1" value="0" id="mb_id1_section" <?php echo !$mb_id1?"checked":""; ?>> <label for="mb_id1_section">구간</label>
<input type="text" name="mb_id1_from" value="<?php echo $mb_id1_from ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서
<input type="text" name="mb_id1_to" value="<?php echo $mb_id1_to ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지
<input type="text" name="mb_id1_from" value="<?php echo get_sanitize_input($mb_id1_from); ?>" id="mb_id1_from" title="시작구간" class="frm_input"> 에서
<input type="text" name="mb_id1_to" value="<?php echo get_sanitize_input($mb_id1_to); ?>" id="mb_id1_to" title="종료구간" class="frm_input"> 까지
</td>
</tr>
<tr>
<th scope="row"><label for="mb_email">E-mail</label></th>
<td>
<?php echo help("메일 주소에 단어 포함 (예 : @".preg_replace('#^(www[^\.]*\.){1}#', '', $_SERVER['HTTP_HOST']).")") ?>
<input type="text" name="mb_email" value="<?php echo $mb_email ?>" id="mb_email" class="frm_input" size="50">
<input type="text" name="mb_email" value="<?php echo get_sanitize_input($mb_email); ?>" id="mb_email" class="frm_input" size="50">
</td>
</tr>
<tr>
@ -118,5 +124,4 @@ include_once('./admin.head.php');
</form>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/mail_select_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200300";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$ma_last_option = "";
@ -117,5 +117,4 @@ include_once('./admin.head.php');
</form>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

10
adm/mail_select_update.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200300";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$html_title = '회원메일 발송';
@ -26,14 +26,12 @@ echo "</span>";
<?php
include_once('./admin.tail.php');
?>
<?php
flush();
ob_flush();
$ma_id = trim($_POST['ma_id']);
$select_member_list = trim($_POST['ma_list']);
$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
$select_member_list = isset($_POST['ma_list']) ? trim($_POST['ma_list']) : '';
//print_r2($_POST); EXIT;
$member_list = explode("\n", conv_unescape_nl($select_member_list));
@ -84,4 +82,4 @@ for ($i=0; $i<count($member_list); $i++)
}
}
?>
<script> document.all.cont.innerHTML += "<br><br>총 <?php echo number_format($cnt) ?>건 발송<br><br><font color=crimson><b>[끝]</b></font>"; document.body.scrollTop += 1000; </script>
<script> document.all.cont.innerHTML += "<br><br>총 <?php echo number_format($cnt) ?>건 발송<br><br><font color=crimson><b>[끝]</b></font>"; document.body.scrollTop += 1000; </script>

6
adm/mail_test.php
View File

@ -7,7 +7,7 @@ if (!$config['cf_email_use'])
include_once(G5_LIB_PATH.'/mailer.lib.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_demo();
@ -17,6 +17,7 @@ $name = get_text($member['mb_name']);
$nick = $member['mb_nick'];
$mb_id = $member['mb_id'];
$email = $member['mb_email'];
$ma_id = isset($_REQUEST['ma_id']) ? (int) $_REQUEST['ma_id'] : 0;
$sql = "select ma_subject, ma_content from {$g5['mail_table']} where ma_id = '{$ma_id}' ";
$ma = sql_fetch($sql);
@ -35,5 +36,4 @@ $content = $content . '<p>더 이상 정보 수신을 원치 않으시면 [<a hr
mailer($config['cf_title'], $member['mb_email'], $member['mb_email'], $subject, $content, 1);
alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.');
?>
alert($member['mb_nick'].'('.$member['mb_email'].')님께 테스트 메일을 발송하였습니다. 확인하여 주십시오.');

10
adm/mail_update.php
View File

@ -5,18 +5,19 @@ include_once('./_common.php');
if ($w == 'u' || $w == 'd')
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$ma_id = isset($_POST['ma_id']) ? (int) $_POST['ma_id'] : 0;
$ma_subject = isset($_POST['ma_subject']) ? strip_tags(clean_xss_attributes($_POST['ma_subject'])) : '';
$ma_content = isset($_POST['ma_content']) ? $_POST['ma_content'] : '';
if ($w == '')
{
$sql = " insert {$g5['mail_table']}
set ma_subject = '{$ma_subject}',
ma_content = '{$_POST['ma_content']}',
ma_content = '{$ma_content}',
ma_time = '".G5_TIME_YMDHIS."',
ma_ip = '{$_SERVER['REMOTE_ADDR']}' ";
sql_query($sql);
@ -25,7 +26,7 @@ else if ($w == 'u')
{
$sql = " update {$g5['mail_table']}
set ma_subject = '{$ma_subject}',
ma_content = '{$_POST['ma_content']}',
ma_content = '{$ma_content}',
ma_time = '".G5_TIME_YMDHIS."',
ma_ip = '{$_SERVER['REMOTE_ADDR']}'
where ma_id = '{$ma_id}' ";
@ -37,5 +38,4 @@ else if ($w == 'd')
sql_query($sql);
}
goto_url('./mail_list.php');
?>
goto_url('./mail_list.php');

9
adm/member_delete.php
View File

@ -4,11 +4,11 @@ include_once("./_common.php");
check_demo();
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
$mb = get_member($_POST['mb_id']);
$mb = isset($_POST['mb_id']) ? get_member($_POST['mb_id']) : array();
if (!$mb['mb_id'])
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert("회원자료가 존재하지 않습니다.");
else if ($member['mb_id'] == $mb['mb_id'])
alert("로그인 중인 관리자는 삭제 할 수 없습니다.");
@ -25,5 +25,4 @@ member_delete($mb['mb_id']);
if ($url)
goto_url("{$url}?$qstr&amp;w=u&amp;mb_id=$mb_id");
else
goto_url("./member_list.php?$qstr");
?>
goto_url("./member_list.php?$qstr");

51
adm/member_form.php
View File

@ -2,7 +2,46 @@
$sub_menu = "200100";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$mb = array(
'mb_certify' => null,
'mb_adult' => null,
'mb_sms' => null,
'mb_intercept_date' => null,
'mb_id' => null,
'mb_name' => null,
'mb_nick' => null,
'mb_point' => null,
'mb_email' => null,
'mb_homepage' => null,
'mb_hp' => null,
'mb_tel' => null,
'mb_zip1' => null,
'mb_zip2' => null,
'mb_addr1' => null,
'mb_addr2' => null,
'mb_addr3' => null,
'mb_addr_jibeon' => null,
'mb_signature' => null,
'mb_profile' => null,
'mb_memo' => null,
'mb_leave_date' => null,
'mb_1' => null,
'mb_2' => null,
'mb_3' => null,
'mb_4' => null,
'mb_5' => null,
'mb_6' => null,
'mb_7' => null,
'mb_8' => null,
'mb_9' => null,
'mb_10' => null,
);
$sound_only = '';
$required_mb_id_class = '';
$required_mb_password = '';
if ($w == '')
{
@ -26,7 +65,6 @@ else if ($w == 'u')
alert('자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.');
$required_mb_id = 'readonly';
$required_mb_password = '';
$html_title = '수정';
$mb['mb_name'] = get_text($mb['mb_name']);
@ -243,7 +281,8 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
$icon_file = G5_DATA_PATH.'/member/'.$mb_dir.'/'.get_mb_icon_name($mb['mb_id']).'.gif';
if (file_exists($icon_file)) {
$icon_url = str_replace(G5_DATA_PATH, G5_DATA_URL, $icon_file);
echo '<img src="'.$icon_url.'" alt="">';
$icon_filemtile = (defined('G5_USE_MEMBER_IMAGE_FILETIME') && G5_USE_MEMBER_IMAGE_FILETIME) ? '?'.filemtime($icon_file) : '';
echo '<img src="'.$icon_url.$icon_filemtile.'" alt="">';
echo '<input type="checkbox" id="del_mb_icon" name="del_mb_icon" value="1">삭제';
}
?>
@ -258,8 +297,7 @@ add_javascript(G5_POSTCODE_JS, 0); //다음 주소 js
$mb_dir = substr($mb['mb_id'],0,2);
$icon_file = G5_DATA_PATH.'/member_image/'.$mb_dir.'/'.get_mb_icon_name($mb['mb_id']).'.gif';
if (file_exists($icon_file)) {
$icon_url = str_replace(G5_DATA_PATH, G5_DATA_URL, $icon_file);
echo '<img src="'.$icon_url.'" alt="">';
echo get_member_profile_img($mb['mb_id']);
echo '<input type="checkbox" id="del_mb_img" name="del_mb_img" value="1">삭제';
}
?>
@ -481,5 +519,4 @@ function fmember_submit(f)
<?php
run_event('admin_member_form_after', $mb, $w);
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

121
adm/member_form_update.php
View File

@ -7,11 +7,14 @@ include_once(G5_LIB_PATH.'/thumbnail.lib.php');
if ($w == 'u')
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$mb_id = trim($_POST['mb_id']);
$mb_id = isset($_POST['mb_id']) ? trim($_POST['mb_id']) : '';
$mb_certify_case = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
$mb_certify = isset($_POST['mb_certify']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify']) : '';
$mb_zip = isset($_POST['mb_zip']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_zip']) : '';
// 휴대폰번호 체크
$mb_hp = hyphen_hp_number($_POST['mb_hp']);
@ -22,72 +25,101 @@ if($mb_hp) {
}
// 인증정보처리
if($_POST['mb_certify_case'] && $_POST['mb_certify']) {
$mb_certify = $_POST['mb_certify_case'];
$mb_adult = $_POST['mb_adult'];
if($mb_certify_case && $mb_certify) {
$mb_certify = isset($_POST['mb_certify_case']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_certify_case']) : '';
$mb_adult = isset($_POST['mb_adult']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_adult']) : '';
} else {
$mb_certify = '';
$mb_adult = 0;
}
$mb_zip1 = substr($_POST['mb_zip'], 0, 3);
$mb_zip2 = substr($_POST['mb_zip'], 3);
$mb_zip1 = substr($mb_zip, 0, 3);
$mb_zip2 = substr($mb_zip, 3);
$mb_email = isset($_POST['mb_email']) ? get_email_address(trim($_POST['mb_email'])) : '';
$mb_nick = isset($_POST['mb_nick']) ? trim(strip_tags($_POST['mb_nick'])) : '';
if ($msg = valid_mb_nick($mb_nick)) alert($msg, "", true, true);
$sql_common = " mb_name = '{$_POST['mb_name']}',
$posts = array();
$check_keys = array(
'mb_name',
'mb_homepage',
'mb_tel',
'mb_addr1',
'mb_addr2',
'mb_addr3',
'mb_addr_jibeon',
'mb_signature',
'mb_leave_date',
'mb_intercept_date',
'mb_mailling',
'mb_sms',
'mb_open',
'mb_profile',
'mb_level'
);
for($i=1;$i<=10;$i++){
$check_keys[] = 'mb_'.$i;
}
foreach( $check_keys as $key ){
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : '';
}
$mb_memo = isset($_POST['mb_memo']) ? $_POST['mb_memo'] : '';
$sql_common = " mb_name = '{$posts['mb_name']}',
mb_nick = '{$mb_nick}',
mb_email = '{$mb_email}',
mb_homepage = '{$_POST['mb_homepage']}',
mb_tel = '{$_POST['mb_tel']}',
mb_homepage = '{$posts['mb_homepage']}',
mb_tel = '{$posts['mb_tel']}',
mb_hp = '{$mb_hp}',
mb_certify = '{$mb_certify}',
mb_adult = '{$mb_adult}',
mb_zip1 = '$mb_zip1',
mb_zip2 = '$mb_zip2',
mb_addr1 = '{$_POST['mb_addr1']}',
mb_addr2 = '{$_POST['mb_addr2']}',
mb_addr3 = '{$_POST['mb_addr3']}',
mb_addr_jibeon = '{$_POST['mb_addr_jibeon']}',
mb_signature = '{$_POST['mb_signature']}',
mb_leave_date = '{$_POST['mb_leave_date']}',
mb_intercept_date='{$_POST['mb_intercept_date']}',
mb_memo = '{$_POST['mb_memo']}',
mb_mailling = '{$_POST['mb_mailling']}',
mb_sms = '{$_POST['mb_sms']}',
mb_open = '{$_POST['mb_open']}',
mb_profile = '{$_POST['mb_profile']}',
mb_level = '{$_POST['mb_level']}',
mb_1 = '{$_POST['mb_1']}',
mb_2 = '{$_POST['mb_2']}',
mb_3 = '{$_POST['mb_3']}',
mb_4 = '{$_POST['mb_4']}',
mb_5 = '{$_POST['mb_5']}',
mb_6 = '{$_POST['mb_6']}',
mb_7 = '{$_POST['mb_7']}',
mb_8 = '{$_POST['mb_8']}',
mb_9 = '{$_POST['mb_9']}',
mb_10 = '{$_POST['mb_10']}' ";
mb_addr1 = '{$posts['mb_addr1']}',
mb_addr2 = '{$posts['mb_addr2']}',
mb_addr3 = '{$posts['mb_addr3']}',
mb_addr_jibeon = '{$posts['mb_addr_jibeon']}',
mb_signature = '{$posts['mb_signature']}',
mb_leave_date = '{$posts['mb_leave_date']}',
mb_intercept_date='{$posts['mb_intercept_date']}',
mb_memo = '{$mb_memo}',
mb_mailling = '{$posts['mb_mailling']}',
mb_sms = '{$posts['mb_sms']}',
mb_open = '{$posts['mb_open']}',
mb_profile = '{$posts['mb_profile']}',
mb_level = '{$posts['mb_level']}',
mb_1 = '{$posts['mb_1']}',
mb_2 = '{$posts['mb_2']}',
mb_3 = '{$posts['mb_3']}',
mb_4 = '{$posts['mb_4']}',
mb_5 = '{$posts['mb_5']}',
mb_6 = '{$posts['mb_6']}',
mb_7 = '{$posts['mb_7']}',
mb_8 = '{$posts['mb_8']}',
mb_9 = '{$posts['mb_9']}',
mb_10 = '{$posts['mb_10']}' ";
if ($w == '')
{
$mb = get_member($mb_id);
if ($mb['mb_id'])
if (isset($mb['mb_id']) && $mb['mb_id'])
alert('이미 존재하는 회원아이디입니다.\\n : '.$mb['mb_id'].'\\n이름 : '.$mb['mb_name'].'\\n닉네임 : '.$mb['mb_nick'].'\\n메일 : '.$mb['mb_email']);
// 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
sql_query(" insert into {$g5['member_table']} set mb_id = '{$mb_id}', mb_password = '".get_encrypt_string($mb_password)."', mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}', mb_email_certify = '".G5_TIME_YMDHIS."', {$sql_common} ");
@ -95,7 +127,7 @@ if ($w == '')
else if ($w == 'u')
{
$mb = get_member($mb_id);
if (!$mb['mb_id'])
if (! (isset($mb['mb_id']) && $mb['mb_id']))
alert('존재하지 않는 회원자료입니다.');
if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level'])
@ -105,19 +137,19 @@ else if ($w == 'u')
alert('최고관리자의 비밀번호를 수정할수 없습니다.');
}
if ($_POST['mb_id'] == $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
if ($mb_id === $member['mb_id'] && $_POST['mb_level'] != $mb['mb_level'])
alert($mb['mb_id'].' : 로그인 중인 관리자 레벨은 수정 할 수 없습니다.');
// 닉네임중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_nick = '{$mb_nick}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 닉네임입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
// 이메일중복체크
$sql = " select mb_id, mb_name, mb_nick, mb_email from {$g5['member_table']} where mb_email = '{$mb_email}' and mb_id <> '$mb_id' ";
$row = sql_fetch($sql);
if ($row['mb_id'])
if (isset($row['mb_id']) && $row['mb_id'])
alert('이미 존재하는 이메일입니다.\\n : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']);
if ($mb_password)
@ -125,7 +157,7 @@ else if ($w == 'u')
else
$sql_password = "";
if ($passive_certify)
if (isset($passive_certify) && $passive_certify)
$sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' ";
else
$sql_certify = "";
@ -146,7 +178,7 @@ if( $w == '' || $w == 'u' ){
$mb_icon_img = get_mb_icon_name($mb_id).'.gif';
// 회원 아이콘 삭제
if ($del_mb_icon)
if (isset($del_mb_icon) && $del_mb_icon)
@unlink(G5_DATA_PATH.'/member/'.$mb_dir.'/'.$mb_icon_img);
$image_regex = "/(\.(gif|jpe?g|png))$/i";
@ -196,7 +228,7 @@ if( $w == '' || $w == 'u' ){
$mb_img_dir .= substr($mb_id,0,2);
// 회원 이미지 삭제
if ($del_mb_img)
if (isset($del_mb_img) && $del_mb_img)
@unlink($mb_img_dir.'/'.$mb_icon_img);
// 아이콘 업로드
@ -238,5 +270,4 @@ if( $w == '' || $w == 'u' ){
run_event('admin_member_form_update', $w, $mb_id);
goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);
?>
goto_url('./member_form.php?'.$qstr.'&amp;w=u&amp;mb_id='.$mb_id, false);

27
adm/member_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200100";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['member_table']} ";
@ -78,17 +78,17 @@ $colspan = 16;
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
<option value="mb_nick"<?php echo get_selected($_GET['sfl'], "mb_nick"); ?>>닉네임</option>
<option value="mb_name"<?php echo get_selected($_GET['sfl'], "mb_name"); ?>>이름</option>
<option value="mb_level"<?php echo get_selected($_GET['sfl'], "mb_level"); ?>>권한</option>
<option value="mb_email"<?php echo get_selected($_GET['sfl'], "mb_email"); ?>>E-MAIL</option>
<option value="mb_tel"<?php echo get_selected($_GET['sfl'], "mb_tel"); ?>>전화번호</option>
<option value="mb_hp"<?php echo get_selected($_GET['sfl'], "mb_hp"); ?>>휴대폰번호</option>
<option value="mb_point"<?php echo get_selected($_GET['sfl'], "mb_point"); ?>>포인트</option>
<option value="mb_datetime"<?php echo get_selected($_GET['sfl'], "mb_datetime"); ?>>가입일시</option>
<option value="mb_ip"<?php echo get_selected($_GET['sfl'], "mb_ip"); ?>>IP</option>
<option value="mb_recommend"<?php echo get_selected($_GET['sfl'], "mb_recommend"); ?>>추천인</option>
<option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
<option value="mb_nick"<?php echo get_selected($sfl, "mb_nick"); ?>>닉네임</option>
<option value="mb_name"<?php echo get_selected($sfl, "mb_name"); ?>>이름</option>
<option value="mb_level"<?php echo get_selected($sfl, "mb_level"); ?>>권한</option>
<option value="mb_email"<?php echo get_selected($sfl, "mb_email"); ?>>E-MAIL</option>
<option value="mb_tel"<?php echo get_selected($sfl, "mb_tel"); ?>>전화번호</option>
<option value="mb_hp"<?php echo get_selected($sfl, "mb_hp"); ?>>휴대폰번호</option>
<option value="mb_point"<?php echo get_selected($sfl, "mb_point"); ?>>포인트</option>
<option value="mb_datetime"<?php echo get_selected($sfl, "mb_datetime"); ?>>가입일시</option>
<option value="mb_ip"<?php echo get_selected($sfl, "mb_ip"); ?>>IP</option>
<option value="mb_recommend"<?php echo get_selected($sfl, "mb_recommend"); ?>>추천인</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -330,5 +330,4 @@ function fmemberlist_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

5
adm/member_list_delete.php
View File

@ -4,7 +4,7 @@ include_once("./_common.php");
check_demo();
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
check_admin_token();
@ -33,5 +33,4 @@ for ($i=0; $i<count($chk); $i++)
if ($msg)
echo "<script type='text/javascript'> alert('$msg'); </script>";
goto_url("./member_list.php?$qstr");
?>
goto_url("./member_list.php?$qstr");

39
adm/member_list_update.php
View File

@ -4,46 +4,54 @@ include_once('./_common.php');
check_demo();
if (!count($_POST['chk'])) {
if (! (isset($_POST['chk']) && is_array($_POST['chk']))) {
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
}
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$mb_datas = array();
$msg = '';
if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$post_mb_certify = (isset($_POST['mb_certify'][$k]) && $_POST['mb_certify'][$k]) ? clean_xss_tags($_POST['mb_certify'][$k], 1, 1, 20) : '';
$post_mb_level = isset($_POST['mb_level'][$k]) ? (int) $_POST['mb_level'][$k] : 0;
$post_mb_intercept_date = (isset($_POST['mb_intercept_date'][$k]) && $_POST['mb_intercept_date'][$k]) ? clean_xss_tags($_POST['mb_intercept_date'][$k], 1, 1, 8) : '';
$post_mb_mailling = isset($_POST['mb_mailling'][$k]) ? (int) $_POST['mb_mailling'][$k] : 0;
$post_mb_sms = isset($_POST['mb_sms'][$k]) ? (int) $_POST['mb_sms'][$k] : 0;
$post_mb_open = isset($_POST['mb_open'][$k]) ? (int) $_POST['mb_open'][$k] : 0;
$mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
if (!$mb['mb_id']) {
if (! (isset($mb['mb_id']) && $mb['mb_id'])) {
$msg .= $mb['mb_id'].' : 회원자료가 존재하지 않습니다.\\n';
} else if ($is_admin != 'super' && $mb['mb_level'] >= $member['mb_level']) {
$msg .= $mb['mb_id'].' : 자신보다 권한이 높거나 같은 회원은 수정할 수 없습니다.\\n';
} else if ($member['mb_id'] == $mb['mb_id']) {
$msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n';
} else {
if($_POST['mb_certify'][$k])
$mb_adult = (int) $_POST['mb_adult'][$k];
if($post_mb_certify)
$mb_adult = isset($_POST['mb_adult'][$k]) ? (int) $_POST['mb_adult'][$k] : 0;
else
$mb_adult = 0;
$sql = " update {$g5['member_table']}
set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."',
mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."',
mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."',
mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."',
mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."',
mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."',
set mb_level = '".$post_mb_level."',
mb_intercept_date = '".sql_real_escape_string($post_mb_intercept_date)."',
mb_mailling = '".$post_mb_mailling."',
mb_sms = '".$post_mb_sms."',
mb_open = '".$post_mb_open."',
mb_certify = '".sql_real_escape_string($post_mb_certify)."',
mb_adult = '{$mb_adult}'
where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' ";
where mb_id = '".sql_real_escape_string($mb['mb_id'])."' ";
sql_query($sql);
}
}
@ -53,7 +61,7 @@ if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++)
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$k = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$mb_datas[] = $mb = get_member($_POST['mb_id'][$k]);
@ -78,5 +86,4 @@ if ($msg)
run_event('admin_member_list_update', $_POST['act_button'], $mb_datas);
goto_url('./member_list.php?'.$qstr);
?>
goto_url('./member_list.php?'.$qstr);

10
adm/menu_form.php
View File

@ -8,7 +8,8 @@ if ($is_admin != 'super')
$g5['title'] = '메뉴 추가';
include_once(G5_PATH.'/head.sub.php');
$code = isset($code) ? preg_replace('/[^0-9a-zA-Z]/', '', strip_tags($code)) : '';
$new = isset($_GET['new']) ? clean_xss_tags($_GET['new'], 1, 1) : '';
$code = isset($_GET['code']) ? preg_replace('/[^0-9a-zA-Z]/', '', $_GET['code']) : '';
// 코드
if($new == 'new' || !$code) {
@ -174,10 +175,10 @@ function add_menu_list(name, link, code)
else
$menu_last = $menulist.find("tr.menu_list:last");
if($menu_last.size() > 0) {
if($menu_last.length > 0) {
$menu_last.after(list);
} else {
if($menulist.find("#empty_menu_list").size() > 0)
if($menulist.find("#empty_menu_list").length > 0)
$menulist.find("#empty_menu_list").remove();
$menulist.find("table tbody").append(list);
@ -193,5 +194,4 @@ function add_menu_list(name, link, code)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

6
adm/menu_form_search.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if ($is_admin != 'super')
die('최고관리자만 접근 가능합니다.');
$type = isset($_REQUEST['type']) ? preg_replace('/[^0-9a-z_]/i', '', $_REQUEST['type']) : '';
switch($type) {
case 'group':
$sql = " select gr_id as id, gr_subject as subject
@ -24,9 +26,7 @@ switch($type) {
$sql = '';
break;
}
?>
<?php
if($sql) {
$result = sql_query($sql);
@ -123,4 +123,4 @@ if($sql) {
<button type="button" id="add_manual" class="btn_submit btn">추가</button>
<button type="button" class="btn_02 btn" onclick="window.close();">창닫기</button>
</div>
<?php } ?>
<?php } // end if;

8
adm/menu_list.php
View File

@ -31,6 +31,7 @@ $g5['title'] = "메뉴설정";
include_once('./admin.head.php');
$colspan = 7;
$sub_menu_info = '';
?>
<div class="local_desc01 local_desc">
@ -143,14 +144,14 @@ $(function() {
return false;
var $tr = $(this).closest("tr");
if($tr.find("td.sub_menu_class").size() > 0) {
if($tr.find("td.sub_menu_class").length > 0) {
$tr.remove();
} else {
var code = $(this).closest("tr").find("input[name='code[]']").val().substr(0, 2);
$("tr.menu_group_"+code).remove();
}
if($("#menulist tr.menu_list").size() < 1) {
if($("#menulist tr.menu_list").length < 1) {
var list = "<tr id=\"empty_menu_list\"><td colspan=\"<?php echo $colspan; ?>\" class=\"empty_table\">자료가 없습니다.</td></tr>\n";
$("#menulist table tbody").append(list);
} else {
@ -215,5 +216,4 @@ function fmenulist_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

9
adm/menu_list_update.php
View File

@ -21,7 +21,11 @@ for ($i=0; $i<$count; $i++)
{
$_POST = array_map_deep('trim', $_POST);
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes($_POST['me_link'][$i], 1)) : '';
if(preg_match('/^javascript/i', preg_replace('/[ ]{1,}|[\t]/', '', $_POST['me_link'][$i]))){
$_POST['me_link'][$i] = G5_URL;
}
$_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : '';
$code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : '';
$me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : '';
@ -70,5 +74,4 @@ for ($i=0; $i<$count; $i++)
run_event('admin_menu_list_update');
goto_url('./menu_list.php');
?>
goto_url('./menu_list.php');

15
adm/newwinform.php
View File

@ -3,9 +3,15 @@ $sub_menu = '100310';
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
$nw_id = preg_replace('/[^0-9]/', '', $nw_id);
$nw_id = isset($_REQUEST['nw_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['nw_id']) : 0;
$nw = array(
'nw_begin_time'=>'',
'nw_end_time'=>'',
'nw_subject'=>'',
'nw_content'=>'',
);
$html_title = "팝업레이어";
if ($w == "u")
@ -13,7 +19,7 @@ if ($w == "u")
$html_title .= " 수정";
$sql = " select * from {$g5['new_win_table']} where nw_id = '$nw_id' ";
$nw = sql_fetch($sql);
if (!$nw['nw_id']) alert("등록된 자료가 없습니다.");
if (! (isset($nw['nw_id']) && $nw['nw_id'])) alert("등록된 자료가 없습니다.");
}
else
{
@ -146,5 +152,4 @@ function frmnewwin_check(f)
</script>
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

53
adm/newwinformupdate.php
View File

@ -2,29 +2,55 @@
$sub_menu = '100310';
include_once('./_common.php');
$nw_id = isset($_REQUEST['nw_id']) ? preg_replace('/[^0-9]/', '', $_REQUEST['nw_id']) : 0;
if ($w == "u" || $w == "d")
check_demo();
if ($w == 'd')
auth_check($auth[$sub_menu], "d");
auth_check_menu($auth, $sub_menu, "d");
else
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_admin_token();
$nw_subject = isset($_POST['nw_subject']) ? strip_tags(clean_xss_attributes($_POST['nw_subject'])) : '';
$posts = array();
$sql_common = " nw_device = '{$_POST['nw_device']}',
nw_begin_time = '{$_POST['nw_begin_time']}',
nw_end_time = '{$_POST['nw_end_time']}',
nw_disable_hours = '{$_POST['nw_disable_hours']}',
nw_left = '{$_POST['nw_left']}',
nw_top = '{$_POST['nw_top']}',
nw_height = '{$_POST['nw_height']}',
nw_width = '{$_POST['nw_width']}',
$check_keys = array(
'nw_device'=>'str',
'nw_begin_time'=>'str',
'nw_end_time'=>'str',
'nw_disable_hours'=>'int',
'nw_left'=>'int',
'nw_top'=>'int',
'nw_height'=>'int',
'nw_width'=>'int',
'nw_content'=>'text',
'nw_content_html'=>'text',
);
foreach($check_keys as $key=>$val){
if($val === 'int'){
$posts[$key] = isset($_POST[$key]) ? (int) $_POST[$key] : 0;
} else if ($val === 'str') {
$posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : 0;
} else {
$posts[$key] = isset($_POST[$key]) ? trim($_POST[$key]) : 0;
}
}
$sql_common = " nw_device = '{$posts['nw_device']}',
nw_begin_time = '{$posts['nw_begin_time']}',
nw_end_time = '{$posts['nw_end_time']}',
nw_disable_hours = '{$posts['nw_disable_hours']}',
nw_left = '{$posts['nw_left']}',
nw_top = '{$posts['nw_top']}',
nw_height = '{$posts['nw_height']}',
nw_width = '{$posts['nw_width']}',
nw_subject = '{$nw_subject}',
nw_content = '{$_POST['nw_content']}',
nw_content_html = '{$_POST['nw_content_html']}' ";
nw_content = '{$posts['nw_content']}',
nw_content_html = '{$posts['nw_content_html']}' ";
if($w == "")
{
@ -51,5 +77,4 @@ if ($w == "d")
else
{
goto_url("./newwinform.php?w=u&amp;nw_id=$nw_id");
}
?>
}

5
adm/newwinlist.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100310';
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
if( !isset($g5['new_win_table']) ){
die('<meta charset="utf-8">/data/dbconfig.php 파일에 <strong>$g5[\'new_win_table\'] = G5_TABLE_PREFIX.\'new_win\';</strong> 를 추가해 주세요.');
@ -114,5 +114,4 @@ $result = sql_query($sql);
<?php
include_once (G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once (G5_ADMIN_PATH.'/admin.tail.php');

5
adm/phpinfo.php
View File

@ -4,7 +4,6 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
phpinfo();
?>
phpinfo();

11
adm/point_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['point_table']} ";
@ -84,8 +84,8 @@ else
<form name="fsearch" id="fsearch" class="local_sch01 local_sch" method="get">
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="mb_id"<?php echo get_selected($_GET['sfl'], "mb_id"); ?>>회원아이디</option>
<option value="po_content"<?php echo get_selected($_GET['sfl'], "po_content"); ?>>내용</option>
<option value="mb_id"<?php echo get_selected($sfl, "mb_id"); ?>>회원아이디</option>
<option value="po_content"<?php echo get_selected($sfl, "po_content"); ?>>내용</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -190,7 +190,7 @@ else
<input type="hidden" name="sst" value="<?php echo $sst ?>">
<input type="hidden" name="sod" value="<?php echo $sod ?>">
<input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>">
<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_frm01 tbl_wrap">
<table>
@ -248,5 +248,4 @@ function fpointlist_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

7
adm/point_list_delete.php
View File

@ -4,11 +4,11 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert($_POST['act_button'].' 하실 항목을 하나 이상 체크하세요.');
@ -57,5 +57,4 @@ for ($i=0; $i<$count; $i++)
sql_query($sql);
}
goto_url('./point_list.php?'.$qstr);
?>
goto_url('./point_list.php?'.$qstr);

13
adm/point_update.php
View File

@ -2,14 +2,14 @@
$sub_menu = "200200";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$mb_id = strip_tags(clean_xss_attributes($_POST['mb_id']));
$po_point = strip_tags(clean_xss_attributes($_POST['po_point']));
$po_content = strip_tags(clean_xss_attributes($_POST['po_content']));
$expire = preg_replace('/[^0-9]/', '', $_POST['po_expire_term']);
$mb_id = isset($_POST['mb_id']) ? strip_tags(clean_xss_attributes($_POST['mb_id'])) : '';
$po_point = isset($_POST['po_point']) ? strip_tags(clean_xss_attributes($_POST['po_point'])) : 0;
$po_content = isset($_POST['po_content']) ? strip_tags(clean_xss_attributes($_POST['po_content'])) : '';
$expire = isset($_POST['po_expire_term']) ? preg_replace('/[^0-9]/', '', $_POST['po_expire_term']) : '';
$mb = get_member($mb_id);
@ -21,5 +21,4 @@ if (($po_point < 0) && ($po_point * (-1) > $mb['mb_point']))
insert_point($mb_id, $po_point, $po_content, '@passive', $mb_id, $member['mb_id'].'-'.uniqid(''), $expire);
goto_url('./point_list.php?'.$qstr);
?>
goto_url('./point_list.php?'.$qstr);

9
adm/poll_delete.php
View File

@ -4,17 +4,17 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'd');
auth_check_menu($auth, $sub_menu, 'd');
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if(!$count)
alert('삭제할 투표목록을 1개이상 선택해 주세요.');
for($i=0; $i<$count; $i++) {
$po_id = $_POST['chk'][$i];
$po_id = isset($_POST['chk'][$i]) ? (int) $_POST['chk'][$i] : 0;
$sql = " delete from {$g5['poll_table']} where po_id = '$po_id' ";
sql_query($sql);
@ -23,5 +23,4 @@ for($i=0; $i<$count; $i++) {
sql_query($sql);
}
goto_url('./poll_list.php?'.$qstr);
?>
goto_url('./poll_list.php?'.$qstr);

16
adm/poll_form.php
View File

@ -2,9 +2,15 @@
$sub_menu = "200900";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
$po_id = isset($po_id) ? (int) $po_id : 0;
$po = array(
'po_subject'=>'',
'po_etc'=>'',
'po_level'=>'',
'po_point'=>'',
);
$html_title = '투표';
if ($w == '')
@ -48,7 +54,8 @@ include_once('./admin.head.php');
$sound_only = '<strong class="sound_only">필수</strong>';
}
$po_poll = get_text($po['po_poll'.$i]);
$po_poll = isset($po['po_poll'.$i]) ? get_text($po['po_poll'.$i]) : '';
$po_cnt = isset($po['po_cnt'.$i]) ? get_text($po['po_cnt'.$i]) : 0;
?>
<tr>
@ -56,7 +63,7 @@ include_once('./admin.head.php');
<td>
<input type="text" name="po_poll<?php echo $i ?>" value="<?php echo $po_poll ?>" id="po_poll<?php echo $i ?>" <?php echo $required ?> class="frm_input <?php echo $required ?>" maxlength="125">
<label for="po_cnt<?php echo $i ?>">항목 <?php echo $i ?> 투표수</label>
<input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po['po_cnt'.$i] ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3">
<input type="text" name="po_cnt<?php echo $i ?>" value="<?php echo $po_cnt; ?>" id="po_cnt<?php echo $i ?>" class="frm_input" size="3">
</td>
</tr>
@ -111,5 +118,4 @@ include_once('./admin.head.php');
</form>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/poll_form_update.php
View File

@ -6,7 +6,7 @@ $w = $_POST['w'];
if ($w == 'u' || $w == 'd')
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
@ -99,5 +99,4 @@ sql_query(" update {$g5['config_table']} set cf_max_po_id = '{$row['max_po_id']}
if ($w == 'd')
goto_url('./poll_list.php?'.$qstr);
else
goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr);
?>
goto_url('./poll_form.php?w=u&po_id='.$po_id.'&amp;'.$qstr);

7
adm/poll_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "200900";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$sql_common = " from {$g5['poll_table']} ";
@ -59,7 +59,7 @@ $colspan = 7;
<div class="sch_last">
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="po_subject"<?php echo get_selected($_GET['sfl'], "po_subject"); ?>>제목</option>
<option value="po_subject"<?php echo get_selected($sfl, "po_subject"); ?>>제목</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -154,5 +154,4 @@ $(function() {
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

11
adm/popular_list.php
View File

@ -2,7 +2,7 @@
$sub_menu = "300300";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
// 체크된 자료 삭제
if (isset($_POST['chk']) && is_array($_POST['chk'])) {
@ -79,8 +79,8 @@ var list_delete_php = 'popular_list.php';
<div class="sch_last">
<label for="sfl" class="sound_only">검색대상</label>
<select name="sfl" id="sfl">
<option value="pp_word"<?php echo get_selected($_GET['sfl'], "pp_word"); ?>>검색어</option>
<option value="pp_date"<?php echo get_selected($_GET['sfl'], "pp_date"); ?>>등록일</option>
<option value="pp_word"<?php echo get_selected($sfl, "pp_word"); ?>>검색어</option>
<option value="pp_date"<?php echo get_selected($sfl, "pp_date"); ?>>등록일</option>
</select>
<label for="stx" class="sound_only">검색어<strong class="sound_only"> 필수</strong></label>
<input type="text" name="stx" value="<?php echo $stx ?>" id="stx" required class="required frm_input">
@ -94,7 +94,7 @@ var list_delete_php = 'popular_list.php';
<input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>">
<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap">
<table>
@ -167,5 +167,4 @@ $(function() {
</script>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

12
adm/popular_rank.php
View File

@ -2,7 +2,10 @@
$sub_menu = "300400";
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$fr_date = isset($_REQUEST['fr_date']) ? $_REQUEST['fr_date'] : '';
$to_date = isset($_REQUEST['to_date']) ? $_REQUEST['to_date'] : '';
if (empty($fr_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $fr_date) ) $fr_date = G5_TIME_YMD;
if (empty($to_date) || ! preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $to_date) ) $to_date = G5_TIME_YMD;
@ -64,7 +67,7 @@ $(function(){
<input type="hidden" name="sfl" value="<?php echo $sfl ?>">
<input type="hidden" name="stx" value="<?php echo $stx ?>">
<input type="hidden" name="page" value="<?php echo $page ?>">
<input type="hidden" name="token" value="<?php echo $token ?>">
<input type="hidden" name="token" value="<?php echo isset($token) ? $token : ''; ?>">
<div class="tbl_head01 tbl_wrap">
<table>
@ -105,8 +108,5 @@ $(function(){
<?php
echo get_paging(G5_IS_MOBILE ? $config['cf_mobile_pages'] : $config['cf_write_pages'], $page, $total_page, "{$_SERVER['SCRIPT_NAME']}?$qstr&amp;page=");
?>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/qa_config.php
View File

@ -3,7 +3,7 @@ $sub_menu = "300500";
include_once('./_common.php');
include_once(G5_EDITOR_LIB);
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = '1:1문의 설정';
include_once ('./admin.head.php');
@ -396,5 +396,4 @@ function fqaconfigform_submit(f)
</script>
<?php
include_once ('./admin.tail.php');
?>
include_once ('./admin.tail.php');

15
adm/qa_config_update.php
View File

@ -4,7 +4,7 @@ include_once('./_common.php');
check_demo();
auth_check($auth[$sub_menu], 'w');
auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
@ -61,9 +61,17 @@ if( function_exists('filter_input_include_path') ){
$qa_include_tail = filter_input_include_path($qa_include_tail);
}
// 분류에 & 나 = 는 사용이 불가하므로 2바이트로 바꾼다.
$src_char = array('&', '=');
$dst_char = array('', '〓');
$qa_category = str_replace($src_char, $dst_char, $_POST['qa_category']);
//https://github.com/gnuboard/gnuboard5/commit/f5f4925d4eb28ba1af728e1065fc2bdd9ce1da58 에 따른 조치
$qa_category = preg_replace("/[\<\>\'\"\\\'\\\"\%\=\(\)\/\^\*]/", "", $qa_category);
$sql = " update {$g5['qa_config_table']}
set qa_title = '{$_POST['qa_title']}',
qa_category = '{$_POST['qa_category']}',
qa_category = '{$qa_category}',
qa_skin = '{$_POST['qa_skin']}',
qa_mobile_skin = '{$_POST['qa_mobile_skin']}',
qa_use_email = '{$_POST['qa_use_email']}',
@ -107,5 +115,4 @@ if($error_msg){
alert($error_msg, './qa_config.php');
} else {
goto_url('./qa_config.php');
}
?>
}

3
adm/safe_check.php
View File

@ -13,5 +13,4 @@ function social_log_file_delete($second=0){
unlink($social_log_file);
}
}
}
?>
}

5
adm/sendmail_test.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100300';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
if (!$config['cf_email_use'])
alert('환경설정에서 \'메일발송 사용\'에 체크하셔야 메일을 발송할 수 있습니다.');
@ -72,5 +72,4 @@ if (isset($_POST['email'])) {
</section>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

5
adm/service.php
View File

@ -2,7 +2,7 @@
$sub_menu = '100400';
include_once('./_common.php');
auth_check($auth[$sub_menu], 'r');
auth_check_menu($auth, $sub_menu, 'r');
$g5['title'] = '부가서비스';
include_once('./admin.head.php');
@ -45,5 +45,4 @@ include_once('./admin.head.php');
</div>
<?php
include_once('./admin.tail.php');
?>
include_once('./admin.tail.php');

3
adm/session_file_delete.php
View File

@ -57,5 +57,4 @@ include_once("./admin.head.php");
?>
<?php
include_once("./admin.tail.php");
?>
include_once("./admin.tail.php");

3
adm/sms_admin/_common.php
View File

@ -19,5 +19,4 @@ if( isset($token) ){
$token = @htmlspecialchars(strip_tags($token), ENT_QUOTES);
}
add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);
?>
add_stylesheet('<link rel="stylesheet" href="'.G5_SMS5_ADMIN_URL.'/css/sms5.css">', 0);

8
adm/sms_admin/ajax.hp_chk.php
View File

@ -10,12 +10,14 @@ if( !function_exists('json_encode') ) {
}
}
ajax_auth_check($auth[$sub_menu], "r");
ajax_auth_check_menu($auth, $sub_menu, "r");
$err = '';
$arr_ajax_msg = array();
$exist_hplist = array();
$bk_hp = isset($_REQUEST['bk_hp']) ? clean_xss_tags($_REQUEST['bk_hp'], 1, 1) : '';
if( !$bk_hp )
$err = '휴대폰번호를 입력해 주십시오.';
@ -46,6 +48,4 @@ if(!$row['cnt'] && $w == 'u') {
$arr_ajax_msg['error'] = $err;
$arr_ajax_msg['exist'] = $exist_hplist;
die( json_encode($arr_ajax_msg) );
?>
die( json_encode($arr_ajax_msg) );

7
adm/sms_admin/ajax.sms_write_form.php
View File

@ -10,7 +10,9 @@ if( !function_exists('json_encode') ) {
}
}
ajax_auth_check($auth[$sub_menu], "r");
ajax_auth_check_menu($auth, $sub_menu, "r");
$fg_no = isset($_REQUEST['fg_no']) ? preg_replace('/[^0-9]/i', '', $_REQUEST['fg_no']) : '';
$page_size = 6;
@ -82,5 +84,4 @@ $arr_ajax_msg = array(
'total_page'=>$total_page
);
die( json_encode($arr_ajax_msg) );
?>
die( json_encode($arr_ajax_msg) );

2
adm/sms_admin/ajax.sms_write_group.php
View File

@ -4,7 +4,7 @@ include_once("./_common.php");
$colspan = 3;
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$no_group = sql_fetch("select * from {$g5['sms5_book_group_table']} where bg_no=1");

6
adm/sms_admin/ajax.sms_write_level.php
View File

@ -10,7 +10,7 @@ if( !function_exists('json_encode') ) {
}
}
ajax_auth_check($auth[$sub_menu], "r");
ajax_auth_check_menu($auth, $sub_menu, "r");
$lev = array();
@ -26,6 +26,7 @@ while ($row = sql_fetch_array($qry))
$lev[$row['mb_level']] = $row['cnt'];
}
$str_json = array();
$line = 0;
$tmp_str = '';
$tmp_str .= '
<div class="tbl_head01 tbl_wrap">
@ -53,5 +54,4 @@ $tmp_str .= '
</div>';
$str_json['html'] = $tmp_str;
echo json_encode($str_json);
?>
echo json_encode($str_json);

6
adm/sms_admin/ajax.sms_write_person.php
View File

@ -5,7 +5,11 @@ include_once("./_common.php");
$page_size = 10;
$colspan = 5;
auth_check($auth[$sub_menu], "r");
$bg_no = isset($_REQUEST['bg_no']) ? (int) $_REQUEST['bg_no'] : 0;
$ap = isset($_REQUEST['ap']) ? (int) $_REQUEST['ap'] : 0;
$no_hp = isset($_REQUEST['no_hp']) ? clean_xss_tags($_REQUEST['no_hp'], 1, 1) : '';
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = "휴대폰번호 관리";

9
adm/sms_admin/config.php
View File

@ -2,7 +2,7 @@
$sub_menu = "900100";
include_once("./_common.php");
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = "SMS 기본설정";
@ -25,7 +25,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw'])
if (!$config['cf_icode_id'])
$config['cf_icode_id'] = 'sir_';
if (!$sms5['cf_skin'])
if (! (isset($sms5['cf_skin']) && $sms5['cf_skin']))
$sms5['cf_skin'] = 'basic';
include_once(G5_ADMIN_PATH.'/admin.head.php');
@ -117,7 +117,7 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
<th scope="row"><label for="cf_phone">회신번호<strong class="sound_only"> 필수</strong></label></th>
<td>
<?php echo help("회신받을 휴대폰 번호를 입력하세요. 회신번호는 발신번호로 사전등록된 번호와 동일해야 합니다.<br>예) 010-123-4567"); ?>
<input type="text" name="cf_phone" value="<?php echo $sms5['cf_phone']; ?>" id="cf_phone" required class="frm_input required" size="13">
<input type="text" name="cf_phone" value="<?php echo isset($sms5['cf_phone']) ? get_sanitize_input($sms5['cf_phone']) : ''; ?>" id="cf_phone" required class="frm_input required" size="13">
</td>
</tr>
</tbody>
@ -144,5 +144,4 @@ if ($config['cf_sms_use'] == 'icode') { // 아이코드 사용
<?php } ?>
<?php
include_once(G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once(G5_ADMIN_PATH.'/admin.tail.php');

14
adm/sms_admin/config_update.php
View File

@ -2,7 +2,7 @@
$sub_menu = "900100";
include_once("./_common.php");
auth_check($auth[$sub_menu], "w");
auth_check_menu($auth, $sub_menu, "w");
check_demo();
@ -10,6 +10,15 @@ check_admin_token();
$g5['title'] = "SMS 기본설정";
$cf_phone = isset($_REQUEST['cf_phone']) ? clean_xss_tags($_REQUEST['cf_phone'], 1, 1) : '';
$cf_sms_use = isset($_REQUEST['cf_sms_use']) ? clean_xss_tags($_REQUEST['cf_sms_use'], 1, 1) : '';
$cf_sms_type = isset($_REQUEST['cf_sms_type']) ? clean_xss_tags($_REQUEST['cf_sms_type'], 1, 1) : '';
$cf_icode_id = isset($_REQUEST['cf_icode_id']) ? clean_xss_tags($_REQUEST['cf_icode_id'], 1, 1) : '';
$cf_icode_pw = isset($_REQUEST['cf_icode_pw']) ? clean_xss_tags($_REQUEST['cf_icode_pw'], 1, 1) : '';
$cf_icode_server_ip = isset($_REQUEST['cf_icode_server_ip']) ? clean_xss_tags($_REQUEST['cf_icode_server_ip'], 1, 1) : '';
$cf_icode_server_port = isset($_REQUEST['cf_icode_server_port']) ? clean_xss_tags($_REQUEST['cf_icode_server_port'], 1, 1) : '';
$cf_icode_token_key = isset($_REQUEST['cf_icode_token_key']) ? clean_xss_tags($_REQUEST['cf_icode_token_key'], 1, 1) : '';
// 회신번호 체크
if(!check_vaild_callback($cf_phone))
alert('회신번호가 올바르지 않습니다.');
@ -42,5 +51,4 @@ $sql = " update {$g5['config_table']}
cf_icode_token_key = '$cf_icode_token_key'";
sql_query($sql);
goto_url("./config.php");
?>
goto_url("./config.php");

2
adm/sms_admin/css/sms5.css
View File

@ -126,7 +126,7 @@
/* 휴대폰번호 파일 */
#sms5_fileup_frm {margin:0 0 10px;padding:0 0;border-bottom:1px solid #e9e9e9}
#sms5_fileup_frm div {padding:5px 0;;border-bottom:1px solid #f4f4f4}
#sms5_fileup_frm div {padding:5px 0;border-bottom:1px solid #f4f4f4}
#sms5_fileup_frm div.sch_last {margin:0;border:0}
#sms5_fileup_frm strong {display:inline-block;width:80px}
#sms5_fileup_frm strong.sch_long {width:160px}

5
adm/sms_admin/emoticon_move.php
View File

@ -6,7 +6,7 @@ if ($sw != 'move'){
alert('sw 값이 제대로 넘어오지 않았습니다.');
}
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = '이모티콘그룹 이동';
include_once(G5_PATH.'/head.sub.php');
@ -111,5 +111,4 @@ function fboardmoveall_submit(f)
</script>
<?php
include_once(G5_PATH.'/tail.sub.php');
?>
include_once(G5_PATH.'/tail.sub.php');

28
adm/sms_admin/emoticon_move_update.php
View File

@ -1,12 +1,15 @@
<?php
$sub_menu = "900600";
include_once('./_common.php');
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
if(!count($_POST['chk_fg_no']))
$post_chk_fg_no = (isset($_POST['chk_fg_no']) && is_array($_POST['chk_fg_no'])) ? $_POST['chk_fg_no'] : array();
if(!count($post_chk_fg_no))
alert('이모티콘을 이동할 그룹을 한개 이상 선택해 주십시오.', $url);
$fo_no_list = preg_replace('/[^a-zA-Z0-9\, ]/', '', $fo_no_list);
$fo_no_list = isset($_POST['fo_no_list']) ? preg_replace('/[^a-zA-Z0-9\, ]/', '', $_POST['fo_no_list']) : '';
$sql = "select * from {$g5['sms5_form_table']} where fo_no in ($fo_no_list) order by fo_no desc ";
$result = sql_query($sql);
@ -14,9 +17,9 @@ $save = array();
for ($kk=0;$row = sql_fetch_array($result);$kk++)
{
$fo_no = $row['fo_no'];
for ($i=0; $i<count($_POST['chk_fg_no']); $i++)
for ($i=0; $i<count($post_chk_fg_no); $i++)
{
$fg_no = $_POST['chk_fg_no'][$i];
$fg_no = $post_chk_fg_no[$i];
if( !$fg_no ) continue;
$group = sql_fetch("select * from {$g5['sms5_form_group_table']} where fg_no = '$fg_no'");
$sql = " insert into {$g5['sms5_form_table']}
@ -44,19 +47,16 @@ if ($sw == 'move')
$msg = '해당 이모티콘을 선택한 그룹으로 이동 하였습니다.';
$opener_href = './form_list.php?page='.$page;
echo <<<HEREDOC
?>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<script>
alert("$msg");
opener.document.location.href = "$opener_href";
alert("<?php echo $msg; ?>");
opener.document.location.href = "<?php echo $opener_href; ?>";
window.close();
</script>
<noscript>
<p>
"$msg"
<?php echo $msg; ?>
</p>
<a href="$opener_href">돌아가기</a>
</noscript>
HEREDOC;
?>
<a href="<?php echo $opener_href; ?>">돌아가기</a>
</noscript>

13
adm/sms_admin/form_group.php
View File

@ -4,7 +4,7 @@ include_once("./_common.php");
$colspan = 5;
auth_check($auth[$sub_menu], "r");
auth_check_menu($auth, $sub_menu, "r");
$g5['title'] = "이모티콘 그룹";
@ -67,8 +67,8 @@ function grouplist_submit(f)
</script>
<form name="group<?php echo $res['fg_no']?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
<input type="hidden" name="fg_no" value="<?php echo $res['fg_no']?>">
<form name="group<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" class="local_sch03 local_sch">
<input type="hidden" name="fg_no" value="<?php echo isset($res['fg_no']) ? $res['fg_no'] : ''; ?>">
<div>
<label for="fg_name">그룹명<strong class="sound_only"> 필수</strong></label>
<input type="text" id="fg_name" name="fg_name" required class="required frm_input">
@ -83,7 +83,7 @@ function grouplist_submit(f)
<p>그룹명순으로 정렬됩니다.</p>
</div>
<form name="group<?php echo $group[$i]['fg_no']?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
<form name="group<?php echo isset($group[$i]['fg_no']) ? $group[$i]['fg_no'] : ''; ?>" method="post" action="./form_group_update.php" onsubmit="return grouplist_submit(this);">
<input type="hidden" name="w" value="u">
<div class="tbl_head01 tbl_wrap">
@ -136,7 +136,7 @@ function grouplist_submit(f)
</td>
<td class="td_left">
<label for="fg_name_<?php echo $i; ?>" class="sound_only">그룹명</label>
<input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo $group[$i]['fg_name']?>" id="fg_name_<?php echo $i; ?>" class="frm_input">
<input type="text" name="fg_name[<?php echo $i; ?>]" value="<?php echo get_sanitize_input($group[$i]['fg_name']); ?>" id="fg_name_<?php echo $i; ?>" class="frm_input">
<input type="checkbox" name="fg_member[<?php echo $i; ?>]" value="1" id="fg_member_<?php echo $i; ?>" <?php if ($group[$i]['fg_member']) echo 'checked';?>>
<label for="fg_member_<?php echo $i; ?>">회원</label>
</td>
@ -173,5 +173,4 @@ function grouplist_submit(f)
</form>
<?php
include_once(G5_ADMIN_PATH.'/admin.tail.php');
?>
include_once(G5_ADMIN_PATH.'/admin.tail.php');

Some files were not shown because too many files have changed in this diff Show More