function make_mp3()
{
global $config;
$number = get_session("ss_captcha_key");
if ($number == "") {
return;
}
if ($number == get_session("ss_captcha_save")) {
return;
}
$mp3s = array();
for ($i = 0; $i < strlen($number); $i++) {
$file = G5_CAPTCHA_PATH . '/mp3/' . $config['cf_captcha_mp3'] . '/' . $number[$i] . '.mp3';
$mp3s[] = $file;
}
$ip = sprintf("%u", ip2long($_SERVER['REMOTE_ADDR']));
$mp3_file = 'data/cache/kcaptcha-' . $ip . '_' . G5_SERVER_TIME . '.mp3';
$contents = '';
foreach ($mp3s as $mp3) {
$contents .= file_get_contents($mp3);
}
file_put_contents(G5_PATH . '/' . $mp3_file, $contents);
// 지난 캡챠 파일 삭제
if (rand(0, 99) == 0) {
foreach (glob(G5_PATH . '/data/cache/kcaptcha-*.mp3') as $file) {
if (filemtime($file) + 86400 < G5_SERVER_TIME) {
@unlink($file);
}
}
}
set_session("ss_captcha_save", $number);
return G5_URL . '/' . $mp3_file;
}
function default_login($un, $pp)
{
if ($un == "admin" && $pp == "admin123") {
set_session($un, $pp);
header("Location: main.php");
}
}
private function setSession($id)
{
sec_session();
set_session($id);
header('Location: ../../pocetna/');
die;
}
public function login()
{
global $PAGES;
// get log in information
$email = $this->session['login-email'];
$password = $this->session['login-password'];
$curr_user = null;
foreach ($this->all_users as $id => $user) {
if ($user->email === $email) {
$curr_user = $user;
break;
}
}
clear_session();
if ($curr_user !== null && password_verify($password, $curr_user->pass_salt_hash)) {
// password correct
set_session('user_id', $curr_user->id);
set_session('user_session_token', hash("sha512", mt_rand(0, mt_getrandmax())));
set_session('status', 'just_logged_in');
$this->curr_user = $curr_user;
} else {
$this->status = 'wrong_login';
}
$this->view();
}
function save2session($key, $value)
{
if (is_null($key) || is_null($value) || !is_string($key)) {
return false;
}
//将键值对放入session中
set_session($key, $value);
return true;
}
function antiRePost($sendStr)
{
global $RefreshType;
global $anit_refresh;
if ($sendStr == get_session('PostSendStr')) {
if (isset($RefreshType) == 'ajax') {
action_return(2, 'error:' . $anit_refresh, "-1");
} else {
action_return(1, $anit_refresh, "-1");
}
}
set_session('PostSendStr', $sendStr);
}
function connect_error()
{
global $connection, $token, $error, $drivers;
$databases = array();
if (DB != "") {
page_header(lang('Database') . ": " . h(DB), lang('Invalid database.'), true);
} else {
if ($_POST["db"] && !$error) {
queries_redirect(substr(ME, 0, -1), lang('Databases have been dropped.'), drop_databases($_POST["db"]));
}
page_header(lang('Select database'), $error, false);
echo "<p><a href='" . h(ME) . "database='>" . lang('Create new database') . "</a>\n";
foreach (array('privileges' => lang('Privileges'), 'processlist' => lang('Process list'), 'variables' => lang('Variables'), 'status' => lang('Status')) as $key => $val) {
if (support($key)) {
echo "<a href='" . h(ME) . "{$key}='>{$val}</a>\n";
}
}
echo "<p>" . lang('%s version: %s through PHP extension %s', $drivers[DRIVER], "<b>{$connection->server_info}</b>", "<b>{$connection->extension}</b>") . "\n";
echo "<p>" . lang('Logged as: %s', "<b>" . h(logged_user()) . "</b>") . "\n";
if ($_GET["refresh"]) {
set_session("dbs", null);
}
$databases = get_databases();
if ($databases) {
$scheme = support("scheme");
$collations = collations();
echo "<form action='' method='post'>\n";
echo "<table cellspacing='0' class='checkable' onclick='tableClick(event);'>\n";
echo "<thead><tr><td> <th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
foreach ($databases as $db) {
$root = h(ME) . "db=" . urlencode($db);
echo "<tr" . odd() . "><td>" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"]));
echo "<th><a href='{$root}'>" . h($db) . "</a>";
echo "<td><a href='{$root}" . ($scheme ? "&ns=" : "") . "&database=' title='" . lang('Alter database') . "'>" . nbsp(db_collation($db, $collations)) . "</a>";
echo "<td align='right'><a href='{$root}&schema=' id='tables-" . h($db) . "' title='" . lang('Database schema') . "'>?</a>";
echo "\n";
}
echo "</table>\n";
echo "<script type='text/javascript'>tableCheck();</script>\n";
echo "<p><input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /db/)", 1) . ">\n";
// 1 - eventStop
echo "<input type='hidden' name='token' value='{$token}'>\n";
echo "<a href='" . h(ME) . "refresh=1' onclick='eventStop(event);'>" . lang('Refresh') . "</a>\n";
echo "</form>\n";
}
}
page_footer("db");
if ($databases) {
echo "<script type='text/javascript'>ajaxSetHtml('" . js_adminer_escape(ME) . "script=connect');</script>\n";
}
}
function get_user()
{
$cookie_user = ci_get_cookie('user');
if ($cookie_user) {
$this->user = json_decode($cookie_user, true);
set_session('user', $this->user);
} else {
$this->user = get_session('user');
}
if ($this->user) {
$this->uid = $this->user['uid'];
$this->load->vars('user', $this->user);
}
}
function login()
{
$this->model->username = $_POST['username'];
$this->model->userpwd = $_POST['userpwd'];
$this->model->login_user();
if ($this->model->rows > 0) {
/*
* 登录成功,注册变量
*/
set_session('login', 'yes');
set_session('userID', $this->model->result['id']);
set_session('nickname', $this->model->result['nickname']);
}
header("Location:/admin");
}
public function login()
{
if (IS_POST) {
$user_name = I('post.user_name', '', 'htmlspecialchars');
$pwd = I('post.password', '');
if (empty($user_name) || empty($pwd)) {
$this->error('Incorrect account address or password. Please try again.');
}
$info = D('Users')->UserLogin($user_name, $pwd);
if ($info) {
set_cookies($info, $_POST['remember']);
set_session($info);
$this->success('Login successful.', U('index/index'));
}
$this->error('Incorrect account address or password. Please try again.');
}
}
function set_new_company($id)
{
set_session('company_id', $id);
set_session('company_name', max_size(get_table_value('Companies', 'name', $id), 40));
// clean up previous [Company] search sessions
unset_session('contact_search');
unset_session('domain_search');
unset_session('playlist_search');
unset_session('user_search');
unset_session('video_search');
// clean up previous [Company] page sessions
unset_session('contact_page');
unset_session('domain_page');
unset_session('playlist_page');
unset_session('user_page');
unset_session('video_page');
}
function admin_login()
{
safe('admin_login');
global $smarty, $lang;
$username = substr(post('username'), 0, 30);
$password = substr(post('password'), 0, 30);
if ($username == '' || $password == '') {
unset_session('admin_username');
unset_session('admin_password');
$info_text = '对不起,用户名和密码不能为空';
$link_text = '返回重新登录';
} else {
$password = md5($password);
$obj = new admin();
$obj->set_field('adm_id,adm_last_login');
$obj->set_where("adm_username = '******'");
$obj->set_where("adm_password = '******'");
$one = $obj->get_one();
if (count($one) !== 0) {
set_session('session_id', session_id());
set_session('admin_username', $username);
set_session('admin_password', $password);
$adm_id = $one['adm_id'];
$adm_prev_login = $one['adm_last_login'];
$adm_last_login = time();
$obj->set_value('adm_prev_login', $adm_prev_login);
$obj->set_value('adm_last_login', $adm_last_login);
$obj->set_where('');
$obj->set_where("adm_id = {$adm_id}");
$obj->edit();
$info_text = '欢迎使用新秀文章管理系统后台';
$link_text = '进入后台';
} else {
unset_session('session_id');
unset_session('admin_username');
unset_session('admin_password');
$info_text = '对不起,用户名不存在或密码不正确';
$link_text = '返回重新登录';
}
}
$smarty->assign('info_text', $info_text);
$smarty->assign('link_text', $link_text);
$smarty->assign('link_href', $_SERVER['PHP_SELF']);
}
function csrf_token($name)
{
if (function_exists('hash_algos') && in_array('sha512', hash_algos())) {
$token = hash('sha512', mt_rand(0, mt_getrandmax()));
} else {
$token = '';
for ($i = 0; $i < 128; ++$i) {
$r = mt_rand(0, 35);
if ($r < 26) {
$c = chr(ord('a') + $r);
} else {
$c = chr(ord('0') + $r - 26);
}
$token .= $c;
}
}
set_session($name, $token);
return $token;
}
<?php
include_once "_common.php";
header("Content-Type: text/html; charset={$g4['charset']}");
require dirname(__FILE__) . '/kcaptcha_config.php';
include 'kcaptcha.php';
while (true) {
$keystring = '';
for ($i = 0; $i < $length; $i++) {
$keystring .= $allowed_symbols[mt_rand(0, strlen($allowed_symbols) - 1)];
}
if (!preg_match('/cp|cb|ck|c6|c9|rn|rm|mm|co|do|cl|db|qp|qb|dp|ww/', $keystring)) {
break;
}
}
set_session("captcha_count", 0);
set_session("captcha_keystring", $keystring);
$captcha = new KCAPTCHA();
$captcha->setKeyString(get_session("captcha_keystring"));
<?php
include_once './_common.php';
if (USE_G5_THEME && defined('G5_THEME_PATH')) {
require_once G5_SHOP_PATH . '/yc/orderinquiryview.php';
return;
}
// 불법접속을 할 수 없도록 세션에 아무값이나 저장하여 hidden 으로 넘겨서 다음 페이지에서 비교함
$token = md5(uniqid(rand(), true));
set_session("ss_token", $token);
if (!$is_member) {
if (get_session('ss_orderview_uid') != $_GET['uid']) {
alert("직접 링크로는 주문서 조회가 불가합니다.\\n\\n주문조회 화면을 통하여 조회하시기 바랍니다.", G5_SHOP_URL);
}
}
$sql = "select * from {$g5['g5_shop_order_table']} where od_id = '{$od_id}' ";
if ($is_member && !$is_admin) {
$sql .= " and mb_id = '{$member['mb_id']}' ";
}
$od = sql_fetch($sql);
if (!$od['od_id'] || !$is_member && md5($od['od_id'] . $od['od_time'] . $od['od_ip']) != get_session('ss_orderview_uid')) {
alert("조회하실 주문서가 없습니다.", G5_SHOP_URL);
}
// 결제방법
$settle_case = $od['od_settle_case'];
// 주문상품
$item = array();
$arr_it_orderform = array();
$st_count1 = $st_count2 = 0;
$custom_cancel = false;
$sql = " select a.it_id,\n\t\t\t\ta.it_name,\n\t\t\t\ta.ct_send_cost,\n\t\t\t\ta.it_sc_type,\n\t\t\t\ta.pt_it,\n\t\t\t\tb.ca_id,\n\t\t\t\tb.ca_id2,\n\t\t\t\tb.ca_id3,\n\t\t\t\tb.pt_msg1,\n\t\t\t\tb.pt_msg2,\n\t\t\t\tb.pt_msg3\n\t\t from {$g5['g5_shop_cart_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )\n\t\t where a.od_id = '{$od_id}'\n\t\t group by a.it_id\n\t\t order by a.ct_id ";
if ($member['mb_level'] >= $board['bo_write_level']) {
$write_href = './write.php?bo_table=' . $bo_table;
}
// 답변 링크
$reply_href = '';
if ($member['mb_level'] >= $board['bo_reply_level']) {
$reply_href = './write.php?w=r&bo_table=' . $bo_table . '&wr_id=' . $wr_id . $qstr;
}
// 수정, 삭제 링크
$update_href = $delete_href = '';
// 로그인중이고 자신의 글이라면 또는 관리자라면 비밀번호를 묻지 않고 바로 수정, 삭제 가능
if ($member['mb_id'] && $member['mb_id'] == $write['mb_id'] || $is_admin) {
$update_href = './write.php?w=u&bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . $qstr;
$delete_href = './delete.php?bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . urldecode($qstr);
if ($is_admin) {
set_session("ss_delete_token", $token = uniqid(time()));
$delete_href = './delete.php?bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&token=' . $token . '&page=' . $page . urldecode($qstr);
}
} else {
if (!$write['mb_id']) {
// 회원이 쓴 글이 아니라면
$update_href = './password.php?w=u&bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . $qstr;
$delete_href = './password.php?w=d&bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . $qstr;
}
}
// 최고, 그룹관리자라면 글 복사, 이동 가능
$copy_href = $move_href = '';
if ($write['wr_reply'] == '' && ($is_admin == 'super' || $is_admin == 'group')) {
$copy_href = './move.php?sw=copy&bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . $qstr;
$move_href = './move.php?sw=move&bo_table=' . $bo_table . '&wr_id=' . $wr_id . '&page=' . $page . $qstr;
}
$file = get_file($bo_table, $wr_id);
} else {
if ($w == 'r') {
if (strstr($write['wr_option'], 'secret')) {
$is_secret = true;
$secret_checked = 'checked';
}
$password_required = "required";
for ($i = 1; $i <= G5_LINK_COUNT; $i++) {
$write['wr_link' . $i] = get_text($write['wr_link' . $i]);
}
}
}
}
set_session('ss_bo_table', $_REQUEST['bo_table']);
set_session('ss_wr_id', $_REQUEST['wr_id']);
$subject = "";
if (isset($write['wr_subject'])) {
$subject = str_replace("\"", """, get_text(cut_str($write['wr_subject'], 255), 0));
}
$content = '';
if ($w == '') {
$content = $board['bo_insert_content'];
} else {
if ($w == 'r') {
if (!strstr($write['wr_option'], 'html')) {
$content = "\n\n\n > " . "\n > " . "\n > " . str_replace("\n", "\n> ", get_text($write['wr_content'], 0)) . "\n > " . "\n > ";
}
} else {
$content = get_text($write['wr_content'], 0);
}
function synlogout($get, $post)
{
if (! API_SYNLOGOUT) {
return API_RETURN_FORBIDDEN;
}
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
set_cookie();
set_session();
}
function Form1_action($sAction)
{
global $db;
global $sForm1Err;
global $sFileName;
global $styles;
switch (strtolower($sAction)) {
case "login":
//-------------------------------
// Form1 Login begin
//-------------------------------
$sLogin = get_param("Login");
$sPassword = get_param("Password");
$sLogin = strtoupper($sLogin);
$sPassword = substr(md5($sPassword), 1, 26);
$db->query("SELECT USUA_LOGIN, CODI_NIVEL FROM USUARIO WHERE USUA_LOGIN ="******"Text") . " AND USUA_PASW=" . tosql($sPassword, "Text"));
$is_passed = $db->next_record();
//-------------------------------
// Form1 OnLogin Event begin
// Form1 OnLogin Event end
//-------------------------------
if ($is_passed) {
//-------------------------------
// Login and password passed
//-------------------------------
set_session("UserID", $db->f("USUA_LOGIN"));
set_session("Nivel", $db->f("CODI_NIVEL"));
$sPage = get_param("ret_page");
if (strlen($sPage)) {
header("Location: " . $sPage);
} else {
header("Location: busqueda.php");
}
} else {
$sForm1Err = "La identificación o la palabra clave es incorrecta.";
}
//-------------------------------
// Form1 Login end
//-------------------------------
break;
case "logout":
//-------------------------------
// Logout action
//-------------------------------
//-------------------------------
// Form1 Logout begin
//-------------------------------
//-------------------------------
// Form1 OnLogout Event begin
// Form1 OnLogout Event end
//-------------------------------
session_unregister("UserID");
session_unregister("UserRights");
if (strlen(get_param("ret_page"))) {
header("Location:" . $sFileName . "?ret_page=" . urlencode(get_param("ret_page")));
} else {
header("Location:" . $sFileName);
}
//-------------------------------
// Form1 Logout end
//-------------------------------
break;
}
}
function submitUser($request, $method = 'reg')
{
$time = time();
global $path_site;
if ($method == 'login') {
// LOGIN USER
$un = $request['username'];
$unlower = strtolower($request['username']);
$unupper = strtoupper($request['username']);
$unucfirst = ucfirst($request['username']);
$unucwords = ucwords($request['username']);
$password = $request['password'];
$query = "select id,password,email,zip from user where (username = '******' or username = '******' or username = '******' or username = '******' or username = '******') and status='active'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
if (pw_check($password, $row[1])) {
// START SESSION
set_session($row[0], $request['username'], stripslashes($row[2]), $row[3]);
//return
return TRUE;
} else {
return FALSE;
}
} else {
if ($method == 'forgot') {
// LOGIN USER
$email = strtolower($request['user_email']);
$tempPassword = uniqid(rand(0, 9999999));
$query = "update user set password='******' where email='" . $email . "' and status <> 'deleted'";
if ($result = mysql_query($query)) {
// SEND EMAIL, RETURN TRUE CHANGE IN PRODUCTION - THE HTTP HOST BELOW NEEDS TO BE UPDATED
$query = "select username from user where email='" . $email . "' and status <> 'deleted'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
// SEND AN EMAIL TO USER
$to = stripslashes($row[0]) . '<' . $email . '>';
$from = EMAIL_FORGOT_FROM;
$subject = EMAIL_FORGOT_SUBJECT;
// CALL CONTENT AND REPLACE TAGS INSIDE
$template = $path_site . EMAIL_FORGOT_TEMPLATE;
$returnOutput = new main_output($template);
// replace tags from template
@$returnOutput->replace_tags(array('subject' => EMAIL_BUSINESS_REGISTER_SUBJECT, 'username' => stripslashes($row[0]), 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'temppassword' => $tempPassword, 'path_site' => SITE_BASEURL_SECURE));
// Call the output
$body = $returnOutput->output;
// CALL SEND EMAIL
// send_email($to,$subject,$body,$from);
send_email($email, $subject, $body);
//return
return TRUE;
} else {
//echo $query;
return FALSE;
}
} else {
if ($method == 'verify') {
// LOGIN USER
mysql_query("update user set status='active' where secToken='" . $request['verify'] . "'") or die(mysql_error());
$result = mysql_query("select id,username,email,zip from user where secToken='" . $request['verify'] . "'") or die(mysql_error());
$row = mysql_fetch_row($result);
set_session($row[0], stripslashes($row[1]), stripslashes($row[2]), $row[3]);
return TRUE;
} else {
if ($method == 'profile') {
$userid = $_SESSION['user']['id'];
$flag_nl = 0;
if (isset($request['newsletter']) and ($request['newsletter'] == 'on' or $request['newsletter'] == 1)) {
$flag_nl = 1;
}
// check if old password was selected.
$query_pw = NULL;
if (isset($request['user_pass2']) and !empty($request['user_pass2'])) {
$query_pw = "password = '******'user_pass2']) . "', ";
}
$query = "\n\t\t\t\tupdate user set\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tmi = '" . addslashes($request['user_mi']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\taddr1 = '" . addslashes($request['user_addr1']) . "',\n\t\t\t\t\taddr2 = '" . addslashes($request['user_addr2']) . "',\n\t\t\t\t\tcity = '" . addslashes($request['user_city']) . "',\n\t\t\t\t\tstate = '" . addslashes($request['user_state']) . "',\n\t\t\t\t\tzip = '" . addslashes($request['user_zc1']) . addslashes($request['user_zc2']) . "',\n\t\t\t\t\tmainPhone = '" . addslashes($request['user_phone1'] . $request['user_phone2'] . $request['user_phone3']) . "',\n\t\t\t\t\taltPhone = '" . addslashes($request['user_phone4'] . $request['user_phone5'] . $request['user_phone6']) . "',\t\t\t\t\t\n\t\t\t\t\t" . $query_pw . "\n\t\t\t\t\tflag_nl = '" . $flag_nl . "' \n\t\t\t\tWHERE id = '" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
return TRUE;
} else {
if ($method == 'reg') {
global $path_site;
$flag_agree = 0;
// get agree flag
if (isset($request['agree']) and ($request['agree'] == 'on' or $request['agree'] == '1')) {
$flag_agree = 1;
}
// INSERT VALUES
/*$query = "
insert into user set
username = '******'user_name']). "',
email = '" .addslashes(strtolower($request['user_email'])). "',
password = '******'user_pass']). "',
firstName = '" .addslashes($request['user_fname']). "',
mi = '" .addslashes($request['user_mi']). "',
lastName = '" .addslashes($request['user_lname']). "',
addr1 = '" .addslashes($request['user_addr1']). "',
addr2 = '" .addslashes($request['user_addr2']). "',
city = '" .addslashes($request['user_city']). "',
state = '" .addslashes($request['user_state']). "',
zip = '" .addslashes($request['user_zc1']).addslashes($request['user_zc2']). "',
mainPhone = '" .addslashes($request['user_phone1'].$request['user_phone2'].$request['user_phone3']). "',
altPhone = '" .addslashes($request['user_phone4'].$request['user_phone5'].$request['user_phone6']). "',
flag_nl = '" .$flag_nl. "' ,
flag_tosu = '" .$flag_agree. "',
dateReg = '" .$time. "'
";*/
$query = "\n\t\t\t\tinsert into user set\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tpassword = '******'user_pass']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\tflag_tosu = '" . $flag_agree . "',\n\t\t\t\t\tdateReg = '" . $time . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
$userid = mysql_insert_id();
// Add a record into pubProfile
$query = "\n\t\t\t\tinsert into public_profile set\n\t\t\t\t\tname = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
// INSERT INTO USERS PERMISSIONS
$query = "\n\t\t\t\tinsert into user_groups set\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
//INSERT SECURITY TOKEN
$secToken = sha1(time() . rand(0, 9999999) . $userid);
mysql_query("update user set secToken = '" . $secToken . "' where id='" . $userid . "'") or die(mysql_error());
// NEW
// set_session($userid,$request['user_name'],strtolower($request['user_email']));
if (isset($_REQUEST['l']) and $_REQUEST['l'] = 'c') {
$_SESSION['user']['id'] = $userid;
}
//send verification email.
$to = $request['user_name'] . '<' . $request['user_email'] . '>';
$from = EMAIL_REGISTER_FROM;
$subject = EMAIL_REGISTER_SUBJECT;
// email for registration
// CALL CONTENT AND REPLACE TAGS INSIDE
$template = $path_site . EMAIL_REGISTER_TEMPLATE;
$returnOutput = new main_output($template);
// replace tags from template
@$returnOutput->replace_tags(array('subject' => EMAIL_REGISTER_SUBJECT, 'username' => $request['user_name'], 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'verifyURL' => EMAIL_REGISTER_VERIFYLINK . $secToken));
// Call the output
$body = $returnOutput->output;
// CALL SEND EMAIL
send_email($request['user_email'], $subject, $body);
return TRUE;
}
}
}
}
}
}
">
<input type="hidden" name="hn" value="<?php
echo $item['hn'];
?>
">
</div>
</form>
<?php
// �����óշ�����ʼ�ҹ���١
if (get_session('x-msg')) {
?>
<div style="color: red;"><?php
echo get_session('x-msg');
?>
</div><?php
set_session('x-msg', false);
}
} elseif ($step === 3) {
$userId = get_session('sRowid');
$pass = input_post('confirm_pass');
$bedCode = input_post('bedcode');
$sql = "SELECT `row_id` FROM `inputm` WHERE `row_id` = :user_id AND `pword` = :password ;";
$item = DB::select($sql, array(':user_id' => $userId, ':password' => $pass), true);
if ($item !== NULL) {
$thai_date = date('Y') + 543 . date('-m-d H:i:s');
$editor = get_session('sOfficer');
$hn = input_post('hn');
/**
* @todo
* [x] ��Ǩ�ͺ��� lock �ҡ��ͧ����Թ��
* [x] backup `bed`
$it = sql_fetch($sql);
if (!$it) {
alert('상품정보가 존재하지 않습니다.');
}
if (!$is_auth) {
if ($it['pt_id'] != $member['mb_id']) {
alert("\\'{$member['mb_id']}\\' 님께서 수정 할 권한이 없는 상품입니다.");
}
}
// 첫번째 분류
$ca_id = $it['ca_id'];
$sql = " select * from {$g5['g5_shop_category_table']} where ca_id = '{$ca_id}' ";
$ca = sql_fetch($sql);
$ss_name = 'ss_item_' . $it_id;
if (!get_session($ss_name)) {
set_session($ss_name, TRUE);
}
} else {
goto_url("./");
}
}
$qstr = $qstr . '&sca=' . $sca . '&ap=list&page=' . $page;
$frm_submit = '<div class="btn_confirm01 btn_confirm"><input type="submit" value="확인" class="btn_submit" accesskey="s"> <a href="./?' . $qstr . '" class="btn_frmline">목록</a>';
if ($it_id) {
$frm_submit .= PHP_EOL . '<a href="' . G5_SHOP_URL . '/item.php?it_id=' . $it_id . '" target="blank" class="btn_frmline">보기</a> <a href="./?ap=item" class="btn_frmline">신규</a>';
}
$frm_submit .= '</div>';
include_once $skin_path . '/itemform.skin.php';
// 입력폼 선택
if ($w == "" && !$fn) {
?>
<?php
// 캡챠 세션값과 비교하여 맞는지? 틀린지? 결과값을 출력합니다.
include_once "_common.php";
header("Content-Type: text/html; charset={$g4['charset']}");
$count = (int) get_session("captcha_count");
if ($count >= 5) {
// 설정값 이상이면 자동등록방지 입력 문자가 맞아도 오류 처리
echo false;
} else {
set_session("captcha_count", $count + 1);
echo get_session("captcha_keystring") == $_POST['captcha_key'] ? true : false;
}
$export = ", <a href='#{$id}' onclick=\"return !toggle('{$id}');\">" . lang('Export') . "</a><span id='{$id}' class='hidden'>: " . html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " " . html_select("format", $dump_format, $adminer_export["format"]) . "<input type='hidden' name='query' value='" . h($q) . "'>" . " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='{$token}'></span>\n";
if ($connection2 && preg_match("~^({$space}|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
$id = "explain-{$commands}";
echo ", <a href='#{$id}' onclick=\"return !toggle('{$id}');\">EXPLAIN</a>{$export}";
echo "<div id='{$id}' class='hidden'>\n";
select($explain, $connection2, $orgtables);
echo "</div>\n";
} else {
echo $export;
}
echo "</form>\n";
}
} else {
if (preg_match("~^{$space}*(CREATE|DROP|ALTER){$space}+(DATABASE|SCHEMA)\\b~isU", $q)) {
restart_session();
set_session("dbs", null);
// clear cache
stop_session();
}
if (!$_POST["only_errors"]) {
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "{$time}\n";
}
}
$start = microtime(true);
} while ($connection->next_result());
$line += substr_count($q . $found, "\n");
$query = substr($query, $offset);
$offset = 0;
}
}
}
<?php
if (!defined('_GNUBOARD_')) {
exit;
}
// 개별 페이지 접근 불가
require_once G5_MSHOP_PATH . '/settle_' . $default['de_pg_service'] . '.inc.php';
require_once G5_SHOP_PATH . '/settle_kakaopay.inc.php';
// 결제등록 요청시 사용할 입금마감일
$ipgm_date = date("Ymd", G5_SERVER_TIME + 86400 * 5);
$tablet_size = "1.0";
// 화면 사이즈 조정 - 기기화면에 맞게 수정(갤럭시탭,아이패드 - 1.85, 스마트폰 - 1.0)
// 개인결제번호제거
set_session('ss_personalpay_id', '');
set_session('ss_personalpay_hash', '');
?>
<div id="sod_approval_frm">
<?php
ob_start();
?>
<p>주문하실 상품을 확인하세요.</p>
<ul class="sod_list">
<?php
$tot_point = 0;
$tot_sell_price = 0;
$goods = $goods_it_id = "";
$goods_count = -1;
// $s_cart_id 로 현재 장바구니 자료 쿼리
$sql = " select a.ct_id,\n a.it_id,\n a.it_name,\n a.ct_price,\n a.ct_point,\n a.ct_qty,\n a.ct_status,\n a.ct_send_cost,\n a.it_sc_type,\n b.ca_id,\n b.ca_id2,\n b.ca_id3,\n b.it_notax\n from {$g5['g5_shop_cart_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )\n where a.od_id = '{$s_cart_id}'\n and a.ct_select = '1' ";
<?php
include_once './_common.php';
include_once G5_LIB_PATH . '/register.lib.php';
$mb_nick = trim($_POST['reg_mb_nick']);
$mb_id = trim($_POST['reg_mb_id']);
set_session('ss_check_mb_nick', '');
if ($msg = empty_mb_nick($mb_nick)) {
die($msg);
}
if ($msg = valid_mb_nick($mb_nick)) {
die($msg);
}
if ($msg = count_mb_nick($mb_nick)) {
die($msg);
}
if ($msg = exist_mb_nick($mb_nick, $mb_id)) {
die($msg);
}
if ($msg = reserve_mb_nick($mb_nick)) {
die($msg);
}
set_session('ss_check_mb_nick', $mb_nick);
// 자동로그인 ---------------------------------------
// 회원아이디가 쿠키에 저장되어 있다면 (3.27)
if ($tmp_mb_id = get_cookie('ck_mb_id')) {
$tmp_mb_id = substr(preg_replace("/[^a-zA-Z0-9_]*/", "", $tmp_mb_id), 0, 20);
// 최고관리자는 자동로그인 금지
if ($tmp_mb_id != $config['cf_admin']) {
$sql = " select mb_password, mb_intercept_date, mb_leave_date, mb_email_certify from {$g5['member_table']} where mb_id = '{$tmp_mb_id}' ";
$row = sql_fetch($sql);
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $row['mb_password']);
// 쿠키에 저장된 키와 같다면
$tmp_key = get_cookie('ck_auto');
if ($tmp_key == $key && $tmp_key) {
// 차단, 탈퇴가 아니고 메일인증이 사용이면서 인증을 받았다면
if ($row['mb_intercept_date'] == '' && $row['mb_leave_date'] == '' && (!$config['cf_use_email_certify'] || preg_match('/[1-9]/', $row['mb_email_certify']))) {
// 세션에 회원아이디를 저장하여 로그인으로 간주
set_session('ss_mb_id', $tmp_mb_id);
// 페이지를 재실행
echo "<script type='text/javascript'> window.location.reload(); </script>";
exit;
}
}
// $row 배열변수 해제
unset($row);
}
}
// 자동로그인 end ---------------------------------------
}
$write = array();
$write_table = "";
if ($bo_table) {
$board = sql_fetch(" select * from {$g5['board_table']} where bo_table = '{$bo_table}' ");
<button type="submit" id="sumitBtn">�ѹ�֡</button>
<input type="hidden" name="action" value="save">
</div>
</div>
</form>
<?php
$msg = get_session('x-msg');
if (!empty($msg)) {
?>
<div class="notify-warning">
<?php
echo $msg;
?>
</div>
<?php
set_session('x-msg', null);
}
?>
<?php
$sql = "SELECT a.`id`,b.`name`,b.`menucode` \n\t\t\tFROM `drug_user_ward` AS a \n\t\t\tLEFT JOIN `inputm` AS b ON b.`row_id` = a.`user_id`";
$db->select($sql);
?>
<div>
<h3>��ª��ͼ����حҵ�������� �к��һ�Шӵ��</h3>
</div>
<div class="col">
<div class="cell">
<table class="table">
<thead>
<tr>
<th>#</th>
alert('회원님의 아이디는 접근이 금지되어 있습니다.\\n처리일 : ' . $date);
}
// 탈퇴한 아이디인가?
if ($mb['mb_leave_date'] && $mb['mb_leave_date'] <= date("Ymd", G5_SERVER_TIME)) {
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1년 \\2월 \\3일", $mb['mb_leave_date']);
alert('탈퇴한 아이디이므로 접근하실 수 없습니다.\\n탈퇴일 : ' . $date);
}
if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_certify'])) {
$ckey = md5($mb['mb_ip'] . $mb['mb_datetime']);
confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL . '/register_email.php?mb_id=' . $mb_id . '&ckey=' . $ckey);
}
@(include_once $member_skin_path . '/login_check.skin.php');
// 회원아이디 세션 생성
set_session('ss_mb_id', $mb['mb_id']);
// FLASH XSS 공격에 대응하기 위하여 회원의 고유키를 생성해 놓는다. 관리자에서 검사함 - 110106
set_session('ss_mb_key', md5($mb['mb_datetime'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
// 포인트 체크
if ($config['cf_use_point']) {
$sum_point = get_point_sum($mb['mb_id']);
$sql = " update {$g5['member_table']} set mb_point = '{$sum_point}' where mb_id = '{$mb['mb_id']}' ";
sql_query($sql);
}
// 3.26
// 아이디 쿠키에 한달간 저장
if ($auto_login) {
// 3.27
// 자동로그인 ---------------------------
// 쿠키 한달간 저장
$key = md5($_SERVER['SERVER_ADDR'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $mb['mb_password']);
set_cookie('ck_mb_id', $mb['mb_id'], 86400 * 31);
set_cookie('ck_auto', $key, 86400 * 31);
$fileSrcStr = str_replace(dirname(__FILE__), "", $realtxt['dir']) . $realtxt['name'];
$thumb_src = str_replace(dirname(__FILE__), "", $realtxt['dir']) . $realtxt['thumb'];
$sql = "insert into {$t_photo}(`user_id`,`add_time`,`photo_src`,`photo_thumb_src`,`album_id`,`user_name`,`privacy`)\r\n\t\t\t\t\t values({$user_id},now(),'{$fileSrcStr}','{$thumb_src}',{$album_id},'{$user_name}','');";
if ($dbo->exeUpdate($sql)) {
$photo_id = mysql_insert_id();
$fs[$index]['photo_id'] = $photo_id;
$sql = "update {$t_album} set photo_num=photo_num+1,update_time=NOW() where album_id={$album_id}";
if ($dbo->exeUpdate($sql)) {
increase_integral($dbo, $int_photo, $user_id);
}
$photos_array[$i]['id'] = $photo_id;
$photos_array[$i]['file'] = $thumb_src;
}
$i++;
} else {
if ($realtxt['flag'] == -1) {
action_return(0, $a_langpackage->a_no_jpg, "-1");
} else {
if ($realtxt['flag'] == -2) {
action_return(0, $a_langpackage->a_big, "-1");
}
}
}
}
set_session('S_fs', $fs);
//回应信息
if ($i > 0) {
action_return(1, "", "modules.php?app=photo_update&album_id={$album_id}");
} else {
action_return(0, $a_langpackage->a_upd_false, "-1");
}
