function Sch_Upfile($files, $link, $dn, $uid, $mbid)
{
global $tbl, $bbs;
$num = getMultiFileNum($files) + getMultiFileNum($link);
if ($num) {
$Enable_Down = getEnterPerm($bbs[DownloadPm], $mbid, $files, $link);
//다운권한
$gvUpfileStr = $Enable_Down ? getMultiFileStr($files, "./bbs/table/" . $tbl . "/upload") : '';
//첨부파일스트링
$link = $Enable_Down ? $link : '';
$gvDownJsQue = $Enable_Down . ",'" . $gvUpfileStr . "','" . $tbl . "'," . $uid . ",'dat',2," . $num . ",'" . $link . "','" . $bbs[Skin] . "'," . $dn;
$filestr = "<img src='./bbs/skin/" . $bbs[Skin] . "/image/ico_ldown.gif' STYLE='cursor:pointer;' onclick=\"showLayerUpfile({$gvDownJsQue},event);\" ALT=' 첨부파일수 : " . $num . "개(다운로드 " . $dn . ") '>";
return $filestr;
}
}
echo $gSkinImg;
?>
/btn_comment_hide.gif' align=absmiddle onclick="getCommentVisible(this);" style='cursor:pointer;'>
</td>
</tr>
<script>Skin_Line("#DFDFDF",3,2,false)</script>
</table>
<!-- 코멘트 리스트 -->
<div ID='Comment_Layer'>
<table width=100% cellspacing=0 cellpadding=0>
<?php
while ($RPL = db_fetch_array($COMMENT_DATA)) {
//$gvUpfileNum = getMultiFileNum($RPL[RP_FILE]);//첨부파일수
$Enable_Down = getEnterPerm($bbs[CmtDownPm], $RPL[RP_MB_ID], $RPL[RP_FILE], $RPL[RP_LINK]);
//다운권한
$gvUpfileStr = $Enable_Down ? getMultiFileStr($RPL[RP_FILE], "./bbs/table/" . $table . "/upload") : '';
//첨부파일스트링
//$gvDownJsQue = $Enable_Down.",'".$gvUpfileStr."',".$gvUpfileNum.",".$RPL[RP_DOWN].",'".$table."',".$uid.",'".$bbs[Skin]."'";
?>
<tr bgcolor='#fffff1' height=35>
<td>
<b><?php
echo getNameType($RPL[RP_ROOT], $RPL[RP_MB_ID], $RPL[RP_NAME], "", 0, 0, 0);
?>
</b>
<img src='./bbs/image/em/<?php
echo $RPL[RP_EMOTION];
?>
.gif' align=absmiddle>
$isRoot = getIsRoot();
$isAdmin = getIsAdmin($v_LogId, $bbs[AdminMember]);
$gSkinImg = '../../../../bbs/skin/' . $bbs[Skin] . '/image';
$ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true);
if (!$ViewPerm) {
echo "<script>";
echo "alert('손님께서는 접근권한이 없습니다. ');";
echo "window.close();";
echo "</script>";
exit;
}
$WritePerm = getEnterPerm($bbs[WritePm], "", true, true);
if (!$WritePerm) {
$Wauth = "none";
}
$ReplyPerm = getEnterPerm($bbs[ReplyPm], "", true, true);
if (!$ReplyPerm) {
$Rauth = "none";
}
if ($THIS_FILE != 'rank.php') {
$nFlag = $nFlag ? $nFlag : 0;
$Multi_Uid_Exp = explode(';', $MultiUid);
$Multi_Uid_Num = sizeof($Multi_Uid_Exp);
if ($random) {
$nFlag = rand(0, $Multi_Uid_Num - 2);
}
$uid = $Multi_Uid_Exp[$nFlag];
$RCD = db_fetch_array(db_query("SELECT * FROM kimsbod7_{$table}_dat WHERE BB_UID='{$uid}'", $DB_CONNECT));
if (!$RCD[BB_UID]) {
exit;
}
echo substr($nsday, 6, 2);
?>
일(<?php
echo $week[$i];
?>
)</b></font>
</td>
<td>
<?php
while ($RCD = @db_fetch_array($RCD_DATA)) {
$gvModifyQue = "'modify'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event";
$gvDeleteQue = "'delete'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event";
$gvDownJsQue = "0,0,0,0,0,0,0";
if ($RCD[BB_FILE] || $RCD[BB_LINK]) {
$Enable_Down = getEnterPerm($bbs[DownloadPm], $RCD[BB_MB_ID], $RCD[BB_FILE], $RCD[BB_LINK]);
$gvUpfileStr = $Enable_Down ? getMultiFileStr($RCD[BB_FILE], "./bbs/table/" . $table . "/upload") : '';
$gvUpfileNum = getMultiFileNum($RCD[BB_FILE]) + getMultiFileNum($RCD[BB_LINK]);
$gvDownJsQue = $Enable_Down . ",'" . $gvUpfileStr . "'," . $gvUpfileNum . "," . $RCD[BB_DOWN] . ",'" . $table . "'," . $RCD[BB_UID] . ",'" . $bbs[Skin] . "'";
$gvDownJsQue = $Enable_Down ? $gvDownJsQue . ",'" . $RCD[BB_LINK] . "'" : $gvDownJsQue . ",''";
}
?>
<table width=100%>
<tr height=25>
<td width=5><img src='<?php
echo $gSkinImg;
?>
/dot_01.gif' align=absmiddle></td>
<td>
<b><?php
echo trim($RCD[BB_SUBJECT]) ? $RCD[BB_SUBJECT] : '제목없음';
if (!$CFcmPerm) {
$CCauth = "none";
}
$CFcwPerm = getEnterPerm($bbs[CmtWritePm], "", true, true);
if (!$CFcwPerm) {
$CWauth = "none";
}
$CFvtPerm = getEnterPerm($bbs[UseCmtVote], "", true, true);
if (!$CFvtPerm) {
$CVauth = "none";
}
$CFedPerm = getEnterPerm($bbs[CmtEditView], "", true, true);
if (!$CFedPerm) {
$CEauth = "none";
}
$CFupPerm = getEnterPerm($bbs[CUseUpload], "", true, true);
if (!$CFupPerm) {
$CUauth = "none";
}
$CFlkPerm = getEnterPerm($bbs[CUseLink], "", true, true);
if (!$CFlkPerm) {
$CLauth = "none";
}
$COMMENT_DATA = db_query("SELECT * FROM kimsbod7_" . $table . "_rpl WHERE RP_PARENT='" . $RCD[BB_UID] . "' ORDER BY RP_UID", $DB_CONNECT);
$gvComment_Pm = $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $bbs[Skin] . "'," . $RCD[BB_UID];
if ($bbs[hit_cash] && $mbr[cash]) {
include './bbs/lib/static/cash_check.php';
}
if ($bbs[hit_point] && $mbr[point]) {
include './bbs/lib/static/point_check.php';
}
echo "alert('\\n{$msg} \\n');";
echo "</script>";
exit;
}
//다운로드체크
$refer_exp = explode('?', $HTTP_REFERER);
if (!$HTTP_REFERER || !strstr($refer_exp[0], $HTTP_HOST)) {
getAlertMsg(getErrorMsg(2));
}
if ($where == 'dat') {
if (!getEnterPerm($bbs[DownloadPm], "", true, true)) {
getAlertMsg(getErrorMsg(2));
}
db_query("UPDATE kimsbod7_" . $table . "_dat SET BB_DOWN=BB_DOWN+1 WHERE BB_UID='" . $uid . "'", $DB_CONNECT);
} else {
if (!getEnterPerm($bbs[CmtDownPm], "", true, true)) {
getAlertMsg(getErrorMsg(2));
}
db_query("UPDATE kimsbod7_" . $table . "_rpl SET RP_DOWN=RP_DOWN+1 WHERE RP_UID='" . $uid . "'", $DB_CONNECT);
}
$Down_Path = $dtype == 'up' ? "./bbs/table/" . $table . "/upload/" : "";
$Inline_Q1 = "gif,jpg,jpeg,png,bmp";
$Inline_Q2 = "html,php3,asp,jsp,cgi,xml";
if ($dtype == 'up') {
$Fullfile = $Down_Path . $file;
$File_spl = explode('.', $file);
$File_Ext = strtolower(array_pop($File_spl));
if (strstr($Inline_Q1, $File_Ext)) {
$que_file = "./bbs/lib/module/imgview/image.php?image=" . urlencode("../../../table/" . $table . "/upload/" . $file);
echo "<script>window.open('" . $que_file . "','imagewin','left=0,top=0,width=100,height=100');</script>";
exit;
}
unset($i, $tmp_Size);
}
$wSetLink = $RCD[BB_LINK];
$wSetPreview = $RCD[BB_PREVIEW];
$wSetHomeurl = $RCD[BB_HOME_URL] ? $RCD[BB_HOME_URL] : "http://";
$wSetName = $RCD[BB_NAME];
$wSetEmail = $RCD[BB_EMAIL];
$write_Stype = $write_type;
$wSetSubject = $RCD[BB_SUBJECT];
$wStartHtml = $RCD[BB_HTML];
$wSetContent = htmlspecialchars(stripslashes($RCD[BB_CONTENT]));
break;
default:
//--------------------------------------------------------------------------------[원글]
$WritePerm = getEnterPerm($bbs[WritePm], "", true, true);
if (!$WritePerm) {
putErrPage(getErrorMsg(2));
}
$wSetHomeurl = "http://";
$write_Stype = "write";
$wStartHtml = $bbs[WriteHtml];
$WriteMent = @implode('', @file('./bbs/table/' . $table . '/write.cgi'));
$wMentKey = "INSERT:";
if (!strstr(trim($WriteMent), $wMentKey)) {
$wSetContent = htmlspecialchars(stripslashes(trim($WriteMent)));
} else {
@ini_set('allow_url_fopen', 1);
$wSetContent = @implode('', @file(trim(str_replace($wMentKey, "", trim($WriteMent)))));
$wSetContent = htmlspecialchars(stripslashes($wSetContent));
}
<?php
$ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true);
if (!$ViewPerm) {
putErrPage(getErrorMsg(2));
}
$RCD = db_fetch_array(db_query("SELECT * FROM kimsbod7_{$table}_dat WHERE BB_UID='{$uid}'", $DB_CONNECT));
if (!$RCD[BB_UID]) {
putErrPage(getErrorMsg(3));
}
if ($RCD[BB_SECRET]) {
isSecretPass($HTTP_SESSION_VARS[kimsboard7_secr], $RCD[BB_UID], $RCD[BB_MB_ID]);
}
$g_Mail_Content = @implode('', @file('./bbs/lib/module/mailform/sendmail.txt'));
$g_Mail_Content = str_replace('[본문]', getContents($RCD[BB_CONTENT], $RCD[BB_HTML], $bbs[TextHLight]), $g_Mail_Content);
$g_Mail_Content = str_replace('[멘트]', nl2br(htmlspecialchars($content)), $g_Mail_Content);
$g_Mail_Content = str_replace('[경로]', $root[base], $g_Mail_Content);
$g_Mail_Content = str_replace('[제목]', $subject, $g_Mail_Content);
$g_Mail_Content = str_replace('[출처]', $root[title], $g_Mail_Content);
$g_Mail_Content = str_replace('[원문]', $root[base] . '/bbs.php?table=' . $table . '&query=view&uid=' . $uid, $g_Mail_Content);
$g_Mail_Content = str_replace('[원제]', $RCD[BB_SUBJECT], $g_Mail_Content);
$To = "\"{$to_name}\" <{$to_email}>";
$Frm = "\"{$from_name}\" <{$from_email}>";
$Header = "From:{$Frm}\nContent-Type:text/html\nReply-To:{$frm}\nX-Mailer:PHP/" . phpversion();
$result = @mail($To, $subject, stripslashes($g_Mail_Content), $Header);
$alert = $result ? "It was sent out in the normality." : "This mail is not sent out.";
?>
<meta http-equiv="content-type" content="text/html; charset=euc-kr">
$g_Mail_Content = str_replace('[제목]', $BB_SUBJECT, $g_Mail_Content);
$g_Mail_Content = str_replace('[원문]', $root[base] . '/bbs.php?table=' . $table . '&query=view&uid=' . $Now_Num[1], $g_Mail_Content);
$g_Mail_Content = str_replace('[출처]', $root[title], $g_Mail_Content);
$BB_NAME = $BB_NAME ? $BB_NAME : $root[name];
$BB_EMAIL = $BB_EMAIL ? $BB_EMAIL : $MEMBER[MB_EMAIL];
$BB_EMAIL = $BB_EMAIL ? $BB_EMAIL : $root[email];
$To = "\"{$root['name']}\" <{$root['email']}>";
$Frm = "\"{$BB_NAME}\" <{$BB_EMAIL}>";
$Header = "From:{$Frm}\nContent-Type:text/html\nReply-To:{$frm}\nX-Mailer:PHP/" . phpversion();
@mail($To, $BB_SUBJECT, stripslashes($g_Mail_Content), $Header);
}
getLink($THIS_FILE . "?table=" . $table, "self.");
} else {
//--------------------------------------------------------------------------------------------------- 답변
if ($write_type == "reply") {
if (!getEnterPerm($bbs[ReplyPm], "", true, true)) {
putErrPage(getErrorMsg(2));
}
$MIN_PID = db_fetch_array(db_query("SELECT * FROM kimsbod7_{$table}_dat WHERE BB_UID='{$uid}'", $DB_CONNECT));
$ST_PID = $MIN_PID[BB_PID];
//시작
$FT_PID = substr($MIN_PID[BB_PID], 0, 8) * 1000 + 1000;
//끝
$BB_DEPTH = $MIN_PID[BB_DEPTH] + 1;
$BB_PID = $ST_PID + 1;
$QUE = "INSERT INTO kimsbod7_{$table}_dat (\n\t\tBB_PID,BB_DEPTH,BB_ROOT,BB_MB_ID,BB_NAME,BB_PASS,BB_EMAIL,BB_HOME_URL,\n\t\tBB_SUBJECT,BB_CONTENT,BB_HTML,BB_CATEGORY,BB_SECRET,BB_FILE,BB_LINK,\n\t\tBB_PREVIEW,BB_HIT,BB_REQ,BB_DOWN,BB_OPINUM,BB_IP,BB_AGENT,BB_DATE,BB_DATE1,BB_ADD{$AddFieldSql}\n\t\t)VALUES(\n\t\t'{$BB_PID}','{$BB_DEPTH}','{$BB_ROOT}','{$BB_MB_ID}','{$BB_NAME}','{$BB_PASS}','{$BB_EMAIL}','{$BB_HOME_URL}',\n\t\t'{$BB_SUBJECT}','{$BB_CONTENT}','{$BB_HTML}','{$BB_CATEGORY}','{$BB_SECRET}','{$BB_FILE}','{$BB_LINK}',\n\t\t'{$BB_PREVIEW}','0','0','0','','{$BB_IP}','{$BB_AGENT}','{$BB_DATE}','','{$BB_ADD}'{$AddFieldVal}\n\t\t)";
$UPDATE_QUE = "UPDATE kimsbod7_" . $table . "_dat SET BB_PID = BB_PID + 1 WHERE BB_PID > " . $ST_PID . " AND BB_PID < " . $FT_PID;
db_query($UPDATE_QUE, $DB_CONNECT);
db_query($QUE, $DB_CONNECT);
$KEY_UPDATE = db_query("SELECT * FROM kimsbod7_" . $table . "_key \n\t\tWHERE KY_PID <= " . $BB_PID . " ORDER BY KY_KEY DESC", $DB_CONNECT);
while ($KEY = db_fetch_array($KEY_UPDATE)) {
<?php
getBadConnectionCheck($HTTP_HOST, $HTTP_REFERER);
if (!getWritePerm($REMOTE_ADDR)) {
putErrPage(getErrorMsg(5));
}
if (!getEnterPerm($bbs[CmtWritePm], "", true, true)) {
putErrPage(getErrorMsg(2));
}
$RP_MB_ID = $v_LogId;
$RP_ROOT = !$writer_select || $writer_select == "root" ? $isRoot : 0;
$RP_NAME = $v_LogId ? $MEMBER[MB_NAME] : $RP_NAME;
$RP_CONTENT = addslashes($RP_CONTENT);
$RP_DATE = date("YmdHis");
if (!$RP_PARENT || !$table || !$RP_NAME || !$RP_CONTENT) {
putErrPage(getErrorMsg(2));
}
$QUE = "INSERT INTO kimsbod7_" . $table . "_rpl \n(RP_PARENT,RP_EMOTION,RP_ROOT,RP_MB_ID,RP_NAME,RP_PASS,\n RP_CONTENT,RP_HTML,RP_FILE,RP_LINK,RP_VOTE,RP_DATE,RP_NAKCHAL) \nVALUES \n('{$RP_PARENT}','{$RP_EMOTION}','{$RP_ROOT}','{$RP_MB_ID}','{$RP_NAME}','{$RP_PASS}',\n '{$RP_CONTENT}','{$RP_HTML}','{$RP_FILE}','{$RP_LINK}','{$RP_VOTE}','{$RP_DATE}','{$RP_NAKCHAL}')";
db_query($QUE, $DB_CONNECT);
db_query("UPDATE kimsbod7_" . $table . "_dat SET BB_OPINUM=BB_OPINUM+1 WHERE BB_UID='{$RP_PARENT}'", $DB_CONNECT);
if ($mbr[cash] && $bbs[comment_cash] && $v_LogId) {
$BB_SUBJECT = getStrCut(strip_tags($RP_CONTENT), 30, '..');
$cash = $bbs[comment_cash];
$date = $RP_DATE;
$comment = "코멘트등록(" . $BB_SUBJECT . ")에 따른 지급입니다.";
$QUE = "INSERT INTO kimsmall7_cash\n\t(CS_MB_ID,CS_CASH,CS_COMMENT,CS_DATE)\n\tVALUES\n\t('{$v_LogId}','{$cash}','{$comment}','{$date}')";
db_query($QUE, $DB_CONNECT);
db_query("UPDATE kimsmall7_members SET MB_CASH=MB_CASH+" . $cash . " WHERE MB_ID='" . $v_LogId . "'", $DB_CONNECT);
}
if ($mbr[point] && $bbs[comment_point] && $v_LogId) {
$BB_SUBJECT = getStrCut(strip_tags($RP_CONTENT), 30, '..');
