function apms_sideview($mb_id, $name = '', $email = '', $homepage = '', $level = 'no', $opt = '') { global $g5, $config, $bo_table, $sca, $is_admin, $member, $xp; $name = get_text($name, 0, true); $email = get_text(base64_encode($email)); $homepage = set_http(get_text(clean_xss_tags($homepage))); //레벨아이콘 if ($opt) { $xp_icon = $opt == 'no' || $level == 'no' ? '' : xp_icon($mb_id, $level) . ' '; } else { $xp_icon = $xp['xp_now'] || $level == 'no' ? '' : xp_icon($mb_id, $level) . ' '; } $tmp_name = ''; if ($mb_id) { if ($config['cf_use_member_icon']) { $mb_dir = substr($mb_id, 0, 2); $icon_file = G5_DATA_PATH . '/member/' . $mb_dir . '/' . $mb_id . '.gif'; if (is_file($icon_file)) { $width = $config['cf_member_icon_width']; $height = $config['cf_member_icon_height']; $icon_file_url = G5_DATA_URL . '/member/' . $mb_dir . '/' . $mb_id . '.gif'; $tmp_name .= '<img src="' . $icon_file_url . '" width="' . $width . '" height="' . $height . '" alt=""> '; if ($config['cf_use_member_icon'] == 2) { // 회원아이콘+이름 $tmp_name = '<span class="member">' . $xp_icon . $tmp_name . $name . '</span>'; } } else { $tmp_name = '<span class="member">' . $xp_icon . $name . '</span>'; } } else { $tmp_name = '<span class="member">' . $xp_icon . $name . '</span>'; } //$title_mb_id = '['.$mb_id.']'; } else { $tmp_name = '<span class="guest">' . $xp_icon . $name . '</span>'; if (!$bo_table) { return $tmp_name; } //$title_mb_id = '[비회원]'; } return "<a href=\"javascript:;\" onClick=\"showSideView(this, '{$mb_id}', '{$name}', '{$email}', '{$homepage}');\">{$tmp_name}</a>"; }
$od_zip = preg_replace('/[^0-9]/', '', $od_zip); $od_zip1 = substr($od_zip, 0, 3); $od_zip2 = substr($od_zip, 3); $od_addr1 = clean_xss_tags($od_addr1); $od_addr2 = clean_xss_tags($od_addr2); $od_addr3 = clean_xss_tags($od_addr3); $od_addr_jibeon = preg_match("/^(N|R)\$/", $od_addr_jibeon) ? $od_addr_jibeon : ''; $od_b_name = clean_xss_tags($od_b_name); $od_b_tel = clean_xss_tags($od_b_tel); $od_b_hp = clean_xss_tags($od_b_hp); $od_b_addr1 = clean_xss_tags($od_b_addr1); $od_b_addr2 = clean_xss_tags($od_b_addr2); $od_b_addr3 = clean_xss_tags($od_b_addr3); $od_b_addr_jibeon = preg_match("/^(N|R)\$/", $od_b_addr_jibeon) ? $od_b_addr_jibeon : ''; $od_memo = clean_xss_tags($od_memo); $od_deposit_name = clean_xss_tags($od_deposit_name); $od_tax_flag = $default['de_tax_flag_use']; // 주문서에 입력 $sql = " insert {$g5['g5_shop_order_table']}\n set od_id = '{$od_id}',\n mb_id = '{$member['mb_id']}',\n od_pwd = '{$od_pwd}',\n od_name = '{$od_name}',\n od_email = '{$od_email}',\n od_tel = '{$od_tel}',\n od_hp = '{$od_hp}',\n od_zip1 = '{$od_zip1}',\n od_zip2 = '{$od_zip2}',\n od_addr1 = '{$od_addr1}',\n od_addr2 = '{$od_addr2}',\n od_addr3 = '{$od_addr3}',\n od_addr_jibeon = '{$od_addr_jibeon}',\n od_b_name = '{$od_b_name}',\n od_b_tel = '{$od_b_tel}',\n od_b_hp = '{$od_b_hp}',\n od_b_zip1 = '{$od_b_zip1}',\n od_b_zip2 = '{$od_b_zip2}',\n od_b_addr1 = '{$od_b_addr1}',\n od_b_addr2 = '{$od_b_addr2}',\n od_b_addr3 = '{$od_b_addr3}',\n od_b_addr_jibeon = '{$od_b_addr_jibeon}',\n od_deposit_name = '{$od_deposit_name}',\n od_memo = '{$od_memo}',\n od_cart_count = '{$cart_count}',\n od_cart_price = '{$tot_ct_price}',\n od_cart_coupon = '{$tot_it_cp_price}',\n od_send_cost = '{$od_send_cost}',\n od_send_coupon = '{$tot_sc_cp_price}',\n od_send_cost2 = '{$od_send_cost2}',\n od_coupon = '{$tot_od_cp_price}',\n od_receipt_price = '{$od_receipt_price}',\n od_receipt_point = '{$od_receipt_point}',\n od_bank_account = '{$od_bank_account}',\n od_receipt_time = '{$od_receipt_time}',\n od_misu = '{$od_misu}',\n od_pg = '{$od_pg}',\n od_tno = '{$od_tno}',\n od_app_no = '{$od_app_no}',\n od_escrow = '{$od_escrow}',\n od_tax_flag = '{$od_tax_flag}',\n od_tax_mny = '{$od_tax_mny}',\n od_vat_mny = '{$od_vat_mny}',\n od_free_mny = '{$od_free_mny}',\n od_status = '{$od_status}',\n od_shop_memo = '',\n od_hope_date = '{$od_hope_date}',\n od_time = '" . G5_TIME_YMDHIS . "',\n od_ip = '{$REMOTE_ADDR}',\n od_settle_case = '{$od_settle_case}'\n "; $result = sql_query($sql, false); // 주문정보 입력 오류시 결제 취소 if (!$result) { if ($tno) { $cancel_msg = '주문정보 입력 오류'; switch ($od_pg) { case 'lg': include G5_SHOP_PATH . '/lg/xpay_cancel.php'; break; case 'inicis': include G5_SHOP_PATH . '/inicis/inipay_cancel.php'; break;
} // "인터넷옵션 > 보안 > 사용자정의수준 > 스크립팅 > Action 스크립팅 > 사용 안 함" 일 경우의 오류 처리 // 이 옵션을 사용 안 함으로 설정할 경우 어떤 스크립트도 실행 되지 않습니다. //if (!trim($_POST["wr_content"])) die ("내용을 입력하여 주십시오."); $is_new = true; $is_ajax = true; $is_response = true; @(include_once $board_skin_path . '/write_comment_update.head.skin.php'); if ($is_member) { $mb_id = $member['mb_id']; // 4.00.13 - 실명 사용일때 댓글에 닉네임으로 입력되던 오류를 수정 $wr_name = addslashes(clean_xss_tags($board['bo_use_name'] ? $member['mb_name'] : $member['mb_nick'])); $wr_password = $member['mb_password']; if ($member['mb_open']) { $wr_email = addslashes($member['mb_email']); $wr_homepage = addslashes(clean_xss_tags($member['mb_homepage'])); } else { $wr_email = ''; $wr_homepage = ''; } $as_level = (int) $member['as_level']; } else { $mb_id = ''; $wr_password = get_encrypt_string($wr_password); $as_level = 1; } if ($w == 'c') { /* if ($member[mb_point] + $board[bo_comment_point] < 0 && !$is_admin) alert('보유하신 포인트('.number_format($member[mb_point]).')가 없거나 모자라서 댓글쓰기('.number_format($board[bo_comment_point]).')가 불가합니다.\\n\\n포인트를 적립하신 후 다시 댓글을 써 주십시오.'); */
if (!$member['mb_open'] && $is_admin != 'super' && $member['mb_id'] != $mb_id) { alert_close('자신의 정보를 공개하지 않으면 다른분의 정보를 조회할 수 없습니다.\\n\\n정보공개 설정은 회원정보수정에서 하실 수 있습니다.'); } $mb = apms_member($mb_id); if (!$mb['mb_id']) { alert_close('회원정보가 존재하지 않습니다.\\n\\n탈퇴하였을 수 있습니다.'); } if (!$mb['mb_open'] && $is_admin != 'super' && $member['mb_id'] != $mb_id) { alert_close('정보공개를 하지 않았습니다.'); } $mb_nick = apms_sideview($mb['mb_id'], get_text($mb['mb_nick']), $mb['mb_email'], $mb['mb_homepage'], $mb['as_level']); // 회원가입후 몇일째인지? + 1 은 당일을 포함한다는 뜻 $sql = " select (TO_DAYS('" . G5_TIME_YMDHIS . "') - TO_DAYS('{$mb['mb_datetime']}') + 1) as days "; $row = sql_fetch($sql); $mb_reg_after = $row['days']; $mb_homepage = set_http(get_text(clean_xss_tags($mb['mb_homepage']))); $mb_profile = $mb['mb_profile'] ? conv_content($mb['mb_profile'], 0) : ''; $mb_signature = $mb['mb_signature'] ? apms_content(conv_content($mb['mb_signature'], 1)) : ''; // Page ID $pid = $pid ? $pid : ''; $at = apms_page_thema($pid); if (!defined('THEMA_PATH')) { include_once G5_LIB_PATH . '/apms.thema.lib.php'; } $g5['title'] = get_text($mb['mb_nick']) . '님의 자기소개'; include_once G5_PATH . '/head.sub.php'; if (!USE_G5_THEME) { @(include_once THEMA_PATH . '/head.sub.php'); } $skin_path = $member_skin_path; $skin_url = $member_skin_url;
define('G5_HTTP_BBS_URL', https_url(G5_BBS_DIR, false)); define('G5_HTTPS_BBS_URL', https_url(G5_BBS_DIR, true)); if ($config['cf_editor']) { define('G5_EDITOR_LIB', G5_EDITOR_PATH . "/{$config['cf_editor']}/editor.lib.php"); } else { define('G5_EDITOR_LIB', G5_LIB_PATH . "/editor.lib.php"); } // 4.00.03 : [보안관련] PHPSESSID 가 틀리면 로그아웃한다. if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) { echo '<script>console.log("common2:' . $_SESSION["ss_mb_id"] . ' ");</script>'; goto_url(G5_BBS_URL . '/logout.php'); } // QUERY_STRING $qstr = ''; if (isset($_REQUEST['sca'])) { $sca = clean_xss_tags(trim($_REQUEST['sca'])); if ($sca) { $sca = preg_replace("/[\\<\\>\\'\"\\\\'\\\"\\%\\=\\(\\)\\s]/", "", $sca); $qstr .= '&sca=' . urlencode($sca); } } else { $sca = ''; } if (isset($_REQUEST['sfl'])) { $sfl = trim($_REQUEST['sfl']); $sfl = preg_replace("/[\\<\\>\\'\"\\\\'\\\"\\%\\=\\(\\)\\s]/", "", $sfl); if ($sfl) { $qstr .= '&sfl=' . urlencode($sfl); } // search field (검색 필드) } else {
?> "> <input type="hidden" name="sod" value="<?php echo $sod; ?> "> <input type="hidden" name="page" value="<?php echo $page; ?> "> <input type="hidden" name="act" value="<?php echo $act; ?> "> <input type="hidden" name="url" value="<?php echo get_text(clean_xss_tags($_SERVER['HTTP_REFERER'])); ?> "> <div class="tbl_head01 tbl_wrap"> <table> <caption><?php echo $act; ?> 할 게시판을 한개 이상 선택하여 주십시오.</caption> <thead> <tr> <th scope="col"> <label for="chkall" class="sound_only">현재 페이지 게시판 전체</label> <input type="checkbox" id="chkall" onclick="if (this.checked) all_checked(true); else all_checked(false);"> </th>
function clean_query_string($query, $amp = true) { $qstr = trim($query); parse_str($qstr, $out); if (is_array($out)) { $q = array(); foreach ($out as $key => $val) { $key = strip_tags(trim($key)); $val = trim($val); switch ($key) { case 'wr_id': $val = (int) preg_replace('/[^0-9]/', '', $val); $q[$key] = $val; break; case 'sca': $val = clean_xss_tags($val); $q[$key] = $val; break; case 'sfl': $val = preg_replace("/[\\<\\>\\'\"\\\\'\\\"\\%\\=\\(\\)\\s]/", "", $val); $q[$key] = $val; break; case 'stx': $val = get_search_string($val); $q[$key] = $val; break; case 'sst': $val = preg_replace("/[\\<\\>\\'\"\\\\'\\\"\\%\\=\\(\\)\\s]/", "", $val); $q[$key] = $val; break; case 'sod': $val = preg_match("/^(asc|desc)\$/i", $val) ? $val : ''; $q[$key] = $val; break; case 'sop': $val = preg_match("/^(or|and)\$/i", $val) ? $val : ''; $q[$key] = $val; break; case 'spt': $val = (int) preg_replace('/[^0-9]/', '', $val); $q[$key] = $val; break; case 'page': $val = (int) preg_replace('/[^0-9]/', '', $val); $q[$key] = $val; break; case 'w': $val = substr($val, 0, 2); $q[$key] = $val; break; case 'bo_table': $val = preg_replace('/[^a-z0-9_]/i', '', $val); $val = substr($val, 0, 20); $q[$key] = $val; break; case 'gr_id': $val = preg_replace('/[^a-z0-9_]/i', '', $val); $q[$key] = $val; break; default: $val = clean_xss_tags($val); $q[$key] = $val; break; } } if ($amp) { $sep = '&'; } else { $sep = '&'; } $str = http_build_query($q, '', $sep); } else { $str = clean_xss_tags($qstr); } return $str; }
// 한글이 아닙니다. (자음, 모음만 있는 한글은 처리하지 않습니다.) // 한글이 아닙니다. // 한글, 영문, 숫자가 아닙니다. // 한글, 영문이 아닙니다. // 숫자가 아닙니다. // 영문이 아닙니다. // 영문 또는 숫자가 아닙니다. // 영문, 숫자, _ 가 아닙니다. // 최소 글자 이상 입력하세요. // 이미지 파일이 아닙니다..gif .jpg .png 파일만 가능합니다. // 파일만 가능합니다. // 공백이 없어야 합니다. $msg2 = str_replace("\\n", "<br>", $msg); $url = clean_xss_tags($url); if (!$url) { $url = clean_xss_tags($_SERVER['HTTP_REFERER']); } // url 체크 check_url_host($url); if ($error) { $header2 = "다음 항목에 오류가 있습니다."; } else { $header2 = "다음 내용을 확인해 주세요."; } ?> <script> alert("<?php echo strip_tags($msg); ?> ");
if ($msg = exist_mb_nick($mb_nick, $mb_id)) { alert($msg, "", true, true); } if ($msg = exist_mb_email($mb_email, $mb_id)) { alert($msg, "", true, true); } } $mb_name = clean_xss_tags($mb_name); $mb_email = get_email_address($mb_email); $mb_homepage = clean_xss_tags($mb_homepage); $mb_tel = clean_xss_tags($mb_tel); $mb_zip1 = preg_replace('/[^0-9]/', '', $mb_zip1); $mb_zip2 = preg_replace('/[^0-9]/', '', $mb_zip2); $mb_addr1 = clean_xss_tags($mb_addr1); $mb_addr2 = clean_xss_tags($mb_addr2); $mb_addr3 = clean_xss_tags($mb_addr3); $mb_addr_jibeon = preg_match("/^(N|R)\$/", $mb_addr_jibeon) ? $mb_addr_jibeon : ''; // 사용자 코드 실행 @(include_once $member_skin_path . '/register_form_update.head.skin.php'); //=============================================================== // 본인확인 //--------------------------------------------------------------- $mb_hp = hyphen_hp_number($mb_hp); if ($config['cf_cert_use'] && $_SESSION['ss_cert_type'] && $_SESSION['ss_cert_dupinfo']) { // 중복체크 $sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$_SESSION['ss_cert_dupinfo']}' "; $row = sql_fetch($sql); if ($row['mb_id']) { alert("입력하신 본인확인 정보로 가입된 내역이 존재합니다.\\n회원아이디 : " . $row['mb_id']); } }
<?php include_once './_common.php'; if (!$is_member) { goto_url(G5_BBS_URL . "/login.php?url=" . urlencode(G5_BBS_URL . "/mypage.php")); } $mb_homepage = set_http(clean_xss_tags($member['mb_homepage'])); $mb_profile = $member['mb_profile'] ? conv_content($member['mb_profile'], 0) : ''; $mb_signature = $member['mb_signature'] ? apms_content(conv_content($member['mb_signature'], 1)) : ''; // Page ID $pid = $pid ? $pid : 'mypage'; $at = apms_page_thema($pid); if (!defined('THEMA_PATH')) { include_once G5_LIB_PATH . '/apms.thema.lib.php'; } $g5['title'] = $member['mb_name'] . '님 마이페이지'; include_once './_head.php'; $skin_path = $member_skin_path; $skin_url = $member_skin_url; // 스킨설정 $wset = G5_IS_MOBILE ? apms_skin_set('member_mobile') : apms_skin_set('member'); $setup_href = ''; if (is_file($skin_path . '/setup.skin.php') && ($is_demo || $is_admin == 'super')) { $setup_href = './skin.setup.php?skin=member'; } include_once $skin_path . '/mypage.skin.php'; include_once './_tail.php';
function display_surveys($su_id = null, $skin_dir = 'basic') { global $g5, $member, $is_admin; $su_id = clean_xss_tags($su_id); if (preg_match('#^theme/(.+)$#', $skin_dir, $match)) { if (G5_IS_MOBILE) { $surveys_skin_path = G5_THEME_MOBILE_PATH . '/' . G5_SKIN_DIR . '/surveys/' . $match[1]; if (!is_dir($surveys_skin_path)) { $surveys_skin_path = G5_THEME_PATH . '/' . G5_SKIN_DIR . '/surveys/' . $match[1]; } $surveys_skin_url = str_replace(G5_PATH, G5_URL, $surveys_skin_path); } else { $surveys_skin_path = G5_THEME_PATH . '/' . G5_SKIN_DIR . '/surveys/' . $match[1]; $surveys_skin_url = str_replace(G5_PATH, G5_URL, $surveys_skin_path); } $skin_dir = $match[1]; } else { if (G5_IS_MOBILE) { $surveys_skin_path = G5_MOBILE_PATH . '/' . G5_SKIN_DIR . '/surveys/' . $skin_dir; $surveys_skin_url = G5_MOBILE_URL . '/' . G5_SKIN_DIR . '/surveys/' . $skin_dir; } else { $surveys_skin_path = G5_SKIN_PATH . '/surveys/' . $skin_dir; $surveys_skin_url = G5_SKIN_URL . '/surveys/' . $skin_dir; } } $conditions = array(" su_removed = 0 "); if (!is_null($su_id)) { $conditions[] = whereClause('su_id', $su_id); } else { if (!$is_admin) { // 관리자는 기간설정이 없음 $conditions[] = 'su_begin_time <= "' . date('Y-m-d H:i:s') . '"'; $conditions[] = 'su_end_time >= "' . date('Y-m-d H:i:s') . '"'; } } $condition = count($conditions) ? ' where ' . implode(' and ', $conditions) : ''; $sql = "select * from {$g5['surveys_m_table']} " . $condition . ' order by su_id desc'; $surveys = sql_fetch($sql); // 회원레벨설정 $surveys_level = explode(',', $surveys['su_level']); if ($surveys != false && !in_array($member['mb_level'], $surveys_level)) { $message = '설문조사 권한이 없습니다.'; } if ($surveys['su_multiple'] == 'Y') { if ($member) { $sql = "select suq_id from {$g5['surveys_r_table']} where su_id = '{$surveys['su_id']}' and mb_id = '{$member['mb_id']}' group by mb_id "; } else { $sql = "select suq_id from {$g5['surveys_r_table']} where su_id = '{$surveys['su_id']}' and sur_ip = '{$_SERVER['REMOTE_ADDR']}' group by sur_ip "; } $has_result = sql_fetch($sql); if ($has_result['suq_id']) { $message = '이미 설문조사에 참여하셨습니다. 현재 설문조사는 한번만 참여가 가능합니다.'; } } if ($surveys) { $categories = array(); $sql = "select * from {$g5['surveys_c_table']} where su_id = '{$surveys['su_id']}'"; $result = sql_query($sql); while ($row = sql_fetch_array($result)) { $categories[$row['suc_id']] = $row; } $group_surveys_items = array(); $rows = array(); $sql = "select * from {$g5['surveys_q_table']} q left join {$g5['surveys_c_table']} c on q.suq_category = c.suc_id where q.su_id = '{$surveys['su_id']}' order by suq_sort asc "; $result = sql_query($sql); while ($row = sql_fetch_array($result)) { $rows[] = $row; $group_surveys_items[$row['suc_id']][] = $row; } } ob_start(); include_once $surveys_skin_path . '/surveys.skin.php'; $content = ob_get_contents(); ob_end_clean(); return $content; }
include_once G5_LIB_PATH . '/apms.thema.lib.php'; } // 본인인증, 성인인증체크 $is_cert = false; if (!$is_admin) { $is_cert = shop_member_cert_check($it_id, 'item'); if ($is_cert) { alert($is_cert, G5_SHOP_URL); } } // 등록자 정보 $author_id = $it['pt_id'] ? $it['pt_id'] : $config['cf_admin']; $author = apms_member($author_id); $author_photo = $author['photo']; if ($author['mb_open']) { $author['homepage'] = set_http(clean_xss_tags($author['mb_homepage'])); $author['email'] = $author['mb_email']; } else { $author['email'] = $author['mb_email'] = ''; $author['homepage'] = $author['mb_homepage'] = ''; } $author['profile'] = $author['mb_profile'] ? conv_content($author['mb_profile'], 0) : ''; $author['signature'] = $author['mb_signature'] ? apms_content(conv_content($author['mb_signature'], 1)) : ''; // 오늘 본 상품 저장 시작 // tv 는 today view 약자 $saved = false; $tv_idx = (int) get_session("ss_tv_idx"); if ($tv_idx > 0) { for ($i = 1; $i <= $tv_idx; $i++) { if (get_session("ss_tv[{$i}]") == $it_id) { $saved = true;
function eb_nameview($skin_dir, $mb_id, $name = '', $email = '', $homepage = '') { global $config; global $g5; global $bo_table, $sca, $is_admin, $member, $tpl_name, $tpl, $eyoomer; // 익명일 경우, 네임뷰 if ($mb_id == 'anonymous') { $is_anonymous = true; $head['name'] = get_text($name); } else { $following = $eyoomer['following']; if (!$following) { $following = array(); } if (in_array($mb_id, $following)) { $follow = true; } $email = base64_encode($email); $homepage = set_http(clean_xss_tags($homepage)); $name = preg_replace("/\\'/", "", $name); $name = preg_replace("/\\'/", "", $name); $name = preg_replace("/\"/", """, $name); $name = get_text(cut_str($name, $config['cf_cut_name'])); $title_name = $name; $tmp_name = ""; if ($mb_id) { $head['link'] = G5_BBS_URL . '/profile.php?mb_id=' . $mb_id; if ($config['cf_use_member_icon']) { $mb_dir = substr($mb_id, 0, 2); $icon_file = G5_DATA_PATH . '/member/' . $mb_dir . '/' . $mb_id . '.gif'; if (file_exists($icon_file)) { $width = $config['cf_member_icon_width']; $height = $config['cf_member_icon_height']; $icon_file_url = G5_DATA_URL . '/member/' . $mb_dir . '/' . $mb_id . '.gif'; $tmp_name .= '<img src="' . $icon_file_url . '" width="' . $width . '" height="' . $height . '" alt="">'; if ($config['cf_use_member_icon'] == 2) { // 회원아이콘+이름 $tmp_name = $tmp_name . ' ' . $name; } } else { $tmp_name = $tmp_name . " " . $name; } } else { $tmp_name = $tmp_name . ' ' . $name; } $head['name'] = $tmp_name; $head['title'] = '[' . $mb_id . ']'; } else { if (!$bo_table) { return $name; } $head['link'] = G5_BBS_URL . '/board.php?bo_table=' . $bo_table . '&sca=' . $sca . '&sfl=wr_name,1&stx=' . $name; $head['name'] = $name; $head['title'] = '[비회원]'; } $name = get_text($name); $email = get_text($email); $homepage = get_text($homepage); if ($mb_id) { $link['memo'] = G5_BBS_URL . "/memo_form.php?me_recv_mb_id=" . $mb_id; $link['profile'] = G5_BBS_URL . "/profile.php?mb_id=" . $mb_id; $link['article'] = G5_BBS_URL . "/new.php?mb_id=" . $mb_id; $link['userpage'] = G5_URL . "/?" . $mb_id; } if ($email) { $link['email'] = G5_BBS_URL . "/formmail.php?mb_id=" . $mb_id . "&name=" . urlencode($name) . "&email=" . $email; } if ($homepage) { $link['home'] = $homepage; } if ($bo_table) { if ($mb_id) { $link['sid'] = G5_BBS_URL . "/board.php?bo_table=" . $bo_table . "&sca=" . $sca . "&sfl=mb_id,1&stx=" . $mb_id; } else { $link['sname'] = G5_BBS_URL . "/board.php?bo_table=" . $bo_table . "&sca=" . $sca . "&sfl=wr_name,1&stx=" . $name; } } if ($g5['sms5_use_sideview']) { $mb = get_member($mb_id, " mb_open, mb_sms , mb_hp "); if ($mb['mb_open'] && $mb['mb_sms'] && $mb['mb_hp']) { $link['sms'] = G5_SMS5_URL . "/?mb_id=" . $mb_id; } } if ($is_admin == "super" && $mb_id) { $link['info'] = G5_ADMIN_URL . "/member_form.php?w=u&mb_id=" . $mb_id; $link['point'] = G5_ADMIN_URL . "/point_list.php?sfl=mb_id&stx=" . $mb_id; } } $tpl->define(array('pc' => 'skin_pc/nameview/' . $skin_dir . '/nameview.skin.html', 'mo' => 'skin_mo/nameview/' . $skin_dir . '/nameview.skin.html', 'bs' => 'skin_bs/nameview/' . $skin_dir . '/nameview.skin.html')); $tpl->assign(array("head" => $head, "link" => $link, "mb_id" => $mb_id, "email" => $email, "home" => $homepage, "bo_table" => $bo_table, "g5" => $g5, "is_admin" => $is_admin, "follow" => $follow, "is_anonymous" => $is_anonymous)); $tpl->print_($tpl_name); }
} else { $wr_email = addslashes($wr['wr_email']); } if (isset($_POST['wr_homepage']) && $_POST['wr_homepage']) { $wr_homepage = addslashes(clean_xss_tags($_POST['wr_homepage'])); } else { $wr_homepage = addslashes(clean_xss_tags($wr['wr_homepage'])); } } } else { $mb_id = ""; // 비회원의 경우 이름이 누락되는 경우가 있음 if (!trim($wr_name)) { alert("이름은 필히 입력하셔야 합니다."); } $wr_name = clean_xss_tags(trim($_POST['wr_name'])); $wr_email = get_email_address(trim($_POST['wr_email'])); } $sql_password = $wr_password ? " , wr_password = '******' " : ""; $sql_ip = ''; if (!$is_admin) { $sql_ip = " , wr_ip = '{$_SERVER['REMOTE_ADDR']}' "; } $sql = " update {$write_table}\n set ca_name = '{$ca_name}',\n wr_option = '{$html},{$secret},{$mail}',\n wr_subject = '{$wr_subject}',\n wr_content = '{$wr_content}',\n wr_link1 = '{$wr_link1}',\n wr_link2 = '{$wr_link2}',\n mb_id = '{$mb_id}',\n wr_name = '{$wr_name}',\n wr_email = '{$wr_email}',\n wr_homepage = '{$wr_homepage}',\n wr_1 = '{$wr_1}',\n wr_2 = '{$wr_2}',\n wr_3 = '{$wr_3}',\n wr_4 = '{$wr_4}',\n wr_5 = '{$wr_5}',\n wr_6 = '{$wr_6}',\n wr_7 = '{$wr_7}',\n wr_8 = '{$wr_8}',\n wr_9 = '{$wr_9}',\n wr_10= '{$wr_10}'\n {$sql_ip}\n {$sql_password}\n where wr_id = '{$wr['wr_id']}' "; sql_query($sql); // 분류가 수정되는 경우 해당되는 코멘트의 분류명도 모두 수정함 // 코멘트의 분류를 수정하지 않으면 검색이 제대로 되지 않음 $sql = " update {$write_table} set ca_name = '{$ca_name}' where wr_parent = '{$wr['wr_id']}' "; sql_query($sql); /* if ($notice) {
exit; } // 개별 페이지 접근 불가 // 컴퓨터의 아이피와 쿠키에 저장된 아이피가 다르다면 테이블에 반영함 if (get_cookie('ck_visit_ip') != $_SERVER['REMOTE_ADDR']) { set_cookie('ck_visit_ip', $_SERVER['REMOTE_ADDR'], 86400); // 하루동안 저장 $tmp_row = sql_fetch(" select max(vi_id) as max_vi_id from {$g5['visit_table']} "); $vi_id = $tmp_row['max_vi_id'] + 1; // $_SERVER 배열변수 값의 변조를 이용한 SQL Injection 공격을 막는 코드입니다. 110810 $remote_addr = escape_trim($_SERVER['REMOTE_ADDR']); $referer = ""; if (isset($_SERVER['HTTP_REFERER'])) { $referer = escape_trim(clean_xss_tags($_SERVER['HTTP_REFERER'])); } $user_agent = escape_trim(clean_xss_tags($_SERVER['HTTP_USER_AGENT'])); $sql = " insert {$g5['visit_table']} ( vi_id, vi_ip, vi_date, vi_time, vi_referer, vi_agent ) values ( '{$vi_id}', '{$remote_addr}', '" . G5_TIME_YMD . "', '" . G5_TIME_HIS . "', '{$referer}', '{$user_agent}' ) "; $result = sql_query($sql, FALSE); // 정상으로 INSERT 되었다면 방문자 합계에 반영 if ($result) { $sql = " insert {$g5['visit_sum_table']} ( vs_count, vs_date) values ( 1, '" . G5_TIME_YMD . "' ) "; $result = sql_query($sql, FALSE); // DUPLICATE 오류가 발생한다면 이미 날짜별 행이 생성되었으므로 UPDATE 실행 if (!$result) { $sql = " update {$g5['visit_sum_table']} set vs_count = vs_count + 1 where vs_date = '" . G5_TIME_YMD . "' "; $result = sql_query($sql); } // INSERT, UPDATE 된건이 있다면 기본환경설정 테이블에 저장 // 방문객 접속시마다 따로 쿼리를 하지 않기 위함 (엄청난 쿼리를 줄임 ^^) // 오늘 $sql = " select vs_count as cnt from {$g5['visit_sum_table']} where vs_date = '" . G5_TIME_YMD . "' ";
<?php $sub_menu = "900300"; include_once "./_common.php"; auth_check($auth[$sub_menu], "w"); $g5['title'] = "문자전송중"; $wr_reply = preg_replace('#[^0-9\\-]#', '', trim($wr_reply)); $wr_message = clean_xss_tags(trim($wr_message)); if (!$wr_reply) { win_close_alert('회신 번호를 숫자, - 로 입력해주세요.'); } if (!$wr_message) { win_close_alert('메세지를 입력해주세요.'); } if (!trim($send_list)) { win_close_alert('문자 메세지를 받을 휴대폰번호를 입력해주세요.'); } $list = array(); $hps = array(); $send_list = explode('/', $send_list); $wr_overlap = 1; // 중복번호를 체크함 $overlap = 0; $duplicate_data = array(); $duplicate_data['hp'] = array(); $str_serialize = ""; while ($row = array_shift($send_list)) { $item = explode(',', $row); for ($i = 1, $max = count($item); $i < $max; $i++) { if (!trim($item[$i])) { continue;
<?php include_once './_common.php'; include_once G5_CAPTCHA_PATH . '/captcha.lib.php'; $g5['title'] = '메일인증 메일주소 변경'; include_once './_head.php'; $mb_id = substr(clean_xss_tags($_GET['mb_id']), 0, 20); $sql = " select mb_email, mb_datetime, mb_email_certify from {$g5['member_table']} where mb_id = '{$mb_id}' "; $mb = sql_fetch($sql); if (substr($mb['mb_email_certify'], 0, 1) != 0) { alert("이미 메일인증 하신 회원입니다.", G5_URL); } ?> <p class="rg_em_p">메일인증을 받지 못한 경우 회원정보의 메일주소를 변경 할 수 있습니다.</p> <form method="post" name="fregister_email" action="<?php echo G5_HTTPS_BBS_URL . '/register_email_update.php'; ?> " onsubmit="return fregister_email_submit(this);"> <input type="hidden" name="mb_id" value="<?php echo $mb_id; ?> "> <div class="tbl_frm01 tbl_frm rg_em"> <table> <caption>사이트 이용정보 입력</caption> <tr> <th scope="row"><label for="reg_mb_email">E-mail<strong class="sound_only">필수</strong></label></th> <td><input type="text" name="mb_email" id="reg_mb_email" required class="frm_input email required" size="30" maxlength="100" value="<?php
$begin_time = get_microtime(); if (!isset($g5['title'])) { $g5['title'] = $config['cf_title']; $g5_head_title = $g5['title']; } else { $g5_head_title = $g5['title']; // 상태바에 표시될 제목 $g5_head_title .= " | " . $config['cf_title']; } // 현재 접속자 // 게시판 제목에 ' 포함되면 오류 발생 $g5['lo_location'] = addslashes($g5['title']); if (!$g5['lo_location']) { $g5['lo_location'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI'])); } $g5['lo_url'] = addslashes(clean_xss_tags($_SERVER['REQUEST_URI'])); if (strstr($g5['lo_url'], '/' . G5_ADMIN_DIR . '/') || $is_admin == 'super') { $g5['lo_url'] = ''; } /* // 만료된 페이지로 사용하시는 경우 header("Cache-Control: no-cache"); // HTTP/1.1 header("Expires: 0"); // rfc2616 - Section 14.21 header("Pragma: no-cache"); // HTTP/1.0 */ ?> <!doctype html> <html lang="ko"> <head> <meta charset="utf-8"> <link rel="shortcut icon" type="image/x-icon" href="<?php
include_once "./_common.php"; $g5['title'] = "문자전송중"; if (!($token && get_session("ss_token") == $token)) { die("올바른 방법으로 사용해 주십시오."); } if (!$sms5['cf_member']) { die("문자전송이 허용되지 않았습니다. 사이트 관리자에게 문의하여 주십시오."); } if (!$is_member) { die("로그인 해주세요."); } if ($member['mb_level'] < $sms5['cf_level']) { alert("회원 {$sms5['cf_level']}레벨 이상만 문자전송이 가능합니다."); } $mh_reply = preg_replace('#[^0-9\\-]#', '', trim($mh_reply)); $mh_message = clean_xss_tags(trim($mh_message)); if (!$mh_reply) { alert('보내는 번호를 입력해주세요.'); } if (!$mh_message) { alert('메세지를 입력해주세요.'); } if ($is_admin != 'super') { $mh_reply = get_hp($mh_reply, 0); if (!$mh_reply) { alert("보내는 번호가 올바르지 않습니다."); } } else { $mh_reply = str_replace("-", "", $mh_reply); if (!check_string($mh_reply, G5_NUMERIC)) { alert("보내는 번호가 올바르지 않습니다.");
<?php include_once './_common.php'; if ($is_guest) { alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL . '/login.php'); } /* if ($url) $urlencode = urlencode($url); else $urlencode = urlencode($_SERVER[REQUEST_URI]); */ // Page ID $pid = 'confirm'; $at = apms_page_thema($pid); if (!defined('THEMA_PATH')) { include_once G5_LIB_PATH . '/apms.thema.lib.php'; } $g5['title'] = '회원 비밀번호 확인'; include_once './_head.php'; $skin_path = $member_skin_path; $skin_url = $member_skin_url; $url = clean_xss_tags($_GET['url']); // url 체크 check_url_host($url); include_once $skin_path . '/member_confirm.skin.php'; include_once './_tail.php';
<?php include_once './_common.php'; include_once G5_PATH . '/head.sub.php'; $url1 = clean_xss_tags($url1); $url2 = clean_xss_tags($url2); $url3 = clean_xss_tags($url3); // url 체크 check_url_host($url1); check_url_host($url2); check_url_host($url3); ?> <script> var conf = "<?php echo strip_tags($msg); ?> "; if (confirm(conf)) { document.location.replace("<?php echo $url1; ?> "); } else { document.location.replace("<?php echo $url2; ?> "); } </script>