0) { exit; } else { } if(strpos($wr_content,"nates2009")>0) { echo "ºñÁ¤»óÀûÀÎ Á¢±ÙÀÔ´Ï´Ù. ¾Ç¼º ÇÁ·Î±×·¥Àº »çÀ̹ö¼ö»ç´ë¿¡ ½Å°íÇÏ°Ú½À´Ï´Ù."; exit; } $g4[title] = $wr_subject . "±ÛÀÔ·Â"; include_once("./_common.php"); @include_once("$board_skin_path/write_update.head.skin.php"); include_once("$g4[path]/lib/trackback.lib.php"); $upload_max_filesize = ini_get('upload_max_filesize'); if (empty($_POST)) alert("ÆÄÀÏ ¶Ç´Â ±Û³»¿ëÀÇ Å©±â°¡ ¼­¹ö¿¡¼­ ¼³Á¤ÇÑ °ªÀ» ³Ñ¾î ¿À·ù°¡ ¹ß»ýÇÏ¿´½À´Ï´Ù.\\n\\npost_max_size=".ini_get('post_max_size')." , upload_max_filesize=$upload_max_filesize\\n\\n°Ô½ÃÆÇ°ü¸®ÀÚ ¶Ç´Â ¼­¹ö°ü¸®ÀÚ¿¡°Ô ¹®ÀÇ ¹Ù¶ø´Ï´Ù."); // ¸®ÆÛ·¯ üũ referer_check(); $w = $_POST["w"]; $notice_array = explode("\n", trim($board[bo_notice])); if ($w == "u" || $w == "r") { $wr = get_write($write_table, $wr_id); if (!$wr[wr_id]) alert("±ÛÀÌ Á¸ÀçÇÏÁö ¾Ê½À´Ï´Ù.\\n\\n±ÛÀÌ »èÁ¦µÇ¾ú°Å³ª À̵¿ÇÏ¿´À» ¼ö ÀÖ½À´Ï´Ù."); } // ¿ÜºÎ¿¡¼­ ±ÛÀ» µî·ÏÇÒ ¼ö ÀÖ´Â ¹ö±×°¡ Á¸ÀçÇϹǷΠºñ¹Ð±ÛÀº »ç¿ëÀÏ °æ¿ì¿¡¸¸ °¡´ÉÇØ¾ß ÇÔ if (!$is_admin && !$board[bo_use_secret] && $secret) alert("ºñ¹Ð±Û ¹Ì»ç¿ë °Ô½ÃÆÇ À̹ǷΠºñ¹Ð±Û·Î µî·ÏÇÒ ¼ö ¾ø½À´Ï´Ù."); if ($w == "" || $w == "u") { if ($member[mb_level] < $board[bo_write_level]) alert("±ÛÀ» ¾µ ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."); // ¿ÜºÎ¿¡¼­ ±ÛÀ» µî·ÏÇÒ ¼ö ÀÖ´Â ¹ö±×°¡ Á¸ÀçÇϹǷΠ°øÁö´Â °ü¸®ÀÚ¸¸ µî·ÏÀÌ °¡´ÉÇØ¾ß ÇÔ if (!$is_admin && $notice) alert("°ü¸®ÀÚ¸¸ °øÁöÇÒ ¼ö ÀÖ½À´Ï´Ù."); } else if ($w == "r") { if (in_array((int)$wr_id, $notice_array)) alert("°øÁö¿¡´Â ´äº¯ ÇÒ ¼ö ¾ø½À´Ï´Ù."); if ($member[mb_level] < $board[bo_reply_level]) alert("±ÛÀ» ´äº¯ÇÒ ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."); // °Ô½Ã±Û ¹è¿­ ÂüÁ¶ $reply_array = &$wr; // ÃÖ´ë ´äº¯Àº Å×ÀÌºí¿¡ Àâ¾Æ³õÀº wr_reply »çÀÌÁŭ¸¸ °¡´ÉÇÕ´Ï´Ù. if (strlen($reply_array[wr_reply]) == 10) alert("´õ ÀÌ»ó ´äº¯ÇÏ½Ç ¼ö ¾ø½À´Ï´Ù.\\n\\n´äº¯Àº 10´Ü°è ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù."); $reply_len = strlen($reply_array[wr_reply]) + 1; if ($board[bo_reply_order]) { $begin_reply_char = "A"; $end_reply_char = "Z"; $reply_number = +1; $sql = " select MAX(SUBSTRING(wr_reply, $reply_len, 1)) as reply from $write_table where wr_num = '$reply_array[wr_num]' and SUBSTRING(wr_reply, $reply_len, 1) <> '' "; } else { $begin_reply_char = "Z"; $end_reply_char = "A"; $reply_number = -1; $sql = " select MIN(SUBSTRING(wr_reply, $reply_len, 1)) as reply from $write_table where wr_num = '$reply_array[wr_num]' and SUBSTRING(wr_reply, $reply_len, 1) <> '' "; } if ($reply_array[wr_reply]) $sql .= " and wr_reply like '$reply_array[wr_reply]%' "; $row = sql_fetch($sql); if (!$row[reply]) $reply_char = $begin_reply_char; else if ($row[reply] == $end_reply_char) // A~ZÀº 26 ÀÔ´Ï´Ù. alert("´õ ÀÌ»ó ´äº¯ÇÏ½Ç ¼ö ¾ø½À´Ï´Ù.\\n\\n´äº¯Àº 26°³ ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù."); else $reply_char = chr(ord($row[reply]) + $reply_number); $reply = $reply_array[wr_reply] . $reply_char; } else alert("w °ªÀÌ Á¦´ë·Î ³Ñ¾î¿ÀÁö ¾Ê¾Ò½À´Ï´Ù."); if ($w == "" || $w == "r") { if ($_SESSION["ss_datetime"] >= ($g4[server_time] - $config[cf_delay_sec]) && !$is_admin) alert("³Ê¹« ºü¸¥ ½Ã°£³»¿¡ °Ô½Ã¹°À» ¿¬¼ÓÇؼ­ ¿Ã¸± ¼ö ¾ø½À´Ï´Ù."); set_session("ss_datetime", $g4[server_time]); // µ¿Àϳ»¿ë ¿¬¼Ó µî·Ï ºÒ°¡ $row = sql_fetch(" select MD5(CONCAT(wr_ip, wr_subject, wr_content)) as prev_md5 from $write_table order by wr_id desc limit 1 "); $curr_md5 = md5($_SERVER[REMOTE_ADDR].$wr_subject.$wr_content); if ($row[prev_md5] == $curr_md5 && !$is_admin) alert("µ¿ÀÏÇÑ ³»¿ëÀ» ¿¬¼ÓÇؼ­ µî·ÏÇÒ ¼ö ¾ø½À´Ï´Ù."); } // ÀÚµ¿µî·Ï¹æÁö °Ë»ç include_once ("./norobot_check.inc.php"); if (!isset($_POST[wr_subject])) alert("Á¦¸ñÀ» ÀÔ·ÂÇÏ¿© ÁֽʽÿÀ."); // µð·ºÅ丮°¡ ¾ø´Ù¸é »ý¼ºÇÕ´Ï´Ù. (Æ۹̼ǵµ º¯°æÇϱ¸¿ä.) @mkdir("$g4[path]/data/file/$bo_table", 0707); @chmod("$g4[path]/data/file/$bo_table", 0707); // "ÀÎÅÍ³Ý¿É¼Ç > º¸¾È > »ç¿ëÀÚÁ¤ÀǼöÁØ > ½ºÅ©¸³Æà > Action ½ºÅ©¸³Æà > »ç¿ë ¾È ÇÔ" ÀÏ °æ¿ìÀÇ ¿À·ù ó¸® // ÀÌ ¿É¼ÇÀ» »ç¿ë ¾È ÇÔÀ¸·Î ¼³Á¤ÇÒ °æ¿ì ¾î¶² ½ºÅ©¸³Æ®µµ ½ÇÇà µÇÁö ¾Ê½À´Ï´Ù. //if (!$_POST[wr_content]) die ("³»¿ëÀ» ÀÔ·ÂÇÏ¿© ÁֽʽÿÀ."); // °¡º¯ ÆÄÀÏ ¾÷·Îµå $file_upload_msg = ""; $upload = array(); for ($i=0; $i $board[bo_upload_size]) { $file_upload_msg .= "\'{$filename}\' ÆÄÀÏÀÇ ¿ë·®(".number_format($filesize)." ¹ÙÀÌÆ®)ÀÌ °Ô½ÃÆÇ¿¡ ¼³Á¤(".number_format($board[bo_upload_size])." ¹ÙÀÌÆ®)µÈ °ªº¸´Ù Å©¹Ç·Î ¾÷·Îµå ÇÏÁö ¾Ê½À´Ï´Ù.\\n"; continue; } // 4.00.11 - ±Û´äº¯¿¡¼­ ÆÄÀÏ ¾÷·Îµå½Ã ¿ø±ÛÀÇ ÆÄÀÏÀÌ »èÁ¦µÇ´Â ¿À·ù¸¦ ¼öÁ¤ if ($w == 'u') { // Á¸ÀçÇÏ´Â ÆÄÀÏÀÌ ÀÖ´Ù¸é »èÁ¦ÇÕ´Ï´Ù. $row = sql_fetch(" select bf_file from $g4[board_file_table] where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' "); @unlink("$g4[path]/data/file/$bo_table/$row[bf_file]"); } // ÇÁ·Î±×·¥ ¿ø·¡ ÆÄÀϸí $upload[$i][source] = $filename; $upload[$i][filesize] = $filesize; // ¾Æ·¡ÀÇ ¹®ÀÚ¿­ÀÌ µé¾î°£ ÆÄÀÏÀº -x ¸¦ ºÙ¿©¼­ À¥°æ·Î¸¦ ¾Ë´õ¶óµµ ½ÇÇàÀ» ÇÏÁö ¸øÇϵµ·Ï ÇÔ $filename = preg_replace("/\.(php|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); // Á¢¹Ì»ç¸¦ ºÙÀÎ ÆÄÀϸí //$upload[$i][file] = abs(ip2long($_SERVER[REMOTE_ADDR])).'_'.substr(md5(uniqid($g4[server_time])),0,8).'_'.urlencode($filename); // ´Þºû¿Âµµ´Ô ¼öÁ¤ : ÇѱÛÆÄÀÏÀº urlencode($filename) 󸮸¦ ÇÒ°æ¿ì '%'¸¦ ºÙ¿©ÁÖ°Ô µÇ´Âµ¥ '%'Ç¥½Ã´Â ¹Ìµð¾îÇ÷¹À̾ ÀνÄÀ» ¸øÇϱ⠶§¹®¿¡ Àç»ýÀÌ ¾ÈµË´Ï´Ù. ±×·¡¼­ º¯°æÇÑ ÆÄÀÏ¸í¿¡¼­ '%'ºÎºÐÀ» »©ÁÖ¸é ÇØ°áµË´Ï´Ù. $upload[$i][file] = abs(ip2long($_SERVER[REMOTE_ADDR])).'_'.substr(md5(uniqid($g4[server_time])),0,8).'_'.str_replace('%', '', urlencode($filename)); $dest_file = "$g4[path]/data/file/$bo_table/" . $upload[$i][file]; // ¾÷·Îµå°¡ ¾ÈµÈ´Ù¸é ¿¡·¯¸Þ¼¼Áö Ãâ·ÂÇÏ°í Á×¾î¹ö¸³´Ï´Ù. $error_code = move_uploaded_file($tmp_file, $dest_file) or die($_FILES[bf_file][error][$i]); // ¿Ã¶ó°£ ÆÄÀÏÀÇ Æ۹̼ÇÀ» º¯°æÇÕ´Ï´Ù. chmod($dest_file, 0606); $upload[$i][image] = @getimagesize($dest_file); } } if ($w == "" || $w == "r") { if ($member[mb_id]) { $mb_id = $member[mb_id]; $wr_name = $board[bo_use_name] ? $member[mb_name] : $member[mb_nick]; $wr_password = $member[mb_password]; $wr_email = $member[mb_email]; $wr_homepage = $member[mb_homepage]; } else { $mb_id = ""; // ºñȸ¿øÀÇ °æ¿ì À̸§ÀÌ ´©¶ôµÇ´Â °æ¿ì°¡ ÀÖÀ½ if (!trim($wr_name)) alert("À̸§Àº ÇÊÈ÷ ÀÔ·ÂÇÏ¼Å¾ß ÇÕ´Ï´Ù."); $wr_password = sql_password($wr_password); } if ($w == "r") { // ´äº¯ÀÇ ¿ø±ÛÀÌ ºñ¹Ð±ÛÀ̶ó¸é Æнº¿öµå´Â ¿ø±Û°ú µ¿ÀÏÇÏ°Ô ³Ö´Â´Ù. if ($secret) $wr_password = $wr[wr_password]; $wr_id = $wr_id . $reply; $wr_num = $write[wr_num]; $wr_reply = $reply; } else { $wr_num = get_next_num($write_table); $wr_reply = ""; } $sql = " insert into $write_table set wr_num = '$wr_num', wr_reply = '$wr_reply', wr_comment = 0, ca_name = '$ca_name', wr_option = '$html,$secret,$mail', wr_subject = '$wr_subject', wr_content = '$wr_content', wr_link1 = '$wr_link1', wr_link2 = '$wr_link2', wr_link1_hit = 0, wr_link2_hit = 0, wr_trackback = '$wr_trackback', wr_hit = 0, wr_good = 0, wr_nogood = 0, mb_id = '$member[mb_id]', wr_password = '$wr_password', wr_name = '$wr_name', wr_email = '$wr_email', wr_homepage = '$wr_homepage', wr_datetime = '$g4[time_ymdhis]', wr_last = '$g4[time_ymdhis]', wr_ip = '$_SERVER[REMOTE_ADDR]', wr_1 = '$wr_1', wr_2 = '$wr_2', wr_3 = '$wr_3', wr_4 = '$wr_4', wr_5 = '$wr_5', wr_6 = '$wr_6', wr_7 = '$wr_7', wr_8 = '$wr_8', wr_9 = '$wr_9', wr_10 = '$wr_10' "; sql_query($sql); $wr_id = mysql_insert_id(); // ºÎ¸ð ¾ÆÀ̵𿡠UPDATE sql_query(" update $write_table set wr_parent = '$wr_id' where wr_id = '$wr_id' "); // »õ±Û INSERT //sql_query(" insert into $g4[board_new_table] ( bo_table, wr_id, wr_parent, bn_datetime ) values ( '$bo_table', '$wr_id', '$wr_id', '$g4[time_ymdhis]' ) "); sql_query(" insert into $g4[board_new_table] ( bo_table, wr_id, wr_parent, bn_datetime, mb_id ) values ( '$bo_table', '$wr_id', '$wr_id', '$g4[time_ymdhis]', '$member[mb_id]' ) "); // °Ô½Ã±Û 1 Áõ°¡ sql_query("update $g4[board_table] set bo_count_write = bo_count_write + 1 where bo_table = '$bo_table'"); // ¾²±â Æ÷ÀÎÆ® ºÎ¿© if ($w == '') { if ($notice) { $bo_notice = $wr_id . "\n" . $board[bo_notice]; sql_query(" update $g4[board_table] set bo_notice = '$bo_notice' where bo_table = '$bo_table' "); } insert_point($member[mb_id], $board[bo_write_point], "$board[bo_subject] $wr_id ±Û¾²±â", $bo_table, $wr_id, '¾²±â'); } else { // ´äº¯Àº ÄÚ¸àÆ® Æ÷ÀÎÆ®¸¦ ºÎ¿©ÇÔ // ´äº¯ Æ÷ÀÎÆ®°¡ ¸¹Àº °æ¿ì ÄÚ¸àÆ® ´ë½Å ´äº¯À» ÇÏ´Â °æ¿ì°¡ ¸¹À½ insert_point($member[mb_id], $board[bo_comment_point], "$board[bo_subject] $wr_id ±Û´äº¯", $bo_table, $wr_id, '¾²±â'); } } else if ($w == "u") { if ($member[mb_id]) { // ÀÚ½ÅÀÇ ±ÛÀ̶ó¸é if ($member[mb_id] == $wr[mb_id]) { $mb_id = $member[mb_id]; $wr_name = $board[bo_use_name] ? $member[mb_name] : $member[mb_nick]; $wr_email = $member[mb_email]; $wr_homepage = $member[mb_homepage]; } else { $mb_id = $wr[mb_id]; $wr_name = $wr[wr_name]; $wr_email = $wr[wr_email]; $wr_homepage = $wr[wr_homepage]; } } else { $mb_id = ""; // ºñȸ¿øÀÇ °æ¿ì À̸§ÀÌ ´©¶ôµÇ´Â °æ¿ì°¡ ÀÖÀ½ //if (!trim($wr_name)) alert("À̸§Àº ÇÊÈ÷ ÀÔ·ÂÇÏ¼Å¾ß ÇÕ´Ï´Ù."); } $sql_password = $wr_password ? " , wr_password = '".sql_password($wr_password)."' " : ""; $sql_ip = ""; if (!$is_admin) $sql_ip = " , wr_ip = '$_SERVER[REMOTE_ADDR]' "; $sql = " update $write_table set ca_name = '$ca_name', wr_option = '$html,$secret,$mail', wr_subject = '$wr_subject', wr_content = '$wr_content', wr_link1 = '$wr_link1', wr_link2 = '$wr_link2', mb_id = '$mb_id', wr_name = '$wr_name', wr_email = '$wr_email', wr_homepage = '$wr_homepage', wr_1 = '$wr_1', wr_2 = '$wr_2', wr_3 = '$wr_3', wr_4 = '$wr_4', wr_5 = '$wr_5', wr_6 = '$wr_6', wr_7 = '$wr_7', wr_8 = '$wr_8', wr_9 = '$wr_9', wr_10= '$wr_10' $sql_ip $sql_password where wr_id = '$wr[wr_id]' "; sql_query($sql); // ºÐ·ù°¡ ¼öÁ¤µÇ´Â °æ¿ì ÇØ´çµÇ´Â ÄÚ¸àÆ®ÀÇ ºÐ·ù¸íµµ ¸ðµÎ ¼öÁ¤ÇÔ // ÄÚ¸àÆ®ÀÇ ºÐ·ù¸¦ ¼öÁ¤ÇÏÁö ¾ÊÀ¸¸é °Ë»öÀÌ Á¦´ë·Î µÇÁö ¾ÊÀ½ $sql = " update $write_table set ca_name = '$ca_name' where wr_parent = '$wr[wr_id]' "; sql_query($sql); if ($notice) { //if (!preg_match("/[^0-9]{0,1}{$wr_id}[\r]{0,1}/",$board[bo_notice])) if (!in_array((int)$wr_id, $notice_array)) { $bo_notice = $wr_id . '\n' . $board[bo_notice]; sql_query(" update $g4[board_table] set bo_notice = '$bo_notice' where bo_table = '$bo_table' "); } } else { $bo_notice = ''; for ($i=0; $i=0; $i--) { $row2 = sql_fetch(" select bf_file from $g4[board_file_table] where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' "); // Á¤º¸°¡ ÀÖ´Ù¸é ºüÁý´Ï´Ù. if ($row2[bf_file]) break; // ±×·¸Áö ¾Ê´Ù¸é Á¤º¸¸¦ »èÁ¦ÇÕ´Ï´Ù. sql_query(" delete from $g4[board_file_table] where bo_table = '$bo_table' and wr_id = '$wr_id' and bf_no = '$i' "); } //------------------------------------------------------------------------------ // ºñ¹Ð±ÛÀ̶ó¸é ¼¼¼Ç¿¡ ºñ¹Ð±ÛÀÇ ¾ÆÀ̵𸦠ÀúÀåÇÑ´Ù. ÀÚ½ÅÀÇ ±ÛÀº ´Ù½Ã Æнº¿öµå¸¦ ¹¯Áö ¾Ê±â À§ÇÔ if ($secret) set_session("ss_secret_{$bo_table}_{$wr_num}", TRUE); // ¸ÞÀÏ¹ß¼Û »ç¿ë (¼öÁ¤±ÛÀº ¹ß¼ÛÇÏÁö ¾ÊÀ½) if (!($w == "u" || $w == "cu") && $config[cf_email_use] && $board[bo_use_email]) { // °ü¸®ÀÚÀÇ Á¤º¸¸¦ ¾ò°í $super_admin = get_admin("super"); $group_admin = get_admin("group"); $board_admin = get_admin("board"); $wr_subject = get_text(stripslashes($wr_subject)); $tmp_html = 0; if (strstr($html, "html1")) $tmp_html = 1; else if (strstr($html, "html2")) $tmp_html = 2; $wr_content = conv_content(stripslashes($wr_content), $tmp_html); $warr = array( ""=>"ÀÔ·Â", "u"=>"¼öÁ¤", "r"=>"´äº¯", "c"=>"ÄÚ¸àÆ®", "cu"=>"ÄÚ¸àÆ® ¼öÁ¤" ); $str = $warr[$w]; $subject = "'{$board[bo_subject]}' °Ô½ÃÆÇ¿¡ {$str}±ÛÀÌ ¿Ã¶ó¿Ô½À´Ï´Ù."; $link_url = "$g4[url]/$g4[bbs]/board.php?bo_table=$bo_table&wr_id=$wr_id&$qstr"; include_once("$g4[path]/lib/mailer.lib.php"); ob_start(); include_once ("./write_update_mail.php"); $content = ob_get_contents(); ob_end_clean(); // °Ô½ÃÆÇ°ü¸®ÀÚ¿¡°Ô º¸³»´Â ¸ÞÀÏ if ($config[cf_email_wr_board_admin]) mailer($wr_name, $wr_email, $board_admin[mb_email], $subject, $content, 1); // ±×·ì°ü¸®ÀÚ¿¡°Ô º¸³»´Â ¸ÞÀÏ if ($group_admin[mb_email] != $board_admin[mb_email]) { if ($config[cf_email_wr_group_admin]) mailer($wr_name, $wr_email, $group_admin[mb_email], $subject, $content, 1); } // ÃÖ°í°ü¸®ÀÚ¿¡°Ô º¸³»´Â ¸ÞÀÏ if ($super_admin[mb_email] != $board_admin[mb_email]) { if ($config[cf_email_wr_super_admin]) mailer($wr_name, $wr_email, $super_admin[mb_email], $subject, $content, 1); } // ´äº¯ ¸ÞÀϹޱâ (¿ø°Ô½ÃÀÚ¿¡°Ô º¸³»´Â ¸ÞÀÏ) if (strstr($wr[wr_option], "mail") && $wr[wr_email] && $wr[wr_email] != $admin[mb_email]) { if ($config[cf_email_wr_write]) mailer($wr_name, $wr_email, $wr[wr_email], $subject, $content, 1); // ÄÚ¸àÆ® ¾´ ¸ðµçÀÌ¿¡°Ô ¸ÞÀÏ ¹ß¼Û if ($config[cf_email_wr_comment_all]) { $sql = " select distinct wr_email from $write_table where wr_email not in ( '$wr[wr_email]', '' ) and wr_parent = '$wr_id' "; $result = sql_query($sql); while ($row=sql_fetch_array($result)) mailer($wr_name, $wr_email, $row[wr_email], $subject, $content, 1); } } } // »ç¿ëÀÚ ÄÚµå ½ÇÇà @include_once ("$board_skin_path/write_update.skin.php"); // Æ®·¢¹é ÁÖ¼Ò°¡ ÀÖ´Ù¸é if (($w != "u" && $wr_trackback) || ($w=="u" && $wr_trackback && $re_trackback)) { $trackback_url = "$g4[url]/$g4[bbs]/tb.php/$bo_table/$wr_id"; $msg = ""; $msg = send_trackback($wr_trackback, $trackback_url, $wr_subject, $board[bo_subject], $_POST[wr_content]); if ($msg) echo ""; } @include_once("$board_skin_path/write_update.tail.skin.php"); if ($file_upload_msg) alert($file_upload_msg, "./board.php?bo_table=$bo_table&wr_id=$wr_id&page=$page" . $qstr); else goto_url("./board.php?bo_table=$bo_table&wr_id=$wr_id&page=$page" . $qstr); ?>