|
Server : Apache System : Linux ruga7-004.fmcity.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : tkt_travelbus ( 1137) PHP Version : 7.0.0p1 Disable Function : mysql_pconnect Directory : /tkt_travelbus/www/process/ |
Upload File : |
<?php
include $_SERVER['DOCUMENT_ROOT'].'/include/base.php';
include $_SERVER['DOCUMENT_ROOT'].'/process/process_common.php';
$member_id = $_SESSION['web_member']['mb_id'];
p($_SESSION['web_member']);
p($_POST);
p($_SERVER['HTTP_REFERER']);
exit;
if(!$member_id){
echo 'error';
echo "<script>alert('로그인해주세요.');location.href='/page/login.html';</script>";
exit;
}
/*p($_SERVER['HTTP_REFERER']);
p($_GET);
exit;*/
$tb_name = "g4_write_zip_after";
$member_info = $member_id = $_SESSION['web_member'];
if(strpos($_SERVER['HTTP_REFERER'], "/page/inquiry-write.html") !== false){
$title = trim($_POST['title']);
$title = $db_connect->escape_string($title);
$contents = trim($_POST['contents']);
$contents = $db_connect->escape_string($contents);
$ip_address = $_SERVER['REMOTE_ADDR'];
if($_POST['mode'] == 'input'){
// echo '<pre>';
// var_dump($_POST);
// echo '</pre>';
$reg_time = date("Y-m-d H:i:s", time());
$sql = "INSERT INTO {$tb_name} SET wr_subject ='{$title}'";
$sql .= ", wr_content = '{$contents}'";
$sql .= ", wr_name = '{$member_info['mb_name']}'";
$sql .= ", mb_id = '{$member_info['mb_id']}'";
$sql .= ", wr_datetime = '{$reg_time}'";
$sql .= ", wr_last = '{$reg_time}'";
$sql .= ", wr_ip = '{$ip_address}'";
if($db_connect->query($sql)){
echo "<script>location.href='../page/inquiry-list.html';</script>";
}else{
echo "<script>alert('리뷰 등록 중 에러가 발생했습니다.');location.href='../page/inquiry-list.html';</script>";
}
exit;
}else if($_POST['mode'] == 'update'){
$last_time = date("Y-m-d H:i:s", time());
$wr_id = (int) $_POST['wr_id'];
if($wr_id > 0){
//자신의 글인지 확인한다.
$review_data = get_review_contents($wr_id);
if($review_data['mb_id'] == $_SESSION['web_member']['mb_id']){
$sql = "UPDATE {$tb_name} SET wr_subject ='{$title}'";
$sql .= ", wr_content = '{$contents}'";
$sql .= ", wr_name = '{$member_info['mb_name']}'";
$sql .= ", mb_id = '{$member_info['mb_id']}'";
$sql .= ", wr_last = '{$last_time}'";
$sql .= ", wr_ip = '{$ip_address}'";
$sql .= " WHERE wr_id ={$wr_id}";
if($db_connect->query($sql)){
echo "<script>location.href='/page/review-read.html?wr_id={$wr_id}';</script>";
}else{
echo "<script>alert('리뷰 수정 중 에러가 발생했습니다.');location.href='../page/inquiry-list.html';</script>";
}
exit;
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
}else if(strpos($_SERVER['HTTP_REFERER'], "/page/review-read.html") !== false){
if($_GET['mode'] == 'del'){
$wr_id = (int) $_GET['wr_id'];
if($wr_id > 0) {
//자신의 글인지 확인한다.
$review_data = get_review_contents($wr_id);
if ($review_data['mb_id'] == $_SESSION['web_member']['mb_id']) {
$tb_name = "g4_write_zip_after";
$sql = "DELETE FROM {$tb_name} WHERE wr_id = {$wr_id} ";
if($db_connect->query($sql)){
echo "<script>location.href='/page/review-read.html?wr_id={$wr_id}';</script>";
}else{
echo "<script>alert('리뷰 삭제 중 에러가 발생했습니다.');location.href='../page/inquiry-list.html';</script>";
}
exit;
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
} else if($_POST['mode'] == 'insert_comment'){
//url의 wr_id와 post의 wr_id일치여부 테스트
$referer_url = explode('wr_id=', $_SERVER['HTTP_REFERER']);
$referer_wr_id = (int) $referer_url[1];
$parent_wr_id = (int) $_POST['parent_id'];
// p($referer_wr_id);
// p($parent_wr_id);
if($referer_wr_id > 0 && $parent_wr_id > 0 && ($referer_wr_id = $parent_wr_id)){
$title = $parent_wr_id.'의 댓글';
$contents = $db_connect->escape_string($_POST['comment']);
$reg_time = date("Y-m-d H:i:s", time());
$ip_address = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO {$tb_name} SET wr_subject ='{$title}'";
$sql .= ", wr_parent = {$parent_wr_id}";
$sql .= ", wr_content = '{$contents}'";
$sql .= ", wr_name = '{$member_info['mb_name']}'";
$sql .= ", mb_id = '{$member_info['mb_id']}'";
$sql .= ", wr_datetime = '{$reg_time}'";
$sql .= ", wr_is_comment = 1";
$sql .= ", wr_comment = 1";
$sql .= ", wr_last = '{$reg_time}'";
$sql .= ", wr_ip = '{$ip_address}'";
if($db_connect->query($sql)){
echo "<script>location.href='/page/review-read.html?wr_id={$parent_wr_id}';</script>";
}else{
echo "<script>alert('댓글 입력 중 에러가 발생했습니다.');location.href='/page/review-read.html?wr_id={$parent_wr_id}'';</script>";
}
exit;
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
// p($_SERVER['HTTP_REFERER']);
// p($_SESSION);
// p($_POST);
// exit;
}
else if($_GET['mode'] == 'comment_del'){
$wr_id = (int) $_GET['contents_id'];
$parent_wr_id = (int) $_GET['parent_contents_id'];
if($wr_id > 0 && $parent_wr_id){
// p($wr_id);
$comments_data = get_review_comment_contents($wr_id,true);
$comments_data = $comments_data[0];
// p($member_info['mb_id']);
// p($comments_data['mb_id']);
// p($comments_data);
//자신의 글인지 확인
if($comments_data['mb_id'] = $member_info['mb_id']){
$sql = "DELETE FROM {$tb_name} WHERE wr_id = {$wr_id} AND wr_parent = {$parent_wr_id}";
if($db_connect->query($sql)){
echo "<script>location.href='/page/review-read.html?wr_id={$parent_wr_id}';</script>";
}else{
echo "<script>alert('댓글 삭제 중 에러가 발생했습니다.');location.href='/page/review-read.html?wr_id={$parent_wr_id}'';</script>";
}
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
exit;
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
}
else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
exit;
}else{
echo "<script>alert('잘못된 접근입니다.');</script>";
exit;
}
?>