first

2023-04-17 11:06:08 +09:00
parent d0b393aa97
commit 76264e09ad
4686 changed files with 552713 additions and 0 deletions
--- a/modules/bbs/action/a.write.php
+++ b/modules/bbs/action/a.write.php
@@ -0,0 +1,325 @@
+<?php
+if(!defined('__KIMS__')) exit;
+require_once $g['path_core'].'function/sys.class.php';
+
+if (!$_SESSION['wcode']||$_SESSION['wcode']!=$pcode) exit;
+
+if (!$bid) getLink('','','게시판 아이디가 지정되지 않았습니다.','');
+$B = getDbData($table[$m.'list'],"id='".$bid."'",'*');
+if (!$B['uid']) getLink('','','존재하지 않는 게시판입니다.','');
+if (!$subject) getLink('reload','parent.','제목이 입력되지 않았습니다.','');
+
+$g['bbsVarForSite'] = $g['path_var'].'site/'.$r.'/bbs.var.php';
+include_once file_exists($g['bbsVarForSite']) ? $g['bbsVarForSite'] : $g['dir_module'].'var/var.php';
+include_once $g['path_var'].'bbs/var.'.$B['id'].'.php';
+
+if ($g['mobile']&&$_SESSION['pcmode']!='Y') {
+  $theme = $d['bbs']['m_skin']?$d['bbs']['m_skin']:$d['bbs']['skin_mobile'];
+} else {
+  $theme = $d['bbs']['skin']?$d['bbs']['skin']:$d['bbs']['skin_main'];
+}
+
+include_once $g['dir_module'].'themes/'.$theme.'/_var.php';
+
+$bbsuid		= $B['uid'];
+$bbsid		= $B['id'];
+$mbruid		= $my['uid'];
+$id			= $my['id'];
+$name		= $my['uid'] ? $my['name'] : trim($name);
+$nic		= $my['uid'] ? $my['nic'] : $name;
+$category	= trim($category);
+$subject	= str_replace('"','“',$subject);
+$subject	= $my['admin'] ? trim($subject) : htmlspecialchars(trim($subject));
+$content	= trim($content);
+$html		= $html ? $html : 'HTML';
+$tag		= trim($tag);
+$d_regis	= $date['totime'];
+$d_comment	= '';
+$ip			= $_SERVER['REMOTE_ADDR'];
+$agent		= $_SERVER['HTTP_USER_AGENT'];
+$upload		= $upfiles;
+$adddata	= trim($adddata);
+$hidden		= $hidden ? intval($hidden) : 0;
+$notice		= $notice ? intval($notice) : 0;
+$display	= $d['bbs']['display'] || $hidepost || $hidden ? 0 : 1;
+$parentmbr	= 0;
+$point1		= trim($d['bbs']['point1']);
+$point2		= trim($d['bbs']['point2']);
+$point3		= $point3 ? filterstr(trim($point3)) : 0;
+$point4		= $point4 ? filterstr(trim($point4)) : 0;
+
+if ($d['bbs']['badword_action']) {
+	$badwordarr = explode(',' , $d['bbs']['badword']);
+	$badwordlen = count($badwordarr);
+	for($i = 0; $i < $badwordlen; $i++)
+	{
+		if(!$badwordarr[$i]) continue;
+
+		if(strstr($subject,$badwordarr[$i]) || strstr($content,$badwordarr[$i]))
+		{
+			if ($d['bbs']['badword_action'] == 1)
+			{
+				getLink('','','등록이 제한된 단어를 사용하셨습니다.','');
+			}
+			else {
+				$badescape = strCopy($badwordarr[$i],$d['bbs']['badword_escape']);
+				$content = str_replace($badwordarr[$i],$badescape,$content);
+				$subject = str_replace($badwordarr[$i],$badescape,$subject);
+			}
+		}
+	}
+}
+
+if (!$uid || $reply == 'Y') {
+	if(!getDbRows($table[$m.'day'],"date='".$date['today']."' and site=".$s.' and bbs='.$bbsuid))
+	getDbInsert($table[$m.'day'],'date,site,bbs,num',"'".$date['today']."','".$s."','".$bbsuid."','0'");
+	if(!getDbRows($table[$m.'month'],"date='".$date['month']."' and site=".$s.' and bbs='.$bbsuid))
+	getDbInsert($table[$m.'month'],'date,site,bbs,num',"'".$date['month']."','".$s."','".$bbsuid."','0'");
+}
+
+if ($uid) {
+	$R = getUidData($table[$m.'data'],$uid);
+	if (!$R['uid']) getLink('','','존재하지 않는 게시물입니다.','');
+
+	if ($reply == 'Y') {
+		if (!$my['admin'] && !strstr(','.($d['bbs']['admin']?$d['bbs']['admin']:'.').',',','.$my['id'].',')) {
+			if ($d['bbs']['perm_l_write'] > $my['level'] || strstr($d['bbs']['perm_g_write'],'['.$my['mygroup'].']')) {
+				getLink('','','정상적인 접근이 아닙니다.','');
+			}
+		}
+
+		$RNUM = getDbRows($table[$m.'idx'],'gid >= '.$R['gid'].' and gid < '.(intval($R['gid'])+1));
+		if ($RNUM > 98) getLink('','','죄송합니다. 더이상 답글을 달 수 없습니다.','');
+
+		getDbUpdate($table[$m.'idx'],'gid=gid+0.01','gid > '.$R['gid'].' and gid < '.(intval($R['gid'])+1));
+		getDbUpdate($table[$m.'data'],'gid=gid+0.01','gid > '.$R['gid'].' and gid < '.(intval($R['gid'])+1));
+
+		if ($R['hidden'] && $hidden) {
+			if ($R['mbruid']) {
+				$pw = $R['mbruid'];
+			} else {
+				$pw = $my['uid'] ? $R['pw'] : ($pw == $R['pw'] ? $R['pw'] : md5($pw));
+			}
+		} else {
+			$pw = $pw ? md5($pw) : '';
+		}
+
+		$gid	= $R['gid']+0.01;
+		$depth	= $R['depth']+1;
+		$parentmbr = $R['mbruid'];
+
+		$QKEY = "site,gid,bbs,bbsid,depth,parentmbr,display,hidden,notice,name,nic,mbruid,id,pw,category,subject,content,html,tag,";
+		$QKEY.= "hit,down,comment,oneline,likes,dislikes,report,point1,point2,point3,point4,d_regis,d_modify,d_comment,upload,ip,agent,sns,featured_img,location,pin,adddata";
+		$QVAL = "'$s','$gid','$bbsuid','$bbsid','$depth','$parentmbr','$display','$hidden','$notice','$name','$nic','$mbruid','$id','$pw','$category','$subject','$content','$html','$tag',";
+		$QVAL.= "'0','0','0','0','0','0','0','$point1','$point2','$point3','$point4','$d_regis','','','$upload','$ip','$agent','','$featured_img','$location','$pin','$adddata'";
+		getDbInsert($table[$m.'data'],$QKEY,$QVAL);
+		getDbInsert($table[$m.'idx'],'site,notice,bbs,gid',"'$s','$notice','$bbsuid','$gid'");
+		getDbUpdate($table[$m.'list'],"num_r=num_r+1,d_last='".$d_regis."'",'uid='.$bbsuid);
+		getDbUpdate($table[$m.'month'],'num=num+1',"date='".$date['month']."' and site=".$s.' and bbs='.$bbsuid);
+		getDbUpdate($table[$m.'day'],'num=num+1',"date='".$date['today']."' and site=".$s.' and bbs='.$bbsuid);
+		$LASTUID = getDbCnt($table[$m.'data'],'max(uid)','');
+		if ($cuid) getDbUpdate($table['s_menu'],"num='".getDbCnt($table[$m.'month'],'sum(num)','site='.$s.' and bbs='.$bbsuid)."',d_last='".$d_regis."'",'uid='.$cuid);
+
+		if ($point1&&$my['uid']) {
+			getDbInsert($table['s_point'],'my_mbruid,by_mbruid,price,content,d_regis',"'".$my['uid']."','0','".$point1."','게시물(".getStrCut($subject,15,'').")포인트','".$date['totime']."'");
+			getDbUpdate($table['s_mbrdata'],'point=point+'.$point1,'memberuid='.$my['uid']);
+		}
+
+	} else {
+
+		if ($my['uid'] != $R['mbruid'] && !$my['admin'] && !strstr(','.($d['bbs']['admin']?$d['bbs']['admin']:'.').',',','.$my['id'].',')) {
+		    if (!strstr($_SESSION['module_'.$m.'_pwcheck'],$R['uid'])) getLink('','','정상적인 접근이 아닙니다.','');
+		}
+
+		$pw = !$R['pw'] && !$R['hidden'] && $hidden && $R['mbruid'] ? $R['mbruid'] : $R['pw'];
+
+		$QVAL = "display='$display',hidden='$hidden',notice='$notice',pw='$pw',category='$category',subject='$subject',content='$content',html='$html',tag='$tag',point3='$point3',point4='$point4',d_modify='$d_regis',upload='$upload',featured_img='$featured_img',location='$location',pin='$pin',adddata='$adddata'";
+		getDbUpdate($table[$m.'data'],$QVAL,'uid='.$R['uid']);
+		getDbUpdate($table[$m.'idx'],'notice='.$notice,'gid='.$R['gid']);
+		if ($cuid) getDbUpdate($table['s_menu'],"num='".getDbCnt($table[$m.'month'],'sum(num)','site='.$R['site'].' and bbs='.$R['bbs'])."'",'uid='.$cuid);
+	}
+
+} else {
+
+	if (!$my['admin'] && !strstr(','.($d['bbs']['admin']?$d['bbs']['admin']:'.').',',','.$my['id'].',')) {
+		if ($d['bbs']['perm_l_write'] > $my['level'] || strstr($d['bbs']['perm_g_write'],'['.$my['mygroup'].']')) {
+			getLink('','','정상적인 접근이 아닙니다.','');
+		}
+	}
+
+	$pw = $hidden && $my['uid'] ? $my['uid'] : ($pw ? md5($pw) : '');
+	$mingid = getDbCnt($table[$m.'data'],'min(gid)','');
+	$gid = $mingid ? $mingid-1 : 100000000.00;
+
+	$QKEY = "site,gid,bbs,bbsid,depth,parentmbr,display,hidden,notice,name,nic,mbruid,id,pw,category,subject,content,html,tag,";
+	$QKEY.= "hit,down,comment,oneline,likes,dislikes,report,point1,point2,point3,point4,d_regis,d_modify,d_comment,upload,ip,agent,sns,featured_img,location,pin,adddata";
+	$QVAL = "'$s','$gid','$bbsuid','$bbsid','$depth','$parentmbr','$display','$hidden','$notice','$name','$nic','$mbruid','$id','$pw','$category','$subject','$content','$html','$tag',";
+	$QVAL.= "'0','0','0','0','0','0','0','$point1','$point2','$point3','$point4','$d_regis','','','$upload','$ip','$agent','','$featured_img','$location','$pin','$adddata'";
+	getDbInsert($table[$m.'data'],$QKEY,$QVAL);
+	getDbInsert($table[$m.'idx'],'site,notice,bbs,gid',"'$s','$notice','$bbsuid','$gid'");
+	getDbUpdate($table[$m.'list'],"num_r=num_r+1,d_last='".$d_regis."'",'uid='.$bbsuid);
+	getDbUpdate($table[$m.'month'],'num=num+1',"date='".$date['month']."' and site=".$s.' and bbs='.$bbsuid);
+	getDbUpdate($table[$m.'day'],'num=num+1',"date='".$date['today']."' and site=".$s.' and bbs='.$bbsuid);
+	$LASTUID = getDbCnt($table[$m.'data'],'max(uid)','');
+	if ($cuid) getDbUpdate($table['s_menu'],"num='".getDbCnt($table[$m.'month'],'sum(num)','site='.$s.' and bbs='.$bbsuid)."',d_last='".$d_regis."'",'uid='.$cuid);
+
+  if ($point1&&$my['uid']) {
+		getDbInsert($table['s_point'],'my_mbruid,by_mbruid,price,content,d_regis',"'".$my['uid']."','0','".$point1."','게시물(".getStrCut($subject,15,'').")포인트','".$date['totime']."'");
+		getDbUpdate($table['s_mbrdata'],'point=point+'.$point1,'memberuid='.$my['uid']);
+	}
+
+	if ($gid == 100000000.00) {
+		db_query("OPTIMIZE TABLE ".$table[$m.'idx'],$DB_CONNECT);
+		db_query("OPTIMIZE TABLE ".$table[$m.'data'],$DB_CONNECT);
+		db_query("OPTIMIZE TABLE ".$table[$m.'month'],$DB_CONNECT);
+		db_query("OPTIMIZE TABLE ".$table[$m.'day'],$DB_CONNECT);
+	}
+
+}
+
+$NOWUID = $LASTUID ? $LASTUID : $R['uid'];
+
+if ($tag || $R['tag']) {
+	$_tagarr1 = array();
+	$_tagarr2 = explode(',',$tag);
+  $_tagdate = $date['today'];
+
+	if ($R['uid'] && $reply != 'Y') {
+    $_tagdate = substr($R['d_regis'],0,8);
+		$_tagarr1 = explode(',',$R['tag']);
+		foreach($_tagarr1 as $_t) {
+			if(!$_t || in_array($_t,$_tagarr2)) continue;
+      $_TAG = getDbData($table['s_tag'],"site=".$R['site']." and date='".$_tagdate."' and keyword='".$_t."'",'*');
+			if($_TAG['uid']) {
+				if($_TAG['hit']>1) getDbUpdate($table['s_tag'],'hit=hit-1','uid='.$_TAG['uid']);
+				else getDbDelete($table['s_tag'],'uid='.$_TAG['uid']);
+			}
+		}
+	}
+
+	foreach($_tagarr2 as $_t) {
+		if(!$_t || in_array($_t,$_tagarr1)) continue;
+		$_TAG = getDbData($table['s_tag'],'site='.$s." and date='".$_tagdate."' and keyword='".$_t."'",'*');
+		if($_TAG['uid']) getDbUpdate($table['s_tag'],'hit=hit+1','uid='.$_TAG['uid']);
+		else getDbInsert($table['s_tag'],'site,date,keyword,hit',"'".$s."','".$_tagdate."','".$_t."','1'");
+	}
+}
+
+$_SESSION['bbsback'] = $backtype;
+
+if ($reply == 'Y') $msg = '답변';
+else if ($uid) $msg = '수정';
+else $msg = '등록';
+
+//알림 전송 (게시물 등록: 신규 게시물 등록시, 게시판 관리자에게 알림발송)
+if ($d['bbs']['noti_newpost'] && !$my['admin']){
+
+  $cfile = $g['path_var'].$m.'/noti/_new.post.php';
+  $gfile = $g['dir_module'].'var/noti/_new.post.php';
+  if (is_file($cfile)) {
+    include $cfile;
+  } else {
+    include $gfile;
+  }
+
+	$sendAdmins_array = explode(',',trim($d['bbs']['admin']));
+	if (is_array($sendAdmins_array)) {
+		foreach($sendAdmins_array as $val) {
+			$_M = getDbData($table['s_mbrid'],'id="'.$val.'"','uid');
+			$__M = getDbData($table['s_mbrdata'],'memberuid='.$_M['uid'],'memberuid,email,name,nic');
+			if (!$_M['uid']) continue;
+			$noti_title = $d['bbs']['noti_title'];
+			$noti_title = str_replace('{BBS}',$B['name'],$noti_title);
+			$noti_body = $d['bbs']['noti_body'];
+			$noti_body = str_replace('{MEMBER}',$my[$_HS['nametype']],$noti_body);
+			$noti_body = str_replace('{SUBJECT}',$subject,$noti_body);
+			$noti_referer = $g['url_host'].RW('m='.$m.'&bid='.$bbsid);
+			$noti_button = $d['bbs']['noti_button'];
+			$noti_tag = '';
+			$noti_skipEmail = 0;
+			$noti_skipPush = 0;
+			putNotice($_M['uid'],$m,$my['uid'],$noti_title,$noti_body,$noti_referer,$noti_button,$noti_tag,$noti_skipEmail,$noti_skipPush);
+		}
+	}
+}
+
+if ($backtype == "ajax") {
+
+	$result=array();
+	$result['error']=false;
+
+	$R = getUidData($table['bbsdata'],$NOWUID);
+
+  if (!$uid) {
+    $TMPL['category'] = $R['category'];
+    $TMPL['subject'] = $R['subject'];
+    $TMPL['bname'] = $B['name'];
+    $TMPL['bid'] = $B['id'];
+    $TMPL['uid'] = $R['uid'];
+    $TMPL['name'] = $R[$_HS['nametype']];
+    $TMPL['comment']=$R['comment'].($R['oneline']?'+'.$R['oneline']:'');
+    $TMPL['hit'] = $R['hit'];
+    $TMPL['likes'] = $R['likes'];
+    $TMPL['d_regis'] = getDateFormat($R['d_regis'],'Y.m.d');
+    $TMPL['d_regis_c']=getDateFormat($R['d_regis'],'c');
+    $TMPL['avatar'] = getAvatarSrc($R['mbruid'],'84');
+    $TMPL['url'] = '/'.$r.'/b/'.$R['bbsid'].'/'.$R['uid'];
+    $TMPL['featured_img_sm'] = getPreviewResize(getUpImageSrc($R),'240x180');
+    $TMPL['featured_img'] = getPreviewResize(getUpImageSrc($R),'480x270');
+    $TMPL['featured_img_lg'] = getPreviewResize(getUpImageSrc($R),'686x386');
+    $TMPL['featured_img_sq_200'] = getPreviewResize(getUpImageSrc($R),'200x200');
+    $TMPL['featured_img_sq_300'] = getPreviewResize(getUpImageSrc($R),'300x300');
+    $TMPL['featured_img_sq_600'] = getPreviewResize(getUpImageSrc($R),'600x600');
+    $TMPL['has_featured_img'] = getUpImageSrc($R)=='/files/noimage.png'?'d-none':'';
+
+    $TMPL['new']=getNew($R['d_regis'],24)?'':'d-none';
+    $TMPL['hidden']=$R['hidden']?'':'d-none';
+    $TMPL['notice']=$R['notice']?'':'d-none';
+    $TMPL['upload']=$R['upload']?'':'d-none';
+
+    $TMPL['timeago']=$d['theme']['timeago']?'data-plugin="timeago"':'';
+
+    if (!$list_wrapper) {
+      $skin_item=new skin($markup.'-item');
+      $TMPL['items']=$skin_item->make();
+      $skin=new skin($markup.'-list');
+      $result['item']=$skin->make();
+    } else {
+      if ($notice) $skin=new skin('list-item-notice');
+      else $skin=new skin($markup.'-item');
+      $result['item']=$skin->make();
+    }
+
+    $result['notice']=$R['notice'];
+    $result['uid']=$NOWUID;
+    $result['depth']=$R['depth'];
+    $result['media_object']=$d['theme']['media_object'];
+
+  } else {
+    $result['notice']=$R['notice'];
+    $result['uid']=$NOWUID;
+    $result['subject'] = $R['subject'];
+    $result['content'] = getContents($R['content'],$R['html']);
+  }
+
+	echo json_encode($result);
+	exit;
+
+} else {
+
+	setrawcookie('bbs_action_result', rawurlencode('게시물이 '.$msg.' 되었습니다.'));  // 처리여부 cookie 저장
+
+	if (!$backtype || $backtype == 'list') {
+		getLink($nlist,'parent.','','');
+	} else if ($backtype == 'view') {
+		if ($_HS['rewrite']&&!strstr($nlist,'&')) {
+			getLink($nlist.'/'.$NOWUID,'parent.','','');
+		} else {
+			getLink($nlist.'&mod=view&uid='.$NOWUID,'parent.','','');
+		}
+	} else {
+		getLink('reload','parent.','','');
+	}
+}
+
+?>