<?
include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php";
//include $_SERVER['DOCUMENT_ROOT']."/conf/conf_i.php";
//echo $_FILES['addfile'][name];
//$tableName = "board_free";
if($tableName ==1) $tableName = "board_free";
else if($tableName ==2) $tableName = "board_from";

if(!$sessionIDX) LoginCheck();

$todayfull = date("YmdHis");
$subject = addslashes($subject); //특수문자db에 들어가게..
$contents = urldecode($contents);
$contents = addslashes($contents); //특수문자db에 들어가게..


$formChk = "view";
if($is_secret == "") $is_secret ='N';
if($is_notice == "") $is_notice ='N';

//동영상 이미지 저장..
if($_FILES['addfile'][name])
{
			if($_FILES['addfile']['size'] > "31162773")
			{
						echo"<script>
												alert('30mb以下で保存することが可能です。');
												history.back(-1);
											</script>";
			}
			$addfile_ext = strtolower(substr($_FILES['addfile'][name],-3)); // 확장자
			//소문자.. 대문자.. 구분가능..
			if($addfile_ext!="com" or $addfile_ext!="exe" or $addfile_ext!="php" or $addfile_ext!="htm")
			{
						$vName = $todayfull."_".basename($_FILES['addfile']['name']).".".$addfile_ext; //화명명 변경 예)20061212_6437210.jpg
						$realName = $addfile_name;

						$file_count = 1;
						$uploaddir = $_SERVER['DOCUMENT_ROOT']."/files/from/";
						//$uploadfile = $uploaddir . basename($_FILES['addfile']['name']);
						$uploadfile = $uploaddir.$vName;

						if (!move_uploaded_file($_FILES['addfile']['tmp_name'], $uploadfile)) {
								print "ファイルのアップロードの攻撃の可能性があります!\n";
								print_r($_FILES);
						}
						//unlink($_FILES['addfile']['tmp_name']);
			}
			else
			{
						echo"<script>
												alert('添付ファイルはファイル（exe,com,php,html）のみアップロード可能です.');
												history.back();
											</script>";
			}
}

if($num){
	if($mode == "proc"){

		$queryupok = "update $tableName set subject='$lname',contents='$contents',general_setting='$m_chk',modify_date=now(),is_secret='$is_secret' ,is_notice='$is_notice'  where no = '$num'";
		$queryupok_result = mysql_query($queryupok,$db_con);
		echo $num;


	}else if($mode == "del"){
		$queryupok = "update $tableName set is_delete='Y',modify_date=now() where no = '$num'";
		$queryupok_result = mysql_query($queryupok,$db_con);

		if($sessionLevel==15) $user_no = get_db("select user_no from $tableName where no='$num'");
		else $user_no = $sessionIDX;

		//포인트 삭제 50점
		$division = $tableName;
		$point =50;
		$poi_action = "書き込み";
		$point_query = "update user_point set poi_type = 'N',poi_datetime=now() where mem_id='$user_no' and module_name='$division' and module_no='$num' and poi_action='$poi_action'";
    $poi_result = mysql_query($point_query,$db_con);

		$point_user_query = "update user set m_point = m_point-$point where id='$user_no'";
    $user_results = mysql_query($point_user_query,$db_con);
	}

}else{
	$subject = trim($subject);
	if($lname && $sessionID){
		$query = "INSERT INTO $tableName
										(module_no,user_no,user_id,user_name,reg_date,modify_date,is_secret,is_notice,subject,general_setting,contents,files_count,hit,ip)
									VALUES
										('$PAGE_GUBUN', '$sessionIDX','$sessionID','$sessionNickname',now(),now(),'$is_secret','$is_notice','$lname','$m_chk','$contents','$file_count','0','$REMOTE_ADDR')";

		$result = mysql_query($query,$db_con);




		if($tableName == "board_from"){
			$boardNo = get_db("select max(no) from $tableName");
			if($vName)
			{
						$orderBy = mktime( 0, 0, 0, date("m"), date("d"), date("Y"));
						$file_query = "INSERT INTO files(module_no,
																																							module_name,
																																							original_name,
																																							file_name,
																																							file_type,
																																							order_by,
																																							reg_date)
																																VALUES	('$boardNo',
																																								'$tableName',
																																								'$realName',
																																								'$vName',
																																								'$addfile_ext',
																																								'$orderBy',now())";

						$result = mysql_query($file_query,$db_con);

			}
			Gogo("from_ls.php");
		}else{
			echo $boardNo = get_db("select max(no) from $tableName where user_no='$sessionIDX'");
			//포인트 등록 50점
			$division = $tableName;
			$num = $boardNo;
			$point =50;
			$poi_action = "書き込み";
			$point_no = get_db("SELECT poi_id FROM user_point where module_name='$division' and module_no='$num' and mem_id='$sessionIDX' and poi_action='$poi_action'");
			if($point_no){
					$point_query = "update user_point set poi_type = 'Y',poi_datetime=now() where poi_id='$point_no'";
					$poi_result = mysql_query($point_query,$db_con);
			}else{
					$contents_name = $lname;
					$point_query = "INSERT INTO `user_point` (`poi_id`, `module_no`, `module_name`, `mem_id`, `poi_datetime`, `poi_content`, `poi_point`, `poi_type`, `poi_related_id`, `poi_action`) VALUES
					('', '$num', '$division', '$sessionIDX', now(), '$contents_name', '$point', 'Y', '$sessionIDX', '$poi_action')";
					$poi_result = mysql_query($point_query,$db_con);
			}

			$point_user_query = "update user set m_point = m_point+$point where id='$sessionIDX'";
			$user_results = mysql_query($point_user_query,$db_con);
			//포인트 등록 END
		}

	}else{
		alert_go("ログインが必要です.","board_ls.php");
	}

  //echo "성공!!";
}