.

KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY

Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory : /home/queenjbs/junsu/

Upload File :

Current File : /home/queenjbs/junsu/mypage_qna_Proc.php

<?
include $_SERVER['DOCUMENT_ROOT']."/conf/conf_dir.php";


$contents = urlutfchr($contents);
$tableName = "board_qna";
if(!$sessionIDX) LoginCheck();
$todayfull = date("YmdHis");
$subject = addslashes($subject); //특수문자db에 들어가게..
$contents = addslashes($contents); //특수문자db에 들어가게..


$formChk = "view";
if($is_secret == "") $is_secret ='N';
if($is_notice == "") $is_notice ='N';

if($num){
	if($mode == "proc"){

		$queryupok = "update $tableName set subject='$subject',contents='$contents',general_setting='$m_chk',modify_date=now(),is_secret='$is_secret' ,is_notice='$is_notice'  where no = '$num'";
		$boardNo = get_db("select no from board_$tableName where no = '$num'");
		if($vName){
			//기존 파일 삭제
			$fileName = Get_db("select file_name from files where module_name='$tableName' and module_no = '$num'");
				$del_file="../files/board/".$fileName;
				if($fileName && is_file($del_file)) unlink($del_file);
			if($fileName){
			$file_query = "update files set original_name='$realName',file_name='$vName',file_type='$addfile_ext',reg_date=now() where module_name='$tableName' and module_no = '$num'";
			}else{
				$orderBy = mktime( 0, 0, 0, date("m"), date("d"), date("Y"));
				$file_query = "INSERT INTO files
										(module_no,module_name,original_name,file_name,file_type,order_by,reg_date)
									VALUES
										('$boardNo','$tableName', '$realName','$vName','$addfile_ext','$orderBy',now())";
				$filesCnt =  mysql_query("update board_$tableName set files_count='1',modify_date=now() where no = '$num'",$db_con);
			}

			//echo $file_query;
			$result = mysql_query($file_query,$db_con);
		}else if($delfile){
			$fileName = Get_db("select file_name from files where module_name='$tableName' and module_no = '$num'");

			if($fileName){
				// 파일 삭제
				$del_file="../files/board/".$fileName;
				if($fileName && is_file($del_file)) unlink($del_file);
				$delqry =  mysql_query("DELETE FROM files where module_name='$tableName' and module_no = '$num'",$db_con);
				$filesCnt =  mysql_query("update $tableName set files_count='0',modify_date=now() where no = '$num'",$db_con);
			}
		}

	}else if($mode == "del"){
		$queryupok = "update $tableName set is_delete='Y',modify_date=now() where no = '$num'";
		$formChk = "list";
	}
	$queryupok_result = mysql_query($queryupok,$db_con);

}else{
	$subject = trim($subject);
	if($lname && $sessionIDX){
		$email = Get_db("select email from user where id = '$sessionIDX'");
		$query = "INSERT INTO $tableName
									(user_no,user_id,user_name,reg_date,is_secret,subject,general_setting,contents,files_count,hit,ip,email)
								VALUES
									('$_SESSION[S_IDX]','$_SESSION[S_ID]','$_SESSION[S_NAME]',now(),'$is_secret','$lname','$gubun_sort','$contents','$file_count','0','$REMOTE_ADDR','$email')";

		$result = mysql_query($query,$db_con);
		echo $boardNo = get_db("select no from $tableName where user_no='$sessionIDX' order by no desc");

	}

  //echo "성공!!";
}

Anon7 - 2021