@Ghazascanner
_2019runbot
Ghazascanner File Manager
server :Linux adweb87 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64
Current Path :
/
home
/
sanchung
/
public_html
/
admin
/
message
/
Path :
Upload File :
New :
File
Dir
/home/sanchung/public_html/admin/message/process.php
<? session_start(); //ȯ°æ ¼³Á¤ ÆÄÀÏ include "$_SERVER[DOCUMENT_ROOT]/admin/_setup.php"; $member_id = $_SESSION[MEMBER_ID]; switch($mode){ case"categoryadd": $sql = "select * from message_addrbook where id='$member_id' && category='$category' "; $row = mysql_fetch_array(mysql_query($sql)); if($row) $lib->alert_back("ÀÌ¹Ì »ç¿ëÁßÀÎ ±×·ì¸íÀÔ´Ï´Ù."); $sql = "insert into message_addrbook(id, category, wdate) values('$member_id', '$category', now() )"; mysql_query($sql); echo"<script> opener.location.reload(); location.replace('./add2.htm'); </script>"; break; case"categoryedit": $sql = "select * from message_addrbook where id='$member_id' && category='$category' && num!='$num' "; $row = mysql_fetch_array(mysql_query($sql)); if($row) $lib->alert_back("ÀÌ¹Ì »ç¿ëÁßÀÎ ±×·ì¸íÀÔ´Ï´Ù."); $sql = " update message_addrbook set category='$category' where id='$member_id' && num='$num' "; mysql_query($sql); $sql = " update message_address set category='$category' where id='$member_id' && category='$oldname' "; mysql_query($sql); echo"<script> opener.location.reload(); self.close(); </script>"; break; case"categorydel": $sql = "delete from message_address where id='$member_id' && category='$category' "; mysql_query($sql); $sql = "delete from message_addrbook where id='$member_id' && category='$category' "; mysql_query($sql); echo"<script> location.replace('./address.htm'); </script>"; break; case"groupsend": $sql = "select * from message_address where id='$member_id' && category='$category' "; $res = mysql_query($sql); $i = 0; while($row = mysql_fetch_array($res)){ $ids[$i] = $row[mid]; $i++; } if($ids) $memid = implode(",", $ids); echo"<form name='form' method='post' action='./message.htm'> <input type='hidden' name='memid' value='$memid'> </form> <script> form.submit(); </script> "; break; case"peradd": $sql = "select num from message_address where id='$member_id' && mid='$id' "; $row = mysql_fetch_array(mysql_query($sql)); if($row) $lib->alert_back("ÁÖ¼Ò·Ï¿¡ µî·ÏµÈ ȸ¿øÀÔ´Ï´Ù."); $sql = "select name, userid, email from yts_member where userid='$id' "; $row = mysql_fetch_array(mysql_query($sql)); $sql = "insert into message_address(id, category, mid, name, hp, email, office, memo, wdate) values('$member_id', '$category', '$id', '$row[name]', '$hp', '$row[email]', '$row[officename]', '$memo', now() )"; mysql_query($sql); echo"<script> opener.location.reload(); location.replace('./add1.htm'); </script>"; break; case"delete"; if($category) $addsql = " && category='$category' "; for($i=0; $i<sizeof($mid); $i++){ $sql = "delete from message_address where id='$member_id' && mid='$mid[$i]' $addsql "; mysql_query($sql); } echo"<script> location.replace('./address.htm'); </script>"; break; case"message_send": $member_id = $_SESSION[MEMBER_ID]; $member_name = $_SESSION[MEMBER_NAME]; $member_email = $_SESSION[MEMBER_EMAIL]; $tid = explode(",", $memid); //if($upfile_size > 0 && $upfile_name) $addfile = file_upload_rename($upfile, $upfile_name, $upfile_size, "./data/", mktime() ); for($i=0; $i<sizeof($tid); $i++){ if(!$tid[$i]) continue; $sql = "select * from adw_member where userid='$tid[$i]'"; $row = mysql_fetch_array(mysql_query($sql)); $rec_name = ($tid[$i] == "admin" && !$row[userid]) ? "°ü¸®ÀÚ" : $row[name]; $sql = "insert into message(send_id, send_name, send_mail, send_date, rec_id, rec_name, rec_mail, subject, content, addfile) values("; $sql .= "'$member_id', '$member_name', '$member_email', now(), '$tid[$i]', '$rec_name', '$row[email]', '$subject', '$memo', '$addfile') "; mysql_query($sql); } $lib->alert_go("¸Þ¼¼Áö ¹ß¼ÛÀ» ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "./my2.htm"); break; case"send_del": $sql = "select rec_del, addfile from message where num='$num'"; $row = mysql_fetch_array(mysql_query($sql)); if($row[rec_del] == "Y"){ if($row[addfile] && is_file("./data/$row[addfile]")) @unlink("./data/$row[addfile]"); $sql = "delete from message where num='$num' "; } else $sql = "update message set send_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "../?amode=member_send_list&page=$page"); break; case"rec_del": $sql = "select send_del, addfile from message where num='$num' "; $row = mysql_fetch_array(mysql_query($sql)); if($row[send_del] == "Y"){ if($row[addfile] && is_file("./data/$row[addfile]")) @unlink("./data/$row[addfile]"); $sql = "delete from message where num='$num' "; } else $sql = "update message set rec_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "../?amode=member_get_list&page=$page"); break; case"rec_del_u": $sql = "select send_del, addfile from message where num='$num' "; $row = mysql_fetch_array(mysql_query($sql)); if($row[send_del] == "Y"){ if($row[addfile] && is_file("./data/$row[addfile]")) @unlink("./data/$row[addfile]"); $sql = "delete from message where num='$num' "; } else $sql = "update message set rec_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "./my1.htm?page=$page"); break; case"send_del_s": $sql = "select rec_del from message where num='$num'"; $row = mysql_fetch_array(mysql_query($sql)); if($row[rec_del] == "Y") $sql = "delete from message where num='$num' "; else $sql = "update message set send_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "./my2.htm"); break; case"send_del_s": $sql = "select rec_del from message where num='$num'"; $row = mysql_fetch_array(mysql_query($sql)); if($row[rec_del] == "Y") $sql = "delete from message where num='$num' "; else $sql = "update message set send_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "./my1.htm"); break; case"rec_del_s": $sql = "select send_del from message where num='$num' "; $row = mysql_fetch_array(mysql_query($sql)); if($row[send_del] == "Y") $sql = "delete from message where num='$num' "; else $sql = "update message set rec_del='Y' where num='$num' "; mysql_query($sql); $lib->alert_go("¸Þ¼¼Áö »èÁ¦¸¦ ¿Ï·á ÇÏ¿´½À´Ï´Ù. ", "./my1.htm"); break; } ?>