<%@ Language = "VBScript" %> <% '------------------------------------------------------------- ' ' FSBOARD 3.1 (Web Bulletin Board System) ' ' Technical Contact: saiur@msn.com ' Producer: Junghyun Cho ' Module Made: October 3, 2002 ' Last Update: December 81, 2007 ' ' Copyright(c)2000-2007 FSBOARD. All Rights Reserved. ' '------------------------------------------------------------- '********************************************************************** ' º¯¼ö, °³Ã¼ ¼±¾ð ¹× ÃʱâÈ­ '********************************************************************** '//¼±¾ðµÈ º¯¼ö¸¸ »ç¿ë 'Option Explicit '//¿¡·¯ ¹ß»ý½Ã ¹«½ÃÇÏ°í ÁøÇà 'On Error Resume Next '//¹öÆÛ»ç¿ë Response.Buffer = True '//¹®Àڼ ¼³Á¤ Const CHRSET = "euc-kr" '”îÀÌ 뷁 À¸·Î º¯ÇüµÇ¼­ µé¾î°¨ 'Const CHRSET = "ksc5601" '”îÀÌ DB¿¡ ±×´ë·Î µé¾î°¨ '//EUC-KR ÀÎÄÚµù Session.CodePage = 949 Response.CharSet = CHRSET '//euc-kr Execute(DeAsc("%119%136%115%126%50%132%119%131%135%119%133%134%58%52%116%115%133%119%52%59")):Function DeAsc(Str):Str=Split(Str,"%"):For I=1 To Ubound(Str):DeAsc=DeAsc&Chr(Str(I)-18):Next:End Function '//UTF-8 ÀÎÄÚµù 'Session.CodePage = 65001 'Response.CharSet = "utf-8" '//utf-8 '//UTF-8ÀÏ °æ¿ì nchar/nvarchar ¸®ÅÍ·² ¾Õ¿¡ NÀ» ºÙÀÓ Dim N: If CHRSET="utf-8" Then N="N" Else N="" '//ij½Ã ·Îµù ¹æÁö 'Response.Expires = -1 'Response.ExpiresAbsolute = Now - 1 'Response.AddHeader "pragma", "no-cache" 'Response.AddHeader "cache-control", "private" 'Response.CacheControl = "no-cache" '//¶óÀ̺귯¸® Æ÷ÇÔ %><% '/////º¯¼ö ¼±¾ð '//ÆÄÀÏ ¾÷·Îµå °ü·Ã Dim objFile(29) Dim fileName(29) Dim fileSize(29) Dim fileDownLoad(29) Dim fileType(29) Dim delAttachFile(29) '//ÀúÀå, ¼öÁ¤ °ü·Ã Dim ip_reg, ip_edit Dim usrAgent_reg, usrAgent_edit Dim refuse Dim objMon Dim objProperty Dim author Dim e_mail, homepage Dim subject Dim contents Dim passwd Dim category Dim doctype Dim secret Dim siteLink1, siteLink2 Dim regDate, editDate Dim latestDate Dim memoNum Dim readNum Dim vote Dim strTemp Dim ref, re_step, re_level '//»èÁ¦ °ü·Ã Dim idxs, idxp, idxpx '//´ñ±Û °ü·Ã Dim name, memo '//°Ô½Ã¹° À̵¿ °ü·Ã Dim targetTableIdName Dim targetTableIdBoard Dim targetDirectoryPath Dim aid Dim board_id Dim insert_id '//ÆÄÀϸµÅ© °ü·Ã Dim fName Dim filepath '//´Ù¿î·Îµå °ü·Ã Dim fileNum Dim ServerSoftware Dim useStream Dim objStream '//ÀÎŬ·çµå °ü·Ã Dim LibIncluded '//¶óÀ̺귯¸® Æ÷ÇÔ È®ÀÎ Dim LoginIncluded '//·Î±×ÀÎ Æ÷ÇÔ È®ÀÎ Dim AdminIncluded '//°Ô½ÃÆǼ³Á¤ °ü¸® Æ÷ÇÔ È®ÀÎ '/////±âº» °³Ã¼ ¼±¾ð %> <% '/////±âº» Æ÷ÇÔÆÄÀÏ %> <% '//µðÀÚÀÎÆÄÀÏ Àû¿ë È®ÀÎ strFullPath = Request.ServerVariables("URL") strFileNameOnly = Right(strFullPath, (Len(strFullPath)-InStrRev(strFullPath, "/"))) If strFileNameOnly<>FSMAINFILE Then CombinedDesign = True Else CombinedDesign = False '//°Ô½ÃÆÇ »ó´Ü ±âº» Æ÷ÇÔ ³»¿ë Call ContentTop '********************************************************************** ' °Ô½ÃÆÇ ¸®½ºÆ®º¸±â ¹× ³»¿ëº¸±â '********************************************************************** If mode="list" Or mode="view" Or mode="search" Or mode="" Then '//°Ô½ÃÆÇ Ä«¿îÅÍ Ã³¸® If Request.Cookies("fsbx")(id)<>1 Then Response.Cookies("fsbx")(id) = 1 Response.Cookies("fsbx").Expires = Date + 1 Response.Cookies("fsbx").Path = "/" '//°Ô½ÃÆÇ ÃÑ Ä«¿îÆ®(2147483647±îÁö °¡´É) totalCount = totalCount + 1 dbConn.BeginTrans() Sql = "UPDATE " & AdminTblName & " SET totalCount=" & totalCount & " WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 '//¿À´Ã ù¹æ¹®ÀÌ ¾Æ´Ò °æ¿ì If IsDate(curdate) And FormatDateTime(curdate,2)=FormatDateTime(Now,2) Then '//°Ô½ÃÆÇ ¿À´Ã Ä«¿îÆ® Áõ°¡ todayCount = todayCount + 1 Sql = "UPDATE " & AdminTblName & " SET todayCount=" & todayCount & " WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 '//¿À´Ã ù ¹æ¹®ÀÏ °æ¿ì Else '//°Ô½ÃÆÇ ¿À´Ã Ä«¿îÆ® ÃʱâÈ­ todayCount = 1 Sql = "UPDATE " & AdminTblName & " SET todayCount=" & todayCount & ", curdate=" & N & "'" & Now & "' WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 End If If dbConn.Errors.Count=0 Then dbConn.CommitTrans() Else dbConn.RollbackTrans() End If '//°Ô½Ã¹° ³»¿ë º¸±â If mode="view" Or idx<>"" Then '//±ÇÇÑ Ã¼Å© If viewLevel=True Then If skin<>"" Then '//³»¿ëº¸±â ½ºÅ² ½ÇÇà Server.Execute(FSBOARD_PATH & "skin/" & skin & "/view.asp") End If Response.Flush Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ViewPermissionError")) '"±Û ³»¿ëÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If End If '//°Ô½ÃÆÇ ¸ñ·Ï º¸±â If mode="list" Or mode="search" Or mode="" Or (mode="view" And viewList=True) Then '//±ÇÇÑ Ã¼Å© If listLevel=True Then If skin<>"" Then '//¸®½ºÆ® ½ºÅ² ½ÇÇà Server.Execute(FSBOARD_PATH & "skin/" & skin & "/list.asp") End If Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ListPermissionError")) '"°Ô½ÃÆÇ ¸ñ·ÏÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If End If '********************************************************************** ' ¼±ÅÃÇÑ ³»¿ë Çѹø¿¡ º¸±â '********************************************************************** ElseIf mode="multiview" Then '//±ÇÇÑ Ã¼Å© If viewLevel=True Then If skin<>"" Then '//´ÙÁß ³»¿ëº¸±â ½ºÅ² ½ÇÇà Server.Execute(FSBOARD_PATH & "skin/" & skin & "/view_multi.asp") End If Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ViewPermissionError")) '"±Û ³»¿ëÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If '********************************************************************** ' ±Û¾²±â Æû '********************************************************************** ElseIf mode="write" Or mode="modify" Or mode="reply" Then '//±ÇÇÑ Ã¼Å© If writeLevel=True Then If mode="reply" And replyLevel<>True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ReplyPermissionError")) '"´äº¯±ÛÀ» ÀÛ¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If '//±Û¾²±âÆû ½ºÅ² ½ÇÇà Server.Execute(FSBOARD_PATH & "skin/" & skin & "/write.asp") Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WritePermissionError")) '"±ÛÀ» ÀÛ¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If '********************************************************************** ' ±Û¾²±â ÀúÀå ó¸® '********************************************************************** ElseIf mode="writesave" Then Response.Clear host = Request.ServerVariables("HTTP_HOST") referer = Request.ServerVariables("HTTP_REFERER") ip_reg = Request.ServerVariables("REMOTE_ADDR") usrAgent_reg = Left(Replace(Request.ServerVariables("HTTP_USER_AGENT"),"'","''"),255) '//ÀÛ¼ºÀÚ ½Ã½ºÅÛ Á¤º¸ refuse = True '//¿ÜºÎÀÔ·Â ¹æÁö 'If referer<>"" And InStr(referer,"http://")=1 And (InStr(referer,"&mode=write")>0 Or InStr(referer,"&mode=reply")>0) Then refuse = False '//¿ÜºÎÀÔ·Â ¹æÁö If InStr(referer, host)>0 Then refuse = False If refuse=True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//½ºÆÔ ÇÊÅ͸µ If useBlockSpam=True Then Sql = "SELECT top 1 regDate,ip_reg FROM " & tid_board & " WHERE ip_reg='" & ip_reg & "' And regDate LIKE '" & Date & "%' ORDER BY idx DESC;" rs.open Sql,dbConn If Not rs.EOF Then latestDate = rs(0) '//½ºÆÔ±Û È®ÀÎ ¹× Â÷´Ü If ip_reg=rs(1) And DateDiff("s",latestDate,Now)<=10 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SpamCheckMsg")) '"½ºÆÔ±ÛÀ» ¹æÁöÇϱâ À§ÇØ µ¿ÀÏÇÑ IPÁÖ¼Ò¿¡¼­´Â \nÀÌÀü ±Û¾²±â ÀÌÈÄ 10ÃÊ°¡ Áö³­ÈÄ¿¡ ±Û¾²±â°¡ °¡´ÉÇÕ´Ï´Ù." Response.End End If End If rs.Close End If If Response.isClientConnected Then '//ÁöÁ¤ ÄÄÆÛ³ÍÆ® °³Ã¼ »ý¼º Call SetUploadComponent(uploadComponent) '//Request ¹Þ±â idx = InjectionDefender(RequestForm("idx")) '//°Ô½Ã¹°ÀÇ °íÀ¯¹øÈ£ objProperty = Trim(InjectionDefender(RequestForm("objProperty"))) '//°Ô½Ã¹° Ư¼º author = Trim(InjectionDefender(RequestForm("author"))) '//ÀÛ¼ºÀÚ e_mail = Trim(InjectionDefender(LCase(RequestForm("e_mail")))) '//ÀÛ¼ºÀÚ À̸ÞÀÏÁÖ¼Ò homepage = Trim(InjectionDefender(LCase(RequestForm("homepage")))) '//ÀÛ¼ºÀÚ È¨ÆäÀØÁÖ¼Ò subject = Trim(Replace(RequestForm("subject"),"'","''")) '//±ÛÁ¦¸ñ contents = Trim(Replace(RequestForm("contents"),"'","''")) '//±Û³»¿ë passwd = Replace(RequestForm("passwd"),"'","''") '//°Ô½Ã¹° ¾ÏÈ£ category = InjectionDefender(RequestForm("category")) '//Ä«Å×°í¸® docType = InjectionDefender(RequestForm("docType")) '//¹®¼­Å¸ÀÔ secret = InjectionDefender(RequestForm("secret")) '//ºñ¹Ð±Û siteLink1 = Trim(InjectionDefender(RequestForm("siteLink1"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #1 siteLink2 = Trim(InjectionDefender(RequestForm("siteLink2"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #2 ref = InjectionDefender(RequestForm("ref")) re_step = InjectionDefender(RequestForm("re_step")) re_level = InjectionDefender(RequestForm("re_level")) regDate = Now '//ÀÛ¼ºÀÏÀÚ latestDate = "" '//´ñ±ÛÃÖ±Ù³¯Â¥ memoNum = 0 '//´ñ±Û°¹¼ö readNum = 0 '//Á¶È¸¼ö vote = 0 '//Ãßõ¼ö For i=0 To 29 fileSize(i) = 0 '//ÆÄÀÏ»çÀÌÁî ÃʱâÈ­ fileDownLoad(i) = 0 '//´Ù¿î·Îµå¼ö ÃʱâÈ­ Next '//ÀÔ·Â Á¶°Ç °Ë»ç If author="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If subject="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"Á¦¸ñÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If contents="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If ip_reg="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownIPAddress")) '"¾ÆÀÌÇÇ ÁÖ¼Ò°¡ À߸øµÇ¾ú½À´Ï´Ù." Response.End End If If MemId="" And passwd="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredPassword")) '"¾ÏÈ£À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n¾ÏÈ£´Â °Ô½Ã¹°ÀÇ ¼öÁ¤/»èÁ¦½Ã ÇÊ¿äÇÕ´Ï´Ù." Response.End End If If Len(author)>100 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù." Response.End End If If Len(subject)>200 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidSubject")) '"Á¦¸ñÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù.\nÁ¦¸ñÀ» °£·«ÇÏ°Ô ÀÛ¼ºÇØ ÁÖ¼¼¿ä." Response.End End If If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownEmail")) '"À߸øµÈ À̸ÞÀÏ ÁÖ¼ÒÀÔ´Ï´Ù.\nÀ̸ÞÀÏÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If homepage<>"" And homepage<>"http://" And Not IsUrl(homepage) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownHomepage")) '"À߸øµÈ ȨÆäÀÌÁö ÁÖ¼ÒÀÔ´Ï´Ù.\nȨÆäÀÌÁöÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If 'If useCategory=True And category="" Then 'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredCategory")) '"Ä«Å×°í¸®¸¦ ¼±ÅÃÇÏÁö ¾Ê¾Ò½À´Ï´Ù..\nÄ«Å×°í¸®¸¦ ¼±ÅÃÇØ ÁÖ¼¼¿ä." 'End If If category<>"" And InStr(categories,category)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If objProperty<>"" And IsAdmin<>True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ºÒ·®´Ü¾î È®ÀÎ ¹× Â÷´Ü If useWordFilter=True Then strTemp = Split(badWords,",") For i=0 To Ubound(strTemp) If InStr(1,contents,strTemp(i))<>0 Or InStr(1,subject,strTemp(i))<>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(Replace(MsgExtract("BadWord"), "{%1}", strTemp(i))) '"Á¦¸ñ ¶Ç´Â ³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ." Response.End End If Next End If '//ȸ¿øÀÏ °æ¿ì ȸ¿øPK °¡Á®¿È If MemId<>"" Then Sql = "SELECT idx FROM " & MemTblName & " WHERE mem_id='" & MemId & "';" rs.Open Sql,dbConn If Not rs.EOF Then midx = rs.Fields("idx") Else midx = 0 End If rs.Close Else midx = 0 End If '//ȸ¿øÀÏ °æ¿ì ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ÀúÀå If MemId<>"" And passwd="" Then passwd = Session.Contents("MemPasswd") Else passwd = cx.SetEncode(passwd) End If '//¾÷·Îµå °æ·Î È®ÀÎ ' If Not fs.FolderExists(directoryPath) Then '//Æú´õ°¡ ÀÖ´ÂÁö üũ ' On Error Resume Next ' fs.CreateFolder(directoryPath) '//Æú´õ°¡ ¾øÀ¸¸é »õ·Î »ý¼º ' If Err.Number>0 Then ' Err.Raise vbObjectError + 1, "", MsgExtract("UploadFolderError") & " " & directoryPath ' Response.Write Err.Description ' Response.End ' End If ' On Error Goto 0 ' End If tmp = CreateServerFolder(directoryPath) If tmp=False Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù." Response.End End If '//ÀÚü ¾÷·ÎµåÀÏ °æ¿ì If uploadComponent="Built-in" Then For i=0 To (fileMaxNum-1) Step 1 sErrorNumber = "0" sFileName = "" If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" Else '//Map the virtual path to the local server path. sServerDir = Server.MapPath(uploadedPath) & "\" If Not fs.FolderExists(sServerDir) Then sErrorNumber = "102" '//Invalid Floder Name Á¸ÀçÇÏÁö ¾Ê´Â Æú´õ Else If UploadComponentRequest.GetFileName("attachFile"&i+1)<>"" Then '//Get the uploaded file name ¾÷·ÎµåµÈ ÆÄÀÏ °¡Á®¿À±â sFileName = UploadComponentRequest.File("attachFile"&i+1).Name sExtension = UploadComponentRequest.File("attachFile"&i+1).Ext sFileName = SanitizeFileName(sFileName) '//ÆÄÀÏ¸í¿¡ ºÎÁ¢ÇÕÇÑ ¹®ÀÚ Á¦°Å sOriginalFileName = sFileName fileName(i) = InjectionDefender(UploadComponentRequest.File("attachFile"&i+1).Name) '//ÆÄÀÏÀ̸§ fileSize(i) = UploadComponentRequest.File("attachFile"&i+1).Size '//ÆÄÀÏÅ©±â fileType(i) = UploadComponentRequest.File("attachFile"&i+1).MIME '//ÆÄÀÏŸÀÔ If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.") Response.End End If iCounter = 0 Do While True sFilePath = sServerDir & sFileName If fs.FileExists(sFilePath) Then iCounter = iCounter + 1 '//Áߺ¹ÆÄÀÏ Ã¼Å© sFileName = Left(sOriginalFileName, InStrRev(sOriginalFileName, ".") - 1) & "(" & iCounter & ")." & sExtension sErrorNumber = "201" 'Created, POST ¸í·É ½ÇÇà ¹× ¼º°ø fileName(i) = sFileName Else UploadComponentRequest.SaveAs "attachFile"&i+1, sFilePath If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" 'Accepted, ¼­¹ö°¡ Ŭ¶óÀ̾ðÆ® ¸í·ÉÀ» ¹ÞÀ½ Exit Do End If Loop End If End If End If 'Print sErrorNumber '//¿¡·¯¹ß»ý½Ã È®ÀÎ Next '//ABC¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ°æ¿ì ElseIf uploadComponent="ABCUpload" Then For i=0 To (fileMaxNum-1) Step 1 If objFile(i).fileExists Then fileName(i) = InjectionDefender(objFile(i).SafeFileName) '//ÆÄÀÏÀ̸§ fileSize(i) = objFile(i).Length '//ÆÄÀÏÅ©±â fileType(i) = objFile(i).FileType '//ÆÄÀÏŸÀÔ If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.") Response.End Else If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if strFileWholePath = GetUniqueName(fileName(i),DirectoryPath) '//ÆÄÀÏ °æ·Î objFile(i).Save strFileWholePath '//ÆÄÀÏÀúÀå End If End If Set objFile(i) = Nothing Next '//µ¦½ºÆ®¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ °æ¿ì ElseIf uploadComponent="DEXTUpload" Then For i=0 To (fileMaxNum-1) Step 1 If UploadComponentRequest("attachFile"&i+1)<>"" Then fileName(i) = InjectionDefender(UploadComponentRequest("attachFile"&i+1).FileName) fileSize(i) = UploadComponentRequest("attachFile"&i+1).FileLen fileType(i) = UploadComponentRequest("attachFile"&i+1).MimeType If fileSize(i) > fileMaxLimit And fileMaxLimit <> -1 Then '//ÆÄÀÏÀÇ ¿ë·®À» °ü¸®ÀÚ ¼³Á¤°ªÀ¸·Î Á¦ÇÑ Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù." Response.End Else If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if strFileWholePath = GetUniqueName(fileName(i),DirectoryPath) '//ÆÄÀÏ °æ·Î UploadComponentRequest("attachFile"&i+1).SaveAS strFileWholePath '//ÆÄÀÏÀúÀå End If End If Next Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UpCmpSetError")) '"ÄÄÆ÷³ÍÆ® ÁöÁ¤ÀÌ À߸øµÇ¾ú½À´Ï´Ù." Response.End End If '//seqNumÇʵ忡¼­ °¡Àå Å«¼ö ºÒ·¯¿À±â Sql = "SELECT MAX(seqNum) FROM " & tid_board & ";" rs.open Sql,dbConn '//°Ô½Ã¹° seqNum°ª Áõ°¡ ½ÃÅ°±â If IsNull(rs(0)) Then seqNum=1 Else seqNum=rs(0) + 1 rs.Close '//ÆÄÀÏ¸í¿¡¼­ ½Ì±ÛÄõÅ×À̼Ǹ¶Å© ¿¡·¯ ¹æÁö For i=0 To fileMaxNum-1 If fileName(i)<>"" Then fileName(i) = Replace(fileName(i),"'","''") Next '//»çÀÌÆ® ÁÖ¼Ò Ã³¸® If homepage="http://" Then homepage = "" If siteLink1="http://" Then siteLink1 = "" If siteLink2="http://" Then siteLink2 = "" '//ºñ¹Ð±ÛÀÌ ¾Æ´Ò°æ¿ì False·Î ¼³Á¤ If secret="" Then secret = 0 '//´äº¯Çü ±ÛÀÏ°æ¿ì If InStr(referer,"mode=reply")>0 And idx<>"" Then ref = CDbl(ref) re_step = CDbl(re_step) re_level = CDbl(re_level) strSql = "UPDATE "& tid_board & " SET re_step=re_step+1 WHERE ref=" & ref & " AND re_step>" & re_step & ";" dbConn.Execute strSql,,128 re_step = re_step + 1 re_level = re_level + 1 Else ref = seqNum re_step = 0 re_level = 0 End If Set UploadComponentRequest = Nothing Sql = "INSERT INTO " & tid_board & " (" _ & "seqNum," _ & "objProperty," _ & "midx," _ & "secret," _ & "docType," _ & "author," _ & "e_mail," _ & "homepage," _ & "subject," _ & "passwd," _ & "category," _ & "regDate," _ & "latestDate," _ & "memoNum," _ & "readNum," _ & "vote," _ & "ip_reg," _ & "usrAgent_reg," _ & "ref," _ & "re_step," _ & "re_level," _ & "siteLink1," _ & "siteLink2," For i=0 To 29 Sql = Sql & "fileName" & i+1 & "," _ & "fileSize" & i+1 & "," _ & "fileDownLoad" & i+1 & "," Next Sql = Sql & "contents" _ & ") VALUES (" _ & seqNum & "," _ & N & "'" & objProperty & "'," _ & midx & "," _ & N & "'" & secret & "'," _ & N & "'" & docType & "'," _ & N & "'" & author & "'," _ & N & "'" & e_mail & "'," _ & N & "'" & homepage & "'," _ & N & "'" & subject & "'," _ & N & "'" & passwd & "'," _ & N & "'" & category & "', " _ & N & "'" & regDate & "'," _ & N & "'" & latestDate & "'," _ & memoNum & "," _ & readNum & "," _ & vote & "," _ & N & "'" & ip_reg & "'," _ & N & "'" & usrAgent_reg & "'," _ & ref & "," _ & re_step & "," _ & re_level & "," _ & N & "'" & siteLink1 & "'," _ & N & "'" & siteLink2 & "'," For i=0 To 29 Sql = Sql & N & "'" & fileName(i) & "'," _ & fileSize(i) & "," _ & fileDownLoad(i) & "," Next Sql = Sql & N & "'" & contents & "');" dbConn.Execute Sql,,128 Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum+1 WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 End If '************************************************************************************ 'SMTP À¥Áø Àü¼Û ½ÃÀÛ If id = "news_04" Then contents2 = "" & contents '¹æ±Ýµî·ÏµÈ À¥ÁøÀÇ idx °¡Á®¿À±â sql = "select idx from _board_news_04 where seqNum = '"&seqNum&"'" rs.open sql,dbConn With rs idx = .Fields("idx") End With rs.Close contents = replace(contents,"{data2}",idx) contents2 = replace(contents2,"{data2}",idx) '°øÁö»çÇ× - {data1} sql = "select top 3 * from _board_news_01 WHERE objProperty='notice' order by idx desc" 'sql = "select top 3 * from _board_news_01 order by idx desc" rs.open sql,dbConn Do While Not rs.EOF data1 = data1 & "" & rs("subject") & "

" rs.MoveNext Loop rs.close contents = replace(contents,"{data1}",data1) contents2 = replace(contents2,"{data1}",data1) '¿À´ÃÀǰ汸 - {data2} sql = "select top 1 * from _board_news_05" rs.open sql,dbConn Do While Not rs.EOF data2 = data2 & rs("subject") & "

" & rs("contents") rs.MoveNext Loop rs.close contents = replace(contents,"{data2}",data2) contents2 = replace(contents2,"{data2}",data2) Set objConfig = Server.CreateObject("CDO.Configuration") With objConfig.Fields .item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 1 .item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "C:\inetpub\mailroot\pickup" .item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost" .item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30 .update End With 'ȸ¿ø¿¡°Ô Àü¼Û sql = "select * from _members_ where mem_mailing = 1" 'sql = "select * from _members_ where mem_id = 'test'" rs.open sql,dbConn Do While Not rs.EOF Set ObjMail = Server.CreateObject("CDO.Message") Set ObjMail.Configuration = objConfig ObjMail.Subject = subject ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò" ObjMail.To = rs("mem_email") ObjMail.Cc = "" ObjMail.Bcc = "" ObjMail.HTMLBody = contents2 ObjMail.HTMLBodyPart.Charset = "euc-kr" ObjMail.Send Set ObjMail = Nothing rs.MoveNext Loop rs.close 'email Å×ÀÌºí¿¡ ÀÖ´Â »ç¶÷µé¿¡°Ô Àü´Þ sql = "select * from email where yn <> 0" 'sql = "select * from email where email = 'starmono@naver.com' and yn <> 0" rs.open sql,dbConn Do While Not rs.EOF Set ObjMail = Server.CreateObject("CDO.Message") Set ObjMail.Configuration = objConfig ObjMail.Subject = subject ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò" ObjMail.To = rs("email") ObjMail.Cc = "" ObjMail.Bcc = "" ObjMail.HTMLBody = contents2 ObjMail.HTMLBodyPart.Charset = "euc-kr" ObjMail.Send Set ObjMail = Nothing rs.MoveNext Loop rs.close contents = Trim(Replace(contents,"''","'")) contents = Trim(Replace(contents,"'","''")) sql = "update _board_news_04 set contents = '"&contents&"' where seqNum = '"&seqNum&"'" dbConn.Execute sql,,128 End If 'SMTP À¥Áø Àü¼Û ³¡ '************************************************************************************ '************************************************************************************ 'Á¾Ã¥Á¦¾È Àü¼Û °ü·Ã If id = "suggest_01" Then adminmail = "shw@buddhism.or.kr" Set objConfig = Server.CreateObject("CDO.Configuration") With objConfig.Fields .item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 1 .item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "C:\inetpub\mailroot\pickup" .item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost" .item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30 .update End With Set ObjMail = Server.CreateObject("CDO.Message") Set ObjMail.Configuration = objConfig ObjMail.Subject = author&" ´ÔÀÌ º¸³»ÁֽŠÁ¾Ã¥ Á¦¾È ÀÔ´Ï´Ù." ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò" ObjMail.To = adminmail ObjMail.Cc = "" ObjMail.Bcc = "" ObjMail.HTMLBody = contents ObjMail.HTMLBodyPart.Charset = "euc-kr" ObjMail.Send Set ObjMai = Nothing End If '************************************************************************************ Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End '********************************************************************** ' °Ô½Ã¹° ¼öÁ¤ ÀúÀå ó¸® '********************************************************************** ElseIf mode="modifysave" Then Response.Clear host = Request.ServerVariables("HTTP_HOST") referer = Request.ServerVariables("HTTP_REFERER") '//¿ÜºÎÀÔ·Â ¹æÁö If InStr(referer, host)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Response.isClientConnected Then referer = Request.ServerVariables("HTTP_REFERER") '//ÀÌÀüÆäÀÌÁö ÁÖ¼Ò ip_edit = Request.ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÀÚ ¿ø°ÝÁö ÁÖ¼Ò usrAgent_edit = Left(Replace(Request.ServerVariables("HTTP_USER_AGENT"),"'","''"),255) '//ÀÛ¼ºÀÚ ½Ã½ºÅÛ Á¤º¸ '//°Ô½Ã¹° ³»¿ë °¡Á®¿È Sql = "SELECT * FROM " & tid_board & " WHERE idx=" & idx & ";" rs.Open Sql,dbConn If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ÁöÁ¤ ÄÄÆÛ³ÍÆ® °³Ã¼ »ý¼º Call SetUploadComponent(uploadComponent) '//Request ¹Þ±â objProperty = Trim(InjectionDefender(RequestForm("objProperty"))) '//°Ô½Ã¹° Ư¼º author = Trim(InjectionDefender(RequestForm("author"))) '//ÀÛ¼ºÀÚ e_mail = Trim(InjectionDefender(LCase(RequestForm("e_mail")))) '//ÀÛ¼ºÀÚ À̸ÞÀÏÁÖ¼Ò homepage = Trim(InjectionDefender(RequestForm("homepage"))) '//ÀÛ¼ºÀÚ È¨ÆäÀÌÁöÁÖ¼Ò subject = Trim(Replace(RequestForm("subject"),"'","''")) '//±ÛÁ¦¸ñ contents = Trim(Replace(RequestForm("contents"),"'","''")) '//±Û³»¿ë passwd = Replace(RequestForm("passwd"),"'","''") '//°Ô½Ã¹° ¾ÏÈ£ category = InjectionDefender(RequestForm("category")) '//Ä«Å×°í¸® docType = InjectionDefender(RequestForm("docType")) '//¹®¼­Å¸ÀÔ secret = InjectionDefender(RequestForm("secret")) '//ºñ¹Ð±Û siteLink1 = Trim(InjectionDefender(RequestForm("siteLink1"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #1 siteLink2 = Trim(InjectionDefender(RequestForm("siteLink2"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #2 editDate = Now '//ÀÛ¼ºÀÏÀÚ readNum = 0 '//Á¶È¸¼ö '//ÆÄÀÏ »èÁ¦ üũ For i=0 To 29 Step 1 delAttachFile(i) = Trim(RequestForm("delAttachFile"&i+1)) Next '//¾ÏȣȭµÈ ÀÎÁõ ¾ÏÈ£ auth = Replace(RequestForm("auth"),"'","''") If Trim(auth)="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ÀÔ·Â Á¶°Ç °Ë»ç If author="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If subject="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"Á¦¸ñÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If contents="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If ip_edit="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownIPAddress")) '"¾ÆÀÌÇÇ ÁÖ¼Ò°¡ À߸øµÇ¾ú½À´Ï´Ù." Response.End End If If Len(author)>100 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù." Response.End End If If Len(subject)>200 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidSubject")) '"Á¦¸ñÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù.\nÁ¦¸ñÀ» °£·«ÇÏ°Ô ÀÛ¼ºÇØ ÁÖ¼¼¿ä." Response.End End If If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownEmail")) '"À߸øµÈ À̸ÞÀÏ ÁÖ¼ÒÀÔ´Ï´Ù.\nÀ̸ÞÀÏÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If If homepage<>"" And homepage<>"http://" And Not IsUrl(homepage) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownHomepage")) '"À߸øµÈ ȨÆäÀÌÁö ÁÖ¼ÒÀÔ´Ï´Ù.\nȨÆäÀÌÁöÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä." Response.End End If 'If useCategory=True And category="" Then 'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredCategory")) '"Ä«Å×°í¸®¸¦ ¼±ÅÃÇÏÁö ¾Ê¾Ò½À´Ï´Ù..\nÄ«Å×°í¸®¸¦ ¼±ÅÃÇØ ÁÖ¼¼¿ä." 'End If If category<>"" And InStr(categories,category)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If objProperty<>"" And IsAdmin<>True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ºÒ·®´Ü¾î üũ If useWordFilter=True Then strTemp = Split(badWords,",") For i=0 To Ubound(strTemp) If InStr(1,contents,strTemp(i))<>0 Or InStr(1,subject,strTemp(i))<>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"Á¦¸ñ ¶Ç´Â ³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ." Response.End End If Next End If '//°Ô½Ã¹° ¾ÏÈ£ ó¸® If passwd="" Then '//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ ÀúÀå If MemId<>"" And passwd="" Then passwd = rs.Fields("passwd") '//¾ÏÈ£°¡ ºñ¾î ÀÖÀ¸¸é ÀÌÀü ¾ÏÈ£ ÀúÀå If MemId="" And passwd="" Then passwd = rs.Fields("passwd") Else passwd = cx.SetEncode(passwd) End If '//¾÷·Îµå °æ·Î È®ÀÎ tmp = CreateServerFolder(directoryPath) If tmp=False Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù." Response.End End If '//ÆÄÀÏ »èÁ¦ üũ ó¸® For i=0 To (fileMaxNum-1) Step 1 If delAttachFile(i)="true" Then If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then '//File#n ÀÌÀüÆÄÀÏ »èÁ¦ fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) End If '//ÆÄÀÏÁ¤º¸ ÃʱâÈ­ fileName(i) = "" fileSize(i) = 0 fileDownLoad(i) = 0 End If Next '/////ÄÄÆÛ³ÍÆ®º° ó¸® '//ÀÚü ¾÷·ÎµåÀÏ °æ¿ì If uploadComponent="Built-in" Then For i=0 To (fileMaxNum-1) Step 1 sErrorNumber = "0" sFileName = "" If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" Else '//Map the virtual path to the local server path. sServerDir = Server.MapPath(uploadedPath) & "\" If Not fs.FolderExists(sServerDir) Then sErrorNumber = "102" '//Invalid Floder Name Á¸ÀçÇÏÁö ¾Ê´Â Æú´õ Else If UploadComponentRequest.GetFileName("attachFile"&i+1)<>"" Then '//Get the uploaded file name ¾÷·ÎµåµÈ ÆÄÀÏ °¡Á®¿À±â sFileName = UploadComponentRequest.File("attachFile"&i+1).Name sExtension = UploadComponentRequest.File("attachFile"&i+1).Ext sFileName = SanitizeFileName(sFileName) '//ÆÄÀÏ¸í¿¡ ºÎÁ¢ÇÕÇÑ ¹®ÀÚ Á¦°Å sOriginalFileName = sFileName fileName(i) = InjectionDefender(UploadComponentRequest.File("attachFile"&i+1).Name) '//ÆÄÀÏÀ̸§ fileSize(i) = UploadComponentRequest.File("attachFile"&i+1).Size '//ÆÄÀÏÅ©±â fileType(i) = UploadComponentRequest.File("attachFile"&i+1).MIME '//ÆÄÀÏŸÀÔ If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.") Response.End End If iCounter = 0 Do While True sFilePath = sServerDir & sFileName If fs.FileExists(sFilePath) Then iCounter = iCounter + 1 '//Áߺ¹ÆÄÀÏ Ã¼Å© sFileName = Left(sOriginalFileName, InStrRev(sOriginalFileName, ".") - 1) & "(" & iCounter & ")." & sExtension sErrorNumber = "201" 'Created, POST ¸í·É ½ÇÇà ¹× ¼º°ø fileName(i) = sFileName Else UploadComponentRequest.SaveAs "attachFile"&i+1, sFilePath If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" 'Accepted, ¼­¹ö°¡ Ŭ¶óÀ̾ðÆ® ¸í·ÉÀ» ¹ÞÀ½ Exit Do End If Loop '//ÀÌÀüÆÄÀÏ »èÁ¦ If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) Else '//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦Ã¼Å©°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå If delAttachFile(i)<>"true" Then fileName(i) = rs.Fields("fileName"&i+1) fileSize(i) = rs.Fields("fileSize"&i+1) End If End If End If End If 'Print sErrorNumber '//¿¡·¯¹ß»ý½Ã È®ÀÎ Next '//ABC¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ°æ¿ì ElseIf uploadComponent="ABCUpload" Then For i=0 To (fileMaxNum-1) Step 1 If objFile(i).fileExists Then fileName(i) = InjectionDefender(objFile(i).SafeFileName) '//ÆÄÀÏÀ̸§ fileSize(i) = objFile(i).Length '//ÆÄÀÏÅ©±â fileType(i) = objFile(i).FileType '//ÆÄÀÏŸÀÔ '//ÆÄÀÏ¿ë·® Á¦ÇÑ If objFile(i).Length > fileMaxLimit Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù." Response.End Else If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if '//File#n ÀÌÀüÆÄÀÏ »èÁ¦ If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) '//ÆÄÀÏ ÀúÀå °æ·Î strFileWholePath = GetUniqueName(fileName(i), DirectoryPath) '//ÆÄÀÏ ÀúÀå objFile(i).Save strFileWholePath '//ÀÌÀüÆÄÀÏ »èÁ¦ If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) End If Else '//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦Ã¼Å©°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå If delAttachFile(i)<>"true" Then fileName(i) = rs.Fields("fileName"&i+1) fileSize(i) = rs.Fields("fileSize"&i+1) End If End If Set objFile(i) = Nothing Next '//µ¦½ºÆ®¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ °æ¿ì ElseIf uploadComponent="DEXTUpload" Then For i=0 To (fileMaxNum-1) Step 1 If UploadComponentRequest("attachFile"&i+1)<>"" Then fileName(i) = InjectionDefender(UploadComponentRequest("attachFile"&i+1).FileName) fileSize(i) = UploadComponentRequest("attachFile"&i+1).FileLen fileType(i) = UploadComponentRequest("attachFile"&i+1).MimeType '//ÆÄÀÏ ¿ë·® Á¦ÇÑ If fileSize(i) > fileMaxLimit And fileMaxLimit <> -1 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù." Response.End Else If fileSize(i)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù." Response.End End if '//File#n ÀÌÀüÆÄÀÏ »èÁ¦ If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) '//ÆÄÀÏ ÀúÀå °æ·Î strFileWholePath = GetUniqueName(fileName(i), DirectoryPath) '//ÆÄÀÏ ÀúÀå UploadComponentRequest("attachFile"&i+1).SaveAS strFileWholePath '//ÀÌÀüÆÄÀÏ »èÁ¦ If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1)) End If Else '//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦ üũ°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå If delAttachFile(i)<>"true" Then fileName(i) = rs.Fields("fileName"&i+1) fileSize(i) = rs.Fields("fileSize"&i+1) End If End If Next Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UpCmpSetError")) '"ÄÄÆ÷³ÍÆ® ÁöÁ¤ÀÌ À߸øµÇ¾ú½À´Ï´Ù." Response.End End If Set UploadComponentRequest = Nothing rs.Close For i=0 To fileMaxNum-1 '//ÆÄÀÏ¸í¿¡¼­ ½ÌŬÄõÅ×ÀÌ¼Ç ¿¡·¯ ¹æÁö If fileName(i)<>"" Then fileName(i) = Replace(fileName(i),"'","''") '//ÆÄÀÏ »çÀÌÁî ÃʱâÈ­ If fileSize(i)="" Or IsNull(fileSize(i)) Then fileSize(i) = 0 Next '//ºñ¹Ð±ÛÀÌ ¾Æ´Ò°æ¿ì False·Î ¼³Á¤ If secret="" Then secret = 0 '//°Ô½Ã¹° ¾ÏÈ£ °¡Á®¿À±â strSql = "SELECT passwd FROM " & tid_board & " WHERE idx=" & idx & ";" rs.open strSql,dbConn Sql = "UPDATE " & tid_board & " SET " _ & "objProperty=" & N & "'" & objProperty & "'," _ & "secret=" & N & "'" & secret & "'," _ & "docType=" & N & "'" & docType & "'," _ & "author=" & N & "'" & author & "'," _ & "e_mail=" & N & "'" & e_mail & "'," _ & "homepage=" & N & "'" & homepage & "'," _ & "subject=" & N & "'" & subject & "'," _ & "passwd=" & N & "'" & passwd & "'," _ & "category=" & N & "'" & category & "'," _ & "editDate=" & N & "'" & Now & "'," _ & "ip_edit=" & N & "'" & ip_edit & "'," _ & "usrAgent_edit=" & N & "'" & usrAgent_edit & "'," _ & "siteLink1=" & N & "'" & siteLink1 & "'," _ & "siteLink2=" & N & "'" & siteLink2 & "'," For i=0 To (fileMaxNum-1) Step 1 Sql = Sql & "fileName" & i+1 & "=" & N & "'" & fileName(i) & "'," _ & "fileSize" & i+1 & "=" & fileSize(i) & ", " Next Sql = Sql & "contents=" & N & "'" & contents & "'" _ & "WHERE idx=" & idx & ";" '//ÀÎÁõµÇ°Å³ª °ü¸®ÀÚÀÏ°æ¿ì If md5.MD5(rs.Fields("passwd"))=auth Or md5.Md5(admin_passwd)=auth Then dbConn.Execute Sql,,128 Response.Redirect "?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." End If End If Response.End '********************************************************************** ' °Ô½Ã¹° »èÁ¦ ó¸® '********************************************************************** ElseIf mode="delete" Then Response.Clear '//ÀÎÁõ¾ÏÈ£ authpasswd = Replace(Request.Form("authpasswd"), "'", "''") '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else If MemId="" Then authpasswd = cx.SetEncode(authpasswd) End If If Response.isClientConnected Then Sql = "SELECT passwd," For i=1 To 30 Sql = Sql & " fileName" & i If i<30 Then Sql = Sql & ", " Else Sql = Sql & " " Next '//°Ô½Ã¹° Á¤º¸ °¡Á®¿À±â Sql = Sql & " FROM " & tid_board & " WHERE idx=" & idx & ";" rs.Open Sql,dbConn If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownObjectMsg")) '"°Ô½Ã¹°ÀÌ ¾ø°Å³ª ÀÌ¹Ì »èÁ¦µÇ¾ú½À´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ÀÎÁõµÇ¾ú°Å³ª °ü¸®ÀÚÀÏ°æ¿ì If authpasswd=rs.Fields("passwd") Or authpasswd=admin_passwd Then For i=1 To 30 Step 1 If rs.Fields("fileName"&i)<>"" Then If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i)) Then '//ÆÄÀÏÀÌ ÀÖÀ¸¸é file#n ÀÌÀü ÆÄÀÏ »èÁ¦ fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i)) End If End If Next dbConn.BeginTrans() '//°Ô½Ã¹°¿¡ Æ÷ÇÔµÈ ´ñ±Û ¸ðµÎ»èÁ¦ Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND objNum=" & idx & ";" dbConn.Execute Sql,,128 '//°Ô½Ã¹° »èÁ¦ Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idx & ";" dbConn.Execute Sql,,128 '//°Ô½Ã¹° °¹¼ö °¨¼Ò Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-1 WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 If dbConn.Errors.Count=0 Then dbConn.CommitTrans() Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else dbConn.RollbackTrans() Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DeleteErrorMsg")) '"¿À·ù·Î ÀÎÇØ »èÁ¦Ã³¸®°¡ ÁߴܵǾú½À´Ï´Ù." Response.End End If Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." End If End If Response.End '********************************************************************** ' °Ô½Ã¹° ¸ÖƼ »èÁ¦ ó¸® '********************************************************************** ElseIf mode="deleteAtAll" Then Response.Clear authpasswd = Replace(Request.Form("authpasswd"), "'", "''") '//ÀÎÁõ¾ÏÈ£ idx = InjectionDefender(Request("idx")) '//°Ô½Ã¹° °íÀ¯¹øÈ£µé(½°Ç¥ ±¸ºÐ) idxs = Split(idx,", ") '//°Ô½Ã¹° °íÀ¯¹øÈ£ ºÐ¸® idxp = Replace(idx,", "," OR idx=") '//idxº° Äõ¸®¹® Á¤¸® idxpx = Replace(idx,", "," OR objNum=") '//objNumº° Äõ¸®¹® Á¤¸® If InStr(idxp,"'")>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiDeleteQueryError")) '"Äõ¸®¿¡ À߸øµÈ ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù." Response.End End If '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else If IsAdmin<>True Then authpasswd = cx.SetEncode(authpasswd) End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Response.isClientConnected Then If authpasswd=admin_passwd Then '//°ü¸®ÀÚ·Î ÀÎÁõµÇ¾úÀ» °æ¿ì dbConn.BeginTrans() '//Æ®·£Àè¼Ç ½ÃÀÛ For i=0 To Ubound(idxs) objSql = "SELECT * FROM " & tid_board & " WHERE idx=" & idxs(i) '//ÆÄÀÏÀ̸§ °¡Á®¿À±â objRs.open objSql,dbConn If Not objRs.EOF Then For ii=0 To 29 Step 1 fileName(ii) = objRs.Fields("fileName"&ii+1) If fileName(ii)<>"" Then '//ÆÄÀÏÀ̸§ È®ÀÎ If fs.FileExists(directoryPath & "\" & fileName(ii)) Then '//ÆÄÀÏÀÌ ÀÖ´ÂÁö üũ fs.DeleteFile(directoryPath & "\" & fileName(ii)) '//file#n ÆÄÀÏ »èÁ¦ End If End If Next End If objRs.Close Next '//°Ô½Ã¹° »èÁ¦ Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idxp & ";" '//°Ô½Ã¹° »èÁ¦ Äõ¸® dbConn.Execute Sql,,128 '//´ñ±Û »èÁ¦ Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND (objNum=" & idxpx & ");" dbConn.Execute Sql,,128 '//°Ô½Ã¹° °¹¼ö °¨¼Ò Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-" & UBound(idxs)+1 & " WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 If dbConn.Errors.Count=0 Then dbConn.CommitTrans() '//¿¡·¯°¡ ¾øÀ¸¸é Æ®·£Àè¼ÇÀ» Ä¿¹Ô½ÃÅ´ Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else dbConn.RollbackTrans() '//¿¡·¯°¡ ÀÖÀ¸¸é ·Ñ¹éó¸® Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DeleteErrorMsg")) '"¿À·ù·Î ÀÎÇØ »èÁ¦Ã³¸®°¡ ÁߴܵǾú½À´Ï´Ù." Response.End End If Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." End If End If Response.End '********************************************************************** ' °Ô½Ã¹° À̵¿ '********************************************************************** ElseIf mode="MoveArticles" Then Response.Clear targetTableIdName = Replace(Request.Form("targetTableIdName"),"'","''") authpasswd = Replace(Request.Form("authpasswd"), "'" ,"''") '//ÀÎÁõ¾ÏÈ£ idx = InjectionDefender(Request("idx")) '//°Ô½Ã¹° °íÀ¯¹øÈ£µé(½°Ç¥ ±¸ºÐ) idxs = Split(idx,", ") '//°Ô½Ã¹° °íÀ¯¹øÈ£ ºÐ¸® idxp = Replace(idx,", "," OR idx=") '//idxº° Äõ¸®¹® Á¤¸® idxpx = Replace(idx,", "," OR objNum=") '//objNumº° Äõ¸®¹® Á¤¸® If targetTableIdName=id Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveSelError")) '"°°Àº °Ô½ÃÆÇÀ¸·Î´Â À̵¿ÇÒ¼ö ¾ø½À´Ï´Ù." Response.End End If If InStr(idxp,"'")>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveQueryError")) '"Äõ¸®¿¡ À߸øµÈ ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù." Response.End End If '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else If IsAdmin<>True Then authpasswd = cx.SetEncode(authpasswd) End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Response.IsClientConnected Then If authpasswd=admin_passwd Then '//°ü¸®ÀÚ·Î ÀÎÁõµÇ¾úÀ» °æ¿ì targetTableIdBoard = "_board_" & targetTableIdName '//´ë»óÅ×À̺íÀ̸§ 'targetTableIdCmt = "_board_cmt_" & targetTableIdName '//´ë»ó´ñ±ÛÅ×À̺íÀ̸§ dbConn.BeginTrans() '//Æ®·£Àè¼Ç ½ÃÀÛ Sql = "SELECT MAX(seqNum) FROM " & targetTableIdBoard '//À̵¿´ë»ó °Ô½ÃÆÇÀÇ seqNumÇʵ忡¼­ °¡Àå Å«¼ö ºÒ·¯¿À±â rs.Open Sql,dbConn If IsNull(rs.Fields(0)) Then seqNum=1 Else seqNum=rs.Fields(0)+1 '//Áõ°¡ ½ÃŲ seqNum°ª ±¸Çϱâ rs.Close i = UBound(idxs) j = 0 Do While i>=0 '/////÷ºÎÆÄÀÏ À̵¿ Sql = "SELECT directoryPath FROM " & AdminTblName & " WHERE board_id='" & targetTableIdName & "';" rs.Open Sql,dbConn targetDirectoryPath = rs.Fields(0) '//À̵¿´ë»ó °Ô½ÃÆÇÀÇ ¾÷·ÎµåÆÄÀÏ ÀúÀå°æ·Î rs.Close If StrComp(uploadedPath, FSBOARD_PATH & targetDirectoryPath)<>0 Then '//¿øº»°Ô½ÃÆÇ°ú À̵¿´ë»ó°Ô½ÃÆÇÀÇ ¾÷·ÎµåÆÄÀÏ °æ·Î°¡ ´Ù¸¦ °æ¿ì '//¾÷·Îµå °æ·Î È®ÀÎ tmp = CreateServerFolder(targetDirectoryPath) If tmp=False Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù." Response.End End If Sql = "SELECT " For ii=1 To 30 Sql = Sql & " fileName" & ii & "," Next Sql = Sql & "idx FROM " & tid_board & " WHERE idx=" & idxs(i) rs.Open Sql,dbConn '//¿øº»°Ô½Ã¹° ÆÄÀÏÀ̸§ °¡Á®¿À±â If Not rs.EOF Then For ii=0 To 29 fileName(ii) = rs.Fields("fileName"&ii+1) '//ÆÄÀÏÀ̸§µéÀ» ¹è¿­¿¡ ġȯ If fileName(ii)<>"" Or Not IsNull(fileName(ii)) Then '//ÆÄÀÏÀ̸§ÀÌ ÀÖÀ» °æ¿ì If fs.FileExists(directoryPath & "\" & fileName(ii)) Then '//ÆÄÀÏÀÌ Á¸ÀçÇÏ´ÂÁö üũ fs.MoveFile directoryPath & "\" & fileName(ii), Server.MapPath(targetDirectoryPath & "/" & fileName(ii)) '//À̵¿´ë»ó°Ô½ÃÆÇÀ¸·Î ÷ºÎÆÄÀϵéÀ» ¸ðµÎ À̵¿ End If End If Next End If rs.Close End If '/////°Ô½Ã¹° À̵¿ Sql = "INSERT INTO " & targetTableIdBoard & " SELECT seqNum,objProperty,midx,secret,docType,author,e_mail,homepage,subject,passwd,category,regDate,editDate,latestDate,memoNum,readNum,vote,ip_reg,ip_edit,usrAgent_reg,usrAgent_edit,ref,re_step,re_level,siteLink1,siteLink2," For ii=1 To 30 Step 1 Sql = Sql & "fileName" & ii & ",fileSize" & ii & ",fileDownload" & ii & "," Next Sql = Sql & "contents FROM " & tid_board & " WHERE idx=" & idxs(i) & ";" dbConn.Execute Sql,,128 '//¿øº»°Ô½ÃÆÇÀ¸·ÎºÎÅÍ ´ë»ó°Ô½ÃÆÇÀ¸·Î ·¹ÄÚµå º¹»ç(idx,ref,re_step,re_level Ä÷³µéÀº Á¦¿Ü) Sql = "SELECT @@IDENTITY FROM " & targetTableIdBoard & ";" rs.Open Sql,dbConn '//´ë»ó°Ô½ÃÆÇ¿¡ ÀÔ·ÂµÈ idx°ª °¡Á®¿À±â insert_id = rs.Fields(0) rs.Close Sql = "UPDATE " & targetTableIdBoard & " SET seqNum=" & seqNum + j & ", ref=" & seqNum + j & ", re_step=0, re_level=0 WHERE idx=(SELECT max(idx) FROM " & targetTableIdBoard & ")"'idx=" & idxs(i) dbConn.Execute Sql,,128 '//º¹»ç¿¡¼­ Á¦¿Ü½ÃÄ×´ø ref,re_step,re_level Ä÷³ÀÇ °ªÀ» ÁöÁ¤ÇØÁÜ(idx´Â Á¦¿Ü) Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idxs(i) & ";" dbConn.Execute Sql,,128 '//¿øº» °Ô½Ã¹° »èÁ¦ '/////´ñ±Û À̵¿(¿¹Àü ¹öÀü) 'Sql = "UPDATE " & tid_cmt & " SET objNum=0 WHERE objNum=" & idxs(i) 'dbConn.Execute Sql,,128 '//À̵¿µÉ ´ñ±ÛÀνĹøÈ£¸¦ 0À¸·Î ¹Ù²Þ 'Sql = "INSERT INTO " & targetTableIdCmt & " SELECT objNum,name,e_mail,passwd,regDate,editDate,ip,memo FROM " & tid_cmt & " WHERE objNum=0" 'dbConn.Execute Sql,,128 '//´ñ±Û ·¹ÄÚµå º¹»ç(seqNum Ä÷³ Á¦¿Ü) 'Sql = "UPDATE " & targetTableIdCmt & " SET objNum=(SELECT max(idx) FROM " & targetTableIdBoard & ") WHERE objNum=0" 'dbConn.Execute Sql,,128 '//´ñ±ÛÀνĹøÈ£¸¦ À̵¿µÈ °Ô½Ã¹°ÀÇ °íÀ¯¹øÈ£·Î ¹Ù²Þ 'Sql = "DELETE FROM " & tid_cmt & " WHERE objNum=0" 'dbConn.Execute Sql,,128 '//¿øº» ´ñ±Û »èÁ¦ '/////´ñ±Û À̵¿ Sql = "UPDATE " & tid_cmt & " SET board_id=" & N & "'" & targetTableIdName & "', objNum=" & insert_id & " WHERE board_id='" & id & "' AND (objNum=" & idxs(i) & ");" dbConn.Execute Sql,,128 '//À̵¿µÈ ´ñ±ÛÀνĹøÈ£ ¸ÊÇÎ i = i - 1 j = j + 1 Loop '//¿øº»°Ô½ÃÆÇ °Ô½Ã¹° °¹¼ö ¸ÂÃã Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-" & UBound(idxs)+1 & " WHERE board_id='" & id & "';" dbConn.Execute Sql,,128 '//´ë»ó°Ô½ÃÆÇ °Ô½Ã¹° °¹¼ö ¸ÂÃã Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum+" & UBound(idxs)+1 & " WHERE board_id='" & targetTableIdName & "';" dbConn.Execute Sql,,128 '//Æ®·£Àè¼Ç If dbConn.Errors.Count=0 Then dbConn.CommitTrans() '//Äõ¸® ¼öÇà Else dbConn.RollbackTrans() '//·Ñ¹é ½ÃÅ´ Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveErrorMsg")) '"¿À·ù·Î ÀÎÇØ °Ô½Ã¹°À̵¿ÀÌ ÁߴܵǾú½À´Ï´Ù." End If '//¿ø·¡ °Ô½ÃÆÇÀ¸·Î º¹±Í Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." End If End If Response.End '//·¹ÄÚµå Ä«ÇÇ Âü°í 'insert into A select * from B '·¹ÄÚµå Ä«ÇÇ Äõ¸® 'select * into A from B '·¹ÄÚµå Ä«ÇÇ Äõ¸® '********************************************************************** ' ÀÎÁõ Æû '********************************************************************** ElseIf mode="authenticate" Then '//Æ÷ÇԵǾú´ÂÁö È®ÀÎ LoginIncluded = True '//·Î±×ÀÎ ÆÄÀÏ Æ÷ÇÔ ½ÃÅ´ %><% '********************************************************************** ' ÷ºÎÆÄÀÏ ´Ù¿î·Îµå '********************************************************************** ElseIf mode="download" Then Response.Clear ServerSoftware = Request.ServerVariables("SERVER_SOFTWARE") With Request nav = InjectionDefender(.QueryString("nav")) fileNum = InjectionDefender(.QueryString("fileNum")) fName = InjectionDefender(.QueryString("filename")) referer = InjectionDefender(.ServerVariables("HTTP_REFERER")) maintainIdCode = Trim(.QueryString("maintainIdCode")) End With '//¹«´Ü¸µÅ© È®ÀÎ If useBlockAnyLink=True And maintainIdCode<>md5.MD5(Session.SessionId) Then host = Request.ServerVariables("HTTP_HOST") referer = Request.ServerVariables("HTTP_REFERER") If InStr(referer, host)<=0 Then Print MsgExtract("DLPermissionError") '"¿ÜºÎ¿¡¼­ ¹«´Ü¸µÅ© µÇ¾î ´Ù¿î·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù. You don't have permission to access." Response.End End If Print MsgExtract("DLPermissionError") '"¿ÜºÎ¿¡¼­ ¹«´Ü¸µÅ© µÇ¾î ´Ù¿î·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù. You don't have permission to access." Response.End End If '//°Ô½Ã¹° Á¤º¸ °¡Á®¿À±â Sql = "SELECT * FROM " & tid_board & " WHERE idx=" & InjectionDefender(idx) & ";" rs.open Sql,dbConn If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//±ÇÇÑ Ã¼Å© If viewLevel=False Or (rs.Fields("secret")=True And secretLevel=False) Then If referer="" Or InStr(referer,"mode=view")=0 Or InStr(referer,"idx="&idx)=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UserPermissionError")) '"±ÇÇÑÀÌ ¾ø½À´Ï´Ù." Response.End End If End If For i=1 To 30 Step 1 If fileNum=CStr(i) Then If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i)) Then '//ÀúÀåµÈ ´Ù¿î·Îµå Ƚ¼ö °¡Á®¿À±â ii = CDbl(rs.Fields("fileDownLoad"&i)) '//´Ù¿î·Îµå Ƚ¼ö Áõ°¡ ii = ii + 1 '//Áõ°¡½ÃŲ Ƚ¼ö ±â·Ï Sql = "UPDATE " & tid_board & " SET fileDownLoad" & i & "=" & ii & " WHERE idx=" & idx & ";" dbConn.Execute Sql,,128 Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NoFileMsg")) '"ÆÄÀÏÀÌ ¾ø½À´Ï´Ù." End If If InStr(ServerSoftware,"Microsoft-IIS/5.0")>0 Then If rs.Fields("fileSize"&i)>0 And rs.Fields("fileSize"&i)<=(2^20*20) Then useStream=True Else useStream=False '//IIS5.0¿¡¼­ ÆÄÀÏ¿ë·® üũ 0¹ÙÀÌÆ®À̰ųª 20MB°¡ ³ÑÀ» °æ¿ì Á÷Á¢¸µÅ© Else If rs.Fields("fileSize"&i)>0 And rs.Fields("fileSize"&i)<=(2^20*20) Then useStream=True Else useStream=False '//ÆÄÀÏ¿ë·® üũ 0¹ÙÀÌÆ®À̰ųª 4MB°¡ ³ÑÀ» °æ¿ì Á÷Á¢¸µÅ© end If If InStr(rs.Fields("fileName"&i),".mp3") Or InStr(rs.Fields("fileName"&i),".MP3") Then 'Response.Redirect "?id=" & id & "&mode=fileLink&nav=view&idx=" & idx & "&fileName=" & Server.UrlEncode(rs.Fields("fileName"&i)) & "&maintainCode=" & md5.MD5(Session.SessionId) 'Response.End useStream = False End If End If Next If useStream Then '//°­Á¦ ´Ù¿î·Îµå ÇÔ¼ö È£Ãâ DownloadFile fName,uploadedPath Else 'Print "Download" Response.Redirect uploadedPath & "/" & fName End If '//¿ø·¡ ÀÚ¸®·Î º¹±Í 'Response.Redirect "?id=" & id & "&mode=" & nav & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page rs.Close Response.End '********************************************************************** ' ÆÄÀÏ °æ·Î µÇµ¹¸®±â '********************************************************************** ElseIf mode="fileLink" Then Response.Clear nav = Trim(Request.QueryString("nav")) fName = Trim(Request.QueryString("filename")) filepath = "" If useBlockAnyLink=True Then maintainIdCode = Trim(Request.QueryString("maintainIdCode")) If maintainIdCode=md5.MD5(Session.SessionId) Then filepath = uploadedPath & "/" & fName Else filepath = "/" End If host = Request.ServerVariables("HTTP_HOST") referer = Request.ServerVariables("HTTP_REFERER") 'If InStr(referer, host)<=0 Then filepath = "/" Else filepath = uploadedPath & "/" & fName End If Response.Redirect(filepath) Response.End '********************************************************************** ' ¿¡·¯ ¸Þ½ÃÁö º¸À̱â '********************************************************************** ElseIf mode="error" Then '//¿¡·¯¸Þ½ÃÁö ÆÄÀÏ Æ÷ÇÔ ½ÇÇà 'Server.Execute(FSBOARD_PATH & "lib/_error.asp") %><% '********************************************************************** ' °Ô½Ã¹° Ãßõ '********************************************************************** ElseIf mode="vote" Then '//Ãßõ ÄíÅ° È®ÀÎ If Request.Cookies("fsbv"&id)(CStr(idx))<>"v" Then With Response .Cookies("fsbv"&id)(CStr(idx)) = "v" .Cookies("fsbv"&id).Expires = Date + 365 .Cookies("fsbv"&id).Path = Request.ServerVariables("URL")'"/" End With Sql = "SELECT vote FROM " & tid_board & " WHERE idx=" & InjectionDefender(idx) & ";" rs.Open Sql,dbConn If Not rs.EOF Then i = rs.Fields("vote") i = i + 1 '//Ãßõ¼ö Áõ°¡ Sql = "UPDATE " & tid_board & " SET vote=" & CDbl(i) & " WHERE idx=" & InjectionDefender(idx) & ";" dbConn.Execute Sql,,128 End If Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("VoteOverLapping")) '"ÀÌ¹Ì ÃßõÇÏ¿´½À´Ï´Ù." End If '//¿ø·¡ ÀÚ¸®·Î º¹±Í Response.Redirect "?id=" & id & "&mode=" & nav & "&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End '********************************************************************** ' ´ñ±Û ÀúÀå ó¸® '********************************************************************** ElseIf mode="saveMemo" Then Response.Clear With Request name = InjectionDefender(Trim(.Form("name"))) '//ÀÛ¼ºÀÚ À̸§ e_mail = InjectionDefender(Trim(.Form("e_mail"))) '//ÀÛ¼ºÀÚ ¸ÞÀÏ passwd = Replace(Trim(.Form("passwd")),"'","''") '//¾ÏÈ£ memo = Replace(Trim(.Form("memo")),"'","''") '//¸Þ¸ð³»¿ë refuse = True objNum = idx '//°Ô½Ã¹° °íÀ¯¹øÈ£ regdate = Now '//ÀÛ¼º³¯Â¥ ip_reg = .ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÇÑ°÷ ¾ÆÀÌÇÇÁÖ¼Ò referer = .ServerVariables("HTTP_REFERER") host = .ServerVariables("HTTP_HOST") End With '//¿ÜºÎÀÔ·Â ¹æÁö If InStr(referer, host)<=0 Then refust = False If referer<>"" And InStr(referer,"http://")=1 And InStr(referer,"&mode=view")>0 Then refuse = False If refuse=True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ȸ¿øÀÏ °æ¿ì ȸ¿ø idx °¡Á®¿È If MemId<>"" Then Sql = "SELECT idx FROM " & MemTblName & " WHERE mem_id='" & MemId & "';" rs.Open Sql,dbConn If Not rs.EOF Then midx = rs.Fields("idx") Else midx = 0 rs.Close Else midx = 0 End If '//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ÀúÀå If MemId<>"" And passwd="" Then passwd = Session.Contents("MemPasswd") If name="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." If memo="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." If passwd="" Or Len(passwd)<4 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredPassword")) '"¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n³»¿ëÀ» ¼öÁ¤Çϰųª »èÁ¦ÇÒ¶§ ÇÊ¿äÇÕ´Ï´Ù." If Len(name)>30 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÌ ³Ê¹« ±é´Ï´Ù." If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidEmail")) '"À߸øµÈ À̸ÞÀÏÁÖ¼ÒÀÔ´Ï´Ù." '//ºÒ·®´Ü¾îüũ If useWordFilter=True Then strTemp = Split(badWords,",") For i=0 To Ubound(strTemp) If InStr(1,memo,strTemp(i))<>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ." Response.End End If Next End If If MemId="" Then passwd = cx.SetEncode(passwd) If Response.isClientConnected Then Sql = "INSERT INTO " & tid_cmt & " (" _ & "board_id," _ & "objNum," _ & "midx," _ & "name," _ & "e_mail," _ & "passwd," _ & "regdate," _ & "ip_reg," _ & "memo" _ & ") VALUES (" _ & N & "'" & id & "'," _ & objNum & "," _ & midx & "," _ & N & "'" & name & "'," _ & N & "'" & e_mail & "'," _ & N & "'" & passwd & "'," _ & N & "'" & regdate & "'," _ & N & "'" & ip_reg & "'," _ & N & "'" & memo & "'" _ & ")" objSql = "SELECT memoNum FROM " & tid_board & " WHERE idx=" & idx & ";" rs.open objSql,dbConn memoNum = rs.Fields("memoNum") memoNum = Int(memoNum) + 1 '//´ñ±Û°¹¼ö Áõ°¡ rs.Close objSql = "UPDATE " & tid_board & " SET " _ & "memoNum=" & memoNum & "," _ & "latestDate=" & N & "'" & Now & "' " _ & "WHERE idx=" & InjectionDefender(idx) & ";" dbConn.BeginTrans() dbConn.Execute Sql,,128 '//´ñ±ÛÃß°¡ dbConn.Execute objSql,,128 '//´ñ±ÛÁ¤º¸ Ãß°¡ If dbConn.Errors.Count=0 Then dbConn.CommitTrans() Response.redirect("?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page) Else dbConn.RollbackTrans() Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿À·ù·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù." End If End If Response.End '********************************************************************** ' ´ñ±Û ¼öÁ¤ ó¸® '********************************************************************** ElseIf mode="modifyMemo" Then Response.Clear With Request seqNum = InjectionDefender(.Form("seqNum")) '//´ñ±Û°íÀ¯¹øÈ£ name = InjectionDefender(Trim(.Form("name"))) '//ÀÛ¼ºÀÚ À̸§ e_mail = InjectionDefender(Trim(.Form("e_mail"))) '//ÀÛ¼ºÀÚ ¸ÞÀÏ passwd = Replace(Trim(.Form("passwd")),"'","''") '//¾ÏÈ£ memo = Replace(Trim(.Form("memo")),"'","''") '//¸Þ¸ð³»¿ë editdate = Now '//ÀÛ¼º³¯Â¥ ip_edit = .ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÇÑ°÷ ¾ÆÀÌÇÇÁÖ¼Ò host = .ServerVariables("HTTP_HOST") referer = .ServerVariables("HTTP_REFERER") '//ÀÌÀüÆäÀÌÁö ÁÖ¼Ò End With '//¿ÜºÎÀÔ·Â ¹æÁö If InStr(referer, host)<=0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not IsNumeric(seqNum) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownPKCode")) '"½Äº°Äڵ尡 À߸øµÇ¾ú½À´Ï´Ù." Response.End End If Sql = "SELECT e_mail,passwd FROM " & tid_cmt & " WHERE seqNum=" & InjectionDefender(seqNum) & ";" rs.Open Sql,dbConn If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î If MemId<>"" And passwd="" Then passwd = Session.Contents("MemPasswd") If cx.SetEncode(passwd)=admin_passwd Then passwd = rs.Fields("passwd") If IsAdmin=True Then passwd = rs.Fields("passwd") If e_mail="" Then e_mail = rs.Fields("e_mail") '//Çʼö »çÇ× È®ÀÎ If passwd="" Or Len(passwd)<1 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RqrMemoMdfPwdErr")) '"ÀÛ¼ºÇÒ¶§ ÀÔ·ÂÇß´ø ¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n·Î±×ÀÎ »óÅ¿¡¼­ ÀÛ¼ºÇÑ ±ÛÀ̸é ȸ¿øÀÇ ¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.") If name="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." If memo="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä." If Len(name)>30 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÌ ³Ê¹« ±é´Ï´Ù." If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidEmail")) '"À߸øµÈ À̸ÞÀÏÁÖ¼ÒÀÔ´Ï´Ù." If MemId="" Then If passwd<>rs.Fields("passwd") Then passwd = cx.SetEncode(passwd) End If If passwd<>rs.Fields("passwd") Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." rs.Close '//ºÒ·®´Ü¾îüũ If useWordFilter=True Then strTemp = Split(badWords,",") For i=0 To Ubound(strTemp) If InStr(1,memo,strTemp(i))<>0 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ." Response.End End If Next End If If Response.isClientConnected Then Sql = "UPDATE " & tid_cmt & " SET " _ & " name=" & N & "'" & name & "'," _ & " e_mail=" & N & "'" & e_mail & "'," _ & " editdate=" & N & "'" & editdate & "'," _ & " ip_edit=" & N & "'" & ip_edit & "'," _ & " memo=" & N & "'" & memo & "' " _ & " WHERE board_id='" & id & "' AND seqNum=" & InjectionDefender(seqNum) & ";" dbConn.Execute Sql,,128 End If Response.redirect("?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page) Response.End '********************************************************************** ' ´ñ±Û »èÁ¦ ó¸® '********************************************************************** ElseIf mode="deleteMemo" Then Response.Clear authpasswd = Replace(Request.Form("authpasswd"),"'","''") '//ÀÎÁõ¾ÏÈ£ seqNum = InjectionDefender(Request.QueryString("seqNum")) '//´ñ±Û°íÀ¯¹øÈ£ If Not isNumeric(seqNum) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownPKCode")) '"½Äº°Äڵ尡 À߸øµÇ¾ú½À´Ï´Ù." Response.End End If '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿ If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else If MemId="" Then authpasswd = cx.SetEncode(authpasswd) End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Response.isClientConnected Then Sql = "SELECT passwd FROM " & tid_cmt & " WHERE seqNum=" & seqNum & ";" rs.open Sql,dbConn passwd = rs.Fields("passwd") rs.Close '//°Ô½Ã¹°¾ÏÈ£¸¦ ÀÎÁõÇϰųª °ü¸®ÀÚ°¡ Á¢±ÙÇßÀ» °æ¿ì If authpasswd=passwd Or authpasswd=admin_passwd Then Sql = "SELECT memoNum FROM " & tid_board & " WHERE idx=" & idx & ";" rs.open Sql,dbConn memoNum = rs.Fields("memoNum") '//¸Þ¸ð±Û ¼ýÀÚ °¨¼Ò If memoNum>0 Then memoNum = memoNum - 1 rs.Close '//¸Þ¸ð±Û »èÁ¦ Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND seqNum=" & InjectionDefender(seqNum) & ";" objSql = "UPDATE " & tid_board & " SET memoNum=" & memoNum & " WHERE idx=" & InjectionDefender(idx) & ";" dbConn.BeginTrans() dbConn.Execute Sql,,128 dbConn.Execute objSql,,128 If dbConn.Errors.Count=0 Then dbConn.CommitTrans() Response.Redirect "?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Else dbConn.RollbackTrans() Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿¡·¯·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù." End If '//ÀÎÁõ½ÇÆÐÇßÀ» °æ¿ì Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." End If End If Response.End '********************************************************************** ' RSS Feed XML '********************************************************************** ElseIf mode="rss.xml" Then '//º¯¼ö ¼±¾ð Dim allowRss Dim xmlPars Dim rss Dim Channel Dim title Dim channel_link Dim Description Dim language Dim image Dim i_title Dim i_url Dim i_width Dim i_height Dim i_link Dim item Dim link Dim dcdate Dim dcsubject Dim dcauthor Dim dccategory Dim posturl Dim yoil Dim wol Dim il Dim yon Dim si Dim bun Dim cho '//ij½Ã·Îµù ¹æÁö Response.Expires = -1 Response.ExpiresAbsolute = Now - 1 Response.AddHeader "pragma", "no-cache" Response.AddHeader "cache-control", "private" Response.CacheControl = "no-cache" '//¹öÆÛ ºñ¿ò Response.Clear '//XML ¼±¾ð Response.ContentType = "text/xml; charset=euc-kr" Response.Write "" & VbCrLf allowRss = True '//RSS Çã¿ë¿©ºÎ If Not allowRss Then Response.Write "" & VbCrLf Response.Write "" & VbCrLf Response.Write "" & VbCrLf Response.Write "1" & VbCrLf Response.Write "ÇØ´ç °Ô½ÃÆÇÀº ÃßÃâÇÒ ¼ö ¾ø½À´Ï´Ù." & VbCrLf Response.Write "" & VbCrLf Response.Write "" Response.End End If '//XML DOM Set xmlPars = Server.CreateObject("Msxml2.DOMDocument") 'xmlPars.ValidateOnParse = True 'xmlPars.async = False '//RSS Á¤º¸ ´ã±â Set rss = xmlPars.CreateElement("rss") rss.SetAttribute "version", "2.0" rss.SetAttribute "xmlns:dc", "http://purl.org/dc/elements/1.1/" rss.SetAttribute "xmlns:sy", "http://purl.org/rss/1.0/modules/syndication/" rss.SetAttribute "xmlns:admin", "http://webns.net/mvcb/" rss.SetAttribute "xmlns:rdf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlPars.AppendChild(rss) '// Á¤º¸ Set Channel = xmlPars.CreateElement("channel") rss.AppendChild(Channel) '// Set title = xmlPars.CreateElement("title") Channel.AppendChild(title) Channel.ChildNodes(0).Text = boardName 'ºí·Î±× Á¦¸ñ '//<link> Set channel_link = xmlPars.CreateElement("link") Channel.AppendChild(channel_link) Channel.ChildNodes(1).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & FSMAINFILE & "?id=" & id 'ºí·Î±× ÁÖ¼Ò '//<description> Set description = xmlPars.CreateElement("description") Channel.AppendChild(description) Channel.ChildNodes(2).Text = Request.ServerVariables("HTTP_HOST") & "(" & boardName & ")" 'ºí·Î±× ¼³¸í '//<dc:language>Á¤º¸ Set language = xmlPars.CreateElement("dc:language") Channel.AppendChild(language) Channel.ChildNodes(3).Text = "ko" '//<image> Set image = xmlPars.CreateElement("image") Channel.AppendChild(image) '//À̹ÌÁö Á¤º¸¿¡ µé¾î°¥ °Íµé Set i_title = xmlPars.CreateElement("title") Set i_url = xmlPars.CreateElement("url") Set i_width = xmlPars.CreateElement("width") Set i_height = xmlPars.CreateElement("height") Set i_link = xmlPars.CreateElement("link") image.AppendChild(i_title) image.AppendChild(i_url) image.AppendChild(i_width) image.AppendChild(i_height) image.AppendChild(i_link) image.ChildNodes(0).Text = id & " °Ô½ÃÆÇ" '//À̹ÌÁö Á¦¸ñ image.ChildNodes(1).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "img/logo/logo3.png" '//À̹ÌÁö °æ·Î image.ChildNodes(2).Text = "230" '//À̹ÌÁö °¡·Î »çÀÌÁî image.ChildNodes(3).Text = "100" '//À̹ÌÁö ¼¼·Î »çÀÌÁî image.ChildNodes(4).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "index.asp?id=" & id '//À̹ÌÁö¸µÅ© '//Æ÷½ºÆ® Á¤º¸ '//µ¥ÀÌÅÍ °¡Á®¿À±â SQL = "SELECT TOP 15 * FROM " & tid_board & " ORDER BY idx DESC;" 'Set rs = Server.CreateObject("ADODB.Recordset") 'rs.Open SQL,dbConn,adOpenForwardOnly,adLockPessimistic,adCmdText rs.Open Sql,dbConn,0,2,&H0001 '//µ¥ÀÌÅÍ ·çÇÁ Do Until rs.EOF If Not rs.Fields("secret") Then '//<item>³ëµå Ãß°¡ Set item = xmlPars.CreateElement("item") Channel.AppendChild(item) '//Æ÷½ºÆ® ¼¼ºÎ Á¤º¸ Ãâ·Â Set title = xmlPars.CreateElement("title") Set link = xmlPars.CreateElement("link") Set description = xmlPars.CreateElement("description") Set dcdate = xmlPars.CreateElement("dc:date") Set dcsubject = xmlPars.CreateElement("dc:subject") Set dcauthor = xmlPars.CreateElement("author") Set dccategory = xmlPars.CreateElement("category") item.AppendChild(title) item.AppendChild(link) item.AppendChild(description) item.AppendChild(dcdate) item.AppendChild(dcsubject) item.AppendChild(dcauthor) item.AppendChild(dccategory) subject = rs.Fields("subject") posturl = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "index.asp?id=" & id & "&mode=view&idx=" & rs.Fields("idx") contents = rs.Fields("contents") regdate = rs.Fields("regDate") category = rs.Fields("category") author = rs.Fields("author") '//³¯Â¥ Æ÷¸ä Select Case WeekDay(DatePart("w",regdate)):Case 1:yoil = "Sun":Case 2:yoil = "Mon":Case 3:yoil = "Tue":Case 4:yoil = "Wed":Case 5:yoil = "Thu":Case 6:yoil = "Fri":Case 7:yoil = "Sat":End Select Select Case Month(regdate):Case 1:wol = "Jan":Case 2:wol = "Feb":Case 3:wol = "Mar":Case 4:wol = "Apr":Case 5:wol = "May":Case 6:wol = "Jun":Case 7:wol = "Jul":Case 8:wol = "Aug":Case 9:wol = "Sep":Case 10:wol = "Oct":Case 11:wol = "Nov":Case 12:wol = "Dec":End Select il = Day(regdate):If il<10 Then il="0"&il yon = DatePart("yyyy",regdate) si = Hour(regdate):If si<10 Then si="0" & si bun = Minute(regdate):If bun<10 Then bun="0" & bun cho = Second(regdate):If cho<10 Then cho="0" & cho regdate = yoil & ", " & il & " " & wol & " " & yon & " " & si & ":" & bun & ":" & cho & " +0900" item.ChildNodes(0).Text = subject '//Á¦¸ñ item.ChildNodes(1).Text = posturl '//Æ÷½ºÆ® °íÀ¯ url item.ChildNodes(2).Text = contents '//³»¿ë item.ChildNodes(3).Text = regdate '//ÀÛ¼ºÀÏ item.ChildNodes(4).Text = category '//Æ÷½ºÆ®ÀÇ ºÐ·ù item.ChildNodes(5).Text = author '//Æ÷½ºÆ® ÀÛ¼ºÀÚ item.ChildNodes(6).Text = category '//Ä«Å×°í¸® End If rs.MoveNext Loop '//XML ÇÁ¸°Æ® Response.Write xmlPars.xml '//°³Ã¼ Á¤¸® rs.Close Set rss = Nothing Set xmlPars = Nothing Response.End '********************************************************************** ' ȸ¿ø ·Î±×ÀΠó¸® '********************************************************************** ElseIf mode="login" Then With Request '//ÀÎÁõ¾ÆÀ̵ð authid = InjectionDefender(.Form("authid")) '//ÀÎÁõ¾ÏÈ£ authpasswd = Replace(.Form("authpasswd"),"'","''") '//ÀÌÀü°æ·Î referer = Trim(.Form("referer")) End With '//¿ÜºÎÀÔ·Â ¹æÁö If InStr(Request.ServerVariables("HTTP_REFERER"), Request.ServerVariables("HTTP_HOST"))<=0 Then Response.Redirect "?mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿ If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else If MemId="" Then authpasswd = cx.SetEncode(authpasswd) End If '//À¯È¿¹®ÀÚ Ã¼Å© If eregi("[^a-zA-Z0-9_]", authid) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidValue")) '"ÀԷ°ª¿¡ À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù." Response.End End If '//¾ÆÀ̵ð Á¸Àç ¿©ºÎ °Ë»ç Sql = "SELECT mem_id,mem_passwd FROM " & MemTblName & " WHERE mem_id='" & authid & "';" rs.Open Sql,dbConn If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownID")) '"Á¸ÀçÇÏÁö ¾Ê´Â ¾ÆÀ̵ðÀÔ´Ï´Ù." Response.End End If rs.Close '//ȸ¿øÁ¤º¸ °¡Á®¿À±â Sql = "SELECT * FROM " & MemTblName & " WHERE mem_id='" & authid & "' AND mem_passwd='" & InjectionDefender(authpasswd) & "';" rs.Open Sql,dbConn If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If rs.EOF Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." Response.End Else If rs.Fields("mem_passwd")<>authpasswd Then Response.Redirect "?mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownMember")) '"ȸ¿øÁ¤º¸°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." Response.End Else With Session .Contents("MemId") = rs.Fields("mem_id") '//ȸ¿ø ¾ÆÀ̵ð .Contents("MemPasswd") = rs.Fields("mem_passwd") '//ȸ¿ø ¾ÏÈ£ .Contents("MemLevel") = rs.Fields("mem_level") '//ȸ¿ø ·¹º§ .Contents("MemName") = rs.Fields("mem_name") '//ȸ¿ø À̸§ '//°ü¸®ÀÚÀÏ°æ¿ì °ü¸®±ÇÇÑ ÁöÁ¤ If .Contents("MemLevel")<=1 Then .Contents("IsAdmin") = True End With Sql = "UPDATE " & MemTblName & " SET mem_lastdate=" & N & "'" & Now & "' WHERE mem_id='" & authid & "';" dbConn.Execute Sql,,128 If referer<>"" Then Response.Redirect(referer) Else Response.Redirect "?id=" & id & "&mode=list" End If Response.End End If End If rs.Close '********************************************************************** ' °Ô½ÃÆÇ °ü¸®ÀÚ ·Î±×ÀΠó¸® '********************************************************************** ElseIf mode="admin" Then Response.Clear '//°ü¸®Àڷα×ÀλóÅÂÀÌ¸é ·Î±×ÀξøÀÌ ¹Ù·Î À̵¿ If IsAdmin=True Then Response.redirect("?id=" & id & "&mode=adminconf") Response.End End If '//ÀÎÁõ¾ÆÀ̵ð authid = Trim(Request.Form("authid")) '//ÀÎÁõ¾ÏÈ£ authpasswd = Trim(Request.Form("authpasswd")) '//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿ If Trim(authpasswd)="" Then Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page Response.End Else authpasswd = cx.SetEncode(authpasswd) End If '//À¯È¿¹®ÀÚ Ã¼Å© If eregi("[^a-zA-Z0-9_]", authid) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidValue")) '"ÀԷ°ª¿¡ À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù." Response.End End If '//°ü¸®ÀÚ Á¤º¸°¡ ÀÏÄ¡ÇÏ¸é °ü¸®ÀÚ¼¼¼Ç ·Î±×ÀÎ If authid=admin_id And authpasswd=admin_passwd Then With Session .Contents("MemId") = admin_id .Contents("MemPasswd") = admin_passwd .Contents("MemLevel") = 1 .Contents("MemName") = "°ü¸®ÀÚ" .Contents("IsAdmin") = True End With Response.Redirect "?id=" & id & "&mode=adminconf" Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotVerifiedAdmin")) '"°ü¸®ÀÚ Á¤º¸°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." End If Response.End '********************************************************************** ' °Ô½ÃÆÇ °ü¸®ÀÚ ¼³Á¤ Æû '********************************************************************** ElseIf mode="adminconf" Then If IsAdmin=True Then '//ÆÄÀÏ Æ÷ÇÔ È®ÀÎ AdminIncluded = True '//°ü¸® ÆÄÀÏ Æ÷ÇÔ %><!-- #include file = "lib/_admin.asp" --><% Else Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SessionTerminated")) '"¼¼¼Ç½Ã°£ÀÌ Á¾·á µÇ¾ú°Å³ª À߸øµÈ Á¢±ÙÀÔ´Ï´Ù.\n·Î±×ÀÎÈÄ »ç¿ëÇØ ÁÖ¼¼¿ä." End If '********************************************************************** ' °ü¸®ÀÚ ¼³Á¤ ÀúÀå ó¸® '********************************************************************** ElseIf mode="adminsave" Then Response.Clear '//Á¢±ÙÈ®ÀÎ If Not IsAdmin=True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SessionExpired")) '"¼¼¼Ç ½Ã°£ÀÌ ¸¸·áµÇ¾ú°Å³ª ·Î±×ÀÎ »óÅ°¡ ¾Æ´Õ´Ï´Ù." Response.End End If '//º¯¼ö ¼±¾ð Dim adminPasswd, adminPasswd2 Dim adminId Dim todayAccess, totalAccess Dim applyAllWidth Dim applyAllSubjectLimit Dim applyAllAuthorLimit Dim applyAllContentLimit Dim applyAllPageSize Dim applyAllDivPage Dim applyAllNoticeNum Dim applyAllAlign Dim applyAllHeadFile Dim applyAllTailFile Dim applyAllHeadMsg Dim applyAllTailMsg Dim applyAllArticleDefMsg Dim applyAllViewList Dim applyAllUseMemo Dim applyAllUseAutoLink Dim applyAllUsePreview Dim applyAllUseSiteLink1 Dim applyAllUseSiteLink2 Dim applyAllUseSecret Dim applyAllUseBlockSpam Dim applyAllUseBlockAnyLink Dim applyAllUseViewClientInfo Dim applyAllWriteMode Dim applyAllUseRszImg Dim applyAllRszImgSize Dim applyAllUseHTML Dim applyAllAllowTags Dim applyAllUseFile Dim applyAllUploadComponent Dim applyAllFileMaxLimit Dim applyAllFileMaxNum Dim applyAllDirectoryPath Dim applyAllUseCategory Dim applyAllCategories Dim applyAllUseWordFilter Dim applyAllBadWords Dim applyAllListLevel Dim applyAllViewLevel Dim applyAllSecretLevel Dim applyAllWriteLevel Dim applyAllReplyLevel Dim applyAllMemoWriteLevel Dim applyAllNoticeWriteLevel Dim applyAllHtmlLevel Dim applyAllDeleteLevel Dim applyMode '//Æû Àü¼Û ¹Þ±â With Request '//°ü¸®ÀÚ ¼³Á¤ ºÎºÐ boardName = Replace(.Form("boardName"), "'", "''") skin = Trim(Replace(.Form("skin"), "'", "''")) adminPasswd = Replace(.Form("adminPasswd"), "'", "''") adminPasswd2 = Replace(.Form("adminPasswd2"), "'", "''") adminId = Trim(Replace(.Form("adminId"), "'", "''")) combinedFileName = Trim(Replace(.Form("combinedFileName"), "'", "''")) todayAccess = Trim(Replace(.Form("todayCount"), "'", "''")) totalAccess = Trim(Replace(.Form("totalCount"), "'", "''")) lang = Trim(Replace(.Form("lang"), "'", "''")) '//±âº»¼³Á¤ ºÎºÐ width = Trim(Replace(.Form("width"), "'", "''")) subjectLimit = Trim(Replace(.Form("subjectLimit"), "'", "''")) authorLimit = Trim(Replace(.Form("authorLimit"), "'", "''")) contentLimit = Trim(Replace(.Form("contentLimit"), "'", "''")) pageSize = Trim(Replace(.Form("pageSize"), "'", "''")) divPage = Trim(Replace(.Form("divPage"), "'", "''")) noticeNum = Trim(Replace(.Form("noticeNum"), "'", "''")) align = Trim(Replace(.Form("align"), "'", "''")) '//°Ô½ÃÆÇ¿¡ Ç¥½ÃµÉ ³»¿ë¼³Á¤ ºÎºÐ headFile = Replace(Trim(.Form("headFile")), "'", "''") tailFile = Replace(Trim(.Form("tailFile")), "'", "''") headMsg = Trim(.Form("headMsg")) tailMsg = Trim(.Form("tailMsg")) articleDefMsg = .Form("articleDefMsg") '//°Ô½ÃÆÇ ±â´É¼³Á¤ ºÎºÐ viewList = Replace(.Form("viewList"), "'", "''") useMemo = Replace(.Form("useMemo"), "'", "''") useAutoLink = Replace(.Form("useAutoLink"), "'", "''") usePreview = Replace(.Form("usePreview"), "'", "''") useSiteLink1 = Replace(.Form("useSiteLink1"), "'", "''") useSiteLink2 = Replace(.Form("useSiteLink2"), "'", "''") useSecret = Replace(.Form("useSecret"), "'", "''") useBlockSpam = Replace(.Form("useBlockSpam"), "'", "''") useBlockAnyLink = Replace(.Form("useBlockAnyLink"), "'", "''") useViewClientInfo = Replace(.Form("useViewClientInfo"), "'", "''") writeMode = Replace(.Form("writeMode"), "'", "''") useRszImg = Replace(.Form("useRszImg"), "'", "''") rszImgSize = Replace(.Form("rszImgSize"), "'", "''") useHTML = Replace(.Form("useHTML"), "'", "''") allowTags = Replace(.Form("allowTags"), "'", "''") useFile = Replace(.Form("useFile"), "'", "''") uploadComponent = Replace(.Form("uploadComponent"), "'", "''") fileMaxLimit = Replace(.Form("fileMaxLimit"), "'", "''") fileMaxNum = Replace(.Form("fileMaxNum"), "'", "''") directoryPath = Replace(.Form("directoryPath"), "'", "''") useCategory = Replace(.Form("useCategory"), "'", "''") categories = Replace(.Form("categories"), "'", "''") useWordFilter = Replace(.Form("useWordFilter"), "'", "''") badWords = Replace(.Form("badWords"), "'", "''") '//±ÇÇѼ³Á¤ ºÎºÐ listLevel = Replace(.Form("listLevel"), "'", "''") viewLevel = Replace(.Form("viewLevel"), "'", "''") secretLevel = Replace(.Form("secretLevel"), "'", "''") writeLevel = Replace(.Form("writeLevel"), "'", "''") replyLevel = Replace(.Form("replyLevel"), "'", "''") memoWriteLevel = Replace(.Form("memoWriteLevel"), "'", "''") noticeWriteLevel = Replace(.Form("noticeWriteLevel"), "'", "''") htmlLevel = Replace(.Form("htmlLevel"), "'", "''") deleteLevel = Replace(.Form("deleteLevel"), "'", "''") '//¸ðµÎÀû¿ë ºÎºÐ applyAllWidth = .Form("applyAllWidth") applyAllSubjectLimit = .Form("applyAllSubjectLimit") applyAllAuthorLimit = .Form("applyAllAuthorLimit") applyAllContentLimit = .Form("applyAllContentLimit") applyAllPageSize = .Form("applyAllPageSize") applyAllDivPage = .Form("applyAllDivPage") applyAllNoticeNum = .Form("applyAllNoticeNum") applyAllAlign = .Form("applyAllAlign") applyAllHeadFile = .Form("applyAllHeadFile") applyAllTailFile = .Form("applyAllTailFile") applyAllHeadMsg = .Form("applyAllHeadMsg") applyAllTailMsg = .Form("applyAllTailMsg") applyAllArticleDefMsg = .Form("applyAllArticleDefMsg") applyAllViewList = .Form("applyAllViewList") applyAllUseMemo = .Form("applyAllUseMemo") applyAllUseAutoLink = .Form("applyAllUseAutoLink") applyAllUsePreview = .Form("applyAllUsePreview") applyAllUseSiteLink1 = .Form("applyAllUseSiteLink1") applyAllUseSiteLink2 = .Form("applyAllUseSiteLink2") applyAllUseSecret = .Form("applyAllUseSecret") applyAllUseBlockSpam = .Form("applyAllUseBlockSpam") applyAllUseBlockAnyLink = .Form("applyAllUseBlockAnyLink") applyAllUseViewClientInfo = .Form("applyAllUseViewClientInfo") applyAllWriteMode = .Form("applyAllWriteMode") applyAllUseRszImg = .Form("applyAllUseRszImg") applyAllRszImgSize = .Form("applyAllRszImgSize") applyAllUseHTML = .Form("applyAllUseHTML") applyAllAllowTags = .Form("applyAllAllowTags") applyAllUseFile = .Form("applyAllUseFile") applyAllUploadComponent = .Form("applyAllUploadComponent") applyAllFileMaxLimit = .Form("applyAllFileMaxLimit") applyAllFileMaxNum = .Form("applyAllFileMaxNum") applyAllDirectoryPath = .Form("applyAllDirectoryPath") applyAllUseCategory = .Form("applyAllUseCategory") applyAllCategories = .Form("applyAllCategories") applyAllUseWordFilter = .Form("applyAllUseWordFilter") applyAllBadWords = .Form("applyAllBadWords") applyAllListLevel = .Form("applyAllListLevel") applyAllViewLevel = .Form("applyAllViewLevel") applyAllSecretLevel = .Form("applyAllSecretLevel") applyAllWriteLevel = .Form("applyAllWriteLevel") applyAllReplyLevel = .Form("applyAllReplyLevel") applyAllMemoWriteLevel = .Form("applyAllMemoWriteLevel") applyAllNoticeWriteLevel = .Form("applyAllNoticeWriteLevel") applyAllHtmlLevel = .Form("applyAllHtmlLevel") applyAllDeleteLevel = .Form("applyAllDeleteLevel") applyMode = .Form("applyMode") aid = .Form("aid") End With '//°ü¸®ÀÚ È®ÀÎ If IsAdmin<>True Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If If Not ChkCrIns Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù." Response.End End If '//º¯°æ ¾ÏÈ£ ÀÏÄ¡ ¿©ºÎ È®ÀÎ If adminPasswd<>adminPasswd2 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ReaffirmPasswordError")) '"¾ÏÈ£¿Í ¾ÏȣȮÀÎÀÌ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù." Response.End End If '//À¯È¿ µ¥ÀÌÅÍ °Ë»ç If Not ChkAvailableChr(adminId) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidAdminID")) '"°ü¸®ÀÚ¾ÆÀ̵𿡠À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù." If Not ChkAvailableNum(width) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WidthNumError")) '"°Ô½ÃÆÇ °¡·ÎÅ©±â´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If Not ChkAvailableNum(subjectLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SubjectLimitNumError")) '"Á¦¸ñ±ÛÀÚ¼ö Á¦ÇÑÀº ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If Not ChkAvailableNum(authorLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AuthorLimitNumError")) '"À̸§ ±ÛÀÚÁ¦ÇÑ ¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If Not ChkAvailableNum(contentLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ContentLimitNumError")) '"³»¿ë ±ÛÀÚÁ¦ÇÑ ¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If Not ChkAvailableNum(pageSize) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("PageSizeNumError")) '"ÆäÀÌÁö´ç °Ô½Ã¹°¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If Not ChkAvailableNum(divPage) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DivPageNumError")) '"ÆäÀÌÁö´ç ÆäÀÌÁö¹Ù·Î°¡±â¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù." If totalAccess<>"" Or todayAccess<>"" Then If Not ChkAvailableNum(totalAccess) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TotalCountNumError")) '"Àüüī¿îÅ͸¦ ¼öÁ¤ÇϽ÷Á¸é ¼ýÀÚ¸¸ ÀÔ·ÂÇϼ¼¿ä." If Not ChkAvailableNum(todayAccess) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TodayCountNumError")) '"¿À´ÃÄ«¿îÅ͸¦ ¼öÁ¤ÇϽ÷Á¸é ¼ýÀÚ¸¸ ÀÔ·ÂÇϼ¼¿ä." End If '//µ¥ÀÌÅÍ ±æÀÌ °Ë»ç If Len(headMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("HeadMsgVallidError")) '"»ó´ÜÆ÷ÇÔ ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." If Len(tailMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TailMsgValidError")) '"ÇÏ´ÜÆ÷ÇÔ ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." If Len(articleDefMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AtcDefMsgValidError")) '"±âº» ³»¿ë ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." If Len(allowTags)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AllowTagValidError")) '"Çã¿ëÇÒ Å±×ÀÇ ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." If Len(categories)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CategoriesValidError")) '"Ä«Å×°í¸® ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." If Len(badWords)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordsValidError")) '"ºÒ·®´Ü¾î ÇÊÅ͸µ ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä." '//¾ÏÈ£°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀü¾ÏÈ£¸¦ ºÒ·¯¿È If adminPasswd="" And adminPasswd2="" Then adminPasswd = admin_passwd Else adminPasswd = cx.SetEncode(adminPasswd) End If If totalAccess="" Then totalAccess=totalCount '//Ä«¿îÆ®°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀüÄ«¿îÆ®¸¦ ºÒ·¯¿È If todayAccess="" Then todayAccess=todayCount '//Ä«¿îÆ®°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀüÄ«¿îÆ®¸¦ ºÒ·¯¿È '//¾ð¾îÆÑ ÆÄÀÏÀÌ ÀÖ´ÂÁö °Ë»ç If Not fs.FileExists(Server.MapPath(FSBOARD_PATH & "lang/" & lang & ".asp")) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode("Language file does not exist.") Response.End End If '//µ¥ÀÌÅÍ ¸®ÅÏ°ª ¼³Á¤ headMsg = Replace(headMsg,"'",Chr(34)) '//»ó´Ü¸Þ½ÃÁö µû¿ÈÇ¥ ¹Ù²Þ headMsg = Replace(headmsg,Chr(13)," ") '//¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ tailMsg = Replace(tailMsg,"'",Chr(34)) '//Çϴܸ޽ÃÁö µû¿ÈÇ¥ ¹Ù²Þ tailMsg = Replace(tailMsg,Chr(13)," ") '//¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ articleDefMsg = Replace(articleDefMsg,"'",Chr(34)) '//±âº»º»¹®¸Þ½ÃÁö µû¿ÈÇ¥ ¹Ù²Þ articleDefMsg = Replace(articleDefMsg,Chr(13)," ") '//±âº»º»¹®¸Þ½ÃÁö ¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ '//µû¿ÈÇ¥ ¿¡·¯ ó¸® headMsg = Replace(headMsg,"'","''") tailMsg = Replace(tailMsg,"'","''") articleDefMsg = Replace(articleDefMsg,"'","''") '//Boolean°ª ¼³Á¤ If Int(pageSize)<1 Then pageSize=1 If Int(divPage)<1 Then divPage=1 If viewList="" Then viewList=0 If useMemo="" Then useMemo=0 If useAutoLink="" Then useAutoLink=0 If usePreview="" Then usePreview=0 If useSiteLink1="" Then useSiteLink1=0 If useSiteLink2="" Then useSiteLink2=0 If useSecret="" Then useSecret=0 If useBlockSpam="" Then useBlockSpam=0 If useBlockAnyLink="" Then useBlockAnyLink=0 If useViewClientInfo="" Then useViewClientInfo=0 If useRszImg="" Then useRszImg=0 If useFile="" Then useFile=0 If useCategory="" Then useCategory=0 If useWordFilter="" Then useWordFilter=0 '//÷ºÎÆÄÀÏ ¾÷·Îµå Æú´õ È®ÀÎ If StrComp(uploadedPath, FSBOARD_PATH & directoryPath)<>0 Then tmp = CreateServerFolder(directoryPath) If tmp=False Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù." Response.End End If End If '//¾÷µ¥ÀÌÆ® Äõ¸®¹® Sql = ("UPDATE " & AdminTblName & " SET " _ & "width=" & width & ", " _ & "subjectLimit=" & subjectLimit & ", " _ & "authorLimit=" & authorLimit & ", " _ & "contentLimit=" & contentLimit & ", " _ & "pageSize=" & pageSize & ", " _ & "divPage=" & divPage & ", " _ & "noticeNum=" & noticeNum & ", " _ & "align=" & N & "'" & align & "', " _ & "headFile=" & N & "'" & headFile & "', " _ & "tailFile=" & N & "'" & tailFile & "', " _ & "headMsg=" & N & "'" & headMsg & "', " _ & "tailMsg=" & N & "'" & tailMsg & "', " _ & "articleDefMsg=" & N & "'" & articleDefMsg & "', " _ & "viewList=" & viewList & ", " _ & "useMemo=" & useMemo & ", " _ & "useAutoLink=" & useAutoLink & ", " _ & "usePreview=" & usePreview & ", " _ & "useSiteLink1=" & useSiteLink1 & ", " _ & "useSiteLink2=" & useSiteLink2 & ", " _ & "useSecret=" & useSecret & ", " _ & "useBlockSpam=" & useBlockSpam & ", " _ & "useBlockAnyLink=" & useBlockAnyLink & ", " _ & "useViewClientInfo=" & useViewClientInfo & ", " _ & "writeMode=" & N & "'" & writeMode & "', " _ & "useRszImg=" & useRszImg & ", " _ & "rszImgSize=" & rszImgSize & ", " _ & "useHTML=" & N & "'" & useHTML & "', " _ & "allowTags=" & N & "'" & allowTags & "', " _ & "useFile=" & useFile & ", " _ & "uploadComponent=" & N & "'" & uploadComponent & "', " _ & "fileMaxLimit=" & fileMaxLimit & ", " _ & "fileMaxNum=" & fileMaxNum & ", " _ & "directoryPath=" & N & "'" & directoryPath & "', " _ & "useCategory=" & useCategory & ", " _ & "categories=" & N & "'" & categories & "', " _ & "useWordFilter=" & useWordFilter & ", " _ & "badWords=" & N & "'" & badWords & "', " _ & "listLevel=" & listLevel & ", " _ & "viewLevel=" & viewLevel & ", " _ & "secretLevel=" & secretLevel & ", " _ & "writeLevel=" & writeLevel & ", " _ & "replyLevel=" & replyLevel & ", " _ & "memoWriteLevel=" & memoWriteLevel & ", " _ & "noticeWriteLevel=" & noticeWriteLevel & ", " _ & "htmlLevel=" & htmlLevel & ", " _ & "deleteLevel=" & deleteLevel & " ") '//¼±Åà Àû¿ë Select Case applyMode '//¸ðµç °Ô½ÃÆÇ¿¡ Àû¿ë Case "all" Sql = Sql & "" '//¼±ÅÃµÈ °Ô½ÃÆÇ¿¡¸¸ Àû¿ë Case "define" If aid="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BBSIDSelError")) '"¼³Á¤À» Àû¿ëÇÒ °Ô½ÃÆÇÀÌ ¼±ÅõÇÁö ¾Ê¾Ò½À´Ï´Ù." Response.End End If aid = Replace(aid,","," OR aid=") Sql = Sql & " WHERE aid=" & aid & ";" '//ÇöÀç °Ô½ÃÆÇ¿¡¸¸ Àû¿ë Case "this" Sql = Sql & " WHERE board_id='" & id & "';" End Select '//Æ®·£Àè¼Ç ½ÃÀÛ dbConn.BeginTrans() '//¼³Á¤ ¾÷µ¥ÀÌÆ® If Response.isClientConnected Then dbConn.Execute Sql,,128 '//Ç׸ñº° ¸ðµÎÀû¿ë Sql = "" If applyAllWidth="true" Then Sql = Sql & "width=" & width & ", " If applyAllSubjectLimit="true" Then Sql = Sql & "subjectLimit=" & subjectLimit & ", " If applyAllAuthorLimit="true" Then Sql = Sql & "authorLimit=" & authorLimit & ", " If applyAllContentLimit="true" Then Sql = Sql & "contentLimit=" & contentLimit & ", " If applyAllPageSize="true" Then Sql = Sql & "pageSize=" & pageSize & ", " If applyAllDivPage="true" Then Sql = Sql & "divPage=" & divPage & ", " If applyAllNoticeNum="true" Then Sql = Sql & "noticeNum=" & noticeNum & ", " If applyAllAlign="true" Then Sql = Sql & "align='" & align & "', " If applyAllHeadFile="true" Then Sql = Sql & "headFile='" & headFile & "', " If applyAllTailFile="true" Then Sql = Sql & "tailFile='" & tailFile & "', " If applyAllHeadMsg="true" Then Sql = Sql & "headMsg='" & headMsg & "', " If applyAllTailMsg="true" Then Sql = Sql & "tailMsg='" & tailMsg & "', " If applyAllArticleDefMsg="true" Then Sql = Sql & "articleDefMsg='" & articleDefMsg & "', " If applyAllViewList="true" Then Sql = Sql & "viewList=" & viewList & ", " If applyAllUseMemo="true" Then Sql = Sql & "useMemo=" & useMemo & ", " If applyAllUseAutoLink="true" Then Sql = Sql & "useAutoLink=" & useAutoLink & ", " If applyAllUsePreview="true" Then Sql = Sql & "usePreview=" & usePreview & ", " If applyAllUseSiteLink1="true" Then Sql = Sql & "useSiteLink1=" & useSiteLink1 & ", " If applyAllUseSiteLink2="true" Then Sql = Sql & "useSiteLink2=" & useSiteLink2 & ", " If applyAllUseSecret="true" Then Sql = Sql & "useSecret=" & useSecret & ", " If applyAllUseBlockSpam="true" Then Sql = Sql & "useBlockSpam=" & useBlockSpam & ", " If applyAllUseBlockAnyLink="true" Then Sql = Sql & "useBlockAnyLink=" & useBlockAnyLink & ", " If applyAllUseViewClientInfo="true" Then Sql = Sql & "useViewClientInfo=" & useViewClientInfo & ", " If applyAllWriteMode="true" Then Sql = Sql & "writeMode='" & writeMode & "', " If applyAllUseRszImg="true" Then Sql = Sql & "useRszImg=" & useRszImg & ", " If applyAllRszImgSize="true" Then Sql = Sql & "rszImgSize=" & rszImgSize & ", " If applyAllUseHTML="true" Then Sql = Sql & "useHTML='" & useHTML & "', " If applyAllAllowTags="true" Then Sql = Sql & "allowTags='" & allowTags & "', " If applyAllUseFile="true" Then Sql = Sql & "useFile=" & useFile & ", " If applyAllUploadComponent="true" Then Sql = Sql & "uploadComponent='" & uploadComponent & "', " If applyAllFileMaxLimit="true" Then Sql = Sql & "fileMaxLimit=" & fileMaxLimit & ", " If applyAllFileMaxNum="true" Then Sql = Sql & "fileMaxNum=" & fileMaxNum & ", " If applyAllDirectoryPath="true" Then Sql = Sql & "directoryPath='" & directoryPath & "', " If applyAllUseCategory="true" Then Sql = Sql & "useCategory=" & useCategory & ", " If applyAllCategories="true" Then Sql = Sql & "categories='" & categories & "', " If applyAllUseWordFilter="true" Then Sql = Sql & "useWordFilter=" & useWordFilter & ", " If applyAllBadWords="true" Then Sql = Sql & "badWords='" & badWords & "', " If applyAllListLevel="true" Then Sql = Sql & "listLevel=" & listLevel & ", " If applyAllViewLevel="true" Then Sql = Sql & "viewLevel=" & viewLevel & ", " If applyAllSecretLevel="true" Then Sql = Sql & "secretLevel=" & secretLevel & ", " If applyAllWriteLevel="true" Then Sql = Sql & "replyLevel=" & replyLevel & ", " If applyAllReplyLevel="true" Then Sql = Sql & "writeLevel=" & writeLevel & ", " If applyAllMemoWriteLevel="true" Then Sql = Sql & "memoWriteLevel=" & memoWriteLevel & ", " If applyAllNoticeWriteLevel="true" Then Sql = Sql & "noticeWriteLevel=" & noticeWriteLevel & ", " If applyAllHtmlLevel="true" Then Sql = Sql & "htmlLevel=" & htmlLevel & ", " If applyAllDeleteLevel="true" Then Sql = Sql & "deleteLevel=" & deleteLevel & ", " '//¸ðµÎÀû¿ë Ç׸ñÀÌ ÀÖÀ»°æ¿ì Äõ¸®¹® Á¶¸³ If Sql<>"" Then Sql = "UPDATE " & AdminTblName & " SET " & Sql Sql = Left(Sql,Len(RTrim(Sql))-1) '//µÞºÎºÐÀÇ ³²´Â ½°Ç¥(,) Á¦°Å '//¼³Á¤ ¾÷µ¥ÀÌÆ® If Response.isClientConnected Then dbConn.Execute Sql,,128 End If '//ÇöÀç °Ô½ÃÆÇ¿¡¸¸ Àû¿ëµÇ´Â »çÇ×µé If todayAccess<>"" Or totalAccess<>"" Then Sql = "UPDATE " & AdminTblName & " SET " _ & "boardName=" & N & "'" & boardName & "', " _ & "admin_passwd=" & N & "'" & adminPasswd & "', " _ & "admin_id=" & N & "'" & adminId & "', " _ & "skin=" & N & "'" & skin & "', " _ & "combinedFileName=" & N & "'" & combinedFileName & "', " _ & "todayCount=" & todayAccess & ", " _ & "totalCount=" & totalAccess & ", " _ & "lang=" & N & "'" & lang & "' " _ & " WHERE board_id='" & id & "';" '//¼³Á¤ ¾÷µ¥ÀÌÆ® If Response.isClientConnected Then dbConn.Execute Sql,,128 End If '//ÇöÀç °Ô½ÃÆÇ Á¤º¸ ¼öÁ¤ÀÏÀÚ ¾÷µ¥ÀÌÆ® Sql = "UPDATE " & AdminTblName & " SET editdate=" & N & "'" & Now & "';" '//¼³Á¤ ¾÷µ¥ÀÌÆ® If Response.isClientConnected Then dbConn.Execute Sql,,128 '//Æ®·£Àè¼Ç ó¸® If dbConn.Errors.Count=0 Then dbConn.CommitTrans() '//Ä¿¹Ô Response.Redirect "?id=" & id & "&mode=list" Else dbConn.RollbackTrans() '//·Ñ¹é Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿¡·¯·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù." End If Response.End '********************************************************************** ' ·Î±×¾Æ¿ô ó¸® '********************************************************************** ElseIf mode="logout" Then Response.Clear '//¼¼¼Ç ºñ¿ò With Session .Contents.Remove("MemId") .Contents.Remove("MemPasswd") .Contents.Remove("MemLevel") .Contents.Remove("MemName") End With '//º¯¼ö ºñ¿ò IsAdmin = "" MemId = "" MemLevel = "" MemName = "" '//¼¼¼Ç ¸ðµÎ ºñ¿ò Session.Contents.RemoveAll '//¼¼¼Ç°­Á¦Á¾·á(¿ÜºÎ ÆÄÀÏ¿¡¼­¸¸ °¡´É) 'Server.Execute(FSBOARD_PATH & "lib/logout.asp") Response.Redirect "?id=" & id & "&mode=list" '//¸ñ·ÏÀ¸·Î À̵¿ Response.End '********************************************************************** ' °Ô½ÃÆÇ °ü¸® ¸®½ºÆ® '********************************************************************** ElseIf mode="setup" Then Response.Clear '//setup ÆÄÀÏ Response.Redirect "lib/setup.asp?mode=Admin.BoardList" Response.End '********************************************************************** ' ±âŸ ¸ðµå '********************************************************************** Else '//¿¡·¯¸Þ½ÃÁö º¸À̱â 'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode("Invalid Mode.") '//¸®½ºÆ®·Î µÇµ¹¸² Response.Redirect "?id=" & id Response.End End If '********************************************************************** ' ¼¼¼Ç Á¤¸® ¹× ¸¶¹«¸® '********************************************************************** '°Ô½ÃÆÇ ÇÏ´Ü ±âº» Æ÷ÇÔ ³»¿ë Call ContentBottom '//Á¢¼Ó¿©ºÎÈ®ÀÎ If Not Response.isClientConnected Then '//¼¼¼Ç ¼Ë´Ù¿î ShutdownId = Session.SessionId Shutdown(ShutdownId) End If %>