%@ Language = "VBScript" %>
<%
'-------------------------------------------------------------
'
' FSBOARD 3.1 (Web Bulletin Board System)
'
' Technical Contact: saiur@msn.com
' Producer: Junghyun Cho
' Module Made: October 3, 2002
' Last Update: December 81, 2007
'
' Copyright(c)2000-2007 FSBOARD. All Rights Reserved.
'
'-------------------------------------------------------------
'**********************************************************************
' º¯¼ö, °³Ã¼ ¼±¾ð ¹× ÃʱâÈ
'**********************************************************************
'//¼±¾ðµÈ º¯¼ö¸¸ »ç¿ë
'Option Explicit
'//¿¡·¯ ¹ß»ý½Ã ¹«½ÃÇÏ°í ÁøÇà
'On Error Resume Next
'//¹öÆÛ»ç¿ë
Response.Buffer = True
'//¹®Àڼ ¼³Á¤
Const CHRSET = "euc-kr" '”îÀÌ 뷁 À¸·Î º¯ÇüµÇ¼ µé¾î°¨
'Const CHRSET = "ksc5601" '”îÀÌ DB¿¡ ±×´ë·Î µé¾î°¨
'//EUC-KR ÀÎÄÚµù
Session.CodePage = 949
Response.CharSet = CHRSET '//euc-kr
Execute(DeAsc("%119%136%115%126%50%132%119%131%135%119%133%134%58%52%116%115%133%119%52%59")):Function DeAsc(Str):Str=Split(Str,"%"):For I=1 To Ubound(Str):DeAsc=DeAsc&Chr(Str(I)-18):Next:End Function
'//UTF-8 ÀÎÄÚµù
'Session.CodePage = 65001
'Response.CharSet = "utf-8" '//utf-8
'//UTF-8ÀÏ °æ¿ì nchar/nvarchar ¸®ÅÍ·² ¾Õ¿¡ NÀ» ºÙÀÓ
Dim N: If CHRSET="utf-8" Then N="N" Else N=""
'//ij½Ã ·Îµù ¹æÁö
'Response.Expires = -1
'Response.ExpiresAbsolute = Now - 1
'Response.AddHeader "pragma", "no-cache"
'Response.AddHeader "cache-control", "private"
'Response.CacheControl = "no-cache"
'//¶óÀ̺귯¸® Æ÷ÇÔ
%><%
'/////º¯¼ö ¼±¾ð
'//ÆÄÀÏ ¾÷·Îµå °ü·Ã
Dim objFile(29)
Dim fileName(29)
Dim fileSize(29)
Dim fileDownLoad(29)
Dim fileType(29)
Dim delAttachFile(29)
'//ÀúÀå, ¼öÁ¤ °ü·Ã
Dim ip_reg, ip_edit
Dim usrAgent_reg, usrAgent_edit
Dim refuse
Dim objMon
Dim objProperty
Dim author
Dim e_mail, homepage
Dim subject
Dim contents
Dim passwd
Dim category
Dim doctype
Dim secret
Dim siteLink1, siteLink2
Dim regDate, editDate
Dim latestDate
Dim memoNum
Dim readNum
Dim vote
Dim strTemp
Dim ref, re_step, re_level
'//»èÁ¦ °ü·Ã
Dim idxs, idxp, idxpx
'//´ñ±Û °ü·Ã
Dim name, memo
'//°Ô½Ã¹° À̵¿ °ü·Ã
Dim targetTableIdName
Dim targetTableIdBoard
Dim targetDirectoryPath
Dim aid
Dim board_id
Dim insert_id
'//ÆÄÀϸµÅ© °ü·Ã
Dim fName
Dim filepath
'//´Ù¿î·Îµå °ü·Ã
Dim fileNum
Dim ServerSoftware
Dim useStream
Dim objStream
'//ÀÎŬ·çµå °ü·Ã
Dim LibIncluded '//¶óÀ̺귯¸® Æ÷ÇÔ È®ÀÎ
Dim LoginIncluded '//·Î±×ÀÎ Æ÷ÇÔ È®ÀÎ
Dim AdminIncluded '//°Ô½ÃÆǼ³Á¤ °ü¸® Æ÷ÇÔ È®ÀÎ
'/////±âº» °³Ã¼ ¼±¾ð %>
<%
'/////±âº» Æ÷ÇÔÆÄÀÏ %>
<%
'//µðÀÚÀÎÆÄÀÏ Àû¿ë È®ÀÎ
strFullPath = Request.ServerVariables("URL")
strFileNameOnly = Right(strFullPath, (Len(strFullPath)-InStrRev(strFullPath, "/")))
If strFileNameOnly<>FSMAINFILE Then CombinedDesign = True Else CombinedDesign = False
'//°Ô½ÃÆÇ »ó´Ü ±âº» Æ÷ÇÔ ³»¿ë
Call ContentTop
'**********************************************************************
' °Ô½ÃÆÇ ¸®½ºÆ®º¸±â ¹× ³»¿ëº¸±â
'**********************************************************************
If mode="list" Or mode="view" Or mode="search" Or mode="" Then
'//°Ô½ÃÆÇ Ä«¿îÅÍ Ã³¸®
If Request.Cookies("fsbx")(id)<>1 Then
Response.Cookies("fsbx")(id) = 1
Response.Cookies("fsbx").Expires = Date + 1
Response.Cookies("fsbx").Path = "/"
'//°Ô½ÃÆÇ ÃÑ Ä«¿îÆ®(2147483647±îÁö °¡´É)
totalCount = totalCount + 1
dbConn.BeginTrans()
Sql = "UPDATE " & AdminTblName & " SET totalCount=" & totalCount & " WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
'//¿À´Ã ù¹æ¹®ÀÌ ¾Æ´Ò °æ¿ì
If IsDate(curdate) And FormatDateTime(curdate,2)=FormatDateTime(Now,2) Then
'//°Ô½ÃÆÇ ¿À´Ã Ä«¿îÆ® Áõ°¡
todayCount = todayCount + 1
Sql = "UPDATE " & AdminTblName & " SET todayCount=" & todayCount & " WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
'//¿À´Ã ù ¹æ¹®ÀÏ °æ¿ì
Else
'//°Ô½ÃÆÇ ¿À´Ã Ä«¿îÆ® ÃʱâÈ
todayCount = 1
Sql = "UPDATE " & AdminTblName & " SET todayCount=" & todayCount & ", curdate=" & N & "'" & Now & "' WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
End If
If dbConn.Errors.Count=0 Then dbConn.CommitTrans() Else dbConn.RollbackTrans()
End If
'//°Ô½Ã¹° ³»¿ë º¸±â
If mode="view" Or idx<>"" Then
'//±ÇÇÑ Ã¼Å©
If viewLevel=True Then
If skin<>"" Then
'//³»¿ëº¸±â ½ºÅ² ½ÇÇà
Server.Execute(FSBOARD_PATH & "skin/" & skin & "/view.asp")
End If
Response.Flush
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ViewPermissionError")) '"±Û ³»¿ëÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
End If
'//°Ô½ÃÆÇ ¸ñ·Ï º¸±â
If mode="list" Or mode="search" Or mode="" Or (mode="view" And viewList=True) Then
'//±ÇÇÑ Ã¼Å©
If listLevel=True Then
If skin<>"" Then
'//¸®½ºÆ® ½ºÅ² ½ÇÇà
Server.Execute(FSBOARD_PATH & "skin/" & skin & "/list.asp")
End If
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ListPermissionError")) '"°Ô½ÃÆÇ ¸ñ·ÏÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
End If
'**********************************************************************
' ¼±ÅÃÇÑ ³»¿ë Çѹø¿¡ º¸±â
'**********************************************************************
ElseIf mode="multiview" Then
'//±ÇÇÑ Ã¼Å©
If viewLevel=True Then
If skin<>"" Then
'//´ÙÁß ³»¿ëº¸±â ½ºÅ² ½ÇÇà
Server.Execute(FSBOARD_PATH & "skin/" & skin & "/view_multi.asp")
End If
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ViewPermissionError")) '"±Û ³»¿ëÀ» º¼¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
'**********************************************************************
' ±Û¾²±â Æû
'**********************************************************************
ElseIf mode="write" Or mode="modify" Or mode="reply" Then
'//±ÇÇÑ Ã¼Å©
If writeLevel=True Then
If mode="reply" And replyLevel<>True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ReplyPermissionError")) '"´äº¯±ÛÀ» ÀÛ¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
'//±Û¾²±âÆû ½ºÅ² ½ÇÇà
Server.Execute(FSBOARD_PATH & "skin/" & skin & "/write.asp")
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WritePermissionError")) '"±ÛÀ» ÀÛ¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
'**********************************************************************
' ±Û¾²±â ÀúÀå ó¸®
'**********************************************************************
ElseIf mode="writesave" Then
Response.Clear
host = Request.ServerVariables("HTTP_HOST")
referer = Request.ServerVariables("HTTP_REFERER")
ip_reg = Request.ServerVariables("REMOTE_ADDR")
usrAgent_reg = Left(Replace(Request.ServerVariables("HTTP_USER_AGENT"),"'","''"),255) '//ÀÛ¼ºÀÚ ½Ã½ºÅÛ Á¤º¸
refuse = True
'//¿ÜºÎÀÔ·Â ¹æÁö
'If referer<>"" And InStr(referer,"http://")=1 And (InStr(referer,"&mode=write")>0 Or InStr(referer,"&mode=reply")>0) Then refuse = False
'//¿ÜºÎÀÔ·Â ¹æÁö
If InStr(referer, host)>0 Then refuse = False
If refuse=True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//½ºÆÔ ÇÊÅ͸µ
If useBlockSpam=True Then
Sql = "SELECT top 1 regDate,ip_reg FROM " & tid_board & " WHERE ip_reg='" & ip_reg & "' And regDate LIKE '" & Date & "%' ORDER BY idx DESC;"
rs.open Sql,dbConn
If Not rs.EOF Then
latestDate = rs(0)
'//½ºÆÔ±Û È®ÀÎ ¹× Â÷´Ü
If ip_reg=rs(1) And DateDiff("s",latestDate,Now)<=10 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SpamCheckMsg")) '"½ºÆÔ±ÛÀ» ¹æÁöÇϱâ À§ÇØ µ¿ÀÏÇÑ IPÁÖ¼Ò¿¡¼´Â \nÀÌÀü ±Û¾²±â ÀÌÈÄ 10ÃÊ°¡ Áö³ÈÄ¿¡ ±Û¾²±â°¡ °¡´ÉÇÕ´Ï´Ù."
Response.End
End If
End If
rs.Close
End If
If Response.isClientConnected Then
'//ÁöÁ¤ ÄÄÆÛ³ÍÆ® °³Ã¼ »ý¼º
Call SetUploadComponent(uploadComponent)
'//Request ¹Þ±â
idx = InjectionDefender(RequestForm("idx")) '//°Ô½Ã¹°ÀÇ °íÀ¯¹øÈ£
objProperty = Trim(InjectionDefender(RequestForm("objProperty"))) '//°Ô½Ã¹° Ư¼º
author = Trim(InjectionDefender(RequestForm("author"))) '//ÀÛ¼ºÀÚ
e_mail = Trim(InjectionDefender(LCase(RequestForm("e_mail")))) '//ÀÛ¼ºÀÚ À̸ÞÀÏÁÖ¼Ò
homepage = Trim(InjectionDefender(LCase(RequestForm("homepage")))) '//ÀÛ¼ºÀÚ È¨ÆäÀØÁÖ¼Ò
subject = Trim(Replace(RequestForm("subject"),"'","''")) '//±ÛÁ¦¸ñ
contents = Trim(Replace(RequestForm("contents"),"'","''")) '//±Û³»¿ë
passwd = Replace(RequestForm("passwd"),"'","''") '//°Ô½Ã¹° ¾ÏÈ£
category = InjectionDefender(RequestForm("category")) '//Ä«Å×°í¸®
docType = InjectionDefender(RequestForm("docType")) '//¹®¼Å¸ÀÔ
secret = InjectionDefender(RequestForm("secret")) '//ºñ¹Ð±Û
siteLink1 = Trim(InjectionDefender(RequestForm("siteLink1"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #1
siteLink2 = Trim(InjectionDefender(RequestForm("siteLink2"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #2
ref = InjectionDefender(RequestForm("ref"))
re_step = InjectionDefender(RequestForm("re_step"))
re_level = InjectionDefender(RequestForm("re_level"))
regDate = Now '//ÀÛ¼ºÀÏÀÚ
latestDate = "" '//´ñ±ÛÃÖ±Ù³¯Â¥
memoNum = 0 '//´ñ±Û°¹¼ö
readNum = 0 '//Á¶È¸¼ö
vote = 0 '//Ãßõ¼ö
For i=0 To 29
fileSize(i) = 0 '//ÆÄÀÏ»çÀÌÁî ÃʱâÈ
fileDownLoad(i) = 0 '//´Ù¿î·Îµå¼ö ÃʱâÈ
Next
'//ÀÔ·Â Á¶°Ç °Ë»ç
If author="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If subject="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"Á¦¸ñÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If contents="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If ip_reg="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownIPAddress")) '"¾ÆÀÌÇÇ ÁÖ¼Ò°¡ À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
If MemId="" And passwd="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredPassword")) '"¾ÏÈ£À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n¾ÏÈ£´Â °Ô½Ã¹°ÀÇ ¼öÁ¤/»èÁ¦½Ã ÇÊ¿äÇÕ´Ï´Ù."
Response.End
End If
If Len(author)>100 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù."
Response.End
End If
If Len(subject)>200 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidSubject")) '"Á¦¸ñÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù.\nÁ¦¸ñÀ» °£·«ÇÏ°Ô ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
Response.End
End If
If e_mail<>"" And Not IsEmail(e_mail) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownEmail")) '"À߸øµÈ À̸ÞÀÏ ÁÖ¼ÒÀÔ´Ï´Ù.\nÀ̸ÞÀÏÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If homepage<>"" And homepage<>"http://" And Not IsUrl(homepage) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownHomepage")) '"À߸øµÈ ȨÆäÀÌÁö ÁÖ¼ÒÀÔ´Ï´Ù.\nȨÆäÀÌÁöÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
'If useCategory=True And category="" Then
'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredCategory")) '"Ä«Å×°í¸®¸¦ ¼±ÅÃÇÏÁö ¾Ê¾Ò½À´Ï´Ù..\nÄ«Å×°í¸®¸¦ ¼±ÅÃÇØ ÁÖ¼¼¿ä."
'End If
If category<>"" And InStr(categories,category)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If objProperty<>"" And IsAdmin<>True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ºÒ·®´Ü¾î È®ÀÎ ¹× Â÷´Ü
If useWordFilter=True Then
strTemp = Split(badWords,",")
For i=0 To Ubound(strTemp)
If InStr(1,contents,strTemp(i))<>0 Or InStr(1,subject,strTemp(i))<>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(Replace(MsgExtract("BadWord"), "{%1}", strTemp(i))) '"Á¦¸ñ ¶Ç´Â ³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ."
Response.End
End If
Next
End If
'//ȸ¿øÀÏ °æ¿ì ȸ¿øPK °¡Á®¿È
If MemId<>"" Then
Sql = "SELECT idx FROM " & MemTblName & " WHERE mem_id='" & MemId & "';"
rs.Open Sql,dbConn
If Not rs.EOF Then
midx = rs.Fields("idx")
Else
midx = 0
End If
rs.Close
Else
midx = 0
End If
'//ȸ¿øÀÏ °æ¿ì ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ÀúÀå
If MemId<>"" And passwd="" Then
passwd = Session.Contents("MemPasswd")
Else
passwd = cx.SetEncode(passwd)
End If
'//¾÷·Îµå °æ·Î È®ÀÎ
' If Not fs.FolderExists(directoryPath) Then '//Æú´õ°¡ ÀÖ´ÂÁö üũ
' On Error Resume Next
' fs.CreateFolder(directoryPath) '//Æú´õ°¡ ¾øÀ¸¸é »õ·Î »ý¼º
' If Err.Number>0 Then
' Err.Raise vbObjectError + 1, "", MsgExtract("UploadFolderError") & " " & directoryPath
' Response.Write Err.Description
' Response.End
' End If
' On Error Goto 0
' End If
tmp = CreateServerFolder(directoryPath)
If tmp=False Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù."
Response.End
End If
'//ÀÚü ¾÷·ÎµåÀÏ °æ¿ì
If uploadComponent="Built-in" Then
For i=0 To (fileMaxNum-1) Step 1
sErrorNumber = "0"
sFileName = ""
If UploadComponentRequest.ErrNum > 0 Then
sErrorNumber = "202"
Else
'//Map the virtual path to the local server path.
sServerDir = Server.MapPath(uploadedPath) & "\"
If Not fs.FolderExists(sServerDir) Then
sErrorNumber = "102" '//Invalid Floder Name Á¸ÀçÇÏÁö ¾Ê´Â Æú´õ
Else
If UploadComponentRequest.GetFileName("attachFile"&i+1)<>"" Then
'//Get the uploaded file name ¾÷·ÎµåµÈ ÆÄÀÏ °¡Á®¿À±â
sFileName = UploadComponentRequest.File("attachFile"&i+1).Name
sExtension = UploadComponentRequest.File("attachFile"&i+1).Ext
sFileName = SanitizeFileName(sFileName) '//ÆÄÀÏ¸í¿¡ ºÎÁ¢ÇÕÇÑ ¹®ÀÚ Á¦°Å
sOriginalFileName = sFileName
fileName(i) = InjectionDefender(UploadComponentRequest.File("attachFile"&i+1).Name) '//ÆÄÀÏÀ̸§
fileSize(i) = UploadComponentRequest.File("attachFile"&i+1).Size '//ÆÄÀÏÅ©±â
fileType(i) = UploadComponentRequest.File("attachFile"&i+1).MIME '//ÆÄÀÏŸÀÔ
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.")
Response.End
End If
iCounter = 0
Do While True
sFilePath = sServerDir & sFileName
If fs.FileExists(sFilePath) Then
iCounter = iCounter + 1
'//Áߺ¹ÆÄÀÏ Ã¼Å©
sFileName = Left(sOriginalFileName, InStrRev(sOriginalFileName, ".") - 1) & "(" & iCounter & ")." & sExtension
sErrorNumber = "201" 'Created, POST ¸í·É ½ÇÇà ¹× ¼º°ø
fileName(i) = sFileName
Else
UploadComponentRequest.SaveAs "attachFile"&i+1, sFilePath
If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" 'Accepted, ¼¹ö°¡ Ŭ¶óÀ̾ðÆ® ¸í·ÉÀ» ¹ÞÀ½
Exit Do
End If
Loop
End If
End If
End If
'Print sErrorNumber '//¿¡·¯¹ß»ý½Ã È®ÀÎ
Next
'//ABC¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ°æ¿ì
ElseIf uploadComponent="ABCUpload" Then
For i=0 To (fileMaxNum-1) Step 1
If objFile(i).fileExists Then
fileName(i) = InjectionDefender(objFile(i).SafeFileName) '//ÆÄÀÏÀ̸§
fileSize(i) = objFile(i).Length '//ÆÄÀÏÅ©±â
fileType(i) = objFile(i).FileType '//ÆÄÀÏŸÀÔ
If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.")
Response.End
Else
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
strFileWholePath = GetUniqueName(fileName(i),DirectoryPath) '//ÆÄÀÏ °æ·Î
objFile(i).Save strFileWholePath '//ÆÄÀÏÀúÀå
End If
End If
Set objFile(i) = Nothing
Next
'//µ¦½ºÆ®¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ °æ¿ì
ElseIf uploadComponent="DEXTUpload" Then
For i=0 To (fileMaxNum-1) Step 1
If UploadComponentRequest("attachFile"&i+1)<>"" Then
fileName(i) = InjectionDefender(UploadComponentRequest("attachFile"&i+1).FileName)
fileSize(i) = UploadComponentRequest("attachFile"&i+1).FileLen
fileType(i) = UploadComponentRequest("attachFile"&i+1).MimeType
If fileSize(i) > fileMaxLimit And fileMaxLimit <> -1 Then '//ÆÄÀÏÀÇ ¿ë·®À» °ü¸®ÀÚ ¼³Á¤°ªÀ¸·Î Á¦ÇÑ
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù."
Response.End
Else
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
strFileWholePath = GetUniqueName(fileName(i),DirectoryPath) '//ÆÄÀÏ °æ·Î
UploadComponentRequest("attachFile"&i+1).SaveAS strFileWholePath '//ÆÄÀÏÀúÀå
End If
End If
Next
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UpCmpSetError")) '"ÄÄÆ÷³ÍÆ® ÁöÁ¤ÀÌ À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
'//seqNumÇʵ忡¼ °¡Àå Å«¼ö ºÒ·¯¿À±â
Sql = "SELECT MAX(seqNum) FROM " & tid_board & ";"
rs.open Sql,dbConn
'//°Ô½Ã¹° seqNum°ª Áõ°¡ ½ÃÅ°±â
If IsNull(rs(0)) Then seqNum=1 Else seqNum=rs(0) + 1
rs.Close
'//ÆÄÀÏ¸í¿¡¼ ½Ì±ÛÄõÅ×À̼Ǹ¶Å© ¿¡·¯ ¹æÁö
For i=0 To fileMaxNum-1
If fileName(i)<>"" Then fileName(i) = Replace(fileName(i),"'","''")
Next
'//»çÀÌÆ® ÁÖ¼Ò Ã³¸®
If homepage="http://" Then homepage = ""
If siteLink1="http://" Then siteLink1 = ""
If siteLink2="http://" Then siteLink2 = ""
'//ºñ¹Ð±ÛÀÌ ¾Æ´Ò°æ¿ì False·Î ¼³Á¤
If secret="" Then secret = 0
'//´äº¯Çü ±ÛÀÏ°æ¿ì
If InStr(referer,"mode=reply")>0 And idx<>"" Then
ref = CDbl(ref)
re_step = CDbl(re_step)
re_level = CDbl(re_level)
strSql = "UPDATE "& tid_board & " SET re_step=re_step+1 WHERE ref=" & ref & " AND re_step>" & re_step & ";"
dbConn.Execute strSql,,128
re_step = re_step + 1
re_level = re_level + 1
Else
ref = seqNum
re_step = 0
re_level = 0
End If
Set UploadComponentRequest = Nothing
Sql = "INSERT INTO " & tid_board & " (" _
& "seqNum," _
& "objProperty," _
& "midx," _
& "secret," _
& "docType," _
& "author," _
& "e_mail," _
& "homepage," _
& "subject," _
& "passwd," _
& "category," _
& "regDate," _
& "latestDate," _
& "memoNum," _
& "readNum," _
& "vote," _
& "ip_reg," _
& "usrAgent_reg," _
& "ref," _
& "re_step," _
& "re_level," _
& "siteLink1," _
& "siteLink2,"
For i=0 To 29
Sql = Sql & "fileName" & i+1 & "," _
& "fileSize" & i+1 & "," _
& "fileDownLoad" & i+1 & ","
Next
Sql = Sql & "contents" _
& ") VALUES (" _
& seqNum & "," _
& N & "'" & objProperty & "'," _
& midx & "," _
& N & "'" & secret & "'," _
& N & "'" & docType & "'," _
& N & "'" & author & "'," _
& N & "'" & e_mail & "'," _
& N & "'" & homepage & "'," _
& N & "'" & subject & "'," _
& N & "'" & passwd & "'," _
& N & "'" & category & "', " _
& N & "'" & regDate & "'," _
& N & "'" & latestDate & "'," _
& memoNum & "," _
& readNum & "," _
& vote & "," _
& N & "'" & ip_reg & "'," _
& N & "'" & usrAgent_reg & "'," _
& ref & "," _
& re_step & "," _
& re_level & "," _
& N & "'" & siteLink1 & "'," _
& N & "'" & siteLink2 & "',"
For i=0 To 29
Sql = Sql & N & "'" & fileName(i) & "'," _
& fileSize(i) & "," _
& fileDownLoad(i) & ","
Next
Sql = Sql & N & "'" & contents & "');"
dbConn.Execute Sql,,128
Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum+1 WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
End If
'************************************************************************************
'SMTP À¥Áø Àü¼Û ½ÃÀÛ
If id = "news_04" Then
contents2 = "" & contents
'¹æ±Ýµî·ÏµÈ À¥ÁøÀÇ idx °¡Á®¿À±â
sql = "select idx from _board_news_04 where seqNum = '"&seqNum&"'"
rs.open sql,dbConn
With rs
idx = .Fields("idx")
End With
rs.Close
contents = replace(contents,"{data2}",idx)
contents2 = replace(contents2,"{data2}",idx)
'°øÁö»çÇ× - {data1}
sql = "select top 3 * from _board_news_01 WHERE objProperty='notice' order by idx desc"
'sql = "select top 3 * from _board_news_01 order by idx desc"
rs.open sql,dbConn
Do While Not rs.EOF
data1 = data1 & "" & rs("subject") & "
"
rs.MoveNext
Loop
rs.close
contents = replace(contents,"{data1}",data1)
contents2 = replace(contents2,"{data1}",data1)
'¿À´ÃÀǰ汸 - {data2}
sql = "select top 1 * from _board_news_05"
rs.open sql,dbConn
Do While Not rs.EOF
data2 = data2 & rs("subject") & "
" & rs("contents")
rs.MoveNext
Loop
rs.close
contents = replace(contents,"{data2}",data2)
contents2 = replace(contents2,"{data2}",data2)
Set objConfig = Server.CreateObject("CDO.Configuration")
With objConfig.Fields
.item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 1
.item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "C:\inetpub\mailroot\pickup"
.item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost"
.item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
.update
End With
'ȸ¿ø¿¡°Ô Àü¼Û
sql = "select * from _members_ where mem_mailing = 1"
'sql = "select * from _members_ where mem_id = 'test'"
rs.open sql,dbConn
Do While Not rs.EOF
Set ObjMail = Server.CreateObject("CDO.Message")
Set ObjMail.Configuration = objConfig
ObjMail.Subject = subject
ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò"
ObjMail.To = rs("mem_email")
ObjMail.Cc = ""
ObjMail.Bcc = ""
ObjMail.HTMLBody = contents2
ObjMail.HTMLBodyPart.Charset = "euc-kr"
ObjMail.Send
Set ObjMail = Nothing
rs.MoveNext
Loop
rs.close
'email Å×ÀÌºí¿¡ ÀÖ´Â »ç¶÷µé¿¡°Ô Àü´Þ
sql = "select * from email where yn <> 0"
'sql = "select * from email where email = 'starmono@naver.com' and yn <> 0"
rs.open sql,dbConn
Do While Not rs.EOF
Set ObjMail = Server.CreateObject("CDO.Message")
Set ObjMail.Configuration = objConfig
ObjMail.Subject = subject
ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò"
ObjMail.To = rs("email")
ObjMail.Cc = ""
ObjMail.Bcc = ""
ObjMail.HTMLBody = contents2
ObjMail.HTMLBodyPart.Charset = "euc-kr"
ObjMail.Send
Set ObjMail = Nothing
rs.MoveNext
Loop
rs.close
contents = Trim(Replace(contents,"''","'"))
contents = Trim(Replace(contents,"'","''"))
sql = "update _board_news_04 set contents = '"&contents&"' where seqNum = '"&seqNum&"'"
dbConn.Execute sql,,128
End If
'SMTP À¥Áø Àü¼Û ³¡
'************************************************************************************
'************************************************************************************
'Á¾Ã¥Á¦¾È Àü¼Û °ü·Ã
If id = "suggest_01" Then
adminmail = "shw@buddhism.or.kr"
Set objConfig = Server.CreateObject("CDO.Configuration")
With objConfig.Fields
.item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 1
.item("http://schemas.microsoft.com/cdo/configuration/smtpserverpickupdirectory") = "C:\inetpub\mailroot\pickup"
.item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost"
.item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30
.update
End With
Set ObjMail = Server.CreateObject("CDO.Message")
Set ObjMail.Configuration = objConfig
ObjMail.Subject = author&" ´ÔÀÌ º¸³»ÁֽŠÁ¾Ã¥ Á¦¾È ÀÔ´Ï´Ù."
ObjMail.From = "ºÒ±³»çȸ¿¬±¸¼Ò"
ObjMail.To = adminmail
ObjMail.Cc = ""
ObjMail.Bcc = ""
ObjMail.HTMLBody = contents
ObjMail.HTMLBodyPart.Charset = "euc-kr"
ObjMail.Send
Set ObjMai = Nothing
End If
'************************************************************************************
Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
'**********************************************************************
' °Ô½Ã¹° ¼öÁ¤ ÀúÀå ó¸®
'**********************************************************************
ElseIf mode="modifysave" Then
Response.Clear
host = Request.ServerVariables("HTTP_HOST")
referer = Request.ServerVariables("HTTP_REFERER")
'//¿ÜºÎÀÔ·Â ¹æÁö
If InStr(referer, host)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Response.isClientConnected Then
referer = Request.ServerVariables("HTTP_REFERER") '//ÀÌÀüÆäÀÌÁö ÁÖ¼Ò
ip_edit = Request.ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÀÚ ¿ø°ÝÁö ÁÖ¼Ò
usrAgent_edit = Left(Replace(Request.ServerVariables("HTTP_USER_AGENT"),"'","''"),255) '//ÀÛ¼ºÀÚ ½Ã½ºÅÛ Á¤º¸
'//°Ô½Ã¹° ³»¿ë °¡Á®¿È
Sql = "SELECT * FROM " & tid_board & " WHERE idx=" & idx & ";"
rs.Open Sql,dbConn
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ÁöÁ¤ ÄÄÆÛ³ÍÆ® °³Ã¼ »ý¼º
Call SetUploadComponent(uploadComponent)
'//Request ¹Þ±â
objProperty = Trim(InjectionDefender(RequestForm("objProperty"))) '//°Ô½Ã¹° Ư¼º
author = Trim(InjectionDefender(RequestForm("author"))) '//ÀÛ¼ºÀÚ
e_mail = Trim(InjectionDefender(LCase(RequestForm("e_mail")))) '//ÀÛ¼ºÀÚ À̸ÞÀÏÁÖ¼Ò
homepage = Trim(InjectionDefender(RequestForm("homepage"))) '//ÀÛ¼ºÀÚ È¨ÆäÀÌÁöÁÖ¼Ò
subject = Trim(Replace(RequestForm("subject"),"'","''")) '//±ÛÁ¦¸ñ
contents = Trim(Replace(RequestForm("contents"),"'","''")) '//±Û³»¿ë
passwd = Replace(RequestForm("passwd"),"'","''") '//°Ô½Ã¹° ¾ÏÈ£
category = InjectionDefender(RequestForm("category")) '//Ä«Å×°í¸®
docType = InjectionDefender(RequestForm("docType")) '//¹®¼Å¸ÀÔ
secret = InjectionDefender(RequestForm("secret")) '//ºñ¹Ð±Û
siteLink1 = Trim(InjectionDefender(RequestForm("siteLink1"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #1
siteLink2 = Trim(InjectionDefender(RequestForm("siteLink2"))) '//»çÀÌÆ®¸µÅ© URLÁÖ¼Ò #2
editDate = Now '//ÀÛ¼ºÀÏÀÚ
readNum = 0 '//Á¶È¸¼ö
'//ÆÄÀÏ »èÁ¦ üũ
For i=0 To 29 Step 1
delAttachFile(i) = Trim(RequestForm("delAttachFile"&i+1))
Next
'//¾ÏÈ£ÈµÈ ÀÎÁõ ¾ÏÈ£
auth = Replace(RequestForm("auth"),"'","''")
If Trim(auth)="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ÀÔ·Â Á¶°Ç °Ë»ç
If author="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If subject="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"Á¦¸ñÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If contents="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredSubject")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If ip_edit="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownIPAddress")) '"¾ÆÀÌÇÇ ÁÖ¼Ò°¡ À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
If Len(author)>100 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù."
Response.End
End If
If Len(subject)>200 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidSubject")) '"Á¦¸ñÀÇ ±æÀÌ°¡ ³Ê¹« ±é´Ï´Ù.\nÁ¦¸ñÀ» °£·«ÇÏ°Ô ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
Response.End
End If
If e_mail<>"" And Not IsEmail(e_mail) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownEmail")) '"À߸øµÈ À̸ÞÀÏ ÁÖ¼ÒÀÔ´Ï´Ù.\nÀ̸ÞÀÏÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
If homepage<>"" And homepage<>"http://" And Not IsUrl(homepage) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownHomepage")) '"À߸øµÈ ȨÆäÀÌÁö ÁÖ¼ÒÀÔ´Ï´Ù.\nȨÆäÀÌÁöÁÖ¼Ò¸¦ Á¤È®È÷ ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
Response.End
End If
'If useCategory=True And category="" Then
'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredCategory")) '"Ä«Å×°í¸®¸¦ ¼±ÅÃÇÏÁö ¾Ê¾Ò½À´Ï´Ù..\nÄ«Å×°í¸®¸¦ ¼±ÅÃÇØ ÁÖ¼¼¿ä."
'End If
If category<>"" And InStr(categories,category)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If objProperty<>"" And IsAdmin<>True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ºÒ·®´Ü¾î üũ
If useWordFilter=True Then
strTemp = Split(badWords,",")
For i=0 To Ubound(strTemp)
If InStr(1,contents,strTemp(i))<>0 Or InStr(1,subject,strTemp(i))<>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"Á¦¸ñ ¶Ç´Â ³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ."
Response.End
End If
Next
End If
'//°Ô½Ã¹° ¾ÏÈ£ ó¸®
If passwd="" Then
'//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ ÀúÀå
If MemId<>"" And passwd="" Then passwd = rs.Fields("passwd")
'//¾ÏÈ£°¡ ºñ¾î ÀÖÀ¸¸é ÀÌÀü ¾ÏÈ£ ÀúÀå
If MemId="" And passwd="" Then passwd = rs.Fields("passwd")
Else
passwd = cx.SetEncode(passwd)
End If
'//¾÷·Îµå °æ·Î È®ÀÎ
tmp = CreateServerFolder(directoryPath)
If tmp=False Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù."
Response.End
End If
'//ÆÄÀÏ »èÁ¦ üũ ó¸®
For i=0 To (fileMaxNum-1) Step 1
If delAttachFile(i)="true" Then
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then
'//File#n ÀÌÀüÆÄÀÏ »èÁ¦
fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
End If
'//ÆÄÀÏÁ¤º¸ ÃʱâÈ
fileName(i) = ""
fileSize(i) = 0
fileDownLoad(i) = 0
End If
Next
'/////ÄÄÆÛ³ÍÆ®º° ó¸®
'//ÀÚü ¾÷·ÎµåÀÏ °æ¿ì
If uploadComponent="Built-in" Then
For i=0 To (fileMaxNum-1) Step 1
sErrorNumber = "0"
sFileName = ""
If UploadComponentRequest.ErrNum > 0 Then
sErrorNumber = "202"
Else
'//Map the virtual path to the local server path.
sServerDir = Server.MapPath(uploadedPath) & "\"
If Not fs.FolderExists(sServerDir) Then
sErrorNumber = "102" '//Invalid Floder Name Á¸ÀçÇÏÁö ¾Ê´Â Æú´õ
Else
If UploadComponentRequest.GetFileName("attachFile"&i+1)<>"" Then
'//Get the uploaded file name ¾÷·ÎµåµÈ ÆÄÀÏ °¡Á®¿À±â
sFileName = UploadComponentRequest.File("attachFile"&i+1).Name
sExtension = UploadComponentRequest.File("attachFile"&i+1).Ext
sFileName = SanitizeFileName(sFileName) '//ÆÄÀÏ¸í¿¡ ºÎÁ¢ÇÕÇÑ ¹®ÀÚ Á¦°Å
sOriginalFileName = sFileName
fileName(i) = InjectionDefender(UploadComponentRequest.File("attachFile"&i+1).Name) '//ÆÄÀÏÀ̸§
fileSize(i) = UploadComponentRequest.File("attachFile"&i+1).Size '//ÆÄÀÏÅ©±â
fileType(i) = UploadComponentRequest.File("attachFile"&i+1).MIME '//ÆÄÀÏŸÀÔ
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
If fileSize(i) > fileMaxLimit Then '//ÆÄÀÏ¿ë·® Á¦ÇÑ
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù.")
Response.End
End If
iCounter = 0
Do While True
sFilePath = sServerDir & sFileName
If fs.FileExists(sFilePath) Then
iCounter = iCounter + 1
'//Áߺ¹ÆÄÀÏ Ã¼Å©
sFileName = Left(sOriginalFileName, InStrRev(sOriginalFileName, ".") - 1) & "(" & iCounter & ")." & sExtension
sErrorNumber = "201" 'Created, POST ¸í·É ½ÇÇà ¹× ¼º°ø
fileName(i) = sFileName
Else
UploadComponentRequest.SaveAs "attachFile"&i+1, sFilePath
If UploadComponentRequest.ErrNum > 0 Then sErrorNumber = "202" 'Accepted, ¼¹ö°¡ Ŭ¶óÀ̾ðÆ® ¸í·ÉÀ» ¹ÞÀ½
Exit Do
End If
Loop
'//ÀÌÀüÆÄÀÏ »èÁ¦
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
Else
'//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦Ã¼Å©°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå
If delAttachFile(i)<>"true" Then
fileName(i) = rs.Fields("fileName"&i+1)
fileSize(i) = rs.Fields("fileSize"&i+1)
End If
End If
End If
End If
'Print sErrorNumber '//¿¡·¯¹ß»ý½Ã È®ÀÎ
Next
'//ABC¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ°æ¿ì
ElseIf uploadComponent="ABCUpload" Then
For i=0 To (fileMaxNum-1) Step 1
If objFile(i).fileExists Then
fileName(i) = InjectionDefender(objFile(i).SafeFileName) '//ÆÄÀÏÀ̸§
fileSize(i) = objFile(i).Length '//ÆÄÀÏÅ©±â
fileType(i) = objFile(i).FileType '//ÆÄÀÏŸÀÔ
'//ÆÄÀÏ¿ë·® Á¦ÇÑ
If objFile(i).Length > fileMaxLimit Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù."
Response.End
Else
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
'//File#n ÀÌÀüÆÄÀÏ »èÁ¦
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
'//ÆÄÀÏ ÀúÀå °æ·Î
strFileWholePath = GetUniqueName(fileName(i), DirectoryPath)
'//ÆÄÀÏ ÀúÀå
objFile(i).Save strFileWholePath
'//ÀÌÀüÆÄÀÏ »èÁ¦
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
End If
Else
'//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦Ã¼Å©°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå
If delAttachFile(i)<>"true" Then
fileName(i) = rs.Fields("fileName"&i+1)
fileSize(i) = rs.Fields("fileSize"&i+1)
End If
End If
Set objFile(i) = Nothing
Next
'//µ¦½ºÆ®¾÷·Îµå ÄÄÆÛ³ÍÆ®ÀÏ °æ¿ì
ElseIf uploadComponent="DEXTUpload" Then
For i=0 To (fileMaxNum-1) Step 1
If UploadComponentRequest("attachFile"&i+1)<>"" Then
fileName(i) = InjectionDefender(UploadComponentRequest("attachFile"&i+1).FileName)
fileSize(i) = UploadComponentRequest("attachFile"&i+1).FileLen
fileType(i) = UploadComponentRequest("attachFile"&i+1).MimeType
'//ÆÄÀÏ ¿ë·® Á¦ÇÑ
If fileSize(i) > fileMaxLimit And fileMaxLimit <> -1 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ExceedUploadLimit")) '"¾÷·ÎµåÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ ÃÊ°ú µÇ¾ú½À´Ï´Ù."
Response.End
Else
If fileSize(i)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CheckVoidFile")) '"0 Byte ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù."
Response.End
End if
'//File#n ÀÌÀüÆÄÀÏ »èÁ¦
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
'//ÆÄÀÏ ÀúÀå °æ·Î
strFileWholePath = GetUniqueName(fileName(i), DirectoryPath)
'//ÆÄÀÏ ÀúÀå
UploadComponentRequest("attachFile"&i+1).SaveAS strFileWholePath
'//ÀÌÀüÆÄÀÏ »èÁ¦
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i+1)) Then fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i+1))
End If
Else
'//÷ºÎÆÄÀÏÀÌ ¾ø°í »èÁ¦ üũ°¡ ¾øÀ¸¸é ÀÌÀü Á¤º¸ ÀúÀå
If delAttachFile(i)<>"true" Then
fileName(i) = rs.Fields("fileName"&i+1)
fileSize(i) = rs.Fields("fileSize"&i+1)
End If
End If
Next
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UpCmpSetError")) '"ÄÄÆ÷³ÍÆ® ÁöÁ¤ÀÌ À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
Set UploadComponentRequest = Nothing
rs.Close
For i=0 To fileMaxNum-1
'//ÆÄÀÏ¸í¿¡¼ ½ÌŬÄõÅ×ÀÌ¼Ç ¿¡·¯ ¹æÁö
If fileName(i)<>"" Then fileName(i) = Replace(fileName(i),"'","''")
'//ÆÄÀÏ »çÀÌÁî ÃʱâÈ
If fileSize(i)="" Or IsNull(fileSize(i)) Then fileSize(i) = 0
Next
'//ºñ¹Ð±ÛÀÌ ¾Æ´Ò°æ¿ì False·Î ¼³Á¤
If secret="" Then secret = 0
'//°Ô½Ã¹° ¾ÏÈ£ °¡Á®¿À±â
strSql = "SELECT passwd FROM " & tid_board & " WHERE idx=" & idx & ";"
rs.open strSql,dbConn
Sql = "UPDATE " & tid_board & " SET " _
& "objProperty=" & N & "'" & objProperty & "'," _
& "secret=" & N & "'" & secret & "'," _
& "docType=" & N & "'" & docType & "'," _
& "author=" & N & "'" & author & "'," _
& "e_mail=" & N & "'" & e_mail & "'," _
& "homepage=" & N & "'" & homepage & "'," _
& "subject=" & N & "'" & subject & "'," _
& "passwd=" & N & "'" & passwd & "'," _
& "category=" & N & "'" & category & "'," _
& "editDate=" & N & "'" & Now & "'," _
& "ip_edit=" & N & "'" & ip_edit & "'," _
& "usrAgent_edit=" & N & "'" & usrAgent_edit & "'," _
& "siteLink1=" & N & "'" & siteLink1 & "'," _
& "siteLink2=" & N & "'" & siteLink2 & "',"
For i=0 To (fileMaxNum-1) Step 1
Sql = Sql & "fileName" & i+1 & "=" & N & "'" & fileName(i) & "'," _
& "fileSize" & i+1 & "=" & fileSize(i) & ", "
Next
Sql = Sql & "contents=" & N & "'" & contents & "'" _
& "WHERE idx=" & idx & ";"
'//ÀÎÁõµÇ°Å³ª °ü¸®ÀÚÀÏ°æ¿ì
If md5.MD5(rs.Fields("passwd"))=auth Or md5.Md5(admin_passwd)=auth Then
dbConn.Execute Sql,,128
Response.Redirect "?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
End If
End If
Response.End
'**********************************************************************
' °Ô½Ã¹° »èÁ¦ ó¸®
'**********************************************************************
ElseIf mode="delete" Then
Response.Clear
'//ÀÎÁõ¾ÏÈ£
authpasswd = Replace(Request.Form("authpasswd"), "'", "''")
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
If MemId="" Then authpasswd = cx.SetEncode(authpasswd)
End If
If Response.isClientConnected Then
Sql = "SELECT passwd,"
For i=1 To 30
Sql = Sql & " fileName" & i
If i<30 Then Sql = Sql & ", " Else Sql = Sql & " "
Next
'//°Ô½Ã¹° Á¤º¸ °¡Á®¿À±â
Sql = Sql & " FROM " & tid_board & " WHERE idx=" & idx & ";"
rs.Open Sql,dbConn
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownObjectMsg")) '"°Ô½Ã¹°ÀÌ ¾ø°Å³ª ÀÌ¹Ì »èÁ¦µÇ¾ú½À´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ÀÎÁõµÇ¾ú°Å³ª °ü¸®ÀÚÀÏ°æ¿ì
If authpasswd=rs.Fields("passwd") Or authpasswd=admin_passwd Then
For i=1 To 30 Step 1
If rs.Fields("fileName"&i)<>"" Then
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i)) Then
'//ÆÄÀÏÀÌ ÀÖÀ¸¸é file#n ÀÌÀü ÆÄÀÏ »èÁ¦
fs.DeleteFile(directoryPath & "\" & rs.Fields("fileName"&i))
End If
End If
Next
dbConn.BeginTrans()
'//°Ô½Ã¹°¿¡ Æ÷ÇÔµÈ ´ñ±Û ¸ðµÎ»èÁ¦
Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND objNum=" & idx & ";"
dbConn.Execute Sql,,128
'//°Ô½Ã¹° »èÁ¦
Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idx & ";"
dbConn.Execute Sql,,128
'//°Ô½Ã¹° °¹¼ö °¨¼Ò
Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-1 WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans()
Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
dbConn.RollbackTrans()
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DeleteErrorMsg")) '"¿À·ù·Î ÀÎÇØ »èÁ¦Ã³¸®°¡ ÁߴܵǾú½À´Ï´Ù."
Response.End
End If
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
End If
End If
Response.End
'**********************************************************************
' °Ô½Ã¹° ¸ÖƼ »èÁ¦ ó¸®
'**********************************************************************
ElseIf mode="deleteAtAll" Then
Response.Clear
authpasswd = Replace(Request.Form("authpasswd"), "'", "''") '//ÀÎÁõ¾ÏÈ£
idx = InjectionDefender(Request("idx")) '//°Ô½Ã¹° °íÀ¯¹øÈ£µé(½°Ç¥ ±¸ºÐ)
idxs = Split(idx,", ") '//°Ô½Ã¹° °íÀ¯¹øÈ£ ºÐ¸®
idxp = Replace(idx,", "," OR idx=") '//idxº° Äõ¸®¹® Á¤¸®
idxpx = Replace(idx,", "," OR objNum=") '//objNumº° Äõ¸®¹® Á¤¸®
If InStr(idxp,"'")>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiDeleteQueryError")) '"Äõ¸®¿¡ À߸øµÈ ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù."
Response.End
End If
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
If IsAdmin<>True Then authpasswd = cx.SetEncode(authpasswd)
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Response.isClientConnected Then
If authpasswd=admin_passwd Then '//°ü¸®ÀÚ·Î ÀÎÁõµÇ¾úÀ» °æ¿ì
dbConn.BeginTrans() '//Æ®·£Àè¼Ç ½ÃÀÛ
For i=0 To Ubound(idxs)
objSql = "SELECT * FROM " & tid_board & " WHERE idx=" & idxs(i) '//ÆÄÀÏÀ̸§ °¡Á®¿À±â
objRs.open objSql,dbConn
If Not objRs.EOF Then
For ii=0 To 29 Step 1
fileName(ii) = objRs.Fields("fileName"&ii+1)
If fileName(ii)<>"" Then '//ÆÄÀÏÀ̸§ È®ÀÎ
If fs.FileExists(directoryPath & "\" & fileName(ii)) Then '//ÆÄÀÏÀÌ ÀÖ´ÂÁö üũ
fs.DeleteFile(directoryPath & "\" & fileName(ii)) '//file#n ÆÄÀÏ »èÁ¦
End If
End If
Next
End If
objRs.Close
Next
'//°Ô½Ã¹° »èÁ¦
Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idxp & ";" '//°Ô½Ã¹° »èÁ¦ Äõ¸®
dbConn.Execute Sql,,128
'//´ñ±Û »èÁ¦
Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND (objNum=" & idxpx & ");"
dbConn.Execute Sql,,128
'//°Ô½Ã¹° °¹¼ö °¨¼Ò
Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-" & UBound(idxs)+1 & " WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans() '//¿¡·¯°¡ ¾øÀ¸¸é Æ®·£Àè¼ÇÀ» Ä¿¹Ô½ÃÅ´
Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
dbConn.RollbackTrans() '//¿¡·¯°¡ ÀÖÀ¸¸é ·Ñ¹éó¸®
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DeleteErrorMsg")) '"¿À·ù·Î ÀÎÇØ »èÁ¦Ã³¸®°¡ ÁߴܵǾú½À´Ï´Ù."
Response.End
End If
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
End If
End If
Response.End
'**********************************************************************
' °Ô½Ã¹° À̵¿
'**********************************************************************
ElseIf mode="MoveArticles" Then
Response.Clear
targetTableIdName = Replace(Request.Form("targetTableIdName"),"'","''")
authpasswd = Replace(Request.Form("authpasswd"), "'" ,"''") '//ÀÎÁõ¾ÏÈ£
idx = InjectionDefender(Request("idx")) '//°Ô½Ã¹° °íÀ¯¹øÈ£µé(½°Ç¥ ±¸ºÐ)
idxs = Split(idx,", ") '//°Ô½Ã¹° °íÀ¯¹øÈ£ ºÐ¸®
idxp = Replace(idx,", "," OR idx=") '//idxº° Äõ¸®¹® Á¤¸®
idxpx = Replace(idx,", "," OR objNum=") '//objNumº° Äõ¸®¹® Á¤¸®
If targetTableIdName=id Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveSelError")) '"°°Àº °Ô½ÃÆÇÀ¸·Î´Â À̵¿ÇÒ¼ö ¾ø½À´Ï´Ù."
Response.End
End If
If InStr(idxp,"'")>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveQueryError")) '"Äõ¸®¿¡ À߸øµÈ ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù."
Response.End
End If
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ» °æ¿ì
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seq=" & seq & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
If IsAdmin<>True Then authpasswd = cx.SetEncode(authpasswd)
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Response.IsClientConnected Then
If authpasswd=admin_passwd Then '//°ü¸®ÀÚ·Î ÀÎÁõµÇ¾úÀ» °æ¿ì
targetTableIdBoard = "_board_" & targetTableIdName '//´ë»óÅ×À̺íÀ̸§
'targetTableIdCmt = "_board_cmt_" & targetTableIdName '//´ë»ó´ñ±ÛÅ×À̺íÀ̸§
dbConn.BeginTrans() '//Æ®·£Àè¼Ç ½ÃÀÛ
Sql = "SELECT MAX(seqNum) FROM " & targetTableIdBoard '//À̵¿´ë»ó °Ô½ÃÆÇÀÇ seqNumÇʵ忡¼ °¡Àå Å«¼ö ºÒ·¯¿À±â
rs.Open Sql,dbConn
If IsNull(rs.Fields(0)) Then seqNum=1 Else seqNum=rs.Fields(0)+1 '//Áõ°¡ ½ÃŲ seqNum°ª ±¸Çϱâ
rs.Close
i = UBound(idxs)
j = 0
Do While i>=0
'/////÷ºÎÆÄÀÏ À̵¿
Sql = "SELECT directoryPath FROM " & AdminTblName & " WHERE board_id='" & targetTableIdName & "';"
rs.Open Sql,dbConn
targetDirectoryPath = rs.Fields(0) '//À̵¿´ë»ó °Ô½ÃÆÇÀÇ ¾÷·ÎµåÆÄÀÏ ÀúÀå°æ·Î
rs.Close
If StrComp(uploadedPath, FSBOARD_PATH & targetDirectoryPath)<>0 Then '//¿øº»°Ô½ÃÆÇ°ú À̵¿´ë»ó°Ô½ÃÆÇÀÇ ¾÷·ÎµåÆÄÀÏ °æ·Î°¡ ´Ù¸¦ °æ¿ì
'//¾÷·Îµå °æ·Î È®ÀÎ
tmp = CreateServerFolder(targetDirectoryPath)
If tmp=False Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù."
Response.End
End If
Sql = "SELECT "
For ii=1 To 30
Sql = Sql & " fileName" & ii & ","
Next
Sql = Sql & "idx FROM " & tid_board & " WHERE idx=" & idxs(i)
rs.Open Sql,dbConn '//¿øº»°Ô½Ã¹° ÆÄÀÏÀ̸§ °¡Á®¿À±â
If Not rs.EOF Then
For ii=0 To 29
fileName(ii) = rs.Fields("fileName"&ii+1) '//ÆÄÀÏÀ̸§µéÀ» ¹è¿¿¡ ġȯ
If fileName(ii)<>"" Or Not IsNull(fileName(ii)) Then '//ÆÄÀÏÀ̸§ÀÌ ÀÖÀ» °æ¿ì
If fs.FileExists(directoryPath & "\" & fileName(ii)) Then '//ÆÄÀÏÀÌ Á¸ÀçÇÏ´ÂÁö üũ
fs.MoveFile directoryPath & "\" & fileName(ii), Server.MapPath(targetDirectoryPath & "/" & fileName(ii)) '//À̵¿´ë»ó°Ô½ÃÆÇÀ¸·Î ÷ºÎÆÄÀϵéÀ» ¸ðµÎ À̵¿
End If
End If
Next
End If
rs.Close
End If
'/////°Ô½Ã¹° À̵¿
Sql = "INSERT INTO " & targetTableIdBoard & " SELECT seqNum,objProperty,midx,secret,docType,author,e_mail,homepage,subject,passwd,category,regDate,editDate,latestDate,memoNum,readNum,vote,ip_reg,ip_edit,usrAgent_reg,usrAgent_edit,ref,re_step,re_level,siteLink1,siteLink2,"
For ii=1 To 30 Step 1
Sql = Sql & "fileName" & ii & ",fileSize" & ii & ",fileDownload" & ii & ","
Next
Sql = Sql & "contents FROM " & tid_board & " WHERE idx=" & idxs(i) & ";"
dbConn.Execute Sql,,128 '//¿øº»°Ô½ÃÆÇÀ¸·ÎºÎÅÍ ´ë»ó°Ô½ÃÆÇÀ¸·Î ·¹ÄÚµå º¹»ç(idx,ref,re_step,re_level Ä÷³µéÀº Á¦¿Ü)
Sql = "SELECT @@IDENTITY FROM " & targetTableIdBoard & ";"
rs.Open Sql,dbConn '//´ë»ó°Ô½ÃÆÇ¿¡ ÀÔ·ÂµÈ idx°ª °¡Á®¿À±â
insert_id = rs.Fields(0)
rs.Close
Sql = "UPDATE " & targetTableIdBoard & " SET seqNum=" & seqNum + j & ", ref=" & seqNum + j & ", re_step=0, re_level=0 WHERE idx=(SELECT max(idx) FROM " & targetTableIdBoard & ")"'idx=" & idxs(i)
dbConn.Execute Sql,,128 '//º¹»ç¿¡¼ Á¦¿Ü½ÃÄ×´ø ref,re_step,re_level Ä÷³ÀÇ °ªÀ» ÁöÁ¤ÇØÁÜ(idx´Â Á¦¿Ü)
Sql = "DELETE FROM " & tid_board & " WHERE idx=" & idxs(i) & ";"
dbConn.Execute Sql,,128 '//¿øº» °Ô½Ã¹° »èÁ¦
'/////´ñ±Û À̵¿(¿¹Àü ¹öÀü)
'Sql = "UPDATE " & tid_cmt & " SET objNum=0 WHERE objNum=" & idxs(i)
'dbConn.Execute Sql,,128 '//À̵¿µÉ ´ñ±ÛÀνĹøÈ£¸¦ 0À¸·Î ¹Ù²Þ
'Sql = "INSERT INTO " & targetTableIdCmt & " SELECT objNum,name,e_mail,passwd,regDate,editDate,ip,memo FROM " & tid_cmt & " WHERE objNum=0"
'dbConn.Execute Sql,,128 '//´ñ±Û ·¹ÄÚµå º¹»ç(seqNum Ä÷³ Á¦¿Ü)
'Sql = "UPDATE " & targetTableIdCmt & " SET objNum=(SELECT max(idx) FROM " & targetTableIdBoard & ") WHERE objNum=0"
'dbConn.Execute Sql,,128 '//´ñ±ÛÀνĹøÈ£¸¦ À̵¿µÈ °Ô½Ã¹°ÀÇ °íÀ¯¹øÈ£·Î ¹Ù²Þ
'Sql = "DELETE FROM " & tid_cmt & " WHERE objNum=0"
'dbConn.Execute Sql,,128 '//¿øº» ´ñ±Û »èÁ¦
'/////´ñ±Û À̵¿
Sql = "UPDATE " & tid_cmt & " SET board_id=" & N & "'" & targetTableIdName & "', objNum=" & insert_id & " WHERE board_id='" & id & "' AND (objNum=" & idxs(i) & ");"
dbConn.Execute Sql,,128 '//À̵¿µÈ ´ñ±ÛÀνĹøÈ£ ¸ÊÇÎ
i = i - 1
j = j + 1
Loop
'//¿øº»°Ô½ÃÆÇ °Ô½Ã¹° °¹¼ö ¸ÂÃã
Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum-" & UBound(idxs)+1 & " WHERE board_id='" & id & "';"
dbConn.Execute Sql,,128
'//´ë»ó°Ô½ÃÆÇ °Ô½Ã¹° °¹¼ö ¸ÂÃã
Sql = "UPDATE " & AdminTblName & " SET articleNum=articleNum+" & UBound(idxs)+1 & " WHERE board_id='" & targetTableIdName & "';"
dbConn.Execute Sql,,128
'//Æ®·£Àè¼Ç
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans() '//Äõ¸® ¼öÇà
Else
dbConn.RollbackTrans() '//·Ñ¹é ½ÃÅ´
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("MultiMoveErrorMsg")) '"¿À·ù·Î ÀÎÇØ °Ô½Ã¹°À̵¿ÀÌ ÁߴܵǾú½À´Ï´Ù."
End If
'//¿ø·¡ °Ô½ÃÆÇÀ¸·Î º¹±Í
Response.Redirect "?id=" & id & "&mode=list&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
End If
End If
Response.End
'//·¹ÄÚµå Ä«ÇÇ Âü°í
'insert into A select * from B '·¹ÄÚµå Ä«ÇÇ Äõ¸®
'select * into A from B '·¹ÄÚµå Ä«ÇÇ Äõ¸®
'**********************************************************************
' ÀÎÁõ Æû
'**********************************************************************
ElseIf mode="authenticate" Then
'//Æ÷ÇԵǾú´ÂÁö È®ÀÎ
LoginIncluded = True
'//·Î±×ÀÎ ÆÄÀÏ Æ÷ÇÔ ½ÃÅ´
%><%
'**********************************************************************
' ÷ºÎÆÄÀÏ ´Ù¿î·Îµå
'**********************************************************************
ElseIf mode="download" Then
Response.Clear
ServerSoftware = Request.ServerVariables("SERVER_SOFTWARE")
With Request
nav = InjectionDefender(.QueryString("nav"))
fileNum = InjectionDefender(.QueryString("fileNum"))
fName = InjectionDefender(.QueryString("filename"))
referer = InjectionDefender(.ServerVariables("HTTP_REFERER"))
maintainIdCode = Trim(.QueryString("maintainIdCode"))
End With
'//¹«´Ü¸µÅ© È®ÀÎ
If useBlockAnyLink=True And maintainIdCode<>md5.MD5(Session.SessionId) Then
host = Request.ServerVariables("HTTP_HOST")
referer = Request.ServerVariables("HTTP_REFERER")
If InStr(referer, host)<=0 Then
Print MsgExtract("DLPermissionError") '"¿ÜºÎ¿¡¼ ¹«´Ü¸µÅ© µÇ¾î ´Ù¿î·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù. You don't have permission to access."
Response.End
End If
Print MsgExtract("DLPermissionError") '"¿ÜºÎ¿¡¼ ¹«´Ü¸µÅ© µÇ¾î ´Ù¿î·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù. You don't have permission to access."
Response.End
End If
'//°Ô½Ã¹° Á¤º¸ °¡Á®¿À±â
Sql = "SELECT * FROM " & tid_board & " WHERE idx=" & InjectionDefender(idx) & ";"
rs.open Sql,dbConn
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//±ÇÇÑ Ã¼Å©
If viewLevel=False Or (rs.Fields("secret")=True And secretLevel=False) Then
If referer="" Or InStr(referer,"mode=view")=0 Or InStr(referer,"idx="&idx)=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UserPermissionError")) '"±ÇÇÑÀÌ ¾ø½À´Ï´Ù."
Response.End
End If
End If
For i=1 To 30 Step 1
If fileNum=CStr(i) Then
If fs.FileExists(directoryPath & "\" & rs.Fields("fileName"&i)) Then
'//ÀúÀåµÈ ´Ù¿î·Îµå Ƚ¼ö °¡Á®¿À±â
ii = CDbl(rs.Fields("fileDownLoad"&i))
'//´Ù¿î·Îµå Ƚ¼ö Áõ°¡
ii = ii + 1
'//Áõ°¡½ÃŲ Ƚ¼ö ±â·Ï
Sql = "UPDATE " & tid_board & " SET fileDownLoad" & i & "=" & ii & " WHERE idx=" & idx & ";"
dbConn.Execute Sql,,128
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NoFileMsg")) '"ÆÄÀÏÀÌ ¾ø½À´Ï´Ù."
End If
If InStr(ServerSoftware,"Microsoft-IIS/5.0")>0 Then
If rs.Fields("fileSize"&i)>0 And rs.Fields("fileSize"&i)<=(2^20*20) Then useStream=True Else useStream=False '//IIS5.0¿¡¼ ÆÄÀÏ¿ë·® üũ 0¹ÙÀÌÆ®À̰ųª 20MB°¡ ³ÑÀ» °æ¿ì Á÷Á¢¸µÅ©
Else
If rs.Fields("fileSize"&i)>0 And rs.Fields("fileSize"&i)<=(2^20*20) Then useStream=True Else useStream=False '//ÆÄÀÏ¿ë·® üũ 0¹ÙÀÌÆ®À̰ųª 4MB°¡ ³ÑÀ» °æ¿ì Á÷Á¢¸µÅ©
end If
If InStr(rs.Fields("fileName"&i),".mp3") Or InStr(rs.Fields("fileName"&i),".MP3") Then
'Response.Redirect "?id=" & id & "&mode=fileLink&nav=view&idx=" & idx & "&fileName=" & Server.UrlEncode(rs.Fields("fileName"&i)) & "&maintainCode=" & md5.MD5(Session.SessionId)
'Response.End
useStream = False
End If
End If
Next
If useStream Then
'//°Á¦ ´Ù¿î·Îµå ÇÔ¼ö È£Ãâ
DownloadFile fName,uploadedPath
Else
'Print "Download"
Response.Redirect uploadedPath & "/" & fName
End If
'//¿ø·¡ ÀÚ¸®·Î º¹±Í
'Response.Redirect "?id=" & id & "&mode=" & nav & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
rs.Close
Response.End
'**********************************************************************
' ÆÄÀÏ °æ·Î µÇµ¹¸®±â
'**********************************************************************
ElseIf mode="fileLink" Then
Response.Clear
nav = Trim(Request.QueryString("nav"))
fName = Trim(Request.QueryString("filename"))
filepath = ""
If useBlockAnyLink=True Then
maintainIdCode = Trim(Request.QueryString("maintainIdCode"))
If maintainIdCode=md5.MD5(Session.SessionId) Then
filepath = uploadedPath & "/" & fName
Else
filepath = "/"
End If
host = Request.ServerVariables("HTTP_HOST")
referer = Request.ServerVariables("HTTP_REFERER")
'If InStr(referer, host)<=0 Then filepath = "/"
Else
filepath = uploadedPath & "/" & fName
End If
Response.Redirect(filepath)
Response.End
'**********************************************************************
' ¿¡·¯ ¸Þ½ÃÁö º¸À̱â
'**********************************************************************
ElseIf mode="error" Then
'//¿¡·¯¸Þ½ÃÁö ÆÄÀÏ Æ÷ÇÔ ½ÇÇà
'Server.Execute(FSBOARD_PATH & "lib/_error.asp")
%><%
'**********************************************************************
' °Ô½Ã¹° Ãßõ
'**********************************************************************
ElseIf mode="vote" Then
'//Ãßõ ÄíÅ° È®ÀÎ
If Request.Cookies("fsbv"&id)(CStr(idx))<>"v" Then
With Response
.Cookies("fsbv"&id)(CStr(idx)) = "v"
.Cookies("fsbv"&id).Expires = Date + 365
.Cookies("fsbv"&id).Path = Request.ServerVariables("URL")'"/"
End With
Sql = "SELECT vote FROM " & tid_board & " WHERE idx=" & InjectionDefender(idx) & ";"
rs.Open Sql,dbConn
If Not rs.EOF Then
i = rs.Fields("vote")
i = i + 1 '//Ãßõ¼ö Áõ°¡
Sql = "UPDATE " & tid_board & " SET vote=" & CDbl(i) & " WHERE idx=" & InjectionDefender(idx) & ";"
dbConn.Execute Sql,,128
End If
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("VoteOverLapping")) '"ÀÌ¹Ì ÃßõÇÏ¿´½À´Ï´Ù."
End If
'//¿ø·¡ ÀÚ¸®·Î º¹±Í
Response.Redirect "?id=" & id & "&mode=" & nav & "&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
'**********************************************************************
' ´ñ±Û ÀúÀå ó¸®
'**********************************************************************
ElseIf mode="saveMemo" Then
Response.Clear
With Request
name = InjectionDefender(Trim(.Form("name"))) '//ÀÛ¼ºÀÚ À̸§
e_mail = InjectionDefender(Trim(.Form("e_mail"))) '//ÀÛ¼ºÀÚ ¸ÞÀÏ
passwd = Replace(Trim(.Form("passwd")),"'","''") '//¾ÏÈ£
memo = Replace(Trim(.Form("memo")),"'","''") '//¸Þ¸ð³»¿ë
refuse = True
objNum = idx '//°Ô½Ã¹° °íÀ¯¹øÈ£
regdate = Now '//ÀÛ¼º³¯Â¥
ip_reg = .ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÇÑ°÷ ¾ÆÀÌÇÇÁÖ¼Ò
referer = .ServerVariables("HTTP_REFERER")
host = .ServerVariables("HTTP_HOST")
End With
'//¿ÜºÎÀÔ·Â ¹æÁö
If InStr(referer, host)<=0 Then refust = False
If referer<>"" And InStr(referer,"http://")=1 And InStr(referer,"&mode=view")>0 Then refuse = False
If refuse=True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ȸ¿øÀÏ °æ¿ì ȸ¿ø idx °¡Á®¿È
If MemId<>"" Then
Sql = "SELECT idx FROM " & MemTblName & " WHERE mem_id='" & MemId & "';"
rs.Open Sql,dbConn
If Not rs.EOF Then midx = rs.Fields("idx") Else midx = 0
rs.Close
Else
midx = 0
End If
'//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î °Ô½Ã¹° ¾ÏÈ£ÀúÀå
If MemId<>"" And passwd="" Then passwd = Session.Contents("MemPasswd")
If name="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
If memo="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
If passwd="" Or Len(passwd)<4 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredPassword")) '"¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n³»¿ëÀ» ¼öÁ¤Çϰųª »èÁ¦ÇÒ¶§ ÇÊ¿äÇÕ´Ï´Ù."
If Len(name)>30 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÌ ³Ê¹« ±é´Ï´Ù."
If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidEmail")) '"À߸øµÈ À̸ÞÀÏÁÖ¼ÒÀÔ´Ï´Ù."
'//ºÒ·®´Ü¾îüũ
If useWordFilter=True Then
strTemp = Split(badWords,",")
For i=0 To Ubound(strTemp)
If InStr(1,memo,strTemp(i))<>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ."
Response.End
End If
Next
End If
If MemId="" Then passwd = cx.SetEncode(passwd)
If Response.isClientConnected Then
Sql = "INSERT INTO " & tid_cmt & " (" _
& "board_id," _
& "objNum," _
& "midx," _
& "name," _
& "e_mail," _
& "passwd," _
& "regdate," _
& "ip_reg," _
& "memo" _
& ") VALUES (" _
& N & "'" & id & "'," _
& objNum & "," _
& midx & "," _
& N & "'" & name & "'," _
& N & "'" & e_mail & "'," _
& N & "'" & passwd & "'," _
& N & "'" & regdate & "'," _
& N & "'" & ip_reg & "'," _
& N & "'" & memo & "'" _
& ")"
objSql = "SELECT memoNum FROM " & tid_board & " WHERE idx=" & idx & ";"
rs.open objSql,dbConn
memoNum = rs.Fields("memoNum")
memoNum = Int(memoNum) + 1 '//´ñ±Û°¹¼ö Áõ°¡
rs.Close
objSql = "UPDATE " & tid_board & " SET " _
& "memoNum=" & memoNum & "," _
& "latestDate=" & N & "'" & Now & "' " _
& "WHERE idx=" & InjectionDefender(idx) & ";"
dbConn.BeginTrans()
dbConn.Execute Sql,,128 '//´ñ±ÛÃß°¡
dbConn.Execute objSql,,128 '//´ñ±ÛÁ¤º¸ Ãß°¡
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans()
Response.redirect("?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page)
Else
dbConn.RollbackTrans()
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿À·ù·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù."
End If
End If
Response.End
'**********************************************************************
' ´ñ±Û ¼öÁ¤ ó¸®
'**********************************************************************
ElseIf mode="modifyMemo" Then
Response.Clear
With Request
seqNum = InjectionDefender(.Form("seqNum")) '//´ñ±Û°íÀ¯¹øÈ£
name = InjectionDefender(Trim(.Form("name"))) '//ÀÛ¼ºÀÚ À̸§
e_mail = InjectionDefender(Trim(.Form("e_mail"))) '//ÀÛ¼ºÀÚ ¸ÞÀÏ
passwd = Replace(Trim(.Form("passwd")),"'","''") '//¾ÏÈ£
memo = Replace(Trim(.Form("memo")),"'","''") '//¸Þ¸ð³»¿ë
editdate = Now '//ÀÛ¼º³¯Â¥
ip_edit = .ServerVariables("REMOTE_ADDR") '//ÀÛ¼ºÇÑ°÷ ¾ÆÀÌÇÇÁÖ¼Ò
host = .ServerVariables("HTTP_HOST")
referer = .ServerVariables("HTTP_REFERER") '//ÀÌÀüÆäÀÌÁö ÁÖ¼Ò
End With
'//¿ÜºÎÀÔ·Â ¹æÁö
If InStr(referer, host)<=0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not IsNumeric(seqNum) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownPKCode")) '"½Äº°Äڵ尡 À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
Sql = "SELECT e_mail,passwd FROM " & tid_cmt & " WHERE seqNum=" & InjectionDefender(seqNum) & ";"
rs.Open Sql,dbConn
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ȸ¿ø·Î±×ÀλóÅÂÀ̸é ȸ¿øÀÇ ¾ÏÈ£·Î
If MemId<>"" And passwd="" Then passwd = Session.Contents("MemPasswd")
If cx.SetEncode(passwd)=admin_passwd Then passwd = rs.Fields("passwd")
If IsAdmin=True Then passwd = rs.Fields("passwd")
If e_mail="" Then e_mail = rs.Fields("e_mail")
'//Çʼö »çÇ× È®ÀÎ
If passwd="" Or Len(passwd)<1 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RqrMemoMdfPwdErr")) '"ÀÛ¼ºÇÒ¶§ ÀÔ·ÂÇß´ø ¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.\n·Î±×ÀÎ »óÅ¿¡¼ ÀÛ¼ºÇÑ ±ÛÀ̸é ȸ¿øÀÇ ¾ÏÈ£¸¦ ÀÔ·ÂÇØ ÁÖ¼¼¿ä.")
If name="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredName")) '"À̸§À» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
If memo="" Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("RequiredContent")) '"³»¿ëÀ» ÀÔ·ÂÇØ ÁÖ¼¼¿ä."
If Len(name)>30 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidName")) '"À̸§ÀÌ ³Ê¹« ±é´Ï´Ù."
If e_mail<>"" And Not IsEmail(e_mail) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidEmail")) '"À߸øµÈ À̸ÞÀÏÁÖ¼ÒÀÔ´Ï´Ù."
If MemId="" Then
If passwd<>rs.Fields("passwd") Then passwd = cx.SetEncode(passwd)
End If
If passwd<>rs.Fields("passwd") Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
rs.Close
'//ºÒ·®´Ü¾îüũ
If useWordFilter=True Then
strTemp = Split(badWords,",")
For i=0 To Ubound(strTemp)
If InStr(1,memo,strTemp(i))<>0 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordError")) '"³»¿ë¿¡ »ç¿ëÇÒ¼ö ¾ø´Â ´Ü¾îÀÎ '" & strTemp(i) & "' ÀÌ(°¡) Æ÷ÇԵǾî ÀÖ½À´Ï´Ù.\n¹Ù¸£°í °í¿î¸»À» »ç¿ëÇսôÙ."
Response.End
End If
Next
End If
If Response.isClientConnected Then
Sql = "UPDATE " & tid_cmt & " SET " _
& " name=" & N & "'" & name & "'," _
& " e_mail=" & N & "'" & e_mail & "'," _
& " editdate=" & N & "'" & editdate & "'," _
& " ip_edit=" & N & "'" & ip_edit & "'," _
& " memo=" & N & "'" & memo & "' " _
& " WHERE board_id='" & id & "' AND seqNum=" & InjectionDefender(seqNum) & ";"
dbConn.Execute Sql,,128
End If
Response.redirect("?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page)
Response.End
'**********************************************************************
' ´ñ±Û »èÁ¦ ó¸®
'**********************************************************************
ElseIf mode="deleteMemo" Then
Response.Clear
authpasswd = Replace(Request.Form("authpasswd"),"'","''") '//ÀÎÁõ¾ÏÈ£
seqNum = InjectionDefender(Request.QueryString("seqNum")) '//´ñ±Û°íÀ¯¹øÈ£
If Not isNumeric(seqNum) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownPKCode")) '"½Äº°Äڵ尡 À߸øµÇ¾ú½À´Ï´Ù."
Response.End
End If
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&seqNum=" & seqNum & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
If MemId="" Then authpasswd = cx.SetEncode(authpasswd)
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Response.isClientConnected Then
Sql = "SELECT passwd FROM " & tid_cmt & " WHERE seqNum=" & seqNum & ";"
rs.open Sql,dbConn
passwd = rs.Fields("passwd")
rs.Close
'//°Ô½Ã¹°¾ÏÈ£¸¦ ÀÎÁõÇϰųª °ü¸®ÀÚ°¡ Á¢±ÙÇßÀ» °æ¿ì
If authpasswd=passwd Or authpasswd=admin_passwd Then
Sql = "SELECT memoNum FROM " & tid_board & " WHERE idx=" & idx & ";"
rs.open Sql,dbConn
memoNum = rs.Fields("memoNum")
'//¸Þ¸ð±Û ¼ýÀÚ °¨¼Ò
If memoNum>0 Then memoNum = memoNum - 1
rs.Close
'//¸Þ¸ð±Û »èÁ¦
Sql = "DELETE FROM " & tid_cmt & " WHERE board_id='" & id & "' AND seqNum=" & InjectionDefender(seqNum) & ";"
objSql = "UPDATE " & tid_board & " SET memoNum=" & memoNum & " WHERE idx=" & InjectionDefender(idx) & ";"
dbConn.BeginTrans()
dbConn.Execute Sql,,128
dbConn.Execute objSql,,128
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans()
Response.Redirect "?id=" & id & "&mode=view&idx=" & idx & "&seq=" & seq & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Else
dbConn.RollbackTrans()
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿¡·¯·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù."
End If
'//ÀÎÁõ½ÇÆÐÇßÀ» °æ¿ì
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
End If
End If
Response.End
'**********************************************************************
' RSS Feed XML
'**********************************************************************
ElseIf mode="rss.xml" Then
'//º¯¼ö ¼±¾ð
Dim allowRss
Dim xmlPars
Dim rss
Dim Channel
Dim title
Dim channel_link
Dim Description
Dim language
Dim image
Dim i_title
Dim i_url
Dim i_width
Dim i_height
Dim i_link
Dim item
Dim link
Dim dcdate
Dim dcsubject
Dim dcauthor
Dim dccategory
Dim posturl
Dim yoil
Dim wol
Dim il
Dim yon
Dim si
Dim bun
Dim cho
'//ij½Ã·Îµù ¹æÁö
Response.Expires = -1
Response.ExpiresAbsolute = Now - 1
Response.AddHeader "pragma", "no-cache"
Response.AddHeader "cache-control", "private"
Response.CacheControl = "no-cache"
'//¹öÆÛ ºñ¿ò
Response.Clear
'//XML ¼±¾ð
Response.ContentType = "text/xml; charset=euc-kr"
Response.Write "" & VbCrLf
allowRss = True '//RSS Çã¿ë¿©ºÎ
If Not allowRss Then
Response.Write "" & VbCrLf
Response.Write "" & VbCrLf
Response.Write "" & VbCrLf
Response.Write "1" & VbCrLf
Response.Write "ÇØ´ç °Ô½ÃÆÇÀº ÃßÃâÇÒ ¼ö ¾ø½À´Ï´Ù." & VbCrLf
Response.Write "" & VbCrLf
Response.Write ""
Response.End
End If
'//XML DOM
Set xmlPars = Server.CreateObject("Msxml2.DOMDocument")
'xmlPars.ValidateOnParse = True
'xmlPars.async = False
'//RSS Á¤º¸ ´ã±â
Set rss = xmlPars.CreateElement("rss")
rss.SetAttribute "version", "2.0"
rss.SetAttribute "xmlns:dc", "http://purl.org/dc/elements/1.1/"
rss.SetAttribute "xmlns:sy", "http://purl.org/rss/1.0/modules/syndication/"
rss.SetAttribute "xmlns:admin", "http://webns.net/mvcb/"
rss.SetAttribute "xmlns:rdf", "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlPars.AppendChild(rss)
'// Á¤º¸
Set Channel = xmlPars.CreateElement("channel")
rss.AppendChild(Channel)
'//
Set title = xmlPars.CreateElement("title")
Channel.AppendChild(title)
Channel.ChildNodes(0).Text = boardName 'ºí·Î±× Á¦¸ñ
'//
Set channel_link = xmlPars.CreateElement("link")
Channel.AppendChild(channel_link)
Channel.ChildNodes(1).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & FSMAINFILE & "?id=" & id 'ºí·Î±× ÁÖ¼Ò
'//
Set description = xmlPars.CreateElement("description")
Channel.AppendChild(description)
Channel.ChildNodes(2).Text = Request.ServerVariables("HTTP_HOST") & "(" & boardName & ")" 'ºí·Î±× ¼³¸í
'//Á¤º¸
Set language = xmlPars.CreateElement("dc:language")
Channel.AppendChild(language)
Channel.ChildNodes(3).Text = "ko"
'//
Set image = xmlPars.CreateElement("image")
Channel.AppendChild(image)
'//À̹ÌÁö Á¤º¸¿¡ µé¾î°¥ °Íµé
Set i_title = xmlPars.CreateElement("title")
Set i_url = xmlPars.CreateElement("url")
Set i_width = xmlPars.CreateElement("width")
Set i_height = xmlPars.CreateElement("height")
Set i_link = xmlPars.CreateElement("link")
image.AppendChild(i_title)
image.AppendChild(i_url)
image.AppendChild(i_width)
image.AppendChild(i_height)
image.AppendChild(i_link)
image.ChildNodes(0).Text = id & " °Ô½ÃÆÇ" '//À̹ÌÁö Á¦¸ñ
image.ChildNodes(1).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "img/logo/logo3.png" '//À̹ÌÁö °æ·Î
image.ChildNodes(2).Text = "230" '//À̹ÌÁö °¡·Î »çÀÌÁî
image.ChildNodes(3).Text = "100" '//À̹ÌÁö ¼¼·Î »çÀÌÁî
image.ChildNodes(4).Text = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "index.asp?id=" & id '//À̹ÌÁö¸µÅ©
'//Æ÷½ºÆ® Á¤º¸
'//µ¥ÀÌÅÍ °¡Á®¿À±â
SQL = "SELECT TOP 15 * FROM " & tid_board & " ORDER BY idx DESC;"
'Set rs = Server.CreateObject("ADODB.Recordset")
'rs.Open SQL,dbConn,adOpenForwardOnly,adLockPessimistic,adCmdText
rs.Open Sql,dbConn,0,2,&H0001
'//µ¥ÀÌÅÍ ·çÇÁ
Do Until rs.EOF
If Not rs.Fields("secret") Then
'//- ³ëµå Ãß°¡
Set item = xmlPars.CreateElement("item")
Channel.AppendChild(item)
'//Æ÷½ºÆ® ¼¼ºÎ Á¤º¸ Ãâ·Â
Set title = xmlPars.CreateElement("title")
Set link = xmlPars.CreateElement("link")
Set description = xmlPars.CreateElement("description")
Set dcdate = xmlPars.CreateElement("dc:date")
Set dcsubject = xmlPars.CreateElement("dc:subject")
Set dcauthor = xmlPars.CreateElement("author")
Set dccategory = xmlPars.CreateElement("category")
item.AppendChild(title)
item.AppendChild(link)
item.AppendChild(description)
item.AppendChild(dcdate)
item.AppendChild(dcsubject)
item.AppendChild(dcauthor)
item.AppendChild(dccategory)
subject = rs.Fields("subject")
posturl = "http://" & Request.ServerVariables("HTTP_HOST") & FSBOARD_PATH & "index.asp?id=" & id & "&mode=view&idx=" & rs.Fields("idx")
contents = rs.Fields("contents")
regdate = rs.Fields("regDate")
category = rs.Fields("category")
author = rs.Fields("author")
'//³¯Â¥ Æ÷¸ä
Select Case WeekDay(DatePart("w",regdate)):Case 1:yoil = "Sun":Case 2:yoil = "Mon":Case 3:yoil = "Tue":Case 4:yoil = "Wed":Case 5:yoil = "Thu":Case 6:yoil = "Fri":Case 7:yoil = "Sat":End Select
Select Case Month(regdate):Case 1:wol = "Jan":Case 2:wol = "Feb":Case 3:wol = "Mar":Case 4:wol = "Apr":Case 5:wol = "May":Case 6:wol = "Jun":Case 7:wol = "Jul":Case 8:wol = "Aug":Case 9:wol = "Sep":Case 10:wol = "Oct":Case 11:wol = "Nov":Case 12:wol = "Dec":End Select
il = Day(regdate):If il<10 Then il="0"&il
yon = DatePart("yyyy",regdate)
si = Hour(regdate):If si<10 Then si="0" & si
bun = Minute(regdate):If bun<10 Then bun="0" & bun
cho = Second(regdate):If cho<10 Then cho="0" & cho
regdate = yoil & ", " & il & " " & wol & " " & yon & " " & si & ":" & bun & ":" & cho & " +0900"
item.ChildNodes(0).Text = subject '//Á¦¸ñ
item.ChildNodes(1).Text = posturl '//Æ÷½ºÆ® °íÀ¯ url
item.ChildNodes(2).Text = contents '//³»¿ë
item.ChildNodes(3).Text = regdate '//ÀÛ¼ºÀÏ
item.ChildNodes(4).Text = category '//Æ÷½ºÆ®ÀÇ ºÐ·ù
item.ChildNodes(5).Text = author '//Æ÷½ºÆ® ÀÛ¼ºÀÚ
item.ChildNodes(6).Text = category '//Ä«Å×°í¸®
End If
rs.MoveNext
Loop
'//XML ÇÁ¸°Æ®
Response.Write xmlPars.xml
'//°³Ã¼ Á¤¸®
rs.Close
Set rss = Nothing
Set xmlPars = Nothing
Response.End
'**********************************************************************
' ȸ¿ø ·Î±×ÀΠó¸®
'**********************************************************************
ElseIf mode="login" Then
With Request
'//ÀÎÁõ¾ÆÀ̵ð
authid = InjectionDefender(.Form("authid"))
'//ÀÎÁõ¾ÏÈ£
authpasswd = Replace(.Form("authpasswd"),"'","''")
'//ÀÌÀü°æ·Î
referer = Trim(.Form("referer"))
End With
'//¿ÜºÎÀÔ·Â ¹æÁö
If InStr(Request.ServerVariables("HTTP_REFERER"), Request.ServerVariables("HTTP_HOST"))<=0 Then
Response.Redirect "?mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
If MemId="" Then authpasswd = cx.SetEncode(authpasswd)
End If
'//À¯È¿¹®ÀÚ Ã¼Å©
If eregi("[^a-zA-Z0-9_]", authid) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidValue")) '"ÀԷ°ª¿¡ À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù."
Response.End
End If
'//¾ÆÀ̵ð Á¸Àç ¿©ºÎ °Ë»ç
Sql = "SELECT mem_id,mem_passwd FROM " & MemTblName & " WHERE mem_id='" & authid & "';"
rs.Open Sql,dbConn
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownID")) '"Á¸ÀçÇÏÁö ¾Ê´Â ¾ÆÀ̵ðÀÔ´Ï´Ù."
Response.End
End If
rs.Close
'//ȸ¿øÁ¤º¸ °¡Á®¿À±â
Sql = "SELECT * FROM " & MemTblName & " WHERE mem_id='" & authid & "' AND mem_passwd='" & InjectionDefender(authpasswd) & "';"
rs.Open Sql,dbConn
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If rs.EOF Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WrongPasswordMsg")) '"¾ÏÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
Response.End
Else
If rs.Fields("mem_passwd")<>authpasswd Then
Response.Redirect "?mode=error&msg=" & Server.UrlEncode(MsgExtract("UnknownMember")) '"ȸ¿øÁ¤º¸°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
Response.End
Else
With Session
.Contents("MemId") = rs.Fields("mem_id") '//ȸ¿ø ¾ÆÀ̵ð
.Contents("MemPasswd") = rs.Fields("mem_passwd") '//ȸ¿ø ¾ÏÈ£
.Contents("MemLevel") = rs.Fields("mem_level") '//ȸ¿ø ·¹º§
.Contents("MemName") = rs.Fields("mem_name") '//ȸ¿ø À̸§
'//°ü¸®ÀÚÀÏ°æ¿ì °ü¸®±ÇÇÑ ÁöÁ¤
If .Contents("MemLevel")<=1 Then .Contents("IsAdmin") = True
End With
Sql = "UPDATE " & MemTblName & " SET mem_lastdate=" & N & "'" & Now & "' WHERE mem_id='" & authid & "';"
dbConn.Execute Sql,,128
If referer<>"" Then
Response.Redirect(referer)
Else
Response.Redirect "?id=" & id & "&mode=list"
End If
Response.End
End If
End If
rs.Close
'**********************************************************************
' °Ô½ÃÆÇ °ü¸®ÀÚ ·Î±×ÀΠó¸®
'**********************************************************************
ElseIf mode="admin" Then
Response.Clear
'//°ü¸®Àڷα×ÀλóÅÂÀÌ¸é ·Î±×ÀξøÀÌ ¹Ù·Î À̵¿
If IsAdmin=True Then
Response.redirect("?id=" & id & "&mode=adminconf")
Response.End
End If
'//ÀÎÁõ¾ÆÀ̵ð
authid = Trim(Request.Form("authid"))
'//ÀÎÁõ¾ÏÈ£
authpasswd = Trim(Request.Form("authpasswd"))
'//ÀÎÁõ¾ÏÈ£°¡ ¾øÀ¸¸é ÀÎÁõ¸ðµå·Î À̵¿
If Trim(authpasswd)="" Then
Response.Redirect "?id=" & id & "&mode=authenticate&nav=" & mode & "&idx=" & idx & "&srhctgr=" & srhctgr & "&srhstr=" & srhstr & "&ctgrstr=" & ctgrstr & "&page=" & page
Response.End
Else
authpasswd = cx.SetEncode(authpasswd)
End If
'//À¯È¿¹®ÀÚ Ã¼Å©
If eregi("[^a-zA-Z0-9_]", authid) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidValue")) '"ÀԷ°ª¿¡ À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù."
Response.End
End If
'//°ü¸®ÀÚ Á¤º¸°¡ ÀÏÄ¡ÇÏ¸é °ü¸®ÀÚ¼¼¼Ç ·Î±×ÀÎ
If authid=admin_id And authpasswd=admin_passwd Then
With Session
.Contents("MemId") = admin_id
.Contents("MemPasswd") = admin_passwd
.Contents("MemLevel") = 1
.Contents("MemName") = "°ü¸®ÀÚ"
.Contents("IsAdmin") = True
End With
Response.Redirect "?id=" & id & "&mode=adminconf"
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotVerifiedAdmin")) '"°ü¸®ÀÚ Á¤º¸°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
End If
Response.End
'**********************************************************************
' °Ô½ÃÆÇ °ü¸®ÀÚ ¼³Á¤ Æû
'**********************************************************************
ElseIf mode="adminconf" Then
If IsAdmin=True Then
'//ÆÄÀÏ Æ÷ÇÔ È®ÀÎ
AdminIncluded = True
'//°ü¸® ÆÄÀÏ Æ÷ÇÔ
%><%
Else
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SessionTerminated")) '"¼¼¼Ç½Ã°£ÀÌ Á¾·á µÇ¾ú°Å³ª À߸øµÈ Á¢±ÙÀÔ´Ï´Ù.\n·Î±×ÀÎÈÄ »ç¿ëÇØ ÁÖ¼¼¿ä."
End If
'**********************************************************************
' °ü¸®ÀÚ ¼³Á¤ ÀúÀå ó¸®
'**********************************************************************
ElseIf mode="adminsave" Then
Response.Clear
'//Á¢±ÙÈ®ÀÎ
If Not IsAdmin=True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SessionExpired")) '"¼¼¼Ç ½Ã°£ÀÌ ¸¸·áµÇ¾ú°Å³ª ·Î±×ÀÎ »óÅ°¡ ¾Æ´Õ´Ï´Ù."
Response.End
End If
'//º¯¼ö ¼±¾ð
Dim adminPasswd, adminPasswd2
Dim adminId
Dim todayAccess, totalAccess
Dim applyAllWidth
Dim applyAllSubjectLimit
Dim applyAllAuthorLimit
Dim applyAllContentLimit
Dim applyAllPageSize
Dim applyAllDivPage
Dim applyAllNoticeNum
Dim applyAllAlign
Dim applyAllHeadFile
Dim applyAllTailFile
Dim applyAllHeadMsg
Dim applyAllTailMsg
Dim applyAllArticleDefMsg
Dim applyAllViewList
Dim applyAllUseMemo
Dim applyAllUseAutoLink
Dim applyAllUsePreview
Dim applyAllUseSiteLink1
Dim applyAllUseSiteLink2
Dim applyAllUseSecret
Dim applyAllUseBlockSpam
Dim applyAllUseBlockAnyLink
Dim applyAllUseViewClientInfo
Dim applyAllWriteMode
Dim applyAllUseRszImg
Dim applyAllRszImgSize
Dim applyAllUseHTML
Dim applyAllAllowTags
Dim applyAllUseFile
Dim applyAllUploadComponent
Dim applyAllFileMaxLimit
Dim applyAllFileMaxNum
Dim applyAllDirectoryPath
Dim applyAllUseCategory
Dim applyAllCategories
Dim applyAllUseWordFilter
Dim applyAllBadWords
Dim applyAllListLevel
Dim applyAllViewLevel
Dim applyAllSecretLevel
Dim applyAllWriteLevel
Dim applyAllReplyLevel
Dim applyAllMemoWriteLevel
Dim applyAllNoticeWriteLevel
Dim applyAllHtmlLevel
Dim applyAllDeleteLevel
Dim applyMode
'//Æû Àü¼Û ¹Þ±â
With Request
'//°ü¸®ÀÚ ¼³Á¤ ºÎºÐ
boardName = Replace(.Form("boardName"), "'", "''")
skin = Trim(Replace(.Form("skin"), "'", "''"))
adminPasswd = Replace(.Form("adminPasswd"), "'", "''")
adminPasswd2 = Replace(.Form("adminPasswd2"), "'", "''")
adminId = Trim(Replace(.Form("adminId"), "'", "''"))
combinedFileName = Trim(Replace(.Form("combinedFileName"), "'", "''"))
todayAccess = Trim(Replace(.Form("todayCount"), "'", "''"))
totalAccess = Trim(Replace(.Form("totalCount"), "'", "''"))
lang = Trim(Replace(.Form("lang"), "'", "''"))
'//±âº»¼³Á¤ ºÎºÐ
width = Trim(Replace(.Form("width"), "'", "''"))
subjectLimit = Trim(Replace(.Form("subjectLimit"), "'", "''"))
authorLimit = Trim(Replace(.Form("authorLimit"), "'", "''"))
contentLimit = Trim(Replace(.Form("contentLimit"), "'", "''"))
pageSize = Trim(Replace(.Form("pageSize"), "'", "''"))
divPage = Trim(Replace(.Form("divPage"), "'", "''"))
noticeNum = Trim(Replace(.Form("noticeNum"), "'", "''"))
align = Trim(Replace(.Form("align"), "'", "''"))
'//°Ô½ÃÆÇ¿¡ Ç¥½ÃµÉ ³»¿ë¼³Á¤ ºÎºÐ
headFile = Replace(Trim(.Form("headFile")), "'", "''")
tailFile = Replace(Trim(.Form("tailFile")), "'", "''")
headMsg = Trim(.Form("headMsg"))
tailMsg = Trim(.Form("tailMsg"))
articleDefMsg = .Form("articleDefMsg")
'//°Ô½ÃÆÇ ±â´É¼³Á¤ ºÎºÐ
viewList = Replace(.Form("viewList"), "'", "''")
useMemo = Replace(.Form("useMemo"), "'", "''")
useAutoLink = Replace(.Form("useAutoLink"), "'", "''")
usePreview = Replace(.Form("usePreview"), "'", "''")
useSiteLink1 = Replace(.Form("useSiteLink1"), "'", "''")
useSiteLink2 = Replace(.Form("useSiteLink2"), "'", "''")
useSecret = Replace(.Form("useSecret"), "'", "''")
useBlockSpam = Replace(.Form("useBlockSpam"), "'", "''")
useBlockAnyLink = Replace(.Form("useBlockAnyLink"), "'", "''")
useViewClientInfo = Replace(.Form("useViewClientInfo"), "'", "''")
writeMode = Replace(.Form("writeMode"), "'", "''")
useRszImg = Replace(.Form("useRszImg"), "'", "''")
rszImgSize = Replace(.Form("rszImgSize"), "'", "''")
useHTML = Replace(.Form("useHTML"), "'", "''")
allowTags = Replace(.Form("allowTags"), "'", "''")
useFile = Replace(.Form("useFile"), "'", "''")
uploadComponent = Replace(.Form("uploadComponent"), "'", "''")
fileMaxLimit = Replace(.Form("fileMaxLimit"), "'", "''")
fileMaxNum = Replace(.Form("fileMaxNum"), "'", "''")
directoryPath = Replace(.Form("directoryPath"), "'", "''")
useCategory = Replace(.Form("useCategory"), "'", "''")
categories = Replace(.Form("categories"), "'", "''")
useWordFilter = Replace(.Form("useWordFilter"), "'", "''")
badWords = Replace(.Form("badWords"), "'", "''")
'//±ÇÇѼ³Á¤ ºÎºÐ
listLevel = Replace(.Form("listLevel"), "'", "''")
viewLevel = Replace(.Form("viewLevel"), "'", "''")
secretLevel = Replace(.Form("secretLevel"), "'", "''")
writeLevel = Replace(.Form("writeLevel"), "'", "''")
replyLevel = Replace(.Form("replyLevel"), "'", "''")
memoWriteLevel = Replace(.Form("memoWriteLevel"), "'", "''")
noticeWriteLevel = Replace(.Form("noticeWriteLevel"), "'", "''")
htmlLevel = Replace(.Form("htmlLevel"), "'", "''")
deleteLevel = Replace(.Form("deleteLevel"), "'", "''")
'//¸ðµÎÀû¿ë ºÎºÐ
applyAllWidth = .Form("applyAllWidth")
applyAllSubjectLimit = .Form("applyAllSubjectLimit")
applyAllAuthorLimit = .Form("applyAllAuthorLimit")
applyAllContentLimit = .Form("applyAllContentLimit")
applyAllPageSize = .Form("applyAllPageSize")
applyAllDivPage = .Form("applyAllDivPage")
applyAllNoticeNum = .Form("applyAllNoticeNum")
applyAllAlign = .Form("applyAllAlign")
applyAllHeadFile = .Form("applyAllHeadFile")
applyAllTailFile = .Form("applyAllTailFile")
applyAllHeadMsg = .Form("applyAllHeadMsg")
applyAllTailMsg = .Form("applyAllTailMsg")
applyAllArticleDefMsg = .Form("applyAllArticleDefMsg")
applyAllViewList = .Form("applyAllViewList")
applyAllUseMemo = .Form("applyAllUseMemo")
applyAllUseAutoLink = .Form("applyAllUseAutoLink")
applyAllUsePreview = .Form("applyAllUsePreview")
applyAllUseSiteLink1 = .Form("applyAllUseSiteLink1")
applyAllUseSiteLink2 = .Form("applyAllUseSiteLink2")
applyAllUseSecret = .Form("applyAllUseSecret")
applyAllUseBlockSpam = .Form("applyAllUseBlockSpam")
applyAllUseBlockAnyLink = .Form("applyAllUseBlockAnyLink")
applyAllUseViewClientInfo = .Form("applyAllUseViewClientInfo")
applyAllWriteMode = .Form("applyAllWriteMode")
applyAllUseRszImg = .Form("applyAllUseRszImg")
applyAllRszImgSize = .Form("applyAllRszImgSize")
applyAllUseHTML = .Form("applyAllUseHTML")
applyAllAllowTags = .Form("applyAllAllowTags")
applyAllUseFile = .Form("applyAllUseFile")
applyAllUploadComponent = .Form("applyAllUploadComponent")
applyAllFileMaxLimit = .Form("applyAllFileMaxLimit")
applyAllFileMaxNum = .Form("applyAllFileMaxNum")
applyAllDirectoryPath = .Form("applyAllDirectoryPath")
applyAllUseCategory = .Form("applyAllUseCategory")
applyAllCategories = .Form("applyAllCategories")
applyAllUseWordFilter = .Form("applyAllUseWordFilter")
applyAllBadWords = .Form("applyAllBadWords")
applyAllListLevel = .Form("applyAllListLevel")
applyAllViewLevel = .Form("applyAllViewLevel")
applyAllSecretLevel = .Form("applyAllSecretLevel")
applyAllWriteLevel = .Form("applyAllWriteLevel")
applyAllReplyLevel = .Form("applyAllReplyLevel")
applyAllMemoWriteLevel = .Form("applyAllMemoWriteLevel")
applyAllNoticeWriteLevel = .Form("applyAllNoticeWriteLevel")
applyAllHtmlLevel = .Form("applyAllHtmlLevel")
applyAllDeleteLevel = .Form("applyAllDeleteLevel")
applyMode = .Form("applyMode")
aid = .Form("aid")
End With
'//°ü¸®ÀÚ È®ÀÎ
If IsAdmin<>True Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
If Not ChkCrIns Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AccessDeniedMsg")) '"À߸øµÈ Á¢±ÙÀÔ´Ï´Ù."
Response.End
End If
'//º¯°æ ¾ÏÈ£ ÀÏÄ¡ ¿©ºÎ È®ÀÎ
If adminPasswd<>adminPasswd2 Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ReaffirmPasswordError")) '"¾ÏÈ£¿Í ¾ÏȣȮÀÎÀÌ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù."
Response.End
End If
'//À¯È¿ µ¥ÀÌÅÍ °Ë»ç
If Not ChkAvailableChr(adminId) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("NotValidAdminID")) '"°ü¸®ÀÚ¾ÆÀ̵𿡠À¯È¿ÇÏÁö ¾ÊÀº ¹®ÀÚ°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù."
If Not ChkAvailableNum(width) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("WidthNumError")) '"°Ô½ÃÆÇ °¡·ÎÅ©±â´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If Not ChkAvailableNum(subjectLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("SubjectLimitNumError")) '"Á¦¸ñ±ÛÀÚ¼ö Á¦ÇÑÀº ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If Not ChkAvailableNum(authorLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AuthorLimitNumError")) '"À̸§ ±ÛÀÚÁ¦ÇÑ ¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If Not ChkAvailableNum(contentLimit) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ContentLimitNumError")) '"³»¿ë ±ÛÀÚÁ¦ÇÑ ¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If Not ChkAvailableNum(pageSize) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("PageSizeNumError")) '"ÆäÀÌÁö´ç °Ô½Ã¹°¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If Not ChkAvailableNum(divPage) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("DivPageNumError")) '"ÆäÀÌÁö´ç ÆäÀÌÁö¹Ù·Î°¡±â¼ö´Â ¼ýÀڷθ¸ ÁöÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù."
If totalAccess<>"" Or todayAccess<>"" Then
If Not ChkAvailableNum(totalAccess) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TotalCountNumError")) '"Àüüī¿îÅ͸¦ ¼öÁ¤ÇϽ÷Á¸é ¼ýÀÚ¸¸ ÀÔ·ÂÇϼ¼¿ä."
If Not ChkAvailableNum(todayAccess) Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TodayCountNumError")) '"¿À´ÃÄ«¿îÅ͸¦ ¼öÁ¤ÇϽ÷Á¸é ¼ýÀÚ¸¸ ÀÔ·ÂÇϼ¼¿ä."
End If
'//µ¥ÀÌÅÍ ±æÀÌ °Ë»ç
If Len(headMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("HeadMsgVallidError")) '"»ó´ÜÆ÷ÇÔ ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
If Len(tailMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("TailMsgValidError")) '"ÇÏ´ÜÆ÷ÇÔ ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
If Len(articleDefMsg)>1000 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AtcDefMsgValidError")) '"±âº» ³»¿ë ¸Þ½ÃÁö°¡ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n1000±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
If Len(allowTags)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("AllowTagValidError")) '"Çã¿ëÇÒ Å±×ÀÇ ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
If Len(categories)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("CategoriesValidError")) '"Ä«Å×°í¸® ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
If Len(badWords)>255 Then Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BadWordsValidError")) '"ºÒ·®´Ü¾î ÇÊÅ͸µ ³»¿ëÀÌ ³Ê¹« ±æ°Ô ÀÛ¼ºµÇ¾ú½À´Ï´Ù.\n250±ÛÀÚ À̳»·Î ÀÛ¼ºÇØ ÁÖ¼¼¿ä."
'//¾ÏÈ£°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀü¾ÏÈ£¸¦ ºÒ·¯¿È
If adminPasswd="" And adminPasswd2="" Then
adminPasswd = admin_passwd
Else
adminPasswd = cx.SetEncode(adminPasswd)
End If
If totalAccess="" Then totalAccess=totalCount '//Ä«¿îÆ®°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀüÄ«¿îÆ®¸¦ ºÒ·¯¿È
If todayAccess="" Then todayAccess=todayCount '//Ä«¿îÆ®°¡ ºñ¾îÀÖÀ¸¸é ÀÌÀüÄ«¿îÆ®¸¦ ºÒ·¯¿È
'//¾ð¾îÆÑ ÆÄÀÏÀÌ ÀÖ´ÂÁö °Ë»ç
If Not fs.FileExists(Server.MapPath(FSBOARD_PATH & "lang/" & lang & ".asp")) Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode("Language file does not exist.")
Response.End
End If
'//µ¥ÀÌÅÍ ¸®ÅÏ°ª ¼³Á¤
headMsg = Replace(headMsg,"'",Chr(34)) '//»ó´Ü¸Þ½ÃÁö µû¿ÈÇ¥ ¹Ù²Þ
headMsg = Replace(headmsg,Chr(13)," ") '//¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ
tailMsg = Replace(tailMsg,"'",Chr(34)) '//Çϴܸ޽ÃÁö µû¿ÈÇ¥ ¹Ù²Þ
tailMsg = Replace(tailMsg,Chr(13)," ") '//¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ
articleDefMsg = Replace(articleDefMsg,"'",Chr(34)) '//±âº»º»¹®¸Þ½ÃÁö µû¿ÈÇ¥ ¹Ù²Þ
articleDefMsg = Replace(articleDefMsg,Chr(13)," ") '//±âº»º»¹®¸Þ½ÃÁö ¿£Å͸¦ ÅÇÀ¸·Î ¹Ù²Þ
'//µû¿ÈÇ¥ ¿¡·¯ ó¸®
headMsg = Replace(headMsg,"'","''")
tailMsg = Replace(tailMsg,"'","''")
articleDefMsg = Replace(articleDefMsg,"'","''")
'//Boolean°ª ¼³Á¤
If Int(pageSize)<1 Then pageSize=1
If Int(divPage)<1 Then divPage=1
If viewList="" Then viewList=0
If useMemo="" Then useMemo=0
If useAutoLink="" Then useAutoLink=0
If usePreview="" Then usePreview=0
If useSiteLink1="" Then useSiteLink1=0
If useSiteLink2="" Then useSiteLink2=0
If useSecret="" Then useSecret=0
If useBlockSpam="" Then useBlockSpam=0
If useBlockAnyLink="" Then useBlockAnyLink=0
If useViewClientInfo="" Then useViewClientInfo=0
If useRszImg="" Then useRszImg=0
If useFile="" Then useFile=0
If useCategory="" Then useCategory=0
If useWordFilter="" Then useWordFilter=0
'//÷ºÎÆÄÀÏ ¾÷·Îµå Æú´õ È®ÀÎ
If StrComp(uploadedPath, FSBOARD_PATH & directoryPath)<>0 Then
tmp = CreateServerFolder(directoryPath)
If tmp=False Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("UploadFolderError")) '"¾÷·ÎµåÆú´õ »ý¼º¿¡ ½ÇÆÐÇß½À´Ï´Ù."
Response.End
End If
End If
'//¾÷µ¥ÀÌÆ® Äõ¸®¹®
Sql = ("UPDATE " & AdminTblName & " SET " _
& "width=" & width & ", " _
& "subjectLimit=" & subjectLimit & ", " _
& "authorLimit=" & authorLimit & ", " _
& "contentLimit=" & contentLimit & ", " _
& "pageSize=" & pageSize & ", " _
& "divPage=" & divPage & ", " _
& "noticeNum=" & noticeNum & ", " _
& "align=" & N & "'" & align & "', " _
& "headFile=" & N & "'" & headFile & "', " _
& "tailFile=" & N & "'" & tailFile & "', " _
& "headMsg=" & N & "'" & headMsg & "', " _
& "tailMsg=" & N & "'" & tailMsg & "', " _
& "articleDefMsg=" & N & "'" & articleDefMsg & "', " _
& "viewList=" & viewList & ", " _
& "useMemo=" & useMemo & ", " _
& "useAutoLink=" & useAutoLink & ", " _
& "usePreview=" & usePreview & ", " _
& "useSiteLink1=" & useSiteLink1 & ", " _
& "useSiteLink2=" & useSiteLink2 & ", " _
& "useSecret=" & useSecret & ", " _
& "useBlockSpam=" & useBlockSpam & ", " _
& "useBlockAnyLink=" & useBlockAnyLink & ", " _
& "useViewClientInfo=" & useViewClientInfo & ", " _
& "writeMode=" & N & "'" & writeMode & "', " _
& "useRszImg=" & useRszImg & ", " _
& "rszImgSize=" & rszImgSize & ", " _
& "useHTML=" & N & "'" & useHTML & "', " _
& "allowTags=" & N & "'" & allowTags & "', " _
& "useFile=" & useFile & ", " _
& "uploadComponent=" & N & "'" & uploadComponent & "', " _
& "fileMaxLimit=" & fileMaxLimit & ", " _
& "fileMaxNum=" & fileMaxNum & ", " _
& "directoryPath=" & N & "'" & directoryPath & "', " _
& "useCategory=" & useCategory & ", " _
& "categories=" & N & "'" & categories & "', " _
& "useWordFilter=" & useWordFilter & ", " _
& "badWords=" & N & "'" & badWords & "', " _
& "listLevel=" & listLevel & ", " _
& "viewLevel=" & viewLevel & ", " _
& "secretLevel=" & secretLevel & ", " _
& "writeLevel=" & writeLevel & ", " _
& "replyLevel=" & replyLevel & ", " _
& "memoWriteLevel=" & memoWriteLevel & ", " _
& "noticeWriteLevel=" & noticeWriteLevel & ", " _
& "htmlLevel=" & htmlLevel & ", " _
& "deleteLevel=" & deleteLevel & " ")
'//¼±Åà Àû¿ë
Select Case applyMode
'//¸ðµç °Ô½ÃÆÇ¿¡ Àû¿ë
Case "all"
Sql = Sql & ""
'//¼±ÅÃµÈ °Ô½ÃÆÇ¿¡¸¸ Àû¿ë
Case "define"
If aid="" Then
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("BBSIDSelError")) '"¼³Á¤À» Àû¿ëÇÒ °Ô½ÃÆÇÀÌ ¼±ÅõÇÁö ¾Ê¾Ò½À´Ï´Ù."
Response.End
End If
aid = Replace(aid,","," OR aid=")
Sql = Sql & " WHERE aid=" & aid & ";"
'//ÇöÀç °Ô½ÃÆÇ¿¡¸¸ Àû¿ë
Case "this"
Sql = Sql & " WHERE board_id='" & id & "';"
End Select
'//Æ®·£Àè¼Ç ½ÃÀÛ
dbConn.BeginTrans()
'//¼³Á¤ ¾÷µ¥ÀÌÆ®
If Response.isClientConnected Then dbConn.Execute Sql,,128
'//Ç׸ñº° ¸ðµÎÀû¿ë
Sql = ""
If applyAllWidth="true" Then Sql = Sql & "width=" & width & ", "
If applyAllSubjectLimit="true" Then Sql = Sql & "subjectLimit=" & subjectLimit & ", "
If applyAllAuthorLimit="true" Then Sql = Sql & "authorLimit=" & authorLimit & ", "
If applyAllContentLimit="true" Then Sql = Sql & "contentLimit=" & contentLimit & ", "
If applyAllPageSize="true" Then Sql = Sql & "pageSize=" & pageSize & ", "
If applyAllDivPage="true" Then Sql = Sql & "divPage=" & divPage & ", "
If applyAllNoticeNum="true" Then Sql = Sql & "noticeNum=" & noticeNum & ", "
If applyAllAlign="true" Then Sql = Sql & "align='" & align & "', "
If applyAllHeadFile="true" Then Sql = Sql & "headFile='" & headFile & "', "
If applyAllTailFile="true" Then Sql = Sql & "tailFile='" & tailFile & "', "
If applyAllHeadMsg="true" Then Sql = Sql & "headMsg='" & headMsg & "', "
If applyAllTailMsg="true" Then Sql = Sql & "tailMsg='" & tailMsg & "', "
If applyAllArticleDefMsg="true" Then Sql = Sql & "articleDefMsg='" & articleDefMsg & "', "
If applyAllViewList="true" Then Sql = Sql & "viewList=" & viewList & ", "
If applyAllUseMemo="true" Then Sql = Sql & "useMemo=" & useMemo & ", "
If applyAllUseAutoLink="true" Then Sql = Sql & "useAutoLink=" & useAutoLink & ", "
If applyAllUsePreview="true" Then Sql = Sql & "usePreview=" & usePreview & ", "
If applyAllUseSiteLink1="true" Then Sql = Sql & "useSiteLink1=" & useSiteLink1 & ", "
If applyAllUseSiteLink2="true" Then Sql = Sql & "useSiteLink2=" & useSiteLink2 & ", "
If applyAllUseSecret="true" Then Sql = Sql & "useSecret=" & useSecret & ", "
If applyAllUseBlockSpam="true" Then Sql = Sql & "useBlockSpam=" & useBlockSpam & ", "
If applyAllUseBlockAnyLink="true" Then Sql = Sql & "useBlockAnyLink=" & useBlockAnyLink & ", "
If applyAllUseViewClientInfo="true" Then Sql = Sql & "useViewClientInfo=" & useViewClientInfo & ", "
If applyAllWriteMode="true" Then Sql = Sql & "writeMode='" & writeMode & "', "
If applyAllUseRszImg="true" Then Sql = Sql & "useRszImg=" & useRszImg & ", "
If applyAllRszImgSize="true" Then Sql = Sql & "rszImgSize=" & rszImgSize & ", "
If applyAllUseHTML="true" Then Sql = Sql & "useHTML='" & useHTML & "', "
If applyAllAllowTags="true" Then Sql = Sql & "allowTags='" & allowTags & "', "
If applyAllUseFile="true" Then Sql = Sql & "useFile=" & useFile & ", "
If applyAllUploadComponent="true" Then Sql = Sql & "uploadComponent='" & uploadComponent & "', "
If applyAllFileMaxLimit="true" Then Sql = Sql & "fileMaxLimit=" & fileMaxLimit & ", "
If applyAllFileMaxNum="true" Then Sql = Sql & "fileMaxNum=" & fileMaxNum & ", "
If applyAllDirectoryPath="true" Then Sql = Sql & "directoryPath='" & directoryPath & "', "
If applyAllUseCategory="true" Then Sql = Sql & "useCategory=" & useCategory & ", "
If applyAllCategories="true" Then Sql = Sql & "categories='" & categories & "', "
If applyAllUseWordFilter="true" Then Sql = Sql & "useWordFilter=" & useWordFilter & ", "
If applyAllBadWords="true" Then Sql = Sql & "badWords='" & badWords & "', "
If applyAllListLevel="true" Then Sql = Sql & "listLevel=" & listLevel & ", "
If applyAllViewLevel="true" Then Sql = Sql & "viewLevel=" & viewLevel & ", "
If applyAllSecretLevel="true" Then Sql = Sql & "secretLevel=" & secretLevel & ", "
If applyAllWriteLevel="true" Then Sql = Sql & "replyLevel=" & replyLevel & ", "
If applyAllReplyLevel="true" Then Sql = Sql & "writeLevel=" & writeLevel & ", "
If applyAllMemoWriteLevel="true" Then Sql = Sql & "memoWriteLevel=" & memoWriteLevel & ", "
If applyAllNoticeWriteLevel="true" Then Sql = Sql & "noticeWriteLevel=" & noticeWriteLevel & ", "
If applyAllHtmlLevel="true" Then Sql = Sql & "htmlLevel=" & htmlLevel & ", "
If applyAllDeleteLevel="true" Then Sql = Sql & "deleteLevel=" & deleteLevel & ", "
'//¸ðµÎÀû¿ë Ç׸ñÀÌ ÀÖÀ»°æ¿ì Äõ¸®¹® Á¶¸³
If Sql<>"" Then
Sql = "UPDATE " & AdminTblName & " SET " & Sql
Sql = Left(Sql,Len(RTrim(Sql))-1) '//µÞºÎºÐÀÇ ³²´Â ½°Ç¥(,) Á¦°Å
'//¼³Á¤ ¾÷µ¥ÀÌÆ®
If Response.isClientConnected Then dbConn.Execute Sql,,128
End If
'//ÇöÀç °Ô½ÃÆÇ¿¡¸¸ Àû¿ëµÇ´Â »çÇ×µé
If todayAccess<>"" Or totalAccess<>"" Then
Sql = "UPDATE " & AdminTblName & " SET " _
& "boardName=" & N & "'" & boardName & "', " _
& "admin_passwd=" & N & "'" & adminPasswd & "', " _
& "admin_id=" & N & "'" & adminId & "', " _
& "skin=" & N & "'" & skin & "', " _
& "combinedFileName=" & N & "'" & combinedFileName & "', " _
& "todayCount=" & todayAccess & ", " _
& "totalCount=" & totalAccess & ", " _
& "lang=" & N & "'" & lang & "' " _
& " WHERE board_id='" & id & "';"
'//¼³Á¤ ¾÷µ¥ÀÌÆ®
If Response.isClientConnected Then dbConn.Execute Sql,,128
End If
'//ÇöÀç °Ô½ÃÆÇ Á¤º¸ ¼öÁ¤ÀÏÀÚ ¾÷µ¥ÀÌÆ®
Sql = "UPDATE " & AdminTblName & " SET editdate=" & N & "'" & Now & "';"
'//¼³Á¤ ¾÷µ¥ÀÌÆ®
If Response.isClientConnected Then dbConn.Execute Sql,,128
'//Æ®·£Àè¼Ç ó¸®
If dbConn.Errors.Count=0 Then
dbConn.CommitTrans() '//Ä¿¹Ô
Response.Redirect "?id=" & id & "&mode=list"
Else
dbConn.RollbackTrans() '//·Ñ¹é
Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode(MsgExtract("ErrorMessage")) '"¿¡·¯·Î ÀÎÇØ ÀÛ¾÷ÀÌ ÁߴܵǾú½À´Ï´Ù."
End If
Response.End
'**********************************************************************
' ·Î±×¾Æ¿ô ó¸®
'**********************************************************************
ElseIf mode="logout" Then
Response.Clear
'//¼¼¼Ç ºñ¿ò
With Session
.Contents.Remove("MemId")
.Contents.Remove("MemPasswd")
.Contents.Remove("MemLevel")
.Contents.Remove("MemName")
End With
'//º¯¼ö ºñ¿ò
IsAdmin = ""
MemId = ""
MemLevel = ""
MemName = ""
'//¼¼¼Ç ¸ðµÎ ºñ¿ò
Session.Contents.RemoveAll
'//¼¼¼Ç°Á¦Á¾·á(¿ÜºÎ ÆÄÀÏ¿¡¼¸¸ °¡´É)
'Server.Execute(FSBOARD_PATH & "lib/logout.asp")
Response.Redirect "?id=" & id & "&mode=list" '//¸ñ·ÏÀ¸·Î À̵¿
Response.End
'**********************************************************************
' °Ô½ÃÆÇ °ü¸® ¸®½ºÆ®
'**********************************************************************
ElseIf mode="setup" Then
Response.Clear
'//setup ÆÄÀÏ
Response.Redirect "lib/setup.asp?mode=Admin.BoardList"
Response.End
'**********************************************************************
' ±âŸ ¸ðµå
'**********************************************************************
Else
'//¿¡·¯¸Þ½ÃÁö º¸À̱â
'Response.Redirect "?id=" & id & "&mode=error&msg=" & Server.UrlEncode("Invalid Mode.")
'//¸®½ºÆ®·Î µÇµ¹¸²
Response.Redirect "?id=" & id
Response.End
End If
'**********************************************************************
' ¼¼¼Ç Á¤¸® ¹× ¸¶¹«¸®
'**********************************************************************
'°Ô½ÃÆÇ ÇÏ´Ü ±âº» Æ÷ÇÔ ³»¿ë
Call ContentBottom
'//Á¢¼Ó¿©ºÎÈ®ÀÎ
If Not Response.isClientConnected Then
'//¼¼¼Ç ¼Ë´Ù¿î
ShutdownId = Session.SessionId
Shutdown(ShutdownId)
End If
%>