/*
========================================================
InfoTechBBS Version 2.0 (2001.1.8)
--------------------------------------------------------
ÇÁ·Î±×·¥¸í : modify.html
¹öÀü : 2.0
±â´É : °Ô½Ã¹°À» ¼öÁ¤ÇÏ´Â ·çƾ
========================================================
*/
//******** °Ô½ÃÆÇ ȯ°æ¼³Á¤ ÆÄÀÏÀ» ºÒ·¯¿Â´Ù
include "cfg.html";
//******** ÀԷ°ª¿¡ ´ëÇÑ Å¸´ç¼º °Ë»ç¸¦ ¼öÇàÇÑ´Ù
include "user_function_info.php";
if(!ereg("([^[:space:]]+)", $name)) {
error("INVALID_NAME");
exit;
}
if(ereg("([^[:space:]]+)", $email) && (!ereg("(^[_0-9a-zA-Z-]+(\.[_0-9a-zA-Z-]+)*@[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*$)", $email)) ) {
error("INVALID_EMAIL");
exit;
}
if(ereg("([^[:space:]]+)", $homepage) && (!ereg("([0-9a-zA-Z./@~?&=_]+)", $homepage)) ) {
error("INVALID_HOMEPAGE");
exit;
}
if(!ereg("([^[:space:]]+)", $subject)) {
error("INVALID_SUBJECT");
exit;
}
if(!ereg("(^[0-9a-zA-Z]{4,}$)", $passwd)) {
error("INVALID_PASSWD");
exit;
}
if(!ereg("([^[:space:]]+)", $comment)) {
error("INVALID_COMMENT");
exit;
}
//******** µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù
include "dbconn_info.php";
//******** Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù
$subject = addslashes($subject);
$comment = addslashes($comment);
//******** °ü¸®ÀÚ·Î ÀÎÁõµÈ °æ¿ì ¸ðµç ±ÛÀ» ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù
if($HTTP_COOKIE_VARS[$adminid])
{
$query = "UPDATE $code SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment' WHERE uid = $number";
$result = mysql_query($query,$dbconn);
if (!$result) {
error("QUERY_ERROR");
exit;
}
echo("");
} else {
//******** ÇØ´ç°Ô½Ã¹°ÀÇ ¾ÏÈ£°ªÀ» »Ì¾Æ³½´Ù
$result = mysql_query("SELECT passwd FROM $code WHERE uid = $number",$dbconn);
if(!$result) {
error("QUERY_ERROR");
exit;
}
$real_pass = mysql_result($result,0,0);
//******** »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£¹®ÀÚ¿À» ¾ÏÈ£ÈÇÑ´Ù
$result = mysql_query("SELECT password('$passwd')",$dbconn);
$user_pass = mysql_result($result,0,0);
//******** °Ô½Ã¹°ÀÇ ¾ÏÈ£¿Í »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¾ÏÈ£°¡ °°À¸¸é °Ô½Ã¹°À» ¼öÁ¤ÇÑ´Ù
if (!strcmp($real_pass,$user_pass)) {
$query = "UPDATE $code SET name = '$name', subject = '$subject', email = '$email', homepage = '$homepage', comment = '$comment' WHERE uid = $number";
$result = mysql_query($query,$dbconn);
if (!$result) {
error("QUERY_ERROR");
exit;
}
//******** ¸®½ºÆ® Ãâ·ÂȸéÀ¸·Î À̵¿ÇÑ´Ù
$encoded_key = urlencode($key);
echo("");
} else {
error("NO_ACCESS_MODIFY");
exit;
}
}
?>