Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include("dbconfig.php");
- ini_set('display_errors', 0);
- define("CMD_REQUEST_LOGOUT", 0);
- define("CMD_REQUEST_REGISTER", 1);
- define("CMD_REQUEST_LOGIN", 2);
- define("CMD_REQUEST_UPLOAD", 3);
- define("CMD_REQUEST_LIKE", 4);
- switch ((int) $_POST['cmd']) {
- case CMD_REQUEST_LOGOUT:
- if(isset($_POST["submit"])){
- session_destroy();
- die("<script>window.location.href='../login.php';</script>");
- }
- break;
- case CMD_REQUEST_REGISTER:
- $username = $_POST['username'];
- $name = $_POST['name'];
- $pass = $_POST['pass'];
- $pass_re = $_POST['pass_re'];
- $pass = hash('sha512', $pass);
- $pass_re = hash('sha512', $pass_re);
- $phone = $_POST['phone'];
- $number = $_POST['number'];
- $ip = $_SERVER['REMOTE_ADDR'];
- if ($pass != $pass_re) {
- die("<script>alert('비밀번호를 확인해주세요!'); history.go(-1); </script>");
- }
- if (strlen($username) > 20) {
- die("<script>alert('입력하신 아이디가 너무 길어요ㅠ'); history.go(-1); </script>");
- } else if (strlen($username) < 3) {
- die("<script>alert('입력하신 아이디가 너무 짧으신거 아니에요ㅠ?'); history.go(-1); </script>");
- }
- if (preg_match("/'|\"|\\|`|@|[*]|-|;|=/i", $username)) {
- die("<script>alert('입력하신 아이디에 특수문자가 포함되어 있습니다.'); history.go(-1); </script>");
- } else if (preg_match("/'|\\|\"|`|[*]|-|;|=/i", $name)) {
- die("<script>alert('입력하신 이름에 특수문자가 포함되어 있습니다.'); history.go(-1); </script>");
- }
- if (preg_match("/admin|administrator|root|관리자|어드민|test|테스트/i", $username)) {
- die("<script>alert('당신은 관리자가 아닙니다.'); history.go(-1); </script>");
- } else if (preg_match("/admin|administrator|root|관리자|어드민|test|테스트/i", $name)) {
- die("<script>alert('당신은 관리자가 아닙니다.'); history.go(-1); </script>");
- }
- $query1 = "select username from user where username='$username'";
- $result1 = mysqli_fetch_array($mysqli->query($query1));
- if ($result1) {
- die("<script>alert('입력하신 아이디가 중복 됩니다.'); history.go(-1); </script>");
- }
- $query2 = "select phone from user where phone='$phone'";
- $result2 = mysqli_fetch_array($mysqli->query($query2));
- if ($result2) {
- die("<script>alert('입력하신 전화번호가 중복 됩니다.'); history.go(-1); </script>");
- }
- $sql = "insert into user(username,name,pass,ip,phone,number)
- values('$username','$name','$pass','$ip','$phone','$number')";
- $mysqli->query($sql);
- ?>
- <script>
- alert("회원가입을 성공적으로 마쳤습니다!");
- window.location.href = '../login.php';
- </script>
- <?php
- break;
- case CMD_REQUEST_LOGIN:
- if (isset($_POST["submit"])) {
- if (empty($_POST["username"]) || empty($_POST["pass"])) {
- die("<script>alert('empty'); history.go(-1);</script>");
- } else {
- $username = $_POST['username'];
- if (preg_match("/'|\"|\\|`|@|[*]|-|;|=|%|*|<|>/i", $username)) {
- die("<script>alert('아이디에 특수문자를 입력할 수 없습니다.'); history.go(-1); </script>");
- }
- if (preg_match("/admin|administrator|root|관리자|어드민|테스트/i", $username)) {
- die("<script>alert('관리자가 아닙니다.'); history.go(-1); </script>");
- }
- $pass = $_POST['pass'];
- $username = addslashes($username);
- $username = stripslashes($username);
- $pass = stripslashes($pass);
- $username = mysqli_real_escape_string($conn, $username);
- $pass = mysqli_real_escape_string($conn, $pass);
- $pass = hash('sha512', $pass);
- $query = "select * from user where username='$username' and pass='$pass'";
- $row = mysqli_fetch_assoc($mysqli->query($query));
- $ip = $_SERVER['REMOTE_ADDR'];
- $browser = $_SERVER['HTTP_USER_AGENT'];
- if ($row) {
- $_SESSION['username'] = $row['username'];
- $_SESSION['name'] = $row['name'];
- $area = "T";
- $sql = "insert into log(ip,username,pass,area,browser)
- values('$ip','$username','".$_POST['pass']."','$area','$browser')";
- $mysqli->query($sql);
- die("<script>alert('{$_SESSION['name']}님 오신걸 환영합니다.'); window.location.href='../index.php';</script>");
- } else {
- $area = "F";
- $sql = "insert into log(ip,username,pass,area,browser)
- values('$ip','$username','".$_POST['pass']."','$area','$browser')";
- $mysqli->query($sql);
- die("<script>alert('입력하신 계정이 로그인에 실패 하였습니다.'); history.go(-1);</script>");
- }
- }
- }
- break;
- case CMD_REQUEST_UPLOAD:
- if (isset($_POST["submit"])) {
- if (empty($_POST["contents"])) {
- die("<script>alert('empty'); history.go(-1);</script>");
- } else if (strlen($_POST["contents"]) > 4000) {
- die("<script>alert('입력하신 내용이 너무 길어요!'); history.go(-1); </script>");
- } else if (strlen($_POST["contents"]) < 30) {
- die("<script>alert('입력하신 내용이 너무 짧아요!'); history.go(-1); </script>");
- } else if(preg_match('/(<br[^>]*>\s*){4,}/', nl2br($_POST["contents"]))) {
- die("<script>alert('줄바꿈이 너무 많네요ㅜㅜ'); history.go(-1); </script>");
- } else {
- $contents = nl2br($_POST['contents']);
- $contents = preg_replace('/(<br[^>]*>\s*){3,}/', '<br/><br/>', $contents);
- $contents = htmlspecialchars($contents);
- $contents = addslashes($contents);
- $contents = stripslashes($contents);
- $contents = mysqli_real_escape_string($conn, $contents);
- $ip = $_SERVER['REMOTE_ADDR'];
- $likes = "0";
- $sql = "insert into bamboo(contents, ip, likes)
- values('$contents','$ip','$likes')";
- $mysqli->query($sql);
- die("<script>alert('성공적으로 입력되었습니다!'); history.go(-1);</script>");
- }
- }
- break;
- case CMD_REQUEST_LIKE:
- if (isset($_POST["submit"])) {
- $idx = $_POST['idx'];
- $sql_chk = "select * from bamboo_like where username = '".$_SESSION['username']."' and contents_idx = '$idx'";
- $result = mysqli_fetch_array($mysqli->query($sql_chk));
- if($result){
- die("<script>alert('이미 좋아요를 누른 게시글입니다.'); history.go(-1);</script>");
- }else
- $sql = "update bamboo set likes = likes + 1 where idx = $idx";
- $sql2 = "insert into bamboo_like(username, contents_idx) values('".$_SESSION['username']."', '$idx')";
- $mysqli->query($sql);
- $mysqli->query($sql2);
- die("<script>alert('좋아요가 반영되었습니다!'); history.go(-1);</script>");
- }
- break;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement