흑흑 프론트만 조금 깔짝일줄 알던 바보라 그런지 이런거 너무 힘드네요..
https://xe1.xpressengine.com/index.php?mid=download&package_id=18527888
가가토끼님이 배포해주신 코드를 수정하구 클릭했더니 반응이없구.. 이런 에러 로그만 남기네요 ㅠ.ㅠ
혹시 어디가 잘못됐는지 좀 봐주실수 있나여..? ㅠㅠ 다들 바쁘실텐데 넘나 죄송해여.. ㅠㅠㅠ....
error log
[Fri Dec 23 01:39:17.772224 2016] [:error] [pid 863773] [client 127.0.0.1:27561] SoftException in Application.cpp:269: File "/home/xe/public_html/modules/process/6.php" is writeable by others
dbconn.php
<? //설정해야할 부분 시작---------------------------------------------------- $conn = mysql_connect("localhost", "root", "root"); $md5key = "root"; $linkStart = 'https://가림/modules/process/'; //설정해야할 부분 끝---------------------------------------------------- if (!$conn) { echo "Unable to connect to DB: " . mysql_error(); exit; } if (!mysql_select_db("DB명")) { echo "Unable to select mydbname: " . mysql_error(); exit; } ?>
process.php
<? include('dbconn.php'); $logged_info = Context::get('logged_info'); $userid= $logged_info->user_id; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($row['is_admin'] == "Y") { //-------------------------------------------------------------------- print "<br>"; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "6.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "답변") { print "<a href=\"$link\" target=\"_blank\">답변</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">답변</a>"; $mark1 = 0; } } print " - "; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "5.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "조사") { print "<a href=\"$link\" target=\"_blank\">조사</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">조사</a>"; $mark1 = 0; } } print " - "; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "4.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "검토") { print "<a href=\"$link\" target=\"_blank\">검토</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">검토</a>"; $mark1 = 0; } } print " - "; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "3.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "반려") { print "<a href=\"$link\" target=\"_blank\">반려</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">반려</a>"; $mark1 = 0; } } print " - "; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "2.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "보류") { print "<a href=\"$link\" target=\"_blank\">보류</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">보류</a>"; $mark1 = 0; } } print " - "; $oDocumentModelz = &getModel('document'); $document_srlz = Context::get('document_srl'); $oDocumentz = $oDocumentModelz->getDocument($document_srlz); $document_srlg = $oDocumentz->get('document_srl'); $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "에러"; } else { $row = mysql_fetch_assoc($result); $link = $linkStart . "1.php?id=" . URLencode($document_srlg) . "&md5=" . md5($document_srlg.$md5key); if($row['value'] === "접수") { print "<a href=\"$link\" target=\"_blank\">접수</a>"; $mark1 = 1; } else { print "<a href=\"$link\" target=\"_blank\">접수</a>"; $mark1 = 0; } } //-------------------------------------------------------------------- } ?>
6.php
<? include('dbconn.php'); import_request_variables("gp", "form_"); $document_srlg = $form_id; if($form_md5 == md5($document_srlg.$md5key)) { $sql = "SELECT * FROM `xe_document_extra_vars` WHERE `document_srl` LIKE '$document_srlg'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { print "존재 하지 않는 게시글 "; } else { $row = mysql_fetch_assoc($result); if($row['value'] === "답변") { print "<font color=\"blue\">게시글번호 $document_srlg 는 이미 답변 처리 되어있습니다.</font><br><br>"; } else { print "<font color=\"green\">게시글번호 $document_srlg 의 답변 처리가 완료 되었습니다.</font><br><br>"; $sql = "UPDATE `xe_document_extra_vars` SET value = '답변' WHERE `document_srl` = '$document_srlg'"; $result = mysql_query($sql); print $sql; } } } else { print "요청을 완료 할 수 없습니다.<br>"; } ?>