|
Server : Apache System : Linux ruga7-004.fmcity.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : tkt_travelbus ( 1137) PHP Version : 7.0.0p1 Disable Function : mysql_pconnect Directory : /tkt_travelbus/www/admin/intra/ |
Upload File : |
<?
include "../include/top_proc.html"; //공통파일 인클루드
include "_common.php";
if( ($_COOKIE['MemberLevel'] == $cf['agent_level'] || $_COOKIE['MemberLevel'] == $cf['trade_level']) ) {
$b2b_mode = true;
} else {
$b2b_not_mode = true; //대리점 또는 공급처 외
}
/*if(devCookie()){
p($_POST);
exit;
}*/
//테이블
$TABLE = 'TB_INTRA_DATA';
//첨부파일
$filecnt = 3;
if(!$param){
$href = "mode=$mode";
$href.= "&select_key=$select_key";
$href.= "&input_key=$input_key";
$param = $href."&page=$page";
}
if($SqlType=='insert' || $SqlType=='edit' || $SqlType=='reply'){
//받기
$MTITLE = insert_smart($_REQUEST[MTITLE],"text");
$MEM_NM = $TK_MEMBER['mb_nm'];
//자체적으로 정산 요청 작성시
if($AGENT_ID_2){
$MEM_NM = $prodNm;
$MemberID = $AGENT_ID_2;
$AGENT_ID = $AGENT_ID_2;
}
if(!$MTITLE){
error_msg('제목을 입력해 주세요.');
}
// 내용 설정
$MCONT = insert_smart($_REQUEST[MCONT],"editor");
// 첨부 파일 경로 설정
$upload = "../../FileData/intra/";
// 허용/제한 확장자 설정
$only_file = array("jpeg","jpg", "gif", "png", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "psd", "ai", "hwp", "pdf","zip");
// 첨부파일 업로드 처리
for($f=1; $f<=$filecnt; $f++) {
$T_UserFile_name = $_FILES["T_UserFile".$f][name];
if ($T_UserFile_name) {
$ext = strtolower(substr(strrchr($T_UserFile_name, '.'), 1));
if (in_array($ext, $only_file) == false) {
error_msg('잘못된 파일입니다');
}
${"sFile".$f} = FileUploadName("", $upload, $_FILES{"T_UserFile".$f}['tmp_name'], $T_UserFile_name, "", "");
${"sFile".$f."_org"} = $T_UserFile_name;
}
}
if($SqlType=="insert"){
$fSQL="SELECT MAX(MREF)+1 as MREF FROM ".$TABLE." ";
$fRest = db_query($fSQL);
if($fRs = db_fetch_array($fRest)){
$MREF = $fRs['MREF'];
}
if(!$MREF){
$MREF = 1 ;
}
$SQL ="INSERT INTO ".$TABLE." SET \n";
$SQL.=" MCATE ='".$MCATE."' \n";
$SQL.=" ,MTITLE ='".$MTITLE."' \n";
$SQL.=" ,MCONT ='".$MCONT."' \n";
$SQL.=" ,MEM_NM ='".$MEM_NM."' \n";
$SQL.=" ,MEM_ID ='".$MemberID."' \n";
$SQL.=" ,AGENT_ID ='".$AGENT_ID."' \n";
// $SQL.=" ,AGENT_ID_2 ='".$AGENT_ID_2."' \n";
$SQL.=" ,CONFIRM_YN = 'N' \n";
$SQL.=" ,HOT_YN = '".$HOT_YN."' \n";
$SQL.=" ,DEPOSIT_YN = '".$DEPOSIT_YN."' \n";
$SQL.=" ,NODEPOSIT_YN = '".$NODEPOSIT_YN."' \n";
if($price){
$price = (int) $price;
$SQL.=" ,price = '".$price."' \n";
}
if($cont_date_s){
$SQL.=" ,cont_date_s = '".$cont_date_s."' \n";
}
if($cont_date_e){
$SQL.=" ,cont_date_e = '".$cont_date_e."' \n";
}
$SQL.=" ,MREF ='".$MREF."' \n";
for($f=1;$f<=$filecnt;$f++){
if(${"sFile".$f}){
$SQL.=" ,MFILE".$f." = '".${"sFile".$f}."' \n";
$SQL.=" ,MFILE".$f."_org = '".${"sFile".$f."_org"}."' \n";
}
}
$SQL.=" ,INSDT = now() \n";
$SQL.=" ,INSIP ='".$_SERVER['REMOTE_ADDR']."' \n";
$Result = db_query($SQL);
// 업무일지 알림톡 발송
if($MCATE == 'LOG'){
$CATE_NM = get_intra_cate($MCATE);
// 관리자 알림톡
$AT_MCONT = strip_tags($MCONT);
$AT_MCONT = str_replace(array("<p> </p>"," ","\n\n"), array("","","\n"), $AT_MCONT);
$keyword = array(
'게시판' => "인트라넷",
'구분' => $CATE_NM,
'작성자' => $MEM_NM,
'작성일' => date('Y-m-d H:i:s'),
'제목' => $MTITLE,
'내용' => $AT_MCONT
);
// 대표님께 알림톡 발송
send_master_alimtalk('ADMIN_INTRA', $keyword);
}
error_msg('no_alert','intra.html?'.$param);
}else if($SqlType=='edit'){// 수정 처리
if(!$MSEQ) error_msg('잘못된 방법입니다.');
$SQL ="UPDATE ".$TABLE." SET \n";
$SQL.=" MCATE ='".$MCATE."' \n";
$SQL.=" ,MTITLE = '".$MTITLE."' \n";
$SQL.=" ,MCONT = '".$MCONT."' \n";
for($f=1;$f<=$filecnt;$f++){
if(${"sFile".$f}){
$SQL.=" ,MFILE".$f." = '".${"sFile".$f}."' \n";
$SQL.=" ,MFILE".$f."_org = '".${"sFile".$f."_org"}."' \n";
}
}
if($price){
$price = (int) $price;
$SQL.=" ,price = '".$price."' \n";
}
if($cont_date_s){
$SQL.=" ,cont_date_s = '".$cont_date_s."' \n";
}
if($cont_date_e){
$SQL.=" ,cont_date_e = '".$cont_date_e."' \n";
}
$SQL.=" ,HOT_YN = '".$HOT_YN."' \n";
$SQL.=" ,DEPOSIT_YN = '".$DEPOSIT_YN."' \n";
$SQL.=" ,NODEPOSIT_YN = '".$NODEPOSIT_YN."' \n";
$SQL.=" ,MAIN_YN = '".$MAIN_YN."' \n";
$SQL.=" ,PROJECT_STATE = '".$PROJECT_STATE."' \n";
$SQL.=" ,PROJECT_RATE = '".$PROJECT_RATE."' \n";
$SQL.="WHERE MSEQ = '".$MSEQ."' \n";
$Result = db_query($SQL);
if($mlevelv == 0 && $mcatev == 'CAL' && $confirmynv == 'N'){
error_msg('no_alert','intra_accounts_receivable.html?'.$param);
}else{
if($MCATE == 'ROBI'){
error_msg('no_alert','intra.html?mcate=ROBI');
}else{
error_msg('no_alert','intra.html?'.$param);
}
}
}else if($SqlType=='reply'){// 답변 처리 (정산요청)
// 답변글이기 때문에 부모글 설정
$MSEQ = $_REQUEST[MSEQ];
$GET_MREF = $_REQUEST[MREF];
$GET_MSTEP = $_REQUEST[MSTEP];
$GET_MLEVEL = $_REQUEST[MLEVEL];
$OrderNum = $_REQUEST[OrderNum];
if(!$OrderNum) $OrderNum = '999';
// 게시판 테이블 LOCK
db_query("LOCK TABLES ".$TABLE." WRITE");
//계층구조시작 [QRef,QReStep,QReLevel]
$tSQL="SELECT MSTEP FROM ".$TABLE." WHERE MREF = ".$GET_MREF." AND MSTEP > ".$GET_MSTEP." AND MLEVEL <= ".$GET_MLEVEL." ORDER BY MSTEP";
$tRest = db_query($tSQL);
if($tRs = db_fetch_row($tRest)){
$NowStep = $tRs[0];
}
if($NowStep){
//부모와 같은 레벨의 답이 있다
$pSQL="SELECT MSTEP FROM ".$TABLE." WHERE MREF = ".$GET_MREF." AND MSTEP > ".$GET_MSTEP." AND MSTEP < ".$NowStep." AND MLEVEL > ".$GET_MLEVEL." ORDER BY MSTEP DESC";
}else{
//부모와 같은 레벨의 답이 없다
$pSQL="SELECT MSTEP FROM ".$TABLE." WHERE MREF = ".$GET_MREF." AND MSTEP > ".$GET_MSTEP." AND MLEVEL > ".$GET_MLEVEL." ORDER BY MSTEP DESC";
}
$pRest = db_query($pSQL);
if($pRs = db_fetch_row($pRest)){
$NewCateStep = $pRs[0];
}
if(!$NewCateStep){
$NewCateStep = $GET_MSTEP;
}
$upSQL="UPDATE ".$TABLE." SET MSTEP = MSTEP+1 WHERE MREF=".$GET_MREF." AND MSTEP > ".$NewCateStep." ";
db_query($upSQL);
$MSTEP = $NewCateStep+1;
$MLEVEL = $GET_MLEVEL+1;
$SQL ="INSERT INTO ".$TABLE." SET \n";
$SQL.=" MCATE ='".$MCATE."' \n";
$SQL.=" ,MTITLE ='".$MTITLE."' \n";
$SQL.=" ,MCONT ='".$MCONT."' \n";
$SQL.=" ,MEM_NM ='".$MEM_NM."' \n";
$SQL.=" ,MEM_ID ='".$MemberID."' \n";
$SQL.=" ,AGENT_ID ='".$AGENT_ID."' \n";
// $SQL.=" ,AGENT_ID_2 ='".$AGENT_ID_2."' \n";
$SQL.=" ,CONFIRM_YN = 'N' \n";
$SQL.=" ,HOT_YN = '".$HOT_YN."' \n";
$SQL.=" ,DEPOSIT_YN = '".$DEPOSIT_YN."' \n";
$SQL.=" ,NODEPOSIT_YN = '".$NODEPOSIT_YN."' \n";
$SQL.=" ,MREF = '".$GET_MREF."' \n";
$SQL.=" ,MSTEP = '".$MSTEP."' \n";
$SQL.=" ,MLEVEL = '".$MLEVEL."' \n";
for($f=1;$f<=$filecnt;$f++){
if(${"sFile".$f}){
$SQL.=" ,MFILE".$f." = '".${"sFile".$f}."' \n";
$SQL.=" ,MFILE".$f."_org = '".${"sFile".$f."_org"}."' \n";
}
}
$SQL.=" ,INSDT = now() \n";
$SQL.=" ,INSIP = '".$_SERVER['REMOTE_ADDR']."' \n";
$Result = db_query($SQL);
// 게시판 테이블 UNLOCK
db_query("UNLOCK TABLES");
error_msg('no_alert','intra.html?'.$param);
}
}else if($SqlType=='delete'){
if(!$MSEQ) error_msg('잘못된 방법입니다.');
$sql="SELECT * FROM {$TABLE} where MSEQ='".$MSEQ."' ";
$data = db_fetch($sql);
if($data == ''){
error_msg('삭제 오류');
}
// 삭제권한
if($TK_MEMBER['mb_level'] <= 2){
$allow_edit = true;
} else if($TK_MEMBER['mb_id']==$data['MEM_ID'] && $data['CONFIRM_YN'] == 'N') {
$allow_edit = true;
} else {
$allow_edit = false;
}
if($allow_edit == false){
error_msg('삭제 권한이 없습니다.');
}
// 등록된 파일 삭제
for ($f=1; $f<=10; $f++) {
if ($data["MFILE".$f]) {
$upload = "../../FileData/intra/"; // 파일 업로드 경로
$desc = $upload . $data["MFILE".$f];
if (file_exists($desc)) {
@unlink($desc);
}
}
}
// 해당 게시물 댓글 삭제
$dbdel2 = "delete from ".$TABLE."_COMT where MSEQ='".$MSEQ."'" ;
$res2 = db_query($dbdel2);
// 해당 게시물 삭제
$dbdel = "delete from ".$TABLE." where MSEQ='".$MSEQ."'" ;
$res = db_query($dbdel);
error_msg('no_alert','intra.html?'.$param);
exit;
} else if($SqlType=='confirm') {
if(!$MSEQ) error_msg('잘못된 방법입니다.');
$sql="SELECT * FROM {$TABLE} where MSEQ='".$MSEQ."' ";
$data = db_fetch($sql);
if($data == '' || in_array($data['MCATE'], array('VAC','ROBI', 'IVQ')) == false) {
error_msg('승인 오류');
}
// 승인권한
if($TK_MEMBER['mb_level'] != '1'){
error_msg('승인 권한이 없습니다.');
}
// 승인처리
db_query("update TB_INTRA_DATA set CONFIRM_YN = 'Y' where MSEQ = '$MSEQ'");
error_msg('no_alert','intra.html?'.$param);
exit;
}else if($SqlType=='comment_add'){
$MSEQ = $_REQUEST[MSEQ];
$CCONT = insert_smart($CCONT,'text');
$INSIP = $_SERVER["REMOTE_ADDR"];
if(!$MSEQ) error_msg('잘못된 방법입니다.');
if($MemberID){
$CMEM_NM=$MemberName;
}
$query = "insert into ".$TABLE."_COMT ( CSEQ, MSEQ, CCONT, CMEM_ID, CMEM_NM, INSDT,INSIP,CMEM_PWD ) values ( '', '$MSEQ','$CCONT', '$MemberID', '$CMEM_NM', now(), '$INSIP' ,'$CMEM_PWD')";
$result = db_query( $query );
if( $result ){
error_msg('no_alert',"intra_".$type.".html?MSEQ=".$MSEQ."&".$param);
//error_msg('no_alert',"intra.html?MSEQ=".$MSEQ."&".$param);
}else{
error_msg('코멘트를 입력하는데 실패했습니다!');
}
exit;
}else if($SqlType=='comment_del'){
if(!$CSEQ) error_msg('잘못된 방법입니다.');
$sql="SELECT * FROM TB_INTRA_DATA_COMT where CSEQ='".$CSEQ."' ";
$data = db_fetch($sql);
// 삭제권한
if($TK_MEMBER['mb_level'] <= 2){
$allow_edit = true;
} else if($TK_MEMBER['mb_id']==$data['CMEM_ID']) {
$allow_edit = true;
} else {
$allow_edit = false;
}
if($allow_edit == false){
error_msg('삭제 권한이 없습니다.');
}
$query = "delete from TB_INTRA_DATA_COMT where CSEQ='".$CSEQ."' ";
$result = db_query( $query, $connect );
if( $result ){
error_msg('no_alert',"intra_".$type.".html?MSEQ=".$MSEQ);
}else{
error_msg('코멘트를 삭제하는데 실패했습니다!');
}
exit;
} else if($SqlType='change_status'){
if($TK_MEMBER['mb_level'] > 1 || !$mseq){
exit;
}
$sql="SELECT * FROM TB_INTRA_DATA where MSEQ='".$mseq."' ";
$data = db_fetch($sql);
if($data['CONFIRM_YN'] == 'Y') {
$confirm_yn = 'N';
} else {
$confirm_yn = 'Y';
}
// 상태변경처리
db_query("update TB_INTRA_DATA set CONFIRM_YN = '{$confirm_yn}' where MSEQ = '{$mseq}'");
error_msg("document.location.reload();","script");
exit;
}