-
multi_latest그누보드 2020. 5. 15. 15:13
latest.lib.php 추가
function latest_multi($skin_dir='', $bo_table_multy, $rows=10, $subject_len=40)
{
global $g5;
$findMulti = stripos($bo_table_multy,"|");
if($findMulti){
$tableExp = explode("|", $bo_table_multy);
}
if (!$skin_dir) $skin_dir = 'basic';
if(preg_match('#^theme/(.+)$#', $skin_dir, $match)) {
if (G5_IS_MOBILE) {
$latest_skin_path = G5_THEME_MOBILE_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];
if(!is_dir($latest_skin_path))
$latest_skin_path = G5_THEME_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];
$latest_skin_url = str_replace(G5_PATH, G5_URL, $latest_skin_path);
} else {
$latest_skin_path = G5_THEME_PATH.'/'.G5_SKIN_DIR.'/latest/'.$match[1];
$latest_skin_url = str_replace(G5_PATH, G5_URL, $latest_skin_path);
}
$skin_dir = $match[1];
} else {
if(G5_IS_MOBILE) {
$latest_skin_path = G5_MOBILE_PATH.'/'.G5_SKIN_DIR.'/latest/'.$skin_dir;
$latest_skin_url = G5_MOBILE_URL.'/'.G5_SKIN_DIR.'/latest/'.$skin_dir;
} else {
$latest_skin_path = G5_SKIN_PATH.'/latest/'.$skin_dir;
$latest_skin_url = G5_SKIN_URL.'/latest/'.$skin_dir;
}
}
for($i=0; $i<count($tableExp); $i++){
if($i==0){
$union = "(SELECT `wr_id`, `wr_subject`, `wr_datetime`, '{$tableExp[$i]}' as 'bo_table' FROM `g5_write_{$tableExp[$i]}` where `wr_is_comment`!='1')";
}else{
$union .= "UNION ALL (SELECT `wr_id`, `wr_subject`, `wr_datetime`, '{$tableExp[$i]}' as 'bo_table' FROM `g5_write_{$tableExp[$i]}` where `wr_is_comment`!='1')";
}
}
$union .=" order by `wr_datetime` DESC LIMIT 0,{$rows};";
$aa = sql_query2_multi($union);
$i=0;
while($aabb = sql_fetch_array($aa)){
$list[$i]['wr_id'] = $aabb['wr_id'];
$list[$i]['subject'] = $aabb['wr_subject'];
$list[$i]['subject'] = mb_substr($list[$i]['subject'],0,$subject_len,"utf-8");
$list[$i]['wr_subject'] = $aabb['wr_subject'];
$list[$i]['bo_table'] = $aabb['bo_table'];
$list[$i]['href'] = "/bbs/board.php?bo_table={$aabb['bo_table']}&wr_id={$aabb['wr_id']}";
$i++;
}
ob_start();
include $latest_skin_path.'/latest.skin.php';
$content = ob_get_contents();
ob_end_clean();
return $content;
}
function sql_query2_multi($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null)
{
global $g5;
if(!$link)
$link = $g5['connect_db'];
// Blind SQL Injection 취약점 해결
$sql = trim($sql);
// union의 사용을 허락하지 않습니다.
//$sql = preg_replace("#^select.*from.*union.*#i", "select 1", $sql);
//$sql = preg_replace("#^select.*from.*[\s\(]+union[\s\)]+.*#i ", "select 1", $sql);
// `information_schema` DB로의 접근을 허락하지 않습니다.
$sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql);
if(function_exists('mysqli_query') && G5_MYSQLI_USE) {
if ($error) {
$result = @mysqli_query($link, $sql) or die("<p>$sql<p>" . mysqli_errno($link) . " : " . mysqli_error($link) . "<p>error file : {$_SERVER['SCRIPT_NAME']}");
} else {
$result = @mysqli_query($link, $sql);
}
} else {
if ($error) {
$result = @mysql_query($sql, $link) or die("<p>$sql<p>" . mysql_errno() . " : " . mysql_error() . "<p>error file : {$_SERVER['SCRIPT_NAME']}");
} else {
$result = @mysql_query($sql, $link);
}
}
return $result;
}
'그누보드' 카테고리의 다른 글
영카트 상품관리 일반파일 올리는법 (0) 2020.05.28 위로한칸씩 올라가는 latest (0) 2020.05.28 상품관리 여분필드 파일올리기 (0) 2020.05.15 다음주소 합산주소 (0) 2020.05.15 그누보드 PHPEXCEL 사용법 (0) 2020.05.06