1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
<?
header("Content-type:text/html;charset=euc-kr");
// include Á¤ÀÇ
include_once("dbconnect.php"); // DB Connect Information
include_once("smsLib.php"); // SMS Library Function
// Notice Error ¹æÁö
if(!isset($_POST['userId'])) $_POST['userId'] = "";
if(!isset($_POST['userPw'])) $_POST['userPw'] = "";
// º¯¼ö ¼±¾ð
$userId = $_POST['userId']; // »ç¿ëÀÚ ID
$userPw = $_POST['userPw']; // ºñ¹Ð¹øÈ£
$userInfo = ""; // »ç¿ëÀÚ Á¤º¸
$sms_no = ""; // SMS °íÀ¯¹øÈ£
$errorMsg = ""; // Error ¸Þ¼¼Áö
// ÇʼöÇ׸ñÀÌ ´©¶ô µÇ¾úÀ» °æ¿ì Error Message Ãâ·Â ÈÄ Á¾·á.
if($userId == "" || $userPw == "" ){
echo $errorMsg = "ÇʼöÇ׸ñÀÌ ´©¶ô µÇ¾ú½À´Ï´Ù.";
// µð¹ö±ë ¸ðµå
/*/
foreach($_POST as $k => $value){
echo $k."=>".$v."<br>";
}
*/
exit;
}
$sql = "SELECT userid FROM smsuser WHERE userid = '{$userId}' LIMIT 1";
$result = mysql_query($sql, $conn);
while($row = mysql_fetch_assoc($result)){
// SQL Injection °ø°ÝÀ» ¸·±â À§ÇØ ºñ¹Ð¹øÈ£ üũ Query ºÐÇÒ
if($row['userid']){
$sql = "SELECT userid, userpw, restcnt FROM smsuser WHERE userid = '{$row['userid']}' AND user_passwd = SHA1('{$userPw}')";
$result = mysql_query($sql, $conn);
while($row = mysql_fetch_assoc($result)){
$userInfo = $row;
}
}
}
if($userInfo['userid'] == "" || $userInfo['userid'] == null){
echo $errorMsg = "¾ÆÀ̵ð ¹× ºñ¹Ð¹øÈ£¸¦ È®ÀÎÇϼ¼¿ä.";
exit;
}
// Æ÷ÀÎÆ® ¸®ÅÏ
echo "[ok];pt=".$userInfo['restcnt'].";";
exit;
?>
|