1. 이클립스를 실행해 New -> php project를 통해 html이라는 프로젝트명으로 생성
finish로 저장
이제 여기서 코딩을 해 홈페이지를 구축할 것이다.
html의 기본 구성
<div> </div> 영역을 나눌 때 사용
<span> </span> 작은 영역을 나눌 때 사용
border: 1px solid; //범위볼 때 자주 쓴다.
부팅 시 자동으로 서비스를 켜줌.
chkconfig httpd on
chkconfig mysqld on
1. 취약한 홈페이지 제작
/var/www/html
header.php
<?php session_start(); ?>
<html>
<head>
<link type="text/css" rel="stylesheet" href="/css/main.css">
<link type="text/css" rel="stylesheet" href="/css/sub.css">
</head>
<body>
<div id="wrap">
<header>
<div id="login">
<?php
if($_SESSION['id'])
{
?>
<a href="/member/logout.php">LogOut</a>
| <a href="/member/modify.php">Modify</a>
<?php
}else{
?>
<a href="/member/login.php">Login</a>
| <a href="/member/member.php">Membership</a>
<?php
}
?>
</div>
<div id="logo">
<h1><a href="/index.php">CARE LAB</a></h1>
</div>
<nav id="nav_main">
<ul>
<li><a href="/index.php">HOME</a></li>
<li><a href="#">COMPANY</a></li>
<li><a href="#">SOLUTIONS</a></li>
<li><a href="/center/list.php">CUSTOMER CENTER</a></li>
</ul>
</nav>
</header>
footer.php
<footer>
<hr>
<div id="copy">
서울특별시 강남구 역삼역 3번출구 바로 앞 빌딩 3층 코리아정보보안IT학원<br>
COPYRIGHT 2019 CARE_KYES. ALL RIGHTS RESERVED 010-6315-6980
</div>
<div id="social">
<img src="/images/facebook.gif">
<img src="/images/twitter.gif">
</div>
</footer>
</div>
</body>
</html>
dbconn.php
<?php
$conn = mysqli_connect("localhost", "root", "root", "sample") or die('연결안됨');
//$conn = mysqli_connect("localhost", "root", "root", "sample");
?>
index.php
<?php include "header.php"; ?>
<div id="main_img">
<img src="/images/main_img.jpg">
</div>
<article>
<div id="security">
<div class="solution">
<h3>Security Solution</h3>
<p>
방대한 IT인프라, 폭발적인 데이터 증가,
복잡한 컴플라이언스, 강화된 법 규제 등 IT환경은 점점 더 복잡해지고 있습니다.
그리고 이와 더불어 해킹공격의 자동화, 보안 위협의 지능화, 무차별적 공격,
사이버 전쟁의 위험 증가 등 사이버 공격은 날로 진화하고 있습니다.
</p>
</div>
<div class="control">
<h3>Security Control</h3>
<p>
보안관리서비스는 고객사의 정보보호 솔루션을 보안관제센터에서
원격으로 운영, 관제하여 이상 상 황 발생시 실시간으로 대응하는 서비스로
이러한 사고를 미연에 방지할 수 있도록 각종 정보를 제공하고,
사전 점검하는 서비스를 말합니다.
</div>
<div class="consulting">
<h3>Security Consulting</h3>
<p>
Bug Hunting Team and Security Consulting Team
both specialize in Red Teaming Exercise.
They have global references in conducting various
Red Teaming Exercise on various scopes ranging from
website/application to financial sectors.
</p>
</div>
</div>
</article>
<?php include "footer.php"; ?>
/var/www/html/member
delete.php
<?php
include "../header.php";
if(!$_SESSION['id']){
echo "<script>alert('로그인 후 이용하세요'); location.href='/member/login.php';</script>";
exit;
}
?>
<div id="img_mem"></div>
<script>
function check()
{
if(document.form_mem.pw.value == "")
{
alert('패스워드를 입력주세요.');
document.form_mem.pw.focus();
return ;
}
if(document.form_mem.repw.value == "")
{
alert('패스워드 한번 더 입력해주세요..');
document.form_mem.pw.focus();
return ;
}
if(document.form_mem.pw.value != document.form_mem.repw.value)
{
alert('다시 입력해임마.');
document.form_mem.pw.focus();
return ;
}
if(confirm('정말 탈퇴할꺼야?'))
{
document.form_mem.action="/member/member_delete.php"
document.form_mem.submit();
}
}
</script>
<nav id="nav_sub">
<ul>
<li><a href="/member/member.php">회원가입</a></li>
<li><a href="/member/modify.php">회원수정</a></li>
<li><a href="/member/delete.php">회원탈퇴</a></li>
<li><a href="/member/login.php">로그인</a></li>
</ul>
</nav>
<article id="main_mem">
<h1>회원 탈퇴</h1>
<form name ="form_mem" method="post" >
<fieldset>
<legend> 패스워드 확인</legend>
<label>아이디:</label>
<?=$_SESSION['id']?>
<div class="clear"></div>
<label>패스워드:</label>
<input type="password" name="pw" class="pw">
<div class="clear"></div>
<label>패스워드 확인:</label>
<input type="password" name="repw">
<div class="clear"></div>
</fieldset>
<div id="buttons">
<input type="button" value="탈퇴" class="mem_submit"
onclick="check();">
<input type="button" value="취소"
onclick="javascript:history.go(-1)';" class="mem_button">
</div>
</form>
</article>
<div class="clear"></div>
<?php include "../footer.php"?>
login.php
<?php include "../header.php";?>
<div id="img_mem"></div>
<nav id="nav_sub">
<ul>
<li><a href="/member/member.php">회원가입</a></li>
<li><a href="/member/modify.php">회원수정</a></li>
<li><a href="/member/delete.php">회원탈퇴</a></li>
<li><a href="/member/login.php">로그인</a></li>
</ul>
</nav>
<article id="main_login">
<h1>CARE LAB</h1>
<form action="login_ok.php" method="post">
<fieldset>
<label>아이디</label>
<input type="text" class="id" name="id">
<div class="clear"></div>
<label>패스워드</label>
<input type="password" class="pw" name="pw">
</fieldset>
<input type="submit" value="제출" class="login_submit">
</form>
</article>
<div class="clear"></div>
<?php include "../footer.php";?>
login_ok.php
<?php
session_start();
$id = $_POST['id'];
$pw = $_POST['pw'];
include "../dbconn.php";
$sql = "select * from member where id='$id' and pw='$pw'";
$result = mysqli_query($conn, $sql);
$num = mysqli_num_rows($result);
if(! $num)
{
echo "<script>alert('아이디 또는 패스워드를 확인하세요.');
history.go(-1);</script>";
exit;
}else{
$row = mysqli_fetch_array($result);
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['mobile'] = $row['mobile'];
$_SESSION['nick'] = $row['nick'];
$_SESSION['address'] = $row['address'];
$_SESSION['email'] = $row['email'];
}
mysqli_close($conn);
?>
<script>
alert('로그인 성공');
location.href='/index.php';
</script>
logout.php
<?php
session_start();
session_destroy();
?>
<script>
alert('로그아웃');
location.href='/index.php';
</script>
member.php
<?php include "../header.php"?>
<script>
function check()
{
if(document.form_mem.id.value == "")
{
alert('아이디를 입력해주세요.');
document.form_mem.id.focus();
return ;
}
document.form_mem.action="/member/member_ok.php";
document.form_mem.submit();
}
</script>
<div id="img_mem"></div>
<nav id="nav_sub">
<ul>
<li><a href="/member/member.php">회원가입</a></li>
<li><a href="/member/modify.php">회원수정</a></li>
<li><a href="/member/delete.php">회원탈퇴</a></li>
<li><a href="/member/login.php">로그인</a></li>
</ul>
</nav>
<article id="main_mem">
<h1>회원 가입</h1>
<form method="post" name="form_mem">
<fieldset>
<legend> Basic Info</legend>
<label>User ID</label> <input type="text" name="id" class="id">
<div class="clear"></div>
<label>Password</label><input type="password" name="pw" class="pw">
<div class="clear"></div>
<label>Retype Password</label><input type="password" name="repw">
<div class="clear"></div>
<label>Name</label> <input type="text" name="name">
<div class="clear"></div>
<label>Mobile</label> <input type="text" name="mobile">
</fieldset>
<fieldset>
<legend>Optional Info</legend>
<label>E-Mail</label> <input type="text" name="email">
<div class="clear"></div>
<label>Address</label> <input type="text" name="address" class="address">
<div class="clear"></div>
<label>NickName</label> <input type="text" name="nick">
</fieldset>
<div id="buttons">
<input type="button" value="취소"
onclick="javascript:location.href='/index.php';" class="mem_button">
<input type="button" value="가입" class="mem_submit"
onclick="check();">
</div>
</form>
</article>
<div class="clear"></div>
<?php include "../footer.php"?>
member_delete.php
<?php
session_start();
if(! $_SESSION['id'])
{
echo "<script>alert('로그인 후 이용하세요.')
location.href='/member/login.php';
</script>";
exit;
}
$id = $_SESSION['id'];
$pw = $_POST['pw'];
$repw = $_POST['repw'];
include "../dbconn.php";
$sql= "select pw from member where id='$id'";
$result = mysqli_query($conn, $sql);
$num = mysqli_fetch_array($result);
if($num['pw'] != $pw){
echo "<script> alert('비밀번호가 일치하지 않습니다.');history.go(-1);</script>";
}
else{
$del= "delete from member where id='$id'";
mysqli_query($conn, $del);
mysqli_close($conn);
}
echo "<script>location.href='/member/logout.php';</script>";
?>
member_modify.php
<?php
/*
*/
session_start();
if(! $_SESSION['id'])
{
echo "<script>alert('로그인 후 이용하세요.')
location.href='/member/login.php';
</script>";
exit;
}
$id = $_SESSION['id'];
$pw = $_POST['pw'];
$name = $_POST['name'];
$mobile = $_POST['mobile'];
$address = $_POST['address'];
$email = $_POST['email'];
$nick = $_POST['nick'];
if( !($pw and $name and $mobile and $address and $email and $nick))
{
echo "<script>alert('데이터를 입력하세요');
history.go(-1);
</script>";
exit;
}
include "../dbconn.php";
$sql = "update member set pw='$pw', name='$name', email='$email', nick='$nick',
address='$address',mobile='$mobile' where id='$id'";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
<script>
alert('회원정보 수정 완료');
location.href='/member/logout.php';
</script>
member_ok.php
<?php
include "../dbconn.php";
$id = $_POST['id'];
$pw = $_POST['pw'];
$name = $_POST['name'];
$mobile = $_POST['mobile'];
$address = $_POST['address'];
$email = $_POST['email'];
$nick = $_POST['nick'];
$date = date('Y-m-d');
//회원 아이디 중복 확인.
$sql = "select * from member where id='$id'";
$result = mysqli_query($conn, $sql);
$num = mysqli_num_rows($result);
if($num)
{
echo "<script>alert('아이디가 사용 중입니다.');
history.go(-1);</script>";
exit;
}else{
$sql = "insert into member values
('','$id','$pw','$name','$mobile','$email','$nick','$address',
'$date')";
mysqli_query($conn, $sql);
}
mysqli_close($conn);
?>
<script>
alert('회원가입 완료');
location.href='/index.php';
</script>
modify.php
<?php include "../header.php"?>
<script>
function check()
{
if(document.form_mem.id.value == "")
{
alert('아이디를 입력주세요.');
document.form_mem.id.focus();
return ;
}
if(document.form_mem.pw.value == "")
{
alert('패스워드를 입력주세요.');
document.form_mem.pw.focus();
return ;
}
document.form_mem.action="/member/member_modify.php";
document.form_mem.submit();
}
</script>
<div id="img_mem"></div>
<nav id="nav_sub">
<ul>
<li><a href="/member/member.php">회원가입</a></li>
<li><a href="/member/modify.php">회원수정</a></li>
<li><a href="/member/delete.php">회원탈퇴</a></li>
<li><a href="/member/login.php">로그인</a></li>
</ul>
</nav>
<article id="main_mem">
<h1>회원 수정</h1>
<form method="post" name="form_mem">
<fieldset>
<legend> Basic Info</legend>
<label>User ID</label>
<?=$_SESSION['id']?>
<div class="clear"></div>
<label>Password</label>
<input type="password" name="pw" class="pw">
<div class="clear"></div>
<label>Retype Password</label>
<input type="password" name="repw">
<div class="clear"></div>
<label>Name</label>
<input type="text" name="name" value=<?=$_SESSION['name']?>>
<div class="clear"></div>
<label>Mobile</label>
<input type="text" name="mobile" value=<?=$_SESSION['mobile']?>>
</fieldset>
<fieldset>
<legend>Optional Info</legend>
<label>E-Mail</label>
<input type="text" name="email" value=<?=$_SESSION['email']?>>
<div class="clear"></div>
<label>Address</label>
<input type="text" name="address" value=<?=$_SESSION['address']?>>
<div class="clear"></div>
<label>NickName</label>
<input type="text" name="nick" value=<?=$_SESSION['nick']?>>
</fieldset>
<div id="buttons">
<input type="button" value="취소"
onclick="javascript:location.href='/index.php';" class="mem_button">
<input type="button" value="가입" class="mem_submit"
onclick="check();">
</div>
</form>
</article>
<div class="clear"></div>
<?php include "../footer.php"?>
DB 테이블
create table member(
num int unsigned not null auto_increment,
id varchar(50) not null,
pw varchar(50) not null,
name varchar(50) not null,
mobile varchar(20) not null,
email varchar(50),
nick varchar(50),
address varchar(100),
date varchar(30),
primary key(num, id)
);
css
main.css
body { margin: 0; padding: 0; background-color: #898989; }
#wrap
{
width: 1000px;
height: 950px;
background-image: url(/images/shadow.png);
background-repeat: repeat-y;
margin-left: auto;
margin-right: auto;
}
#login { float: right; margin-right: 50px; margin-top: 10px;}
a { text-decoration: none;}
#login a {color: #333;}
#login a:hover {color: #f90;}
#logo {float: left; margin-top: 50px; margin-left: 50px;}
#logo a { color: #f90; }
#logo a:hover { color: #333; }
#nav_main
{
width: 650px;
float: right;
margin-top: 70px;
margin-right: 50px;
}
#nav_main ul {list-style: none; font-size: 20px;}
#nav_main ul li { float:left; margin: 0 15px;}
#nav_main ul li a { color: #333;}
#nav_main ul li a:hover
{
background-image: url(/images/blue.gif);
background-repeat: repeat-x;
background-position: bottom;
}
header{height: 200px;}
#security
{
width:930px;
height: 280px;
margin-left: 20px;
margin-top: 10px;
background: #EAEAEA;
padding-top: 20px;
}
.solution, .control, .consulting
{
width: 30%;
float: left;
margin-left: 25px;
background-repeat: no-repeat;
background-position: left top;
}
.consulting { background-image: url(/images/icon1.png); }
.solution{ background-image: url(/images/icon2.png); }
.control{ background-image: url(/images/icon3.png);}
.solution h3, .control h3, .consulting h3
{
margin-left: 90px;
}
.solution p, .control p, .consulting p
{
margin-top: 40px;
margin-left: 15px;
}
footer
{
width: 950px;
margin-left: 10px;
margin-top: 40px;
}
#copy, #social
{
margin-left: 50px;
margin-top: 20px;
float: left;
}
#social { margin-left: 140px;}
sub.css
/* member.php */
#img_mem
{
background-image: url(/images/member/sub_back.png);
background-repeat: no-repeat;
width: 970px;
height: 180px;
}
#nav_sub { width: 200px; margin-left: 10px; float: left;}
#nav_sub ul {list-style: none; font-size: 20px;}
#nav_sub ul a
{
color: #333;
height: 30px;
display: block;
width: 150px;
background-image: url(/images/bullet.gif);
background-repeat: no-repeat;
background-position: right;
border-bottom-width: 1px;
border-bottom-style: dotted;
padding: 5px;
}
#nav_sub ul a:hover
{
color: #f90;
background-image: url(/images/bullet_orange.gif);
background-repeat: no-repeat;
background-position: right;
}
.clear{clear: both;}
#main_mem
{
float: left;
width: 650px;
height: 450px;
margin-left: 50px;
}
#main_mem fieldset legend
{
font-size: 20px;
}
#main_mem fieldset label { float: left; width :150px; padding: 5px;}
#main_mem fieldset input
{
width: 250px;
height: 25px;
background-color: #fcfdea;
}
#buttons
{
width: 600px;
height: 50px;
}
.mem_button, .mem_submit
{
width: 31%;
height: 40px;
font-size: 20px;
color: #fff;
margin-top: 10px;
margin-left: 20px;
border-radius : 5px;
}
.mem_button { background-image: url(/images/member/cancel_back.jpg);}
.mem_submit { background-image: url(/images/member/submit_back.jpg);}
#main_mem fieldset { border: none;}
#main_mem fieldset input.id { width: 150px;}
/* login.php */
#main_login
{
width: 450px;
height: 400px;
float: left;
margin-left: 120px;
}
#main_login h1
{
font-size: 40px;
color: #f90;
text-align: center;
margin-left: 50px;
}
#main_login fieldset
{
border: none;
margin-left: 50px;
}
#main_login fieldset label
{
float: left;
width: 100px;
margin: 5px;
font-size: 20px;
}
#main_login fieldset input
{
margin: 5px;
background-color: #fcfdea;
border: 1px solid;
height: 30px;
width: 200px;
}
.login_submit
{
background-image: url(/images/member/submit_back.jpg);
border-radius: 10px;
height: 50px;
color: #fff;
font-size: 20px;
width: 200px;
margin-left: 176px;
margin-top: 20px;
}
/* list.php */
#img_cen
{
background-image : url(/images/center/sub_back.png);
background-repeat : no-peat;
width: 970px;
height: 180px;
}
#main_cen
{
width: 650px;
float: left;
margin-left: 50px;
}
#main_cen h1 { font-size: 30px;}
#main_cen table { width: 640px;}
#main_cen table th
{
background-image: url(/images/center/t_back.jpg);
background-repeat: repeat-x;
background-position : center;
font-size: 20px;
color: #fff;
padding: 5px;
}
.title {width: 300px;}
#main_cen table td
{
text-align: center;
border-bottom: 1px dotted;
padding: 5px;
}
#main_cen .subject a { color: #333; }
#main_cen .subject a:hover { color: #f90; }
#list_form {float: right; margin-top: 10px; margin-right: 10px;}
#list_form select, #list_form input { height: 25px; }
#page_control { text-align: center; }
#page_control a { color: #333; }
#page_control a:hover { color: #f90; }
#button { text-align: right; margin-right: 15px;}
/*view.php */
#view_title
{
width: 100%;
height: 40px;
background-color: #eee;
border: 1px solid #ccc;
line-height: 40px;
font-size: 18px;
font-weight: bold;
}
.view_title1
{
float: left;
width: 55%;
text-align: center;
}
.view_title2
{
float: left;
width: 43%;
text-align: right;
}
#view_content
{
width: 100%;
height: 300px;
border: 1px solid #ccc;
}
#view_file
{
font-weight: bold;
color: #333;
margin-top: 5px;
}
/*write.php*/
#main_cen .col1
{
float : left;
width : 30%;
text-align : center;
background-color : #eee;
height : 25px;
}
#main_cen .col2
{
float: left;
width: 66%;
height : 25px;
}
#write_row1 .col2 { text-align : left; }
#write_row3 .col1 { height : 200px; }
#write_row3 .col2 { border: none; }
#write_row3 textarea { height : 200px; width: 100%; }
#main_cen .col2 input
{
border : 1px solid #999;
width : 100%;
height : 25px;
}
#main_cen .line { border-bottom : 1px solid #ccc; width: 97%; }
/var/www/html/center
delete.php
<?php
include "../dbconn.php";
include "../header.php";
if(!$_SESSION['id']){
echo "<script>alert('로그인 후 이용하세요'); location.href='/member/login.php';</script>";
exit;
}
$num = $_GET['num'];
$sql = "select * from center where num = '$num'";
$result= mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$filename =$row['filename'];
$delete = "delete from center where num = '$num'";
mysqli_query($conn, $delete);
mysqli_close($conn);
if($filename){
unlink("../data/". $filename);
}
echo "<script> alert('게시글 삭제완료.'); location.href='/center/list.php';</script>";
?>
download.php
<?php
$filename = $_GET['filename'];
header("content-disposition: attachment; filename=$filename");
$fp = fopen("../data/".$filename, "r");
fpassthru($fp);
fclose($fp);
?>
insert.php
<?php
session_start();
if(!$_SESSION['id']){
echo "<script>alert('로그인 후 이용하세요'); location.href='/member/login.php';</script>";
exit;
}
$mode=$_GET['mode'];
$num=$_GET['num'];
$subject = $_POST['subject'];
$content = $_POST['content'];
$id = $_SESSION['id'];
$nick = $_SESSION['nick'];
$date = date('Y-m-d');
$filename=$_FILES['upfile']['name']; //실제 파일 이름
$tmp = $_FILES['upfile']['tmp_name']; //임시 파일 이름
if(!($content && $subject) )
{
echo " <script>alert('데이터를 입력해 주세요.'); history.go(-1)</script>";
exit;
}
include"../dbconn.php";
if($mode=='modfiy')
{
//수정
if($filename)
{
$sql ="update center set content='$content',subject='$subject',
filename='$filename' where num='$num'";
}else {
$sql="update center set content='$content',subject='$subject' where num='$num'";
}
}else{
//작성
$sql ="insert into center values('','$id','$nick','$subject','$content','$date',0,'$filename')";
}
mysqli_query($conn, $sql);
mysqli_close($conn);
if(is_uploaded_file($tmp)) //tmp에 있는 경로로 가서 파일이 있으면 true 없으면 false 을 반환한다.
{
$destination='../data/' . $filename; //../data/a.txt
move_uploaded_file($tmp, $destination);
}
?>
<script>alert('완료');location.href='/center/list.php'</script>
list.php
<?php include "../header.php";
$data = $_POST['data'];
$find = $_POST['find'];
$mode = $_GET['mode'];
$page = $_GET['page'];
if(!$page)
{
$page=1;
}
if($mode == "search"){
if($data=="")
{
echo "<script>alert('데이터를 입력 후 이용해라.');location.href='list.php';</script>";
}
$sql = "select * from center where $find like '%$data%' order by num desc";
}
else{
$sql = "select * from center order by num desc";
}
include "../dbconn.php";
$result = mysqli_query($conn, $sql);
$record = mysqli_num_rows($result);
$scroll = 3;
if($record % $scroll == 0)
{
$pageCnt = $record / $scroll;
}else {
$pageCnt = ceil($record / $scroll); //ceil() 올림 해주는 함수
}
$start = ($page-1) * $scroll; //for문의 초기값
$number = $record - $start; //게시글의 번호
?>
<div id="img_cen"></div>
<nav id="nav_sub">
<ul>
<li><a href="list.php">게시글 목록</a></li>
<li><a href="write.php">게시글 작성</a></li>
<li><a href="delete.php">게시글 삭제</a></li>
<li><a href="write.php?mode=modfiy">게시글 수정</a></li> <!-- mode=modfiy 이문장을 통해 게시글 작성과 구별을 둔다. -->
</ul>
</nav>
<article id="main_cen">
<h1>게시글 목록</h1>
<table>
<tr>
<th class="no">번호</th>
<th class="title">제목</th>
<th class="writer">작성자</th>
<th class="date">날짜</th>
<th class="hit">조회수</th>
</tr>
<?php
for($i = $start; $i < $scroll+$start && $i< $record; $i++)
{
mysqli_data_seek($result, $i); //데이터의 값을 이동시켜줌.
$row= mysqli_fetch_array($result);
$subject = $row['subject'];
$nick = $row['nick'];
$date = $row['date'];
$hit = $row['hit'];
$num = $row['num'];
?>
<tr>
<td><?=$number ?></td>
<td class="subject"> <a href="view.php?num=<?=$num?>&page=<?=$page ?>"><?= $subject ?></a> </td>
<td><?=$nick ?></td>
<td><?=$date ?></td>
<td><?=$hit ?></td>
</tr>
<?php
$number--;
}
?>
</table>
<form action="list.php?mode=search" method="post" id="list_form">
<select name="find">
<option value="subject">제목</option>
<option value="content">내용</option>
<option value="nick">작성자</option>
</select>
<input type="text" name="data">
<input type="submit" value="검색">
</form>
<div class="clear"></div>
<div id="page_control">
<?php
if($page <= 1)
{
echo "<a href= 'list.php?page=1'>Prev</a>";
}else
{
$page --;
echo " <a href='list.php?page=$page'>Prev</a>";
$page++;
}
for($i=1; $i <=$pageCnt;$i++)
echo " <a href='list.php?page=$i'>$i</a>";
if($page >=$pageCnt)
echo "<a href='list.php?page=$pageCnt'>Next</a>";
else{
$page++;
echo "<a href='list.php?page=$pageCnt'>Next</a>";
$page--;
}
?>
</div>
<div id="button">
<a href="write.php"> <img src="/images/write.png"> </a>
</div>
</article>
<div class="clear"></div>
<?php include "../footer.php";
mysqli_close($conn);
?>
view.php
<?php
include "../header.php";
include "../dbconn.php";
$num = $_GET['num'];
$page = $_GET['page'];
$sql = "select * from center where num='$num'";
$result= mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$content = $row['content'];
$subject = $row['subject'];
$date = $row['date'];
$hit = $row['hit'];
$filename =$row['filename'];
$nick=$row['nick'];
$hit++ ;
$sql= "update center set hit='$hit' where num = '$num'";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
<div id="img_cen"></div>
<nav id="nav_sub">
<ul>
<li><a href="list.php?page=<?=$page?>">게시글 목록</a></li>
<li><a href="write.php">게시글 작성</a></li>
<li><a href="delete.php?num=<?=$num?>">게시글 삭제</a></li>
<li><a href="write.php?mode=modfiy&num=<?=$num?>">게시글 수정</a></li> <!-- mode=modfiy 이문장을 통해 게시글 작성과 구별을 둔다. -->
</ul>
</nav>
<article id="main_cen">
<h1>글 내용</h1>
<div id="view_title">
<div class="view_title1"><?=$subject ?></div>
<div class="view_title2"><?=$nick?>조회수 :<?=$hit ?> <?=$date ?></div>
</div>
<div id="view_content"><?= $content?></div>
<div id="view_file">첨부 파일 :
<a href="download.php?filename=<?=$filename ?>"> <?=$filename?></a>
</div>
<div id="button">
<a href="list.php?page=<?=$page?>"><img src="/images/list.png"></a>
<a href="write.php?mode=modfiy&num=<?=$num?>"><img src="/images/modify.png"></a>
<a href="delete.php?num=<?=$num?>"><img src="/images/delete.png"></a>
<a href="write.php"><img src="/images/write.png"></a>
</div>
</article>
<div class="clear"></div>
<?php include "../footer.php"; ?>
write.php
<?php include "../header.php";
if(!$_SESSION['id']){
echo "<script>alert('로그인 후 이용하세요'); location.href='/member/login.php';</script>";
exit;
}
$mode=$_GET['mode'];
$nick= $_SESSION['nick'];
$num= $_GET['num'];
if($mode =='modfiy')
{
include "../dbconn.php";
$sql="select * from center where num='$num'";
$result= mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$id =$row['id'];
if($_SESSION['id'] != $id){
echo "<script>alert('작성자만 수정 가능합니다.');
location.href='/center/list.php';
</script>";
}
$content= $row['content'];
$subject= $row['subject'];
mysqli_close($conn);
}
?>
<div id="img_cen"></div>
<nav id="nav_sub">
<ul>
<li><a href="list.php">게시글 목록</a></li>
<li><a href="write.php">게시글 작성</a></li>
<li><a href="delete.php">게시글 삭제</a></li>
<li><a href="write.php?mode=modfiy">게시글 수정</a></li> <!-- mode=modfiy 이문장을 통해 게시글 작성과 구별을 둔다. -->
</ul>
</nav>
<article id="main_cen">
<?php
if($mode == 'modfiy')
{
?>
<h1>글수정</h1>
<form action="insert.php?mode=modfiy&num=<?=$num?>" method="post" enctype="multipart/form-data">
<?php
} else {
?>
<h1> 글 작성</h1>
<form action="insert.php" method="post" enctype="multipart/form-data"> <!-- enctype="multipart/form-data 가 있어야 업로드가 가능. -->
<?php
}
?>
<div class="line"></div>
<table id="write_table">
<tr id="write_row1">
<td class="col1">닉네임</td>
<td class="col2"><?=$nick?></td>
</tr>
<tr id="write_row2">
<td class="col1">제목</td>
<td class="col2"> <input type="text" name="subject" value=<?=$subject ?>> </td>
</tr>
<tr id="write_row3">
<td class="col1">내용</td>
<td class="col2"><textarea name="content"><?=$content ?></textarea></td>
</tr>
<tr id="write_row4">
<td class="col1">파일</td>
<td class="col2"><input type="file" name="upfile"></td>
</tr>
</table>
<div id="button">
<input type="image" src="/images/ok.png">
<a href="list.php"> <img src="/images/list.png"> </a>
</div>
</form>
</article>
<div class="clear"></div>
<?php include "../footer.php"; ?>
db테이블
create table center(
num int unsigned not null auto_increment,
id varchar(50),
nick varchar(50),
subject varchar(255) not null,
content text,
date varchar(30),
hit int unsigned,
filename varchar(255),
primary key(num)
);