table} WHERE is_deleted = 0 ORDER BY id DESC"; $result = sql_query($sql); $list = []; while ($row = sql_fetch_array($result)) { $list[] = $row; } return $list; } public function get($id) { $id = (int)$id; return sql_fetch("SELECT * FROM {$this->table} WHERE id = '{$id}' AND is_deleted = 0"); } public function getInUse() { // [추가] 사용중(is_use=1)인 첫번째 설정을 가져오는 메소드 return sql_fetch("SELECT * FROM {$this->table} WHERE is_use = 1 AND is_deleted = 0 LIMIT 1"); } public function create($data) { global $member; $now = G5_TIME_YMDHIS; $set_sql = []; $set_sql[] = " name = '" . sql_real_escape_string(trim($data['name'])) . "' "; $set_sql[] = " host = '" . sql_real_escape_string(trim($data['host'])) . "' "; $set_sql[] = " username = '" . sql_real_escape_string(trim($data['username'])) . "' "; $set_sql[] = " password = '" . sql_real_escape_string(trim($data['password'])) . "' "; $set_sql[] = " port = '" . (int)$data['port'] . "' "; $set_sql[] = " encryption = '" . (in_array($data['encryption'], ['none', 'ssl', 'tls']) ? $data['encryption'] : 'ssl') . "' "; $set_sql[] = " from_email = '" . sql_real_escape_string(trim($data['from_email'])) . "' "; $set_sql[] = " from_name = '" . sql_real_escape_string(trim($data['from_name'])) . "' "; $set_sql[] = " is_use = '" . (isset($data['is_use']) ? 1 : 0) . "' "; $set_sql[] = " is_deleted = '0' "; $set_sql[] = " created_by = '{$member['mb_id']}' "; $set_sql[] = " updated_by = '{$member['mb_id']}' "; $set_sql[] = " created_at = '{$now}' "; $set_sql[] = " updated_at = '{$now}' "; $sql = "INSERT INTO {$this->table} SET " . implode(', ', $set_sql); sql_query($sql); // [추가] 로그 기록 $id = sql_insert_id(); $details = "새로운 SMTP 설정 추가: " . sql_real_escape_string(trim($data['name'])); $this->insertLog($id, 'insert', $member['mb_id'], $details); } public function update($id, $data) { global $member; $id = (int)$id; $now = G5_TIME_YMDHIS; $set_sql = []; $set_sql[] = " name = '" . sql_real_escape_string(trim($data['name'])) . "' "; $set_sql[] = " host = '" . sql_real_escape_string(trim($data['host'])) . "' "; $set_sql[] = " username = '" . sql_real_escape_string(trim($data['username'])) . "' "; $set_sql[] = " port = '" . (int)$data['port'] . "' "; $set_sql[] = " encryption = '" . (in_array($data['encryption'], ['none', 'ssl', 'tls']) ? $data['encryption'] : 'ssl') . "' "; $set_sql[] = " from_email = '" . sql_real_escape_string(trim($data['from_email'])) . "' "; $set_sql[] = " from_name = '" . sql_real_escape_string(trim($data['from_name'])) . "' "; $set_sql[] = " is_use = '" . (isset($data['is_use']) ? 1 : 0) . "' "; $set_sql[] = " updated_by = '{$member['mb_id']}' "; $set_sql[] = " updated_at = '{$now}' "; if (!empty($data['password'])) { $set_sql[] = " password = '" . sql_real_escape_string(trim($data['password'])) . "' "; } $sql = "UPDATE {$this->table} SET " . implode(', ', $set_sql) . " WHERE id = {$id}"; sql_query($sql); // [추가] 로그 기록 $details = "SMTP 설정 수정 (ID: {$id})"; $this->insertLog($id, 'update', $member['mb_id'], $details); } public function delete($id) { global $member; $id = (int)$id; $now = G5_TIME_YMDHIS; $mb_id = sql_real_escape_string($member['mb_id']); $sql = "UPDATE {$this->table} SET is_deleted = 1, updated_by = '{$mb_id}', updated_at = '{$now}' WHERE id = {$id}"; sql_query($sql); // [추가] 로그 기록 $details = "SMTP 설정 삭제 (ID: {$id})"; $this->insertLog($id, 'delete', $member['mb_id'], $details); } /** * [추가] 변경 이력을 기록하는 private 메소드 */ private function insertLog($smtp_config_id, $action, $changed_by, $details) { $smtp_config_id = (int)$smtp_config_id; $action = sql_real_escape_string($action); $changed_by = sql_real_escape_string($changed_by); $details = sql_real_escape_string($details); $change_date = G5_TIME_YMDHIS; $sql = "INSERT INTO {$this->log_table} (smtp_config_id, `action`, changed_by, change_date, change_details) VALUES ('{$smtp_config_id}', '{$action}', '{$changed_by}', '{$change_date}', '{$details}')"; sql_query($sql); } } /*if (!defined('_GNUBOARD_')) exit; class SmtpConfigManager { private $table = 'g5_mail_smtp_config'; public function getAll() { $sql = "SELECT * FROM {$this->table} WHERE is_deleted = 0 ORDER BY id DESC"; $result = sql_query($sql); $list = []; while ($row = sql_fetch_array($result)) { $list[] = $row; } return $list; } public function get($id) { $id = (int)$id; return sql_fetch("SELECT * FROM {$this->table} WHERE id = '{$id}' AND is_deleted = 0"); } public function getInUse() { // [추가] 사용중(is_use=1)인 첫번째 설정을 가져오는 메소드 return sql_fetch("SELECT * FROM {$this->table} WHERE is_use = 1 AND is_deleted = 0 LIMIT 1"); } public function create($data) { global $member; $now = G5_TIME_YMDHIS; // [수정] sql_array_insert 함수 대신 직접 SQL 구문을 생성합니다. // 이 방식은 SQL 인젝션에 더 안전하고 호환성 문제가 없습니다. $set_sql = []; $set_sql[] = " name = '".sql_real_escape_string(trim($data['name']))."' "; $set_sql[] = " host = '".sql_real_escape_string(trim($data['host']))."' "; $set_sql[] = " username = '".sql_real_escape_string(trim($data['username']))."' "; $set_sql[] = " password = '".sql_real_escape_string(trim($data['password']))."' "; $set_sql[] = " port = '".(int)$data['port']."' "; $set_sql[] = " encryption = '".(in_array($data['encryption'], ['none','ssl','tls']) ? $data['encryption'] : 'ssl')."' "; $set_sql[] = " from_email = '".sql_real_escape_string(trim($data['from_email']))."' "; $set_sql[] = " from_name = '".sql_real_escape_string(trim($data['from_name']))."' "; $set_sql[] = " is_use = '".(isset($data['is_use']) ? 1 : 0)."' "; $set_sql[] = " is_deleted = '0' "; $set_sql[] = " created_by = '{$member['mb_id']}' "; $set_sql[] = " updated_by = '{$member['mb_id']}' "; $set_sql[] = " created_at = '{$now}' "; $set_sql[] = " updated_at = '{$now}' "; $sql = "INSERT INTO {$this->table} SET " . implode(', ', $set_sql); sql_query($sql); } public function update($id, $data) { global $member; $id = (int)$id; $now = G5_TIME_YMDHIS; // [수정] sql_array_insert 함수 대신 직접 SQL 구문을 생성합니다. $set_sql = []; $set_sql[] = " name = '".sql_real_escape_string(trim($data['name']))."' "; $set_sql[] = " host = '".sql_real_escape_string(trim($data['host']))."' "; $set_sql[] = " username = '".sql_real_escape_string(trim($data['username']))."' "; $set_sql[] = " port = '".(int)$data['port']."' "; $set_sql[] = " encryption = '".(in_array($data['encryption'], ['none','ssl','tls']) ? $data['encryption'] : 'ssl')."' "; $set_sql[] = " from_email = '".sql_real_escape_string(trim($data['from_email']))."' "; $set_sql[] = " from_name = '".sql_real_escape_string(trim($data['from_name']))."' "; $set_sql[] = " is_use = '".(isset($data['is_use']) ? 1 : 0)."' "; $set_sql[] = " updated_by = '{$member['mb_id']}' "; $set_sql[] = " updated_at = '{$now}' "; // 비밀번호가 입력된 경우에만 업데이트 if (!empty($data['password'])) { $set_sql[] = " password = '".sql_real_escape_string(trim($data['password']))."' "; } $sql = "UPDATE {$this->table} SET " . implode(', ', $set_sql) . " WHERE id = {$id}"; sql_query($sql); } public function delete($id) { global $member; $id = (int)$id; $now = G5_TIME_YMDHIS; // [개선] sql_real_escape_string 을 사용하여 보안 강화 $mb_id = sql_real_escape_string($member['mb_id']); $sql = "UPDATE {$this->table} SET is_deleted = 1, updated_by = '{$mb_id}', updated_at = '{$now}' WHERE id = {$id}"; sql_query($sql); } }*/