<?php
header("Content-Type: text/html; charset=UTF-8");
header("X-XSS-Protection: 1; mode=block");
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
header('Expires: 0'); // Proxies.

$ext_arr = array ('DOCUMENT_URI', '_ENV', '_GET', '_POST', '_FILES', '_SERVER', '_COOKIE', '_SESSION', '_REQUEST',
                  'HTTP_ENV_VARS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS',
                  'HTTP_COOKIE_VARS', 'HTTP_SESSION_VARS', 'GLOBALS');
$ext_cnt = count($ext_arr);
for ($i=0; $i<$ext_cnt; $i++) {
    // POST, GET 으로 선언된 전역변수가 있다면 unset() 시킴
    if (isset($_GET[$ext_arr[$i]]))  unset($_GET[$ext_arr[$i]]);
    if (isset($_POST[$ext_arr[$i]])) unset($_POST[$ext_arr[$i]]);
}

function array_map_deep($fn, $array)
{
    if(is_array($array)) {
        foreach($array as $key => $value) {
            if(is_array($value)) {
                $array[$key] = array_map_deep($fn, $value);
            } else {
                $array[$key] = call_user_func($fn, $value);
            }
        }
    } else {
        $array = call_user_func($fn, $array);
    }

    return $array;
}


// SQL Injection 대응 문자열 필터링
function sql_escape_string($str)
{
    if(defined('ESCAPE_PATTERN') && defined('ESCAPE_REPLACE')) {
        $pattern = ESCAPE_PATTERN;
        $replace = ESCAPE_REPLACE;

        if($pattern)
            $str = preg_replace($pattern, $replace, $str);
    }

    $str = call_user_func('addslashes', $str);

    return $str;
}

//define('ESCAPE_PATTERN',  '/(and|or|AND|OR).*(union|select|insert|update|delete|from|where|limit|create|drop|script).*/i');
define('ESCAPE_REPLACE',  '');

//==============================================================================
// SQL Injection 등으로 부터 보호를 위해 sql_escape_string() 적용
//------------------------------------------------------------------------------
// magic_quotes_gpc 에 의한 backslashes 제거
if (get_magic_quotes_gpc()) {
    $_POST    = array_map_deep('stripslashes',  $_POST);
    $_GET     = array_map_deep('stripslashes',  $_GET);
    $_COOKIE  = array_map_deep('stripslashes',  $_COOKIE);
    $_REQUEST = array_map_deep('stripslashes',  $_REQUEST);
}

// sql_escape_string 적용
$_POST    = array_map_deep(sql_escape_string,  $_POST);
$_GET     = array_map_deep(sql_escape_string,  $_GET);
$_COOKIE  = array_map_deep(sql_escape_string,  $_COOKIE);
$_REQUEST = array_map_deep(sql_escape_string,  $_REQUEST);
//==============================================================================


// XSS 관련 태그 제거
function clean_xss_tags($str, $check_entities=0)
{
    $str_len = strlen($str);
    
    $i = 0;
    while($i <= $str_len){
        $result = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $str);
        
        if( $check_entities ){
            $result = str_replace(array('&colon;', '&lpar;', '&rpar;', '&NewLine;', '&Tab;'), '', $result);
        }

        if((string)$result === (string)$str) break;

        $str = $result;
        $i++;
    }

    return $str;
}

function RemoveXSS($val) {
   $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
   
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) { 
   // ;? matches the ;, which is optional 
   // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
    
   // &#x0040 @ search for the hex values
      $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val);
      // with a ; 

      // &#00064 @ 0{0,7} matches '0' zero to seven times
      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
   }
   
   // now the only remaining whitespace attacks are \t, \n, and \r
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style','script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);
   
   $found = true; // keep replacing as long as the previous round replaced something
   while ($found == true) {
      $val_before = $val;
      for ($i = 0; $i < sizeof($ra); $i++) {
         $pattern = '/';
         for ($j = 0; $j < strlen($ra[$i]); $j++) {
            if ($j > 0) {
               $pattern .= '(';
               $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
               $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
               $pattern .= ')?';
            }
            $pattern .= $ra[$i][$j];
         }
         $pattern .= '/i';
         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
         if ($val_before == $val) {
            // no replacements were made, so exit the loop
            $found = false;
         }
      }
   }
   return $val;
}


function filter($nameasdferwer) {
	$nameasdferwer = htmlspecialchars($nameasdferwer);
	$nameasdferwer = strip_tags($nameasdferwer);
	$nameasdferwer = mysql_real_escape_string($nameasdferwer);
	return $nameasdferwer;
}	

//////////////////////////// 이하 생략

include $_SERVER[DOCUMENT_ROOT] . "/common/conf/dbconfig.inc.php";
//DB연결
$dblink = SetConn($_conf_db["main_db"]);

$arrSetInfo = getShopsetInfo($GLOBALS["_conf_tbl"]["shop_set"]);

//DB해제
SetDisConn($dblink);

/*********************************************************************/
// 사이트 기본정보
/*********************************************************************/
$_SITE["NAME"] = $arrSetInfo["list"][0][shop_name];
$_SITE["DOMAIN"] = $arrSetInfo["list"][0][shop_url];
$_SITE["EMAIL"] = $arrSetInfo["list"][0][admin_email];

$_SITE["POSTMAN_ID"] = "";
$_SITE["POSTMAN_PW"] = "";

/*********************************************************************/
// 업로드 파일 위치
/*********************************************************************/
$_SITE["UPLOADED_DATA"] = $_SERVER[DOCUMENT_ROOT] . "/uploaded";

$_SITE["VOD_DATA"] = $_SERVER["DOCUMENT_ROOT"] . "/vodData";
$_SITE["VOD_DATA_URL"] = "/vodData";
/*********************************************************************/
// 게시판 설정 정보
/*********************************************************************/
$_SITE["BOARD_PREWORD"] = "tbl_board_";
$_SITE["BOARD_DATA"] = $_SITE["UPLOADED_DATA"] . "/board";
$_SITE["BOARD_PATH"] = $_SERVER[DOCUMENT_ROOT] . "/module/board";
$_SITE["BOARD_SKIN"] = $_SITE["BOARD_PATH"] . "/skin/";
$_SITE["BOARD_SKIN_URL"] = "/module/board/skin";

/*********************************************************************/
// 가입금지 아이디
/*********************************************************************/
$_SITE["MEMBER"]["DONT_USE_ID"][] = "admin";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "master";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "webmaster";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "administrator";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "guest";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "help";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "sex";
$_SITE["MEMBER"]["DONT_USE_ID"][] = "fuck";

/*********************************************************************/
// 제품 관련(product 모듈) 변수 설정
/*********************************************************************/
//카테고리 뎊스 : 최대 5까지
$_SITE["PRODUCT"]["CATEGORY_DEPTH"] = $arrSetInfo['list'][0]['shop_product_c'];
$_SITE["GALLERY"]["CATEGORY_DEPTH"] = $arrSetInfo['list'][0]['shop_gallery_c'];
$_SITE["STORE"]["CATEGORY_DEPTH"] = $arrSetInfo['list'][0]['shop_store_c'];
$_SITE["PATENTS"]["CATEGORY_DEPTH"] = $arrSetInfo['list'][0]['shop_patents_c'];
//사진이미지 추가가능 갯수
$_SITE["PRODUCT"]["IMAGE_COUNT"] = $arrSetInfo['list'][0]['shop_product_imgc'];
$_SITE["GALLERY"]["IMAGE_COUNT"] = $arrSetInfo['list'][0]['shop_gallery_imgc'];
$_SITE["STORE"]["IMAGE_COUNT"] = $arrSetInfo['list'][0]['shop_store_imgc'];
$_SITE["PATENTS"]["IMAGE_COUNT"] = $arrSetInfo['list'][0]['shop_patents_imgc'];


/*********************************************************************/
// 쇼핑몰 관련 변수 설정
/*********************************************************************/
//쇼핑몰 사용여부
$_SITE["SHOP"]["USE_SHOP"] = "Y";

//장바구니 이미지 크기
$_SITE["SHOP"]["IMAGE_S_WIDTH"] = "150";
//목록 이미지 크기
$_SITE["SHOP"]["IMAGE_M_WIDTH"] = "320";
//상세보기 이미지 크기
$_SITE["SHOP"]["IMAGE_L_WIDTH"] = "610";
//목록에서 이미지 가로갯수
$_SITE["SHOP"]["IMAGE_DIVISION"] = "4";

//PG사 설정
$_SITE["SHOP"]["PG"]["SERVICE"] = "test";//테스트 일 경우에만 test 
$_SITE["SHOP"]["PG"]["COMPANY"] = $arrSetInfo["list"][0][shop_pg];//올더게이트
$_SITE["SHOP"]["PG"]["MALLID"] = $arrSetInfo["list"][0][shop_pg_id];//올더게이트 테스트 아이디(aegis)

//===========================================================
//휴대폰결제 관련 정보// 올더게이트 사용시 휴대폰아디 추가 발급
// 20100729
//===========================================================
$_SITE["SHOP"]["PG"]["HP_SUBID"] = "";// SUB_CP아이디
//## 업체에 따라 하단 값을 넣지 않다도 작동세팅이 된 업체도 있슴

$_SITE["SHOP"]["PG"]["HP_UNITType"] = "";//상품구분 1:디지털 2:일반
$_SITE["SHOP"]["PG"]["ProdCode"] = "";//상품코드
$_SITE["SHOP"]["PG"]["HP_ID"] = "";//CP 아이디
$_SITE["SHOP"]["PG"]["HP_PWD"] = "";//비밀번호// 엑셀파일에는 없음
//===========================================================

/*********************************************************************/
// SMTP 변수 설정
/*********************************************************************/
$_SITE["SMTP"]["HOST"]	= $arrSetInfo['list'][0]['smtp_host'];
$_SITE["SMTP"]["USERNAME"]	= $arrSetInfo['list'][0]['smtp_username'];
$_SITE["SMTP"]["DOMAIN"]	= $arrSetInfo['list'][0]['smtp_domain'];
$_SITE["SMTP"]["PASSWORD"]	= $arrSetInfo['list'][0]['smtp_password'];
$_SITE["SMTP"]["PORT"]	= $arrSetInfo['list'][0]['smtp_port'];
$_SITE["SMTP"]["SSL"]	= $arrSetInfo['list'][0]['smtp_ssl'];
$_SITE["SMTP"]["EMAIL"]	= $arrSetInfo['list'][0]['smtp_username']."@".$arrSetInfo['list'][0]['smtp_domain'];

//년도 설정
for($i=date("Y");$i>2011;$i--){
	$_SITE["BOARD"]["YEAR"][]	= $i;
}

//설계,감리,기타 항목
$arrCategory = explode("\r\n", $arrSetInfo["list"][0][category]);
for($i=0; $i<count($arrCategory); $i++) {
	$_SITE["SHOP"]["CATE"][]	= $arrCategory[$i];
}

//에너지사업 항목
$arrCategory2 = explode("\r\n", $arrSetInfo["list"][0][category2]);
for($i=0; $i<count($arrCategory2); $i++) {
	$_SITE["SHOP"]["CATE2"][]	= $arrCategory2[$i];
}

//계좌번호 설정
$arrBank = explode("\n", $arrSetInfo["list"][0][shop_bankinfo]);
for($i=0; $i<count($arrBank); $i++) {
	$_SITE["SHOP"]["BANK"][]	= $arrBank[$i];
}

$arrDeliveryLnc = explode("\n", $arrSetInfo["list"][0][shop_delivery_lnc]);
for($i=0; $i<count($arrDeliveryLnc); $i++) {
	$_SITE["SHOP"]["DELIVERYLNC"][]	= $arrDeliveryLnc[$i];
}

$arrBanner = explode("\n", $arrSetInfo["list"][0][banner_content]);
for($i=0; $i<count($arrBanner); $i++) {
	$_SITE["SHOP"]["BannerContent"][]	= $arrBanner[$i];
}

//포인트 사용시 포인트가 이 금액 이상 있어야지만 사용가능
$_SITE["SHOP"]["POINT"]["LOW_ACCOUNT"]	= $arrSetInfo["list"][0][shop_point_max];

//포인트 사용시 총액이 이 금액 이상이어야지만 사용가능
$_SITE["SHOP"]["POINT"]["LOW_PRICE"]	= $arrSetInfo["list"][0][shop_point_min];

//총액이 이 금액 이상이면 배송료 무료
if($arrSetInfo['list'][0]['shop_delivery_gb']=="5"){//상품별 배송비 책정
	$_SITE["SHOP"]["SHIP"]["FREE_PRICE"]	= $arrSetInfo["list"][0][shop_delivery_price_etc];
}else if($arrSetInfo['list'][0]['shop_delivery_gb']=="4"){//총결제금액별 배송비 책정
	$_SITE["SHOP"]["SHIP"]["FREE_PRICE"]	= $arrSetInfo["list"][0][shop_delivery_price];
}else{
	$_SITE["SHOP"]["SHIP"]["FREE_PRICE"]	= 0;
}

//기본 배송료 고정가
$_SITE["SHOP"]["SHIP"]["SHIP_PRICE"]	= $arrSetInfo["list"][0][shop_delivery_default];

//주문상태
$_SITE["SHOP"]["ORDER_STATE"]["1"]	= "입금대기";
$_SITE["SHOP"]["ORDER_STATE"]["2"]	= "취소요청";
$_SITE["SHOP"]["ORDER_STATE"]["3"]	= "취소완료";
//$_SITE["SHOP"]["ORDER_STATE"]["4"]	= "환불요청";
$_SITE["SHOP"]["ORDER_STATE"]["5"]	= "환불완료";
$_SITE["SHOP"]["ORDER_STATE"]["6"]	= "결제완료";
$_SITE["SHOP"]["ORDER_STATE"]["7"]	= "배송준비중";
$_SITE["SHOP"]["ORDER_STATE"]["8"]	= "배송중";
$_SITE["SHOP"]["ORDER_STATE"]["9"]	= "거래완료";

//결제방법
$arrPay = explode(",", $arrSetInfo["list"][0][shop_payment]);
for($i=0; $i<count($arrPay); $i++) {
	$arrPayType = explode("|", $arrPay[$i]);

	$_SITE["SHOP"]["PAY_TYPE"][$arrPayType[0]] = $arrPayType[1];
}

$_SITE["SHOP"]["PAY_TYPE_MOBILE"]["cardnormal"]	= "신용카드(일반)";
$_SITE["SHOP"]["PAY_TYPE_MOBILE"]["virtualnormal"]	= "가상계좌(일반)";
$_SITE["SHOP"]["PAY_TYPE_MOBILE"]["cardescrow"]	= "신용카드(에스크로)";
$_SITE["SHOP"]["PAY_TYPE_MOBILE"]["virtualescrow"]	= "가상계좌(에스크로)";
$_SITE["SHOP"]["PAY_TYPE_MOBILE"]["hp"]	= "휴대폰";

//제조사
$_SITE["VENDOR"][]	= "현대";
$_SITE["VENDOR"][]	= "기아";
$_SITE["VENDOR"][]	= "쉐보레(GM대우)";
$_SITE["VENDOR"][]	= "기아";
$_SITE["VENDOR"][]	= "르노삼성";
$_SITE["VENDOR"][]	= "쌍용";
$_SITE["VENDOR"][]	= "기타";
$_SITE["VENDOR"][]	= "BMW";
$_SITE["VENDOR"][]	= "벤츠";
$_SITE["VENDOR"][]	= "아우디";
$_SITE["VENDOR"][]	= "렉서스";
$_SITE["VENDOR"][]	= "폭스바겐";
$_SITE["VENDOR"][]	= "인피니티";
$_SITE["VENDOR"][]	= "크라이슬러";
$_SITE["VENDOR"][]	= "MINI";
$_SITE["VENDOR"][]	= "푸조";
$_SITE["VENDOR"][]	= "혼다";
$_SITE["VENDOR"][]	= "볼보";
$_SITE["VENDOR"][]	= "재규어";
$_SITE["VENDOR"][]	= "닛산";
$_SITE["VENDOR"][]	= "캐딜락";
$_SITE["VENDOR"][]	= "포르쉐";
$_SITE["VENDOR"][]	= "포드";
$_SITE["VENDOR"][]	= "토요타";
$_SITE["VENDOR"][]	= "랜드로버";
$_SITE["VENDOR"][]	= "지프";
$_SITE["VENDOR"][]	= "링컨";
$_SITE["VENDOR"][]	= "사브";
$_SITE["VENDOR"][]	= "스바루";
$_SITE["VENDOR"][]	= "스즈키";
$_SITE["VENDOR"][]	= "미쓰비시";
$_SITE["VENDOR"][]	= "시트로엥";
$_SITE["VENDOR"][]	= "닷지";
$_SITE["VENDOR"][]	= "애스턴마틴";
$_SITE["VENDOR"][]	= "페라리";
$_SITE["VENDOR"][]	= "피아트";
$_SITE["VENDOR"][]	= "허머";

//주행거리
$_SITE["KM"][]	= "0km";
$_SITE["KM"][]	= "10000km";
$_SITE["KM"][]	= "20000km";
$_SITE["KM"][]	= "30000km";
$_SITE["KM"][]	= "40000km";
$_SITE["KM"][]	= "50000km";
$_SITE["KM"][]	= "60000km";
$_SITE["KM"][]	= "70000km";
$_SITE["KM"][]	= "80000km";
$_SITE["KM"][]	= "90000km";
$_SITE["KM"][]	= "100000km";
$_SITE["KM"][]	= "110000km";
$_SITE["KM"][]	= "120000km";
$_SITE["KM"][]	= "130000km";
$_SITE["KM"][]	= "140000km";
$_SITE["KM"][]	= "150000km";
$_SITE["KM"][]	= "160000km";
$_SITE["KM"][]	= "170000km";
$_SITE["KM"][]	= "180000km";
$_SITE["KM"][]	= "190000km";
$_SITE["KM"][]	= "200000km";

$_SITE["SIDO"][]	= "강원";
$_SITE["SIDO"][]	= "경기";
$_SITE["SIDO"][]	= "경남";
$_SITE["SIDO"][]	= "경북";
$_SITE["SIDO"][]	= "광주";
$_SITE["SIDO"][]	= "대구";
$_SITE["SIDO"][]	= "대전";
$_SITE["SIDO"][]	= "부산";
$_SITE["SIDO"][]	= "서울";
$_SITE["SIDO"][]	= "세종";
$_SITE["SIDO"][]	= "울산";
$_SITE["SIDO"][]	= "인천";
$_SITE["SIDO"][]	= "전남";
$_SITE["SIDO"][]	= "전북";
$_SITE["SIDO"][]	= "제주";
$_SITE["SIDO"][]	= "충남";
$_SITE["SIDO"][]	= "충북";

$_SITE["PRODUCT"]["TYPE"][]	= "교육시설";
$_SITE["PRODUCT"]["TYPE"][]	= "업무시설";
$_SITE["PRODUCT"]["TYPE"][]	= "의료시설";
$_SITE["PRODUCT"]["TYPE"][]	= "주거시설";
$_SITE["PRODUCT"]["TYPE"][]	= "문화 및 집회시설";
$_SITE["PRODUCT"]["TYPE"][]	= "상업시설";
$_SITE["PRODUCT"]["TYPE"][]	= "물류 및 창고시설";
$_SITE["PRODUCT"]["TYPE"][]	= "사회기반시설";
$_SITE["PRODUCT"]["TYPE"][]	= "도시재생";
/*********************************************************************/
// 페이징 관련 변수 설정
/*********************************************************************/
//페이징 관련 변수(기본설정이며 각 페이지에서 재 설정 가능)
$scale = 10;
$pagescale = 10;


include $_SERVER[DOCUMENT_ROOT] . "/common/lib/html.inc.php";
include $_SERVER[DOCUMENT_ROOT] . "/common/lib/util.inc.php";
include $_SERVER[DOCUMENT_ROOT] . "/common/lib/navigation.inc.php";
include $_SERVER[DOCUMENT_ROOT] . "/common/lib/navigationB.inc.php";//backoffice용
//include $_SERVER[DOCUMENT_ROOT] . "/common/lib/smtpclass.inc.php";2020-08-07 사용종료
include $_SERVER[DOCUMENT_ROOT] . "/common/lib/phpmailer.inc.php";
?>