From 3a970616b16c95a83ec138ab16a0292a64d14552 Mon Sep 17 00:00:00 2001 From: zero Date: Wed, 22 Aug 2007 00:13:44 +0000 Subject: [PATCH] =?UTF-8?q?#86.=20mysql=EC=9D=B4=EC=9A=A9=EC=8B=9C=20old?= =?UTF-8?q?=5Fpassword()=EB=A5=BC=20php=ED=95=A8=EC=88=98=EC=97=90?= =?UTF-8?q?=EC=84=9C=201=EC=B0=A8=20=EC=B2=98=EB=A6=AC=ED=9B=84=20?= =?UTF-8?q?=ED=8B=80=EB=A6=AC=EB=A9=B4=20=EC=A7=81=EC=A0=91=20mysql?= =?UTF-8?q?=EC=97=90=20=EC=BF=BC=EB=A6=AC=EB=A1=9C=20old=5Fpassword()?= =?UTF-8?q?=EB=A5=BC=20=EA=B0=80=EC=A0=B8=EC=98=A4=EB=8F=84=EB=A1=9D=20?= =?UTF-8?q?=ED=95=98=EC=97=AC=20=EB=AC=B8=EC=A0=9C=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: http://xe-core.googlecode.com/svn/sandbox@2368 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- classes/db/DBMysql.class.php | 10 ++++++++++ classes/db/DBMysql_innodb.class.php | 10 ++++++++++ modules/member/member.controller.php | 18 ++++++++++++++++-- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/classes/db/DBMysql.class.php b/classes/db/DBMysql.class.php index 8bc7ab0e6..e1e9485d3 100644 --- a/classes/db/DBMysql.class.php +++ b/classes/db/DBMysql.class.php @@ -188,6 +188,16 @@ return $sequence; } + /** + * @brief mysql old password를 가져오는 함수 (mysql에서만 사용) + **/ + function getOldPassword($password) { + $query = sprintf("select old_password('%s') as password", $password); + $result = $this->_query($query); + $tmp = $this->_fetch($result); + return $tmp->password; + } + /** * @brief 테이블 기생성 여부 return **/ diff --git a/classes/db/DBMysql_innodb.class.php b/classes/db/DBMysql_innodb.class.php index 1acba1805..dd194c883 100644 --- a/classes/db/DBMysql_innodb.class.php +++ b/classes/db/DBMysql_innodb.class.php @@ -197,6 +197,16 @@ return $sequence; } + /** + * @brief mysql old password를 가져오는 함수 (mysql에서만 사용) + **/ + function getOldPassword($password) { + $query = sprintf("select old_password('%s') as password", $password); + $result = $this->_query($query); + $tmp = $this->_fetch($result); + return $tmp->password; + } + /** * @brief 테이블 기생성 여부 return **/ diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index eda1be4e3..f9868be45 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -873,6 +873,7 @@ // 비밀번호 검사 : 우선 md5() hash값으로 비굥 if($password && $member_info->password != md5($password)) { + // 혹시나 하여.. -_-;; mysql old_password로 검사하여 맞으면 db의 비밀번호 교체 if($this->mysql_pre4_hash_password($password) == $member_info->password) { @@ -882,9 +883,22 @@ $output = executeQuery('member.updateMemberPassword', $password_args); if(!$output->toBool()) return $output; - // md5(), mysql old_password와도 다르면 잘못된 비빌번호 오류 메세지 리턴 } else { - return new Object(-1, 'invalid_password'); + + // mysql_pre4_hash_password()함수의 결과와도 다를 경우 현재 mysql DB이용시 직접 쿼리 날림 + if(substr(Context::getDBType(),0,5)=='mysql') { + $oDB = &DB::getInstance(); + if($oDB->getOldPassword($password) == $member_info->password) { + $password_args->member_srl = $member_info->member_srl; + $password_args->password = md5($password); + $output = executeQuery('member.updateMemberPassword', $password_args); + if(!$output->toBool()) return $output; + } + + // md5(), mysql old_password와도 다르면 잘못된 비빌번호 오류 메세지 리턴 + } else { + return new Object(-1, 'invalid_password'); + } } }