diff --git a/common/framework/Session.php b/common/framework/Session.php index bfde89a85..be51d52e2 100644 --- a/common/framework/Session.php +++ b/common/framework/Session.php @@ -722,12 +722,12 @@ class Session // Check member information to see if denied or limited. $member_info = \MemberModel::getMemberInfo($member_srl); - if ($member_info->denied === 'Y') + if (!empty($member_info->denied) && $member_info->denied === 'Y') { trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (denied)', \E_USER_WARNING); return false; } - if ($member_info->limit_date && substr($member_info->limit_date, 0, 8) >= date('Ymd')) + if (!empty($member_info->limit_date) && substr($member_info->limit_date, 0, 8) >= date('Ymd')) { trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (limited)', \E_USER_WARNING); return false; diff --git a/modules/communication/communication.mobile.php b/modules/communication/communication.mobile.php index dc6470fb7..288031dc0 100644 --- a/modules/communication/communication.mobile.php +++ b/modules/communication/communication.mobile.php @@ -51,6 +51,14 @@ class communicationMobile extends communicationView */ function dispCommunicationMessageBoxList() { + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $this->setTemplateFile('message_box'); } } diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php index b207812da..ec238552c 100644 --- a/modules/communication/communication.view.php +++ b/modules/communication/communication.view.php @@ -61,6 +61,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $logged_info = Context::get('logged_info'); // Set the variables @@ -177,11 +185,17 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } - $oCommunicationModel = getModel('communication'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } // get a new message $columnList = array('message_srl', 'member_srl', 'nick_name', 'title', 'content', 'sender_srl'); - $message = $oCommunicationModel->getNewMessage($columnList); + $message = CommunicationModel::getInstance()->getNewMessage($columnList); if($message) { stripEmbedTagForAdmin($message->content, $message->sender_srl); @@ -207,23 +221,33 @@ class communicationView extends communication { throw new Rhymix\Framework\Exceptions\InvalidRequest; } + + // Error appears if not logged-in + if(!Context::get('is_logged')) + { + throw new Rhymix\Framework\Exceptions\MustLogin; + } + + // Check permission if(!getModel('communication')->checkGrant($this->config->grant_send)) { throw new Rhymix\Framework\Exceptions\NotPermitted; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + // Fix missing mid (it causes errors when uploading) if(!Context::get('mid')) { Context::set('mid', Context::get('site_module_info')->mid); } - // Error appears if not logged-in - if(!Context::get('is_logged')) - { - throw new Rhymix\Framework\Exceptions\MustLogin; - } - $logged_info = Context::get('logged_info'); // get receipient's information @@ -310,6 +334,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $oCommunicationModel = getModel('communication'); // get a group list @@ -369,6 +401,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $logged_info = Context::get('logged_info'); $target_srl = Context::get('target_srl'); @@ -419,7 +459,13 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } - $logged_info = Context::get('logged_info'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } // change to edit mode when getting the group_srl $friend_group_srl = Context::get('friend_group_srl'); diff --git a/modules/communication/conf/module.xml b/modules/communication/conf/module.xml index 8b2688388..50c082fdc 100644 --- a/modules/communication/conf/module.xml +++ b/modules/communication/conf/module.xml @@ -2,14 +2,19 @@ - - - - - - - - + + + + + + + + + + + + + @@ -22,7 +27,7 @@ - + diff --git a/modules/communication/skins/default/js/communication.js b/modules/communication/skins/default/js/communication.js index a80f07253..289efc86a 100644 --- a/modules/communication/skins/default/js/communication.js +++ b/modules/communication/skins/default/js/communication.js @@ -6,7 +6,7 @@ function completeSendMessage(ret_obj) { function doSendMessage(member_srl, message_srl) { if(typeof(message_srl)=='undefined') message_srl = 0; - var url = request_uri.setQuery('module','communication').setQuery('act','dispCommunicationSendMessage').setQuery('receiver_srl',member_srl).setQuery('message_srl',message_srl); + var url = request_uri.setQuery('mid',current_mid).setQuery('act','dispCommunicationSendMessage').setQuery('receiver_srl',member_srl).setQuery('message_srl',message_srl); popopen(url, 'sendMessage'); } diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml index 1b0771edd..186e98661 100644 --- a/modules/member/conf/module.xml +++ b/modules/member/conf/module.xml @@ -2,6 +2,7 @@ + @@ -31,11 +32,11 @@ - + - + @@ -70,12 +71,12 @@ - + - + @@ -88,11 +89,11 @@ - + - + diff --git a/modules/member/lang/en.php b/modules/member/lang/en.php index adc090de1..8496234ce 100644 --- a/modules/member/lang/en.php +++ b/modules/member/lang/en.php @@ -51,6 +51,7 @@ $lang->group_image_mark = 'Group image mark'; $lang->group_image_mark_max_width = 'Max Width'; $lang->group_image_mark_max_height = 'Max Height'; $lang->signature_max_height = 'Max Signature Height'; +$lang->cmd_force_member_mid = 'Force'; $lang->enable_join = 'Accept New Members'; $lang->enable_join_only_with_url_key = 'Only with valid URL key'; $lang->enable_join_url_key = 'URL Key'; @@ -147,7 +148,7 @@ $lang->cmd_send_email = 'Send Mail'; $lang->cmd_modify_nickname_log = 'Nickname Change Log'; $lang->cmd_nickname_symbols = 'Allow Symbols in Nickname'; $lang->cmd_nickname_symbols_list = 'Only Allow:'; -$lang->cmd_member_profile_view = 'Show member profile picture'; +$lang->cmd_member_profile_view = 'Show member profile picture'; $lang->cmd_allow_duplicate_nickname = 'Allow Duplicate Nicknames'; $lang->about_allow_duplicate_nickname = 'Allow more than one member to use the same nickname.'; $lang->msg_special_code_incorrect_format = 'The verification code should be a 6-digit number.'; @@ -163,14 +164,14 @@ $lang->msg_find_account_title = 'Account Info'; $lang->msg_find_account_info = 'This is requested account info.'; $lang->msg_find_account_comment = 'Your password will be changed to the one above if you click the link below.
Please change the password again as soon as possible after you are able to log in.
Your password will remain unchanged until you click the link below.'; $lang->msg_confirm_account_title = 'Rhymix Account Activation'; -$lang->title_modify_email_address = 'This letter is sent for a confirmation of the changing e-mail address.'; +$lang->title_modify_email_address = 'This letter is sent for a confirmation of the changing e-mail address.'; $lang->msg_confirm_account_info = 'This is your account information:'; $lang->msg_confirm_account_comment = 'Click on the following link to complete your account activation.'; -$lang->msg_confirm_email_address_change = 'The email address will be modified to %s after clicking below.'; +$lang->msg_confirm_email_address_change = 'The email address will be modified to %s after clicking below.'; $lang->msg_auth_mail_sent = 'The activation mail has been sent to %s. Please check your mail.'; $lang->msg_confirm_mail_sent = 'We have just sent the activation email to %s. Please check your mail.'; -$lang->msg_change_mail_sent = 'The letter was sent to %s for the changing email address. Please, check your email.'; -$lang->msg_invalid_modify_email_auth_key = 'Invalid request for changing the email address.
Please, request again or contact the website administrator.'; +$lang->msg_change_mail_sent = 'The letter was sent to %s for the changing email address. Please, check your email.'; +$lang->msg_invalid_modify_email_auth_key = 'Invalid request for changing the email address.
Please, request again or contact the website administrator.'; $lang->msg_invalid_auth_key = 'This is an invalid request of verification.
Please retry finding account info or contact the administrator.'; $lang->msg_expired_auth_key = 'Your verification link has expired. Please request a new verification email.'; $lang->msg_success_authed = 'Please use the password you received in the email to log in, and change it to a password of your choice as soon as possible.'; @@ -266,10 +267,10 @@ $lang->about_member_default = 'It will be set as the default group on sign up'; $lang->about_find_member_account = 'Please input the email address you have entered during the registration and we will send your account info to this email address.'; $lang->about_ssl_port = 'Please enter if you are using non-default SSL port'; $lang->about_resend_auth_mail = 'You can request the activation email again if you have not received it.'; -$lang->about_reset_auth_mail_submit = 'If you use the address as an identifier, a new email address would be required for the login.'; -$lang->about_update_nickname_log = 'Record the nickname change history. If you use this option, you can see the nickname changing history.'; -$lang->about_nickname_symbols = 'Allow or prohibit the use of special characters in nicknames.'; -$lang->about_member_profile_view = 'Option to view the member\'s profile image on the admin member list page. Select No if you do not want to see your profile picture in the member panel.'; +$lang->about_reset_auth_mail_submit = 'If you use the address as an identifier, a new email address would be required for the login.'; +$lang->about_update_nickname_log = 'Record the nickname change history. If you use this option, you can see the nickname changing history.'; +$lang->about_nickname_symbols = 'Allow or prohibit the use of special characters in nicknames.'; +$lang->about_member_profile_view = 'Option to view the member\'s profile image on the admin member list page. Select No if you do not want to see your profile picture in the member panel.'; $lang->no_article = 'No articles'; $lang->find_account_question = 'Question for a temporary password.'; $lang->find_account_answer = 'Answer for a temporary password.'; @@ -354,7 +355,7 @@ $lang->msg_groups_exist = 'groups exist.'; $lang->cmd_member_config = 'Member Configuration'; $lang->cmd_member_sync = 'Sync member information'; $lang->about_member_sync = 'Synchronize member information and post/comment information. This can take a long time if you have a lot of data. If there are many users, be sure to stop the service before proceeding.'; -$lang->msg_success_modify_email_address = 'Your email address has been successfully changed. You can log in with the changed email address.'; +$lang->msg_success_modify_email_address = 'Your email address has been successfully changed. You can log in with the changed email address.'; $lang->group = 'Group'; $lang->retrieve_password = 'Retrieve password'; @@ -371,7 +372,7 @@ $lang->btn_spammer_delete_all = 'Delete all'; $lang->spammer_move_to_trash = 'Move to trash'; $lang->msg_spammer_complete = 'Completed.'; $lang->nick_name_before_changing = 'Old nickname'; -$lang->nick_name_after_changing = 'New nickname'; +$lang->nick_name_after_changing = 'New nickname'; $lang->cmd_login_browser_info = 'Browser Information'; $lang->cmd_login_device_info = 'Device Information'; @@ -384,4 +385,4 @@ $lang->scrap_folder_create = 'New Folder'; $lang->scrap_folder_rename = 'Rename'; $lang->scrap_folder_delete = 'Delete'; $lang->member_unauthenticated = 'Unauthenticated'; -$lang->member_number = 'Member identification number'; +$lang->member_number = 'Member identification number'; diff --git a/modules/member/lang/ko.php b/modules/member/lang/ko.php index 2e4c51451..65ce4bb53 100644 --- a/modules/member/lang/ko.php +++ b/modules/member/lang/ko.php @@ -51,6 +51,7 @@ $lang->group_image_mark = '그룹 이미지 마크'; $lang->group_image_mark_max_width = '가로 제한 길이'; $lang->group_image_mark_max_height = '세로 제한 길이'; $lang->signature_max_height = '서명 높이 제한'; +$lang->cmd_force_member_mid = '강제 적용'; $lang->enable_join = '회원 가입 허가'; $lang->enable_join_only_with_url_key = 'URL 키가 일치하는 경우에만 허가'; $lang->enable_join_url_key = 'URL 키'; diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php index 38fe30eb8..c15b25ab6 100644 --- a/modules/member/member.admin.controller.php +++ b/modules/member/member.admin.controller.php @@ -222,6 +222,8 @@ class MemberAdminController extends Member public function procMemberAdminInsertDefaultConfig() { $args = Context::gets( + 'member_mid', + 'force_mid', 'enable_join', 'enable_join_key', 'enable_confirm', @@ -239,6 +241,52 @@ class MemberAdminController extends Member 'member_profile_view' ); + // Update member mid + $config = MemberModel::getMemberConfig(); + if ($args->member_mid !== ($config->mid ?? null)) + { + if (!preg_match('/^[a-z][a-z0-9_]+$/i', $args->member_mid)) + { + return new BaseObject(-1, 'msg_limit_mid'); + } + + if ($config->mid) + { + $module_info = ModuleModel::getModuleInfoByMid($config->mid); + if (!$module_info || $module_info->module !== $this->module) + { + $module_info = null; + } + } + else + { + $module_info = null; + } + + if ($module_info) + { + $module_info->mid = $args->member_mid; + $output = ModuleController::getInstance()->updateModule($module_info); + } + else + { + $output = $this->createMid($args->member_mid, $config->skin ?: 'default', $config->mskin ?: 'default'); + } + + if ($output->toBool()) + { + $args->mid = $args->member_mid; + unset($args->member_mid); + } + else + { + return $output; + } + } + + $args->force_mid = ($args->force_mid === 'Y'); + + // Update join key if ($args->enable_join === 'KEY') { $args->enable_join = 'N'; diff --git a/modules/member/member.class.php b/modules/member/member.class.php index 01f984be5..b8f83e64a 100644 --- a/modules/member/member.class.php +++ b/modules/member/member.class.php @@ -37,6 +37,9 @@ class Member extends ModuleObject if(!$config) { $config = MemberModel::getMemberConfig(); + $config->mid = 'member'; + $config->force_mid = true; + $this->createMid($config->mid); $oModuleController->insertModuleConfig('member', $config); } @@ -165,7 +168,12 @@ class Member extends ModuleObject if(!$oDB->isColumnExists('member_devices', 'device_token_type')) return true; if(!$oDB->isColumnExists('member_devices', 'last_active_date')) return true; + // Check mid $config = ModuleModel::getModuleConfig('member'); + if (empty($config->mid)) + { + return true; + } // Check members with phone country in old format if ($config->phone_number_default_country && !preg_match('/^[A-Z]{3}$/', $config->phone_number_default_country)) @@ -370,6 +378,18 @@ class Member extends ModuleObject $config = ModuleModel::getModuleConfig('member') ?: new stdClass; $changed = false; + // Check mid + if (empty($config->mid)) + { + $config->mid = 'member'; + $output = $this->createMid($config->mid, $config->skin ?: 'default', $config->mskin ?: 'default'); + if (!$output->toBool()) + { + return $output; + } + $changed = true; + } + // Check members with phone country in old format if ($config->phone_number_default_country && !preg_match('/^[A-Z]{3}$/', $config->phone_number_default_country)) { @@ -526,12 +546,32 @@ class Member extends ModuleObject } /** - * Re-generate the cache file + * Create mid * - * @return void + * @param string $mid + * @param string $skin + * @param string $mskin + * @return BaseObject */ - function recompileCache() + public function createMid($mid = 'member', $skin = 'default', $mskin = 'default') { + $module_info = \ModuleModel::getModuleInfoByMid($mid); + if ($module_info && $module_info->module === $this->module) + { + return new BaseObject(); + } + + return ModuleController::getInstance()->insertModule((object)array( + 'mid' => $mid, + 'module' => $this->module, + 'browser_title' => lang('member'), + 'description' => '', + 'layout_srl' => -1, + 'mlayout_srl' => -1, + 'skin' => $skin, + 'mskin' => $mskin, + 'use_mobile' => 'Y', + )); } /** diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index a2227186e..290d911ef 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -867,25 +867,27 @@ class MemberController extends Member // Call a trigger (after) ModuleHandler::triggerCall('member.procMemberInsert', 'after', $config); - if($config->redirect_url) + self::clearMemberCache($args->member_srl); + + // Redirect + if ($config->redirect_url) { $returnUrl = $config->redirect_url; } + elseif (Context::get('success_return_url')) + { + $returnUrl = Context::get('success_return_url'); + } + elseif (isset($_SESSION['member_auth_referer'])) + { + $returnUrl = $_SESSION['member_auth_referer']; + unset($_SESSION['member_auth_referer']); + } else { - if(Context::get('success_return_url')) - { - $returnUrl = Context::get('success_return_url'); - } - else if($_COOKIE['XE_REDIRECT_URL']) - { - $returnUrl = $_COOKIE['XE_REDIRECT_URL']; - setcookie("XE_REDIRECT_URL", '', 1); - } + $returnUrl = getNotEncodedUrl(''); } - self::clearMemberCache($args->member_srl); - $this->setRedirectUrl($returnUrl); } diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 9a67fe07f..87fae29c7 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -7,9 +7,8 @@ */ class MemberView extends Member { - var $group_list = NULL; // /< Group list information - var $member_info = NULL; // /< Member information of the user - var $skin = 'default'; + public $member_config; + public $member_info; /** * @brief Initialization @@ -22,29 +21,23 @@ class MemberView extends Member $oSecurity = new Security(); $oSecurity->encodeHTML('member_config.signupForm..'); + // Set the skin path $skin = $this->member_config->skin; - // Set the template path - if(!$skin) + if ($skin) { - $skin = 'default'; + if ($skin === '/USE_DEFAULT/') + { + $skin = 'default'; + } $template_path = sprintf('%sskins/%s', $this->module_path, $skin); } else { - //check theme - $config_parse = explode('|@|', $skin); - if (count($config_parse) > 1) - { - $template_path = sprintf('./themes/%s/modules/member/', $config_parse[0]); - } - else - { - $template_path = sprintf('%sskins/%s', $this->module_path, $skin); - } + $template_path = sprintf('%sskins/%s', $this->module_path, 'default'); } - // Template path $this->setTemplatePath($template_path); + // Set the layout path $layout_info = LayoutModel::getInstance()->getLayout($this->member_config->layout_srl); if($layout_info) { @@ -53,14 +46,105 @@ class MemberView extends Member } } + /** + * Check the referer for login and signup pages. + */ + public function checkRefererUrl() + { + // Get the referer URL from Context var or HTTP header. + $referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? ''); + + // Check if the referer is an internal URL. + $is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url); + + // Check if the referer is the login or signup page, to prevent redirect loops. + if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url)) + { + $is_valid_referer = false; + } + if (preg_match('!/(login|signup)\b!', $referer_url)) + { + $is_valid_referer = false; + } + + // Store valid referer info in the session. + if ($is_valid_referer) + { + return $_SESSION['member_auth_referer'] = $referer_url; + } + elseif (isset($_SESSION['member_auth_referer'])) + { + return $_SESSION['member_auth_referer']; + } + elseif ($this->mid && !empty($this->member_config->mid) && $this->mid === $this->member_config->mid) + { + return getNotEncodedUrl(''); + } + else + { + return getNotEncodedUrl('act', ''); + } + } + + /** + * Check redirect to member mid. + */ + public function checkMidAndRedirect() + { + if (!$this->member_config) + { + $this->member_config = MemberModel::getMemberConfig(); + } + if (!$this->member_config->mid || !$this->member_config->force_mid) + { + return true; + } + if (ModuleModel::getModuleInfoByMid($this->member_config->mid)->module !== $this->module) + { + return true; + } + if (Context::get('mid') === $this->member_config->mid) + { + return true; + } + + $vars = get_object_vars(Context::getRequestVars()); + $vars['mid'] = $this->member_config->mid; + $this->setRedirectUrl(getNotEncodedUrl($vars)); + return false; + } + + /** + * Module index + */ + public function dispMemberIndex() + { + if ($this->user->isMember()) + { + $this->setRedirectUrl(getUrl(['mid' => $this->mid, 'act' => 'dispMemberInfo'])); + } + else + { + $this->setRedirectUrl(getUrl(['mid' => $this->mid, 'act' => 'dispMemberLoginForm'])); + } + } + /** * @brief Display member information */ function dispMemberInfo() { - $logged_info = Context::get('logged_info'); + if (!$this->checkMidAndRedirect()) + { + return; + } + // Don't display member info to non-logged user - if(!$logged_info->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; + $logged_info = Context::get('logged_info'); + if(!$logged_info->member_srl) + { + throw new Rhymix\Framework\Exceptions\MustLogin; + } $member_srl = Context::get('member_srl'); if(!$member_srl && Context::get('is_logged')) @@ -201,14 +285,24 @@ class MemberView extends Member */ function dispMemberSignUpForm() { - //setcookie for redirect url in case of going to member sign up - setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies')); + // Check referer URL + $referer_url = $this->checkRefererUrl(); - $member_config = $this->member_config; + // Redirect to member mid if necessary. + if (!$this->checkMidAndRedirect()) + { + return; + } + + // Return to previous screen if already logged in. + if($this->user->isMember()) + { + $this->setRedirectUrl($referer_url); + return; + } - // Get the member information if logged-in - if($this->user->member_srl) throw new Rhymix\Framework\Exception('msg_already_logged'); // call a trigger (before) + $member_config = $this->member_config; $trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config); if(!$trigger_output->toBool()) return $trigger_output; @@ -283,6 +377,11 @@ class MemberView extends Member function dispMemberModifyInfoBefore() { + if (!$this->checkMidAndRedirect()) + { + return; + } + $logged_info = Context::get('logged_info'); if(!$logged_info->member_srl) { @@ -323,6 +422,11 @@ class MemberView extends Member return; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $_SESSION['rechecked_password_step'] = 'INPUT_DATA'; $member_config = $this->member_config; @@ -392,6 +496,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -436,6 +545,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -478,6 +592,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -573,6 +692,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in $logged_info = Context::get('logged_info'); if(!$logged_info->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; @@ -602,6 +726,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $logged_info = Context::get('logged_info'); if (!$logged_info->member_srl) { @@ -631,25 +760,18 @@ class MemberView extends Member */ function dispMemberLoginForm() { - // Get referer URL - $referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? ''); - $is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url); - if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url)) - { - $is_valid_referer = false; - } - if (preg_match('!/(login|signup)\b!', $referer_url)) - { - $is_valid_referer = false; - } - if (!$is_valid_referer) - { - $referer_url = getNotEncodedUrl('act', ''); - } + // Check referer URL + $referer_url = $this->checkRefererUrl(); Context::set('referer_url', $referer_url); + // Redirect to member mid if necessary. + if (!$this->checkMidAndRedirect()) + { + return; + } + // Return to previous screen if already logged in. - if(Context::get('is_logged')) + if($this->user->isMember()) { $this->setRedirectUrl($referer_url); return; @@ -679,8 +801,12 @@ class MemberView extends Member // A message appears if the user is not logged-in if(!$this->user->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; - $memberConfig = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } + $memberConfig = $this->member_config; $logged_info = Context::get('logged_info'); $member_srl = $logged_info->member_srl; @@ -710,8 +836,12 @@ class MemberView extends Member // A message appears if the user is not logged-in if(!$this->user->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; - $memberConfig = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } + $memberConfig = $this->member_config; $logged_info = Context::get('logged_info'); $member_srl = $logged_info->member_srl; @@ -767,9 +897,12 @@ class MemberView extends Member throw new Rhymix\Framework\Exception('already_logged'); } - $config = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } - Context::set('identifier', $config->identifier); + Context::set('identifier', $this->member_config->identifier); Context::set('enable_find_account_question', 'N'); $this->setTemplateFile('find_member_account'); @@ -785,6 +918,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exception('already_logged'); } + if (!$this->checkMidAndRedirect()) + { + return; + } + $this->setTemplateFile('resend_auth_mail'); } @@ -797,6 +935,11 @@ class MemberView extends Member return; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $_SESSION['rechecked_password_step'] = 'INPUT_DATA'; $this->setTemplateFile('modify_email_address'); @@ -846,7 +989,15 @@ class MemberView extends Member **/ function dispMemberSpammer() { - if(!Context::get('is_logged')) throw new Rhymix\Framework\Exceptions\NotPermitted; + if (!Context::get('is_logged')) + { + throw new Rhymix\Framework\Exceptions\NotPermitted; + } + + if (!$this->checkMidAndRedirect()) + { + return; + } $member_srl = Context::get('member_srl'); $module_srl = Context::get('module_srl'); @@ -881,6 +1032,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $member_srl = Context::get('member_srl'); $logged_info = Context::get('logged_info'); if(!$member_srl) diff --git a/modules/member/skins/default/signup_form.html b/modules/member/skins/default/signup_form.html index ce9f6143b..e143b1303 100644 --- a/modules/member/skins/default/signup_form.html +++ b/modules/member/skins/default/signup_form.html @@ -10,7 +10,7 @@
- +
{$agreement->title} diff --git a/modules/member/tpl/default_config.html b/modules/member/tpl/default_config.html index fea433922..395802305 100644 --- a/modules/member/tpl/default_config.html +++ b/modules/member/tpl/default_config.html @@ -5,6 +5,21 @@ +
+ +
+ + {$site_module_info->security === 'always' ? 'https://' : 'http://'}{$site_module_info->domain}{\RX_BASEURL}index.php?mid= + + +   + +

{$lang->about_mid}

+
+
{$lang->enable_join}
diff --git a/modules/ncenterlite/conf/module.xml b/modules/ncenterlite/conf/module.xml index f495dd48b..2833951a5 100644 --- a/modules/ncenterlite/conf/module.xml +++ b/modules/ncenterlite/conf/module.xml @@ -2,19 +2,19 @@ - - - - - + + + + + - + - + @@ -23,7 +23,7 @@ - + diff --git a/modules/ncenterlite/ncenterlite.view.php b/modules/ncenterlite/ncenterlite.view.php index 14d126533..43ac8eff2 100644 --- a/modules/ncenterlite/ncenterlite.view.php +++ b/modules/ncenterlite/ncenterlite.view.php @@ -4,7 +4,7 @@ class ncenterliteView extends ncenterlite { function init() { - $oNcenterliteModel = getModel('ncenterlite'); + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); $template_path = sprintf("%sskins/%s/",$this->module_path, $config->skin); if(!is_dir($template_path)||!$config->skin) @@ -28,8 +28,15 @@ class ncenterliteView extends ncenterlite function dispNcenterliteNotifyList() { - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $oNcenterliteModel = ncenterliteModel::getInstance(); $output = $oNcenterliteModel->getMyNotifyList($this->user->member_srl, 1, null, true); Context::set('total_count', $output->page_navigation->total_count); @@ -43,7 +50,15 @@ class ncenterliteView extends ncenterlite function dispNcenterliteUserConfig() { - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); if($config->user_notify_setting != 'Y') { @@ -102,8 +117,15 @@ class ncenterliteView extends ncenterlite */ function dispNcenterliteUnsubscribeList() { - /** @var ncenterliteModel $oNcenterliteModel */ - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); if($config->unsubscribe !== 'Y') @@ -147,8 +169,15 @@ class ncenterliteView extends ncenterlite $this->setLayoutPath('./common/tpl'); $this->setLayoutFile('popup_layout'); - /** @var ncenterliteModel $oNcenterliteModel */ - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $target_srl = Context::get('target_srl'); $unsubscribe_srl = Context::get('unsubscribe_srl'); $unsubscribe_type = Context::get('unsubscribe_type');