From f97b67caf799674cea957562f5f2acea5b28f949 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 00:24:55 +0900 Subject: [PATCH 01/15] Create default mid for member module --- modules/member/member.class.php | 46 ++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/modules/member/member.class.php b/modules/member/member.class.php index 01f984be5..0134434c2 100644 --- a/modules/member/member.class.php +++ b/modules/member/member.class.php @@ -37,6 +37,8 @@ class Member extends ModuleObject if(!$config) { $config = MemberModel::getMemberConfig(); + $config->mid = 'member'; + $this->createMid($config->mid); $oModuleController->insertModuleConfig('member', $config); } @@ -165,7 +167,12 @@ class Member extends ModuleObject if(!$oDB->isColumnExists('member_devices', 'device_token_type')) return true; if(!$oDB->isColumnExists('member_devices', 'last_active_date')) return true; + // Check mid $config = ModuleModel::getModuleConfig('member'); + if (empty($config->mid)) + { + return true; + } // Check members with phone country in old format if ($config->phone_number_default_country && !preg_match('/^[A-Z]{3}$/', $config->phone_number_default_country)) @@ -370,6 +377,19 @@ class Member extends ModuleObject $config = ModuleModel::getModuleConfig('member') ?: new stdClass; $changed = false; + // Check mid + if (empty($config->mid)) + { + $config->mid = 'member'; + $output = $this->createMid($config->mid, $config->skin ?: 'default', $config->mskin ?: 'default'); + if (!$output->toBool()) + { + return $output; + } + $changed = true; + } + + // Check members with phone country in old format if ($config->phone_number_default_country && !preg_match('/^[A-Z]{3}$/', $config->phone_number_default_country)) { @@ -526,12 +546,32 @@ class Member extends ModuleObject } /** - * Re-generate the cache file + * Create mid * - * @return void + * @param string $mid + * @param string $skin + * @param string $mskin + * @return BaseObject */ - function recompileCache() + public function createMid($mid = 'member', $skin = 'default', $mskin = 'default') { + $module_info = \ModuleModel::getModuleInfoByMid($mid); + if ($module_info && $module_info->module === $this->module) + { + return new BaseObject(); + } + + return ModuleController::getInstance()->insertModule((object)array( + 'mid' => $mid, + 'module' => $this->module, + 'browser_title' => lang('member'), + 'description' => '', + 'layout_srl' => -1, + 'mlayout_srl' => -1, + 'skin' => $skin, + 'mskin' => $mskin, + 'use_mobile' => 'Y', + )); } /** From 3b265d5278739cf30f5531b0d46714995a0d04bb Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 00:27:42 +0900 Subject: [PATCH 02/15] Implement index action for member module --- modules/member/conf/module.xml | 13 +++++++------ modules/member/member.view.php | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml index 1b0771edd..186e98661 100644 --- a/modules/member/conf/module.xml +++ b/modules/member/conf/module.xml @@ -2,6 +2,7 @@ + @@ -31,11 +32,11 @@ - + - + @@ -70,12 +71,12 @@ - + - + @@ -88,11 +89,11 @@ - + - + diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 9a67fe07f..0e52a1f48 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -53,6 +53,21 @@ class MemberView extends Member } } + /** + * Module index + */ + public function dispMemberIndex() + { + if ($this->user->isMember()) + { + $this->setRedirectUrl(getUrl(['mid' => $this->mid, 'act' => 'dispMemberInfo'])); + } + else + { + $this->setRedirectUrl(getUrl(['mid' => $this->mid, 'act' => 'dispMemberLoginForm'])); + } + } + /** * @brief Display member information */ From 2a570e7737d2fad4e74a85f049e34abfa3c932a4 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 00:40:14 +0900 Subject: [PATCH 03/15] Redirect to member mid if member pages are accessed through a different mid --- modules/member/member.view.php | 133 +++++++++++++++++++++++++++------ 1 file changed, 112 insertions(+), 21 deletions(-) diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 0e52a1f48..f7f0465a5 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -22,29 +22,19 @@ class MemberView extends Member $oSecurity = new Security(); $oSecurity->encodeHTML('member_config.signupForm..'); + // Set the skin path $skin = $this->member_config->skin; - // Set the template path - if(!$skin) + if($skin) { - $skin = 'default'; $template_path = sprintf('%sskins/%s', $this->module_path, $skin); } else { - //check theme - $config_parse = explode('|@|', $skin); - if (count($config_parse) > 1) - { - $template_path = sprintf('./themes/%s/modules/member/', $config_parse[0]); - } - else - { - $template_path = sprintf('%sskins/%s', $this->module_path, $skin); - } + $template_path = sprintf('%sskins/%s', $this->module_path, 'default'); } - // Template path $this->setTemplatePath($template_path); + // Set the layout path $layout_info = LayoutModel::getInstance()->getLayout($this->member_config->layout_srl); if($layout_info) { @@ -53,6 +43,30 @@ class MemberView extends Member } } + /** + * Check redirect + */ + public function checkMidAndRedirect() + { + if (!$this->member_config->mid) + { + return true; + } + if (ModuleModel::getModuleInfoByMid($this->member_config->mid)->module !== $this->module) + { + return true; + } + if (isset($this->mid) && $this->mid === $this->member_config->mid) + { + return true; + } + + $vars = get_object_vars(Context::getRequestVars()); + $vars['mid'] = $this->member_config->mid; + $this->setRedirectUrl(getUrl($vars)); + return false; + } + /** * Module index */ @@ -73,9 +87,17 @@ class MemberView extends Member */ function dispMemberInfo() { - $logged_info = Context::get('logged_info'); + if (!$this->checkMidAndRedirect()) + { + return; + } + // Don't display member info to non-logged user - if(!$logged_info->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; + $logged_info = Context::get('logged_info'); + if(!$logged_info->member_srl) + { + throw new Rhymix\Framework\Exceptions\MustLogin; + } $member_srl = Context::get('member_srl'); if(!$member_srl && Context::get('is_logged')) @@ -298,6 +320,11 @@ class MemberView extends Member function dispMemberModifyInfoBefore() { + if (!$this->checkMidAndRedirect()) + { + return; + } + $logged_info = Context::get('logged_info'); if(!$logged_info->member_srl) { @@ -338,6 +365,11 @@ class MemberView extends Member return; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $_SESSION['rechecked_password_step'] = 'INPUT_DATA'; $member_config = $this->member_config; @@ -407,6 +439,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -451,6 +488,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -493,6 +535,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in if(!Context::get('is_logged')) { @@ -588,6 +635,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + // A message appears if the user is not logged-in $logged_info = Context::get('logged_info'); if(!$logged_info->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; @@ -617,6 +669,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $logged_info = Context::get('logged_info'); if (!$logged_info->member_srl) { @@ -694,8 +751,12 @@ class MemberView extends Member // A message appears if the user is not logged-in if(!$this->user->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; - $memberConfig = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } + $memberConfig = $this->member_config; $logged_info = Context::get('logged_info'); $member_srl = $logged_info->member_srl; @@ -725,8 +786,12 @@ class MemberView extends Member // A message appears if the user is not logged-in if(!$this->user->member_srl) throw new Rhymix\Framework\Exceptions\MustLogin; - $memberConfig = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } + $memberConfig = $this->member_config; $logged_info = Context::get('logged_info'); $member_srl = $logged_info->member_srl; @@ -782,9 +847,12 @@ class MemberView extends Member throw new Rhymix\Framework\Exception('already_logged'); } - $config = $this->member_config; + if (!$this->checkMidAndRedirect()) + { + return; + } - Context::set('identifier', $config->identifier); + Context::set('identifier', $this->member_config->identifier); Context::set('enable_find_account_question', 'N'); $this->setTemplateFile('find_member_account'); @@ -800,6 +868,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exception('already_logged'); } + if (!$this->checkMidAndRedirect()) + { + return; + } + $this->setTemplateFile('resend_auth_mail'); } @@ -812,6 +885,11 @@ class MemberView extends Member return; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $_SESSION['rechecked_password_step'] = 'INPUT_DATA'; $this->setTemplateFile('modify_email_address'); @@ -861,7 +939,15 @@ class MemberView extends Member **/ function dispMemberSpammer() { - if(!Context::get('is_logged')) throw new Rhymix\Framework\Exceptions\NotPermitted; + if (!Context::get('is_logged')) + { + throw new Rhymix\Framework\Exceptions\NotPermitted; + } + + if (!$this->checkMidAndRedirect()) + { + return; + } $member_srl = Context::get('member_srl'); $module_srl = Context::get('module_srl'); @@ -896,6 +982,11 @@ class MemberView extends Member throw new Rhymix\Framework\Exceptions\FeatureDisabled; } + if (!$this->checkMidAndRedirect()) + { + return; + } + $member_srl = Context::get('member_srl'); $logged_info = Context::get('logged_info'); if(!$member_srl) From 52a7d47a4936af9c8e6931dd6b00ceee18bc94bc Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 00:50:36 +0900 Subject: [PATCH 04/15] Also force communication and ncenterlite views to share member mid --- .../communication/communication.mobile.php | 8 +++ modules/communication/communication.view.php | 64 ++++++++++++++++--- modules/member/member.view.php | 11 ++-- modules/ncenterlite/ncenterlite.view.php | 43 +++++++++++-- 4 files changed, 106 insertions(+), 20 deletions(-) diff --git a/modules/communication/communication.mobile.php b/modules/communication/communication.mobile.php index dc6470fb7..288031dc0 100644 --- a/modules/communication/communication.mobile.php +++ b/modules/communication/communication.mobile.php @@ -51,6 +51,14 @@ class communicationMobile extends communicationView */ function dispCommunicationMessageBoxList() { + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $this->setTemplateFile('message_box'); } } diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php index b207812da..ec238552c 100644 --- a/modules/communication/communication.view.php +++ b/modules/communication/communication.view.php @@ -61,6 +61,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $logged_info = Context::get('logged_info'); // Set the variables @@ -177,11 +185,17 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } - $oCommunicationModel = getModel('communication'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } // get a new message $columnList = array('message_srl', 'member_srl', 'nick_name', 'title', 'content', 'sender_srl'); - $message = $oCommunicationModel->getNewMessage($columnList); + $message = CommunicationModel::getInstance()->getNewMessage($columnList); if($message) { stripEmbedTagForAdmin($message->content, $message->sender_srl); @@ -207,23 +221,33 @@ class communicationView extends communication { throw new Rhymix\Framework\Exceptions\InvalidRequest; } + + // Error appears if not logged-in + if(!Context::get('is_logged')) + { + throw new Rhymix\Framework\Exceptions\MustLogin; + } + + // Check permission if(!getModel('communication')->checkGrant($this->config->grant_send)) { throw new Rhymix\Framework\Exceptions\NotPermitted; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + // Fix missing mid (it causes errors when uploading) if(!Context::get('mid')) { Context::set('mid', Context::get('site_module_info')->mid); } - // Error appears if not logged-in - if(!Context::get('is_logged')) - { - throw new Rhymix\Framework\Exceptions\MustLogin; - } - $logged_info = Context::get('logged_info'); // get receipient's information @@ -310,6 +334,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $oCommunicationModel = getModel('communication'); // get a group list @@ -369,6 +401,14 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $logged_info = Context::get('logged_info'); $target_srl = Context::get('target_srl'); @@ -419,7 +459,13 @@ class communicationView extends communication throw new Rhymix\Framework\Exceptions\MustLogin; } - $logged_info = Context::get('logged_info'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } // change to edit mode when getting the group_srl $friend_group_srl = Context::get('friend_group_srl'); diff --git a/modules/member/member.view.php b/modules/member/member.view.php index f7f0465a5..0de830c6b 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -7,9 +7,8 @@ */ class MemberView extends Member { - var $group_list = NULL; // /< Group list information - var $member_info = NULL; // /< Member information of the user - var $skin = 'default'; + public $member_config; + public $member_info; /** * @brief Initialization @@ -48,6 +47,10 @@ class MemberView extends Member */ public function checkMidAndRedirect() { + if (!$this->member_config) + { + $this->member_config = MemberModel::getMemberConfig(); + } if (!$this->member_config->mid) { return true; @@ -56,7 +59,7 @@ class MemberView extends Member { return true; } - if (isset($this->mid) && $this->mid === $this->member_config->mid) + if (Context::get('mid') === $this->member_config->mid) { return true; } diff --git a/modules/ncenterlite/ncenterlite.view.php b/modules/ncenterlite/ncenterlite.view.php index 14d126533..43ac8eff2 100644 --- a/modules/ncenterlite/ncenterlite.view.php +++ b/modules/ncenterlite/ncenterlite.view.php @@ -4,7 +4,7 @@ class ncenterliteView extends ncenterlite { function init() { - $oNcenterliteModel = getModel('ncenterlite'); + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); $template_path = sprintf("%sskins/%s/",$this->module_path, $config->skin); if(!is_dir($template_path)||!$config->skin) @@ -28,8 +28,15 @@ class ncenterliteView extends ncenterlite function dispNcenterliteNotifyList() { - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + $oNcenterliteModel = ncenterliteModel::getInstance(); $output = $oNcenterliteModel->getMyNotifyList($this->user->member_srl, 1, null, true); Context::set('total_count', $output->page_navigation->total_count); @@ -43,7 +50,15 @@ class ncenterliteView extends ncenterlite function dispNcenterliteUserConfig() { - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); if($config->user_notify_setting != 'Y') { @@ -102,8 +117,15 @@ class ncenterliteView extends ncenterlite */ function dispNcenterliteUnsubscribeList() { - /** @var ncenterliteModel $oNcenterliteModel */ - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $config = $oNcenterliteModel->getConfig(); if($config->unsubscribe !== 'Y') @@ -147,8 +169,15 @@ class ncenterliteView extends ncenterlite $this->setLayoutPath('./common/tpl'); $this->setLayoutFile('popup_layout'); - /** @var ncenterliteModel $oNcenterliteModel */ - $oNcenterliteModel = getModel('ncenterlite'); + // Check member mid + $oMemberView = MemberView::getInstance(); + if (!$oMemberView->checkMidAndRedirect()) + { + $this->setRedirectUrl($oMemberView->getRedirectUrl()); + return; + } + + $oNcenterliteModel = ncenterliteModel::getInstance(); $target_srl = Context::get('target_srl'); $unsubscribe_srl = Context::get('unsubscribe_srl'); $unsubscribe_type = Context::get('unsubscribe_type'); From 58d4f70cbd97808da987e17765d2ef3f5b753e86 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 00:59:04 +0900 Subject: [PATCH 05/15] Add short URL to communication module pages --- modules/communication/communication.view.php | 2 ++ modules/communication/conf/module.xml | 23 ++++++++++++-------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php index ec238552c..3359f291a 100644 --- a/modules/communication/communication.view.php +++ b/modules/communication/communication.view.php @@ -235,12 +235,14 @@ class communicationView extends communication } // Check member mid + /* $oMemberView = MemberView::getInstance(); if (!$oMemberView->checkMidAndRedirect()) { $this->setRedirectUrl($oMemberView->getRedirectUrl()); return; } + */ // Fix missing mid (it causes errors when uploading) if(!Context::get('mid')) diff --git a/modules/communication/conf/module.xml b/modules/communication/conf/module.xml index 8b2688388..50c082fdc 100644 --- a/modules/communication/conf/module.xml +++ b/modules/communication/conf/module.xml @@ -2,14 +2,19 @@ - - - - - - - - + + + + + + + + + + + + + @@ -22,7 +27,7 @@ - + From db18192db31eb71b01a57a2609ee3485144c5b1d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 01:00:51 +0900 Subject: [PATCH 06/15] Add meta noindex tag to ncenterlite module pages --- modules/ncenterlite/conf/module.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/ncenterlite/conf/module.xml b/modules/ncenterlite/conf/module.xml index f495dd48b..2833951a5 100644 --- a/modules/ncenterlite/conf/module.xml +++ b/modules/ncenterlite/conf/module.xml @@ -2,19 +2,19 @@ - - - - - + + + + + - + - + @@ -23,7 +23,7 @@ - + From eee0eebff946d2baf1c24f06cabffaacaa032734 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 01:04:18 +0900 Subject: [PATCH 07/15] Fix member module skin error if USE_DEFAULT is selected --- modules/member/member.view.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 0de830c6b..1f7d50d8b 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -23,8 +23,12 @@ class MemberView extends Member // Set the skin path $skin = $this->member_config->skin; - if($skin) + if ($skin) { + if ($skin === '/USE_DEFAULT/') + { + $skin = 'default'; + } $template_path = sprintf('%sskins/%s', $this->module_path, $skin); } else From 030455025b7c3766f55219bd175b40e480ac9b9e Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 01:25:05 +0900 Subject: [PATCH 08/15] Add config entry to change member mid --- modules/member/member.admin.controller.php | 45 ++++++++++++++++++++++ modules/member/tpl/default_config.html | 10 +++++ 2 files changed, 55 insertions(+) diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php index 38fe30eb8..9333315bf 100644 --- a/modules/member/member.admin.controller.php +++ b/modules/member/member.admin.controller.php @@ -222,6 +222,7 @@ class MemberAdminController extends Member public function procMemberAdminInsertDefaultConfig() { $args = Context::gets( + 'member_mid', 'enable_join', 'enable_join_key', 'enable_confirm', @@ -239,6 +240,50 @@ class MemberAdminController extends Member 'member_profile_view' ); + // Update member mid + $config = MemberModel::getMemberConfig(); + if ($args->member_mid !== ($config->mid ?? null)) + { + if (!preg_match('/^[a-z][a-z0-9_]+$/i', $args->member_mid)) + { + return new BaseObject(-1, 'msg_limit_mid'); + } + + if ($config->mid) + { + $module_info = ModuleModel::getModuleInfoByMid($config->mid); + if (!$module_info || $module_info->module !== $this->module) + { + $module_info = null; + } + } + else + { + $module_info = null; + } + + if ($module_info) + { + $module_info->mid = $args->member_mid; + $output = ModuleController::getInstance()->updateModule($module_info); + } + else + { + $output = $this->createMid($args->member_mid, $config->skin ?: 'default', $config->mskin ?: 'default'); + } + + if ($output->toBool()) + { + $args->mid = $args->member_mid; + unset($args->member_mid); + } + else + { + return $output; + } + } + + // Update join key if ($args->enable_join === 'KEY') { $args->enable_join = 'N'; diff --git a/modules/member/tpl/default_config.html b/modules/member/tpl/default_config.html index fea433922..79e327e74 100644 --- a/modules/member/tpl/default_config.html +++ b/modules/member/tpl/default_config.html @@ -5,6 +5,16 @@ +
+ +
+ + {$site_module_info->domain}{\RX_BASEURL}index.php?mid= + + +

{$lang->about_mid}

+
+
{$lang->enable_join}
From 80fa953eb193adb92728621dba76cba14f6fcb85 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 01:29:44 +0900 Subject: [PATCH 09/15] Fix undefined property in member info --- common/framework/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/framework/Session.php b/common/framework/Session.php index bfde89a85..be51d52e2 100644 --- a/common/framework/Session.php +++ b/common/framework/Session.php @@ -722,12 +722,12 @@ class Session // Check member information to see if denied or limited. $member_info = \MemberModel::getMemberInfo($member_srl); - if ($member_info->denied === 'Y') + if (!empty($member_info->denied) && $member_info->denied === 'Y') { trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (denied)', \E_USER_WARNING); return false; } - if ($member_info->limit_date && substr($member_info->limit_date, 0, 8) >= date('Ymd')) + if (!empty($member_info->limit_date) && substr($member_info->limit_date, 0, 8) >= date('Ymd')) { trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (limited)', \E_USER_WARNING); return false; From 1af9d5999c1a06b9cd076796b48e24f547700807 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 02:14:46 +0900 Subject: [PATCH 10/15] Add option to force all member pages to use the member mid --- modules/member/lang/en.php | 25 +++++++++++----------- modules/member/lang/ko.php | 1 + modules/member/member.admin.controller.php | 3 +++ modules/member/member.class.php | 1 + modules/member/member.view.php | 2 +- modules/member/tpl/default_config.html | 7 +++++- 6 files changed, 25 insertions(+), 14 deletions(-) diff --git a/modules/member/lang/en.php b/modules/member/lang/en.php index adc090de1..8496234ce 100644 --- a/modules/member/lang/en.php +++ b/modules/member/lang/en.php @@ -51,6 +51,7 @@ $lang->group_image_mark = 'Group image mark'; $lang->group_image_mark_max_width = 'Max Width'; $lang->group_image_mark_max_height = 'Max Height'; $lang->signature_max_height = 'Max Signature Height'; +$lang->cmd_force_member_mid = 'Force'; $lang->enable_join = 'Accept New Members'; $lang->enable_join_only_with_url_key = 'Only with valid URL key'; $lang->enable_join_url_key = 'URL Key'; @@ -147,7 +148,7 @@ $lang->cmd_send_email = 'Send Mail'; $lang->cmd_modify_nickname_log = 'Nickname Change Log'; $lang->cmd_nickname_symbols = 'Allow Symbols in Nickname'; $lang->cmd_nickname_symbols_list = 'Only Allow:'; -$lang->cmd_member_profile_view = 'Show member profile picture'; +$lang->cmd_member_profile_view = 'Show member profile picture'; $lang->cmd_allow_duplicate_nickname = 'Allow Duplicate Nicknames'; $lang->about_allow_duplicate_nickname = 'Allow more than one member to use the same nickname.'; $lang->msg_special_code_incorrect_format = 'The verification code should be a 6-digit number.'; @@ -163,14 +164,14 @@ $lang->msg_find_account_title = 'Account Info'; $lang->msg_find_account_info = 'This is requested account info.'; $lang->msg_find_account_comment = 'Your password will be changed to the one above if you click the link below.
Please change the password again as soon as possible after you are able to log in.
Your password will remain unchanged until you click the link below.'; $lang->msg_confirm_account_title = 'Rhymix Account Activation'; -$lang->title_modify_email_address = 'This letter is sent for a confirmation of the changing e-mail address.'; +$lang->title_modify_email_address = 'This letter is sent for a confirmation of the changing e-mail address.'; $lang->msg_confirm_account_info = 'This is your account information:'; $lang->msg_confirm_account_comment = 'Click on the following link to complete your account activation.'; -$lang->msg_confirm_email_address_change = 'The email address will be modified to %s after clicking below.'; +$lang->msg_confirm_email_address_change = 'The email address will be modified to %s after clicking below.'; $lang->msg_auth_mail_sent = 'The activation mail has been sent to %s. Please check your mail.'; $lang->msg_confirm_mail_sent = 'We have just sent the activation email to %s. Please check your mail.'; -$lang->msg_change_mail_sent = 'The letter was sent to %s for the changing email address. Please, check your email.'; -$lang->msg_invalid_modify_email_auth_key = 'Invalid request for changing the email address.
Please, request again or contact the website administrator.'; +$lang->msg_change_mail_sent = 'The letter was sent to %s for the changing email address. Please, check your email.'; +$lang->msg_invalid_modify_email_auth_key = 'Invalid request for changing the email address.
Please, request again or contact the website administrator.'; $lang->msg_invalid_auth_key = 'This is an invalid request of verification.
Please retry finding account info or contact the administrator.'; $lang->msg_expired_auth_key = 'Your verification link has expired. Please request a new verification email.'; $lang->msg_success_authed = 'Please use the password you received in the email to log in, and change it to a password of your choice as soon as possible.'; @@ -266,10 +267,10 @@ $lang->about_member_default = 'It will be set as the default group on sign up'; $lang->about_find_member_account = 'Please input the email address you have entered during the registration and we will send your account info to this email address.'; $lang->about_ssl_port = 'Please enter if you are using non-default SSL port'; $lang->about_resend_auth_mail = 'You can request the activation email again if you have not received it.'; -$lang->about_reset_auth_mail_submit = 'If you use the address as an identifier, a new email address would be required for the login.'; -$lang->about_update_nickname_log = 'Record the nickname change history. If you use this option, you can see the nickname changing history.'; -$lang->about_nickname_symbols = 'Allow or prohibit the use of special characters in nicknames.'; -$lang->about_member_profile_view = 'Option to view the member\'s profile image on the admin member list page. Select No if you do not want to see your profile picture in the member panel.'; +$lang->about_reset_auth_mail_submit = 'If you use the address as an identifier, a new email address would be required for the login.'; +$lang->about_update_nickname_log = 'Record the nickname change history. If you use this option, you can see the nickname changing history.'; +$lang->about_nickname_symbols = 'Allow or prohibit the use of special characters in nicknames.'; +$lang->about_member_profile_view = 'Option to view the member\'s profile image on the admin member list page. Select No if you do not want to see your profile picture in the member panel.'; $lang->no_article = 'No articles'; $lang->find_account_question = 'Question for a temporary password.'; $lang->find_account_answer = 'Answer for a temporary password.'; @@ -354,7 +355,7 @@ $lang->msg_groups_exist = 'groups exist.'; $lang->cmd_member_config = 'Member Configuration'; $lang->cmd_member_sync = 'Sync member information'; $lang->about_member_sync = 'Synchronize member information and post/comment information. This can take a long time if you have a lot of data. If there are many users, be sure to stop the service before proceeding.'; -$lang->msg_success_modify_email_address = 'Your email address has been successfully changed. You can log in with the changed email address.'; +$lang->msg_success_modify_email_address = 'Your email address has been successfully changed. You can log in with the changed email address.'; $lang->group = 'Group'; $lang->retrieve_password = 'Retrieve password'; @@ -371,7 +372,7 @@ $lang->btn_spammer_delete_all = 'Delete all'; $lang->spammer_move_to_trash = 'Move to trash'; $lang->msg_spammer_complete = 'Completed.'; $lang->nick_name_before_changing = 'Old nickname'; -$lang->nick_name_after_changing = 'New nickname'; +$lang->nick_name_after_changing = 'New nickname'; $lang->cmd_login_browser_info = 'Browser Information'; $lang->cmd_login_device_info = 'Device Information'; @@ -384,4 +385,4 @@ $lang->scrap_folder_create = 'New Folder'; $lang->scrap_folder_rename = 'Rename'; $lang->scrap_folder_delete = 'Delete'; $lang->member_unauthenticated = 'Unauthenticated'; -$lang->member_number = 'Member identification number'; +$lang->member_number = 'Member identification number'; diff --git a/modules/member/lang/ko.php b/modules/member/lang/ko.php index 2e4c51451..65ce4bb53 100644 --- a/modules/member/lang/ko.php +++ b/modules/member/lang/ko.php @@ -51,6 +51,7 @@ $lang->group_image_mark = '그룹 이미지 마크'; $lang->group_image_mark_max_width = '가로 제한 길이'; $lang->group_image_mark_max_height = '세로 제한 길이'; $lang->signature_max_height = '서명 높이 제한'; +$lang->cmd_force_member_mid = '강제 적용'; $lang->enable_join = '회원 가입 허가'; $lang->enable_join_only_with_url_key = 'URL 키가 일치하는 경우에만 허가'; $lang->enable_join_url_key = 'URL 키'; diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php index 9333315bf..c15b25ab6 100644 --- a/modules/member/member.admin.controller.php +++ b/modules/member/member.admin.controller.php @@ -223,6 +223,7 @@ class MemberAdminController extends Member { $args = Context::gets( 'member_mid', + 'force_mid', 'enable_join', 'enable_join_key', 'enable_confirm', @@ -283,6 +284,8 @@ class MemberAdminController extends Member } } + $args->force_mid = ($args->force_mid === 'Y'); + // Update join key if ($args->enable_join === 'KEY') { diff --git a/modules/member/member.class.php b/modules/member/member.class.php index 0134434c2..f590cdea5 100644 --- a/modules/member/member.class.php +++ b/modules/member/member.class.php @@ -38,6 +38,7 @@ class Member extends ModuleObject { $config = MemberModel::getMemberConfig(); $config->mid = 'member'; + $config->force_mid = true; $this->createMid($config->mid); $oModuleController->insertModuleConfig('member', $config); } diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 1f7d50d8b..048422a8d 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -55,7 +55,7 @@ class MemberView extends Member { $this->member_config = MemberModel::getMemberConfig(); } - if (!$this->member_config->mid) + if (!$this->member_config->mid || !$this->member_config->force_mid) { return true; } diff --git a/modules/member/tpl/default_config.html b/modules/member/tpl/default_config.html index 79e327e74..9b33f4d18 100644 --- a/modules/member/tpl/default_config.html +++ b/modules/member/tpl/default_config.html @@ -12,7 +12,12 @@ {$site_module_info->domain}{\RX_BASEURL}index.php?mid= -

{$lang->about_mid}

+   + +

{$lang->about_mid}

From e44611973b8a04352e6db426d51e692719084cca Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 10:16:22 +0900 Subject: [PATCH 11/15] Change redirect URL to getNotEncodedUrl() --- modules/member/member.view.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/member/member.view.php b/modules/member/member.view.php index 048422a8d..a6b101cd7 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -70,7 +70,7 @@ class MemberView extends Member $vars = get_object_vars(Context::getRequestVars()); $vars['mid'] = $this->member_config->mid; - $this->setRedirectUrl(getUrl($vars)); + $this->setRedirectUrl(getNotEncodedUrl($vars)); return false; } From 75e0674b6f0b63c2aa9e1a39ce632a72081e0e9d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 10:19:27 +0900 Subject: [PATCH 12/15] Remove duplicate empty line --- modules/member/member.class.php | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/member/member.class.php b/modules/member/member.class.php index f590cdea5..b8f83e64a 100644 --- a/modules/member/member.class.php +++ b/modules/member/member.class.php @@ -390,7 +390,6 @@ class Member extends ModuleObject $changed = true; } - // Check members with phone country in old format if ($config->phone_number_default_country && !preg_match('/^[A-Z]{3}$/', $config->phone_number_default_country)) { From a9b3d99cf27c6dfaeb61169dc8912fa82ca4f3d0 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 10:26:17 +0900 Subject: [PATCH 13/15] Use mid instead of module in message send popup --- modules/communication/communication.view.php | 2 -- modules/communication/skins/default/js/communication.js | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/communication/communication.view.php b/modules/communication/communication.view.php index 3359f291a..ec238552c 100644 --- a/modules/communication/communication.view.php +++ b/modules/communication/communication.view.php @@ -235,14 +235,12 @@ class communicationView extends communication } // Check member mid - /* $oMemberView = MemberView::getInstance(); if (!$oMemberView->checkMidAndRedirect()) { $this->setRedirectUrl($oMemberView->getRedirectUrl()); return; } - */ // Fix missing mid (it causes errors when uploading) if(!Context::get('mid')) diff --git a/modules/communication/skins/default/js/communication.js b/modules/communication/skins/default/js/communication.js index a80f07253..289efc86a 100644 --- a/modules/communication/skins/default/js/communication.js +++ b/modules/communication/skins/default/js/communication.js @@ -6,7 +6,7 @@ function completeSendMessage(ret_obj) { function doSendMessage(member_srl, message_srl) { if(typeof(message_srl)=='undefined') message_srl = 0; - var url = request_uri.setQuery('module','communication').setQuery('act','dispCommunicationSendMessage').setQuery('receiver_srl',member_srl).setQuery('message_srl',message_srl); + var url = request_uri.setQuery('mid',current_mid).setQuery('act','dispCommunicationSendMessage').setQuery('receiver_srl',member_srl).setQuery('message_srl',message_srl); popopen(url, 'sendMessage'); } From b2bc724715a6f60c6a9aaa2f57e868b17db88ebb Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 20:32:03 +0900 Subject: [PATCH 14/15] Fix referer URL handling to account for member mid redirect --- modules/member/member.controller.php | 26 +++--- modules/member/member.view.php | 87 ++++++++++++++----- modules/member/skins/default/signup_form.html | 2 +- 3 files changed, 80 insertions(+), 35 deletions(-) diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index a2227186e..290d911ef 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -867,25 +867,27 @@ class MemberController extends Member // Call a trigger (after) ModuleHandler::triggerCall('member.procMemberInsert', 'after', $config); - if($config->redirect_url) + self::clearMemberCache($args->member_srl); + + // Redirect + if ($config->redirect_url) { $returnUrl = $config->redirect_url; } + elseif (Context::get('success_return_url')) + { + $returnUrl = Context::get('success_return_url'); + } + elseif (isset($_SESSION['member_auth_referer'])) + { + $returnUrl = $_SESSION['member_auth_referer']; + unset($_SESSION['member_auth_referer']); + } else { - if(Context::get('success_return_url')) - { - $returnUrl = Context::get('success_return_url'); - } - else if($_COOKIE['XE_REDIRECT_URL']) - { - $returnUrl = $_COOKIE['XE_REDIRECT_URL']; - setcookie("XE_REDIRECT_URL", '', 1); - } + $returnUrl = getNotEncodedUrl(''); } - self::clearMemberCache($args->member_srl); - $this->setRedirectUrl($returnUrl); } diff --git a/modules/member/member.view.php b/modules/member/member.view.php index a6b101cd7..87fae29c7 100644 --- a/modules/member/member.view.php +++ b/modules/member/member.view.php @@ -47,7 +47,47 @@ class MemberView extends Member } /** - * Check redirect + * Check the referer for login and signup pages. + */ + public function checkRefererUrl() + { + // Get the referer URL from Context var or HTTP header. + $referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? ''); + + // Check if the referer is an internal URL. + $is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url); + + // Check if the referer is the login or signup page, to prevent redirect loops. + if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url)) + { + $is_valid_referer = false; + } + if (preg_match('!/(login|signup)\b!', $referer_url)) + { + $is_valid_referer = false; + } + + // Store valid referer info in the session. + if ($is_valid_referer) + { + return $_SESSION['member_auth_referer'] = $referer_url; + } + elseif (isset($_SESSION['member_auth_referer'])) + { + return $_SESSION['member_auth_referer']; + } + elseif ($this->mid && !empty($this->member_config->mid) && $this->mid === $this->member_config->mid) + { + return getNotEncodedUrl(''); + } + else + { + return getNotEncodedUrl('act', ''); + } + } + + /** + * Check redirect to member mid. */ public function checkMidAndRedirect() { @@ -245,14 +285,24 @@ class MemberView extends Member */ function dispMemberSignUpForm() { - //setcookie for redirect url in case of going to member sign up - setcookie("XE_REDIRECT_URL", $_SERVER['HTTP_REFERER'], 0, '/', null, !!config('session.use_ssl_cookies')); + // Check referer URL + $referer_url = $this->checkRefererUrl(); - $member_config = $this->member_config; + // Redirect to member mid if necessary. + if (!$this->checkMidAndRedirect()) + { + return; + } + + // Return to previous screen if already logged in. + if($this->user->isMember()) + { + $this->setRedirectUrl($referer_url); + return; + } - // Get the member information if logged-in - if($this->user->member_srl) throw new Rhymix\Framework\Exception('msg_already_logged'); // call a trigger (before) + $member_config = $this->member_config; $trigger_output = ModuleHandler::triggerCall('member.dispMemberSignUpForm', 'before', $member_config); if(!$trigger_output->toBool()) return $trigger_output; @@ -710,25 +760,18 @@ class MemberView extends Member */ function dispMemberLoginForm() { - // Get referer URL - $referer_url = Context::get('referer_url') ?: ($_SERVER['HTTP_REFERER'] ?? ''); - $is_valid_referer = !empty($referer_url) && Rhymix\Framework\URL::isInternalURL($referer_url); - if (preg_match('!\b(dispMemberLoginForm|dispMemberSignUpForm|dispMemberFindAccount|dispMemberResendAuthMail|procMember)!', $referer_url)) - { - $is_valid_referer = false; - } - if (preg_match('!/(login|signup)\b!', $referer_url)) - { - $is_valid_referer = false; - } - if (!$is_valid_referer) - { - $referer_url = getNotEncodedUrl('act', ''); - } + // Check referer URL + $referer_url = $this->checkRefererUrl(); Context::set('referer_url', $referer_url); + // Redirect to member mid if necessary. + if (!$this->checkMidAndRedirect()) + { + return; + } + // Return to previous screen if already logged in. - if(Context::get('is_logged')) + if($this->user->isMember()) { $this->setRedirectUrl($referer_url); return; diff --git a/modules/member/skins/default/signup_form.html b/modules/member/skins/default/signup_form.html index ce9f6143b..e143b1303 100644 --- a/modules/member/skins/default/signup_form.html +++ b/modules/member/skins/default/signup_form.html @@ -10,7 +10,7 @@
- +
{$agreement->title} From 9682f7de5475cf0d5b91d2e03b3ab09564b85bc5 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 20 Jun 2023 20:42:31 +0900 Subject: [PATCH 15/15] Add scheme (http: or https:) to member module URL input area --- modules/member/tpl/default_config.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/member/tpl/default_config.html b/modules/member/tpl/default_config.html index 9b33f4d18..395802305 100644 --- a/modules/member/tpl/default_config.html +++ b/modules/member/tpl/default_config.html @@ -9,7 +9,7 @@
- {$site_module_info->domain}{\RX_BASEURL}index.php?mid= + {$site_module_info->security === 'always' ? 'https://' : 'http://'}{$site_module_info->domain}{\RX_BASEURL}index.php?mid=