#270 비밀번호 보안수준 설정 기능 추가

modules/member/lang/lang.xml

@@ -1670,6 +1670,45 @@
 		<value xml:lang="tr"><![CDATA[Şifre 6~20 karakter uzunluğunda olmalıdır]]></value>
 		<value xml:lang="vi"><![CDATA[Độ dài mật khẩu giới hạn từ 6 đến 20 kí tự.]]></value>
 	</item>
+	
+	<item name="cmd_config_password_strength">
+		<value xml:lang="ko"><![CDATA[비밀번호 보안수준]]></value>
+		<value xml:lang="en"><![CDATA[password strength]]></value>
+	</item>
+	
+	<item name="password_strength_low">
+		<value xml:lang="ko"><![CDATA[낮음]]></value>
+		<value xml:lang="en"><![CDATA[low]]></value>
+	</item>
+	<item name="password_strength_normal">
+		<value xml:lang="ko"><![CDATA[보통]]></value>
+		<value xml:lang="en"><![CDATA[normal]]></value>
+	</item>
+	<item name="password_strength_high">
+		<value xml:lang="ko"><![CDATA[높음]]></value>
+		<value xml:lang="en"><![CDATA[high]]></value>
+	</item>
+	
+	<item name="about_password_strength_config">
+		<value xml:lang="ko"><![CDATA[회원들이 비밀번호를 등록/변경할 때, 비밀번호가 설정된 보안수준을 만족해야 합니다. 단, 관리자가 직접 등록할 경우에는 적용되지 않습니다.]]></value>
+		<value xml:lang="en"><![CDATA[When members register or change the password, the password must meet the specified password strength. However, the administrator is an exception.]]></value>
+	</item>
+	
+	<item name="about_password_strength" type="array">
+		<item name="low">
+			<value xml:lang="ko"><![CDATA[비밀번호는 4~20자로 되어야 합니다.]]></value>
+			<value xml:lang="en"><![CDATA[the password must be at least 4]]></value>
+		</item>
+		<item name="normal">
+			<value xml:lang="ko"><![CDATA[비밀번호는 6자리 이상이고, 영문과 숫자를 반드시 포함해야 합니다.]]></value>
+			<value xml:lang="en"><![CDATA[the password must be at least 6, and must have at least one alpha character and numeric characters]]></value>
+		</item>
+		<item name="high">
+			<value xml:lang="ko"><![CDATA[비밀번호는 8자리 이상이고 영문과 숫자, 특수문자를 반드시 포함해야 합니다.]]></value>
+			<value xml:lang="en"><![CDATA[the password must be at least 8, and must have at least one alpha character, numeric character and special character ]]></value>
+		</item>
+	</item>
+	
 	<item name="about_user_name">
 		<value xml:lang="ko"><![CDATA[이름은 2~20자 이내여야 합니다.]]></value>
 		<value xml:lang="en"><![CDATA[Name should be 2~20 letters long.]]></value>

modules/member/member.admin.controller.php

@@ -155,7 +155,8 @@ class memberAdminController extends member
 			'enable_join',
 			'enable_confirm',
 			'webmaster_name',
-			'webmaster_email'
+			'webmaster_email',
+			'password_strength'
 		);
 
 		if((!$args->webmaster_name || !$args->webmaster_email) && $args->enable_confirm == 'Y')

modules/member/member.controller.php

@@ -556,6 +556,16 @@ class memberController extends member
 		$oMemberModel = getModel('member');
 		// Get information of member_srl
 		$columnList = array('member_srl', 'password');
+		
+		// check password strength
+		$config = $oMemberModel->getMemberConfig();
+		if(!$oMemberModel->checkPasswordStrength($password, $config->password_strength))
+		{
+			$message = Context::getLang('about_password_strength');
+			return new Object(-1, $message[$config->password_strength]);
+		}
+		
+		
 		$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
 		// Verify the cuttent password
 		if(!$oMemberModel->isValidPassword($member_info->password, $current_password, $member_srl)) return new Object(-1, 'invalid_password');

modules/member/member.model.php

@@ -1036,6 +1036,34 @@ class memberModel extends member
 		return false;
 	}
 
+	
+	function checkPasswordStrength($password, $stength)
+	{
+		if($stength == NULL)
+		{
+			$config = $this->getMemberConfig();
+			$stength = $config->password_strength?$config->password_strength:'normal';
+		}
+		
+		$length = strlen($password);
+		
+		switch ($stength) {
+			case 'high':
+				if($length < 8 || !preg_match('/[^a-zA-Z0-9]/', $password)) return false;
+				/* no break */
+				
+			case 'normal':
+				if($length < 6 || !preg_match('/[a-zA-Z]/', $password) || !preg_match('/[0-9]/', $password)) return false;
+				break;
+				
+			case 'low':
+				if($length < 4) return false;
+				break; 
+		}
+		
+		return true;
+	}
+	
 	function getAdminGroupSrl($site_srl = 0)
 	{
 		$groupSrl = 0;

modules/member/ruleset/insertDefaultConfig.xml

@@ -6,5 +6,6 @@
 		<field name="enable_join" required="true" />
 		<field name="webmaster_name" required="true" length="2:40" />
 		<field name="webmaster_email" length="1:200" rule="email" />
+		<field name="password_strength" required="true" />
     </fields>
 </ruleset>

modules/member/ruleset/modifyPassword.xml

@@ -4,7 +4,7 @@
     </customrules>
     <fields>
 		<field name="current_password" required="true" length="1:50" />
-		<field name="password1" required="true" length="6:20" />
-		<field name="password2" required="true" length="6:20" equalto="password1" />
+		<field name="password1" required="true" length="4:20" />
+		<field name="password2" required="true" length="4:20" equalto="password1" />
     </fields>
 </ruleset>

modules/member/skins/default/common_header.html

@@ -1,5 +1,11 @@
 <load target="css/member.css" />
 <load target="js/member.js" />
+
+<div cond="$XE_VALIDATOR_MESSAGE && isset($validator_ids[$XE_VALIDATOR_ID])" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
+	<p>{$XE_VALIDATOR_MESSAGE}</p>
+</div>
+
+
 <section class="xm">
 	<ul class="nav nav-tabs" cond="$is_logged && $logged_info->menu_list && (!$member_srl || $member_srl == $logged_info->member_srl)">
 		<li loop="$logged_info->menu_list=>$key,$val" class="active"|cond="$key==$act">

modules/member/skins/default/member_info.html

@@ -1,5 +1,8 @@
 <include target="./common_header.html" />
 <h1>{$lang->member_info}</h1>
+<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skins/default/modify_info/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
+	<p>{$XE_VALIDATOR_MESSAGE}</p>
+</div>
 <dl class="dl-horizontal">
 	<block loop="$displayDatas => $item">
 		<dt><em cond="$item->required || $item->mustRequired">*</em> {$item->title}</dt>

modules/member/skins/default/modify_password.html

@@ -1,11 +1,16 @@
 <include target="./common_header.html" />
 <h1>{$member_title = $lang->cmd_modify_member_password}</h1>
+<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skins/default/modify_info/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
+	<p>{$XE_VALIDATOR_MESSAGE}</p>
+</div>
 <form ruleset="modifyPassword" id="fo_insert_member" action="./" method="post">
 	<input type="hidden" name="module" value="member" />
 	<input type="hidden" name="act" value="procMemberModifyPassword" />
     <input type="hidden" name="mid" value="{$mid}" />
     <input type="hidden" name="document_srl" value="{$document_srl}" />
     <input type="hidden" name="page" value="{$page}" />
+    <input type="hidden" name="xe_validator_id" value="modules/member/skins/default/modify_info/1" />
+    <input type="hidden" name="success_return_url" value="{getUrl('act','dispMemberInfo')}" />
 	<div>
 		<input type="email" disabled="disabled" value="{$formValue}" id="uid" placeholder="{Context::getLang($identifier)}" title="{Context::getLang($identifier)}" />
 	</div>
@@ -13,7 +18,7 @@
 		<input type="password" name="current_password" id="cpw" required placeholder="{$lang->current_password}" title="{$lang->current_password}" />
 	</div>
 	<div>
-		<input type="password" name="password1" id="npw1" required placeholder="{$lang->password1}" title="{$lang->password1}" /> <span class="help-inline">{$lang->about_password}</span>
+		<input type="password" name="password1" id="npw1" required placeholder="{$lang->password1}" title="{$lang->password1}" /> <span class="help-inline">{$lang->about_password_strength[$member_config->password_strength]}</span>
 	</div>
 	<div>
 		<input type="password" name="password2" id="npw2" required placeholder="{$lang->password2}" title="{$lang->password2}" />

modules/member/tpl/default_config.html

@@ -20,6 +20,23 @@
 			<p class="x_help-block">{$lang->about_enable_confirm}</p>
 		</div>
 	</div>
+	<div class="x_control-group">
+		<div class="x_control-label">{$lang->enable_confirm}</div>
+		<div class="x_controls">
+			<label class="x_inline" for="enable_confirm_yes"><input type="radio" name="enable_confirm" id="enable_confirm_yes" value="Y" checked="checked"|cond="$config->enable_confirm == 'Y'" /> {$lang->cmd_yes}</label>
+			<label class="x_inline" for="enable_confirm_no"><input type="radio" name="enable_confirm" id="enable_confirm_no" value="N" checked="checked"|cond="$config->enable_confirm != 'Y'"/> {$lang->cmd_no}</label>
+			<p class="x_help-block">{$lang->about_enable_confirm}</p>
+		</div>
+	</div>
+	<div class="x_control-group">
+		<div class="x_control-label">{$lang->cmd_config_password_strength}</div>
+		<div class="x_controls">
+			<label class="x_inline" for="password_strength1"><input type="radio" name="password_strength" id="password_strength1" value="low" checked="checked"|cond="$config->password_strength == 'low'" /> {$lang->password_strength_low}({$lang->about_password_strength['low']})</label><br>
+			<label class="x_inline" for="password_strength2"><input type="radio" name="password_strength" id="password_strength2" value="normal" checked="checked"|cond="!$config->password_strength || $config->password_strength == 'normal'"/> {$lang->password_strength_normal}({$lang->about_password_strength['normal']})</label><br>
+			<label class="x_inline" for="password_strength3"><input type="radio" name="password_strength" id="password_strength3" value="high" checked="checked"|cond="$config->password_strength == 'high'"/> {$lang->password_strength_high}({$lang->about_password_strength['high']})</label><br>
+			<p class="x_help-block">{$lang->about_password_strength_config}</p>
+		</div>
+	</div>
 	<div class="x_control-group">
 		<label class="x_control-label" for="webmaster_name">{$lang->webmaster_name}</label>
 		<div class="x_controls">