- 저장된 답변 내용의 암호화 적용

- 기존에 입력된 유지되며, 새로 입력/수정되는 항목에만 적용 함

modules/member/member.admin.controller.php

@@ -552,8 +552,8 @@ class memberAdminController extends member
 				}
 				else if($formInfo->name == 'find_account_question')
 				{
-					$fields[] = '<field name="find_account_question" required="true" />';
-					$fields[] = '<field name="find_account_answer" required="true" length=":250" />';
+					$fields[] = '<field name="find_account_question"><if test="$modify_find_account_answer" attr="required" value="true" /></field>';
+					$fields[] = '<field name="find_account_answer" length=":250"><if test="$modify_find_account_answer" attr="required" value="true" /></field>';
 				}
 				else if($formInfo->name == 'email_address')
 				{

modules/member/member.admin.view.php

@@ -342,7 +342,7 @@ class memberAdminView extends member
 		if (!is_array($memberInfo['group_list'])) $memberInfo['group_list'] = array();
 		Context::set('memberInfo', $memberInfo);
 
-		$disableColumns = array('password', 'find_account_question');
+		$disableColumns = array('password', 'find_account_question', 'find_account_answer');
 		Context::set('disableColumns', $disableColumns);
 
 		$security = new Security();
@@ -374,9 +374,12 @@ class memberAdminView extends member
 		{
 			$member_info = new stdClass;
 		}
+
+		unset($memberInfo->find_account_question);
+		unset($memberInfo->find_account_answer);
+		$formTags = $this->_getMemberInputTag($memberInfo, true);
+
 		Context::set('member_info', $member_info);
-		
-		$formTags = $this->_getMemberInputTag($member_info, true);
 		Context::set('formTags', $formTags);
 		
 		// Editor of the module set for signing by calling getEditor
@@ -423,6 +426,7 @@ class memberAdminView extends member
 	 */
 	function _getMemberInputTag($memberInfo = null, $isAdmin = false)
 	{
+		$logged_info = Context::get('logged_info');
 		$oMemberModel = getModel('member');
 		$extend_form_list = $oMemberModel->getCombineJoinForm($memberInfo);
 		$security = new Security($extend_form_list);
@@ -443,13 +447,25 @@ class memberAdminView extends member
 			$member_config = $this->memberConfig = $oMemberModel->getMemberConfig();
 		}
 
+		unset($member_config->signupForm->find_account_question);
+		unset($member_config->signupForm->find_account_answer);
+
 		$formTags = array();
 		global $lang;
 
 		foreach($member_config->signupForm as $no=>$formInfo)
 		{
 			if(!$formInfo->isUse)continue;
+
+			// 회원 본인이 아닌 경우 입력 폼 제거
+			if($formInfo->name == 'find_account_question' && $memberInfo['member_srl'] !== $logged_info->member_srl)
+			{
+				unset($member_config->signupForm[$no]);
+				continue;
+			}
+
 			if($formInfo->name == $member_config->identifier || $formInfo->name == 'password') continue;
+
 			$formTag = new stdClass();
 			$inputTag = '';
 			$formTag->title = ($formInfo->isDefaultForm) ? $lang->{$formInfo->name} : $formInfo->title;
@@ -517,8 +533,10 @@ class memberAdminView extends member
 					}
 					else if($formInfo->name == 'find_account_question')
 					{
+						$disabled = (!!$memberInfo['member_srl']) ? 'disabled="disabled"' : '';
+
 						$formTag->type = 'select';
-						$inputTag = '<select name="find_account_question" id="find_account_question" style="display:block;margin:0 0 8px 0">%s</select>';
+						$inputTag = '<select name="find_account_question" id="find_account_question" style="display:block;margin:0 0 8px 0" %s>%s</select>';
 						$optionTag = array();
 						foreach($lang->find_account_question_items as $key=>$val)
 						{
@@ -529,8 +547,13 @@ class memberAdminView extends member
 								$selected,
 								$val);
 						}
-						$inputTag = sprintf($inputTag, implode('', $optionTag));
-						$inputTag .= '<input type="text" name="find_account_answer" id="find_account_answer" title="'.lang('find_account_answer').'" value="'.$memberInfo['find_account_answer'].'" />';
+						$inputTag = sprintf($inputTag, $disabled, implode('', $optionTag));
+						$inputTag .= '<input type="text" name="find_account_answer" id="find_account_answer" title="' . lang('find_account_answer') . '" value="" ' . $disabled . '" />';
+
+						if($disabled) {
+							$inputTag .= ' <label><input type="checkbox" name="modify_find_account_answer" value="Y" /> ' . lang('cmd_modify') . '</label>';
+							$inputTag .= '<script>(function($) {$(function() {$(\'[name=modify_find_account_answer]\').change(function() {var $this = $(this); if($this.prop(\'checked\')) {$(\'[name=find_account_question],[name=find_account_answer]\').attr(\'disabled\', false); } else {$(\'[name=find_account_question]\').attr(\'disabled\', true); $(\'[name=find_account_answer]\').attr(\'disabled\', true).val(\'\'); } }); }); })(jQuery);</script>';
+						}
 					}
 					else if($formInfo->name == 'email_address')
 					{

modules/member/member.controller.php

@@ -642,6 +642,10 @@ class memberController extends member
 			{
 				$args->birthday_ui = Context::get('birthday_ui');
 			}
+			if($val == 'find_account_answer' && !Context::get($val))
+			{
+				unset($args->{$val});
+			}
 		}
 		
 		// Login Information
@@ -664,8 +668,8 @@ class memberController extends member
 		if(!$args->birthday && $args->birthday_ui)
 		{
 			$args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
-		} 
-		
+		}
+
 		// Remove some unnecessary variables from all the vars
 		$all_args = Context::getRequestVars();
 		unset($all_args->module);
@@ -1197,6 +1201,7 @@ class memberController extends member
 	function procMemberFindAccountByQuestion()
 	{
 		$oMemberModel = getModel('member');
+		$oPassword =  new Password();
 		$config = $oMemberModel->getMemberConfig();
 		if($config->enable_find_account_question != 'Y')
 		{
@@ -1214,6 +1219,7 @@ class memberController extends member
 		// Check if a member having the same email address exists
 		$member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
 		if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
+
 		// Get information of the member
 		$columnList = array('member_srl', 'find_account_question', 'find_account_answer');
 		$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
@@ -1221,7 +1227,33 @@ class memberController extends member
 		// Display a message if no answer is entered
 		if(!$member_info->find_account_question || !$member_info->find_account_answer) return new Object(-1, 'msg_question_not_exists');
 
-		if(trim($member_info->find_account_question) != $find_account_question || trim($member_info->find_account_answer) != $find_account_answer) return new Object(-1, 'msg_answer_not_matches');
+		// 답변 확인
+		$hashed = $oPassword->checkAlgorithm($member_info->find_account_answer);
+		$authed = true;
+		$member_info->find_account_question = trim($member_info->find_account_question);
+		if($member_info->find_account_question != $find_account_question)
+		{
+			$authed = false;
+		}
+		else if($hashed && !$oPassword->checkPassword($find_account_answer, $member_info->find_account_answer))
+		{
+			$authed = false;
+		}
+		else if(!$hashed && $find_account_answer != $member_info->find_account_answer)
+		{
+			$authed = false;
+		}
+
+		if(!$authed)
+		{
+			return new Object(-1, 'msg_answer_not_matches');
+		}
+
+		// answer가 동일하고 hash 되지 않았으면 hash 값으로 저장
+		if($authed && !$hashed)
+		{
+			$this->updateFindAccountAnswer($member_srl, $find_account_answer);
+		}
 
 		if($config->identifier == 'email_address')
 		{
@@ -1229,7 +1261,11 @@ class memberController extends member
 		}
 
 		// Update to a temporary password and set change_password_date to 1
+<<<<<<< HEAD
 		$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
+=======
+		$temp_password = $oPassword->createTemporaryPassword(8);
+>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
 
 		$args = new stdClass();
 		$args->member_srl = $member_srl;
@@ -2182,6 +2218,15 @@ class memberController extends member
 			unset($args->password);
 		}
 
+		if($args->find_account_answer && !$password_is_hashed)
+		{
+			$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
+		}
+		elseif(!$args->find_account_answer)
+		{
+			unset($args->find_account_answer);
+		}
+
 		// Check if ID is prohibited
 		if($logged_info->is_admin !== 'Y' && $oMemberModel->isDeniedID($args->user_id))
 		{
@@ -2499,7 +2544,26 @@ class memberController extends member
 		{
 			$args->password = $orgMemberInfo->password;
 		}
+<<<<<<< HEAD
 		
+=======
+
+		if($args->find_account_answer) {
+			$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
+		}
+		else
+		{
+			$oPassword =  new Password();
+			$hashed = $oPassword->checkAlgorithm($orgMemberInfo->find_account_answer);
+
+			if($hashed) {
+				$args->find_account_answer = $orgMemberInfo->find_account_answer;
+			} else {
+				$args->find_account_answer = $oPassword->createHash($orgMemberInfo->find_account_answer);
+			}
+		}
+
+>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
 		if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
 		if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
 		if(!$args->nick_name) $args->nick_name = $orgMemberInfo->nick_name;
@@ -2604,6 +2668,16 @@ class memberController extends member
 		return $output;
 	}
 
+	function updateFindAccountAnswer($member_srl, $answer)
+	{
+		$oPassword =  new Password();
+
+		$args = new stdClass();
+		$args->member_srl = $member_srl;
+		$args->find_account_answer = $oPassword->createHash($answer);
+		$output = executeQuery('member.updateFindAccountAnswer', $args);
+	}
+
 	/**
 	 * Delete User
 	 */

modules/member/queries/updateFindAccountAnswer.xml

@@ -0,0 +1,11 @@
+<query id="updateFindAccountAnswer" action="update">
+	<tables>
+		<table name="member" />
+	</tables>
+	<columns>
+		<column name="find_account_answer" var="find_account_answer" notnull="notnull" />
+	</columns>
+	<conditions>
+		<condition operation="equal" column="member_srl" var="member_srl" notnull="notnull" filter="number" />
+	</conditions>
+</query>