diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index efd718195..43b7d1f63 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -552,8 +552,8 @@ class memberAdminController extends member
}
else if($formInfo->name == 'find_account_question')
{
- $fields[] = '';
- $fields[] = '';
+ $fields[] = '';
+ $fields[] = '';
}
else if($formInfo->name == 'email_address')
{
diff --git a/modules/member/member.admin.view.php b/modules/member/member.admin.view.php
index d61789bef..b753827df 100644
--- a/modules/member/member.admin.view.php
+++ b/modules/member/member.admin.view.php
@@ -342,7 +342,7 @@ class memberAdminView extends member
if (!is_array($memberInfo['group_list'])) $memberInfo['group_list'] = array();
Context::set('memberInfo', $memberInfo);
- $disableColumns = array('password', 'find_account_question');
+ $disableColumns = array('password', 'find_account_question', 'find_account_answer');
Context::set('disableColumns', $disableColumns);
$security = new Security();
@@ -374,9 +374,12 @@ class memberAdminView extends member
{
$member_info = new stdClass;
}
+
+ unset($memberInfo->find_account_question);
+ unset($memberInfo->find_account_answer);
+ $formTags = $this->_getMemberInputTag($memberInfo, true);
+
Context::set('member_info', $member_info);
-
- $formTags = $this->_getMemberInputTag($member_info, true);
Context::set('formTags', $formTags);
// Editor of the module set for signing by calling getEditor
@@ -423,6 +426,7 @@ class memberAdminView extends member
*/
function _getMemberInputTag($memberInfo = null, $isAdmin = false)
{
+ $logged_info = Context::get('logged_info');
$oMemberModel = getModel('member');
$extend_form_list = $oMemberModel->getCombineJoinForm($memberInfo);
$security = new Security($extend_form_list);
@@ -443,13 +447,25 @@ class memberAdminView extends member
$member_config = $this->memberConfig = $oMemberModel->getMemberConfig();
}
+ unset($member_config->signupForm->find_account_question);
+ unset($member_config->signupForm->find_account_answer);
+
$formTags = array();
global $lang;
foreach($member_config->signupForm as $no=>$formInfo)
{
if(!$formInfo->isUse)continue;
+
+ // 회원 본인이 아닌 경우 입력 폼 제거
+ if($formInfo->name == 'find_account_question' && $memberInfo['member_srl'] !== $logged_info->member_srl)
+ {
+ unset($member_config->signupForm[$no]);
+ continue;
+ }
+
if($formInfo->name == $member_config->identifier || $formInfo->name == 'password') continue;
+
$formTag = new stdClass();
$inputTag = '';
$formTag->title = ($formInfo->isDefaultForm) ? $lang->{$formInfo->name} : $formInfo->title;
@@ -517,8 +533,10 @@ class memberAdminView extends member
}
else if($formInfo->name == 'find_account_question')
{
+ $disabled = (!!$memberInfo['member_srl']) ? 'disabled="disabled"' : '';
+
$formTag->type = 'select';
- $inputTag = '';
+ $inputTag = '';
$optionTag = array();
foreach($lang->find_account_question_items as $key=>$val)
{
@@ -529,8 +547,13 @@ class memberAdminView extends member
$selected,
$val);
}
- $inputTag = sprintf($inputTag, implode('', $optionTag));
- $inputTag .= '';
+ $inputTag = sprintf($inputTag, $disabled, implode('', $optionTag));
+ $inputTag .= '';
+
+ if($disabled) {
+ $inputTag .= ' ';
+ $inputTag .= '';
+ }
}
else if($formInfo->name == 'email_address')
{
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index 7b87d5a74..00e623b31 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -642,6 +642,10 @@ class memberController extends member
{
$args->birthday_ui = Context::get('birthday_ui');
}
+ if($val == 'find_account_answer' && !Context::get($val))
+ {
+ unset($args->{$val});
+ }
}
// Login Information
@@ -664,8 +668,8 @@ class memberController extends member
if(!$args->birthday && $args->birthday_ui)
{
$args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
- }
-
+ }
+
// Remove some unnecessary variables from all the vars
$all_args = Context::getRequestVars();
unset($all_args->module);
@@ -1197,6 +1201,7 @@ class memberController extends member
function procMemberFindAccountByQuestion()
{
$oMemberModel = getModel('member');
+ $oPassword = new Password();
$config = $oMemberModel->getMemberConfig();
if($config->enable_find_account_question != 'Y')
{
@@ -1214,6 +1219,7 @@ class memberController extends member
// Check if a member having the same email address exists
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
+
// Get information of the member
$columnList = array('member_srl', 'find_account_question', 'find_account_answer');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
@@ -1221,7 +1227,33 @@ class memberController extends member
// Display a message if no answer is entered
if(!$member_info->find_account_question || !$member_info->find_account_answer) return new Object(-1, 'msg_question_not_exists');
- if(trim($member_info->find_account_question) != $find_account_question || trim($member_info->find_account_answer) != $find_account_answer) return new Object(-1, 'msg_answer_not_matches');
+ // 답변 확인
+ $hashed = $oPassword->checkAlgorithm($member_info->find_account_answer);
+ $authed = true;
+ $member_info->find_account_question = trim($member_info->find_account_question);
+ if($member_info->find_account_question != $find_account_question)
+ {
+ $authed = false;
+ }
+ else if($hashed && !$oPassword->checkPassword($find_account_answer, $member_info->find_account_answer))
+ {
+ $authed = false;
+ }
+ else if(!$hashed && $find_account_answer != $member_info->find_account_answer)
+ {
+ $authed = false;
+ }
+
+ if(!$authed)
+ {
+ return new Object(-1, 'msg_answer_not_matches');
+ }
+
+ // answer가 동일하고 hash 되지 않았으면 hash 값으로 저장
+ if($authed && !$hashed)
+ {
+ $this->updateFindAccountAnswer($member_srl, $find_account_answer);
+ }
if($config->identifier == 'email_address')
{
@@ -1229,7 +1261,11 @@ class memberController extends member
}
// Update to a temporary password and set change_password_date to 1
+<<<<<<< HEAD
$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
+=======
+ $temp_password = $oPassword->createTemporaryPassword(8);
+>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
$args = new stdClass();
$args->member_srl = $member_srl;
@@ -2182,6 +2218,15 @@ class memberController extends member
unset($args->password);
}
+ if($args->find_account_answer && !$password_is_hashed)
+ {
+ $args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
+ }
+ elseif(!$args->find_account_answer)
+ {
+ unset($args->find_account_answer);
+ }
+
// Check if ID is prohibited
if($logged_info->is_admin !== 'Y' && $oMemberModel->isDeniedID($args->user_id))
{
@@ -2499,7 +2544,26 @@ class memberController extends member
{
$args->password = $orgMemberInfo->password;
}
+<<<<<<< HEAD
+=======
+
+ if($args->find_account_answer) {
+ $args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
+ }
+ else
+ {
+ $oPassword = new Password();
+ $hashed = $oPassword->checkAlgorithm($orgMemberInfo->find_account_answer);
+
+ if($hashed) {
+ $args->find_account_answer = $orgMemberInfo->find_account_answer;
+ } else {
+ $args->find_account_answer = $oPassword->createHash($orgMemberInfo->find_account_answer);
+ }
+ }
+
+>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
if(!$args->nick_name) $args->nick_name = $orgMemberInfo->nick_name;
@@ -2604,6 +2668,16 @@ class memberController extends member
return $output;
}
+ function updateFindAccountAnswer($member_srl, $answer)
+ {
+ $oPassword = new Password();
+
+ $args = new stdClass();
+ $args->member_srl = $member_srl;
+ $args->find_account_answer = $oPassword->createHash($answer);
+ $output = executeQuery('member.updateFindAccountAnswer', $args);
+ }
+
/**
* Delete User
*/
diff --git a/modules/member/queries/updateFindAccountAnswer.xml b/modules/member/queries/updateFindAccountAnswer.xml
new file mode 100644
index 000000000..6c6f5c2a6
--- /dev/null
+++ b/modules/member/queries/updateFindAccountAnswer.xml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+