mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-02 01:52:10 +09:00
- 저장된 답변 내용의 암호화 적용
- 기존에 입력된 유지되며, 새로 입력/수정되는 항목에만 적용 함
This commit is contained in:
bnu
Kijin Sung
parent
b8aff16cff
commit
4eae6ac04e
4 changed files with 119 additions and 11 deletions
|
|
@ -642,6 +642,10 @@ class memberController extends member
|
|||
{
|
||||
$args->birthday_ui = Context::get('birthday_ui');
|
||||
}
|
||||
if($val == 'find_account_answer' && !Context::get($val))
|
||||
{
|
||||
unset($args->{$val});
|
||||
}
|
||||
}
|
||||
|
||||
// Login Information
|
||||
|
|
@ -664,8 +668,8 @@ class memberController extends member
|
|||
if(!$args->birthday && $args->birthday_ui)
|
||||
{
|
||||
$args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Remove some unnecessary variables from all the vars
|
||||
$all_args = Context::getRequestVars();
|
||||
unset($all_args->module);
|
||||
|
|
@ -1197,6 +1201,7 @@ class memberController extends member
|
|||
function procMemberFindAccountByQuestion()
|
||||
{
|
||||
$oMemberModel = getModel('member');
|
||||
$oPassword = new Password();
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
if($config->enable_find_account_question != 'Y')
|
||||
{
|
||||
|
|
@ -1214,6 +1219,7 @@ class memberController extends member
|
|||
// Check if a member having the same email address exists
|
||||
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
|
||||
if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
|
||||
|
||||
// Get information of the member
|
||||
$columnList = array('member_srl', 'find_account_question', 'find_account_answer');
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
|
||||
|
|
@ -1221,7 +1227,33 @@ class memberController extends member
|
|||
// Display a message if no answer is entered
|
||||
if(!$member_info->find_account_question || !$member_info->find_account_answer) return new Object(-1, 'msg_question_not_exists');
|
||||
|
||||
if(trim($member_info->find_account_question) != $find_account_question || trim($member_info->find_account_answer) != $find_account_answer) return new Object(-1, 'msg_answer_not_matches');
|
||||
// 답변 확인
|
||||
$hashed = $oPassword->checkAlgorithm($member_info->find_account_answer);
|
||||
$authed = true;
|
||||
$member_info->find_account_question = trim($member_info->find_account_question);
|
||||
if($member_info->find_account_question != $find_account_question)
|
||||
{
|
||||
$authed = false;
|
||||
}
|
||||
else if($hashed && !$oPassword->checkPassword($find_account_answer, $member_info->find_account_answer))
|
||||
{
|
||||
$authed = false;
|
||||
}
|
||||
else if(!$hashed && $find_account_answer != $member_info->find_account_answer)
|
||||
{
|
||||
$authed = false;
|
||||
}
|
||||
|
||||
if(!$authed)
|
||||
{
|
||||
return new Object(-1, 'msg_answer_not_matches');
|
||||
}
|
||||
|
||||
// answer가 동일하고 hash 되지 않았으면 hash 값으로 저장
|
||||
if($authed && !$hashed)
|
||||
{
|
||||
$this->updateFindAccountAnswer($member_srl, $find_account_answer);
|
||||
}
|
||||
|
||||
if($config->identifier == 'email_address')
|
||||
{
|
||||
|
|
@ -1229,7 +1261,11 @@ class memberController extends member
|
|||
}
|
||||
|
||||
// Update to a temporary password and set change_password_date to 1
|
||||
<<<<<<< HEAD
|
||||
$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
|
||||
=======
|
||||
$temp_password = $oPassword->createTemporaryPassword(8);
|
||||
>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
|
||||
|
||||
$args = new stdClass();
|
||||
$args->member_srl = $member_srl;
|
||||
|
|
@ -2182,6 +2218,15 @@ class memberController extends member
|
|||
unset($args->password);
|
||||
}
|
||||
|
||||
if($args->find_account_answer && !$password_is_hashed)
|
||||
{
|
||||
$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
|
||||
}
|
||||
elseif(!$args->find_account_answer)
|
||||
{
|
||||
unset($args->find_account_answer);
|
||||
}
|
||||
|
||||
// Check if ID is prohibited
|
||||
if($logged_info->is_admin !== 'Y' && $oMemberModel->isDeniedID($args->user_id))
|
||||
{
|
||||
|
|
@ -2499,7 +2544,26 @@ class memberController extends member
|
|||
{
|
||||
$args->password = $orgMemberInfo->password;
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
|
||||
=======
|
||||
|
||||
if($args->find_account_answer) {
|
||||
$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
|
||||
}
|
||||
else
|
||||
{
|
||||
$oPassword = new Password();
|
||||
$hashed = $oPassword->checkAlgorithm($orgMemberInfo->find_account_answer);
|
||||
|
||||
if($hashed) {
|
||||
$args->find_account_answer = $orgMemberInfo->find_account_answer;
|
||||
} else {
|
||||
$args->find_account_answer = $oPassword->createHash($orgMemberInfo->find_account_answer);
|
||||
}
|
||||
}
|
||||
|
||||
>>>>>>> 3177f45... #2062 비밀번호 찾기 질문/답변을 본인만 확인/수정할 수 있도록 변경
|
||||
if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
|
||||
if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
|
||||
if(!$args->nick_name) $args->nick_name = $orgMemberInfo->nick_name;
|
||||
|
|
@ -2604,6 +2668,16 @@ class memberController extends member
|
|||
return $output;
|
||||
}
|
||||
|
||||
function updateFindAccountAnswer($member_srl, $answer)
|
||||
{
|
||||
$oPassword = new Password();
|
||||
|
||||
$args = new stdClass();
|
||||
$args->member_srl = $member_srl;
|
||||
$args->find_account_answer = $oPassword->createHash($answer);
|
||||
$output = executeQuery('member.updateFindAccountAnswer', $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete User
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue