mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-05-02 00:32:15 +09:00
Merge pull request #366 from kijin/pr/security-refactor
보안관련 클래스 전반적 정리 및 기능 개선 프로젝트
This commit is contained in:
Kijin Sung
commit
4f015f7bbc
78 changed files with 3860 additions and 3336 deletions
|
|
@ -166,8 +166,7 @@ class memberAdminController extends member
|
|||
'update_nickname_log'
|
||||
);
|
||||
|
||||
$oPassword = new Password();
|
||||
if(!array_key_exists($args->password_hashing_algorithm, $oPassword->getSupportedAlgorithms()))
|
||||
if(!array_key_exists($args->password_hashing_algorithm, Rhymix\Framework\Password::getSupportedAlgorithms()))
|
||||
{
|
||||
$args->password_hashing_algorithm = 'md5';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -298,26 +298,12 @@ class memberAdminModel extends member
|
|||
{
|
||||
if ($allow_list = ($allow_list === null) ? config('admin.allow') : $allow_list)
|
||||
{
|
||||
foreach ($allow_list as $range)
|
||||
{
|
||||
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return Rhymix\Framework\Filters\IpFilter::inRanges(RX_CLIENT_IP, $allow_list);
|
||||
}
|
||||
|
||||
if ($deny_list = ($deny_list === null) ? config('admin.deny') : $deny_list)
|
||||
{
|
||||
foreach ($deny_list as $range)
|
||||
{
|
||||
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
return !Rhymix\Framework\Filters\IpFilter::inRanges(RX_CLIENT_IP, $deny_list);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -129,8 +129,7 @@ class memberAdminView extends member
|
|||
*/
|
||||
public function dispMemberAdminConfig()
|
||||
{
|
||||
$oPassword = new Password();
|
||||
Context::set('password_hashing_algos', $oPassword->getSupportedAlgorithms());
|
||||
Context::set('password_hashing_algos', Rhymix\Framework\Password::getSupportedAlgorithms());
|
||||
|
||||
$this->setTemplateFile('default_config');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,8 +73,7 @@ class member extends ModuleObject {
|
|||
|
||||
if(!$config->password_hashing_algorithm)
|
||||
{
|
||||
$oPassword = new Password();
|
||||
$config->password_hashing_algorithm = $oPassword->getBestAlgorithm();
|
||||
$config->password_hashing_algorithm = Rhymix\Framework\Password::getBestSupportedAlgorithm();
|
||||
}
|
||||
if(!$config->password_hashing_work_factor)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -748,10 +748,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertProfileImage($member_srl, $target_file)
|
||||
{
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
|
||||
|
|
@ -827,9 +823,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageName($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -936,9 +929,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageMark($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -1013,12 +1003,11 @@ class memberController extends member
|
|||
}
|
||||
|
||||
// Insert data into the authentication DB
|
||||
$oPassword = new Password();
|
||||
$args = new stdClass();
|
||||
$args->user_id = $member_info->user_id;
|
||||
$args->member_srl = $member_info->member_srl;
|
||||
$args->new_password = $oPassword->createTemporaryPassword(8);
|
||||
$args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$args->new_password = Rhymix\Framework\Password::getRandomPassword(8);
|
||||
$args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$args->is_register = 'N';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $args);
|
||||
|
|
@ -1122,8 +1111,7 @@ class memberController extends member
|
|||
}
|
||||
|
||||
// Update to a temporary password and set change_password_date to 1
|
||||
$oPassword = new Password();
|
||||
$temp_password = $oPassword->createTemporaryPassword(8);
|
||||
$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
|
||||
|
||||
$args = new stdClass();
|
||||
$args->member_srl = $member_srl;
|
||||
|
|
@ -1352,12 +1340,11 @@ class memberController extends member
|
|||
$this->_clearMemberCache($args->member_srl);
|
||||
|
||||
// generate new auth key
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $memberInfo->user_id;
|
||||
$auth_args->member_srl = $memberInfo->member_srl;
|
||||
$auth_args->new_password = $memberInfo->password;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->is_register = 'Y';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $auth_args);
|
||||
|
|
@ -1842,8 +1829,7 @@ class memberController extends member
|
|||
if($keep_signed)
|
||||
{
|
||||
// Key generate for auto login
|
||||
$oPassword = new Password();
|
||||
$random_key = $oPassword->createSecureSalt(32, 'hex');
|
||||
$random_key = Rhymix\Framework\Security::getRandom(32, 'hex');
|
||||
$extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT'];
|
||||
$extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32);
|
||||
$autologin_args = new stdClass;
|
||||
|
|
@ -2175,12 +2161,11 @@ class memberController extends member
|
|||
if($args->denied == 'Y')
|
||||
{
|
||||
// Insert data into the authentication DB
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $args->user_id;
|
||||
$auth_args->member_srl = $args->member_srl;
|
||||
$auth_args->new_password = $args->password;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->is_register = 'Y';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $auth_args);
|
||||
|
|
@ -2692,11 +2677,10 @@ class memberController extends member
|
|||
}
|
||||
unset($_SESSION['rechecked_password_step']);
|
||||
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $newEmail;
|
||||
$auth_args->member_srl = $member_info->member_srl;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->new_password = 'XE_change_emaill_address';
|
||||
|
||||
$oDB = &DB::getInstance();
|
||||
|
|
|
|||
|
|
@ -1107,10 +1107,19 @@ class memberModel extends member
|
|||
}
|
||||
|
||||
// Check the password
|
||||
$oPassword = new Password();
|
||||
$current_algorithm = $oPassword->checkAlgorithm($hashed_password);
|
||||
$match = $oPassword->checkPassword($password_text, $hashed_password, $current_algorithm);
|
||||
if(!$match)
|
||||
$password_match = false;
|
||||
$current_algorithm = false;
|
||||
$possible_algorithms = Rhymix\Framework\Password::checkAlgorithm($hashed_password);
|
||||
foreach ($possible_algorithms as $algorithm)
|
||||
{
|
||||
if (Rhymix\Framework\Password::checkPassword($password_text, $hashed_password, $algorithm))
|
||||
{
|
||||
$password_match = true;
|
||||
$current_algorithm = $algorithm;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$password_match)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1119,22 +1128,26 @@ class memberModel extends member
|
|||
$config = $this->getMemberConfig();
|
||||
if($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N')
|
||||
{
|
||||
$need_upgrade = false;
|
||||
|
||||
if(!$need_upgrade)
|
||||
$required_algorithm = Rhymix\Framework\Password::getDefaultAlgorithm();
|
||||
if ($required_algorithm !== $current_algorithm)
|
||||
{
|
||||
$required_algorithm = $oPassword->getCurrentlySelectedAlgorithm();
|
||||
if($required_algorithm !== $current_algorithm) $need_upgrade = true;
|
||||
$need_upgrade = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$required_work_factor = Rhymix\Framework\Password::getWorkFactor();
|
||||
$current_work_factor = Rhymix\Framework\Password::checkWorkFactor($hashed_password);
|
||||
if ($current_work_factor !== false && $required_work_factor > $current_work_factor)
|
||||
{
|
||||
$need_upgrade = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$need_upgrade = false;
|
||||
}
|
||||
}
|
||||
|
||||
if(!$need_upgrade)
|
||||
{
|
||||
$required_work_factor = $oPassword->getWorkFactor();
|
||||
$current_work_factor = $oPassword->checkWorkFactor($hashed_password);
|
||||
if($current_work_factor !== false && $required_work_factor > $current_work_factor) $need_upgrade = true;
|
||||
}
|
||||
|
||||
if($need_upgrade === true)
|
||||
if ($need_upgrade)
|
||||
{
|
||||
$args = new stdClass();
|
||||
$args->member_srl = $member_srl;
|
||||
|
|
@ -1155,8 +1168,7 @@ class memberModel extends member
|
|||
*/
|
||||
function hashPassword($password_text, $algorithm = null)
|
||||
{
|
||||
$oPassword = new Password();
|
||||
return $oPassword->createHash($password_text, $algorithm);
|
||||
return Rhymix\Framework\Password::hashPassword($password_text, $algorithm);
|
||||
}
|
||||
|
||||
function checkPasswordStrength($password, $strength)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue