mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-28 14:52:24 +09:00
Merge pull request #366 from kijin/pr/security-refactor
보안관련 클래스 전반적 정리 및 기능 개선 프로젝트
This commit is contained in:
Kijin Sung
commit
4f015f7bbc
78 changed files with 3860 additions and 3336 deletions
|
|
@ -748,10 +748,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertProfileImage($member_srl, $target_file)
|
||||
{
|
||||
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oMemberModel = getModel('member');
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
|
||||
|
|
@ -827,9 +823,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageName($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -936,9 +929,6 @@ class memberController extends member
|
|||
*/
|
||||
function insertImageMark($member_srl, $target_file)
|
||||
{
|
||||
// Check uploaded file
|
||||
if(!checkUploadedFile($target_file)) return;
|
||||
|
||||
$oModuleModel = getModel('module');
|
||||
$config = $oModuleModel->getModuleConfig('member');
|
||||
// Get an image size
|
||||
|
|
@ -1013,12 +1003,11 @@ class memberController extends member
|
|||
}
|
||||
|
||||
// Insert data into the authentication DB
|
||||
$oPassword = new Password();
|
||||
$args = new stdClass();
|
||||
$args->user_id = $member_info->user_id;
|
||||
$args->member_srl = $member_info->member_srl;
|
||||
$args->new_password = $oPassword->createTemporaryPassword(8);
|
||||
$args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$args->new_password = Rhymix\Framework\Password::getRandomPassword(8);
|
||||
$args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$args->is_register = 'N';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $args);
|
||||
|
|
@ -1122,8 +1111,7 @@ class memberController extends member
|
|||
}
|
||||
|
||||
// Update to a temporary password and set change_password_date to 1
|
||||
$oPassword = new Password();
|
||||
$temp_password = $oPassword->createTemporaryPassword(8);
|
||||
$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
|
||||
|
||||
$args = new stdClass();
|
||||
$args->member_srl = $member_srl;
|
||||
|
|
@ -1352,12 +1340,11 @@ class memberController extends member
|
|||
$this->_clearMemberCache($args->member_srl);
|
||||
|
||||
// generate new auth key
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $memberInfo->user_id;
|
||||
$auth_args->member_srl = $memberInfo->member_srl;
|
||||
$auth_args->new_password = $memberInfo->password;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->is_register = 'Y';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $auth_args);
|
||||
|
|
@ -1842,8 +1829,7 @@ class memberController extends member
|
|||
if($keep_signed)
|
||||
{
|
||||
// Key generate for auto login
|
||||
$oPassword = new Password();
|
||||
$random_key = $oPassword->createSecureSalt(32, 'hex');
|
||||
$random_key = Rhymix\Framework\Security::getRandom(32, 'hex');
|
||||
$extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT'];
|
||||
$extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32);
|
||||
$autologin_args = new stdClass;
|
||||
|
|
@ -2175,12 +2161,11 @@ class memberController extends member
|
|||
if($args->denied == 'Y')
|
||||
{
|
||||
// Insert data into the authentication DB
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $args->user_id;
|
||||
$auth_args->member_srl = $args->member_srl;
|
||||
$auth_args->new_password = $args->password;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->is_register = 'Y';
|
||||
|
||||
$output = executeQuery('member.insertAuthMail', $auth_args);
|
||||
|
|
@ -2692,11 +2677,10 @@ class memberController extends member
|
|||
}
|
||||
unset($_SESSION['rechecked_password_step']);
|
||||
|
||||
$oPassword = new Password();
|
||||
$auth_args = new stdClass();
|
||||
$auth_args->user_id = $newEmail;
|
||||
$auth_args->member_srl = $member_info->member_srl;
|
||||
$auth_args->auth_key = $oPassword->createSecureSalt(40);
|
||||
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
|
||||
$auth_args->new_password = 'XE_change_emaill_address';
|
||||
|
||||
$oDB = &DB::getInstance();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue