From 53cdc17c7f3aab29cb32c38a74957238e33fd6b5 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sun, 3 Jul 2022 01:43:15 +0900
Subject: [PATCH] Obfuscate some login error messages #1957
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 로그인 실패시 아이디나 메일주소가 틀렸는지, 비번이 틀렸는지 구분하여 알려주지 않도록 변경
- 아이디/비번찾기시에는 불필요하게 세분화된 일부분만 정리하고 완전히 막지 않음
---
 modules/member/lang/en.php           | 8 ++++----
 modules/member/lang/es.php           | 6 ++++--
 modules/member/lang/fr.php           | 6 ++++--
 modules/member/lang/ja.php           | 6 +++---
 modules/member/lang/ko.php           | 6 +++---
 modules/member/lang/zh-CN.php        | 6 +++---
 modules/member/lang/zh-TW.php        | 5 +++--
 modules/member/member.controller.php | 2 +-
 8 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/modules/member/lang/en.php b/modules/member/lang/en.php
index 69628a239..546a0ec4c 100644
--- a/modules/member/lang/en.php
+++ b/modules/member/lang/en.php
@@ -20,10 +20,10 @@ $lang->managed_email_host['prohibited'] = 'E-mail accounts at %s are not allowed
 $lang->null_user_id = 'Please enter your ID.';
 $lang->null_password = 'Please enter your password.';
 $lang->invalid_authorization = 'The account is not activated.';
-$lang->invalid_email_address = 'You have entered an invalid email address. There is no member who has the email, entered.';
-$lang->invalid_user_id = 'You have entered an invalid ID.';
-$lang->invalid_password = 'You have entered an invalid password.';
-$lang->invalid_new_password = 'Please enter a password you haven\'t previously used.';
+$lang->invalid_email_address = 'Login failed. Please check your e-mail address and/or password.';
+$lang->invalid_user_id = 'Login failed. Please check your user ID and/or password.';
+$lang->invalid_password = 'Login failed. Please check your user ID and/or password.';
+$lang->invalid_new_password = 'Please enter a different password.';
 $lang->allow_mailing = 'Join Mailing';
 $lang->is_admin = 'Superadmin Permission';
 $lang->member_group = 'Member Group';
diff --git a/modules/member/lang/es.php b/modules/member/lang/es.php
index b8901be12..aa5f308f3 100644
--- a/modules/member/lang/es.php
+++ b/modules/member/lang/es.php
@@ -12,8 +12,10 @@ $lang->denied_user_id = 'Este ID está prohibido.';
 $lang->null_user_id = 'IngresarID';
 $lang->null_password = 'Ingresar la contraseña';
 $lang->invalid_authorization = 'No está certificado';
-$lang->invalid_user_id = 'Este ID no existe';
-$lang->invalid_password = 'Contraseña incorrecta';
+$lang->invalid_email_address = 'Por favor, compruebe su dirección de correo electrónico y contraseña.';
+$lang->invalid_user_id = 'Por favor verifique su identificación de usuario y contraseña.';
+$lang->invalid_password = 'Por favor verifique su identificación de usuario y contraseña.';
+$lang->invalid_new_password = 'Introduzca una contraseña diferente.';
 $lang->allow_mailing = 'Registro del envío de mail';
 $lang->is_admin = 'Atribución del administrador superior';
 $lang->member_group = 'Grupo asignado';
diff --git a/modules/member/lang/fr.php b/modules/member/lang/fr.php
index 3f0dba7b0..00dc9952e 100644
--- a/modules/member/lang/fr.php
+++ b/modules/member/lang/fr.php
@@ -13,8 +13,10 @@ $lang->denied_user_id = 'C\'est un comte interdit.';
 $lang->null_user_id = 'Entrez le compte, S.V.P.';
 $lang->null_password = 'Entrez le mot de passe, S.V.P.';
 $lang->invalid_authorization = 'Le compte n\'est pas encore certifié.';
-$lang->invalid_user_id = 'C\'est un compte qui n\'existe pas.';
-$lang->invalid_password = 'C\'est un mot de passe invalide';
+$lang->invalid_email_address = 'Veuillez vérifier votre adresse e-mail et votre mot de passe.';
+$lang->invalid_user_id = 'Veuillez vérifier votre identifiant et votre mot de passe.';
+$lang->invalid_password = 'Veuillez vérifier votre identifiant et votre mot de passe.';
+$lang->invalid_new_password = 'Veuillez entrer un mot de passe différent.';
 $lang->allow_mailing = 'Inscrire au Mailing';
 $lang->is_admin = 'Permission Superadministrative';
 $lang->member_group = 'Groupe assigné';
diff --git a/modules/member/lang/ja.php b/modules/member/lang/ja.php
index 619d864ff..b675d3b41 100644
--- a/modules/member/lang/ja.php
+++ b/modules/member/lang/ja.php
@@ -17,9 +17,9 @@ $lang->managed_email_host['prohibited'] = 'E-mail accounts at %s are not allowed
 $lang->null_user_id = 'ユーザーIDをもう一度入力してください。';
 $lang->null_password = 'パスワードを入力してください。';
 $lang->invalid_authorization = '認証できませんでした。';
-$lang->invalid_email_address = 'Eメールアドレスと一致する会員がありません。';
-$lang->invalid_user_id = '存在しないユーザーIDです。';
-$lang->invalid_password = '無効なパスワードです。';
+$lang->invalid_email_address = '入力したメールアドレスやパスワードと一致する会員はいません。';
+$lang->invalid_user_id = '入力されたIDやパスワードと一致する会員はいません。';
+$lang->invalid_password = '入力されたIDやパスワードと一致する会員はいません。';
 $lang->invalid_new_password = '以前のパスワードと同じパスワードを使うことはできません。';
 $lang->allow_mailing = 'メーリングリストに登録';
 $lang->is_admin = '最高管理権限';
diff --git a/modules/member/lang/ko.php b/modules/member/lang/ko.php
index 077c72339..586b3350d 100644
--- a/modules/member/lang/ko.php
+++ b/modules/member/lang/ko.php
@@ -20,9 +20,9 @@ $lang->managed_email_host['prohibited'] = '%s 사이트 이메일 계정은 사
 $lang->null_user_id = '회원 아이디를 입력해주세요.';
 $lang->null_password = '비밀번호를 입력해주세요.';
 $lang->invalid_authorization = '인증이 필요한 계정입니다.';
-$lang->invalid_email_address = '이메일 주소와 일치하는 회원이 없습니다.';
-$lang->invalid_user_id = '존재하지 않는 회원 아이디입니다.';
-$lang->invalid_password = '잘못된 비밀번호입니다.';
+$lang->invalid_email_address = '입력하신 이메일 주소 및 비밀번호와 일치하는 회원이 없습니다.';
+$lang->invalid_user_id = '입력하신 아이디 및 비밀번호와 일치하는 회원이 없습니다.';
+$lang->invalid_password = '입력하신 아이디 및 비밀번호와 일치하는 회원이 없습니다.';
 $lang->invalid_new_password = '이전 비밀번호와 같습니다.';
 $lang->allow_mailing = '메일링 가입';
 $lang->is_admin = '최고 관리 권한';
diff --git a/modules/member/lang/zh-CN.php b/modules/member/lang/zh-CN.php
index 3024cbd45..01dfad9bf 100644
--- a/modules/member/lang/zh-CN.php
+++ b/modules/member/lang/zh-CN.php
@@ -15,9 +15,9 @@ $lang->denied_nick_name = '被禁止的昵称。';
 $lang->null_user_id = '请输入用户名。';
 $lang->null_password = '请输入密码。';
 $lang->invalid_authorization = '还没有认证！';
-$lang->invalid_email_address = '找不到跟邮箱地址一致的会员！';
-$lang->invalid_user_id = '该用户名不存在，请检查您的输入是否有误！';
-$lang->invalid_password = '您的密码不正确！';
+$lang->invalid_email_address = '您输入的邮件地址或密码没有匹配的会员。';
+$lang->invalid_user_id = '没有与您输入的ID或密码一致的会员。';
+$lang->invalid_password = '没有与您输入的ID或密码一致的会员。';
 $lang->invalid_new_password = '新密码不能跟旧密码相同';
 $lang->allow_mailing = '接收邮件';
 $lang->is_admin = '最高管理权限';
diff --git a/modules/member/lang/zh-TW.php b/modules/member/lang/zh-TW.php
index 64a5210d7..f0606935f 100644
--- a/modules/member/lang/zh-TW.php
+++ b/modules/member/lang/zh-TW.php
@@ -13,8 +13,9 @@ $lang->denied_user_id = '被禁止的帳號。';
 $lang->null_user_id = '請輸入帳號。';
 $lang->null_password = '請輸入密碼。';
 $lang->invalid_authorization = '還沒有認證！';
-$lang->invalid_user_id = '該帳號不存在，請檢查您的輸入是否有誤！';
-$lang->invalid_password = '您的密碼不正確！';
+$lang->invalid_email_address = '您輸入的郵件地址或密碼沒有匹配的會員。';
+$lang->invalid_user_id = '沒有與您輸入的ID或密碼一致的會員。';
+$lang->invalid_password = '沒有與您輸入的ID或密碼一致的會員。';
 $lang->invalid_new_password = '新密碼不能與舊密碼相同';
 $lang->allow_mailing = '接收郵件';
 $lang->is_admin = '最高管理權限';
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index b7e882c45..1ee863cd3 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -1563,7 +1563,7 @@ class memberController extends member
 
 		// Check if a member having the same email address exists
 		$member_srl = MemberModel::getMemberSrlByEmailAddress($email_address);
-		if(!$member_srl) throw new Rhymix\Framework\Exception('msg_email_not_exists');
+		if(!$member_srl) throw new Rhymix\Framework\Exception('msg_not_exists_member');
 
 		// Get information of the member
 		$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);