fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

More validity checks for reset password

Browse source
This commit is contained in:
Kijin Sung 2023-11-29 21:59:28 +09:00
parent a45373c113
commit 64148f0544
3 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/member/conf/module.xml
View file

@ -50,7 +50,7 @@
<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" /> <action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
<action name="procMemberModifyInfo" type="controller" permission="member" /> <action name="procMemberModifyInfo" type="controller" permission="member" />
<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" /> <action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
<action name="procMemberResetPassword" type="controller" /> <action name="procMemberResetPassword" type="controller" ruleset="resetPassword" />
<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" /> <action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" /> <action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" />
<action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" /> <action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" />

10
modules/member/member.controller.php
View file

@ -1226,6 +1226,13 @@ class MemberController extends Member
throw new Rhymix\Framework\Exception('msg_invalid_auth_key'); throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
} }
$member_srl = $output->data->member_srl;
if (!$member_srl || $output->data->auth_type !== 'password_v2')
{
executeQuery('member.deleteAuthMail', ['auth_key' => $vars->auth_key]);
throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
}
$expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400; $expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400;
if(ztime($output->data->regdate) < time() - $expires) if(ztime($output->data->regdate) < time() - $expires)
{ {
@ -1233,9 +1240,6 @@ class MemberController extends Member
throw new Rhymix\Framework\Exception('msg_expired_auth_key'); throw new Rhymix\Framework\Exception('msg_expired_auth_key');
} }
// Extract the necessary information in advance
$member_srl = $output->data->member_srl;
// Update the password // Update the password
$args = new stdClass; $args = new stdClass;
$args->member_srl = $member_srl; $args->member_srl = $member_srl;

10
modules/member/ruleset/resetPassword.xml Normal file
View file

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<ruleset version="1.5.0">
<customrules>
</customrules>
<fields>
<field name="auth_key" required="true" length="1:60" />
<field name="password1" required="true" length="4:60" />
<field name="password2" required="true" length="4:60" equalto="password1" />
</fields>
</ruleset>