fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove login/signup rulesets and use PHP code instead

Browse source
This commit is contained in:
Kijin Sung 2021-01-08 16:32:08 +09:00
parent 1d3d6517b3
commit 6a5d68f3a7
7 changed files with 171 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

1
common/lang/en.php
View file

@ -237,6 +237,7 @@ $lang->msg_input_password = 'Please type the password.';
$lang->msg_invalid_document = 'Invalid Article Number';
$lang->msg_invalid_request = 'Invalid Request';
$lang->msg_invalid_password = 'The password you entered is incorrect.';
$lang->msg_password_match = 'The two passwords do not match. Please check for typos.';
$lang->msg_security_violation = 'Security Violation';
$lang->msg_method_not_allowed = 'This HTTP method is not allowed for this action.';
$lang->msg_feature_disabled = 'This feature is disabled.';

1
common/lang/ko.php
View file

@ -239,6 +239,7 @@ $lang->msg_input_password = '비밀번호를 입력하세요.';
$lang->msg_invalid_document = '잘못된 문서번호입니다.';
$lang->msg_invalid_request = '잘못된 요청입니다.';
$lang->msg_invalid_password = '비밀번호가 올바르지 않습니다.';
$lang->msg_password_match = '비밀번호가 서로 일치하지 않습니다. 오타 여부를 확인해 주십시오.';
$lang->msg_security_violation = '보안정책상 허용되지 않습니다.';
$lang->msg_method_not_allowed = '이 요청에 사용할 수 없는 HTTP 메소드입니다.';
$lang->msg_feature_disabled = '사용할 수 없는 기능입니다.';

6
modules/member/conf/module.xml
View file

@ -35,9 +35,9 @@
<action name="getMemberMenu" type="model" />
<action name="getApiGroups" type="model" permission="root" />
<action name="procMemberInsert" type="controller" ruleset="@insertMember" route="signup" />
<action name="procMemberInsert" type="controller" route="signup" />
<action name="procMemberCheckValue" type="controller" />
<action name="procMemberLogin" type="controller" ruleset="@login" route="login" />
<action name="procMemberLogin" type="controller" route="login" />
<action name="procMemberRegisterDevice" type="controller" route="device/register" />
<action name="procMemberLoginWithDevice" type="controller" route="device/login" />
<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" />
@ -48,7 +48,7 @@
<action name="procMemberSendVerificationSMS" type="controller" />
<action name="procMemberConfirmVerificationSMS" type="controller" />
<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
<action name="procMemberModifyInfo" type="controller" permission="member" ruleset="@insertMember" />
<action name="procMemberModifyInfo" type="controller" permission="member" />
<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
<action name="procMemberDeleteDevice" type="controller" permission="member" />

86
modules/member/member.admin.controller.php
View file

@ -654,69 +654,9 @@ class memberAdminController extends member
* @param object $signupForm (user define signup form)
* @return void
*/
function _createSignupRuleset($signupForm){
$xml_file = './files/ruleset/insertMember.xml';
$buff = '<?xml version="1.0" encoding="utf-8"?>' . PHP_EOL.
'<ruleset version="1.5.0">' . PHP_EOL.
'<customrules>' . PHP_EOL.
'</customrules>' . PHP_EOL.
'<fields>' . PHP_EOL . '%s' . PHP_EOL . '</fields>' . PHP_EOL.
'</ruleset>';
$fields = array();
foreach($signupForm as $formInfo)
{
if($formInfo->required || $formInfo->mustRequired)
{
if($formInfo->type == 'tel' || $formInfo->type == 'kr_zip')
{
$fields[] = sprintf('<field name="%s[]" required="true" />', $formInfo->name);
}
else if($formInfo->name == 'password')
{
$fields[] = '<field name="password"><if test="$act == \'procMemberInsert\'" attr="required" value="true" /><if test="$act == \'procMemberInsert\'" attr="length" value="4:60" /></field>';
$fields[] = '<field name="password2"><if test="$act == \'procMemberInsert\'" attr="required" value="true" /><if test="$act == \'procMemberInsert\'" attr="equalto" value="password" /></field>';
}
else if($formInfo->name == 'find_account_question')
{
$fields[] = '<field name="find_account_question"><if test="$modify_find_account_answer" attr="required" value="true" /></field>';
$fields[] = '<field name="find_account_answer" length=":250"><if test="$modify_find_account_answer" attr="required" value="true" /></field>';
}
else if($formInfo->name == 'email_address')
{
$fields[] = sprintf('<field name="%s" required="true" rule="email"/>', $formInfo->name);
}
else if($formInfo->name == 'user_id')
{
$fields[] = sprintf('<field name="%s" required="true" rule="userid" length="3:20" />', $formInfo->name);
}
else if($formInfo->name == 'nick_name')
{
$fields[] = sprintf('<field name="%s" required="true" length="2:20" />', $formInfo->name);
}
else if(strpos($formInfo->name, 'image') !== false)
{
$fields[] = sprintf('<field name="%s"><if test="$act != \'procMemberAdminInsert\' &amp;&amp; $__%s_exist != \'true\'" attr="required" value="true" /></field>', $formInfo->name, $formInfo->name);
}
else if($formInfo->name == 'signature')
{
$fields[] = '<field name="signature"><if test="$member_srl" attr="required" value="true" /></field>';
}
else
{
$fields[] = sprintf('<field name="%s" required="true" />', $formInfo->name);
}
}
}
$xml_buff = sprintf($buff, implode(PHP_EOL, $fields));
FileHandler::writeFile($xml_file, $xml_buff);
unset($xml_buff);
$validator = new Validator($xml_file);
$validator->setCacheDir('files/cache');
$validator->getJsPath();
function _createSignupRuleset($signupForm)
{
}
/**
@ -726,25 +666,7 @@ class memberAdminController extends member
*/
function _createLoginRuleset($identifier)
{
$xml_file = './files/ruleset/login.xml';
$buff = '<?xml version="1.0" encoding="utf-8"?>'.
'<ruleset version="1.5.0">'.
'<customrules>'.
'</customrules>'.
'<fields>%s</fields>'.
'</ruleset>';
$fields = array();
$trans = array('email_address'=>'email', 'user_id'=> '');
$fields[] = sprintf('<field name="user_id" required="true" rule="%s"/>', $trans[$identifier]);
$fields[] = '<field name="password" required="true" />';
$xml_buff = sprintf($buff, implode('', $fields));
Filehandler::writeFile($xml_file, $xml_buff);
$validator = new Validator($xml_file);
$validator->setCacheDir('files/cache');
$validator->getJsPath();
}
/**

27
modules/member/member.class.php
View file

@ -87,11 +87,6 @@ class member extends ModuleObject {
$identifier = 'user_id';
$config->signupForm = $oMemberAdminController->createSignupForm($identifier);
$config->identifier = $identifier;
// Create Ruleset File
FileHandler::makeDir('./files/ruleset');
$oMemberAdminController->_createSignupRuleset($config->signupForm);
$oMemberAdminController->_createLoginRuleset($config->identifier);
}
$oModuleController->insertModuleConfig('member',$config);
@ -258,10 +253,9 @@ class member extends ModuleObject {
}
// supprot multilanguage agreement.
if(is_readable('./files/member_extra_info/agreement.txt')) return true;
if(!is_readable('./files/ruleset/insertMember.xml')) return true;
if(!is_readable('./files/ruleset/login.xml')) return true;
if(FileHandler::exists('./files/member_extra_info/agreement.txt')) return true;
if(FileHandler::exists('./files/ruleset/insertMember.xml')) return true;
if(FileHandler::exists('./files/ruleset/login.xml')) return true;
// 2013. 11. 22 add menu when popup document menu called
if(!ModuleModel::getTrigger('document.getDocumentMenu', 'member', 'controller', 'triggerGetDocumentMenu', 'after')) return true;
@ -501,7 +495,7 @@ class member extends ModuleObject {
}
}
if(is_readable('./files/member_extra_info/agreement.txt'))
if(file_exists('./files/member_extra_info/agreement.txt'))
{
$source_file = RX_BASEDIR.'files/member_extra_info/agreement.txt';
$target_file = RX_BASEDIR.'files/member_extra_info/agreement_' . Context::get('lang_type') . '.txt';
@ -509,11 +503,14 @@ class member extends ModuleObject {
FileHandler::rename($source_file, $target_file);
}
FileHandler::makeDir('./files/ruleset');
if(!is_readable('./files/ruleset/insertMember.xml'))
$oMemberAdminController->_createSignupRuleset($config->signupForm);
if(!is_readable('./files/ruleset/login.xml'))
$oMemberAdminController->_createLoginRuleset($config->identifier);
if(FileHandler::exists('./files/ruleset/insertMember.xml'))
{
FileHandler::removeFile('./files/ruleset/insertMember.xml');
}
if(FileHandler::exists('./files/ruleset/login.xml'))
{
FileHandler::removeFile('./files/ruleset/login.xml');
}
// 2013. 11. 22 add menu when popup document menu called
if(!ModuleModel::getTrigger('document.getDocumentMenu', 'member', 'controller', 'triggerGetDocumentMenu', 'after'))

219
modules/member/member.controller.php
View file

@ -774,11 +774,15 @@ class memberController extends member
$config = MemberModel::getMemberConfig();
// call a trigger (before)
$trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config);
$trigger_output = ModuleHandler::triggerCall('member.procMemberInsert', 'before', $config);
if(!$trigger_output->toBool ()) return $trigger_output;
// Check if an administrator allows a membership
if($config->enable_join != 'Y') throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled');
if($config->enable_join !== 'Y' || !$config->signupForm)
{
throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled');
}
// Check if the user accept the license terms (only if terms exist)
$accept_agreement = Context::get('accept_agreement');
if(!is_array($accept_agreement))
@ -851,34 +855,25 @@ class memberController extends member
$args->allow_mailing = Context::get('allow_mailing');
$args->allow_message = Context::get('allow_message');
if($args->password1) $args->password = $args->password1;
// Check phone number
if ($config->phone_number_verify_by_sms === 'Y' && $use_phone)
// Check all required fields
$output = $this->_checkSignUpFields($config, $args, 'insert');
if (!$output->toBool())
{
if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status'])
return $output;
}
// Check phone number
if ($use_phone)
{
$output = $this->_checkPhoneNumber($config, $args, 'insert');
if (!$output->toBool())
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
}
if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y'))
{
$args->phone_country = $config->phone_number_default_country;
}
if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country))
{
$args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country);
}
if ($args->phone_country !== $_SESSION['verify_by_sms']['country'])
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
}
if ($args->phone_number !== $_SESSION['verify_by_sms']['number'])
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
return $output;
}
}
// check password strength
if(!MemberModel::checkPasswordStrength($args->password, $config->password_strength))
{
@ -1112,18 +1107,15 @@ class memberController extends member
// Extract the necessary information in advance
$getVars = array('allow_mailing','allow_message');
$use_phone = false;
if($config->signupForm)
foreach($config->signupForm as $formInfo)
{
foreach($config->signupForm as $formInfo)
if($formInfo->name === 'phone_number' && $formInfo->isUse)
{
if($formInfo->name === 'phone_number' && $formInfo->isUse)
{
$use_phone = true;
}
if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired))
{
$getVars[] = $formInfo->name;
}
$use_phone = true;
}
if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired))
{
$getVars[] = $formInfo->name;
}
}
@ -1140,7 +1132,7 @@ class memberController extends member
$args->phone_country = preg_replace('/[^A-Z]/', '', Context::get('phone_country'));
}
}
// mobile input date format can be different
if($args->birthday)
{
@ -1159,43 +1151,24 @@ class memberController extends member
$args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
}
// Check phone number
if ($config->phone_number_verify_by_sms === 'Y' && $use_phone)
// Check all required fields
$output = $this->_checkSignUpFields($config, $args, 'update');
if (!$output->toBool())
{
$phone_verify_needed = false;
if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y'))
return $output;
}
// Check phone number
if ($use_phone)
{
$output = $this->_checkPhoneNumber($config, $args, 'update', $logged_info);
if (!$output->toBool())
{
$args->phone_country = $config->phone_number_default_country;
}
if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country))
{
$args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country);
}
if ($args->phone_country !== $logged_info->phone_country)
{
$phone_verify_needed = true;
}
if (preg_replace('/[^0-9]/', '', $args->phone_number) !== $logged_info->phone_number)
{
$phone_verify_needed = true;
}
if ($phone_verify_needed)
{
if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status'])
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
}
if ($args->phone_country !== $_SESSION['verify_by_sms']['country'])
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
}
if ($args->phone_number !== $_SESSION['verify_by_sms']['number'])
{
throw new Rhymix\Framework\Exception('verify_by_sms_incomplete');
}
return $output;
}
}
// Fill in member_srl
$args->member_srl = $logged_info->member_srl;
// Remove some unnecessary variables from all the vars
@ -3859,7 +3832,115 @@ class memberController extends member
return array();
}
/**
* Check required fields on signup or modify info
*
* @param object $config
* @param object $args
* @param string $mode
* @return object
*/
protected function _checkSignUpFields($config, $args, $mode = 'insert')
{
$not_required_in_update = ['password'];
foreach($config->signupForm as $formInfo)
{
if($formInfo->required || $formInfo->mustRequired)
{
if ($mode === 'update' && in_array($formInfo->name, $not_required_in_update))
{
// pass
}
else
{
if (!isset($args->{$formInfo->name}) || !$args->{$formInfo->name})
{
return new BaseObject(-1, sprintf(lang('common.filter.isnull'), $formInfo->title));
}
}
}
if ($formInfo->name === 'email_address' && $args->{$formInfo->name} && !Mail::isVaildMailAddress($args->{$formInfo->name}))
{
return new BaseObject(-1, sprintf(lang('common.filter.invalid_email'), $formInfo->title));
}
if ($formInfo->name === 'user_id' && $args->{$formInfo->name} && !preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $args->{$formInfo->name}))
{
return new BaseObject(-1, sprintf(lang('common.filter.invalid_user_id'), $formInfo->title));
}
if ($formInfo->name === 'password' && $args->password && ($args->password !== Context::get('password2')))
{
return new BaseObject(-1, 'msg_password_mismatch');
}
}
return new BaseObject;
}
/**
* Check required fields on signup or modify info
*
* @param object $config
* @param object $args
* @param string $mode
* @param object $original
* @return object
*/
protected function _checkPhoneNumber($config, $args, $mode = 'insert', $original = null)
{
if ($config->phone_number_verify_by_sms === 'Y')
{
// Attempt to fill in the country code.
if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y'))
{
$args->phone_country = $config->phone_number_default_country;
}
if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country))
{
$args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country);
}
if ($args->phone_country === 'KOR' && !Rhymix\Framework\Korea::isValidPhoneNumber($args->phone_number))
{
return new BaseObject(-1, 'msg_invalid_phone_number');
}
// If updating, check if the new info is the same as the old info.
if ($mode === 'update' && $original)
{
$recheck_needed = false;
if ($args->phone_country !== $original->phone_country)
{
$recheck_needed = true;
}
if (preg_replace('/[^0-9]/', '', $args->phone_number) !== $original->phone_number)
{
$recheck_needed = true;
}
if (!$recheck_needed)
{
return new BaseObject;
}
}
// Check if verified by SMS.
if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status'])
{
return new BaseObject(-1, 'verify_by_sms_incomplete');
}
if ($args->phone_country !== $_SESSION['verify_by_sms']['country'])
{
return new BaseObject(-1, 'verify_by_sms_incomplete');
}
if ($args->phone_number !== $_SESSION['verify_by_sms']['number'])
{
return new BaseObject(-1, 'verify_by_sms_incomplete');
}
}
return new BaseObject;
}
public static function _clearMemberCache($member_srl)
{
return self::clearMemberCache($member_srl);

7
modules/member/ruleset/signup.xml
View file

@ -3,13 +3,6 @@
<customrules>
</customrules>
<fields>
<field name="user_id" required="true" length="3:20" />
<field name="password1" required="true" length="4:60" />
<field name="password2" required="true" length="4:60" equalto="password1" />
<field name="user_name" required="true" length="2:40" />
<field name="nick_name" required="true" length="2:40" />
<field name="email_address" required="true" length="1:200" rule="email" />
<field name="find_account_question" required="true" />
<field name="find_account_answer" required="true" length=":250" />
</fields>
</ruleset>