From 6a5d68f3a7dda71eeb9c28f3fbef6fb71f34bfef Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Fri, 8 Jan 2021 16:32:08 +0900 Subject: [PATCH] Remove login/signup rulesets and use PHP code instead --- common/lang/en.php | 1 + common/lang/ko.php | 1 + modules/member/conf/module.xml | 6 +- modules/member/member.admin.controller.php | 86 +------- modules/member/member.class.php | 27 ++- modules/member/member.controller.php | 219 ++++++++++++++------- modules/member/ruleset/signup.xml | 7 - 7 files changed, 171 insertions(+), 176 deletions(-) diff --git a/common/lang/en.php b/common/lang/en.php index d91396179..d68a21b28 100644 --- a/common/lang/en.php +++ b/common/lang/en.php @@ -237,6 +237,7 @@ $lang->msg_input_password = 'Please type the password.'; $lang->msg_invalid_document = 'Invalid Article Number'; $lang->msg_invalid_request = 'Invalid Request'; $lang->msg_invalid_password = 'The password you entered is incorrect.'; +$lang->msg_password_match = 'The two passwords do not match. Please check for typos.'; $lang->msg_security_violation = 'Security Violation'; $lang->msg_method_not_allowed = 'This HTTP method is not allowed for this action.'; $lang->msg_feature_disabled = 'This feature is disabled.'; diff --git a/common/lang/ko.php b/common/lang/ko.php index 8b0eccc47..344e28fb6 100644 --- a/common/lang/ko.php +++ b/common/lang/ko.php @@ -239,6 +239,7 @@ $lang->msg_input_password = '비밀번호를 입력하세요.'; $lang->msg_invalid_document = '잘못된 문서번호입니다.'; $lang->msg_invalid_request = '잘못된 요청입니다.'; $lang->msg_invalid_password = '비밀번호가 올바르지 않습니다.'; +$lang->msg_password_match = '비밀번호가 서로 일치하지 않습니다. 오타 여부를 확인해 주십시오.'; $lang->msg_security_violation = '보안정책상 허용되지 않습니다.'; $lang->msg_method_not_allowed = '이 요청에 사용할 수 없는 HTTP 메소드입니다.'; $lang->msg_feature_disabled = '사용할 수 없는 기능입니다.'; diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml index 30cc33495..b21f39b5e 100644 --- a/modules/member/conf/module.xml +++ b/modules/member/conf/module.xml @@ -35,9 +35,9 @@ - + - + @@ -48,7 +48,7 @@ - + diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php index 7c9a50156..aeaada748 100644 --- a/modules/member/member.admin.controller.php +++ b/modules/member/member.admin.controller.php @@ -654,69 +654,9 @@ class memberAdminController extends member * @param object $signupForm (user define signup form) * @return void */ - function _createSignupRuleset($signupForm){ - $xml_file = './files/ruleset/insertMember.xml'; - $buff = '' . PHP_EOL. - '' . PHP_EOL. - '' . PHP_EOL. - '' . PHP_EOL. - '' . PHP_EOL . '%s' . PHP_EOL . '' . PHP_EOL. - ''; - - $fields = array(); - - foreach($signupForm as $formInfo) - { - if($formInfo->required || $formInfo->mustRequired) - { - if($formInfo->type == 'tel' || $formInfo->type == 'kr_zip') - { - $fields[] = sprintf('', $formInfo->name); - } - else if($formInfo->name == 'password') - { - $fields[] = ''; - $fields[] = ''; - } - else if($formInfo->name == 'find_account_question') - { - $fields[] = ''; - $fields[] = ''; - } - else if($formInfo->name == 'email_address') - { - $fields[] = sprintf('', $formInfo->name); - } - else if($formInfo->name == 'user_id') - { - $fields[] = sprintf('', $formInfo->name); - } - else if($formInfo->name == 'nick_name') - { - $fields[] = sprintf('', $formInfo->name); - } - else if(strpos($formInfo->name, 'image') !== false) - { - $fields[] = sprintf('', $formInfo->name, $formInfo->name); - } - else if($formInfo->name == 'signature') - { - $fields[] = ''; - } - else - { - $fields[] = sprintf('', $formInfo->name); - } - } - } - - $xml_buff = sprintf($buff, implode(PHP_EOL, $fields)); - FileHandler::writeFile($xml_file, $xml_buff); - unset($xml_buff); - - $validator = new Validator($xml_file); - $validator->setCacheDir('files/cache'); - $validator->getJsPath(); + function _createSignupRuleset($signupForm) + { + } /** @@ -726,25 +666,7 @@ class memberAdminController extends member */ function _createLoginRuleset($identifier) { - $xml_file = './files/ruleset/login.xml'; - $buff = ''. - ''. - ''. - ''. - '%s'. - ''; - - $fields = array(); - $trans = array('email_address'=>'email', 'user_id'=> ''); - $fields[] = sprintf('', $trans[$identifier]); - $fields[] = ''; - - $xml_buff = sprintf($buff, implode('', $fields)); - Filehandler::writeFile($xml_file, $xml_buff); - - $validator = new Validator($xml_file); - $validator->setCacheDir('files/cache'); - $validator->getJsPath(); + } /** diff --git a/modules/member/member.class.php b/modules/member/member.class.php index 34bfc8925..03bcdb8b8 100644 --- a/modules/member/member.class.php +++ b/modules/member/member.class.php @@ -87,11 +87,6 @@ class member extends ModuleObject { $identifier = 'user_id'; $config->signupForm = $oMemberAdminController->createSignupForm($identifier); $config->identifier = $identifier; - - // Create Ruleset File - FileHandler::makeDir('./files/ruleset'); - $oMemberAdminController->_createSignupRuleset($config->signupForm); - $oMemberAdminController->_createLoginRuleset($config->identifier); } $oModuleController->insertModuleConfig('member',$config); @@ -258,10 +253,9 @@ class member extends ModuleObject { } // supprot multilanguage agreement. - if(is_readable('./files/member_extra_info/agreement.txt')) return true; - - if(!is_readable('./files/ruleset/insertMember.xml')) return true; - if(!is_readable('./files/ruleset/login.xml')) return true; + if(FileHandler::exists('./files/member_extra_info/agreement.txt')) return true; + if(FileHandler::exists('./files/ruleset/insertMember.xml')) return true; + if(FileHandler::exists('./files/ruleset/login.xml')) return true; // 2013. 11. 22 add menu when popup document menu called if(!ModuleModel::getTrigger('document.getDocumentMenu', 'member', 'controller', 'triggerGetDocumentMenu', 'after')) return true; @@ -501,7 +495,7 @@ class member extends ModuleObject { } } - if(is_readable('./files/member_extra_info/agreement.txt')) + if(file_exists('./files/member_extra_info/agreement.txt')) { $source_file = RX_BASEDIR.'files/member_extra_info/agreement.txt'; $target_file = RX_BASEDIR.'files/member_extra_info/agreement_' . Context::get('lang_type') . '.txt'; @@ -509,11 +503,14 @@ class member extends ModuleObject { FileHandler::rename($source_file, $target_file); } - FileHandler::makeDir('./files/ruleset'); - if(!is_readable('./files/ruleset/insertMember.xml')) - $oMemberAdminController->_createSignupRuleset($config->signupForm); - if(!is_readable('./files/ruleset/login.xml')) - $oMemberAdminController->_createLoginRuleset($config->identifier); + if(FileHandler::exists('./files/ruleset/insertMember.xml')) + { + FileHandler::removeFile('./files/ruleset/insertMember.xml'); + } + if(FileHandler::exists('./files/ruleset/login.xml')) + { + FileHandler::removeFile('./files/ruleset/login.xml'); + } // 2013. 11. 22 add menu when popup document menu called if(!ModuleModel::getTrigger('document.getDocumentMenu', 'member', 'controller', 'triggerGetDocumentMenu', 'after')) diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index dff0dfffb..658f46ce7 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -774,11 +774,15 @@ class memberController extends member $config = MemberModel::getMemberConfig(); // call a trigger (before) - $trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config); + $trigger_output = ModuleHandler::triggerCall('member.procMemberInsert', 'before', $config); if(!$trigger_output->toBool ()) return $trigger_output; + // Check if an administrator allows a membership - if($config->enable_join != 'Y') throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled'); - + if($config->enable_join !== 'Y' || !$config->signupForm) + { + throw new Rhymix\Framework\Exceptions\FeatureDisabled('msg_signup_disabled'); + } + // Check if the user accept the license terms (only if terms exist) $accept_agreement = Context::get('accept_agreement'); if(!is_array($accept_agreement)) @@ -851,34 +855,25 @@ class memberController extends member $args->allow_mailing = Context::get('allow_mailing'); $args->allow_message = Context::get('allow_message'); - if($args->password1) $args->password = $args->password1; - // Check phone number - if ($config->phone_number_verify_by_sms === 'Y' && $use_phone) + // Check all required fields + $output = $this->_checkSignUpFields($config, $args, 'insert'); + if (!$output->toBool()) { - if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status']) + return $output; + } + + // Check phone number + if ($use_phone) + { + $output = $this->_checkPhoneNumber($config, $args, 'insert'); + if (!$output->toBool()) { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); - } - if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y')) - { - $args->phone_country = $config->phone_number_default_country; - } - if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country)) - { - $args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country); - } - if ($args->phone_country !== $_SESSION['verify_by_sms']['country']) - { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); - } - if ($args->phone_number !== $_SESSION['verify_by_sms']['number']) - { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); + return $output; } } - + // check password strength if(!MemberModel::checkPasswordStrength($args->password, $config->password_strength)) { @@ -1112,18 +1107,15 @@ class memberController extends member // Extract the necessary information in advance $getVars = array('allow_mailing','allow_message'); $use_phone = false; - if($config->signupForm) + foreach($config->signupForm as $formInfo) { - foreach($config->signupForm as $formInfo) + if($formInfo->name === 'phone_number' && $formInfo->isUse) { - if($formInfo->name === 'phone_number' && $formInfo->isUse) - { - $use_phone = true; - } - if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired)) - { - $getVars[] = $formInfo->name; - } + $use_phone = true; + } + if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired)) + { + $getVars[] = $formInfo->name; } } @@ -1140,7 +1132,7 @@ class memberController extends member $args->phone_country = preg_replace('/[^A-Z]/', '', Context::get('phone_country')); } } - + // mobile input date format can be different if($args->birthday) { @@ -1159,43 +1151,24 @@ class memberController extends member $args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>''))); } - // Check phone number - if ($config->phone_number_verify_by_sms === 'Y' && $use_phone) + // Check all required fields + $output = $this->_checkSignUpFields($config, $args, 'update'); + if (!$output->toBool()) { - $phone_verify_needed = false; - if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y')) + return $output; + } + + // Check phone number + if ($use_phone) + { + $output = $this->_checkPhoneNumber($config, $args, 'update', $logged_info); + if (!$output->toBool()) { - $args->phone_country = $config->phone_number_default_country; - } - if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country)) - { - $args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country); - } - if ($args->phone_country !== $logged_info->phone_country) - { - $phone_verify_needed = true; - } - if (preg_replace('/[^0-9]/', '', $args->phone_number) !== $logged_info->phone_number) - { - $phone_verify_needed = true; - } - if ($phone_verify_needed) - { - if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status']) - { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); - } - if ($args->phone_country !== $_SESSION['verify_by_sms']['country']) - { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); - } - if ($args->phone_number !== $_SESSION['verify_by_sms']['number']) - { - throw new Rhymix\Framework\Exception('verify_by_sms_incomplete'); - } + return $output; } } - + + // Fill in member_srl $args->member_srl = $logged_info->member_srl; // Remove some unnecessary variables from all the vars @@ -3859,7 +3832,115 @@ class memberController extends member return array(); } + + /** + * Check required fields on signup or modify info + * + * @param object $config + * @param object $args + * @param string $mode + * @return object + */ + protected function _checkSignUpFields($config, $args, $mode = 'insert') + { + $not_required_in_update = ['password']; + + foreach($config->signupForm as $formInfo) + { + if($formInfo->required || $formInfo->mustRequired) + { + if ($mode === 'update' && in_array($formInfo->name, $not_required_in_update)) + { + // pass + } + else + { + if (!isset($args->{$formInfo->name}) || !$args->{$formInfo->name}) + { + return new BaseObject(-1, sprintf(lang('common.filter.isnull'), $formInfo->title)); + } + } + } + if ($formInfo->name === 'email_address' && $args->{$formInfo->name} && !Mail::isVaildMailAddress($args->{$formInfo->name})) + { + return new BaseObject(-1, sprintf(lang('common.filter.invalid_email'), $formInfo->title)); + } + if ($formInfo->name === 'user_id' && $args->{$formInfo->name} && !preg_match('/^[a-z]+[\w-]*[a-z0-9_]+$/i', $args->{$formInfo->name})) + { + return new BaseObject(-1, sprintf(lang('common.filter.invalid_user_id'), $formInfo->title)); + } + if ($formInfo->name === 'password' && $args->password && ($args->password !== Context::get('password2'))) + { + return new BaseObject(-1, 'msg_password_mismatch'); + } + } + + return new BaseObject; + } + /** + * Check required fields on signup or modify info + * + * @param object $config + * @param object $args + * @param string $mode + * @param object $original + * @return object + */ + protected function _checkPhoneNumber($config, $args, $mode = 'insert', $original = null) + { + if ($config->phone_number_verify_by_sms === 'Y') + { + // Attempt to fill in the country code. + if ($config->phone_number_default_country && (!$args->phone_country || $config->phone_number_hide_country === 'Y')) + { + $args->phone_country = $config->phone_number_default_country; + } + if ($args->phone_country && !preg_match('/^[A-Z]{3}$/', $args->phone_country)) + { + $args->phone_country = Rhymix\Framework\i18n::getCountryCodeByCallingCode($args->phone_country); + } + if ($args->phone_country === 'KOR' && !Rhymix\Framework\Korea::isValidPhoneNumber($args->phone_number)) + { + return new BaseObject(-1, 'msg_invalid_phone_number'); + } + + // If updating, check if the new info is the same as the old info. + if ($mode === 'update' && $original) + { + $recheck_needed = false; + if ($args->phone_country !== $original->phone_country) + { + $recheck_needed = true; + } + if (preg_replace('/[^0-9]/', '', $args->phone_number) !== $original->phone_number) + { + $recheck_needed = true; + } + if (!$recheck_needed) + { + return new BaseObject; + } + } + + // Check if verified by SMS. + if (!isset($_SESSION['verify_by_sms']) || !$_SESSION['verify_by_sms']['status']) + { + return new BaseObject(-1, 'verify_by_sms_incomplete'); + } + if ($args->phone_country !== $_SESSION['verify_by_sms']['country']) + { + return new BaseObject(-1, 'verify_by_sms_incomplete'); + } + if ($args->phone_number !== $_SESSION['verify_by_sms']['number']) + { + return new BaseObject(-1, 'verify_by_sms_incomplete'); + } + } + + return new BaseObject; + } + public static function _clearMemberCache($member_srl) { return self::clearMemberCache($member_srl); diff --git a/modules/member/ruleset/signup.xml b/modules/member/ruleset/signup.xml index ba39a6cd5..a2704a420 100644 --- a/modules/member/ruleset/signup.xml +++ b/modules/member/ruleset/signup.xml @@ -3,13 +3,6 @@ - - - - - - -