fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-22 05:15:29 +09:00
Code Issues Projects Releases Packages Wiki Activity

Separate procMemberResetPassword action from procMemberModifyPassword

Browse source
This commit is contained in:
Kijin Sung 2023-11-29 21:45:42 +09:00
parent cd1477f14b
commit 8e1ccf7c1b
5 changed files with 73 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/member/conf/module.xml
View file

@ -49,7 +49,8 @@
<action name="procMemberConfirmVerificationSMS" type="controller" /> <action name="procMemberConfirmVerificationSMS" type="controller" />
<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" /> <action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
<action name="procMemberModifyInfo" type="controller" permission="member" /> <action name="procMemberModifyInfo" type="controller" permission="member" />
<action name="procMemberModifyPassword" type="controller" permission="guest" ruleset="modifyPassword" /> <action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
<action name="procMemberResetPassword" type="controller" />
<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" /> <action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" /> <action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" />
<action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" /> <action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" />

96
modules/member/member.controller.php
View file

@ -1146,28 +1146,11 @@ class MemberController extends Member
* *
* @return void|Object (void : success, Object : fail) * @return void|Object (void : success, Object : fail)
*/ */
function procMemberModifyPassword() public function procMemberModifyPassword()
{ {
// Check if this request comes from password reset
$config = MemberModel::getMemberConfig(); $config = MemberModel::getMemberConfig();
$vars = Context::getRequestVars(); $vars = Context::getRequestVars();
$is_password_reset = (($config->password_reset_method ?? 1) == 2 && !empty($vars->auth_key) && !empty($vars->member_srl) && $vars->auth_key === $vars->current_password); if (!$this->user->member_srl)
if ($is_password_reset)
{
$output = executeQuery('member.getAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
if(!$output->toBool() || $output->data->auth_key !== $vars->auth_key)
{
executeQuery('member.deleteAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
}
$expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400;
if(ztime($output->data->regdate) < time() - $expires)
{
executeQuery('member.deleteAuthMail', ['member_srl' => $vars->member_srl, 'auth_key' => $vars->auth_key]);
throw new Rhymix\Framework\Exception('msg_expired_auth_key');
}
}
if (!$is_password_reset && !$this->user->member_srl)
{ {
throw new Rhymix\Framework\Exceptions\MustLogin; throw new Rhymix\Framework\Exceptions\MustLogin;
} }
@ -1177,24 +1160,14 @@ class MemberController extends Member
$password = trim($vars->password1); $password = trim($vars->password1);
// Get information of logged-in user // Get information of logged-in user
if ($is_password_reset)
{
$member_srl = $vars->member_srl;
}
else
{
$member_srl = $this->user->member_srl; $member_srl = $this->user->member_srl;
}
$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl); $member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);
// Verify the current password // Verify the current password
if (!$is_password_reset)
{
if (!MemberModel::isValidPassword($member_info->password, $current_password, $member_srl)) if (!MemberModel::isValidPassword($member_info->password, $current_password, $member_srl))
{ {
throw new Rhymix\Framework\Exception('invalid_current_password'); throw new Rhymix\Framework\Exception('invalid_current_password');
} }
}
// Check if a new password is as same as the previous password // Check if a new password is as same as the previous password
if ($current_password === $password) if ($current_password === $password)
@ -1225,10 +1198,6 @@ class MemberController extends Member
{ {
$returnUrl = Context::get('success_return_url'); $returnUrl = Context::get('success_return_url');
} }
elseif ($is_password_reset)
{
$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberLoginForm');
}
else else
{ {
$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberInfo'); $returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberInfo');
@ -1236,6 +1205,67 @@ class MemberController extends Member
$this->setRedirectUrl($returnUrl); $this->setRedirectUrl($returnUrl);
} }
/**
* Change password using auth_key instead of current password
*/
public function procMemberResetPassword()
{
$config = MemberModel::getMemberConfig();
$vars = Context::getRequestVars();
// Check auth_key
if (empty($vars->auth_key))
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
$output = executeQuery('member.getAuthMail', ['auth_key' => $vars->auth_key]);
if(!$output->toBool() || $output->data->auth_key !== $vars->auth_key)
{
executeQuery('member.deleteAuthMail', ['auth_key' => $vars->auth_key]);
throw new Rhymix\Framework\Exception('msg_invalid_auth_key');
}
$expires = (intval($config->authmail_expires) * intval($config->authmail_expires_unit)) ?: 86400;
if(ztime($output->data->regdate) < time() - $expires)
{
executeQuery('member.deleteAuthMail', ['auth_key' => $vars->auth_key]);
throw new Rhymix\Framework\Exception('msg_expired_auth_key');
}
// Extract the necessary information in advance
$member_srl = $output->data->member_srl;
// Update the password
$args = new stdClass;
$args->member_srl = $member_srl;
$args->password = trim($vars->password1);
$output = $this->updateMemberPassword($args);
if (!$output->toBool())
{
return $output;
}
// Log out all other sessions.
if ($config->password_change_invalidate_other_sessions === 'Y')
{
Rhymix\Framework\Session::destroyOtherSessions($member_srl);
}
$this->add('member_srl', $member_srl);
$this->setMessage('member.msg_password_changed');
if (Context::get('success_return_url'))
{
$returnUrl = Context::get('success_return_url');
}
else
{
$returnUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberLoginForm');
}
$this->setRedirectUrl($returnUrl);
}
/** /**
* Membership withdrawal * Membership withdrawal
* *

3
modules/member/queries/deleteAuthMail.xml
View file

@ -3,6 +3,7 @@
<table name="member_auth_mail" /> <table name="member_auth_mail" />
</tables> </tables>
<conditions> <conditions>
<condition operation="equal" column="member_srl" var="member_srl" notnull="notnull" /> <condition operation="equal" column="member_srl" var="member_srl" />
<condition operation="equal" column="auth_key" var="auth_key" />
</conditions> </conditions>
</query> </query>

4
modules/member/queries/getAuthMail.xml
View file

@ -6,7 +6,7 @@
<column name="*" /> <column name="*" />
</columns> </columns>
<conditions> <conditions>
<condition operation="equal" column="member_srl" var="member_srl" notnull="notnull" /> <condition operation="equal" column="member_srl" var="member_srl" />
<condition operation="equal" column="auth_key" var="auth_key" pipe="and" /> <condition operation="equal" column="auth_key" var="auth_key" />
</conditions> </conditions>
</query> </query>

4
modules/member/skins/default/reset_password.html
View file

@ -7,12 +7,10 @@
</div> </div>
<form action="./" method="post" class="rx_ajax"> <form action="./" method="post" class="rx_ajax">
<input type="hidden" name="module" value="member" /> <input type="hidden" name="module" value="member" />
<input type="hidden" name="act" value="procMemberModifyPassword" /> <input type="hidden" name="act" value="procMemberResetPassword" />
<input type="hidden" name="mid" value="{$member_config->mid ?? ''}" /> <input type="hidden" name="mid" value="{$member_config->mid ?? ''}" />
<input type="hidden" name="xe_validator_id" value="modules/member/skins" /> <input type="hidden" name="xe_validator_id" value="modules/member/skins" />
<input type="hidden" name="auth_key" value="{$auth_key}" /> <input type="hidden" name="auth_key" value="{$auth_key}" />
<input type="hidden" name="member_srl" value="{$member_srl}" />
<input type="hidden" name="current_password" value="{$auth_key}" />
<div> <div>
<input type="password" name="password1" id="npw1" required placeholder="{$lang->password1}" title="{$lang->password1}" /> <input type="password" name="password1" id="npw1" required placeholder="{$lang->password1}" title="{$lang->password1}" />
<span class="help-inline">{$lang->about_password_strength[$member_config->password_strength]}</span> <span class="help-inline">{$lang->about_password_strength[$member_config->password_strength]}</span>