mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-08 11:11:39 +09:00
#270 비밀번호 보안수준 설정 기능 추가
This commit is contained in:
khongchi
parent
b3dfb1a051
commit
981f04d14f
4 changed files with 59 additions and 24 deletions
|
|
@ -1696,15 +1696,15 @@
|
|||
|
||||
<item name="about_password_strength" type="array">
|
||||
<item name="low">
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 4~20자로 되어야 합니다.]]></value>
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 4자 이상이어야 합니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[the password must be at least 4]]></value>
|
||||
</item>
|
||||
<item name="normal">
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 6자리 이상이고, 영문과 숫자를 반드시 포함해야 합니다.]]></value>
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 6자리 이상이어야 하며 영문과 숫자를 반드시 포함해야 합니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[the password must be at least 6, and must have at least one alpha character and numeric characters]]></value>
|
||||
</item>
|
||||
<item name="high">
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 8자리 이상이고 영문과 숫자, 특수문자를 반드시 포함해야 합니다.]]></value>
|
||||
<value xml:lang="ko"><![CDATA[비밀번호는 8자리 이상이어야 하며 영문과 숫자, 특수문자를 반드시 포함해야 합니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[the password must be at least 8, and must have at least one alpha character, numeric character and special character ]]></value>
|
||||
</item>
|
||||
</item>
|
||||
|
|
|
|||
|
|
@ -250,7 +250,7 @@ class memberController extends member
|
|||
{
|
||||
if (Context::getRequestMethod () == "GET") return new Object (-1, "msg_invalid_request");
|
||||
$oMemberModel = &getModel ('member');
|
||||
$config = $oMemberModel->getMemberConfig ();
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
|
||||
// call a trigger (before)
|
||||
$trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config);
|
||||
|
|
@ -288,6 +288,13 @@ class memberController extends member
|
|||
|
||||
if($args->password1) $args->password = $args->password1;
|
||||
|
||||
// check password strength
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
|
||||
// Remove some unnecessary variables from all the vars
|
||||
$all_args = Context::getRequestVars();
|
||||
unset($all_args->module);
|
||||
|
|
@ -565,14 +572,6 @@ class memberController extends member
|
|||
// Get information of member_srl
|
||||
$columnList = array('member_srl', 'password');
|
||||
|
||||
// check password strength
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
if(!$oMemberModel->checkPasswordStrength($password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
|
||||
$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
|
||||
// Verify the cuttent password
|
||||
if(!$oMemberModel->isValidPassword($member_info->password, $current_password, $member_srl)) return new Object(-1, 'invalid_password');
|
||||
|
|
@ -1906,7 +1905,19 @@ class memberController extends member
|
|||
if($args->blog && !preg_match("/^[a-z]+:\/\//i",$args->blog)) $args->blog = 'http://'.$args->blog;
|
||||
// Create a model object
|
||||
$oMemberModel = getModel('member');
|
||||
|
||||
// ID check is prohibited
|
||||
if($args->password && !$password_is_hashed)
|
||||
{
|
||||
// check password strength
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
$args->password = md5($args->password);
|
||||
}
|
||||
elseif(!$args->password) unset($args->password);
|
||||
if($oMemberModel->isDeniedID($args->user_id)) return new Object(-1,'denied_user_id');
|
||||
// ID, nickname, email address of the redundancy check
|
||||
$member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
|
||||
|
|
@ -1923,20 +1934,19 @@ class memberController extends member
|
|||
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
|
||||
if($member_srl) return new Object(-1,'msg_exists_email_address');
|
||||
|
||||
$oDB = &DB::getInstance();
|
||||
$oDB->begin();
|
||||
// Insert data into the DB
|
||||
$args->list_order = -1 * $args->member_srl;
|
||||
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
if($args->password && !$password_is_hashed) $args->password = md5($args->password);
|
||||
elseif(!$args->password) unset($args->password);
|
||||
|
||||
if(!$args->user_id) $args->user_id = 't'.$args->member_srl;
|
||||
if(!$args->user_name) $args->user_name = $args->member_srl;
|
||||
|
||||
$oDB = &DB::getInstance();
|
||||
$oDB->begin();
|
||||
|
||||
$output = executeQuery('member.insertMember', $args);
|
||||
if(!$output->toBool())
|
||||
{
|
||||
|
|
@ -2086,7 +2096,17 @@ class memberController extends member
|
|||
$oDB->begin();
|
||||
// DB in the update
|
||||
|
||||
if($args->password) $args->password = md5($args->password);
|
||||
if($args->password)
|
||||
{
|
||||
// check password strength
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
|
||||
$args->password = md5($args->password);
|
||||
}
|
||||
else $args->password = $orgMemberInfo->password;
|
||||
if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
|
||||
if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
|
||||
|
|
@ -2172,6 +2192,17 @@ class memberController extends member
|
|||
|
||||
if($args->password)
|
||||
{
|
||||
|
||||
// check password strength
|
||||
$oMemberModel = getModel('member');
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
|
||||
if($this->useSha1)
|
||||
{
|
||||
$args->password = md5(sha1(md5($args->password)));
|
||||
|
|
|
|||
|
|
@ -1050,17 +1050,20 @@ class memberModel extends member
|
|||
}
|
||||
|
||||
|
||||
function checkPasswordStrength($password, $stength)
|
||||
function checkPasswordStrength($password, $strength)
|
||||
{
|
||||
if($stength == NULL)
|
||||
$logged_info = Context::get('logged_info');
|
||||
if($logged_info->is_admin == 'Y') return true;
|
||||
|
||||
if($strength == NULL)
|
||||
{
|
||||
$config = $this->getMemberConfig();
|
||||
$stength = $config->password_strength?$config->password_strength:'normal';
|
||||
$strength = $config->password_strength?$config->password_strength:'normal';
|
||||
}
|
||||
|
||||
$length = strlen($password);
|
||||
|
||||
switch ($stength) {
|
||||
switch ($strength) {
|
||||
case 'high':
|
||||
if($length < 8 || !preg_match('/[^a-zA-Z0-9]/', $password)) return false;
|
||||
/* no break */
|
||||
|
|
|
|||
|
|
@ -4,12 +4,13 @@
|
|||
<!--%load_js_plugin("ui.datepicker")-->
|
||||
<include target="./common_header.html" />
|
||||
<h1 style="border-bottom:1px solid #ccc">{$lang->cmd_signup}</h1>
|
||||
<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skins/default/signup_form/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
|
||||
<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/member/skins/default/modify_info/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
|
||||
<p>{$XE_VALIDATOR_MESSAGE}</p>
|
||||
</div>
|
||||
<form ruleset="@insertMember" id="fo_insert_member" action="./" method="post" enctype="multipart/form-data" class="form-horizontal">
|
||||
<input type="hidden" name="act" value="procMemberInsert" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/member/skins/default/signup_form/1" />
|
||||
<input type="hidden" name="xe_validator_id" value="modules/member/skins/default/modify_info/1" />
|
||||
<input type="hidden" name="success_return_url" value="{getUrl('act','dispMemberInfo')}" />
|
||||
<div class="agreement" cond="$member_config->agreement">
|
||||
<div class="text">
|
||||
{$member_config->agreement}
|
||||
|
|
@ -31,7 +32,7 @@
|
|||
<label for="password" class="control-label"><em style="color:red">*</em> {$lang->password}</label>
|
||||
<div class="controls">
|
||||
<input type="password" name="password" id="password" value="" required />
|
||||
<p class="help-inline">{$lang->about_password}</p>
|
||||
<p class="help-inline">{$lang->about_password_strength[$member_config->password_strength]}</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="control-group">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue