fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 06:13:32 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1373 from kijin/fix/authmail-security

Browse source 
인증메일의 유효기간을 24시간으로 제한
This commit is contained in:
bnu 2015-07-06 17:55:07 +09:00
commit 9b4c300817
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/member/member.controller.php
View file

@ -72,6 +72,11 @@ class memberController extends member
}
}
// Delete all previous authmail if login is successful
$args = new stdClass();
$args->member_srl = $this->memberInfo->member_srl;
executeQuery('member.deleteAuthMail', $args);
if(!$config->after_login_url)
{
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
@ -1126,6 +1131,12 @@ class memberController extends member
return $this->stop('msg_invalid_auth_key');
}
if(ztime($output->data->regdate) < $_SERVER['REQUEST_TIME'] + zgap() - 86400)
{
executeQuery('member.deleteAuthMail', $args);
return $this->stop('msg_invalid_auth_key');
}
$args->password = $output->data->new_password;
// If credentials are correct, change the password to a new one
@ -1196,6 +1207,12 @@ class memberController extends member
if(!$output->data || !$output->data[0]->auth_key) return new Object(-1, 'msg_invalid_request');
$auth_info = $output->data[0];
// Update the regdate of authmail entry
$renewal_args = new stdClass;
$renewal_args->member_srl = $member_info->member_srl;
$renewal_args->auth_key = $auth_info->auth_key;
$output = executeQuery('member.updateAuthMail', $renewal_args);
$memberInfo = array();
global $lang;
if(is_array($member_config->signupForm))