From e25b36ee64a6a98c9314fde5b17f496abdb5715d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Tue, 26 Apr 2016 23:55:00 +0900 Subject: [PATCH 1/5] Improve anonymous nickname handling --- modules/board/board.controller.php | 27 ++++++++++++++-- modules/board/lang/ko.php | 2 ++ modules/board/tpl/board_insert.html | 8 +++++ modules/comment/comment.admin.view.php | 29 ++++++++++++++++-- modules/comment/tpl/comment_list.html | 6 +++- modules/document/document.admin.view.php | 39 +++++++++++++----------- modules/document/tpl/document_list.html | 3 +- 7 files changed, 90 insertions(+), 24 deletions(-) diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php index 4b726a63a..cfbf0a8cd 100644 --- a/modules/board/board.controller.php +++ b/modules/board/board.controller.php @@ -88,7 +88,7 @@ class boardController extends board $obj->member_srl = -1*$logged_info->member_srl; } $obj->email_address = $obj->homepage = $obj->user_id = ''; - $obj->user_name = $obj->nick_name = 'anonymous'; + $obj->user_name = $obj->nick_name = $this->createAnonymousNickname($this->module_info->anonymous_name ?: 'anonymous', $logged_info); $bAnonymous = true; if($is_update===false) { @@ -187,7 +187,7 @@ class boardController extends board $oMail = new Mail(); $oMail->setTitle($obj->title); $oMail->setContent( sprintf("From : %s
\r\n%s", getFullUrl('','document_srl',$obj->document_srl), getFullUrl('','document_srl',$obj->document_srl), $obj->content)); - $oMail->setSender($obj->user_name ? $obj->user_name : 'anonymous', $obj->email_address ? $obj->email_address : $member_config->webmaster_email); + $oMail->setSender($obj->user_name ?: null, $obj->email_address ? $obj->email_address : $member_config->webmaster_email); $target_mail = explode(',',$this->module_info->admin_mail); for($i=0;$inotify_message = 'N'; $obj->member_srl = -1*$logged_info->member_srl; $obj->email_address = $obj->homepage = $obj->user_id = ''; - $obj->user_name = $obj->nick_name = 'anonymous'; + $obj->user_name = $obj->nick_name = $this->createAnonymousNickname($this->module_info->anonymous_name ?: 'anonymous', $logged_info); $bAnonymous = true; } else @@ -632,4 +632,25 @@ class boardController extends board return new Object(); } + + /** + * Create an anonymous nickname. + * + * @param string $format + * @param object $logged_info + * @return string + */ + public function createAnonymousNickname($format, $logged_info) + { + if (strpos($format, '$NUM') === false) + { + return $format; + } + else + { + $num = hash_hmac('sha256', $logged_info->member_srl ?: \RX_CLIENT_IP, config('crypto.authentication_key')); + $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); + return strtr($format, array('$NUM' => $num)); + } + } } diff --git a/modules/board/lang/ko.php b/modules/board/lang/ko.php index 23e90484a..ef8068541 100644 --- a/modules/board/lang/ko.php +++ b/modules/board/lang/ko.php @@ -2,6 +2,7 @@ $lang->board = '게시판'; $lang->except_notice = '공지사항 제외'; $lang->use_anonymous = '익명 사용'; +$lang->anonymous_name = '익명 닉네임'; $lang->cmd_manage_menu = '메뉴관리'; $lang->list_target_item = '대상 항목'; $lang->list_display_item = '표시 항목'; @@ -26,6 +27,7 @@ $lang->about_layout_setup = '블로그의 레이아웃 코드를 직접 수정 $lang->about_board_category = '분류를 만들 수 있습니다. 분류가 오동작을 할 경우 캐시파일 재생성을 수동으로 해주시면 해결이 될 수 있습니다.'; $lang->about_except_notice = '목록 상단에 늘 나타나는 공지사항을 일반 목록에서 공지사항을 출력하지 않도록 합니다.'; $lang->about_use_anonymous = '글쓴이의 정보를 없애고 익명으로 게시판 사용을 할 수 있게 합니다. 스킨설정에서 글쓴이 정보등을 보이지 않도록 하시면 더욱 유용합니다. 추가설정의 문서 히스토리 사용이 꺼져있지 않으면 문서 수정시 작성자가 표시될 수 있습니다.'; +$lang->about_anonymous_name = '익명 기능을 사용할 때 표시할 익명 닉네임을 정할 수 있습니다.
$NUM은 회원마다 고유한 난수로 치환됩니다. (예: 익명_$NUM → 익명_12345678)'; $lang->about_board = '게시판을 생성하고 관리할 수 있습니다.'; $lang->about_consultation = '상담 기능은 관리권한이 없는 회원은 자신이 쓴 글만 보이도록 하는 기능입니다. 단 상담기능 사용시 비회원 글쓰기는 자동으로 금지됩니다.'; $lang->about_secret = '게시판 및 댓글의 비밀글 기능을 사용할 수 있도록 합니다.'; diff --git a/modules/board/tpl/board_insert.html b/modules/board/tpl/board_insert.html index 0dbdcb961..d7b3ae8da 100644 --- a/modules/board/tpl/board_insert.html +++ b/modules/board/tpl/board_insert.html @@ -205,6 +205,14 @@ +
+ +
+ + {$lang->help} + +
+
diff --git a/modules/comment/comment.admin.view.php b/modules/comment/comment.admin.view.php index 0ea4d7bb3..057eb978e 100644 --- a/modules/comment/comment.admin.view.php +++ b/modules/comment/comment.admin.view.php @@ -67,6 +67,7 @@ class commentAdminView extends comment Context::set('page_navigation', $output->page_navigation); Context::set('secret_name_list', $secretNameList); + // Module List $oModuleModel = getModel('module'); $module_list = array(); $mod_srls = array(); @@ -75,7 +76,6 @@ class commentAdminView extends comment $mod_srls[] = $val->module_srl; } $mod_srls = array_unique($mod_srls); - // Module List $mod_srls_count = count($mod_srls); if($mod_srls_count) { @@ -90,7 +90,32 @@ class commentAdminView extends comment } } Context::set('module_list', $module_list); - + + // Get anonymous nicknames + $anonymous_member_srls = array(); + foreach($output->data as $val) + { + if($val->get('member_srl') < 0) + { + $anonymous_member_srls[] = abs($val->get('member_srl')); + } + } + if($anonymous_member_srls) + { + $member_args = new stdClass(); + $member_args->member_srl = $anonymous_member_srls; + $member_output = executeQueryArray('member.getMembers', $member_args); + if($member_output) + { + $member_nick_neme = array(); + foreach($member_output->data as $member) + { + $member_nick_neme[$member->member_srl] = $member->nick_name; + } + } + } + Context::set('member_nick_name', $member_nick_neme); + // set the template $this->setTemplatePath($this->module_path . 'tpl'); $this->setTemplateFile('comment_list'); diff --git a/modules/comment/tpl/comment_list.html b/modules/comment/tpl/comment_list.html index 40f8be128..96b6e75ad 100644 --- a/modules/comment/tpl/comment_list.html +++ b/modules/comment/tpl/comment_list.html @@ -53,7 +53,11 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}'; {$comment}{$lang->no_text_comment} - {$val->getNickName()} + + {$val->getNickName()} + {$val->getNickName()} + ({$lang->anonymous}) {$member_nick_name[abs($val->get('member_srl'))]} + {number_format($val->get('voted_count'))}/{number_format($val->get('blamed_count'))} {(zdate($val->regdate,"Y-m-d\nH:i:s"))} {$val->ipaddress} diff --git a/modules/document/document.admin.view.php b/modules/document/document.admin.view.php index 5e322fc38..44d5ac579 100644 --- a/modules/document/document.admin.view.php +++ b/modules/document/document.admin.view.php @@ -72,13 +72,34 @@ class documentAdminView extends document } Context::set('search_option', $search_option); + // Module List $oModuleModel = getModel('module'); $module_list = array(); $mod_srls = array(); - $anonymous_member_srls = array(); foreach($output->data as $oDocument) { $mod_srls[] = $oDocument->get('module_srl'); + } + $mod_srls = array_unique($mod_srls); + $mod_srls_count = count($mod_srls); + if($mod_srls_count) + { + $columnList = array('module_srl', 'mid', 'browser_title'); + $module_output = $oModuleModel->getModulesInfo($mod_srls, $columnList); + if($module_output && is_array($module_output)) + { + foreach($module_output as $module) + { + $module_list[$module->module_srl] = $module; + } + } + } + Context::set('module_list', $module_list); + + // Get anonymous nicknames + $anonymous_member_srls = array(); + foreach($output->data as $oDocument) + { if($oDocument->get('member_srl') < 0) { $anonymous_member_srls[] = abs($oDocument->get('member_srl')); @@ -99,22 +120,6 @@ class documentAdminView extends document } } Context::set('member_nick_name', $member_nick_neme); - $mod_srls = array_unique($mod_srls); - // Module List - $mod_srls_count = count($mod_srls); - if($mod_srls_count) - { - $columnList = array('module_srl', 'mid', 'browser_title'); - $module_output = $oModuleModel->getModulesInfo($mod_srls, $columnList); - if($module_output && is_array($module_output)) - { - foreach($module_output as $module) - { - $module_list[$module->module_srl] = $module; - } - } - } - Context::set('module_list', $module_list); // Specify a template $this->setTemplatePath($this->module_path.'tpl'); diff --git a/modules/document/tpl/document_list.html b/modules/document/tpl/document_list.html index 82c917227..f39940be2 100644 --- a/modules/document/tpl/document_list.html +++ b/modules/document/tpl/document_list.html @@ -53,7 +53,8 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}'; {htmlspecialchars($oDocument->getTitleText())}{$lang->no_title_document} - {$oDocument->getNickName()} + {$oDocument->getNickName()} + {$oDocument->getNickName()} ({$lang->anonymous}) {$member_nick_name[abs($oDocument->get('member_srl'))]} {$oDocument->get('readed_count')} From ffc46763c9fbbaeb303f7de614c7503761ffa965 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Wed, 27 Apr 2016 12:01:29 +0900 Subject: [PATCH 2/5] In admin page, display both anonymous name and real member name --- modules/comment/tpl/comment_list.html | 4 ++-- modules/document/tpl/document_list.html | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/comment/tpl/comment_list.html b/modules/comment/tpl/comment_list.html index 96b6e75ad..4ce9ff983 100644 --- a/modules/comment/tpl/comment_list.html +++ b/modules/comment/tpl/comment_list.html @@ -54,9 +54,9 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}'; {$comment}{$lang->no_text_comment} - {$val->getNickName()} + {$val->getNickName()} + ({$member_nick_name[abs($val->get('member_srl'))]}) {$val->getNickName()} - ({$lang->anonymous}) {$member_nick_name[abs($val->get('member_srl'))]} {number_format($val->get('voted_count'))}/{number_format($val->get('blamed_count'))} {(zdate($val->regdate,"Y-m-d\nH:i:s"))} diff --git a/modules/document/tpl/document_list.html b/modules/document/tpl/document_list.html index f39940be2..a4f6afcdc 100644 --- a/modules/document/tpl/document_list.html +++ b/modules/document/tpl/document_list.html @@ -53,9 +53,9 @@ xe.lang.msg_empty_search_keyword = '{$lang->msg_empty_search_keyword}'; {htmlspecialchars($oDocument->getTitleText())}{$lang->no_title_document} - {$oDocument->getNickName()} + {$oDocument->getNickName()} + ({$member_nick_name[abs($oDocument->get('member_srl'))]}) {$oDocument->getNickName()} - ({$lang->anonymous}) {$member_nick_name[abs($oDocument->get('member_srl'))]} {$oDocument->get('readed_count')} {$oDocument->get('voted_count')}/{$oDocument->get('blamed_count')} From a23addca17bf1bece3f6eb0c8622d1df450943d7 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 28 Apr 2016 11:19:19 +0900 Subject: [PATCH 3/5] Add DAILYNUM option for daily rotation of random numbers --- modules/board/board.controller.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php index cfbf0a8cd..450b6a8a3 100644 --- a/modules/board/board.controller.php +++ b/modules/board/board.controller.php @@ -642,15 +642,21 @@ class boardController extends board */ public function createAnonymousNickname($format, $logged_info) { - if (strpos($format, '$NUM') === false) - { - return $format; - } - else + if (strpos($format, '$NUM') !== false) { $num = hash_hmac('sha256', $logged_info->member_srl ?: \RX_CLIENT_IP, config('crypto.authentication_key')); $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); return strtr($format, array('$NUM' => $num)); } + elseif (strpos($format, '$DAILYNUM') !== false) + { + $num = hash_hmac('sha256', ($logged_info->member_srl ?: \RX_CLIENT_IP) . date('Ymd'), config('crypto.authentication_key')); + $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); + return strtr($format, array('$DAILYNUM' => $num)); + } + else + { + return $format; + } } } From fc870d5672d280c8256a785319fe9159a165e525 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 28 Apr 2016 12:52:14 +0900 Subject: [PATCH 4/5] Add DOCNUM option to anonymous name --- modules/board/board.controller.php | 19 +++++++++++++------ modules/board/lang/ko.php | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/modules/board/board.controller.php b/modules/board/board.controller.php index 450b6a8a3..dfe95b9ff 100644 --- a/modules/board/board.controller.php +++ b/modules/board/board.controller.php @@ -88,7 +88,7 @@ class boardController extends board $obj->member_srl = -1*$logged_info->member_srl; } $obj->email_address = $obj->homepage = $obj->user_id = ''; - $obj->user_name = $obj->nick_name = $this->createAnonymousNickname($this->module_info->anonymous_name ?: 'anonymous', $logged_info); + $obj->user_name = $obj->nick_name = $this->createAnonymousName($this->module_info->anonymous_name ?: 'anonymous', $logged_info->member_srl, $obj->document_srl); $bAnonymous = true; if($is_update===false) { @@ -367,7 +367,7 @@ class boardController extends board $obj->notify_message = 'N'; $obj->member_srl = -1*$logged_info->member_srl; $obj->email_address = $obj->homepage = $obj->user_id = ''; - $obj->user_name = $obj->nick_name = $this->createAnonymousNickname($this->module_info->anonymous_name ?: 'anonymous', $logged_info); + $obj->user_name = $obj->nick_name = $this->createAnonymousName($this->module_info->anonymous_name ?: 'anonymous', $logged_info->member_srl, $obj->document_srl); $bAnonymous = true; } else @@ -637,23 +637,30 @@ class boardController extends board * Create an anonymous nickname. * * @param string $format - * @param object $logged_info + * @param int $member_srl + * @param int $document_srl * @return string */ - public function createAnonymousNickname($format, $logged_info) + public function createAnonymousName($format, $member_srl, $document_srl) { if (strpos($format, '$NUM') !== false) { - $num = hash_hmac('sha256', $logged_info->member_srl ?: \RX_CLIENT_IP, config('crypto.authentication_key')); + $num = hash_hmac('sha256', $member_srl ?: \RX_CLIENT_IP, config('crypto.authentication_key')); $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); return strtr($format, array('$NUM' => $num)); } elseif (strpos($format, '$DAILYNUM') !== false) { - $num = hash_hmac('sha256', ($logged_info->member_srl ?: \RX_CLIENT_IP) . date('Ymd'), config('crypto.authentication_key')); + $num = hash_hmac('sha256', ($member_srl ?: \RX_CLIENT_IP) . ':date:' . date('Y-m-d'), config('crypto.authentication_key')); $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); return strtr($format, array('$DAILYNUM' => $num)); } + elseif (strpos($format, '$DOCNUM') !== false) + { + $num = hash_hmac('sha256', ($member_srl ?: \RX_CLIENT_IP) . ':document_srl:' . $document_srl, config('crypto.authentication_key')); + $num = sprintf('%08d', hexdec(substr($num, 0, 8)) % 100000000); + return strtr($format, array('$DOCNUM' => $num)); + } else { return $format; diff --git a/modules/board/lang/ko.php b/modules/board/lang/ko.php index ef8068541..b0c8c3414 100644 --- a/modules/board/lang/ko.php +++ b/modules/board/lang/ko.php @@ -27,7 +27,7 @@ $lang->about_layout_setup = '블로그의 레이아웃 코드를 직접 수정 $lang->about_board_category = '분류를 만들 수 있습니다. 분류가 오동작을 할 경우 캐시파일 재생성을 수동으로 해주시면 해결이 될 수 있습니다.'; $lang->about_except_notice = '목록 상단에 늘 나타나는 공지사항을 일반 목록에서 공지사항을 출력하지 않도록 합니다.'; $lang->about_use_anonymous = '글쓴이의 정보를 없애고 익명으로 게시판 사용을 할 수 있게 합니다. 스킨설정에서 글쓴이 정보등을 보이지 않도록 하시면 더욱 유용합니다. 추가설정의 문서 히스토리 사용이 꺼져있지 않으면 문서 수정시 작성자가 표시될 수 있습니다.'; -$lang->about_anonymous_name = '익명 기능을 사용할 때 표시할 익명 닉네임을 정할 수 있습니다.
$NUM은 회원마다 고유한 난수로 치환됩니다. (예: 익명_$NUM → 익명_12345678)'; +$lang->about_anonymous_name = '익명 기능을 사용할 때 표시할 익명 닉네임을 정할 수 있습니다.
$NUM을 사용하면 회원마다 고유한 난수를 부여할 수 있습니다. (예: 익명_$NUM → 익명_12345678)
$DAILYNUM을 사용하면 매일 난수가 변경되고, $DOCNUM을 사용하면 문서마다 변경됩니다.'; $lang->about_board = '게시판을 생성하고 관리할 수 있습니다.'; $lang->about_consultation = '상담 기능은 관리권한이 없는 회원은 자신이 쓴 글만 보이도록 하는 기능입니다. 단 상담기능 사용시 비회원 글쓰기는 자동으로 금지됩니다.'; $lang->about_secret = '게시판 및 댓글의 비밀글 기능을 사용할 수 있도록 합니다.'; From a107e86dc65b4fe6a6913debb23f09c5af9a8b32 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Thu, 28 Apr 2016 13:03:23 +0900 Subject: [PATCH 5/5] Reduce risk of accidental disclosure of member_srl and other personal info --- modules/board/skins/default/_comment.html | 6 +++--- modules/board/skins/default/_read.html | 6 +++--- modules/board/skins/xedition/_comment.html | 6 +++--- modules/board/skins/xedition/_read.html | 6 +++--- modules/comment/comment.item.php | 4 ++-- modules/document/document.item.php | 4 ++-- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/modules/board/skins/default/_comment.html b/modules/board/skins/default/_comment.html index 99c6983ac..ada266cb0 100644 --- a/modules/board/skins/default/_comment.html +++ b/modules/board/skins/default/_comment.html @@ -9,9 +9,9 @@ Profile

- {$comment->getNickName()} - {$comment->getNickName()} - {$comment->getNickName()} + {$comment->getNickName()} + {$comment->getNickName()} + {$comment->getNickName()}

{$comment->getRegdate('Y.m.d H:i')}

diff --git a/modules/board/skins/default/_read.html b/modules/board/skins/default/_read.html index 280c3461e..f99b11ab1 100644 --- a/modules/board/skins/default/_read.html +++ b/modules/board/skins/default/_read.html @@ -9,9 +9,9 @@ {$oDocument->getRegdate('Y.m.d H:i')}

- {$oDocument->getNickName()} - {$oDocument->getNickName()} - {$oDocument->getNickName()} + {$oDocument->getNickName()} + {$oDocument->getNickName()} + {$oDocument->getNickName()} {$lang->readed_count}:{$oDocument->get('readed_count')} {$lang->cmd_vote}:{$oDocument->get('voted_count')} diff --git a/modules/board/skins/xedition/_comment.html b/modules/board/skins/xedition/_comment.html index fabb798c7..e2fffcbbd 100644 --- a/modules/board/skins/xedition/_comment.html +++ b/modules/board/skins/xedition/_comment.html @@ -9,9 +9,9 @@ Profile

- {$comment->getNickName()} - {$comment->getNickName()} - {$comment->getNickName()} + {$comment->getNickName()} + {$comment->getNickName()} + {$comment->getNickName()}

{$comment->getRegdate('Y.m.d H:i')}

diff --git a/modules/board/skins/xedition/_read.html b/modules/board/skins/xedition/_read.html index f0102cb25..8558205ec 100644 --- a/modules/board/skins/xedition/_read.html +++ b/modules/board/skins/xedition/_read.html @@ -7,9 +7,9 @@

- {$oDocument->getNickName()} - {$oDocument->getNickName()} - {$oDocument->getNickName()} + {$oDocument->getNickName()} + {$oDocument->getNickName()} + {$oDocument->getNickName()} {$oDocument->getRegdate('Y.m.d H:i')} diff --git a/modules/comment/comment.item.php b/modules/comment/comment.item.php index 9242cc3bd..5856a735a 100644 --- a/modules/comment/comment.item.php +++ b/modules/comment/comment.item.php @@ -496,7 +496,7 @@ class commentItem extends Object */ function getProfileImage() { - if(!$this->isExists() || !$this->get('member_srl')) + if(!$this->isExists() || $this->get('member_srl') <= 0) { return; } @@ -517,7 +517,7 @@ class commentItem extends Object function getSignature() { // pass if the posting not exists. - if(!$this->isExists() || !$this->get('member_srl')) + if(!$this->isExists() || $this->get('member_srl') <= 0) { return; } diff --git a/modules/document/document.item.php b/modules/document/document.item.php index 63b8747e6..9b38b216a 100644 --- a/modules/document/document.item.php +++ b/modules/document/document.item.php @@ -1168,7 +1168,7 @@ class documentItem extends Object */ function getProfileImage() { - if(!$this->isExists() || !$this->get('member_srl')) return; + if(!$this->isExists() || $this->get('member_srl') <= 0) return; $oMemberModel = getModel('member'); $profile_info = $oMemberModel->getProfileImage($this->get('member_srl')); if(!$profile_info) return; @@ -1183,7 +1183,7 @@ class documentItem extends Object function getSignature() { // Pass if a document doesn't exist - if(!$this->isExists() || !$this->get('member_srl')) return; + if(!$this->isExists() || $this->get('member_srl') <= 0) return; // Get signature information $oMemberModel = getModel('member'); $signature = $oMemberModel->getSignature($this->get('member_srl'));