From a201d8bf00bafe4ccf36d24dab837a5f2437a977 Mon Sep 17 00:00:00 2001 From: zero Date: Tue, 9 Oct 2007 08:17:08 +0000 Subject: [PATCH] =?UTF-8?q?mysql=20=EC=82=AC=EC=9A=A9=EC=8B=9C=20old=5Fpas?= =?UTF-8?q?sword,=20password=EC=97=90=20=EB=8C=80=ED=95=B4=EC=84=9C=20?= =?UTF-8?q?=EC=A0=9C=EB=8C=80=EB=A1=9C=20=EC=B2=98=EB=A6=AC=EB=90=98?= =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95=20?= =?UTF-8?q?(=EC=A0=9C=EB=A1=9C=EB=B3=B4=EB=93=9C4=EC=97=90=EC=84=9C=20?= =?UTF-8?q?=EC=9D=B4=EC=A0=84=EC=8B=9C=20=EC=A0=81=EC=9A=A9=EB=90=98?= =?UTF-8?q?=EB=8A=94=20=EB=B6=80=EB=B6=84)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: http://xe-core.googlecode.com/svn/sandbox@2704 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- classes/db/DBMysql.class.php | 7 ++++--- classes/db/DBMysql_innodb.class.php | 7 ++++--- modules/member/member.controller.php | 6 ++++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/classes/db/DBMysql.class.php b/classes/db/DBMysql.class.php index 4ec3a45e9..f70048522 100644 --- a/classes/db/DBMysql.class.php +++ b/classes/db/DBMysql.class.php @@ -191,11 +191,12 @@ /** * @brief mysql old password를 가져오는 함수 (mysql에서만 사용) **/ - function getOldPassword($password) { - $query = sprintf("select old_password('%s') as password", $password); + function isValidOldPassword($password, $saved_password) { + $query = sprintf("select password('%s') as password, old_password('%s') as old_password", $this->addQuotes($password), $this->addQuotes($password)); $result = $this->_query($query); $tmp = $this->_fetch($result); - return $tmp->password; + if($tmp->password == $saved_password || $tmp->old_password == $saved_password) return true; + return false; } /** diff --git a/classes/db/DBMysql_innodb.class.php b/classes/db/DBMysql_innodb.class.php index c8d6199d1..a69773b7d 100644 --- a/classes/db/DBMysql_innodb.class.php +++ b/classes/db/DBMysql_innodb.class.php @@ -200,11 +200,12 @@ /** * @brief mysql old password를 가져오는 함수 (mysql에서만 사용) **/ - function getOldPassword($password) { - $query = sprintf("select old_password('%s') as password", $password); + function isValidOldPassword($password, $saved_password) { + $query = sprintf("select password('%s') as password, old_password('%s') as old_password", $this->addQuotes($password), $this->addQuotes($password)); $result = $this->_query($query); $tmp = $this->_fetch($result); - return $tmp->password; + if($tmp->password == $saved_password || $tmp->old_password == $saved_password) return true; + return false; } /** diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php index 90798f79a..3a90c3d93 100644 --- a/modules/member/member.controller.php +++ b/modules/member/member.controller.php @@ -939,7 +939,7 @@ // return 값이 없으면 존재하지 않는 사용자로 지정 if(!$user_id || $member_info->user_id != $user_id) return new Object(-1, 'invalid_user_id'); - // 비밀번호 검사 : 우선 md5() hash값으로 비굥 + // 비밀번호 검사하여 md5 hash값과 다르면 비밀번호의 재확인 작업 시행 if($password && $member_info->password != md5($password)) { // 혹시나 하여.. -_-;; mysql old_password로 검사하여 맞으면 db의 비밀번호 교체 @@ -951,17 +951,19 @@ $output = executeQuery('member.updateMemberPassword', $password_args); if(!$output->toBool()) return $output; + // mysql_pre4_hash_password() 함수의 값과도 다를 경우 } else { // mysql_pre4_hash_password()함수의 결과와도 다를 경우 현재 mysql DB이용시 직접 쿼리 날림 if(substr(Context::getDBType(),0,5)=='mysql') { $oDB = &DB::getInstance(); - if($oDB->getOldPassword($password) == $member_info->password) { + if($oDB->isValidOldPassword($password, $member_info->password)) { $password_args->member_srl = $member_info->member_srl; $password_args->password = md5($password); $output = executeQuery('member.updateMemberPassword', $password_args); if(!$output->toBool()) return $output; } else return new Object(-1, 'invalid_password'); + // md5(), mysql old_password와도 다르면 잘못된 비빌번호 오류 메세지 리턴 } else { return new Object(-1, 'invalid_password');