From a6b8d820360d7c7417e4b212c210ad05a88471b7 Mon Sep 17 00:00:00 2001
From: zero <skklove@gmail.com>
Date: Tue, 20 Nov 2007 03:09:17 +0000
Subject: [PATCH] =?UTF-8?q?=EB=B0=A9=EB=AA=85=EB=A1=9D=EC=9D=98=20?=
 =?UTF-8?q?=EB=B9=84=EB=B0=80=EA=B8=80=20=EA=B8=B0=EB=8A=A5=20=EC=98=A4?=
 =?UTF-8?q?=EB=A5=98=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@3015 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 modules/guestbook/guestbook.controller.php | 16 ++++++++--------
 modules/guestbook/skins/default/list.html  |  3 +--
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/modules/guestbook/guestbook.controller.php b/modules/guestbook/guestbook.controller.php
index a37149788..18b5897ae 100644
--- a/modules/guestbook/guestbook.controller.php
+++ b/modules/guestbook/guestbook.controller.php
@@ -212,23 +212,23 @@
          **/
         function procGuestbookVerificationPassword() {
             // 비밀번호와 문서 번호를 받음
-            $password = md5(Context::get('password'));
-
+            $password = Context::get('password');
             $document_srl = Context::get('document_srl');
             $comment_srl = Context::get('comment_srl');
 
+            $oMemberModel = &getModel('member');
+
             // comment_srl이 있을 경우 댓글이 대상
             if($comment_srl) {
                 // 문서번호에 해당하는 글이 있는지 확인
                 $oCommentModel = &getModel('comment');
-                $data = $oCommentModel->getComment($comment_srl);
-                if(!$data) return new Object(-1, 'msg_invalid_request');
+                $oComment = $oCommentModel->getComment($comment_srl);
+                if(!$oComment->isExists()) return new Object(-1, 'msg_invalid_request');
 
                 // 문서의 비밀번호와 입력한 비밀번호의 비교
-                if($data->password != $password) return new Object(-1, 'msg_invalid_password');
+                if(!$oMemberModel->isValidPassword($oComment->get('password'),$password)) return new Object(-1, 'msg_invalid_password');
 
-                $oCommentController = &getController('comment');
-                $oCommentController->addGrant($comment_srl);
+                $oComment->setGrant();
             } else {
                 // 문서번호에 해당하는 글이 있는지 확인
                 $oDocumentModel = &getModel('document');
@@ -236,7 +236,7 @@
                 if(!$oDocument->isExists()) return new Object(-1, 'msg_invalid_request');
 
                 // 문서의 비밀번호와 입력한 비밀번호의 비교
-                if($oDocument->get('password') != $password) return new Object(-1, 'msg_invalid_password');
+                if(!$oMemberModel->isValidPassword($oDocument->get('password'),$password)) return new Object(-1, 'msg_invalid_password');
 
                 $oDocument->setGrant();
             }
diff --git a/modules/guestbook/skins/default/list.html b/modules/guestbook/skins/default/list.html
index 715e81c36..6cbcb6ca4 100644
--- a/modules/guestbook/skins/default/list.html
+++ b/modules/guestbook/skins/default/list.html
@@ -43,14 +43,13 @@
             <div class="clear"></div>
 
             <div class="documentContent">
-                <!--@if($oDocument->isSecret() && !$oDocument->isGranted())-->
+                <!--@if($document->isSecret() && !$document->isGranted())-->
                     <!--%import("filter/input_password.xml")-->
                     <strong>{$lang->msg_is_secret}</strong>
                     <form action="./" method="get" onsubmit="return procFilter(this, input_password)">
                     <input type="hidden" name="mid" value="{$mid}" />
                     <input type="hidden" name="page" value="{$page}" />
                     <input type="hidden" name="document_srl" value="{$document->get('document_srl')}" />
-                    <input type="hidden" name="document_srl" value="{$document->get('document_srl')}" />
                     <div class="inputPassword">
                         <input type="password" name="password" class="inputTypeText" /><span class="button"><input type="submit" value="{$lang->cmd_input}" accesskey="s" /></span>
                     </div>