mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-04 01:01:41 +09:00
Merge pull request #1461 from kijin/fix/nickname-filter
회원가입 및 정보수정시 필터링 강화
This commit is contained in:
bnu
commit
b0dc85b3bb
1 changed files with 78 additions and 31 deletions
|
|
@ -321,13 +321,12 @@ class memberController extends member
|
|||
$args->extra_vars = serialize($extra_vars);
|
||||
|
||||
// remove whitespace
|
||||
$checkInfos = array('user_id', 'nick_name', 'email_address');
|
||||
$replaceStr = array("\r\n", "\r", "\n", " ", "\t", "\xC2\xAD");
|
||||
$checkInfos = array('user_id', 'user_name', 'nick_name', 'email_address');
|
||||
foreach($checkInfos as $val)
|
||||
{
|
||||
if(isset($args->{$val}))
|
||||
{
|
||||
$args->{$val} = str_replace($replaceStr, '', $args->{$val});
|
||||
$args->{$val} = preg_replace('/[\pZ\pC]+/', '', $args->{$val});
|
||||
}
|
||||
}
|
||||
$output = $this->insertMember($args);
|
||||
|
|
@ -534,13 +533,12 @@ class memberController extends member
|
|||
$args->extra_vars = serialize($extra_vars);
|
||||
|
||||
// remove whitespace
|
||||
$checkInfos = array('user_id', 'nick_name', 'email_address');
|
||||
$replaceStr = array("\r\n", "\r", "\n", " ", "\t", "\xC2\xAD");
|
||||
$checkInfos = array('user_id', 'user_name', 'nick_name', 'email_address');
|
||||
foreach($checkInfos as $val)
|
||||
{
|
||||
if(isset($args->{$val}))
|
||||
{
|
||||
$args->{$val} = str_replace($replaceStr, '', $args->{$val});
|
||||
$args->{$val} = preg_replace('/[\pZ\pC]+/', '', $args->{$val});
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1989,16 +1987,22 @@ class memberController extends member
|
|||
}
|
||||
|
||||
list($args->email_id, $args->email_host) = explode('@', $args->email_address);
|
||||
// Website, blog, checks the address
|
||||
|
||||
// Sanitize user ID, username, nickname, homepage, blog
|
||||
$args->user_id = htmlspecialchars($args->user_id, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->user_name = htmlspecialchars($args->user_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
if($args->homepage && !preg_match("/^[a-z]+:\/\//i",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
|
||||
if($args->blog && !preg_match("/^[a-z]+:\/\//i",$args->blog)) $args->blog = 'http://'.$args->blog;
|
||||
|
||||
// Create a model object
|
||||
$oMemberModel = getModel('member');
|
||||
|
||||
// ID check is prohibited
|
||||
// Check password strength
|
||||
if($args->password && !$password_is_hashed)
|
||||
{
|
||||
// check password strength
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
|
|
@ -2006,29 +2010,46 @@ class memberController extends member
|
|||
}
|
||||
$args->password = $oMemberModel->hashPassword($args->password);
|
||||
}
|
||||
elseif(!$args->password) unset($args->password);
|
||||
if($oMemberModel->isDeniedID($args->user_id)) return new Object(-1,'denied_user_id');
|
||||
// ID, nickname, email address of the redundancy check
|
||||
$member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
|
||||
if($member_srl) return new Object(-1,'msg_exists_user_id');
|
||||
elseif(!$args->password)
|
||||
{
|
||||
unset($args->password);
|
||||
}
|
||||
|
||||
// nickname check is prohibited
|
||||
// Check if ID is prohibited
|
||||
if($oMemberModel->isDeniedID($args->user_id))
|
||||
{
|
||||
return new Object(-1,'denied_user_id');
|
||||
}
|
||||
|
||||
// Check if ID is duplicate
|
||||
$member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
|
||||
if($member_srl)
|
||||
{
|
||||
return new Object(-1,'msg_exists_user_id');
|
||||
}
|
||||
|
||||
// Check if nickname is prohibited
|
||||
if($oMemberModel->isDeniedNickName($args->nick_name))
|
||||
{
|
||||
return new Object(-1,'denied_nick_name');
|
||||
}
|
||||
$member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
|
||||
if($member_srl) return new Object(-1,'msg_exists_nick_name');
|
||||
|
||||
// Check if nickname is duplicate
|
||||
$member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
|
||||
if($member_srl)
|
||||
{
|
||||
return new Object(-1,'msg_exists_nick_name');
|
||||
}
|
||||
|
||||
// Check if email address is duplicate
|
||||
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
|
||||
if($member_srl) return new Object(-1,'msg_exists_email_address');
|
||||
if($member_srl)
|
||||
{
|
||||
return new Object(-1,'msg_exists_email_address');
|
||||
}
|
||||
|
||||
// Insert data into the DB
|
||||
$args->list_order = -1 * $args->member_srl;
|
||||
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
|
||||
|
||||
if(!$args->user_id) $args->user_id = 't'.$args->member_srl;
|
||||
if(!$args->user_name) $args->user_name = $args->member_srl;
|
||||
|
|
@ -2150,12 +2171,22 @@ class memberController extends member
|
|||
}
|
||||
}
|
||||
|
||||
// Sanitize user ID, username, nickname, homepage, blog
|
||||
$args->user_id = htmlspecialchars($args->user_id, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->user_name = htmlspecialchars($args->user_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
$args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
if($args->homepage && !preg_match("/^[a-z]+:\/\//is",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
|
||||
if($args->blog && !preg_match("/^[a-z]+:\/\//is",$args->blog)) $args->blog = 'http://'.$args->blog;
|
||||
|
||||
// check member identifier form
|
||||
$config = $oMemberModel->getMemberConfig();
|
||||
|
||||
$output = executeQuery('member.getMemberInfoByMemberSrl', $args);
|
||||
$orgMemberInfo = $output->data;
|
||||
|
||||
// Check if email address or user ID is duplicate
|
||||
if($config->identifier == 'email_address')
|
||||
{
|
||||
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
|
||||
|
|
@ -2171,36 +2202,52 @@ class memberController extends member
|
|||
$args->user_id = $orgMemberInfo->user_id;
|
||||
}
|
||||
|
||||
// Check if ID is prohibited
|
||||
if($args->user_id && $oMemberModel->isDeniedID($args->user_id))
|
||||
{
|
||||
return new Object(-1,'denied_user_id');
|
||||
}
|
||||
|
||||
// Check if ID is duplicate
|
||||
$member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
|
||||
if($member_srl && $orgMemberInfo->user_id != $args->user_id)
|
||||
{
|
||||
return new Object(-1,'msg_exists_user_id');
|
||||
}
|
||||
|
||||
// Check if nickname is prohibited
|
||||
if($args->nick_name && $oMemberModel->isDeniedNickName($args->nick_name))
|
||||
{
|
||||
return new Object(-1, 'denied_nick_name');
|
||||
}
|
||||
|
||||
// Check if nickname is duplicate
|
||||
$member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
|
||||
if($member_srl && $orgMemberInfo->nick_name != $args->nick_name) return new Object(-1,'msg_exists_nick_name');
|
||||
if($member_srl && $orgMemberInfo->nick_name != $args->nick_name)
|
||||
{
|
||||
return new Object(-1,'msg_exists_nick_name');
|
||||
}
|
||||
|
||||
list($args->email_id, $args->email_host) = explode('@', $args->email_address);
|
||||
// Website, blog, checks the address
|
||||
if($args->homepage && !preg_match("/^[a-z]+:\/\//is",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
|
||||
if($args->blog && !preg_match("/^[a-z]+:\/\//is",$args->blog)) $args->blog = 'http://'.$args->blog;
|
||||
|
||||
|
||||
$oDB = &DB::getInstance();
|
||||
$oDB->begin();
|
||||
// DB in the update
|
||||
|
||||
// Check password strength
|
||||
if($args->password)
|
||||
{
|
||||
// check password strength
|
||||
if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
|
||||
{
|
||||
$message = Context::getLang('about_password_strength');
|
||||
return new Object(-1, $message[$config->password_strength]);
|
||||
}
|
||||
|
||||
$args->password = $oMemberModel->hashPassword($args->password);
|
||||
}
|
||||
else $args->password = $orgMemberInfo->password;
|
||||
else
|
||||
{
|
||||
$args->password = $orgMemberInfo->password;
|
||||
}
|
||||
|
||||
if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
|
||||
if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
|
||||
if(!$args->nick_name) $args->nick_name = $orgMemberInfo->nick_name;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue