Merge 1.5.2.3 (~r10623)

git-svn-id: http://xe-core.googlecode.com/svn/trunk@10624 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-01-25 06:09:55 +09:00 · 2012-04-26 09:17:29 +00:00 · 2012-04-26 09:17:29 +00:00 · e4306a789f
commit e4306a789f
parent 79fdf10866
915 changed files with 71076 additions and 245 deletions
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@ -708,19 +708,56 @@
        /**
         * @brief Compare plain text password to the password saved in DB
         **/
-        function isValidPassword($hashed_password, $password_text) {
+        function isValidPassword($hashed_password, $password_text, $member_srl=null) {
            // False if no password in entered
            if(!$password_text) return false;
+
+			$isSha1 = ($this->useSha1 && function_exists('sha1'));
+
            // Return true if the user input is equal to md5 hash value
-            if($hashed_password == md5($password_text)) return true;
+            if($hashed_password == md5($password_text)){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+
            // Return true if the user input is equal to the value of mysql_pre4_hash_password
-            if(mysql_pre4_hash_password($password_text) == $hashed_password) return true;
+            if(mysql_pre4_hash_password($password_text) == $hashed_password){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+				
            // Verify the password by using old_password if the current db is MySQL. If correct, return true.
            if(substr(Context::getDBType(),0,5)=='mysql') {
                $oDB = &DB::getInstance();
-                if($oDB->isValidOldPassword($password_text, $hashed_password)) return true;
+                if($oDB->isValidOldPassword($password_text, $hashed_password)){
+					if($isSha1 && $member_srl > 0)
+					{
+						$args = new stdClass();
+						$args->member_srl = $member_srl;
+						$args->hashed_password = md5(sha1(md5($password_text)));
+						$oMemberController = &getController('member');
+						$oMemberController->updateMemberPassword($args);
+					}
+					return true;
+				}
            }

+			if($isSha1 && $hashed_password == md5(sha1(md5($password_text)))) return true;
+
            return false;
        }