4eae6ac04e 보완

잘못된 변수 지정으로 인해 관리자 회원정보수정 페이지에서 닉네임,생일 등의 값이 표시되지 않았던 문제 수정 답변 값을 삭제할 수 없었던 문제 수정 답변이 저장되어 있을 경우 '****'으로 표시하여 답변이 저장되어 있음을 알 수 있도록 개선 불필요한 코드 제거 및 코드 정리
2026-04-21 03:12:55 +09:00 · 2017-08-19 10:44:34 +09:00 · 2017-08-19 10:44:34 +09:00 · f040534559
commit f040534559
parent 4409c2481a
2 changed files with 87 additions and 96 deletions
--- a/modules/member/member.admin.view.php
+++ b/modules/member/member.admin.view.php
@ -374,12 +374,10 @@ class memberAdminView extends member
 		{
 			$member_info = new stdClass;
 		}
-
-		unset($memberInfo->find_account_question);
-		unset($memberInfo->find_account_answer);
-		$formTags = $this->_getMemberInputTag($memberInfo, true);
-
+		
 		Context::set('member_info', $member_info);
+		
+		$formTags = $this->_getMemberInputTag($member_info, true);
 		Context::set('formTags', $formTags);
 		
 		// Editor of the module set for signing by calling getEditor
@ -446,26 +444,17 @@ class memberAdminView extends member
 		{
 			$member_config = $this->memberConfig = $oMemberModel->getMemberConfig();
 		}
-
-		unset($member_config->signupForm->find_account_question);
-		unset($member_config->signupForm->find_account_answer);
-
-		$formTags = array();
+		
 		global $lang;
-
+		$formTags = array();
+		
 		foreach($member_config->signupForm as $no=>$formInfo)
 		{
-			if(!$formInfo->isUse)continue;
-
-			// 회원 본인이 아닌 경우 입력 폼 제거
-			if($formInfo->name == 'find_account_question' && $memberInfo['member_srl'] !== $logged_info->member_srl)
+			if(!$formInfo->isUse || $formInfo->name == $member_config->identifier || $formInfo->name == 'password')
 			{
-				unset($member_config->signupForm[$no]);
 				continue;
 			}
-
-			if($formInfo->name == $member_config->identifier || $formInfo->name == 'password') continue;
-
+			
 			$formTag = new stdClass();
 			$inputTag = '';
 			$formTag->title = ($formInfo->isDefaultForm) ? $lang->{$formInfo->name} : $formInfo->title;
@ -533,26 +522,44 @@ class memberAdminView extends member
 					}
 					else if($formInfo->name == 'find_account_question')
 					{
-						$disabled = (!!$memberInfo['member_srl']) ? 'disabled="disabled"' : '';
-
-						$formTag->type = 'select';
-						$inputTag = '<select name="find_account_question" id="find_account_question" style="display:block;margin:0 0 8px 0" %s>%s</select>';
-						$optionTag = array();
-						foreach($lang->find_account_question_items as $key=>$val)
+						if($memberInfo['member_srl'] && $memberInfo['member_srl'] !== $logged_info->member_srl)
 						{
-							if($key == $memberInfo['find_account_question']) $selected = 'selected="selected"';
-							else $selected = '';
-							$optionTag[] = sprintf('<option value="%s" %s >%s</option>',
-								$key,
-								$selected,
-								$val);
+							continue;
 						}
-						$inputTag = sprintf($inputTag, $disabled, implode('', $optionTag));
-						$inputTag .= '<input type="text" name="find_account_answer" id="find_account_answer" title="' . lang('find_account_answer') . '" value="" ' . $disabled . '" />';
-
-						if($disabled) {
-							$inputTag .= ' <label><input type="checkbox" name="modify_find_account_answer" value="Y" /> ' . lang('cmd_modify') . '</label>';
-							$inputTag .= '<script>(function($) {$(function() {$(\'[name=modify_find_account_answer]\').change(function() {var $this = $(this); if($this.prop(\'checked\')) {$(\'[name=find_account_question],[name=find_account_answer]\').attr(\'disabled\', false); } else {$(\'[name=find_account_question]\').attr(\'disabled\', true); $(\'[name=find_account_answer]\').attr(\'disabled\', true).val(\'\'); } }); }); })(jQuery);</script>';
+						
+						$optionTag = array();
+						foreach($lang->find_account_question_items as $key => $val)
+						{
+							$selected = ($key == $memberInfo['find_account_question']) ? 'selected="selected"' : '';
+							$optionTag[] = sprintf('<option value="%s" %s >%s</option>', $key, $selected, $val);
+						}
+						$is_answer = $memberInfo['find_account_answer'] ? '**********' : '';
+						$disabled = $memberInfo['member_srl'] ? 'disabled="disabled"' : '';
+						
+						$formTag->type = 'select';
+						$inputTag = sprintf('<select name="find_account_question" id="find_account_question" style="display:block;margin:0 0 8px 0" %s>%s</select>', $disabled, implode('', $optionTag));
+						$inputTag .= sprintf('<input type="text" name="find_account_answer" id="find_account_answer" title="%s" value="%s" %s />', $lang->find_account_answer, $is_answer, $disabled);
+						
+						if($disabled)
+						{
+							$inputTag .= <<< script
+<label><input type="checkbox" name="modify_find_account_answer" value="Y" /> {$lang->cmd_modify}</label>
+<script>
+(function($) {
+	$(function() {
+		$('[name=modify_find_account_answer]').change(function() {
+			if($(this).prop('checked')) {
+				$('[name=find_account_question],[name=find_account_answer]').attr('disabled', false);
+				$('[name=find_account_answer]').val('');
+			} else {
+				$('[name=find_account_question],[name=find_account_answer]').attr('disabled', true);
+				$('[name=find_account_answer]').val('{$is_answer}');
+			}
+		});
+	});
+})(jQuery);
+</script>
+script;
 						}
 					}
 					else if($formInfo->name == 'email_address')
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -642,10 +642,6 @@ class memberController extends member
 			{
 				$args->birthday_ui = Context::get('birthday_ui');
 			}
-			if($val == 'find_account_answer' && !Context::get($val))
-			{
-				unset($args->{$val});
-			}
 		}
 		
 		// Login Information
@ -1201,79 +1197,79 @@ class memberController extends member
 	function procMemberFindAccountByQuestion()
 	{
 		$oMemberModel = getModel('member');
-		$oPassword =  new Password();
 		$config = $oMemberModel->getMemberConfig();
 		if($config->enable_find_account_question != 'Y')
 		{
 			return new Object(-1, 'msg_question_not_allowed');
 		}
-
+		
 		$email_address = Context::get('email_address');
 		$user_id = Context::get('user_id');
 		$find_account_question = trim(Context::get('find_account_question'));
 		$find_account_answer = trim(Context::get('find_account_answer'));
-
-		if(($config->identifier == 'user_id' && !$user_id) || !$email_address || !$find_account_question || !$find_account_answer) return new Object(-1, 'msg_invalid_request');
-
+		if(($config->identifier == 'user_id' && !$user_id) || !$email_address || !$find_account_question || !$find_account_answer)
+		{
+			return new Object(-1, 'msg_invalid_request');
+		}
+		
 		$oModuleModel = getModel('module');
 		// Check if a member having the same email address exists
 		$member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
 		if(!$member_srl) return new Object(-1, 'msg_email_not_exists');
-
+		
 		// Get information of the member
 		$columnList = array('member_srl', 'find_account_question', 'find_account_answer');
 		$member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
-
+		
 		// Display a message if no answer is entered
-		if(!$member_info->find_account_question || !$member_info->find_account_answer) return new Object(-1, 'msg_question_not_exists');
-
-		// 답변 확인
-		$hashed = $oPassword->checkAlgorithm($member_info->find_account_answer);
-		$authed = true;
-		$member_info->find_account_question = trim($member_info->find_account_question);
-		if($member_info->find_account_question != $find_account_question)
+		if(!$member_info->find_account_question || !$member_info->find_account_answer)
 		{
-			$authed = false;
+			return new Object(-1, 'msg_question_not_exists');
 		}
-		else if($hashed && !$oPassword->checkPassword($find_account_answer, $member_info->find_account_answer))
-		{
-			$authed = false;
-		}
-		else if(!$hashed && $find_account_answer != $member_info->find_account_answer)
-		{
-			$authed = false;
-		}
-
-		if(!$authed)
+		
+		// Check question
+		if(trim($member_info->find_account_question) != $find_account_question)
 		{
 			return new Object(-1, 'msg_answer_not_matches');
 		}
-
-		// answer가 동일하고 hash 되지 않았으면 hash 값으로 저장
-		if($authed && !$hashed)
+		
+		// Check answer
+		if(Rhymix\Framework\Password::checkAlgorithm($member_info->find_account_answer))
 		{
+			if(!Rhymix\Framework\Password::checkPassword($find_account_answer, $member_info->find_account_answer))
+			{
+				return new Object(-1, 'msg_answer_not_matches');
+			}
+		}
+		else
+		{
+			if($member_info->find_account_answer != $find_account_answer)
+			{
+				return new Object(-1, 'msg_answer_not_matches');
+			}
+			
+			// update to encrypted answer
 			$this->updateFindAccountAnswer($member_srl, $find_account_answer);
 		}
-
+		
 		if($config->identifier == 'email_address')
 		{
 			$user_id = $email_address;
 		}
-
+		
 		// Update to a temporary password and set change_password_date to 1
 		$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
-
+		
 		$args = new stdClass();
 		$args->member_srl = $member_srl;
 		$args->password = $temp_password;
 		$args->change_password_date = '1';
 		$output = $this->updateMemberPassword($args);
 		if(!$output->toBool()) return $output;
-
+		
 		$_SESSION['xe_temp_password_' . $user_id] = $temp_password;
-
-		$this->add('user_id',$user_id);
-
+		$this->add('user_id', $user_id);
+		
 		$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
 		$this->setRedirectUrl($returnUrl.'&user_id='.$user_id);
 	}
@ -2195,10 +2191,10 @@ class memberController extends member
 				}
 			}
 		}
-
+		
 		// Create a model object
 		$oMemberModel = getModel('member');
-
+		
 		// Check password strength
 		if($args->password && !$password_is_hashed)
 		{
@ -2209,20 +2205,12 @@ class memberController extends member
 			}
 			$args->password = $oMemberModel->hashPassword($args->password);
 		}
-		elseif(!$args->password)
-		{
-			unset($args->password);
-		}
-
+		
 		if($args->find_account_answer && !$password_is_hashed)
 		{
 			$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
 		}
-		elseif(!$args->find_account_answer)
-		{
-			unset($args->find_account_answer);
-		}
-
+		
 		// Check if ID is prohibited
 		if($logged_info->is_admin !== 'Y' && $oMemberModel->isDeniedID($args->user_id))
 		{
@ -2545,17 +2533,15 @@ class memberController extends member
 		{
 			$args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
 		}
-		else
+		else if($orgMemberInfo->find_account_answer && Context::get('modify_find_account_answer') != 'Y')
 		{
-			$oPassword = New Password();
-			$hashed = $oPassword->checkAlgorithm($orgMemberInfo->find_account_answer);
-			if($hashed)
+			if(Rhymix\Framework\Password::checkAlgorithm($orgMemberInfo->find_account_answer))
 			{
 				$args->find_account_answer = $orgMemberInfo->find_account_answer;
 			}
 			else
 			{
-				$args->find_account_answer = $oPassword->createHash($orgMemberInfo->find_account_answer);
+				$args->find_account_answer = $oMemberModel->hashPassword($orgMemberInfo->find_account_answer);
 			}
 		}

@ -2665,11 +2651,9 @@ class memberController extends member

 	function updateFindAccountAnswer($member_srl, $answer)
 	{
-		$oPassword =  new Password();
-
 		$args = new stdClass();
 		$args->member_srl = $member_srl;
-		$args->find_account_answer = $oPassword->createHash($answer);
+		$args->find_account_answer = getModel('member')->hashPassword($answer);
 		$output = executeQuery('member.updateFindAccountAnswer', $args);
 	}