Merge branch 'g5'

2016-05-03 13:38:25 +09:00
parent 0c6e13eff4 7a8a4fe71d
commit 05c1f1b570
10 changed files with 99 additions and 21 deletions
--- a/adm/member_form.php
+++ b/adm/member_form.php
@ -126,6 +126,11 @@ if(!isset($mb['mb_dupinfo'])) {
    sql_query(" ALTER TABLE {$g5['member_table']} ADD `mb_dupinfo` varchar(255) NOT NULL DEFAULT '' AFTER `mb_adult` ", false);
 }

+// 이메일인증 체크 필드추가
+if(!isset($mb['mb_email_certify2'])) {
+    sql_query(" ALTER TABLE {$g5['member_table']} ADD `mb_email_certify2` varchar(255) NOT NULL DEFAULT '' AFTER `mb_email_certify` ", false);
+}
+
 if ($mb['mb_intercept_date']) $g5['title'] = "차단된 ";
 else $g5['title'] .= "";
 $g5['title'] .= '회원 '.$html_title;
--- a/bbs/email_certify.php
+++ b/bbs/email_certify.php
@ -1,20 +1,29 @@
 <?php
 include_once('./_common.php');

-$sql = " select mb_id, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' ";
+$mb_id  = trim($_GET['mb_id']);
+$mb_md5 = trim($_GET['mb_md5']);
+
+$sql = " select mb_id, mb_email_certify2 from {$g5['member_table']} where mb_id = '{$mb_id}' ";
 $row = sql_fetch($sql);
 if (!$row['mb_id'])
    alert('존재하는 회원이 아닙니다.', G5_URL);

+// 인증 링크는 한번만 처리가 되게 한다.
+sql_query(" update {$g5['member_table']} set mb_email_certify2 = '' where mb_id = '$mb_id' ");
+
 if ($mb_md5)
 {
-    $tmp_md5 = md5($row['mb_id'].$row['mb_email'].$row['mb_datetime']);
-    if ($mb_md5 == $tmp_md5)
+    if ($mb_md5 == $row['mb_email_certify2'])
    {
        sql_query(" update {$g5['member_table']} set mb_email_certify = '".G5_TIME_YMDHIS."' where mb_id = '{$mb_id}' ");

        alert("메일인증 처리를 완료 하였습니다.\\n\\n지금부터 {$mb_id} 아이디로 로그인 가능합니다.", G5_URL);
    }
+    else
+    {
+        alert('메일인증 요청 정보가 올바르지 않습니다.', G5_URL);
+    }
 }

 alert('제대로 된 값이 넘어오지 않았습니다.', G5_URL);
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@ -28,14 +28,17 @@ if ($sendmail_count > 3)
 $g5['title'] = '메일 쓰기';
 include_once(G5_PATH.'/head.sub.php');

-$email = get_email_address(base64_decode($email));
+$email_enc = new str_encrypt();
+$email_dec = $email_enc->decrypt($email);
+
+$email = get_email_address($email_dec);
 if(!$email)
    alert_close('이메일이 올바르지 않습니다.');

-$email = base64_encode($email);
+$email = $email_enc->encrypt($email);

 if (!$name)
-    $name = base64_decode($email);
+    $name = $email;
 else
    $name = get_text(stripslashes($name), true);

--- a/bbs/formmail_send.php
+++ b/bbs/formmail_send.php
@ -9,7 +9,8 @@ if (!$config['cf_email_use'])
 if (!$is_member && $config['cf_formmail_is_member'])
    alert_close('회원만 이용하실 수 있습니다.');

-$to = base64_decode($to);
+$email_enc = new str_encrypt();
+$to = $email_enc->decrypt($to);

 if (substr_count($to, "@") > 1)
    alert_close('한번에 한사람에게만 메일을 발송할 수 있습니다.');
--- a/bbs/qadelete.php
+++ b/bbs/qadelete.php
@ -29,6 +29,10 @@ for($i=0; $i<$count; $i++) {
    if($is_admin != 'super' && $row['mb_id'] != $member['mb_id'])
        continue;

+    // 답변이 달린 글은 삭제못함
+    if($is_admin != 'super' && !$row['qa_type'] && $row['qa_status'])
+        continue;
+
    // 첨부파일 삭제
    for($k=1; $k<=2; $k++) {
        @unlink(G5_DATA_PATH.'/qa/'.$row['qa_file'.$k]);
--- a/bbs/qawrite_update.php
+++ b/bbs/qawrite_update.php
@ -16,15 +16,12 @@ $msg = array();
 $qaconfig = get_qa_config();

 // e-mail 체크
-if(isset($_POST['qa_email']) && $qa_email) {
+$qa_email = '';
+if(isset($_POST['qa_email']) && $_POST['qa_email'])
    $qa_email = get_email_address(trim($_POST['qa_email']));

-    if($qaconfig['qa_req_email'] && !$qa_email)
-        $msg[] = '이메일을 입력하세요.';
-
-    if (!preg_match("/([0-9a-zA-Z_-]+)@([0-9a-zA-Z_-]+)\.([0-9a-zA-Z_-]+)/", $qa_email))
-        $msg[] = '이메일 주소가 형식에 맞지 않습니다.';
-}
+if($qaconfig['qa_req_email'] && !$qa_email)
+    $msg[] = '이메일을 입력하세요.';

 $qa_subject = '';
 if (isset($_POST['qa_subject'])) {
--- a/bbs/register_email_update.php
+++ b/bbs/register_email_update.php
@ -9,7 +9,7 @@ $mb_email = get_email_address(trim($_POST['mb_email']));
 if(!$mb_id || !$mb_email)
    alert('올바른 방법으로 이용해 주십시오.', G5_URL);

-$sql = " select mb_name, mb_password, mb_email, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and substring(mb_email_certify, 1, 1) = '0' ";
+$sql = " select mb_name from {$g5['member_table']} where mb_id = '{$mb_id}' and substring(mb_email_certify, 1, 1) = '0' ";
 $mb = sql_fetch($sql);
 if (!$mb) {
    alert("이미 메일인증 하신 회원입니다.", G5_URL);
@ -29,8 +29,12 @@ if ($row['cnt']) {
 $subject = '['.$config['cf_title'].'] 인증확인 메일입니다.';

 $mb_name = $mb['mb_name'];
-$mb_datetime = $mb['mb_datetime'] ? $mb['mb_datetime'] : G5_TIME_YMDHIS;
-$mb_md5 = md5($mb_id.$mb_email.$mb_datetime);
+
+// 어떠한 회원정보도 포함되지 않은 일회용 난수를 생성하여 인증에 사용
+$mb_md5 = md5(pack('V*', rand(), rand(), rand(), rand()));
+
+sql_query(" update {$g5['member_table']} set mb_email_certify2 = '$mb_md5' where mb_id = '$mb_id' ");
+
 $certify_href = G5_BBS_URL.'/email_certify.php?mb_id='.$mb_id.'&amp;mb_md5='.$mb_md5;

 ob_start();
--- a/bbs/register_form_update.php
+++ b/bbs/register_form_update.php
@ -396,8 +396,11 @@ if (isset($_FILES['mb_icon']) && is_uploaded_file($_FILES['mb_icon']['tmp_name']
 if ($config['cf_use_email_certify'] && $old_email != $mb_email) {
    $subject = '['.$config['cf_title'].'] 인증확인 메일입니다.';

-    $mb_datetime = $member['mb_datetime'] ? $member['mb_datetime'] : G5_TIME_YMDHIS;
-    $mb_md5 = md5($mb_id.$mb_email.$mb_datetime);
+    // 어떠한 회원정보도 포함되지 않은 일회용 난수를 생성하여 인증에 사용
+    $mb_md5 = md5(pack('V*', rand(), rand(), rand(), rand()));
+
+    sql_query(" update {$g5['member_table']} set mb_email_certify2 = '$mb_md5' where mb_id = '$mb_id' ");
+
    $certify_href = G5_BBS_URL.'/email_certify.php?mb_id='.$mb_id.'&amp;mb_md5='.$mb_md5;

    ob_start();
@ -405,7 +408,7 @@ if ($config['cf_use_email_certify'] && $old_email != $mb_email) {
    $content = ob_get_contents();
    ob_end_clean();

-    mailer($config['cf_title'], $config['cf_admin_email'], $mb_email, $subject, $content, 1);
+    mailer($config['cf_admin_email_name'], $config['cf_admin_email'], $mb_email, $subject, $content, 1);
 }


--- a/bbs/scrap_popin_update.php
+++ b/bbs/scrap_popin_update.php
@ -10,6 +10,10 @@ if (!$is_member)
    exit;
 }

+// 게시글 존재하는지
+if(!$write['wr_id'])
+    alert_close('스크랩하시려는 게시글이 존재하지 않습니다.');
+
 $sql = " select count(*) as cnt from {$g5['scrap_table']}
            where mb_id = '{$member['mb_id']}'
            and bo_table = '$bo_table'
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -1200,7 +1200,8 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
    global $g5;
    global $bo_table, $sca, $is_admin, $member;

-    $email = base64_encode($email);
+    $email_enc = new str_encrypt();
+    $email = $email_enc->encrypt($email);
    $homepage = set_http(clean_xss_tags($homepage));

    $name     = get_text($name, 0, true);
@ -3188,4 +3189,51 @@ function check_vaild_callback($callback){
             return true;
   }
 }
+
+// 문자열 암복호화
+class str_encrypt
+{
+    var $salt;
+    var $lenght;
+
+    function __construct($salt='')
+    {
+        if(!$salt)
+            $this->salt = md5(G5_MYSQL_PASSWORD);
+        else
+            $this->salt = $salt;
+
+        $this->length = strlen($this->salt);
+    }
+
+    function encrypt($str)
+    {
+        $length = strlen($str);
+        $result = '';
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) + ord($keychar));
+            $result .= $char;
+        }
+
+        return base64_encode($result);
+    }
+
+    function decrypt($str) {
+        $result = '';
+        $str    = base64_decode($str);
+        $length = strlen($str);
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) - ord($keychar));
+            $result .= $char;
+        }
+
+        return $result;
+    }
+}
 ?>