From 7a8a4fe71d6f25715a1b8615a98ddc9440834205 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@sir.co.kr>
Date: Mon, 2 May 2016 16:53:37 +0900
Subject: [PATCH] =?UTF-8?q?=ED=8F=BC=EB=A9=94=EC=9D=BC=EC=97=90=EC=84=9C?=
 =?UTF-8?q?=EC=9D=98=20=EC=9D=B4=EB=A9=94=EC=9D=BC=EC=A3=BC=EC=86=8C=20?=
 =?UTF-8?q?=EB=85=B8=EC=B6=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bbs/formmail.php      |  9 +++++---
 bbs/formmail_send.php |  3 ++-
 lib/common.lib.php    | 50 ++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/bbs/formmail.php b/bbs/formmail.php
index fdeeab869..fe099d23e 100644
--- a/bbs/formmail.php
+++ b/bbs/formmail.php
@@ -28,14 +28,17 @@ if ($sendmail_count > 3)
 $g5['title'] = '메일 쓰기';
 include_once(G5_PATH.'/head.sub.php');
 
-$email = get_email_address(base64_decode($email));
+$email_enc = new str_encrypt();
+$email_dec = $email_enc->decrypt($email);
+
+$email = get_email_address($email_dec);
 if(!$email)
     alert_close('이메일이 올바르지 않습니다.');
 
-$email = base64_encode($email);
+$email = $email_enc->encrypt($email);
 
 if (!$name)
-    $name = base64_decode($email);
+    $name = $email;
 else
     $name = get_text(stripslashes($name), true);
 
diff --git a/bbs/formmail_send.php b/bbs/formmail_send.php
index c97575a30..090209479 100644
--- a/bbs/formmail_send.php
+++ b/bbs/formmail_send.php
@@ -9,7 +9,8 @@ if (!$config['cf_email_use'])
 if (!$is_member && $config['cf_formmail_is_member'])
     alert_close('회원만 이용하실 수 있습니다.');
 
-$to = base64_decode($to);
+$email_enc = new str_encrypt();
+$to = $email_enc->decrypt($to);
 
 if (substr_count($to, "@") > 1)
     alert_close('한번에 한사람에게만 메일을 발송할 수 있습니다.');
diff --git a/lib/common.lib.php b/lib/common.lib.php
index d960fe183..d25b1f1dd 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -1200,7 +1200,8 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
     global $g5;
     global $bo_table, $sca, $is_admin, $member;
 
-    $email = base64_encode($email);
+    $email_enc = new str_encrypt();
+    $email = $email_enc->encrypt($email);
     $homepage = set_http(clean_xss_tags($homepage));
 
     $name     = get_text($name, 0, true);
@@ -3173,4 +3174,51 @@ function check_vaild_callback($callback){
              return true;
    }
 }
+
+// 문자열 암복호화
+class str_encrypt
+{
+    var $salt;
+    var $lenght;
+
+    function __construct($salt='')
+    {
+        if(!$salt)
+            $this->salt = md5(G5_MYSQL_PASSWORD);
+        else
+            $this->salt = $salt;
+
+        $this->length = strlen($this->salt);
+    }
+
+    function encrypt($str)
+    {
+        $length = strlen($str);
+        $result = '';
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) + ord($keychar));
+            $result .= $char;
+        }
+
+        return base64_encode($result);
+    }
+
+    function decrypt($str) {
+        $result = '';
+        $str    = base64_decode($str);
+        $length = strlen($str);
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) - ord($keychar));
+            $result .= $char;
+        }
+
+        return $result;
+    }
+}
 ?>
\ No newline at end of file