firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

통합인증 : 이름/핸드폰 인풋 밸류 조작시 해쉬값 체크 로직 추가

Browse Source
This commit is contained in:
projectSylas
2022-01-04 05:36:16 +00:00
parent 0ba6f3d861
commit ae29c976e6
7 changed files with 47 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
bbs/member_cert_refresh_update.php
View File

@ -36,20 +36,24 @@ $md5_cert_no = get_session('ss_cert_no');
$cert_type = get_session('ss_cert_type');
if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
// 해시값이 같은 경우에만 본인확인 값을 저장한다.
if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
$sql_certify .= " mb_hp = '{$mb_hp}' ";
if ($cert_type == 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) { // 아이핀일때 hash 값 체크 hp미포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session+('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else if($cert_type != 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$mb_hp.$md5_cert_no)) { // 통합인증, 휴대폰일때 hash 값 체크 hp포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else {
$sql_certify .= " mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '' ";
$sql_certify .= " , mb_adult = 0 ";
$sql_certify .= " , mb_birth = '' ";
$sql_certify .= " , mb_sex = '' ";
}else {
alert('본인인증된 정보와 입력된 회원정보가 일치하지않습니다. 다시시도 해주세요');
}
} else {
if (get_session("ss_reg_mb_name") != $mb_name || get_session("ss_reg_mb_hp") != $mb_hp) {

20
bbs/register_form_update.php
View File

@ -176,7 +176,16 @@ $md5_cert_no = get_session('ss_cert_no');
$cert_type = get_session('ss_cert_type');
if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
// 해시값이 같은 경우에만 본인확인 값을 저장한다.
if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
if ($cert_type == 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) { // 아이핀일때 hash 값 체크 hp미포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session+('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else if($cert_type != 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$mb_hp.$md5_cert_no)) { // 통합인증, 휴대폰일때 hash 값 체크 hp포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
@ -185,12 +194,8 @@ if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else {
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '' ";
$sql_certify .= " , mb_adult = 0 ";
$sql_certify .= " , mb_birth = '' ";
$sql_certify .= " , mb_sex = '' ";
}else {
alert('본인인증된 정보와 입력된 회원정보가 일치하지않습니다. 다시시도 해주세요');
}
} else {
if (get_session("ss_reg_mb_name") != $mb_name || get_session("ss_reg_mb_hp") != $mb_hp) {
@ -202,7 +207,6 @@ if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
}
}
//===============================================================
if ($w == '') {
$sql = " insert into {$g5['member_table']}
set mb_id = '{$mb_id}',

9
plugin/inicert/ini_result.php
View File

@ -46,6 +46,13 @@ if ($_POST["resultCode"] === "0000") {
$md5_ci = md5($ci . $ci);
$phone_no = hyphen_hp_number($phone_no);
$mb_dupinfo = $md5_ci;
// $sql = " select mb_dupinfo from {$g5['member_table']} where mb_id = '{$member['mb_id']}'";
// $row = sql_fetch($sql);
// if (!empty($row['mb_dupinfo'])) {
// if($row['mb_dupinfo'] != $mb_dupinfo) alert_close("해당 계정은 이미 다른명의로 본인인증 되어있는 계정입니다.");
// }
$sql = " select mb_id from {$g5['member_table']} where mb_id <> '{$member['mb_id']}' and mb_dupinfo = '{$mb_dupinfo}' ";
$row = sql_fetch($sql);
@ -56,7 +63,7 @@ if ($_POST["resultCode"] === "0000") {
// hash 데이터
$md5_cert_no = md5($cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$md5_cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$phone_no.$md5_cert_no);
// 성인인증결과
$adult_day = date("Ymd", strtotime("-19 years", G5_SERVER_TIME));

2
plugin/kcpcert/kcpcert_result.php
View File

@ -160,7 +160,7 @@ if( $cert_enc_use == "Y" )
// hash 데이터
$cert_type = 'hp';
$md5_cert_no = md5($cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$md5_cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$phone_no.$md5_cert_no);
// 성인인증결과
$adult_day = date("Ymd", strtotime("-19 years", G5_SERVER_TIME));

2
plugin/lgxpay/AuthOnlyRes.php
View File

@ -140,7 +140,7 @@ if ($xpay->TX()) {
// hash 데이터
$cert_type = 'hp';
$md5_cert_no = md5($cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$md5_cert_no);
$hash_data = md5($user_name.$cert_type.$birth_day.$phone_no.$md5_cert_no);
// 성인인증결과
$adult_day = date("Ymd", strtotime("-19 years", G5_SERVER_TIME));

2
plugin/okname/hpcert2.php
View File

@ -123,7 +123,7 @@ if (!empty($row['mb_id'])) {
// hash 데이터
$cert_type = 'hp';
$md5_cert_no = md5($req_num);
$hash_data = md5($mb_name.$cert_type.$mb_birth.$md5_cert_no);
$hash_data = md5($mb_name.$cert_type.$mb_birth.$phone_no.$md5_cert_no);
// 성인인증결과
$adult_day = date("Ymd", strtotime("-19 years", G5_SERVER_TIME));

19
plugin/social/register_member_update.php
View File

@ -117,7 +117,16 @@ if($config['cf_cert_use']) {
$cert_type = get_session('ss_cert_type');
if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
// 해시값이 같은 경우에만 본인확인 값을 저장한다.
if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
if ($cert_type == 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) { // 아이핀일때 hash 값 체크 hp미포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session+('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else if($cert_type != 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$mb_hp.$md5_cert_no)) { // 통합인증, 휴대폰일때 hash 값 체크 hp포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
@ -126,12 +135,8 @@ if($config['cf_cert_use']) {
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else {
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '' ";
$sql_certify .= " , mb_adult = 0 ";
$sql_certify .= " , mb_birth = '' ";
$sql_certify .= " , mb_sex = '' ";
}else {
alert('본인인증된 정보와 개인정보가 일치하지않습니다. 다시시도 해주세요');
}
} else {
if (get_session("ss_reg_mb_name") != $mb_name || get_session("ss_reg_mb_hp") != $mb_hp) {