firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

통합인증 : 이름/핸드폰 인풋 밸류 조작시 해쉬값 체크 로직 추가

Browse Source
This commit is contained in:
projectSylas
2022-01-04 05:36:16 +00:00
parent 0ba6f3d861
commit ae29c976e6
7 changed files with 47 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
plugin/social/register_member_update.php
View File

@ -117,7 +117,16 @@ if($config['cf_cert_use']) {
$cert_type = get_session('ss_cert_type');
if ($config['cf_cert_use'] && $cert_type && $md5_cert_no) {
// 해시값이 같은 경우에만 본인확인 값을 저장한다.
if (get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) {
if ($cert_type == 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$md5_cert_no)) { // 아이핀일때 hash 값 체크 hp미포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
$sql_certify .= " , mb_birth = '".get_session('ss_cert_birth')."' ";
$sql_certify .= " , mb_sex = '".get_session+('ss_cert_sex')."' ";
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else if($cert_type != 'ipin' && get_session('ss_cert_hash') == md5($mb_name.$cert_type.get_session('ss_cert_birth').$mb_hp.$md5_cert_no)) { // 통합인증, 휴대폰일때 hash 값 체크 hp포함
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '{$cert_type}' ";
$sql_certify .= " , mb_adult = '".get_session('ss_cert_adult')."' ";
@ -126,12 +135,8 @@ if($config['cf_cert_use']) {
$sql_certify .= " , mb_dupinfo = '".get_session('ss_cert_dupinfo')."' ";
if($w == 'u')
$sql_certify .= " , mb_name = '{$mb_name}' ";
} else {
$sql_certify .= " , mb_hp = '{$mb_hp}' ";
$sql_certify .= " , mb_certify = '' ";
$sql_certify .= " , mb_adult = 0 ";
$sql_certify .= " , mb_birth = '' ";
$sql_certify .= " , mb_sex = '' ";
}else {
alert('본인인증된 정보와 개인정보가 일치하지않습니다. 다시시도 해주세요');
}
} else {
if (get_session("ss_reg_mb_name") != $mb_name || get_session("ss_reg_mb_hp") != $mb_hp) {