|
@@ -86,9 +86,10 @@ var otpCert = function() {
|
|
| 86 |
case '0009':
|
| 87 |
alert('À̸ÞÀÏÀ¸·Î ÀÎÁõ¹øÈ£¸¦ Àü¼ÛÇÏÁö ¸øÇß½À´Ï´Ù.\nÀü¼ÛÀÌ ºÒ°¡´ÉÇÑ À̸ÞÀÏ ÁÖ¼Ò ÀÔ´Ï´Ù.');
|
| 88 |
break;
|
|
|
|
| 89 |
case '9999':
|
| 90 |
alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
|
| 91 |
-
break
|
| 92 |
default:
|
| 93 |
alert('±âŸ ¿À·ù');
|
| 94 |
break;
|
|
@@ -293,7 +294,7 @@ function chkForm2(obj)
|
|
| 293 |
</tr>
|
| 294 |
</table>
|
| 295 |
|
| 296 |
-
<div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>
|
| 297 |
<!-- ÈÞ´ëÆù¹øÈ£ ÀÎÁõ : End -->
|
| 298 |
<pre> </pre>
|
| 299 |
<!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : Start -->
|
|
@@ -317,7 +318,7 @@ function chkForm2(obj)
|
|
| 317 |
</tr>
|
| 318 |
</table>
|
| 319 |
|
| 320 |
-
<div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>
|
| 321 |
<!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : End -->
|
| 322 |
|
| 323 |
<!-- °ü¸®ÀÚID ¸ÅĪ : Start -->
|
| 86 |
case '0009':
|
| 87 |
alert('À̸ÞÀÏÀ¸·Î ÀÎÁõ¹øÈ£¸¦ Àü¼ÛÇÏÁö ¸øÇß½À´Ï´Ù.\nÀü¼ÛÀÌ ºÒ°¡´ÉÇÑ À̸ÞÀÏ ÁÖ¼Ò ÀÔ´Ï´Ù.');
|
| 88 |
break;
|
| 89 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 90 |
case '9999':
|
| 91 |
alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
|
| 92 |
+
break;*/
|
| 93 |
default:
|
| 94 |
alert('±âŸ ¿À·ù');
|
| 95 |
break;
|
| 294 |
</tr>
|
| 295 |
</table>
|
| 296 |
|
| 297 |
+
<div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>5ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
|
| 298 |
<!-- ÈÞ´ëÆù¹øÈ£ ÀÎÁõ : End -->
|
| 299 |
<pre> </pre>
|
| 300 |
<!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : Start -->
|
| 318 |
</tr>
|
| 319 |
</table>
|
| 320 |
|
| 321 |
+
<div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>5ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
|
| 322 |
<!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : End -->
|
| 323 |
|
| 324 |
<!-- °ü¸®ÀÚID ¸ÅĪ : Start -->
|
|
@@ -2457,16 +2457,11 @@ function getSmsAutoSendLayerMessage(infoType)
|
|
| 2457 |
return htmlContents;
|
| 2458 |
}
|
| 2459 |
|
| 2460 |
-
function checkSmsPassNumberArea(
|
| 2461 |
-
|
| 2462 |
document.getElementById('smsPassNumberArea').style.display = '';
|
| 2463 |
document.getElementById('smsPassNumber').setAttribute('fld_esssential', 'fld_esssential');
|
| 2464 |
}
|
| 2465 |
-
else {
|
| 2466 |
-
document.getElementById('smsPassNumberArea').style.display = 'none';
|
| 2467 |
-
document.getElementById('smsPassNumber').removeAttribute("fld_esssential");
|
| 2468 |
-
}
|
| 2469 |
-
}
|
| 2470 |
|
| 2471 |
function sms080warningContents(actType, msgTextareaID)
|
| 2472 |
{
|
| 2457 |
return htmlContents;
|
| 2458 |
}
|
| 2459 |
|
| 2460 |
+
function checkSmsPassNumberArea(){
|
| 2461 |
+
// SMS ºñ¹Ð¹øÈ£ ÀÎÁõ ¹«Á¶°Ç ³ëÃâ
|
| 2462 |
document.getElementById('smsPassNumberArea').style.display = '';
|
| 2463 |
document.getElementById('smsPassNumber').setAttribute('fld_esssential', 'fld_esssential');
|
| 2464 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2465 |
|
| 2466 |
function sms080warningContents(actType, msgTextareaID)
|
| 2467 |
{
|
|
@@ -46,6 +46,12 @@ switch ($mode){
|
|
| 46 |
$content = "{*** " . $_POST['file_desc'] . " | " . $design_skin[ $_POST['design_file'] ]['linkurl'] . " ***}" . "\n";
|
| 47 |
if ( ereg("popup/",$_POST['design_file']) === false && ereg("outline/",$_POST['design_file']) === false ) $content .= "{ # header }\n\n{ # footer }";
|
| 48 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 |
## ÀúÀå
|
| 50 |
$qfile->open( $path = $nowPath);
|
| 51 |
if (G_CONST_MAGIC_QUOTES) $content = stripslashes( $content );
|
| 46 |
$content = "{*** " . $_POST['file_desc'] . " | " . $design_skin[ $_POST['design_file'] ]['linkurl'] . " ***}" . "\n";
|
| 47 |
if ( ereg("popup/",$_POST['design_file']) === false && ereg("outline/",$_POST['design_file']) === false ) $content .= "{ # header }\n\n{ # footer }";
|
| 48 |
|
| 49 |
+
## º¸¾ÈÀ̽´ Àû¿ë
|
| 50 |
+
$checkContent = nl2br(str_replace(["\r\n", "\r", "\n"], "", $_POST['content']));
|
| 51 |
+
if(preg_match('/(?<=\<\?)(.*?)(?=\/?>)/',$checkContent)){
|
| 52 |
+
go($_SERVER['HTTP_REFERER']);
|
| 53 |
+
}
|
| 54 |
+
|
| 55 |
## ÀúÀå
|
| 56 |
$qfile->open( $path = $nowPath);
|
| 57 |
if (G_CONST_MAGIC_QUOTES) $content = stripslashes( $content );
|
|
@@ -20,6 +20,10 @@ if ($alCert->inStatus() == 'failure') {
|
|
| 20 |
// °ü¸®ÀÚ Ã¼Å©
|
| 21 |
if ($ici_admin) go("../index.php");
|
| 22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 23 |
// OTP ¼ö½Åó
|
| 24 |
$contacts = $alCert->getOtpContants('Y');
|
| 25 |
foreach ($contacts as $data) {
|
|
@@ -117,9 +121,10 @@ var otpCert = function() {
|
|
| 117 |
case '0010':
|
| 118 |
alert('ÀÎÁõ¹øÈ£ ¿äûÀº ÃÖ´ë 10ȸ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù.\n¼îÇθô °ü¸®ÀÚ ·Î±×ÀÎÀ» ÇϽ÷Á¸é, °ü¸®ÀÚ °èÁ¤°ú ÇÔ²² 1:1¹®ÀÇ·Î ¹®ÀÇÇØÁÖ¼¼¿ä.');
|
| 119 |
break;
|
|
|
|
| 120 |
case '9999':
|
| 121 |
alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
|
| 122 |
-
break
|
| 123 |
default:
|
| 124 |
alert('±âŸ ¿À·ù');
|
| 125 |
break;
|
|
@@ -265,13 +270,15 @@ function getOtpCount(AocSno) {
|
|
| 265 |
<input type="hidden" name="token" id="token" value="<?=$_token?>" />
|
| 266 |
|
| 267 |
<div style="text-align:center;">
|
| 268 |
-
|
| 269 |
|
| 270 |
<div style="background-color:#2fade7; height:100px;">
|
| 271 |
<div style="background:url(../img/login_cert/tit_cp_security.png) no-repeat 14px 20px; height:78px; width:1002px; margin:0 auto;"></div>
|
| 272 |
</div>
|
| 273 |
|
| 274 |
-
<div style="width:
|
|
|
|
|
|
|
| 275 |
<div style="background:url(../img/login_cert/txt_security_login.gif) no-repeat; margin-top:80px; height:44px;"></div>
|
| 276 |
|
| 277 |
<div style="font:12px Dotum; color:#767676; line-height:22px; padding:15px 0;">
|
|
@@ -330,13 +337,22 @@ function getOtpCount(AocSno) {
|
|
| 330 |
<?php } ?>
|
| 331 |
|
| 332 |
<div style="font:12px Dotum; color:#9e9e9e; line-height:22px; padding:15px 0 25px;">
|
| 333 |
-
|
| 334 |
<p id="sms_notice" style="margin: 0;<?php if (!$mobile_flag) echo "display: none;"?>">¡Ø ÀÎÁõ¹øÈ£ ¿äû ½Ã <b>SMS 1Æ÷ÀÎÆ®°¡ ¼ÒÁø</b>µË´Ï´Ù.</p>
|
| 335 |
</div>
|
| 336 |
|
| 337 |
<div style="text-align:center"><input type="image" src="../img/login_cert/btn_confirm.gif" border="0"></div>
|
| 338 |
</div>
|
| 339 |
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 340 |
</form>
|
| 341 |
</body>
|
| 342 |
</html>
|
| 20 |
// °ü¸®ÀÚ Ã¼Å©
|
| 21 |
if ($ici_admin) go("../index.php");
|
| 22 |
|
| 23 |
+
// ssl ¸®´ÙÀÌ·ºÆ®
|
| 24 |
+
$adminSitelink = Core::loader('adminSitelink');
|
| 25 |
+
$adminSitelink->ready_refresh();
|
| 26 |
+
|
| 27 |
// OTP ¼ö½Åó
|
| 28 |
$contacts = $alCert->getOtpContants('Y');
|
| 29 |
foreach ($contacts as $data) {
|
| 121 |
case '0010':
|
| 122 |
alert('ÀÎÁõ¹øÈ£ ¿äûÀº ÃÖ´ë 10ȸ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù.\n¼îÇθô °ü¸®ÀÚ ·Î±×ÀÎÀ» ÇϽ÷Á¸é, °ü¸®ÀÚ °èÁ¤°ú ÇÔ²² 1:1¹®ÀÇ·Î ¹®ÀÇÇØÁÖ¼¼¿ä.');
|
| 123 |
break;
|
| 124 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 125 |
case '9999':
|
| 126 |
alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
|
| 127 |
+
break;*/
|
| 128 |
default:
|
| 129 |
alert('±âŸ ¿À·ù');
|
| 130 |
break;
|
| 270 |
<input type="hidden" name="token" id="token" value="<?=$_token?>" />
|
| 271 |
|
| 272 |
<div style="text-align:center;">
|
| 273 |
+
<div style="background:url(../img/NHN_COMMERCE_Basic.png) no-repeat 14px 9px; background-size: 103px;height:48px; width:1002px; margin:0 auto;"></div>
|
| 274 |
|
| 275 |
<div style="background-color:#2fade7; height:100px;">
|
| 276 |
<div style="background:url(../img/login_cert/tit_cp_security.png) no-repeat 14px 20px; height:78px; width:1002px; margin:0 auto;"></div>
|
| 277 |
</div>
|
| 278 |
|
| 279 |
+
<div style="width:980px; margin:0 auto;text-align:left;">
|
| 280 |
+
<div style="width: 554px; float: left">
|
| 281 |
+
<div>
|
| 282 |
<div style="background:url(../img/login_cert/txt_security_login.gif) no-repeat; margin-top:80px; height:44px;"></div>
|
| 283 |
|
| 284 |
<div style="font:12px Dotum; color:#767676; line-height:22px; padding:15px 0;">
|
| 337 |
<?php } ?>
|
| 338 |
|
| 339 |
<div style="font:12px Dotum; color:#9e9e9e; line-height:22px; padding:15px 0 25px;">
|
| 340 |
+
<p style="margin: 0;">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <b>5ºÐ</b>ÀÔ´Ï´Ù.<br/></p>
|
| 341 |
<p id="sms_notice" style="margin: 0;<?php if (!$mobile_flag) echo "display: none;"?>">¡Ø ÀÎÁõ¹øÈ£ ¿äû ½Ã <b>SMS 1Æ÷ÀÎÆ®°¡ ¼ÒÁø</b>µË´Ï´Ù.</p>
|
| 342 |
</div>
|
| 343 |
|
| 344 |
<div style="text-align:center"><input type="image" src="../img/login_cert/btn_confirm.gif" border="0"></div>
|
| 345 |
</div>
|
| 346 |
</div>
|
| 347 |
+
<div style="width: 400px; float: right; margin-top: 77px;">
|
| 348 |
+
<!-- ¹è³Ê »ç¿ëÇÏÁö ¾ÊÀ»°æ¿ì ÁÖ¼® ¾ÈÀÇ ÄÚµå »èÁ¦ -->
|
| 349 |
+
<span class="banner" id="adminlogin" >
|
| 350 |
+
<script>panelNoncheck('adminlogin', 'bannerPanel');</script>
|
| 351 |
+
</span>
|
| 352 |
+
<!-- //¹è³Ê »ç¿ëÇÏÁö ¾ÊÀ»°æ¿ì ÁÖ¼® ¾ÈÀÇ ÄÚµå »èÁ¦ -->
|
| 353 |
+
</div>
|
| 354 |
+
</div>
|
| 355 |
+
</div>
|
| 356 |
</form>
|
| 357 |
</body>
|
| 358 |
</html>
|
|
@@ -10,9 +10,10 @@ if (G_CONST_MAGIC_QUOTES) {
|
|
| 10 |
|
| 11 |
$alCert = Core::loader('adminLoginCert');
|
| 12 |
|
| 13 |
-
|
|
|
|
| 14 |
exit('9999');
|
| 15 |
-
}
|
| 16 |
|
| 17 |
switch ($_POST['mode']) {
|
| 18 |
case 'sendLoginOtp': // Login OTP Àü¼Û
|
| 10 |
|
| 11 |
$alCert = Core::loader('adminLoginCert');
|
| 12 |
|
| 13 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 14 |
+
* if ($alCert->useLoginCert !== true) { // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ È®ÀÎ
|
| 15 |
exit('9999');
|
| 16 |
+
}*/
|
| 17 |
|
| 18 |
switch ($_POST['mode']) {
|
| 19 |
case 'sendLoginOtp': // Login OTP Àü¼Û
|
|
@@ -248,7 +248,9 @@ window.onload = function(){
|
|
| 248 |
if(document.getElementById('smsReceiveRefuseCount').value > 0){
|
| 249 |
document.getElementById("smsReceiveRefuse").style.display = 'inline-block';
|
| 250 |
}
|
| 251 |
-
|
|
|
|
|
|
|
| 252 |
}
|
| 253 |
|
| 254 |
function eventStop(event){
|
| 248 |
if(document.getElementById('smsReceiveRefuseCount').value > 0){
|
| 249 |
document.getElementById("smsReceiveRefuse").style.display = 'inline-block';
|
| 250 |
}
|
| 251 |
+
|
| 252 |
+
// SMS ºñ¹Ð¹øÈ£ ÀÎÁõ ¹«Á¶°Ç ³ëÃâ
|
| 253 |
+
checkSmsPassNumberArea();
|
| 254 |
}
|
| 255 |
|
| 256 |
function eventStop(event){
|
|
@@ -10,7 +10,7 @@
|
|
| 10 |
<TABLE cellSpacing=0 cellPadding=0 align=center border=0>
|
| 11 |
<TBODY>
|
| 12 |
<TR>
|
| 13 |
-
<TD style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 20px; PADDING-TOP: 20px" align=middle><DIV>ÀÎÁõ¹øÈ£¸¦ ¾È³» µå¸³´Ï´Ù.<BR>¾Æ·¡ ¹øÈ£¸¦ ÀÎÁõ¹øÈ£ ÀԷ¶õ¿¡ ÀÔ·ÂÇÏ½Ã¸é º¸¾ÈÀÎÁõÀÌ ¿Ï·áµË´Ï´Ù.<BR>ÀÎÁõ¹øÈ£´Â
|
| 14 |
</DIV>
|
| 15 |
<TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
|
| 16 |
<TBODY>
|
| 10 |
<TABLE cellSpacing=0 cellPadding=0 align=center border=0>
|
| 11 |
<TBODY>
|
| 12 |
<TR>
|
| 13 |
+
<TD style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 20px; PADDING-TOP: 20px" align=middle><DIV>ÀÎÁõ¹øÈ£¸¦ ¾È³» µå¸³´Ï´Ù.<BR>¾Æ·¡ ¹øÈ£¸¦ ÀÎÁõ¹øÈ£ ÀԷ¶õ¿¡ ÀÔ·ÂÇÏ½Ã¸é º¸¾ÈÀÎÁõÀÌ ¿Ï·áµË´Ï´Ù.<BR>ÀÎÁõ¹øÈ£´Â 5ºÐ µ¿¾È À¯È¿Çϸç, 5ºÐ °æ°ú ½Ã ÀÎÁõ¹øÈ£¸¦ Àç¹ß±Þ ¹ÞÀ¸¼Å¾ß ÇÕ´Ï´Ù.</DIV><DIV STYLE="MARGIN:10px;PADDING:10px;TEXT-ALIGN:CENTER;BACKGROUND-COLOR:#FDEADA;COLOR:#FF0000;FONT-WEIGHT:BOLD;">ÀÎÁõ¹øÈ£ : {authNum}</DIV></TD></TR></TBODY></TABLE><!--º»¹® ºÎºÐ : End --><!--¸ÞÀÏ ÇÏ´Ü : Start -->
|
| 14 |
</DIV>
|
| 15 |
<TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
|
| 16 |
<TBODY>
|
|
@@ -6,10 +6,12 @@
|
|
| 6 |
class adminLoginCert
|
| 7 |
{
|
| 8 |
var $useLoginCert;
|
|
|
|
| 9 |
|
| 10 |
function adminLoginCert()
|
| 11 |
{
|
| 12 |
-
|
|
|
|
| 13 |
$cfgfile = dirname(__FILE__).'/../conf/config.admin_login_cert.php';
|
| 14 |
if(file_exists($cfgfile)) @include $cfgfile;
|
| 15 |
if ($admLoginCertCfg['use'] == 'Y') {
|
|
@@ -17,7 +19,7 @@ class adminLoginCert
|
|
| 17 |
}
|
| 18 |
else {
|
| 19 |
$this->useLoginCert = false;
|
| 20 |
-
}
|
| 21 |
|
| 22 |
// Á¢¼Ó IP üũ
|
| 23 |
if ($admLoginCertCfg['unCheckGdip'] != 'Y') {
|
|
@@ -88,7 +90,8 @@ class adminLoginCert
|
|
| 88 |
*/
|
| 89 |
function loginStatus()
|
| 90 |
{
|
| 91 |
-
|
|
|
|
| 92 |
if ($this->useLoginCert !== true) return 'unused';
|
| 93 |
|
| 94 |
// 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
|
|
@@ -98,6 +101,9 @@ class adminLoginCert
|
|
| 98 |
);
|
| 99 |
$this->setAdminLoginCert($data);
|
| 100 |
return 'unused';
|
|
|
|
|
|
|
|
|
|
| 101 |
}
|
| 102 |
|
| 103 |
// 3. ÀÎÁõÈ®ÀÎÀº Çϰí ÀÎÁõ·Î±×ÀÎ ¾ÈÇÑ °æ¿ì
|
|
@@ -117,7 +123,8 @@ class adminLoginCert
|
|
| 117 |
*/
|
| 118 |
function inStatus()
|
| 119 |
{
|
| 120 |
-
|
|
|
|
| 121 |
if ($this->useLoginCert !== true) return 'unused';
|
| 122 |
|
| 123 |
// 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
|
|
@@ -127,6 +134,9 @@ class adminLoginCert
|
|
| 127 |
);
|
| 128 |
$this->setAdminLoginCert($data);
|
| 129 |
return 'unused';
|
|
|
|
|
|
|
|
|
|
| 130 |
}
|
| 131 |
|
| 132 |
// 3. ÀÎÁõÈ®ÀÎ ¹× ÀÎÁõ·Î±×ÀÎÇÑ °æ¿ì
|
|
@@ -244,7 +254,7 @@ class adminLoginCert
|
|
| 244 |
|
| 245 |
$_mb['token'] = $_token;
|
| 246 |
|
| 247 |
-
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+
|
| 248 |
$db->query($query);
|
| 249 |
}
|
| 250 |
}
|
|
@@ -299,6 +309,7 @@ class adminLoginCert
|
|
| 299 |
}
|
| 300 |
|
| 301 |
// ¾÷µ¥ÀÌÆ®
|
|
|
|
| 302 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 303 |
$db->query($query);
|
| 304 |
|
|
@@ -333,7 +344,7 @@ class adminLoginCert
|
|
| 333 |
// üũ
|
| 334 |
$query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where mb.m_no = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($_aoc['m_no']), $db->_escape($token));
|
| 335 |
if (($_mb = $db->fetch($query, 1)) !== false) {
|
| 336 |
-
// À¯È¿±â°£(
|
| 337 |
if ($_mb['expire'] < date('Y-m-d H:i:s')) {
|
| 338 |
$db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
|
| 339 |
return '0003';
|
|
@@ -346,6 +357,7 @@ class adminLoginCert
|
|
| 346 |
}
|
| 347 |
|
| 348 |
// OTP üũ
|
|
|
|
| 349 |
if ($_mb['otp'] == $otp) {
|
| 350 |
$query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 351 |
$db->query($query);
|
|
@@ -393,7 +405,7 @@ class adminLoginCert
|
|
| 393 |
|
| 394 |
$_mb['token'] = $_token;
|
| 395 |
|
| 396 |
-
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+
|
| 397 |
$db->query($query);
|
| 398 |
}
|
| 399 |
}
|
|
@@ -429,6 +441,7 @@ class adminLoginCert
|
|
| 429 |
}
|
| 430 |
|
| 431 |
// ¾÷µ¥ÀÌÆ®
|
|
|
|
| 432 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 433 |
$db->query($query);
|
| 434 |
|
|
@@ -463,7 +476,7 @@ class adminLoginCert
|
|
| 463 |
|
| 464 |
$_mb['token'] = $_token;
|
| 465 |
|
| 466 |
-
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+
|
| 467 |
$db->query($query);
|
| 468 |
}
|
| 469 |
}
|
|
@@ -492,6 +505,7 @@ class adminLoginCert
|
|
| 492 |
}
|
| 493 |
|
| 494 |
// ¾÷µ¥ÀÌÆ®
|
|
|
|
| 495 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 496 |
$db->query($query);
|
| 497 |
|
|
@@ -521,7 +535,7 @@ class adminLoginCert
|
|
| 521 |
// üũ
|
| 522 |
$query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where otp.m_id = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($sess['m_id']), $db->_escape($token));
|
| 523 |
if (($_mb = $db->fetch($query, 1)) !== false) {
|
| 524 |
-
// À¯È¿±â°£(
|
| 525 |
if ($_mb['expire'] < date('Y-m-d H:i:s')) {
|
| 526 |
$db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
|
| 527 |
return '0003';
|
|
@@ -534,6 +548,7 @@ class adminLoginCert
|
|
| 534 |
}
|
| 535 |
|
| 536 |
// OTP üũ
|
|
|
|
| 537 |
if ($_mb['otp'] == $otp) {
|
| 538 |
$query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 539 |
$db->query($query);
|
|
@@ -706,5 +721,38 @@ class adminLoginCert
|
|
| 706 |
$AdminLog->runWriteAdminLog();
|
| 707 |
}
|
| 708 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 709 |
}
|
| 710 |
?>
|
| 6 |
class adminLoginCert
|
| 7 |
{
|
| 8 |
var $useLoginCert;
|
| 9 |
+
var $gd_key = "704e364feaa3bf977bfa62c419f0b1ac";
|
| 10 |
|
| 11 |
function adminLoginCert()
|
| 12 |
{
|
| 13 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 14 |
+
* // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ
|
| 15 |
$cfgfile = dirname(__FILE__).'/../conf/config.admin_login_cert.php';
|
| 16 |
if(file_exists($cfgfile)) @include $cfgfile;
|
| 17 |
if ($admLoginCertCfg['use'] == 'Y') {
|
| 19 |
}
|
| 20 |
else {
|
| 21 |
$this->useLoginCert = false;
|
| 22 |
+
}*/
|
| 23 |
|
| 24 |
// Á¢¼Ó IP üũ
|
| 25 |
if ($admLoginCertCfg['unCheckGdip'] != 'Y') {
|
| 90 |
*/
|
| 91 |
function loginStatus()
|
| 92 |
{
|
| 93 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 94 |
+
* // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
|
| 95 |
if ($this->useLoginCert !== true) return 'unused';
|
| 96 |
|
| 97 |
// 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
|
| 101 |
);
|
| 102 |
$this->setAdminLoginCert($data);
|
| 103 |
return 'unused';
|
| 104 |
+
}*/
|
| 105 |
+
if ($this->checkGdip() === true) {
|
| 106 |
+
return 'success';
|
| 107 |
}
|
| 108 |
|
| 109 |
// 3. ÀÎÁõÈ®ÀÎÀº Çϰí ÀÎÁõ·Î±×ÀÎ ¾ÈÇÑ °æ¿ì
|
| 123 |
*/
|
| 124 |
function inStatus()
|
| 125 |
{
|
| 126 |
+
/* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
|
| 127 |
+
* // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
|
| 128 |
if ($this->useLoginCert !== true) return 'unused';
|
| 129 |
|
| 130 |
// 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
|
| 134 |
);
|
| 135 |
$this->setAdminLoginCert($data);
|
| 136 |
return 'unused';
|
| 137 |
+
}*/
|
| 138 |
+
if ($this->checkGdip() === true) {
|
| 139 |
+
return 'success';
|
| 140 |
}
|
| 141 |
|
| 142 |
// 3. ÀÎÁõÈ®ÀÎ ¹× ÀÎÁõ·Î±×ÀÎÇÑ °æ¿ì
|
| 254 |
|
| 255 |
$_mb['token'] = $_token;
|
| 256 |
|
| 257 |
+
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+5 minute', $now))); // À¯È¿±â°£ 5ºÐ
|
| 258 |
$db->query($query);
|
| 259 |
}
|
| 260 |
}
|
| 309 |
}
|
| 310 |
|
| 311 |
// ¾÷µ¥ÀÌÆ®
|
| 312 |
+
$authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾ÏÈ£È
|
| 313 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 314 |
$db->query($query);
|
| 315 |
|
| 344 |
// üũ
|
| 345 |
$query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where mb.m_no = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($_aoc['m_no']), $db->_escape($token));
|
| 346 |
if (($_mb = $db->fetch($query, 1)) !== false) {
|
| 347 |
+
// À¯È¿±â°£(5ºÐ) üũ
|
| 348 |
if ($_mb['expire'] < date('Y-m-d H:i:s')) {
|
| 349 |
$db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
|
| 350 |
return '0003';
|
| 357 |
}
|
| 358 |
|
| 359 |
// OTP üũ
|
| 360 |
+
$_mb['otp'] = $this->MCRYPT_decode($_mb['otp']); // opt ÀÎÁõ¹øÈ£ º¹È£È
|
| 361 |
if ($_mb['otp'] == $otp) {
|
| 362 |
$query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 363 |
$db->query($query);
|
| 405 |
|
| 406 |
$_mb['token'] = $_token;
|
| 407 |
|
| 408 |
+
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+5 minute', $now))); // À¯È¿±â°£ 5ºÐ
|
| 409 |
$db->query($query);
|
| 410 |
}
|
| 411 |
}
|
| 441 |
}
|
| 442 |
|
| 443 |
// ¾÷µ¥ÀÌÆ®
|
| 444 |
+
$authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾ÏÈ£È
|
| 445 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 446 |
$db->query($query);
|
| 447 |
|
| 476 |
|
| 477 |
$_mb['token'] = $_token;
|
| 478 |
|
| 479 |
+
$query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+10 minute', $now))); // À¯È¿±â°£ 10ºÐ
|
| 480 |
$db->query($query);
|
| 481 |
}
|
| 482 |
}
|
| 505 |
}
|
| 506 |
|
| 507 |
// ¾÷µ¥ÀÌÆ®
|
| 508 |
+
$authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾ÏÈ£È
|
| 509 |
$query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 510 |
$db->query($query);
|
| 511 |
|
| 535 |
// üũ
|
| 536 |
$query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where otp.m_id = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($sess['m_id']), $db->_escape($token));
|
| 537 |
if (($_mb = $db->fetch($query, 1)) !== false) {
|
| 538 |
+
// À¯È¿±â°£(5ºÐ) üũ
|
| 539 |
if ($_mb['expire'] < date('Y-m-d H:i:s')) {
|
| 540 |
$db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
|
| 541 |
return '0003';
|
| 548 |
}
|
| 549 |
|
| 550 |
// OTP üũ
|
| 551 |
+
$_mb['otp'] = $this->MCRYPT_decode($_mb['otp']); // opt ÀÎÁõ¹øÈ£ º¹È£È
|
| 552 |
if ($_mb['otp'] == $otp) {
|
| 553 |
$query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
|
| 554 |
$db->query($query);
|
| 721 |
$AdminLog->runWriteAdminLog();
|
| 722 |
}
|
| 723 |
}
|
| 724 |
+
|
| 725 |
+
/****************** ¾ÏÈ£È ½ÃÀÛ ********************/
|
| 726 |
+
function MCRYPT_encode($plain_text) {
|
| 727 |
+
$padSize = 16 - (strlen ($plain_text) % 16) ;
|
| 728 |
+
$plain_text = $plain_text . str_repeat (chr ($padSize), $padSize) ;
|
| 729 |
+
$output = mcrypt_encrypt (MCRYPT_RIJNDAEL_128, $this->gd_key, $plain_text, MCRYPT_MODE_CBC, str_repeat(chr(0),16)) ;
|
| 730 |
+
return base64_encode ($output) ;
|
| 731 |
+
}
|
| 732 |
+
/****************** ¾ÏÈ£È Á¾·á ********************/
|
| 733 |
+
|
| 734 |
+
/************** º¹È£È START ****************/
|
| 735 |
+
function MCRYPT_decode($base64_text) {
|
| 736 |
+
$base64_text = base64_decode ($base64_text) ;
|
| 737 |
+
$output = mcrypt_decrypt (MCRYPT_RIJNDAEL_128, $this->gd_key, $base64_text, MCRYPT_MODE_CBC, str_repeat(chr(0),16)) ;
|
| 738 |
+
|
| 739 |
+
$valueLen = strlen ($output) ;
|
| 740 |
+
if ( $valueLen % 16 > 0 )
|
| 741 |
+
$output = "";
|
| 742 |
+
|
| 743 |
+
$padSize = ord ($output{$valueLen - 1}) ;
|
| 744 |
+
if ( ($padSize < 1) or ($padSize > 16) )
|
| 745 |
+
$output = ""; // Check padding.
|
| 746 |
+
|
| 747 |
+
for ($i = 0; $i < $padSize; $i++)
|
| 748 |
+
{
|
| 749 |
+
if ( ord ($output{$valueLen - $i - 1}) != $padSize )
|
| 750 |
+
$output = "";
|
| 751 |
+
}
|
| 752 |
+
$output = substr ($output, 0, $valueLen - $padSize) ;
|
| 753 |
+
|
| 754 |
+
return $output;
|
| 755 |
+
}
|
| 756 |
+
/************** º¹È£È END ****************/
|
| 757 |
}
|
| 758 |
?>
|