ÇÁ·Î±×·¥ ÆÐÄ¡ ¹æ¹ý

¡Ø 2018³â 05¿ù 21ÀÏ ÀÌ ÈÄ¿¡ À̳ª¹« µ¶¸³ÇüÀ» ±¸¸ÅÇϽŠºÐµéÀº ÇØ´ç ÇÁ·Î±×·¥ ÆÐÄ¡(PHP 5.6)·Î Àû¿ëÇÏ¼Å¾ß ÇÕ´Ï´Ù.
- ´Ü, ¿ÜºÎÈ£½ºÆÃ ¹× ¼­¹öÈ£½ºÆÃÀ» ÀÌ¿ëÇϽô ºÐµéÀº 2018³â 05¿ù 21ÀÏ ÀÌ ÈÄ¿¡ ±¸¸ÅÇϼ̴õ¶óµµ,
e³ª¹« ½ÃÁð4 µ¶¸³Çü (PHP 5.2) ÇÁ·Î±×·¥ ÆÐÄ¡¸¦ Àû¿ëÇÏ¼Å¾ß ÇÕ´Ï´Ù.
º» ÆÐÄ¡´Â Á¦°øµÇ´Â ÆÐÄ¡ ¹æ¹ý°ú ¼Ò½º¸¦ ±âÃÊ·Î ÇÏ¿© Á÷Á¢ ¼öÁ¤Çϱ⸦ ±ÇÀåÇÕ´Ï´Ù.
±âÁ¸(ÀÌÀü) ÆÐÄ¡Ç׸ñµéÀ» ÆÐÄ¡ÇÏÁö ¾ÊÀº »óÅ¿¡¼­ ÇÁ·Î±×·¥ ÆÄÀϵéÀ» ±×´ë·Î µ¤¾î¾º¿ï °æ¿ì¿¡
ÇÔ¼ö°¡ ¾ø´Ù°Å³ª DB Çʵ尡 ¾ø´Ù´Â µîÀÇ ¿À·ù°¡ ¹ß»ýÇÒ È®·üÀÌ ³ô½À´Ï´Ù.
  1. ¼îÇθô FTPÁ¢¼ÓÈÄ ¾Æ·¡ ÆÄÀÏÀ» ¼öÁ¤ÇÔ.
shop/admin/basic/adm_popup_login_cert_regit.php CHANGED
@@ -86,9 +86,10 @@ var otpCert = function() {
86
  case '0009':
87
  alert('À̸ÞÀÏÀ¸·Î ÀÎÁõ¹øÈ£¸¦ Àü¼ÛÇÏÁö ¸øÇß½À´Ï´Ù.\nÀü¼ÛÀÌ ºÒ°¡´ÉÇÑ À̸ÞÀÏ ÁÖ¼Ò ÀÔ´Ï´Ù.');
88
  break;
 
89
  case '9999':
90
  alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
91
- break;
92
  default:
93
  alert('±âŸ ¿À·ù');
94
  break;
@@ -293,7 +294,7 @@ function chkForm2(obj)
293
  </tr>
294
  </table>
295
 
296
- <div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>3ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
297
  <!-- ÈÞ´ëÆù¹øÈ£ ÀÎÁõ : End -->
298
  <pre> </pre>
299
  <!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : Start -->
@@ -317,7 +318,7 @@ function chkForm2(obj)
317
  </tr>
318
  </table>
319
 
320
- <div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>3ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
321
  <!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : End -->
322
 
323
  <!-- °ü¸®ÀÚID ¸ÅĪ : Start -->
86
  case '0009':
87
  alert('À̸ÞÀÏÀ¸·Î ÀÎÁõ¹øÈ£¸¦ Àü¼ÛÇÏÁö ¸øÇß½À´Ï´Ù.\nÀü¼ÛÀÌ ºÒ°¡´ÉÇÑ À̸ÞÀÏ ÁÖ¼Ò ÀÔ´Ï´Ù.');
88
  break;
89
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
90
  case '9999':
91
  alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
92
+ break;*/
93
  default:
94
  alert('±âŸ ¿À·ù');
95
  break;
294
  </tr>
295
  </table>
296
 
297
+ <div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>5ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
298
  <!-- ÈÞ´ëÆù¹øÈ£ ÀÎÁõ : End -->
299
  <pre> </pre>
300
  <!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : Start -->
318
  </tr>
319
  </table>
320
 
321
+ <div style="margin-top:5px"><span class="small"><font class="extext">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <span class="red"><b>5ºÐ</b></span>À̸ç, ÀÎÁõ¹øÈ£¸¦ ÀÔ·Â ÈÄ ¹Ýµå½Ã <b>'È®ÀÎ'</b> ¹öưÀ» Ŭ¸¯ÇÏ¼Å¾ß ÇÕ´Ï´Ù.</font></span></div>
322
  <!-- À̸ÞÀÏÁÖ¼Ò ÀÎÁõ : End -->
323
 
324
  <!-- °ü¸®ÀÚID ¸ÅĪ : Start -->
shop/admin/common.js CHANGED
@@ -2457,16 +2457,11 @@ function getSmsAutoSendLayerMessage(infoType)
2457
  return htmlContents;
2458
  }
2459
 
2460
- function checkSmsPassNumberArea(totalCount){
2461
- if(totalCount > 1){
2462
  document.getElementById('smsPassNumberArea').style.display = '';
2463
  document.getElementById('smsPassNumber').setAttribute('fld_esssential', 'fld_esssential');
2464
  }
2465
- else {
2466
- document.getElementById('smsPassNumberArea').style.display = 'none';
2467
- document.getElementById('smsPassNumber').removeAttribute("fld_esssential");
2468
- }
2469
- }
2470
 
2471
  function sms080warningContents(actType, msgTextareaID)
2472
  {
2457
  return htmlContents;
2458
  }
2459
 
2460
+ function checkSmsPassNumberArea(){
2461
+ // SMS ºñ¹Ð¹øÈ£ ÀÎÁõ ¹«Á¶°Ç ³ëÃâ
2462
  document.getElementById('smsPassNumberArea').style.display = '';
2463
  document.getElementById('smsPassNumber').setAttribute('fld_esssential', 'fld_esssential');
2464
  }
 
 
 
 
 
2465
 
2466
  function sms080warningContents(actType, msgTextareaID)
2467
  {
shop/admin/design/codi/indb.php CHANGED
@@ -46,6 +46,12 @@ switch ($mode){
46
  $content = "{*** " . $_POST['file_desc'] . " | " . $design_skin[ $_POST['design_file'] ]['linkurl'] . " ***}" . "\n";
47
  if ( ereg("popup/",$_POST['design_file']) === false && ereg("outline/",$_POST['design_file']) === false ) $content .= "{ # header }\n\n{ # footer }";
48
 
 
 
 
 
 
 
49
  ## ÀúÀå
50
  $qfile->open( $path = $nowPath);
51
  if (G_CONST_MAGIC_QUOTES) $content = stripslashes( $content );
46
  $content = "{*** " . $_POST['file_desc'] . " | " . $design_skin[ $_POST['design_file'] ]['linkurl'] . " ***}" . "\n";
47
  if ( ereg("popup/",$_POST['design_file']) === false && ereg("outline/",$_POST['design_file']) === false ) $content .= "{ # header }\n\n{ # footer }";
48
 
49
+ ## º¸¾ÈÀ̽´ Àû¿ë
50
+ $checkContent = nl2br(str_replace(["\r\n", "\r", "\n"], "", $_POST['content']));
51
+ if(preg_match('/(?<=\<\?)(.*?)(?=\/?>)/',$checkContent)){
52
+ go($_SERVER['HTTP_REFERER']);
53
+ }
54
+
55
  ## ÀúÀå
56
  $qfile->open( $path = $nowPath);
57
  if (G_CONST_MAGIC_QUOTES) $content = stripslashes( $content );
shop/admin/login/adm_login_cert.php CHANGED
@@ -20,6 +20,10 @@ if ($alCert->inStatus() == 'failure') {
20
  // °ü¸®ÀÚ Ã¼Å©
21
  if ($ici_admin) go("../index.php");
22
 
 
 
 
 
23
  // OTP ¼ö½Åó
24
  $contacts = $alCert->getOtpContants('Y');
25
  foreach ($contacts as $data) {
@@ -117,9 +121,10 @@ var otpCert = function() {
117
  case '0010':
118
  alert('ÀÎÁõ¹øÈ£ ¿äûÀº ÃÖ´ë 10ȸ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù.\n¼îÇθô °ü¸®ÀÚ ·Î±×ÀÎÀ» ÇϽ÷Á¸é, °ü¸®ÀÚ °èÁ¤°ú ÇÔ²² 1:1¹®ÀÇ·Î ¹®ÀÇÇØÁÖ¼¼¿ä.');
119
  break;
 
120
  case '9999':
121
  alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
122
- break;
123
  default:
124
  alert('±âŸ ¿À·ù');
125
  break;
@@ -265,13 +270,15 @@ function getOtpCount(AocSno) {
265
  <input type="hidden" name="token" id="token" value="<?=$_token?>" />
266
 
267
  <div style="text-align:center;">
268
- <div style="background:url(../img/login_cert/godo_logo.png) no-repeat 14px 9px; height:48px; width:1002px; margin:0 auto;"></div>
269
 
270
  <div style="background-color:#2fade7; height:100px;">
271
  <div style="background:url(../img/login_cert/tit_cp_security.png) no-repeat 14px 20px; height:78px; width:1002px; margin:0 auto;"></div>
272
  </div>
273
 
274
- <div style="width:670px; margin:0 auto;text-align:left;">
 
 
275
  <div style="background:url(../img/login_cert/txt_security_login.gif) no-repeat; margin-top:80px; height:44px;"></div>
276
 
277
  <div style="font:12px Dotum; color:#767676; line-height:22px; padding:15px 0;">
@@ -330,13 +337,22 @@ function getOtpCount(AocSno) {
330
  <?php } ?>
331
 
332
  <div style="font:12px Dotum; color:#9e9e9e; line-height:22px; padding:15px 0 25px;">
333
- <p style="margin: 0;">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <b>3ºÐ</b>ÀÔ´Ï´Ù.<br/></p>
334
  <p id="sms_notice" style="margin: 0;<?php if (!$mobile_flag) echo "display: none;"?>">¡Ø ÀÎÁõ¹øÈ£ ¿äû ½Ã <b>SMS 1Æ÷ÀÎÆ®°¡ ¼ÒÁø</b>µË´Ï´Ù.</p>
335
  </div>
336
 
337
  <div style="text-align:center"><input type="image" src="../img/login_cert/btn_confirm.gif" border="0"></div>
338
  </div>
339
  </div>
 
 
 
 
 
 
 
 
 
340
  </form>
341
  </body>
342
  </html>
20
  // °ü¸®ÀÚ Ã¼Å©
21
  if ($ici_admin) go("../index.php");
22
 
23
+ // ssl ¸®´ÙÀÌ·ºÆ®
24
+ $adminSitelink = Core::loader('adminSitelink');
25
+ $adminSitelink->ready_refresh();
26
+
27
  // OTP ¼ö½Åó
28
  $contacts = $alCert->getOtpContants('Y');
29
  foreach ($contacts as $data) {
121
  case '0010':
122
  alert('ÀÎÁõ¹øÈ£ ¿äûÀº ÃÖ´ë 10ȸ±îÁö¸¸ °¡´ÉÇÕ´Ï´Ù.\n¼îÇθô °ü¸®ÀÚ ·Î±×ÀÎÀ» ÇϽ÷Á¸é, °ü¸®ÀÚ °èÁ¤°ú ÇÔ²² 1:1¹®ÀÇ·Î ¹®ÀÇÇØÁÖ¼¼¿ä.');
123
  break;
124
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
125
  case '9999':
126
  alert('°ü¸®ÀÚº¸¾È ÀÎÁõÀ» ÀÌ¿ëÇϰí ÀÖÁö ¾Ê½À´Ï´Ù.');
127
+ break;*/
128
  default:
129
  alert('±âŸ ¿À·ù');
130
  break;
270
  <input type="hidden" name="token" id="token" value="<?=$_token?>" />
271
 
272
  <div style="text-align:center;">
273
+ <div style="background:url(../img/NHN_COMMERCE_Basic.png) no-repeat 14px 9px; background-size: 103px;height:48px; width:1002px; margin:0 auto;"></div>
274
 
275
  <div style="background-color:#2fade7; height:100px;">
276
  <div style="background:url(../img/login_cert/tit_cp_security.png) no-repeat 14px 20px; height:78px; width:1002px; margin:0 auto;"></div>
277
  </div>
278
 
279
+ <div style="width:980px; margin:0 auto;text-align:left;">
280
+ <div style="width: 554px; float: left">
281
+ <div>
282
  <div style="background:url(../img/login_cert/txt_security_login.gif) no-repeat; margin-top:80px; height:44px;"></div>
283
 
284
  <div style="font:12px Dotum; color:#767676; line-height:22px; padding:15px 0;">
337
  <?php } ?>
338
 
339
  <div style="font:12px Dotum; color:#9e9e9e; line-height:22px; padding:15px 0 25px;">
340
+ <p style="margin: 0;">¡Ø ÀÎÁõ¹øÈ£ÀÇ À¯È¿½Ã°£Àº <b>5ºÐ</b>ÀÔ´Ï´Ù.<br/></p>
341
  <p id="sms_notice" style="margin: 0;<?php if (!$mobile_flag) echo "display: none;"?>">¡Ø ÀÎÁõ¹øÈ£ ¿äû ½Ã <b>SMS 1Æ÷ÀÎÆ®°¡ ¼ÒÁø</b>µË´Ï´Ù.</p>
342
  </div>
343
 
344
  <div style="text-align:center"><input type="image" src="../img/login_cert/btn_confirm.gif" border="0"></div>
345
  </div>
346
  </div>
347
+ <div style="width: 400px; float: right; margin-top: 77px;">
348
+ <!-- ¹è³Ê »ç¿ëÇÏÁö ¾ÊÀ»°æ¿ì ÁÖ¼® ¾ÈÀÇ ÄÚµå »èÁ¦ -->
349
+ <span class="banner" id="adminlogin" >
350
+ <script>panelNoncheck('adminlogin', 'bannerPanel');</script>
351
+ </span>
352
+ <!-- //¹è³Ê »ç¿ëÇÏÁö ¾ÊÀ»°æ¿ì ÁÖ¼® ¾ÈÀÇ ÄÚµå »èÁ¦ -->
353
+ </div>
354
+ </div>
355
+ </div>
356
  </form>
357
  </body>
358
  </html>
shop/admin/login/indb.adm_login_cert.php CHANGED
@@ -10,9 +10,10 @@ if (G_CONST_MAGIC_QUOTES) {
10
 
11
  $alCert = Core::loader('adminLoginCert');
12
 
13
- if ($alCert->useLoginCert !== true) { // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ È®ÀÎ
 
14
  exit('9999');
15
- }
16
 
17
  switch ($_POST['mode']) {
18
  case 'sendLoginOtp': // Login OTP Àü¼Û
10
 
11
  $alCert = Core::loader('adminLoginCert');
12
 
13
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
14
+ * if ($alCert->useLoginCert !== true) { // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ È®ÀÎ
15
  exit('9999');
16
+ }*/
17
 
18
  switch ($_POST['mode']) {
19
  case 'sendLoginOtp': // Login OTP Àü¼Û
shop/admin/member/popup.sms.php CHANGED
@@ -248,7 +248,9 @@ window.onload = function(){
248
  if(document.getElementById('smsReceiveRefuseCount').value > 0){
249
  document.getElementById("smsReceiveRefuse").style.display = 'inline-block';
250
  }
251
- checkSmsPassNumberArea('<?php echo $total; ?>');
 
 
252
  }
253
 
254
  function eventStop(event){
248
  if(document.getElementById('smsReceiveRefuseCount').value > 0){
249
  document.getElementById("smsReceiveRefuse").style.display = 'inline-block';
250
  }
251
+
252
+ // SMS ºñ¹Ð¹øÈ£ ÀÎÁõ ¹«Á¶°Ç ³ëÃâ
253
+ checkSmsPassNumberArea();
254
  }
255
 
256
  function eventStop(event){
shop/conf/email/tpl_15.php CHANGED
@@ -10,7 +10,7 @@
10
  <TABLE cellSpacing=0 cellPadding=0 align=center border=0>
11
  <TBODY>
12
  <TR>
13
- <TD style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 20px; PADDING-TOP: 20px" align=middle><DIV>ÀÎÁõ¹øÈ£¸¦ ¾È³» µå¸³´Ï´Ù.<BR>¾Æ·¡ ¹øÈ£¸¦ ÀÎÁõ¹øÈ£ ÀԷ¶õ¿¡ ÀÔ·ÂÇÏ½Ã¸é º¸¾ÈÀÎÁõÀÌ ¿Ï·áµË´Ï´Ù.<BR>ÀÎÁõ¹øÈ£´Â 3ºÐ µ¿¾È À¯È¿Çϸç, 3ºÐ °æ°ú ½Ã ÀÎÁõ¹øÈ£¸¦ Àç¹ß±Þ ¹ÞÀ¸¼Å¾ß ÇÕ´Ï´Ù.</DIV><DIV STYLE="MARGIN:10px;PADDING:10px;TEXT-ALIGN:CENTER;BACKGROUND-COLOR:#FDEADA;COLOR:#FF0000;FONT-WEIGHT:BOLD;">ÀÎÁõ¹øÈ£ : {authNum}</DIV></TD></TR></TBODY></TABLE><!--º»¹® ºÎºÐ : End --><!--¸ÞÀÏ ÇÏ´Ü : Start -->
14
  </DIV>
15
  <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
16
  <TBODY>
10
  <TABLE cellSpacing=0 cellPadding=0 align=center border=0>
11
  <TBODY>
12
  <TR>
13
+ <TD style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 20px; PADDING-TOP: 20px" align=middle><DIV>ÀÎÁõ¹øÈ£¸¦ ¾È³» µå¸³´Ï´Ù.<BR>¾Æ·¡ ¹øÈ£¸¦ ÀÎÁõ¹øÈ£ ÀԷ¶õ¿¡ ÀÔ·ÂÇÏ½Ã¸é º¸¾ÈÀÎÁõÀÌ ¿Ï·áµË´Ï´Ù.<BR>ÀÎÁõ¹øÈ£´Â 5ºÐ µ¿¾È À¯È¿Çϸç, 5ºÐ °æ°ú ½Ã ÀÎÁõ¹øÈ£¸¦ Àç¹ß±Þ ¹ÞÀ¸¼Å¾ß ÇÕ´Ï´Ù.</DIV><DIV STYLE="MARGIN:10px;PADDING:10px;TEXT-ALIGN:CENTER;BACKGROUND-COLOR:#FDEADA;COLOR:#FF0000;FONT-WEIGHT:BOLD;">ÀÎÁõ¹øÈ£ : {authNum}</DIV></TD></TR></TBODY></TABLE><!--º»¹® ºÎºÐ : End --><!--¸ÞÀÏ ÇÏ´Ü : Start -->
14
  </DIV>
15
  <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
16
  <TBODY>
shop/lib/adminLoginCert.class.php CHANGED
@@ -6,10 +6,12 @@
6
  class adminLoginCert
7
  {
8
  var $useLoginCert;
 
9
 
10
  function adminLoginCert()
11
  {
12
- // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ
 
13
  $cfgfile = dirname(__FILE__).'/../conf/config.admin_login_cert.php';
14
  if(file_exists($cfgfile)) @include $cfgfile;
15
  if ($admLoginCertCfg['use'] == 'Y') {
@@ -17,7 +19,7 @@ class adminLoginCert
17
  }
18
  else {
19
  $this->useLoginCert = false;
20
- }
21
 
22
  // Á¢¼Ó IP üũ
23
  if ($admLoginCertCfg['unCheckGdip'] != 'Y') {
@@ -88,7 +90,8 @@ class adminLoginCert
88
  */
89
  function loginStatus()
90
  {
91
- // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
 
92
  if ($this->useLoginCert !== true) return 'unused';
93
 
94
  // 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
@@ -98,6 +101,9 @@ class adminLoginCert
98
  );
99
  $this->setAdminLoginCert($data);
100
  return 'unused';
 
 
 
101
  }
102
 
103
  // 3. ÀÎÁõÈ®ÀÎÀº Çϰí ÀÎÁõ·Î±×ÀÎ ¾ÈÇÑ °æ¿ì
@@ -117,7 +123,8 @@ class adminLoginCert
117
  */
118
  function inStatus()
119
  {
120
- // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
 
121
  if ($this->useLoginCert !== true) return 'unused';
122
 
123
  // 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
@@ -127,6 +134,9 @@ class adminLoginCert
127
  );
128
  $this->setAdminLoginCert($data);
129
  return 'unused';
 
 
 
130
  }
131
 
132
  // 3. ÀÎÁõÈ®ÀÎ ¹× ÀÎÁõ·Î±×ÀÎÇÑ °æ¿ì
@@ -244,7 +254,7 @@ class adminLoginCert
244
 
245
  $_mb['token'] = $_token;
246
 
247
- $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+3 minute', $now))); // À¯È¿±â°£ 3ºÐ
248
  $db->query($query);
249
  }
250
  }
@@ -299,6 +309,7 @@ class adminLoginCert
299
  }
300
 
301
  // ¾÷µ¥ÀÌÆ®
 
302
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
303
  $db->query($query);
304
 
@@ -333,7 +344,7 @@ class adminLoginCert
333
  // üũ
334
  $query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where mb.m_no = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($_aoc['m_no']), $db->_escape($token));
335
  if (($_mb = $db->fetch($query, 1)) !== false) {
336
- // À¯È¿±â°£(3ºÐ) üũ
337
  if ($_mb['expire'] < date('Y-m-d H:i:s')) {
338
  $db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
339
  return '0003';
@@ -346,6 +357,7 @@ class adminLoginCert
346
  }
347
 
348
  // OTP üũ
 
349
  if ($_mb['otp'] == $otp) {
350
  $query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
351
  $db->query($query);
@@ -393,7 +405,7 @@ class adminLoginCert
393
 
394
  $_mb['token'] = $_token;
395
 
396
- $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+3 minute', $now))); // À¯È¿±â°£ 3ºÐ
397
  $db->query($query);
398
  }
399
  }
@@ -429,6 +441,7 @@ class adminLoginCert
429
  }
430
 
431
  // ¾÷µ¥ÀÌÆ®
 
432
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
433
  $db->query($query);
434
 
@@ -463,7 +476,7 @@ class adminLoginCert
463
 
464
  $_mb['token'] = $_token;
465
 
466
- $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+3 minute', $now))); // À¯È¿±â°£ 3ºÐ
467
  $db->query($query);
468
  }
469
  }
@@ -492,6 +505,7 @@ class adminLoginCert
492
  }
493
 
494
  // ¾÷µ¥ÀÌÆ®
 
495
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
496
  $db->query($query);
497
 
@@ -521,7 +535,7 @@ class adminLoginCert
521
  // üũ
522
  $query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where otp.m_id = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($sess['m_id']), $db->_escape($token));
523
  if (($_mb = $db->fetch($query, 1)) !== false) {
524
- // À¯È¿±â°£(3ºÐ) üũ
525
  if ($_mb['expire'] < date('Y-m-d H:i:s')) {
526
  $db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
527
  return '0003';
@@ -534,6 +548,7 @@ class adminLoginCert
534
  }
535
 
536
  // OTP üũ
 
537
  if ($_mb['otp'] == $otp) {
538
  $query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
539
  $db->query($query);
@@ -706,5 +721,38 @@ class adminLoginCert
706
  $AdminLog->runWriteAdminLog();
707
  }
708
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
709
  }
710
  ?>
6
  class adminLoginCert
7
  {
8
  var $useLoginCert;
9
+ var $gd_key = "704e364feaa3bf977bfa62c419f0b1ac";
10
 
11
  function adminLoginCert()
12
  {
13
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
14
+ * // °ü¸®ÀÚº¸¾È ÀÎÁõ¿©ºÎ
15
  $cfgfile = dirname(__FILE__).'/../conf/config.admin_login_cert.php';
16
  if(file_exists($cfgfile)) @include $cfgfile;
17
  if ($admLoginCertCfg['use'] == 'Y') {
19
  }
20
  else {
21
  $this->useLoginCert = false;
22
+ }*/
23
 
24
  // Á¢¼Ó IP üũ
25
  if ($admLoginCertCfg['unCheckGdip'] != 'Y') {
90
  */
91
  function loginStatus()
92
  {
93
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
94
+ * // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
95
  if ($this->useLoginCert !== true) return 'unused';
96
 
97
  // 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
101
  );
102
  $this->setAdminLoginCert($data);
103
  return 'unused';
104
+ }*/
105
+ if ($this->checkGdip() === true) {
106
+ return 'success';
107
  }
108
 
109
  // 3. ÀÎÁõÈ®ÀÎÀº Çϰí ÀÎÁõ·Î±×ÀÎ ¾ÈÇÑ °æ¿ì
123
  */
124
  function inStatus()
125
  {
126
+ /* °ü¸®ÀÚ 2Â÷ÀÎÁõ ·Î±×Àνà ¼³Á¤ »ó°ü¾øÀÌ ¹«Á¶°Ç ³ëÃâ ó¸®
127
+ * // 1. °ü¸®ÀÚº¸¾È ÀÎÁõ »ç¿ë¿©ºÎ
128
  if ($this->useLoginCert !== true) return 'unused';
129
 
130
  // 2. OTP ¼ö½Åó ¸ñ·Ï ¾øÀ¸¸é
134
  );
135
  $this->setAdminLoginCert($data);
136
  return 'unused';
137
+ }*/
138
+ if ($this->checkGdip() === true) {
139
+ return 'success';
140
  }
141
 
142
  // 3. ÀÎÁõÈ®ÀÎ ¹× ÀÎÁõ·Î±×ÀÎÇÑ °æ¿ì
254
 
255
  $_mb['token'] = $_token;
256
 
257
+ $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+5 minute', $now))); // À¯È¿±â°£ 5ºÐ
258
  $db->query($query);
259
  }
260
  }
309
  }
310
 
311
  // ¾÷µ¥ÀÌÆ®
312
+ $authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾Ïȣȭ
313
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
314
  $db->query($query);
315
 
344
  // üũ
345
  $query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where mb.m_no = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($_aoc['m_no']), $db->_escape($token));
346
  if (($_mb = $db->fetch($query, 1)) !== false) {
347
+ // À¯È¿±â°£(5ºÐ) üũ
348
  if ($_mb['expire'] < date('Y-m-d H:i:s')) {
349
  $db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
350
  return '0003';
357
  }
358
 
359
  // OTP üũ
360
+ $_mb['otp'] = $this->MCRYPT_decode($_mb['otp']); // opt ÀÎÁõ¹øÈ£ º¹È£È­
361
  if ($_mb['otp'] == $otp) {
362
  $query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
363
  $db->query($query);
405
 
406
  $_mb['token'] = $_token;
407
 
408
+ $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+5 minute', $now))); // À¯È¿±â°£ 5ºÐ
409
  $db->query($query);
410
  }
411
  }
441
  }
442
 
443
  // ¾÷µ¥ÀÌÆ®
444
+ $authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾Ïȣȭ
445
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
446
  $db->query($query);
447
 
476
 
477
  $_mb['token'] = $_token;
478
 
479
+ $query = sprintf("INSERT INTO ".GD_OTP." SET m_id = '%s', token = '%s', expire = '%s'", $_mb['m_id'], $_mb['token'], date('Y-m-d H:i:s', strtotime('+10 minute', $now))); // À¯È¿±â°£ 10ºÐ
480
  $db->query($query);
481
  }
482
  }
505
  }
506
 
507
  // ¾÷µ¥ÀÌÆ®
508
+ $authNum = $this->MCRYPT_encode($authNum); // opt ÀÎÁõ¹øÈ£ ¾Ïȣȭ
509
  $query = sprintf("update ".GD_OTP." set otp = '%s', auth = 0 where m_id = '%s' AND token = '%s'", $authNum, $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
510
  $db->query($query);
511
 
535
  // üũ
536
  $query = sprintf("select mb.name, mb.m_id, otp.token, otp.otp, otp.expire, otp.auth from ".GD_OTP." as otp inner join ".GD_MEMBER." as mb on otp.m_id = mb.m_id where otp.m_id = '%s' AND otp.token > '' AND otp.token = '%s'", $db->_escape($sess['m_id']), $db->_escape($token));
537
  if (($_mb = $db->fetch($query, 1)) !== false) {
538
+ // À¯È¿±â°£(5ºÐ) üũ
539
  if ($_mb['expire'] < date('Y-m-d H:i:s')) {
540
  $db->query(sprintf("delete from ".GD_OTP." where m_id = '%s'", $db->_escape($_mb['m_id'])));
541
  return '0003';
548
  }
549
 
550
  // OTP üũ
551
+ $_mb['otp'] = $this->MCRYPT_decode($_mb['otp']); // opt ÀÎÁõ¹øÈ£ º¹È£È­
552
  if ($_mb['otp'] == $otp) {
553
  $query = sprintf("update ".GD_OTP." set auth = 1 where m_id = '%s' AND token = '%s'", $db->_escape($_mb['m_id']), $db->_escape($_mb['token']));
554
  $db->query($query);
721
  $AdminLog->runWriteAdminLog();
722
  }
723
  }
724
+
725
+ /****************** ¾Ïȣȭ ½ÃÀÛ ********************/
726
+ function MCRYPT_encode($plain_text) {
727
+ $padSize = 16 - (strlen ($plain_text) % 16) ;
728
+ $plain_text = $plain_text . str_repeat (chr ($padSize), $padSize) ;
729
+ $output = mcrypt_encrypt (MCRYPT_RIJNDAEL_128, $this->gd_key, $plain_text, MCRYPT_MODE_CBC, str_repeat(chr(0),16)) ;
730
+ return base64_encode ($output) ;
731
+ }
732
+ /****************** ¾Ïȣȭ Á¾·á ********************/
733
+
734
+ /************** º¹È£È­ START ****************/
735
+ function MCRYPT_decode($base64_text) {
736
+ $base64_text = base64_decode ($base64_text) ;
737
+ $output = mcrypt_decrypt (MCRYPT_RIJNDAEL_128, $this->gd_key, $base64_text, MCRYPT_MODE_CBC, str_repeat(chr(0),16)) ;
738
+
739
+ $valueLen = strlen ($output) ;
740
+ if ( $valueLen % 16 > 0 )
741
+ $output = "";
742
+
743
+ $padSize = ord ($output{$valueLen - 1}) ;
744
+ if ( ($padSize < 1) or ($padSize > 16) )
745
+ $output = ""; // Check padding.
746
+
747
+ for ($i = 0; $i < $padSize; $i++)
748
+ {
749
+ if ( ord ($output{$valueLen - $i - 1}) != $padSize )
750
+ $output = "";
751
+ }
752
+ $output = substr ($output, 0, $valueLen - $padSize) ;
753
+
754
+ return $output;
755
+ }
756
+ /************** º¹È£È­ END ****************/
757
  }
758
  ?>