diff --git a/public_html/lib/login_process.php b/public_html/lib/login_process.php index 930b8e3..a70c9ae 100644 --- a/public_html/lib/login_process.php +++ b/public_html/lib/login_process.php @@ -4,60 +4,80 @@ include getenv("DOCUMENT_ROOT")."/include/session_include.php"; $confirmID = trim($_POST['confirmID']); $confirmPW = $_POST['confirmPW']; +// 추가: $action 변수가 POST로 넘어오지 않을 경우를 대비해 REQUEST로 받습니다. +$action = $_REQUEST['action']; if($action == "login") { - // Google Captcha + // Google Captcha - function post_captcha($user_response) { - $fields_string = ''; - $fields = array( - 'secret' => '6LcrsY0sAAAAADwNiCoXbFPEDFbf0GssVRXeJi1X', - 'response' => $user_response - ); - foreach($fields as $key=>$value) - $fields_string .= $key . '=' . $value . '&'; - $fields_string = rtrim($fields_string, '&'); + function post_captcha($user_response) { + $fields_string = ''; + $fields = array( + 'secret' => '6LelsdAsAAAAALBiK4XNVcAE6sLTNcGPbgvawT8v', + 'response' => $user_response + ); + $fields_string = http_build_query($fields); // 기존 루프 대신 더 안전한 방식 - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); - curl_setopt($ch, CURLOPT_POST, count($fields)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); - $result = curl_exec($ch); - curl_close($ch); - - //echo "[$result]";exit; + $result = curl_exec($ch); + curl_close($ch); + + //echo "[$result]";exit; + + return json_decode($result, true); + } + + + if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") { + $res['success'] = true; + $res['score'] = 1.0; // 로컬은 만점 처리 + } else { + $res = post_captcha($_POST['g-recaptcha-response']); + } + + if (!$res['success'] || (isset($res['score']) && $res['score'] < 0.5)) { + addLog( + "add", + "USER", + "LOGIN FAILED - CAPTCHA", + $confirmID, + "success: " . ($res['success'] ?? 'NULL') . + ", score: " . ($res['score'] ?? 'NULL') . + ", action: " . ($res['action'] ?? 'NULL') . + ", hostname: " . ($res['hostname'] ?? 'NULL') . + ", errors: " . json_encode($res['error-codes'] ?? []) . + ", token_empty: " . (empty($token) ? 'YES' : 'NO') , + $lgno + ); + + $msg = " Verification failed. Please try again shortly."; + $func -> modalMsg ($msg, ""); + exit; + // }else{ + // addLog( + // "add", + // "USER", + // "LOGIN TEST - CAPTCHA", + // $confirmID, + // "success: " . ($res['success'] ?? 'NULL') . + // ", score: " . ($res['score'] ?? 'NULL') . + // ", action: " . ($res['action'] ?? 'NULL') . + // ", hostname: " . ($res['hostname'] ?? 'NULL') . + // ", errors: " . json_encode($res['error-codes'] ?? []) . + // ", token_empty: " . (empty($token) ? 'YES' : 'NO') , + // $lgno + // ); + + } + // End of Captcha - return json_decode($result, true); - } - - - if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") { - $res['success'] = 1; - } - else { - // Call the function post_captcha - $res = post_captcha($_POST['g-recaptcha-response']); - } - - if (!$res['success']) { - // What happens when the CAPTCHA wasn't checked - // echo '
Please go back and make sure you check the security CAPTCHA box.
Please go back and make sure you check the security CAPTCHA box.
"; - $func -> modalMsg ($msg, ""); - exit; - } - // End of Captcha - - $query = "select * from tbl_member where m_userid = '$confirmID' "; $result = $jdb->fQuery($query, "fetch query error"); @@ -68,87 +88,77 @@ if($action == "login") { if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1; else $rtvalue = password_verify($confirmPW, $result['m_pwd']); -//echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]"; + //echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]"; + - if(!$result) { addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno); $msg = "'$confirmID' is not exist. Try again."; //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); + $func -> modalMsg ($msg, ""); exit; }else if ($rtvalue != TRUE) { addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno); $msg = "Password is incorrect."; //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); + $func -> modalMsg ($msg, ""); exit; }else if ($result['m_status'] != "A") { - addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno); + addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno); $msg = "Please contact Administrator."; //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); + $func -> modalMsg ($msg, ""); exit; - + } - + if ($rtvalue) { - addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno); - - $_SESSION['ss_LOGIN'] = 1; - $_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002... - $_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com - $_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin - $_SESSION['ss_DRUID'] = $result['m_currentdriver']; - $_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial']; - - // Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9 - $_SESSION['ss_LEVEL'] = $result['m_level']; - $_SESSION['ss_GROUP'] = $result['m_gid']; - - $today = $func -> PgetTime(0,0,4); - $loginCnt = $result['m_loginnum']+1; - - $query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' "; - //mysql_query($query); - $jdb->nQuery($query, "update error"); + addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno); - //echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit; + $_SESSION['ss_LOGIN'] = 1; + $_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002... + $_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com + $_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin + $_SESSION['ss_DRUID'] = $result['m_currentdriver']; + $_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial']; - $_SESSION['ss_FLAG'] = 1; + // Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9 + $_SESSION['ss_LEVEL'] = $result['m_level']; + $_SESSION['ss_GROUP'] = $result['m_gid']; - if($destination != "") { - echo""; - exit; - } - //echo "LOGIN[$_SESSION[ss_FLAG]]";exit; + $today = $func -> PgetTime(0,0,4); + $loginCnt = $result['m_loginnum']+1; - echo""; - exit; - /* - if ($_SESSION['ss_LEVEL'] == 9) { - echo""; - exit; - } - else { - echo""; - exit; - } - */ + $query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' "; + //mysql_query($query); + $jdb->nQuery($query, "update error"); + + //echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit; + + $_SESSION['ss_FLAG'] = 1; + + if($destination != "") { + echo""; + exit; + } + //echo "LOGIN[$_SESSION[ss_FLAG]]";exit; + + echo""; + exit; } - - + + } else if($action == "logout") { - addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno); - - session_destroy(); + addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno); - echo""; - exit; + session_destroy(); -} + echo""; + exit; -?> \ No newline at end of file + } + +?> \ No newline at end of file diff --git a/public_html/login_intranet.php b/public_html/login_intranet.php index f1a6ad1..5f2c849 100644 --- a/public_html/login_intranet.php +++ b/public_html/login_intranet.php @@ -17,9 +17,9 @@ $cfg = $jdb->fQuery("SELECT cfg_app_version FROM tbl_config LIMIT 1", "config er $appVersion = $cfg['cfg_app_version'] ?? ''; if ($_SESSION['ss_LOGIN'] == 1) { - $msg = "You are already logged in. Please proceed to the main page."; - $func -> modalMsg ($msg, "/index_intranet.php"); - exit; + $msg = "You are already logged in. Please proceed to the main page."; + $func -> modalMsg ($msg, "/index_intranet.php"); + exit; } ?> @@ -57,14 +57,9 @@ if ($_SESSION['ss_LOGIN'] == 1) { - + + -