parent
4d70ee6c83
commit
db6f87d013
|
|
@ -4,150 +4,143 @@ include getenv("DOCUMENT_ROOT")."/include/session_include.php";
|
|||
|
||||
$confirmID = trim($_POST['confirmID']);
|
||||
$confirmPW = $_POST['confirmPW'];
|
||||
// 추가: $action 변수가 POST로 넘어오지 않을 경우를 대비해 REQUEST로 받습니다.
|
||||
$action = $_REQUEST['action'];
|
||||
|
||||
if($action == "login") {
|
||||
|
||||
// Google Captcha
|
||||
// Google Captcha
|
||||
|
||||
function post_captcha($user_response) {
|
||||
$fields_string = '';
|
||||
$fields = array(
|
||||
'secret' => '6LcrsY0sAAAAADwNiCoXbFPEDFbf0GssVRXeJi1X',
|
||||
'response' => $user_response
|
||||
);
|
||||
foreach($fields as $key=>$value)
|
||||
$fields_string .= $key . '=' . $value . '&';
|
||||
$fields_string = rtrim($fields_string, '&');
|
||||
function post_captcha($user_response) {
|
||||
$fields_string = '';
|
||||
$fields = array(
|
||||
'secret' => '6LelsdAsAAAAALBiK4XNVcAE6sLTNcGPbgvawT8v',
|
||||
'response' => $user_response
|
||||
);
|
||||
$fields_string = http_build_query($fields); // 기존 루프 대신 더 안전한 방식
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
|
||||
curl_setopt($ch, CURLOPT_POST, count($fields));
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
|
||||
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
|
||||
//echo "[$result]";exit;
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
|
||||
return json_decode($result, true);
|
||||
}
|
||||
|
||||
|
||||
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") {
|
||||
$res['success'] = 1;
|
||||
}
|
||||
else {
|
||||
// Call the function post_captcha
|
||||
$res = post_captcha($_POST['g-recaptcha-response']);
|
||||
}
|
||||
|
||||
if (!$res['success']) {
|
||||
// What happens when the CAPTCHA wasn't checked
|
||||
// echo '<p>Please go back and make sure you check the security CAPTCHA box.</p><br>';
|
||||
// echo "<SCRIPT LANGUAGE=\"JavaScript\">alert('Please go back and make sure you check the security CAPTCHA box.');history.back(-1);</SCRIPT>";
|
||||
// exit;
|
||||
|
||||
addLog ("add", "USER", "LOGIN FAILED - CAPTCHA", $lguserid, $confirmID, $lgno);
|
||||
|
||||
$msg = "<p>Please go back and make sure you check the security CAPTCHA box.</p>";
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
//echo "[$result]";exit;
|
||||
|
||||
}
|
||||
// End of Captcha
|
||||
|
||||
|
||||
$query = "select * from tbl_member where m_userid = '$confirmID' ";
|
||||
$result = $jdb->fQuery($query, "fetch query error");
|
||||
return json_decode($result, true);
|
||||
}
|
||||
|
||||
//if (crypt($result[cypher],$result[salt]) == $confirmPW) {
|
||||
// echo "패스워드 확인!";exit;
|
||||
//}
|
||||
|
||||
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1;
|
||||
else $rtvalue = password_verify($confirmPW, $result['m_pwd']);
|
||||
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") {
|
||||
$res['success'] = true;
|
||||
$res['score'] = 1.0; // 로컬은 만점 처리
|
||||
} else {
|
||||
$res = post_captcha($_POST['g-recaptcha-response']);
|
||||
}
|
||||
|
||||
if (!$res['success'] || (isset($res['score']) && $res['score'] < 0.5)) {
|
||||
addLog ("add", "USER", "LOGIN FAILED - CAPTCHA (Score: ".$res['score'].")", $lguserid, $confirmID, $lgno);
|
||||
|
||||
$msg = " Verification failed. Please try again shortly.";
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
}
|
||||
// End of Captcha
|
||||
|
||||
|
||||
$query = "select * from tbl_member where m_userid = '$confirmID' ";
|
||||
$result = $jdb->fQuery($query, "fetch query error");
|
||||
|
||||
//if (crypt($result[cypher],$result[salt]) == $confirmPW) {
|
||||
// echo "패스워드 확인!";exit;
|
||||
//}
|
||||
|
||||
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1;
|
||||
else $rtvalue = password_verify($confirmPW, $result['m_pwd']);
|
||||
|
||||
//echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]";
|
||||
|
||||
|
||||
if(!$result) {
|
||||
addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno);
|
||||
$msg = "'$confirmID' is not exist. Try again.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
|
||||
if(!$result) {
|
||||
addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno);
|
||||
$msg = "'$confirmID' is not exist. Try again.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
|
||||
}else if ($rtvalue != TRUE) {
|
||||
addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno);
|
||||
$msg = "Password is incorrect.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
}else if ($rtvalue != TRUE) {
|
||||
addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno);
|
||||
$msg = "Password is incorrect.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
|
||||
}else if ($result['m_status'] != "A") {
|
||||
addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno);
|
||||
$msg = "Please contact Administrator.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
}else if ($result['m_status'] != "A") {
|
||||
addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno);
|
||||
$msg = "Please contact Administrator.";
|
||||
//$func -> alertBack($msg);
|
||||
$func -> modalMsg ($msg, "");
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
|
||||
if ($rtvalue) {
|
||||
addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno);
|
||||
|
||||
}
|
||||
|
||||
|
||||
if ($rtvalue) {
|
||||
addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno);
|
||||
$_SESSION['ss_LOGIN'] = 1;
|
||||
$_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002...
|
||||
$_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com
|
||||
$_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin
|
||||
$_SESSION['ss_DRUID'] = $result['m_currentdriver'];
|
||||
$_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial'];
|
||||
|
||||
// Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9
|
||||
$_SESSION['ss_LEVEL'] = $result['m_level'];
|
||||
$_SESSION['ss_GROUP'] = $result['m_gid'];
|
||||
|
||||
$_SESSION['ss_LOGIN'] = 1;
|
||||
$_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002...
|
||||
$_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com
|
||||
$_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin
|
||||
$_SESSION['ss_DRUID'] = $result['m_currentdriver'];
|
||||
$_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial'];
|
||||
|
||||
// Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9
|
||||
$_SESSION['ss_LEVEL'] = $result['m_level'];
|
||||
$_SESSION['ss_GROUP'] = $result['m_gid'];
|
||||
$today = $func -> PgetTime(0,0,4);
|
||||
$loginCnt = $result['m_loginnum']+1;
|
||||
|
||||
$today = $func -> PgetTime(0,0,4);
|
||||
$loginCnt = $result['m_loginnum']+1;
|
||||
|
||||
$query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' ";
|
||||
//mysql_query($query);
|
||||
$jdb->nQuery($query, "update error");
|
||||
$query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' ";
|
||||
//mysql_query($query);
|
||||
$jdb->nQuery($query, "update error");
|
||||
|
||||
//echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit;
|
||||
//echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit;
|
||||
|
||||
$_SESSION['ss_FLAG'] = 1;
|
||||
$_SESSION['ss_FLAG'] = 1;
|
||||
|
||||
if($destination != "") {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=$destination&".$tmpStr."'>";
|
||||
exit;
|
||||
}
|
||||
//echo "LOGIN[$_SESSION[ss_FLAG]]";exit;
|
||||
if($destination != "") {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=$destination&".$tmpStr."'>";
|
||||
exit;
|
||||
}
|
||||
//echo "LOGIN[$_SESSION[ss_FLAG]]";exit;
|
||||
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
|
||||
exit;
|
||||
/*
|
||||
if ($_SESSION['ss_LEVEL'] == 9) {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=map'>";
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
|
||||
exit;
|
||||
/*
|
||||
if ($_SESSION['ss_LEVEL'] == 9) {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=map'>";
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
|
||||
exit;
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
|
||||
} else if($action == "logout") {
|
||||
addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno);
|
||||
|
||||
session_destroy();
|
||||
addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno);
|
||||
|
||||
session_destroy();
|
||||
|
||||
echo"<meta http-equiv='refresh' content='0; url=/login_intranet.php'>";
|
||||
exit;
|
||||
echo"<meta http-equiv='refresh' content='0; url=/login_intranet.php'>";
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@ $cfg = $jdb->fQuery("SELECT cfg_app_version FROM tbl_config LIMIT 1", "config er
|
|||
$appVersion = $cfg['cfg_app_version'] ?? '';
|
||||
|
||||
if ($_SESSION['ss_LOGIN'] == 1) {
|
||||
$msg = "You are already logged in. Please proceed to the main page.";
|
||||
$func -> modalMsg ($msg, "/index_intranet.php");
|
||||
exit;
|
||||
$msg = "You are already logged in. Please proceed to the main page.";
|
||||
$func -> modalMsg ($msg, "/index_intranet.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -57,14 +57,9 @@ if ($_SESSION['ss_LOGIN'] == 1) {
|
|||
|
||||
</head>
|
||||
|
||||
<script src="https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit" async defer></script>
|
||||
<script src="https://www.google.com/recaptcha/api.js?render=6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh"></script>
|
||||
|
||||
|
||||
<script type="text/javascript">
|
||||
var CaptchaCallback = function() {
|
||||
grecaptcha.render('RecaptchaField1', {'sitekey' : '6LcrsY0sAAAAAHOpHP2HTaGYkb8szuaSiSX2KgvS'});
|
||||
grecaptcha.render('RecaptchaField2', {'sitekey' : '6LcrsY0sAAAAAHOpHP2HTaGYkb8szuaSiSX2KgvS'});
|
||||
};
|
||||
</script>
|
||||
|
||||
<style>
|
||||
@media (max-width:575px) {
|
||||
|
|
@ -100,16 +95,19 @@ if ($_SESSION['ss_LOGIN'] == 1) {
|
|||
|
||||
|
||||
<div class="container">
|
||||
<form method="post" role="form" class="form-login" action="/lib/login_process.php" data-aos="fade-up" data-aos-delay="100">
|
||||
<input type=hidden name=action value=login>
|
||||
<input type=hidden name=destination value=<?=$destination?>>
|
||||
<input type=hidden name=mode value=<?=$mode?>>
|
||||
|
||||
<input type="email" class="form-control" name="confirmID" id="email" required placeholder="Your Email" data-msg="Please enter a valid email">
|
||||
|
||||
<input type="password" class="form-control" name="confirmPW" id="password" required placeholder="Password" data-msg="Please enter a password">
|
||||
<label><div class="g-recaptcha" id="RecaptchaField1" required="required" required ></div></label>
|
||||
<div class="text-center"><button class="btn-primary" type="submit">LOGIN</button></div>
|
||||
<form id="login-form" method="post" role="form" class="form-login" action="/lib/login_process.php" data-aos="fade-up" data-aos-delay="100">
|
||||
<input type="hidden" name="action" value="login">
|
||||
<input type="hidden" name="destination" value="<?=$destination?>">
|
||||
<input type="hidden" name="mode" value="<?=$mode?>">
|
||||
|
||||
<input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
|
||||
|
||||
<input type="email" class="form-control" name="confirmID" id="email" required placeholder="Your Email">
|
||||
<input type="password" class="form-control" name="confirmPW" id="password" required placeholder="Password">
|
||||
|
||||
<div class="text-center">
|
||||
<button class="btn-primary" type="button" onclick="runRecaptcha()">LOGIN</button>
|
||||
</div>
|
||||
</form>
|
||||
<div class="text-center mt-3">
|
||||
<small class="text-muted">
|
||||
|
|
@ -163,6 +161,30 @@ if ($_SESSION['ss_LOGIN'] == 1) {
|
|||
<!-- Template Main JS File -->
|
||||
<script src="assets/js/main.js"></script>
|
||||
|
||||
<!-- reChapchat v3. script 새로 추가 -->
|
||||
<script src="https://www.google.com/recaptcha/api.js?render=6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh"></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
function runRecaptcha() {
|
||||
// 1. 폼 요소를 가져옵니다.
|
||||
var form = document.getElementById('login-form');
|
||||
|
||||
// 2. [핵심] 브라우저에게 "비어있는 칸이 있으면 말풍선을 띄워줘!"라고 명령합니다.
|
||||
if (!form.checkValidity()) {
|
||||
form.reportValidity(); // 말풍선.
|
||||
return; // 칸이 비어있으면 여기서 중단합니다.
|
||||
}
|
||||
|
||||
// 3. 모든 칸이 채워졌을 때만 캡차 실행
|
||||
grecaptcha.ready(function() {
|
||||
grecaptcha.execute('6LelsdAsAAAAABezjgy67C3dnEAtEX0oojwdZWeh', {action: 'login'}).then(function(token) {
|
||||
document.getElementById('g-recaptcha-response').value = token;
|
||||
form.submit(); // 검증 완료 후 제출
|
||||
});
|
||||
});
|
||||
}
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
||||
Loading…
Reference in New Issue