From db6f87d013ff2fa1b80a7e23395b59a90509fca1 Mon Sep 17 00:00:00 2001 From: Hyojin Ahn Date: Fri, 1 May 2026 08:01:16 -0400 Subject: [PATCH] =?UTF-8?q?v1.2.9=20-=20[LOGIN]=20reCAPTCHA=20v3=20?= =?UTF-8?q?=EB=A1=9C=20=EC=97=85=EA=B7=B8=EB=A0=88=EC=9D=B4=EB=93=9C.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public_html/lib/login_process.php | 233 +++++++++++++++--------------- public_html/login_intranet.php | 62 +++++--- 2 files changed, 155 insertions(+), 140 deletions(-) diff --git a/public_html/lib/login_process.php b/public_html/lib/login_process.php index 54ba00c..cfd2381 100644 --- a/public_html/lib/login_process.php +++ b/public_html/lib/login_process.php @@ -4,150 +4,143 @@ include getenv("DOCUMENT_ROOT")."/include/session_include.php"; $confirmID = trim($_POST['confirmID']); $confirmPW = $_POST['confirmPW']; +// 추가: $action 변수가 POST로 넘어오지 않을 경우를 대비해 REQUEST로 받습니다. +$action = $_REQUEST['action']; if($action == "login") { - // Google Captcha + // Google Captcha - function post_captcha($user_response) { - $fields_string = ''; - $fields = array( - 'secret' => '6LcrsY0sAAAAADwNiCoXbFPEDFbf0GssVRXeJi1X', - 'response' => $user_response - ); - foreach($fields as $key=>$value) - $fields_string .= $key . '=' . $value . '&'; - $fields_string = rtrim($fields_string, '&'); + function post_captcha($user_response) { + $fields_string = ''; + $fields = array( + 'secret' => '6LelsdAsAAAAALBiK4XNVcAE6sLTNcGPbgvawT8v', + 'response' => $user_response + ); + $fields_string = http_build_query($fields); // 기존 루프 대신 더 안전한 방식 - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); - curl_setopt($ch, CURLOPT_POST, count($fields)); - curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); - $result = curl_exec($ch); - curl_close($ch); - - //echo "[$result]";exit; + $result = curl_exec($ch); + curl_close($ch); - return json_decode($result, true); - } - - - if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") { - $res['success'] = 1; - } - else { - // Call the function post_captcha - $res = post_captcha($_POST['g-recaptcha-response']); - } - - if (!$res['success']) { - // What happens when the CAPTCHA wasn't checked - // echo '

Please go back and make sure you check the security CAPTCHA box.


'; - // echo ""; - // exit; - - addLog ("add", "USER", "LOGIN FAILED - CAPTCHA", $lguserid, $confirmID, $lgno); - - $msg = "

Please go back and make sure you check the security CAPTCHA box.

"; - $func -> modalMsg ($msg, ""); - exit; + //echo "[$result]";exit; - } - // End of Captcha - - - $query = "select * from tbl_member where m_userid = '$confirmID' "; - $result = $jdb->fQuery($query, "fetch query error"); + return json_decode($result, true); + } - //if (crypt($result[cypher],$result[salt]) == $confirmPW) { - // echo "패스워드 확인!";exit; - //} - if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1; - else $rtvalue = password_verify($confirmPW, $result['m_pwd']); + if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") { + $res['success'] = true; + $res['score'] = 1.0; // 로컬은 만점 처리 + } else { + $res = post_captcha($_POST['g-recaptcha-response']); + } + + if (!$res['success'] || (isset($res['score']) && $res['score'] < 0.5)) { + addLog ("add", "USER", "LOGIN FAILED - CAPTCHA (Score: ".$res['score'].")", $lguserid, $confirmID, $lgno); + + $msg = " Verification failed. Please try again shortly."; + $func -> modalMsg ($msg, ""); + exit; + } + // End of Captcha + + + $query = "select * from tbl_member where m_userid = '$confirmID' "; + $result = $jdb->fQuery($query, "fetch query error"); + + //if (crypt($result[cypher],$result[salt]) == $confirmPW) { + // echo "패스워드 확인!";exit; + //} + + if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1; + else $rtvalue = password_verify($confirmPW, $result['m_pwd']); //echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]"; - - if(!$result) { - addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno); - $msg = "'$confirmID' is not exist. Try again."; - //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); - exit; + + if(!$result) { + addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno); + $msg = "'$confirmID' is not exist. Try again."; + //$func -> alertBack($msg); + $func -> modalMsg ($msg, ""); + exit; - }else if ($rtvalue != TRUE) { - addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno); - $msg = "Password is incorrect."; - //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); - exit; + }else if ($rtvalue != TRUE) { + addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno); + $msg = "Password is incorrect."; + //$func -> alertBack($msg); + $func -> modalMsg ($msg, ""); + exit; - }else if ($result['m_status'] != "A") { - addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno); - $msg = "Please contact Administrator."; - //$func -> alertBack($msg); - $func -> modalMsg ($msg, ""); - exit; + }else if ($result['m_status'] != "A") { + addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno); + $msg = "Please contact Administrator."; + //$func -> alertBack($msg); + $func -> modalMsg ($msg, ""); + exit; + + } + + + if ($rtvalue) { + addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno); - } - - - if ($rtvalue) { - addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno); + $_SESSION['ss_LOGIN'] = 1; + $_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002... + $_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com + $_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin + $_SESSION['ss_DRUID'] = $result['m_currentdriver']; + $_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial']; + + // Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9 + $_SESSION['ss_LEVEL'] = $result['m_level']; + $_SESSION['ss_GROUP'] = $result['m_gid']; - $_SESSION['ss_LOGIN'] = 1; - $_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002... - $_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com - $_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin - $_SESSION['ss_DRUID'] = $result['m_currentdriver']; - $_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial']; - - // Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9 - $_SESSION['ss_LEVEL'] = $result['m_level']; - $_SESSION['ss_GROUP'] = $result['m_gid']; + $today = $func -> PgetTime(0,0,4); + $loginCnt = $result['m_loginnum']+1; - $today = $func -> PgetTime(0,0,4); - $loginCnt = $result['m_loginnum']+1; - - $query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' "; - //mysql_query($query); - $jdb->nQuery($query, "update error"); + $query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' "; + //mysql_query($query); + $jdb->nQuery($query, "update error"); - //echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit; + //echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit; - $_SESSION['ss_FLAG'] = 1; + $_SESSION['ss_FLAG'] = 1; - if($destination != "") { - echo""; - exit; - } - //echo "LOGIN[$_SESSION[ss_FLAG]]";exit; + if($destination != "") { + echo""; + exit; + } + //echo "LOGIN[$_SESSION[ss_FLAG]]";exit; - echo""; - exit; - /* - if ($_SESSION['ss_LEVEL'] == 9) { - echo""; - exit; - } - else { - echo""; - exit; - } - */ - } - - + echo""; + exit; + /* + if ($_SESSION['ss_LEVEL'] == 9) { + echo""; + exit; + } + else { + echo""; + exit; + } + */ + } + + } else if($action == "logout") { - addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno); - - session_destroy(); + addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno); + + session_destroy(); - echo""; - exit; + echo""; + exit; } diff --git a/public_html/login_intranet.php b/public_html/login_intranet.php index e4168ef..5f2c849 100644 --- a/public_html/login_intranet.php +++ b/public_html/login_intranet.php @@ -17,9 +17,9 @@ $cfg = $jdb->fQuery("SELECT cfg_app_version FROM tbl_config LIMIT 1", "config er $appVersion = $cfg['cfg_app_version'] ?? ''; if ($_SESSION['ss_LOGIN'] == 1) { - $msg = "You are already logged in. Please proceed to the main page."; - $func -> modalMsg ($msg, "/index_intranet.php"); - exit; + $msg = "You are already logged in. Please proceed to the main page."; + $func -> modalMsg ($msg, "/index_intranet.php"); + exit; } ?> @@ -57,14 +57,9 @@ if ($_SESSION['ss_LOGIN'] == 1) { - + + -