164 lines
4.8 KiB
PHP
164 lines
4.8 KiB
PHP
<?
|
|
|
|
include getenv("DOCUMENT_ROOT")."/include/session_include.php";
|
|
|
|
$confirmID = trim($_POST['confirmID']);
|
|
$confirmPW = $_POST['confirmPW'];
|
|
// 추가: $action 변수가 POST로 넘어오지 않을 경우를 대비해 REQUEST로 받습니다.
|
|
$action = $_REQUEST['action'];
|
|
|
|
if($action == "login") {
|
|
|
|
// Google Captcha
|
|
|
|
function post_captcha($user_response) {
|
|
$fields_string = '';
|
|
$fields = array(
|
|
'secret' => '6LelsdAsAAAAALBiK4XNVcAE6sLTNcGPbgvawT8v',
|
|
'response' => $user_response
|
|
);
|
|
$fields_string = http_build_query($fields); // 기존 루프 대신 더 안전한 방식
|
|
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
|
|
curl_setopt($ch, CURLOPT_POST, true);
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
|
|
|
|
$result = curl_exec($ch);
|
|
curl_close($ch);
|
|
|
|
//echo "[$result]";exit;
|
|
|
|
return json_decode($result, true);
|
|
}
|
|
|
|
|
|
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") {
|
|
$res['success'] = true;
|
|
$res['score'] = 1.0; // 로컬은 만점 처리
|
|
} else {
|
|
$res = post_captcha($_POST['g-recaptcha-response']);
|
|
}
|
|
|
|
if (!$res['success'] || (isset($res['score']) && $res['score'] < 0.5)) {
|
|
addLog(
|
|
"add",
|
|
"USER",
|
|
"LOGIN FAILED - CAPTCHA",
|
|
$confirmID,
|
|
"success: " . ($res['success'] ?? 'NULL') .
|
|
", score: " . ($res['score'] ?? 'NULL') .
|
|
", action: " . ($res['action'] ?? 'NULL') .
|
|
", hostname: " . ($res['hostname'] ?? 'NULL') .
|
|
", errors: " . json_encode($res['error-codes'] ?? []) .
|
|
", token_empty: " . (empty($token) ? 'YES' : 'NO') ,
|
|
$lgno
|
|
);
|
|
|
|
$msg = " Verification failed. Please try again shortly.";
|
|
$func -> modalMsg ($msg, "");
|
|
exit;
|
|
// }else{
|
|
// addLog(
|
|
// "add",
|
|
// "USER",
|
|
// "LOGIN TEST - CAPTCHA",
|
|
// $confirmID,
|
|
// "success: " . ($res['success'] ?? 'NULL') .
|
|
// ", score: " . ($res['score'] ?? 'NULL') .
|
|
// ", action: " . ($res['action'] ?? 'NULL') .
|
|
// ", hostname: " . ($res['hostname'] ?? 'NULL') .
|
|
// ", errors: " . json_encode($res['error-codes'] ?? []) .
|
|
// ", token_empty: " . (empty($token) ? 'YES' : 'NO') ,
|
|
// $lgno
|
|
// );
|
|
|
|
}
|
|
// End of Captcha
|
|
|
|
|
|
$query = "select * from tbl_member where m_userid = '$confirmID' ";
|
|
$result = $jdb->fQuery($query, "fetch query error");
|
|
|
|
//if (crypt($result[cypher],$result[salt]) == $confirmPW) {
|
|
// echo "패스워드 확인!";exit;
|
|
//}
|
|
|
|
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1;
|
|
else $rtvalue = password_verify($confirmPW, $result['m_pwd']);
|
|
|
|
//echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]";
|
|
|
|
|
|
if(!$result) {
|
|
addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno);
|
|
$msg = "'$confirmID' is not exist. Try again.";
|
|
//$func -> alertBack($msg);
|
|
$func -> modalMsg ($msg, "");
|
|
exit;
|
|
|
|
}else if ($rtvalue != TRUE) {
|
|
addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno);
|
|
$msg = "Password is incorrect.";
|
|
//$func -> alertBack($msg);
|
|
$func -> modalMsg ($msg, "");
|
|
exit;
|
|
|
|
}else if ($result['m_status'] != "A") {
|
|
addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno);
|
|
$msg = "Please contact Administrator.";
|
|
//$func -> alertBack($msg);
|
|
$func -> modalMsg ($msg, "");
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
if ($rtvalue) {
|
|
addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno);
|
|
|
|
$_SESSION['ss_LOGIN'] = 1;
|
|
$_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002...
|
|
$_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com
|
|
$_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin
|
|
$_SESSION['ss_DRUID'] = $result['m_currentdriver'];
|
|
$_SESSION['ss_DRINITIAL'] = $result['m_currentdriverinitial'];
|
|
|
|
// Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9
|
|
$_SESSION['ss_LEVEL'] = $result['m_level'];
|
|
$_SESSION['ss_GROUP'] = $result['m_gid'];
|
|
|
|
$today = $func -> PgetTime(0,0,4);
|
|
$loginCnt = $result['m_loginnum']+1;
|
|
|
|
$query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' ";
|
|
//mysql_query($query);
|
|
$jdb->nQuery($query, "update error");
|
|
|
|
//echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit;
|
|
|
|
$_SESSION['ss_FLAG'] = 1;
|
|
|
|
if($destination != "") {
|
|
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=$destination&".$tmpStr."'>";
|
|
exit;
|
|
}
|
|
//echo "LOGIN[$_SESSION[ss_FLAG]]";exit;
|
|
|
|
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
|
|
exit;
|
|
}
|
|
|
|
|
|
} else if($action == "logout") {
|
|
addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno);
|
|
|
|
session_destroy();
|
|
|
|
echo"<meta http-equiv='refresh' content='0; url=/login_intranet.php'>";
|
|
exit;
|
|
|
|
}
|
|
|
|
?>
|