hyojin.ahn
/
goiintra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
goiintra/public_html/lib/login_process.php

152 lines
4.6 KiB
PHP
Raw Blame History

<?
include getenv("DOCUMENT_ROOT")."/include/session_include.php";
$confirmID = trim($_POST['confirmID']);
$confirmPW = $_POST['confirmPW'];
$action = $_POST['action'] ?? $_GET['action'] ?? '';
if($action == "login") {
// Google Captcha
function post_captcha($user_response) {
$fields_string = '';
$fields = array(
'secret' => '6LfclnokAAAAAKuGAzPMyfkVw9V9QRQQWUkfkhcJ',
'response' => $user_response
);
foreach($fields as $key=>$value)
$fields_string .= $key . '=' . $value . '&';
$fields_string = rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
$result = curl_exec($ch);
curl_close($ch);
//echo "[$result]";exit;
return json_decode($result, true);
}
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1" || $_SERVER["REMOTE_ADDR"] == "::1") {
$res['success'] = 1;
}
else {
// Call the function post_captcha
$res = post_captcha($_POST['g-recaptcha-response']);
}
if (!$res['success']) {
// What happens when the CAPTCHA wasn't checked
// echo '<p>Please go back and make sure you check the security CAPTCHA box.</p><br>';
// echo "<SCRIPT LANGUAGE=\"JavaScript\">alert('Please go back and make sure you check the security CAPTCHA box.');history.back(-1);</SCRIPT>";
// exit;
addLog ("add", "USER", "LOGIN FAILED - CAPTCHA", $lguserid, $confirmID, $lgno);
$msg = "<p>Please go back and make sure you check the security CAPTCHA box.</p>";
$func -> modalMsg ($msg, "");
exit;
}
// End of Captcha
$query = "select * from tbl_member where m_userid = '$confirmID' ";
$result = $jdb->fQuery($query, "fetch query error");
//if (crypt($result[cypher],$result[salt]) == $confirmPW) {
// echo "패스워드 확인!";exit;
//}
if ($_SERVER["REMOTE_ADDR"] == "127.0.0.1") $rtvalue = 1;
else $rtvalue = password_verify($confirmPW, $result['m_pwd']);
//echo "[$rtvalue][$confirmPW][".$result['m_pwd']."]";
if(!$result) {
addLog ("add", "USER", "LOGIN FAILED - ID", $lguserid, $confirmID, $lgno);
$msg = "'$confirmID' is not exist. Try again.";
//$func -> alertBack($msg);
$func -> modalMsg ($msg, "");
exit;
}else if ($rtvalue != TRUE) {
addLog ("add", "USER", "LOGIN FAILED - PASSWORD", $lguserid, $confirmPW, $lgno);
$msg = "Password is incorrect.";
//$func -> alertBack($msg);
$func -> modalMsg ($msg, "");
exit;
}else if ($result['m_status'] != "A") {
addLog ("add", "USER", "LOGIN FAILED - STATUS", $lguserid, $confirmID, $lgno);
$msg = "Please contact Administrator.";
//$func -> alertBack($msg);
$func -> modalMsg ($msg, "");
exit;
}
if ($rtvalue) {
addLog ("add", "USER", "LOGIN SUCCESS", $confirmID, $query, $lgno);
$_SESSION['ss_LOGIN'] = 1;
$_SESSION['ss_UID'] = $result['m_uid']; // 1000000001,1000000002...
$_SESSION['ss_ID'] = $result['m_userid']; // dustin@ebizple.com
$_SESSION['ss_NAME'] = $result['m_firstname']; // Dustin
// Level : m_level : Admin : 1, Manager : 3, Staff : 5, Accounting : 6, Operator : 7, Driver : 9
$_SESSION['ss_LEVEL'] = $result['m_level'];
$today = $func -> PgetTime(0,0,4);
$loginCnt = $result['m_loginnum']+1;
$query = " update tbl_member set m_logindate = '$today', m_loginnum = '$loginCnt' where m_userid = '$result[m_userid]' ";
//mysql_query($query);
$jdb->nQuery($query, "update error");
//echo "[".$_SESSION[ss_LOGIN]."][".$_SESSION[ss_UID]."][".$_SESSION[ss_ID]."]";exit;
$_SESSION['ss_FLAG'] = 1;
if($destination != "") {
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=$destination&".$tmpStr."'>";
exit;
}
//echo "LOGIN[$_SESSION[ss_FLAG]]";exit;
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
exit;
/*
if ($_SESSION['ss_LEVEL'] == 9) {
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php?view=map'>";
exit;
}
else {
echo"<meta http-equiv='refresh' content='0; url=/index_intranet.php'>";
exit;
}
*/
}
} else if($action == "logout") {
addLog ("add", "USER", "LOGOUT", $lguserid, $query, $lgno);
session_destroy();
echo"<meta http-equiv='refresh' content='0; url=/login_intranet.php'>";
exit;
}
?>
Reference in New Issue View Git Blame Copy Permalink