XpressEngine Core  1.11.2
 All Classes Namespaces Files Functions Variables Pages
member.controller.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) NAVER <http://www.navercorp.com> */
8 class memberController extends member
9 {
16 
22  function init()
23  {
24  }
25 
35  function procMemberLogin($user_id = null, $password = null, $keep_signed = null)
36  {
37  if(!$user_id && !$password && Context::getRequestMethod() == 'GET')
38  {
39  $this->setRedirectUrl(getNotEncodedUrl(''));
40  return new BaseObject(-1, 'null_user_id');
41  }
42 
43  // Variables
44  if(!$user_id) $user_id = Context::get('user_id');
45  $user_id = trim($user_id);
46 
47  if(!$password) $password = Context::get('password');
48  $password = trim($password);
49 
50  if(!$keep_signed) $keep_signed = Context::get('keep_signed');
51  // Return an error when id and password doesn't exist
52  if(!$user_id) return new BaseObject(-1,'null_user_id');
53  if(!$password) return new BaseObject(-1,'null_password');
54 
55  $output = $this->doLogin($user_id, $password, $keep_signed=='Y'?true:false);
56  if (!$output->toBool()) return $output;
57 
58  $oModuleModel = getModel('module');
59  $config = $oModuleModel->getModuleConfig('member');
60 
61  // Check change_password_date
62  $limit_date = $config->change_password_date;
63 
64  // Check if change_password_date is set
65  if($limit_date > 0)
66  {
67  $oMemberModel = getModel('member');
68  if($this->memberInfo->change_password_date < date ('YmdHis', strtotime ('-' . $limit_date . ' day')))
69  {
70  $msg = sprintf(Context::getLang('msg_change_password_date'), $limit_date);
71  return $this->setRedirectUrl(getNotEncodedUrl('','vid',Context::get('vid'),'mid',Context::get('mid'),'act','dispMemberModifyPassword'), new BaseObject(-1, $msg));
72  }
73  }
74 
75  // Delete all previous authmail if login is successful
76  $args = new stdClass();
77  $args->member_srl = $this->memberInfo->member_srl;
78  executeQuery('member.deleteAuthMail', $args);
79 
80  if(!$config->after_login_url)
81  {
82  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
83  }
84  else
85  {
86  $returnUrl = $config->after_login_url;
87  }
88  return $this->setRedirectUrl($returnUrl, $output);
89  }
90 
96  function procMemberLogout()
97  {
98  // Call a trigger before log-out (before)
99  $logged_info = Context::get('logged_info');
100  $trigger_output = ModuleHandler::triggerCall('member.doLogout', 'before', $logged_info);
101  if(!$trigger_output->toBool()) return $trigger_output;
102  // Destroy session information
103  $this->destroySessionInfo();
104  // Call a trigger after log-out (after)
105  $trigger_output = ModuleHandler::triggerCall('member.doLogout', 'after', $logged_info);
106  if(!$trigger_output->toBool()) return $trigger_output;
107 
108  $output = new BaseObject();
109 
110  $oModuleModel = getModel('module');
111  $config = $oModuleModel->getModuleConfig('member');
112  if($config->after_logout_url)
113  $output->redirect_url = $config->after_logout_url;
114 
115  $this->_clearMemberCache($logged_info->member_srl);
116 
117  return $output;
118  }
119 
126  {
127  $oModuleModel = &getModel('module');
128 
129  // Check login information
130  if(!Context::get('is_logged')) return new BaseObject(-1, 'msg_not_logged');
131  $logged_info = Context::get('logged_info');
132 
133  $document_srl = (int)Context::get('document_srl');
134  if(!$document_srl) $document_srl = (int)Context::get('target_srl');
135  if(!$document_srl) return new BaseObject(-1,'msg_invalid_request');
136 
137  // Get document
138  $oDocumentModel = getModel('document');
139  $oDocument = $oDocumentModel->getDocument($document_srl);
140 
141  if($oDocument->isSecret() && !$oDocument->isGranted())
142  {
143  return new BaseObject(-1, 'msg_is_secret');
144  }
145 
146  // 모듈 권한 확인
147  $module_info = $oModuleModel->getModuleInfoByModuleSrl($oDocument->get('module_srl'));
148  $grant = $oModuleModel->getGrant($module_info, $logged_info);
149 
150  if(!$grant->access)
151  {
152  return new BaseObject(-1, 'msg_not_permitted');
153  }
154 
155  // 게시판 모듈에서 글 목록 보기 권한이 없으면 스크랩 제한
156  if($module_info->module === 'board' && isset($grant->list) && !$grant->list)
157  {
158  return new BaseObject(-1, 'msg_not_permitted');
159  }
160 
161  // 게시판 모듈에서 상담 기능 사용 시 권한이 없는 게시물(타인의 게시물) 스크랩 제한
162  if($module_info->module === 'board' &&
163  $module_info->consultation === 'Y' &&
164  isset($grant->consultation_read) &&
165  !$grant->consultation_read && !$oDocument->isGranted()
166  )
167  {
168  return new BaseObject(-1, 'msg_not_permitted');
169  }
170 
171  // Variables
172  $args = new stdClass();
173  $args->document_srl = $document_srl;
174  $args->member_srl = $logged_info->member_srl;
175  $args->user_id = $oDocument->get('user_id');
176  $args->user_name = $oDocument->get('user_name');
177  $args->nick_name = $oDocument->get('nick_name');
178  $args->target_member_srl = $oDocument->get('member_srl');
179  $args->title = $oDocument->get('title');
180 
181  // Check if already scrapped
182  $output = executeQuery('member.getScrapDocument', $args);
183  if($output->data->count) return new BaseObject(-1, 'msg_alreay_scrapped');
184 
185  // Insert
186  $output = executeQuery('member.addScrapDocument', $args);
187  if(!$output->toBool()) return $output;
188 
189  $this->setError(-1);
190  $this->setMessage('success_registed');
191  }
192 
199  {
200  // Check login information
201  if(!Context::get('is_logged')) return new BaseObject(-1, 'msg_not_logged');
202  $logged_info = Context::get('logged_info');
203 
204  $document_srl = (int)Context::get('document_srl');
205  if(!$document_srl) return new BaseObject(-1,'msg_invalid_request');
206  // Variables
207  $args = new stdClass;
208  $args->member_srl = $logged_info->member_srl;
209  $args->document_srl = $document_srl;
210  return executeQuery('member.deleteScrapDocument', $args);
211  }
212 
219  {
220  return new BaseObject(0, 'Deprecated method');
221  }
222 
229  {
230  // Check login information
231  if(!Context::get('is_logged')) return new BaseObject(-1, 'msg_not_logged');
232  $logged_info = Context::get('logged_info');
233 
234  $document_srl = (int)Context::get('document_srl');
235  if(!$document_srl) return new BaseObject(-1,'msg_invalid_request');
236 
237  $oDocumentModel = getModel('document');
238  $oDocument = $oDocumentModel->getDocument($document_srl);
239  if ($oDocument->get('member_srl') != $logged_info->member_srl)
240  {
241  return new BaseObject(-1,'msg_invalid_request');
242  }
243 
244  $configStatusList = $oDocumentModel->getStatusList();
245  if ($oDocument->get('status') != $configStatusList['temp'])
246  {
247  return new BaseObject(-1,'msg_invalid_request');
248  }
249 
250  $oDocumentController = getController('document');
251  $oDocumentController->deleteDocument($document_srl);
252  }
253 
260  {
261  $name = Context::get('name');
262  $value = Context::get('value');
263  if(!$value) return;
264 
265  $oMemberModel = getModel('member');
266  // Check if logged-in
267  $logged_info = Context::get('logged_info');
268 
269 
270  switch($name)
271  {
272  case 'user_id' :
273  // Check denied ID
274  if($oMemberModel->isDeniedID($value)) return new BaseObject(0,'denied_user_id');
275  // Check if duplicated
276  $member_srl = $oMemberModel->getMemberSrlByUserID($value);
277  if($member_srl && $logged_info->member_srl != $member_srl ) return new BaseObject(0,'msg_exists_user_id');
278  break;
279  case 'nick_name' :
280  // Check denied ID
281  if($oMemberModel->isDeniedNickName($value))
282  {
283  return new BaseObject(0,'denied_nick_name');
284  }
285  // Check if duplicated
286  $member_srl = $oMemberModel->getMemberSrlByNickName($value);
287  if($member_srl && $logged_info->member_srl != $member_srl ) return new BaseObject(0,'msg_exists_nick_name');
288 
289  break;
290  case 'email_address' :
291  // Check if duplicated
292  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($value);
293  if($member_srl && $logged_info->member_srl != $member_srl ) return new BaseObject(0,'msg_exists_email_address');
294  break;
295  }
296  }
297 
303  function procMemberInsert()
304  {
305  if (Context::getRequestMethod () == "GET") return new BaseObject(-1, "msg_invalid_request");
306  $oMemberModel = &getModel ('member');
307  $config = $oMemberModel->getMemberConfig();
308 
309  // call a trigger (before)
310  $trigger_output = ModuleHandler::triggerCall ('member.procMemberInsert', 'before', $config);
311  if(!$trigger_output->toBool ()) return $trigger_output;
312  // Check if an administrator allows a membership
313  if($config->enable_join != 'Y') return $this->stop ('msg_signup_disabled');
314  // Check if the user accept the license terms (only if terms exist)
315  if($config->agreement && Context::get('accept_agreement')!='Y') return $this->stop('msg_accept_agreement');
316 
317  // Extract the necessary information in advance
318  $getVars = array();
319  if($config->signupForm)
320  {
321  foreach($config->signupForm as $formInfo)
322  {
323  if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired))
324  {
325  $getVars[] = $formInfo->name;
326  }
327  }
328  }
329 
330  $args = new stdClass;
331  foreach($getVars as $val)
332  {
333  $args->{$val} = Context::get($val);
334  if($val == 'birthday') $args->birthday_ui = Context::get('birthday_ui');
335  }
336  $args->birthday = intval(strtr($args->birthday, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
337  if(!$args->birthday && $args->birthday_ui) $args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
338 
339  $args->find_account_answer = Context::get('find_account_answer');
340  $args->allow_mailing = Context::get('allow_mailing');
341  $args->allow_message = Context::get('allow_message');
342 
343  if($args->password1) $args->password = $args->password1;
344 
345  // check password strength
346  if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
347  {
348  $message = Context::getLang('about_password_strength');
349  return new BaseObject(-1, $message[$config->password_strength]);
350  }
351 
352  // Remove some unnecessary variables from all the vars
353  $all_args = Context::getRequestVars();
354  unset($all_args->module);
355  unset($all_args->act);
356  unset($all_args->is_admin);
357  unset($all_args->member_srl);
358  unset($all_args->description);
359  unset($all_args->group_srl_list);
360  unset($all_args->body);
361  unset($all_args->accept_agreement);
362  unset($all_args->signature);
363  unset($all_args->password);
364  unset($all_args->password2);
365  unset($all_args->mid);
366  unset($all_args->error_return_url);
367  unset($all_args->ruleset);
368  unset($all_args->captchaType);
369  unset($all_args->secret_text);
370 
371  // Set the user state as "denied" when using mail authentication
372  if($config->enable_confirm == 'Y') $args->denied = 'Y';
373  // Add extra vars after excluding necessary information from all the requested arguments
374  $extra_vars = delObjectVars($all_args, $args);
375  $args->extra_vars = serialize($extra_vars);
376 
377  // remove whitespace
378  $checkInfos = array('user_id', 'user_name', 'nick_name', 'email_address');
379  foreach($checkInfos as $val)
380  {
381  if(isset($args->{$val}))
382  {
383  $args->{$val} = preg_replace('/[\pZ\pC]+/u', '', html_entity_decode($args->{$val}));
384  }
385  }
386  $output = $this->insertMember($args);
387  if(!$output->toBool()) return $output;
388 
389  // insert ProfileImage, ImageName, ImageMark
390  $profile_image = Context::get('profile_image');
391  if(is_uploaded_file($profile_image['tmp_name']))
392  {
393  $this->insertProfileImage($args->member_srl, $profile_image['tmp_name']);
394  }
395 
396  $image_mark = Context::get('image_mark');
397  if(is_uploaded_file($image_mark['tmp_name']))
398  {
399  $this->insertImageMark($args->member_srl, $image_mark['tmp_name']);
400  }
401 
402  $image_name = Context::get('image_name');
403  if(is_uploaded_file($image_name['tmp_name']))
404  {
405  $this->insertImageName($args->member_srl, $image_name['tmp_name']);
406  }
407 
408  // If a virtual site, join the site
409  $site_module_info = Context::get('site_module_info');
410  if($site_module_info->site_srl > 0)
411  {
412  $columnList = array('site_srl', 'group_srl');
413  $default_group = $oMemberModel->getDefaultGroup($site_module_info->site_srl, $columnList);
414  if($default_group->group_srl)
415  {
416  $this->addMemberToGroup($args->member_srl, $default_group->group_srl, $site_module_info->site_srl);
417  }
418 
419  }
420  // Log-in
421  if($config->enable_confirm != 'Y')
422  {
423  if($config->identifier == 'email_address')
424  {
425  $output = $this->doLogin($args->email_address);
426  }
427  else
428  {
429  $output = $this->doLogin($args->user_id);
430  }
431  if(!$output->toBool()) {
432  if($output->error == -9)
433  $output->error = -11;
434  return $this->setRedirectUrl(getUrl('', 'act', 'dispMemberLoginForm'), $output);
435  }
436  }
437 
438  // Results
439  $this->add('member_srl', $args->member_srl);
440  if($config->redirect_url) $this->add('redirect_url', $config->redirect_url);
441  if($config->enable_confirm == 'Y')
442  {
443  $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $args->email_address);
444  $this->setMessage($msg);
445  return $this->setRedirectUrl(getUrl('', 'act', 'dispMemberLoginForm'), new BaseObject(-12, $msg));
446  }
447  else $this->setMessage('success_registed');
448  // Call a trigger (after)
449  $trigger_output = ModuleHandler::triggerCall('member.procMemberInsert', 'after', $config);
450  if(!$trigger_output->toBool()) return $trigger_output;
451 
452  if($config->redirect_url)
453  {
454  $returnUrl = $config->redirect_url;
455  }
456  else
457  {
458  if(Context::get('success_return_url'))
459  {
460  $returnUrl = Context::get('success_return_url');
461  }
462  else if($_COOKIE['XE_REDIRECT_URL'])
463  {
464  $returnUrl = $_COOKIE['XE_REDIRECT_URL'];
465  setcookie("XE_REDIRECT_URL", '', 1);
466  }
467  }
468 
469  $this->_clearMemberCache($args->member_srl, $site_module_info->site_srl);
470 
471  $this->setRedirectUrl($returnUrl);
472  }
473 
475  {
476  if($_SESSION['rechecked_password_step'] != 'INPUT_PASSWORD')
477  {
478  return $this->stop('msg_invalid_request');
479  }
480 
481  if(!Context::get('is_logged'))
482  {
483  return $this->stop('msg_not_logged');
484  }
485 
486  $password = Context::get('password');
487 
488  if(!$password)
489  {
490  return $this->stop('msg_invalid_request');
491  }
492 
493  $oMemberModel = getModel('member');
494 
495  if(!$this->memberInfo->password)
496  {
497  // Get information of logged-in user
498  $logged_info = Context::get('logged_info');
499  $member_srl = $logged_info->member_srl;
500 
501  $columnList = array('member_srl', 'password');
502  $memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
503  $this->memberInfo->password = $memberInfo->password;
504  }
505  // Verify the current password
506  if(!$oMemberModel->isValidPassword($this->memberInfo->password, $password))
507  {
508  return new BaseObject(-1, 'invalid_password');
509  }
510 
511  $_SESSION['rechecked_password_step'] = 'VALIDATE_PASSWORD';
512 
513  if(Context::get('success_return_url'))
514  {
515  $redirectUrl = Context::get('success_return_url');
516  }
517  else
518  {
519  $redirectUrl = getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberModifyInfo');
520  }
521  $this->setRedirectUrl($redirectUrl);
522  }
523 
530  {
531  if(!Context::get('is_logged'))
532  {
533  return $this->stop('msg_not_logged');
534  }
535 
536  if($_SESSION['rechecked_password_step'] != 'INPUT_DATA')
537  {
538  return $this->stop('msg_invalid_request');
539  }
540  unset($_SESSION['rechecked_password_step']);
541 
542  // Extract the necessary information in advance
543  $oMemberModel = getModel('member');
544  $config = $oMemberModel->getMemberConfig ();
545  $getVars = array('find_account_answer','allow_mailing','allow_message');
546  if($config->signupForm)
547  {
548  foreach($config->signupForm as $formInfo)
549  {
550  if($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired))
551  {
552  $getVars[] = $formInfo->name;
553  }
554  }
555  }
556 
557  $args = new stdClass;
558  foreach($getVars as $val)
559  {
560  $args->{$val} = Context::get($val);
561  if($val == 'birthday') $args->birthday_ui = Context::get('birthday_ui');
562  if($val == 'find_account_answer' && !Context::get($val)) {
563  unset($args->{$val});
564  }
565  }
566 
567  // Login Information
568  $logged_info = Context::get('logged_info');
569  $args->member_srl = $logged_info->member_srl;
570  $args->birthday = intval(strtr($args->birthday, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
571  if(!$args->birthday && $args->birthday_ui) $args->birthday = intval(strtr($args->birthday_ui, array('-'=>'', '/'=>'', '.'=>'', ' '=>'')));
572 
573  // Remove some unnecessary variables from all the vars
574  $all_args = Context::getRequestVars();
575  unset($all_args->module);
576  unset($all_args->act);
577  unset($all_args->member_srl);
578  unset($all_args->is_admin);
579  unset($all_args->description);
580  unset($all_args->group_srl_list);
581  unset($all_args->body);
582  unset($all_args->accept_agreement);
583  unset($all_args->signature);
584  unset($all_args->_filter);
585  unset($all_args->mid);
586  unset($all_args->error_return_url);
587  unset($all_args->ruleset);
588  unset($all_args->password);
589 
590  // Add extra vars after excluding necessary information from all the requested arguments
591  $extra_vars = delObjectVars($all_args, $args);
592  $args->extra_vars = serialize($extra_vars);
593 
594  // remove whitespace
595  $checkInfos = array('user_id', 'user_name', 'nick_name', 'email_address');
596  foreach($checkInfos as $val)
597  {
598  if(isset($args->{$val}))
599  {
600  $args->{$val} = preg_replace('/[\pZ\pC]+/u', '', html_entity_decode($args->{$val}));
601  }
602  }
603 
604  // Execute insert or update depending on the value of member_srl
605  $output = $this->updateMember($args);
606  if(!$output->toBool()) return $output;
607 
608  $profile_image = Context::get('profile_image');
609  if(is_uploaded_file($profile_image['tmp_name']))
610  {
611  $this->insertProfileImage($args->member_srl, $profile_image['tmp_name']);
612  }
613 
614  $image_mark = Context::get('image_mark');
615  if(is_uploaded_file($image_mark['tmp_name']))
616  {
617  $this->insertImageMark($args->member_srl, $image_mark['tmp_name']);
618  }
619 
620  $image_name = Context::get('image_name');
621  if(is_uploaded_file($image_name['tmp_name']))
622  {
623  $this->insertImageName($args->member_srl, $image_name['tmp_name']);
624  }
625 
626  // Save Signature
627  $signature = Context::get('signature');
628  $this->putSignature($args->member_srl, $signature);
629 
630  // Get user_id information
631  $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
632 
633 
634  // Call a trigger after successfully log-in (after)
635  $trigger_output = ModuleHandler::triggerCall('member.procMemberModifyInfo', 'after', $this->memberInfo);
636  if(!$trigger_output->toBool()) return $trigger_output;
637 
638  $this->setSessionInfo();
639  // Return result
640  $this->add('member_srl', $args->member_srl);
641  $this->setMessage('success_updated');
642 
643  $site_module_info = Context::get('site_module_info');
644  $this->_clearMemberCache($args->member_srl, $site_module_info->site_srl);
645 
646  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberInfo');
647  $this->setRedirectUrl($returnUrl);
648  }
649 
656  {
657  if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
658  // Extract the necessary information in advance
659  $current_password = trim(Context::get('current_password'));
660  $password = trim(Context::get('password1'));
661  // Get information of logged-in user
662  $logged_info = Context::get('logged_info');
663  $member_srl = $logged_info->member_srl;
664  // Create a member model object
665  $oMemberModel = getModel('member');
666  // Get information of member_srl
667  $columnList = array('member_srl', 'password');
668 
669  $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
670  // Verify the cuttent password
671  if(!$oMemberModel->isValidPassword($member_info->password, $current_password, $member_srl)) return new BaseObject(-1, 'invalid_password');
672 
673  // Check if a new password is as same as the previous password
674  if($current_password == $password) return new BaseObject(-1, 'invalid_new_password');
675 
676  // Execute insert or update depending on the value of member_srl
677  $args = new stdClass;
678  $args->member_srl = $member_srl;
679  $args->password = $password;
680  $output = $this->updateMemberPassword($args);
681  if(!$output->toBool()) return $output;
682 
683  $this->add('member_srl', $args->member_srl);
684  $this->setMessage('success_updated');
685 
686  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberInfo');
687  $this->setRedirectUrl($returnUrl);
688  }
689 
695  function procMemberLeave()
696  {
697  if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
698  // Extract the necessary information in advance
699  $password = trim(Context::get('password'));
700  // Get information of logged-in user
701  $logged_info = Context::get('logged_info');
702  $member_srl = $logged_info->member_srl;
703  // Create a member model object
704  $oMemberModel = getModel('member');
705  // Get information of member_srl
706  if(!$this->memberInfo->password)
707  {
708  $columnList = array('member_srl', 'password');
709  $memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
710  $this->memberInfo->password = $memberInfo->password;
711  }
712  // Verify the cuttent password
713  if(!$oMemberModel->isValidPassword($this->memberInfo->password, $password)) return new BaseObject(-1, 'invalid_password');
714 
715  $output = $this->deleteMember($member_srl);
716  if(!$output->toBool()) return $output;
717  // Destroy all session information
718  $this->destroySessionInfo();
719  // Return success message
720  $this->setMessage('success_leaved');
721 
722  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
723  $this->setRedirectUrl($returnUrl);
724  }
725 
732  {
733  // Check if the file is successfully uploaded
734  $file = Context::get('profile_image');
735  if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_profile_image');
736  // Ignore if member_srl is invalid or doesn't exist.
737  $member_srl = Context::get('member_srl');
738  if(!$member_srl) return $this->stop('msg_not_uploaded_profile_image');
739 
740  $logged_info = Context::get('logged_info');
741  if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_profile_image');
742  // Return if member module is set not to use an image name or the user is not an administrator ;
743  $oMemberModel = getModel('member');
744  $config = $oMemberModel->getMemberConfig();
745  if($logged_info->is_admin != 'Y' && $config->profile_image != 'Y') return $this->stop('msg_not_uploaded_profile_image');
746 
747  $output = $this->insertProfileImage($member_srl, $file['tmp_name']);
748  if(!$output->toBool()) return $output;
749 
750  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberModifyInfo');
751  $this->setRedirectUrl($returnUrl);
752  }
753 
762  function insertProfileImage($member_srl, $target_file)
763  {
764  $oMemberModel = getModel('member');
765  $config = $oMemberModel->getMemberConfig();
766  $max_width = $config->profile_image_max_width;
767  $max_height = $config->profile_image_max_height;
768  $max_filesize = $config->profile_image_max_filesize;
769  foreach($config->signupForm as $val)
770  {
771  if($val->name == "profile_image")
772  $allow_transparent = $val->allow_transparent_thumbnail == 'Y';
773  }
774 
775  Context::loadLang(_XE_PATH_ . 'modules/file/lang');
776 
777  // Get file information
778  FileHandler::clearStatCache($target_file);
779  list($width, $height, $type) = @getimagesize($target_file);
780  if(IMAGETYPE_PNG == $type) $ext = 'png';
781  elseif(IMAGETYPE_JPEG == $type) $ext = 'jpg';
782  elseif(IMAGETYPE_GIF == $type) $ext = 'gif';
783  else
784  {
785  return $this->stop('msg_not_uploaded_profile_image');
786  }
787 
788  $target_path = sprintf('files/member_extra_info/profile_image/%s', getNumberingPath($member_srl));
789  FileHandler::makeDir($target_path);
790 
791  $target_filename = sprintf('%s%d.%s', $target_path, $member_srl, $ext);
792 
793  // Convert if the image size is larger than a given size or if the format is not a gif
794  if(($width > $max_width || $height > $max_height ) && $type != 1)
795  {
796  $temp_filename = sprintf('files/cache/tmp/profile_image_%d.%s', $member_srl, $ext);
797  FileHandler::createImageFile($target_file, $temp_filename, $max_width, $max_height, $ext, 'crop', $allow_transparent);
798 
799  // 파일 용량 제한
800  FileHandler::clearStatCache($temp_filename);
801  $filesize = filesize($temp_filename);
802  if($max_filesize && $filesize > ($max_filesize * 1024))
803  {
804  FileHandler::removeFile($temp_filename);
805  return $this->stop(implode(' ' , array(
806  Context::getLang('msg_not_uploaded_profile_image'),
807  Context::getLang('msg_exceeds_limit_size')
808  )));
809  }
810 
811  FileHandler::removeFilesInDir($target_path);
812  FileHandler::moveFile($temp_filename, $target_filename);
813  FileHandler::clearStatCache($target_filename);
814  }
815  else
816  {
817  // 파일 용량 제한
818  $filesize = filesize($target_file);
819  if($max_filesize && $filesize > ($max_filesize * 1024))
820  {
821  return $this->stop(implode(' ' , array(
822  Context::getLang('msg_not_uploaded_profile_image'),
823  Context::getLang('msg_exceeds_limit_size')
824  )));
825  }
826 
827  FileHandler::removeFilesInDir($target_path);
828  @copy($target_file, $target_filename);
829  FileHandler::clearStatCache($target_filename);
830  }
831 
832  return new BaseObject(0, 'success');
833  }
834 
841  {
842  // Check if the file is successfully uploaded
843  $file = Context::get('image_name');
844  if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_image_name');
845  // Ignore if member_srl is invalid or doesn't exist.
846  $member_srl = Context::get('member_srl');
847  if(!$member_srl) return $this->stop('msg_not_uploaded_image_name');
848 
849  $logged_info = Context::get('logged_info');
850  if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_image_name');
851  // Return if member module is set not to use an image name or the user is not an administrator ;
852  $oMemberModel = getModel('member');
853  $config = $oMemberModel->getMemberConfig();
854  if($logged_info->is_admin != 'Y' && $config->image_name != 'Y') return $this->stop('msg_not_uploaded_image_name');
855 
856  $output = $this->insertImageName($member_srl, $file['tmp_name']);
857  if(!$output->toBool()) return $output;
858 
859  // Page refresh
860  //$this->setRefreshPage();
861 
862  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberModifyInfo');
863  $this->setRedirectUrl($returnUrl);
864  }
865 
874  function insertImageName($member_srl, $target_file)
875  {
876  $oMemberModel = getModel('member');
877  $config = $oMemberModel->getMemberConfig();
878  $max_width = $config->image_name_max_width;
879  $max_height = $config->image_name_max_height;
880  $max_filesize = $config->image_name_max_filesize;
881 
882  Context::loadLang(_XE_PATH_ . 'modules/file/lang');
883 
884  // Get a target path to save
885  $target_path = sprintf('files/member_extra_info/image_name/%s/', getNumberingPath($member_srl));
886  FileHandler::makeDir($target_path);
887 
888  $target_filename = sprintf('%s%d.gif', $target_path, $member_srl);
889  // Get file information
890  list($width, $height, $type) = @getimagesize($target_file);
891  // Convert if the image size is larger than a given size or if the format is not a gif
892  if($width > $max_width || $height > $max_height || $type!=1)
893  {
894  $temp_filename = sprintf('files/cache/tmp/image_name_%d.gif', $member_srl, $ext);
895  FileHandler::createImageFile($target_file, $temp_filename, $max_width, $max_height, 'gif');
896 
897  // 파일 용량 제한
898  FileHandler::clearStatCache($temp_filename);
899  $filesize = filesize($temp_filename);
900  if($max_filesize && $filesize > ($max_filesize * 1024))
901  {
902  FileHandler::removeFile($temp_filename);
903  return $this->stop(implode(' ' , array(
904  Context::getLang('msg_not_uploaded_image_name'),
905  Context::getLang('msg_exceeds_limit_size')
906  )));
907  }
908 
909  FileHandler::removeFilesInDir($target_path);
910  FileHandler::moveFile($temp_filename, $target_filename);
911  FileHandler::clearStatCache($target_filename);
912  }
913  else
914  {
915  // 파일 용량 제한
916  $filesize = filesize($target_file);
917  if($max_filesize && $filesize > ($max_filesize * 1024))
918  {
919  return $this->stop(implode(' ' , array(
920  Context::getLang('msg_not_uploaded_image_name'),
921  Context::getLang('msg_exceeds_limit_size')
922  )));
923  }
924 
925  FileHandler::removeFilesInDir($target_path);
926  @copy($target_file, $target_filename);
927  FileHandler::clearStatCache($target_filename);
928  }
929 
930  return new BaseObject(0, 'success');
931  }
932 
938  function procMemberDeleteProfileImage($_memberSrl = 0)
939  {
940  $member_srl = ($_memberSrl) ? $_memberSrl : Context::get('member_srl');
941  if(!$member_srl)
942  {
943  return new BaseObject(0,'success');
944  }
945 
946  $logged_info = Context::get('logged_info');
947 
948  if($logged_info && ($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl))
949  {
950  $oMemberModel = getModel('member');
951  $profile_image = $oMemberModel->getProfileImage($member_srl);
952  FileHandler::removeFile($profile_image->file);
953  }
954  return new BaseObject(0,'success');
955  }
956 
962  function procMemberDeleteImageName($_memberSrl = 0)
963  {
964  $member_srl = ($_memberSrl) ? $_memberSrl : Context::get('member_srl');
965  if(!$member_srl)
966  {
967  return new BaseObject(0,'success');
968  }
969 
970  $logged_info = Context::get('logged_info');
971 
972  if($logged_info && ($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl))
973  {
974  $oMemberModel = getModel('member');
975  $image_name = $oMemberModel->getImageName($member_srl);
976  FileHandler::removeFile($image_name->file);
977  }
978  return new BaseObject(0,'success');
979  }
980 
987  {
988  // Check if the file is successfully uploaded
989  $file = Context::get('image_mark');
990  if(!is_uploaded_file($file['tmp_name'])) return $this->stop('msg_not_uploaded_image_mark');
991  // Ignore if member_srl is invalid or doesn't exist.
992  $member_srl = Context::get('member_srl');
993  if(!$member_srl) return $this->stop('msg_not_uploaded_image_mark');
994 
995  $logged_info = Context::get('logged_info');
996  if($logged_info->is_admin != 'Y' && $logged_info->member_srl != $member_srl) return $this->stop('msg_not_uploaded_image_mark');
997  // Membership in the images mark the module using the ban was set by an administrator or return;
998  $oMemberModel = getModel('member');
999  $config = $oMemberModel->getMemberConfig();
1000  if($logged_info->is_admin != 'Y' && $config->image_mark != 'Y') return $this->stop('msg_not_uploaded_image_mark');
1001 
1002  $this->insertImageMark($member_srl, $file['tmp_name']);
1003  if(!$output->toBool()) return $output;
1004 
1005  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberModifyInfo');
1006  $this->setRedirectUrl($returnUrl);
1007  }
1008 
1017  function insertImageMark($member_srl, $target_file)
1018  {
1019  $oMemberModel = getModel('member');
1020  $config = $oMemberModel->getMemberConfig();
1021  $max_width = $config->image_mark_max_width;
1022  $max_height = $config->image_mark_max_height;
1023  $max_filesize = $config->image_mark_max_filesize;
1024 
1025  Context::loadLang(_XE_PATH_ . 'modules/file/lang');
1026 
1027  $target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($member_srl));
1028  FileHandler::makeDir($target_path);
1029 
1030  $target_filename = sprintf('%s%d.gif', $target_path, $member_srl);
1031  // Get file information
1032  list($width, $height, $type, $attrs) = @getimagesize($target_file);
1033 
1034  if($width > $max_width || $height > $max_height || $type!=1)
1035  {
1036  $temp_filename = sprintf('files/cache/tmp/image_mark_%d.gif', $member_srl);
1037  FileHandler::createImageFile($target_file, $temp_filename, $max_width, $max_height, 'gif');
1038 
1039  // 파일 용량 제한
1040  FileHandler::clearStatCache($temp_filename);
1041  $filesize = filesize($temp_filename);
1042  if($max_filesize && $filesize > ($max_filesize * 1024))
1043  {
1044  FileHandler::removeFile($temp_filename);
1045  return $this->stop(implode(' ' , array(
1046  Context::getLang('msg_not_uploaded_group_image_mark'),
1047  Context::getLang('msg_exceeds_limit_size')
1048  )));
1049  }
1050 
1051  FileHandler::removeFilesInDir($target_path);
1052  FileHandler::moveFile($temp_filename, $target_filename);
1053  FileHandler::clearStatCache($target_filename);
1054  }
1055  else
1056  {
1057  $filesize = filesize($target_file);
1058  if($max_filesize && $filesize > ($max_filesize * 1024))
1059  {
1060  FileHandler::removeFile($target_file);
1061  return $this->stop(implode(' ' , array(
1062  Context::getLang('msg_not_uploaded_group_image_mark'),
1063  Context::getLang('msg_exceeds_limit_size')
1064  )));
1065  }
1066 
1067  FileHandler::removeFilesInDir($target_path);
1068  @copy($target_file, $target_filename);
1069  FileHandler::clearStatCache($target_filename);
1070  }
1071 
1072  return new BaseObject(0, 'success');
1073  }
1074 
1080  function procMemberDeleteImageMark($_memberSrl = 0)
1081  {
1082  $member_srl = ($_memberSrl) ? $_memberSrl : Context::get('member_srl');
1083  if(!$member_srl)
1084  {
1085  return new BaseObject(0,'success');
1086  }
1087 
1088  $logged_info = Context::get('logged_info');
1089 
1090  if($logged_info && ($logged_info->is_admin == 'Y' || $logged_info->member_srl == $member_srl))
1091  {
1092  $oMemberModel = getModel('member');
1093  $image_mark = $oMemberModel->getImageMark($member_srl);
1094  FileHandler::removeFile($image_mark->file);
1095  }
1096  return new BaseObject(0,'success');
1097  }
1098 
1105  {
1106  $email_address = Context::get('email_address');
1107  if(!$email_address) return new BaseObject(-1, 'msg_invalid_request');
1108 
1109  $oMemberModel = getModel('member');
1110  $oModuleModel = getModel('module');
1111 
1112  // Check if a member having the same email address exists
1113  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
1114  if(!$member_srl) return new BaseObject(-1, 'msg_email_not_exists');
1115 
1116  // Get information of the member
1117  $columnList = array('denied', 'member_srl', 'user_id', 'user_name', 'email_address', 'nick_name');
1118  $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
1119 
1120  // Check if possible to find member's ID and password
1121  if($member_info->denied == 'Y')
1122  {
1123  $chk_args = new stdClass;
1124  $chk_args->member_srl = $member_info->member_srl;
1125  $output = executeQuery('member.chkAuthMail', $chk_args);
1126  if($output->toBool() && $output->data->count != '0') return new BaseObject(-1, 'msg_user_not_confirmed');
1127  }
1128 
1129  // Insert data into the authentication DB
1130  $oPassword = new Password();
1131  $args = new stdClass();
1132  $args->user_id = $member_info->user_id;
1133  $args->member_srl = $member_info->member_srl;
1134  $args->new_password = $oPassword->createTemporaryPassword(8);
1135  $args->auth_key = $oPassword->createSecureSalt(40);
1136  $args->is_register = 'N';
1137 
1138  $output = executeQuery('member.insertAuthMail', $args);
1139  if(!$output->toBool()) return $output;
1140  // Get content of the email to send a member
1141  Context::set('auth_args', $args);
1142 
1143  $member_config = $oModuleModel->getModuleConfig('member');
1144  $memberInfo = array();
1145  global $lang;
1146  if(is_array($member_config->signupForm))
1147  {
1148  $exceptForm=array('password', 'find_account_question');
1149  foreach($member_config->signupForm as $form)
1150  {
1151  if(!in_array($form->name, $exceptForm) && $form->isDefaultForm && ($form->required || $form->mustRequired))
1152  {
1153  $memberInfo[$lang->{$form->name}] = $member_info->{$form->name};
1154  }
1155  }
1156  }
1157  else
1158  {
1159  $memberInfo[$lang->user_id] = $args->user_id;
1160  $memberInfo[$lang->user_name] = $args->user_name;
1161  $memberInfo[$lang->nick_name] = $args->nick_name;
1162  $memberInfo[$lang->email_address] = $args->email_address;
1163  }
1164  Context::set('memberInfo', $memberInfo);
1165 
1166  if(!$member_config->skin) $member_config->skin = "default";
1167  if(!$member_config->colorset) $member_config->colorset = "white";
1168 
1169  Context::set('member_config', $member_config);
1170 
1171  $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
1172  if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
1173 
1174  $find_url = getFullUrl ('', 'module', 'member', 'act', 'procMemberAuthAccount', 'member_srl', $member_info->member_srl, 'auth_key', $args->auth_key);
1175  Context::set('find_url', $find_url);
1176 
1177  $oTemplate = &TemplateHandler::getInstance();
1178  $content = $oTemplate->compile($tpl_path, 'find_member_account_mail');
1179  // Get information of the Webmaster
1180  $oModuleModel = getModel('module');
1181  $member_config = $oModuleModel->getModuleConfig('member');
1182  // Send a mail
1183  $oMail = new Mail();
1184  $oMail->setTitle( Context::getLang('msg_find_account_title') );
1185  $oMail->setContent($content);
1186  $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
1187  $oMail->setReceiptor( $member_info->user_name, $member_info->email_address );
1188  $oMail->send();
1189  // Return message
1190  $msg = sprintf(Context::getLang('msg_auth_mail_sent'), $member_info->email_address);
1191  if(!in_array(Context::getRequestMethod(),array('XMLRPC','JSON')))
1192  {
1193  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberFindAccount');
1194  $this->setRedirectUrl($returnUrl);
1195  }
1196  return new BaseObject(0,$msg);
1197  }
1198 
1205  {
1206  $oMemberModel = getModel('member');
1207  $oPassword = new Password();
1208  $config = $oMemberModel->getMemberConfig();
1209 
1210  $email_address = Context::get('email_address');
1211  $user_id = Context::get('user_id');
1212  $find_account_question = trim(Context::get('find_account_question'));
1213  $find_account_answer = trim(Context::get('find_account_answer'));
1214 
1215  if(($config->identifier == 'user_id' && !$user_id) || !$email_address || !$find_account_question || !$find_account_answer) return new BaseObject(-1, 'msg_invalid_request');
1216 
1217  $oModuleModel = getModel('module');
1218  // Check if a member having the same email address exists
1219  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
1220  if(!$member_srl) return new BaseObject(-1, 'msg_email_not_exists');
1221 
1222  // Get information of the member
1223  $columnList = array('member_srl', 'find_account_question', 'find_account_answer');
1224  $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
1225 
1226  // Display a message if no answer is entered
1227  if(!$member_info->find_account_question || !$member_info->find_account_answer) return new BaseObject(-1, 'msg_question_not_exists');
1228 
1229  // 답변 확인
1230  $hashed = $oPassword->checkAlgorithm($member_info->find_account_answer);
1231  $authed = true;
1232  $member_info->find_account_question = trim($member_info->find_account_question);
1233  if($member_info->find_account_question != $find_account_question)
1234  {
1235  $authed = false;
1236  }
1237  else if($hashed && !$oPassword->checkPassword($find_account_answer, $member_info->find_account_answer))
1238  {
1239  $authed = false;
1240  }
1241  else if(!$hashed && $find_account_answer != $member_info->find_account_answer)
1242  {
1243  $authed = false;
1244  }
1245 
1246  if(!$authed)
1247  {
1248  return new BaseObject(-1, 'msg_answer_not_matches');
1249  }
1250 
1251  // answer가 동일하고 hash 되지 않았으면 hash 값으로 저장
1252  if($authed && !$hashed)
1253  {
1254  $this->updateFindAccountAnswer($member_srl, $find_account_answer);
1255  }
1256 
1257  if($config->identifier == 'email_address')
1258  {
1259  $user_id = $email_address;
1260  }
1261 
1262  // Update to a temporary password and set change_password_date to 1
1263  $temp_password = $oPassword->createTemporaryPassword(8);
1264 
1265  $args = new stdClass();
1266  $args->member_srl = $member_srl;
1267  $args->password = $temp_password;
1268  $args->change_password_date = '1';
1269  $output = $this->updateMemberPassword($args);
1270  if(!$output->toBool()) return $output;
1271 
1272  $_SESSION['xe_temp_password_' . $user_id] = $temp_password;
1273 
1274  $this->add('user_id',$user_id);
1275 
1276  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
1277  $this->setRedirectUrl($returnUrl.'&user_id='.$user_id);
1278  }
1279 
1287  {
1288  $oMemberModel = getModel('member');
1289 
1290  // Test user_id and authkey
1291  $member_srl = Context::get('member_srl');
1292  $auth_key = Context::get('auth_key');
1293 
1294  if(!$member_srl || !$auth_key)
1295  {
1296  return $this->stop('msg_invalid_request');
1297  }
1298 
1299  // Test logs for finding password by user_id and authkey
1300  $args = new stdClass;
1301  $args->member_srl = $member_srl;
1302  $args->auth_key = $auth_key;
1303  $output = executeQuery('member.getAuthMail', $args);
1304 
1305  if(!$output->toBool() || $output->data->auth_key != $auth_key)
1306  {
1307  if(strlen($output->data->auth_key) !== strlen($auth_key))
1308  {
1309  executeQuery('member.deleteAuthMail', $args);
1310  }
1311 
1312  return $this->stop('msg_invalid_auth_key');
1313  }
1314 
1315  if(ztime($output->data->regdate) < $_SERVER['REQUEST_TIME'] + zgap() - 86400)
1316  {
1317  executeQuery('member.deleteAuthMail', $args);
1318 
1319  $memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl);
1320 
1321  $oPassword = new Password();
1322  $auth_args = new stdClass();
1323  $auth_args->user_id = $memberInfo->user_id;
1324  $auth_args->member_srl = $memberInfo->member_srl;
1325  $auth_args->new_password = '';
1326  $auth_args->auth_key = $oPassword->createSecureSalt(40);
1327  $auth_args->is_register = 'Y';
1328 
1329  $output = executeQuery('member.insertAuthMail', $auth_args);
1330  if(!$output->toBool()) return $output;
1331 
1332  // resend auth mail.
1333  $this->_sendAuthMail($auth_args, $memberInfo);
1334 
1335  $this->setTemplatePath($this->module_path.'tpl');
1336  $this->setTemplateFile('msg_failed_auth');
1337 
1338  return;
1339  }
1340 
1341  $args->password = $output->data->new_password;
1342 
1343  // If credentials are correct, change the password to a new one
1344  if($output->data->is_register == 'Y')
1345  {
1346  $args->denied = 'N';
1347  }
1348  else
1349  {
1350  $args->password = $oMemberModel->hashPassword($args->password);
1351  }
1352 
1353  // Back up the value of $Output->data->is_register
1354  $is_register = $output->data->is_register;
1355 
1356  $output = executeQuery('member.updateMemberPassword', $args);
1357  if(!$output->toBool())
1358  {
1359  return $this->stop($output->getMessage());
1360  }
1361 
1362  // Remove all values having the member_srl from authentication table
1363  executeQuery('member.deleteAuthMail',$args);
1364 
1365  $this->_clearMemberCache($args->member_srl);
1366 
1367  // Notify the result
1368  Context::set('is_register', $is_register);
1369  $this->setTemplatePath($this->module_path.'tpl');
1370  $this->setTemplateFile('msg_success_authed');
1371  }
1372 
1379  {
1380  // Get an email_address
1381  $email_address = Context::get('email_address');
1382  if(!$email_address) return new BaseObject(-1, 'msg_invalid_request');
1383  // Log test by using email_address
1384  $oMemberModel = getModel('member');
1385 
1386  $args = new stdClass;
1387  $args->email_address = $email_address;
1388  $memberSrl = $oMemberModel->getMemberSrlByEmailAddress($email_address);
1389  if(!$memberSrl) return new BaseObject(-1, 'msg_not_exists_member');
1390 
1391  $columnList = array('member_srl', 'user_id', 'user_name', 'nick_name', 'email_address');
1392  $member_info = $oMemberModel->getMemberInfoByMemberSrl($memberSrl, 0, $columnList);
1393 
1394  $oModuleModel = getModel('module');
1395  $member_config = $oModuleModel->getModuleConfig('member');
1396  if(!$member_config->skin) $member_config->skin = "default";
1397  if(!$member_config->colorset) $member_config->colorset = "white";
1398 
1399  // Check if a authentication mail has been sent previously
1400  $chk_args = new stdClass;
1401  $chk_args->member_srl = $member_info->member_srl;
1402  $output = executeQuery('member.chkAuthMail', $chk_args);
1403  if($output->toBool() && $output->data->count == '0') return new BaseObject(-1, 'msg_invalid_request');
1404 
1405  $auth_args = new stdClass;
1406  $auth_args->member_srl = $member_info->member_srl;
1407  $output = executeQueryArray('member.getAuthMailInfo', $auth_args);
1408  if(!$output->data || !$output->data[0]->auth_key) return new BaseObject(-1, 'msg_invalid_request');
1409  $auth_info = $output->data[0];
1410 
1411  // Update the regdate of authmail entry
1412  $renewal_args = new stdClass;
1413  $renewal_args->member_srl = $member_info->member_srl;
1414  $renewal_args->auth_key = $auth_info->auth_key;
1415  $output = executeQuery('member.updateAuthMail', $renewal_args);
1416 
1417  $memberInfo = array();
1418  global $lang;
1419  if(is_array($member_config->signupForm))
1420  {
1421  $exceptForm=array('password', 'find_account_question');
1422  foreach($member_config->signupForm as $form)
1423  {
1424  if(!in_array($form->name, $exceptForm) && $form->isDefaultForm && ($form->required || $form->mustRequired))
1425  {
1426  $memberInfo[$lang->{$form->name}] = $member_info->{$form->name};
1427  }
1428  }
1429  }
1430  else
1431  {
1432  $memberInfo[$lang->user_id] = $member_info->user_id;
1433  $memberInfo[$lang->user_name] = $member_info->user_name;
1434  $memberInfo[$lang->nick_name] = $member_info->nick_name;
1435  $memberInfo[$lang->email_address] = $member_info->email_address;
1436  }
1437 
1438  // Get content of the email to send a member
1439  Context::set('memberInfo', $memberInfo);
1440  Context::set('member_config', $member_config);
1441 
1442  $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
1443  if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
1444 
1445  $auth_url = getFullUrl('','module','member','act','procMemberAuthAccount','member_srl',$member_info->member_srl, 'auth_key',$auth_info->auth_key);
1446  Context::set('auth_url', $auth_url);
1447 
1448  $oTemplate = &TemplateHandler::getInstance();
1449  $content = $oTemplate->compile($tpl_path, 'confirm_member_account_mail');
1450  // Send a mail
1451  $oMail = new Mail();
1452  $oMail->setTitle( Context::getLang('msg_confirm_account_title') );
1453  $oMail->setContent($content);
1454  $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
1455  $oMail->setReceiptor( $args->user_name, $args->email_address );
1456  $oMail->send();
1457 
1458  $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $args->email_address);
1459  $this->setMessage($msg);
1460 
1461  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
1462  $this->setRedirectUrl($returnUrl);
1463  }
1464 
1466  {
1467  $memberInfo = $_SESSION['auth_member_info'];
1468  unset($_SESSION['auth_member_info']);
1469 
1470  if(!$memberInfo)
1471  {
1472  return $this->stop('msg_invalid_request');
1473  }
1474 
1475  $newEmail = Context::get('email_address');
1476 
1477  if(!$newEmail)
1478  {
1479  return $this->stop('msg_invalid_request');
1480  }
1481 
1482  $oMemberModel = getModel('member');
1483  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($newEmail);
1484  if($member_srl)
1485  {
1486  return new BaseObject(-1,'msg_exists_email_address');
1487  }
1488 
1489  // remove all key by member_srl
1490  $args = new stdClass;
1491  $args->member_srl = $memberInfo->member_srl;
1492  $output = executeQuery('member.deleteAuthMail', $args);
1493 
1494  if(!$output->toBool())
1495  {
1496  return $output;
1497  }
1498 
1499  // update member info
1500  $args->email_address = $newEmail;
1501  list($args->email_id, $args->email_host) = explode('@', $newEmail);
1502 
1503  $output = executeQuery('member.updateMemberEmailAddress', $args);
1504  if(!$output->toBool())
1505  {
1506  return $this->stop($output->getMessage());
1507  }
1508 
1509  $this->_clearMemberCache($args->member_srl);
1510 
1511  // generate new auth key
1512  $oPassword = new Password();
1513  $auth_args = new stdClass();
1514  $auth_args->user_id = $memberInfo->user_id;
1515  $auth_args->member_srl = $memberInfo->member_srl;
1516  $auth_args->new_password = $memberInfo->password;
1517  $auth_args->auth_key = $oPassword->createSecureSalt(40);
1518  $auth_args->is_register = 'Y';
1519 
1520  $output = executeQuery('member.insertAuthMail', $auth_args);
1521  if(!$output->toBool()) return $output;
1522 
1523  $memberInfo->email_address = $newEmail;
1524 
1525  // resend auth mail.
1526  $this->_sendAuthMail($auth_args, $memberInfo);
1527 
1528  $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $memberInfo->email_address);
1529  $this->setMessage($msg);
1530 
1531  $returnUrl = getUrl('');
1532  $this->setRedirectUrl($returnUrl);
1533  }
1534 
1535  function _sendAuthMail($auth_args, $member_info)
1536  {
1537  $oMemberModel = getModel('member');
1538  $member_config = $oMemberModel->getMemberConfig();
1539  // Get content of the email to send a member
1540  Context::set('auth_args', $auth_args);
1541 
1542  $memberInfo = array();
1543 
1544  global $lang;
1545  if(is_array($member_config->signupForm))
1546  {
1547  $exceptForm=array('password', 'find_account_question');
1548  foreach($member_config->signupForm as $form)
1549  {
1550  if(!in_array($form->name, $exceptForm) && $form->isDefaultForm && ($form->required || $form->mustRequired))
1551  {
1552  $memberInfo[$lang->{$form->name}] = $member_info->{$form->name};
1553  }
1554  }
1555  }
1556  else
1557  {
1558  $memberInfo[$lang->user_id] = $member_info->user_id;
1559  $memberInfo[$lang->user_name] = $member_info->user_name;
1560  $memberInfo[$lang->nick_name] = $member_info->nick_name;
1561  $memberInfo[$lang->email_address] = $member_info->email_address;
1562  }
1563  Context::set('memberInfo', $memberInfo);
1564 
1565  if(!$member_config->skin) $member_config->skin = "default";
1566  if(!$member_config->colorset) $member_config->colorset = "white";
1567 
1568  Context::set('member_config', $member_config);
1569 
1570  $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
1571  if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
1572 
1573  $auth_url = getFullUrl('','module','member','act','procMemberAuthAccount','member_srl',$member_info->member_srl, 'auth_key',$auth_args->auth_key);
1574  Context::set('auth_url', $auth_url);
1575 
1576  $oTemplate = &TemplateHandler::getInstance();
1577  $content = $oTemplate->compile($tpl_path, 'confirm_member_account_mail');
1578  // Send a mail
1579  $oMail = new Mail();
1580  $oMail->setTitle( Context::getLang('msg_confirm_account_title') );
1581  $oMail->setContent($content);
1582  $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
1583  $oMail->setReceiptor( $member_info->user_name, $member_info->email_address );
1584  $oMail->send();
1585  }
1586 
1593  {
1594  $site_module_info = Context::get('site_module_info');
1595  $logged_info = Context::get('logged_info');
1596  if(!$site_module_info->site_srl || !Context::get('is_logged') || count($logged_info->group_srl_list) ) return new BaseObject(-1,'msg_invalid_request');
1597 
1598  $oMemberModel = getModel('member');
1599  $columnList = array('site_srl', 'group_srl', 'title');
1600  $default_group = $oMemberModel->getDefaultGroup($site_module_info->site_srl, $columnList);
1601  $this->addMemberToGroup($logged_info->member_srl, $default_group->group_srl, $site_module_info->site_srl);
1602  $groups[$default_group->group_srl] = $default_group->title;
1603  $logged_info->group_list = $groups;
1604  }
1605 
1612  {
1613  $site_module_info = Context::get('site_module_info');
1614  $logged_info = Context::get('logged_info');
1615  if(!$site_module_info->site_srl || !Context::get('is_logged') || count($logged_info->group_srl_list) ) return new BaseObject(-1,'msg_invalid_request');
1616 
1617  $args = new stdClass;
1618  $args->site_srl= $site_module_info->site_srl;
1619  $args->member_srl = $logged_info->member_srl;
1620  $output = executeQuery('member.deleteMembersGroup', $args);
1621  if(!$output->toBool()) return $output;
1622  $this->setMessage('success_deleted');
1623  $this->_clearMemberCache($args->member_srl, $site_module_info->site_srl);
1624  }
1625 
1634  {
1635  if(!$args->skin) $args->skin = "default";
1636  if(!$args->colorset) $args->colorset = "white";
1637  if(!$args->editor_skin) $args->editor_skin= "ckeditor";
1638  if(!$args->editor_colorset) $args->editor_colorset = "moono";
1639  if($args->enable_join!='Y') $args->enable_join = 'N';
1640  $args->enable_openid= 'N';
1641  if($args->profile_image !='Y') $args->profile_image = 'N';
1642  if($args->image_name!='Y') $args->image_name = 'N';
1643  if($args->image_mark!='Y') $args->image_mark = 'N';
1644  if($args->group_image_mark!='Y') $args->group_image_mark = 'N';
1645  if(!trim(strip_tags($args->agreement))) $args->agreement = null;
1646  $args->limit_day = (int)$args->limit_day;
1647 
1648  $agreement = trim($args->agreement);
1649  unset($args->agreement);
1650 
1651  $oModuleController = getController('module');
1652  $output = $oModuleController->insertModuleConfig('member',$args);
1653  if(!$output->toBool()) return $output;
1654 
1655  $agreement_file = _XE_PATH_.'files/member_extra_info/agreement.txt';
1656  FileHandler::writeFile($agreement_file, $agreement);
1657 
1658  return new BaseObject();
1659  }
1660 
1669  function putSignature($member_srl, $signature)
1670  {
1671  $signature = trim(removeHackTag($signature));
1672  $signature = preg_replace('/<(\/?)(embed|object|param)/is', '&lt;$1$2', $signature);
1673 
1674  $check_signature = trim(str_replace(array('&nbsp;',"\n","\r"), '', strip_tags($signature, '<img><object>')));
1675  $path = sprintf('files/member_extra_info/signature/%s/', getNumberingPath($member_srl));
1676  $filename = sprintf('%s%d.signature.php', $path, $member_srl);
1677 
1678  if(!$check_signature) return FileHandler::removeFile($filename);
1679 
1680  $buff = sprintf('<?php if(!defined("__XE__")) exit();?>%s', $signature);
1681  FileHandler::makeDir($path);
1682  FileHandler::writeFile($filename, $buff);
1683  }
1684 
1692  function delSignature($member_srl)
1693  {
1694  $filename = sprintf('files/member_extra_info/signature/%s%d.gif', getNumberingPath($member_srl), $member_srl);
1695  FileHandler::removeFile($filename);
1696  }
1697 
1707  function addMemberToGroup($member_srl, $group_srl, $site_srl=0)
1708  {
1709  $args = new stdClass();
1710  $args->member_srl = $member_srl;
1711  $args->group_srl = $group_srl;
1712  if($site_srl) $args->site_srl = $site_srl;
1713 
1714  // Add
1715  $output = executeQuery('member.addMemberToGroup',$args);
1716  $output2 = ModuleHandler::triggerCall('member.addMemberToGroup', 'after', $args);
1717 
1718  $this->_clearMemberCache($member_srl, $site_srl);
1719 
1720  return $output;
1721  }
1722 
1732  {
1733  $obj = new stdClass;
1734  $obj->site_srl = $args->site_srl;
1735  $obj->member_srl = implode(',',$args->member_srl);
1736 
1737  $output = executeQueryArray('member.getMembersGroup', $obj);
1738  if($output->data) foreach($output->data as $key => $val) $date[$val->member_srl] = $val->regdate;
1739 
1740  $output = executeQuery('member.deleteMembersGroup', $obj);
1741  if(!$output->toBool()) return $output;
1742 
1743  $inserted_members = array();
1744  foreach($args->member_srl as $key => $val)
1745  {
1746  if($inserted_members[$val]) continue;
1747  $inserted_members[$val] = true;
1748 
1749  unset($obj);
1750  $obj = new stdClass;
1751  $obj->member_srl = $val;
1752  $obj->group_srl = $args->group_srl;
1753  $obj->site_srl = $args->site_srl;
1754  $obj->regdate = $date[$obj->member_srl];
1755  $output = executeQuery('member.addMemberToGroup', $obj);
1756  if(!$output->toBool()) return $output;
1757 
1758  $this->_clearMemberCache($obj->member_srl, $args->site_srl);
1759  }
1760 
1761  return new BaseObject();
1762  }
1763 
1764 
1770  function doAutologin()
1771  {
1772  // Get a key value of auto log-in
1773  $args = new stdClass;
1774  $args->autologin_key = $_COOKIE['xeak'];
1775  // Get information of the key
1776  $output = executeQuery('member.getAutologin', $args);
1777  // If no information exists, delete a cookie
1778  if(!$output->toBool() || !$output->data)
1779  {
1780  setCookie('xeak',null,$_SERVER['REQUEST_TIME']+60*60*24*365);
1781  return;
1782  }
1783 
1784  $oMemberModel = getModel('member');
1785  $config = $oMemberModel->getMemberConfig();
1786 
1787  $user_id = ($config->identifier == 'user_id') ? $output->data->user_id : $output->data->email_address;
1788  $password = $output->data->password;
1789 
1790  if(!$user_id || !$password)
1791  {
1792  setCookie('xeak',null,$_SERVER['REQUEST_TIME']+60*60*24*365);
1793  return;
1794  }
1795 
1796  $do_auto_login = false;
1797 
1798  // Compare key values based on the information
1799  $check_key = strtolower($user_id).$password.$_SERVER['HTTP_USER_AGENT'];
1800  $check_key = substr(hash_hmac('sha256', $check_key, substr($args->autologin_key, 0, 32)), 0, 32);
1801 
1802  if($check_key === substr($args->autologin_key, 32))
1803  {
1804  // Check change_password_date
1805  $oModuleModel = getModel('module');
1806  $member_config = $oModuleModel->getModuleConfig('member');
1807  $limit_date = $member_config->change_password_date;
1808 
1809  // Check if change_password_date is set
1810  if($limit_date > 0)
1811  {
1812  $oMemberModel = getModel('member');
1813  $columnList = array('member_srl', 'change_password_date');
1814 
1815  if($config->identifier == 'user_id')
1816  {
1817  $member_info = $oMemberModel->getMemberInfoByUserID($user_id, $columnList);
1818  }
1819  else
1820  {
1821  $member_info = $oMemberModel->getMemberInfoByEmailAddress($user_id, $columnList);
1822  }
1823 
1824  if($member_info->change_password_date >= date('YmdHis', strtotime('-'.$limit_date.' day')) ){
1825  $do_auto_login = true;
1826  }
1827 
1828  }
1829  else
1830  {
1831  $do_auto_login = true;
1832  }
1833  }
1834 
1835  if($do_auto_login)
1836  {
1837  $output = $this->doLogin($user_id);
1838  }
1839  else
1840  {
1841  executeQuery('member.deleteAutologin', $args);
1842  setCookie('xeak',null,$_SERVER['REQUEST_TIME']+60*60*24*365);
1843  }
1844  }
1845 
1855  function doLogin($user_id, $password = '', $keep_signed = false)
1856  {
1857  $user_id = strtolower($user_id);
1858  if(!$user_id) return new BaseObject(-1, 'null_user_id');
1859  // Call a trigger before log-in (before)
1860  $trigger_obj = new stdClass();
1861  $trigger_obj->user_id = $user_id;
1862  $trigger_obj->password = $password;
1863  $trigger_output = ModuleHandler::triggerCall('member.doLogin', 'before', $trigger_obj);
1864  if(!$trigger_output->toBool()) return $trigger_output;
1865  // Create a member model object
1866  $oMemberModel = getModel('member');
1867 
1868  // check IP access count.
1869  $config = $oMemberModel->getMemberConfig();
1870  $args = new stdClass();
1871  $args->ipaddress = $_SERVER['REMOTE_ADDR'];
1872 
1873  // check identifier
1874  if($config->identifier == 'email_address')
1875  {
1876  // Get user_id information
1877  $this->memberInfo = $oMemberModel->getMemberInfoByEmailAddress($user_id);
1878  // Set an invalid user if no value returned
1879  if(!$user_id || strtolower($this->memberInfo->email_address) != strtolower($user_id)) return $this->recordLoginError(-1, 'invalid_email_address');
1880 
1881  }
1882  else
1883  {
1884  // Get user_id information
1885  $this->memberInfo = $oMemberModel->getMemberInfoByUserID($user_id);
1886  // Set an invalid user if no value returned
1887  if(!$user_id || strtolower($this->memberInfo->user_id) != strtolower($user_id)) return $this->recordLoginError(-1, 'invalid_user_id');
1888  }
1889 
1890  $output = executeQuery('member.getLoginCountByIp', $args);
1891  $errorCount = $output->data->count;
1892  if($errorCount >= $config->max_error_count)
1893  {
1894  $last_update = strtotime($output->data->last_update);
1895  $term = intval($_SERVER['REQUEST_TIME']-$last_update);
1896  if($term < $config->max_error_count_time)
1897  {
1898  $term = $config->max_error_count_time - $term;
1899  if($term < 60) $term = intval($term).Context::getLang('unit_sec');
1900  elseif(60 <= $term && $term < 3600) $term = intval($term/60).Context::getLang('unit_min');
1901  elseif(3600 <= $term && $term < 86400) $term = intval($term/3600).Context::getLang('unit_hour');
1902  else $term = intval($term/86400).Context::getLang('unit_day');
1903 
1904  return new BaseObject(-1, sprintf(Context::getLang('excess_ip_access_count'),$term));
1905  }
1906  else
1907  {
1908  $args->ipaddress = $_SERVER['REMOTE_ADDR'];
1909  $output = executeQuery('member.deleteLoginCountByIp', $args);
1910  }
1911  }
1912 
1913  // Password Check
1914  if($password && !$oMemberModel->isValidPassword($this->memberInfo->password, $password, $this->memberInfo->member_srl))
1915  {
1916  return $this->recordMemberLoginError(-1, 'invalid_password',$this->memberInfo);
1917  }
1918 
1919  // If denied == 'Y', notify
1920  if($this->memberInfo->denied == 'Y')
1921  {
1922  $args->member_srl = $this->memberInfo->member_srl;
1923  $output = executeQuery('member.chkAuthMail', $args);
1924  if ($output->toBool() && $output->data->count != '0')
1925  {
1926  $_SESSION['auth_member_srl'] = $this->memberInfo->member_srl;
1927  $redirectUrl = getUrl('', 'act', 'dispMemberResendAuthMail');
1928  return $this->setRedirectUrl($redirectUrl, new BaseObject(-1,'msg_user_not_confirmed'));
1929  }
1930  return new BaseObject(-1,'msg_user_denied');
1931  }
1932  // Notify if denied_date is less than the current time
1933  if($this->memberInfo->limit_date && substr($this->memberInfo->limit_date,0,8) >= date("Ymd")) return new BaseObject(-9,sprintf(Context::getLang('msg_user_limited'),zdate($this->memberInfo->limit_date,"Y-m-d")));
1934  // Update the latest login time
1935  $args->member_srl = $this->memberInfo->member_srl;
1936  $output = executeQuery('member.updateLastLogin', $args);
1937 
1938  $site_module_info = Context::get('site_module_info');
1939  $this->_clearMemberCache($args->member_srl, $site_module_info->site_srl);
1940 
1941  // Check if there is recoding table.
1942  $oDB = &DB::getInstance();
1943  if($oDB->isTableExists('member_count_history') && $config->enable_login_fail_report != 'N')
1944  {
1945  // check if there is login fail records.
1946  $output = executeQuery('member.getLoginCountHistoryByMemberSrl', $args);
1947  if($output->data && $output->data->content)
1948  {
1949  $title = Context::getLang('login_fail_report');
1950  $message = '<ul>';
1951  $content = unserialize($output->data->content);
1952  if(count($content) > $config->max_error_count)
1953  {
1954  foreach($content as $val)
1955  {
1956  $message .= '<li>'.Context::getLang('regdate').': '.date('Y-m-d h:i:sa',$val[2]).'<ul><li>'.Context::getLang('ipaddress').': '.$val[0].'</li><li>'.Context::getLang('message').': '.$val[1].'</li></ul></li>';
1957  }
1958  $message .= '</ul>';
1959  $content = sprintf(Context::getLang('login_fail_report_contents'),$message,date('Y-m-d h:i:sa'));
1960 
1961  //send message
1962  $oCommunicationController = getController('communication');
1963  $oCommunicationController->sendMessage($args->member_srl, $args->member_srl, $title, $content, true);
1964 
1965  if($this->memberInfo->email_address && $this->memberInfo->allow_mailing == 'Y')
1966  {
1967  $view_url = Context::getRequestUri();
1968  $content = sprintf("%s<hr /><p>From: <a href=\"%s\" target=\"_blank\">%s</a><br />To: %s(%s)</p>",$content, $view_url, $view_url, $this->memberInfo->nick_name, $this->memberInfo->email_id);
1969  $oMail = new Mail();
1970  $oMail->setTitle($title);
1971  $oMail->setContent($content);
1972  $oMail->setSender($config->webmaster_name?$config->webmaster_name:'webmaster', $config->webmaster_email);
1973  $oMail->setReceiptor($this->memberInfo->email_id.'('.$this->memberInfo->nick_name.')', $this->memberInfo->email_address);
1974  $oMail->send();
1975  }
1976  $output = executeQuery('member.deleteLoginCountHistoryByMemberSrl', $args);
1977  }
1978  }
1979  }
1980  // Call a trigger after successfully log-in (after)
1981  $trigger_output = ModuleHandler::triggerCall('member.doLogin', 'after', $this->memberInfo);
1982  if(!$trigger_output->toBool()) return $trigger_output;
1983  // When user checked to use auto-login
1984  if($keep_signed)
1985  {
1986  // Key generate for auto login
1987  $oPassword = new Password();
1988  $random_key = $oPassword->createSecureSalt(32, 'hex');
1989  $extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT'];
1990  $extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32);
1991  $autologin_args = new stdClass;
1992  $autologin_args->autologin_key = $random_key.$extra_key;
1993  $autologin_args->member_srl = $this->memberInfo->member_srl;
1994  executeQuery('member.deleteAutologin', $autologin_args);
1995  $autologin_output = executeQuery('member.insertAutologin', $autologin_args);
1996  if($autologin_output->toBool()) setCookie('xeak',$autologin_args->autologin_key, $_SERVER['REQUEST_TIME']+31536000);
1997  }
1998  if($this->memberInfo->is_admin == 'Y')
1999  {
2000  $oMemberAdminModel = getAdminModel('member');
2001  if(!$oMemberAdminModel->getMemberAdminIPCheck())
2002  {
2003  $_SESSION['denied_admin'] = 'Y';
2004  }
2005  }
2006 
2007  $this->setSessionInfo();
2008 
2009  return $output;
2010  }
2011 
2015  function setSessionInfo()
2016  {
2017  $oMemberModel = getModel('member');
2018  // If your information came through the current session information to extract information from the users
2019  if(!$this->memberInfo && $_SESSION['member_srl'] && $oMemberModel->isLogged() )
2020  {
2021  $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($_SESSION['member_srl']);
2022  // If you do not destroy the session Profile
2023  if($this->memberInfo->member_srl != $_SESSION['member_srl'])
2024  {
2025  $this->destroySessionInfo();
2026  return;
2027  }
2028  }
2029  // Stop using the session id is destroyed
2030  if($this->memberInfo->denied=='Y')
2031  {
2032  $this->destroySessionInfo();
2033  return;
2034  }
2035  // Log in for treatment sessions set
2036  $_SESSION['is_logged'] = true;
2037  $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
2038  $_SESSION['member_srl'] = $this->memberInfo->member_srl;
2039  $_SESSION['is_admin'] = '';
2040  setcookie('xe_logged', 'true');
2041  // Do not save your password in the session jiwojum;;
2042  //unset($this->memberInfo->password);
2043  // User Group Settings
2044  /*
2045  if($this->memberInfo->group_list) {
2046  $group_srl_list = array_keys($this->memberInfo->group_list);
2047  $_SESSION['group_srls'] = $group_srl_list;
2048  // If the group is designated as an administrator administrator
2049  $oMemberModel = getModel('member');
2050  $admin_group = $oMemberModel->getAdminGroup();
2051  if($admin_group->group_srl && in_array($admin_group->group_srl, $group_srl_list)) $_SESSION['is_admin'] = 'Y';
2052  }
2053  */
2054 
2055  // Information stored in the session login user
2056  Context::set('is_logged', true);
2057  Context::set('logged_info', $this->memberInfo);
2058 
2059  // Only the menu configuration of the user (such as an add-on to the menu can be changed)
2060  $this->addMemberMenu( 'dispMemberInfo', 'cmd_view_member_info');
2061  $this->addMemberMenu( 'dispMemberScrappedDocument', 'cmd_view_scrapped_document');
2062  $this->addMemberMenu( 'dispMemberSavedDocument', 'cmd_view_saved_document');
2063  $this->addMemberMenu( 'dispMemberOwnDocument', 'cmd_view_own_document');
2064  }
2065 
2070  function addMemberMenu($act, $str)
2071  {
2072  $logged_info = Context::get('logged_info');
2073 
2074  $logged_info->menu_list[$act] = Context::getLang($str);
2075 
2076  Context::set('logged_info', $logged_info);
2077  }
2078 
2082  function addMemberPopupMenu($url, $str, $icon = '', $target = 'self')
2083  {
2084  $member_popup_menu_list = Context::get('member_popup_menu_list');
2085  if(!is_array($member_popup_menu_list)) $member_popup_menu_list = array();
2086 
2087  $obj = new stdClass;
2088  $obj->url = $url;
2089  $obj->str = $str;
2090  $obj->icon = $icon;
2091  $obj->target = $target;
2092  $member_popup_menu_list[] = $obj;
2093 
2094  Context::set('member_popup_menu_list', $member_popup_menu_list);
2095  }
2096 
2100  function insertMember(&$args, $password_is_hashed = false)
2101  {
2102  // Call a trigger (before)
2103  $output = ModuleHandler::triggerCall('member.insertMember', 'before', $args);
2104  if(!$output->toBool()) return $output;
2105  // Terms and Conditions portion of the information set up by members reaffirmed
2106  $oModuleModel = getModel('module');
2107  $config = $oModuleModel->getModuleConfig('member');
2108 
2109  $logged_info = Context::get('logged_info');
2110  // If the date of the temporary restrictions limit further information on the date of
2111  if($config->limit_day) $args->limit_date = date("YmdHis", $_SERVER['REQUEST_TIME']+$config->limit_day*60*60*24);
2112 
2113  $args->member_srl = getNextSequence();
2114  $args->list_order = -1 * $args->member_srl;
2115 
2116  // Execute insert or update depending on the value of member_srl
2117  if(!$args->user_id) $args->user_id = 't'.$args->member_srl;
2118  // Enter the user's identity changed to lowercase
2119  else $args->user_id = strtolower($args->user_id);
2120  if(!$args->user_name) $args->user_name = $args->member_srl;
2121  if(!$args->nick_name) $args->nick_name = $args->member_srl;
2122 
2123  // Control of essential parameters
2124  if($args->allow_mailing!='Y') $args->allow_mailing = 'N';
2125  if($args->denied!='Y') $args->denied = 'N';
2126  if(!$args->allow_message || ($args->allow_message && !in_array($args->allow_message, array('Y','N','F')))) $args->allow_message = 'Y';
2127 
2128  if($logged_info->is_admin == 'Y')
2129  {
2130  if($args->is_admin!='Y') $args->is_admin = 'N';
2131  }
2132  else
2133  {
2134  unset($args->is_admin);
2135  }
2136 
2137  list($args->email_id, $args->email_host) = explode('@', $args->email_address);
2138 
2139  // Sanitize user ID, username, nickname, homepage, blog
2140  $args->user_id = htmlspecialchars($args->user_id, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2141  $args->user_name = htmlspecialchars($args->user_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2142  $args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2143  $args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2144  $args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2145  if($args->homepage && !preg_match("/^[a-z]+:\/\//i",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
2146  if($args->blog && !preg_match("/^[a-z]+:\/\//i",$args->blog)) $args->blog = 'http://'.$args->blog;
2147 
2148  // Create a model object
2149  $oMemberModel = getModel('member');
2150 
2151  // Check password strength
2152  if($args->password && !$password_is_hashed)
2153  {
2154  if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
2155  {
2156  $message = Context::getLang('about_password_strength');
2157  return new BaseObject(-1, $message[$config->password_strength]);
2158  }
2159  $args->password = $oMemberModel->hashPassword($args->password);
2160  }
2161  elseif(!$args->password)
2162  {
2163  unset($args->password);
2164  }
2165 
2166  if($args->find_account_answer && !$password_is_hashed)
2167  {
2168  $args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
2169  }
2170  elseif(!$args->find_account_answer)
2171  {
2172  unset($args->find_account_answer);
2173  }
2174 
2175  // Check if ID is prohibited
2176  if($oMemberModel->isDeniedID($args->user_id))
2177  {
2178  return new BaseObject(-1,'denied_user_id');
2179  }
2180 
2181  // Check if ID is duplicate
2182  $member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
2183  if($member_srl)
2184  {
2185  return new BaseObject(-1,'msg_exists_user_id');
2186  }
2187 
2188  // Check if nickname is prohibited
2189  if($oMemberModel->isDeniedNickName($args->nick_name))
2190  {
2191  return new BaseObject(-1,'denied_nick_name');
2192  }
2193 
2194  // Check if nickname is duplicate
2195  $member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
2196  if($member_srl)
2197  {
2198  return new BaseObject(-1,'msg_exists_nick_name');
2199  }
2200 
2201  // Check if email address is duplicate
2202  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
2203  if($member_srl)
2204  {
2205  return new BaseObject(-1,'msg_exists_email_address');
2206  }
2207 
2208  // Insert data into the DB
2209  $args->list_order = -1 * $args->member_srl;
2210 
2211  if(!$args->user_id) $args->user_id = 't'.$args->member_srl;
2212  if(!$args->user_name) $args->user_name = $args->member_srl;
2213 
2214  $oDB = &DB::getInstance();
2215  $oDB->begin();
2216 
2217  $output = executeQuery('member.insertMember', $args);
2218  if(!$output->toBool())
2219  {
2220  $oDB->rollback();
2221  return $output;
2222  }
2223 
2224  if(is_array($args->group_srl_list)) $group_srl_list = $args->group_srl_list;
2225  else $group_srl_list = explode('|@|', $args->group_srl_list);
2226  // If no value is entered the default group, the value of group registration
2227  if(!$args->group_srl_list)
2228  {
2229  $columnList = array('site_srl', 'group_srl');
2230  $default_group = $oMemberModel->getDefaultGroup(0, $columnList);
2231  if($default_group)
2232  {
2233  // Add to the default group
2234  $output = $this->addMemberToGroup($args->member_srl,$default_group->group_srl);
2235  if(!$output->toBool())
2236  {
2237  $oDB->rollback();
2238  return $output;
2239  }
2240  }
2241  // If the value is the value of the group entered the group registration
2242  }
2243  else
2244  {
2245  for($i=0;$i<count($group_srl_list);$i++)
2246  {
2247  $output = $this->addMemberToGroup($args->member_srl,$group_srl_list[$i]);
2248 
2249  if(!$output->toBool())
2250  {
2251  $oDB->rollback();
2252  return $output;
2253  }
2254  }
2255  }
2256 
2257  $member_config = $oModuleModel->getModuleConfig('member');
2258  // When using email authentication mode (when you subscribed members denied a) certified mail sent
2259  if($args->denied == 'Y')
2260  {
2261  // Insert data into the authentication DB
2262  $oPassword = new Password();
2263  $auth_args = new stdClass();
2264  $auth_args->user_id = $args->user_id;
2265  $auth_args->member_srl = $args->member_srl;
2266  $auth_args->new_password = $args->password;
2267  $auth_args->auth_key = $oPassword->createSecureSalt(40);
2268  $auth_args->is_register = 'Y';
2269 
2270  $output = executeQuery('member.insertAuthMail', $auth_args);
2271  if(!$output->toBool())
2272  {
2273  $oDB->rollback();
2274  return $output;
2275  }
2276  $this->_sendAuthMail($auth_args, $args);
2277  }
2278  // Call a trigger (after)
2279  if($output->toBool())
2280  {
2281  $trigger_output = ModuleHandler::triggerCall('member.insertMember', 'after', $args);
2282  if(!$trigger_output->toBool())
2283  {
2284  $oDB->rollback();
2285  return $trigger_output;
2286  }
2287  }
2288 
2289  $oDB->commit(true);
2290 
2291  $output->add('member_srl', $args->member_srl);
2292  return $output;
2293  }
2294 
2300  function updateMember($args, $is_admin = FALSE)
2301  {
2302  // Call a trigger (before)
2303  $output = ModuleHandler::triggerCall('member.updateMember', 'before', $args);
2304  if(!$output->toBool()) return $output;
2305  // Create a model object
2306  $oMemberModel = getModel('member');
2307 
2308  $logged_info = Context::get('logged_info');
2309  // Get what you want to modify the original information
2310  if(!$this->memberInfo) $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
2311  // Control of essential parameters
2312  if($args->allow_mailing!='Y') $args->allow_mailing = 'N';
2313  if($args->allow_message && !in_array($args->allow_message, array('Y','N','F'))) $args->allow_message = 'Y';
2314 
2315  if($logged_info->is_admin == 'Y')
2316  {
2317  if($args->denied!='Y') $args->denied = 'N';
2318  if($args->is_admin!='Y' && $logged_info->member_srl != $args->member_srl) $args->is_admin = 'N';
2319  }
2320  else
2321  {
2322  unset($args->is_admin);
2323  if($is_admin == false)
2324  unset($args->denied);
2325  if($logged_info->member_srl != $args->member_srl && $is_admin == false)
2326  {
2327  return $this->stop('msg_invalid_request');
2328  }
2329  }
2330 
2331  // Sanitize user ID, username, nickname, homepage, blog
2332  if($args->user_id) $args->user_id = htmlspecialchars($args->user_id, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2333  $args->user_name = htmlspecialchars($args->user_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2334  $args->nick_name = htmlspecialchars($args->nick_name, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2335  $args->homepage = htmlspecialchars($args->homepage, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2336  $args->blog = htmlspecialchars($args->blog, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
2337  if($args->homepage && !preg_match("/^[a-z]+:\/\//is",$args->homepage)) $args->homepage = 'http://'.$args->homepage;
2338  if($args->blog && !preg_match("/^[a-z]+:\/\//is",$args->blog)) $args->blog = 'http://'.$args->blog;
2339 
2340  // check member identifier form
2341  $config = $oMemberModel->getMemberConfig();
2342 
2343  $output = executeQuery('member.getMemberInfoByMemberSrl', $args);
2344  $orgMemberInfo = $output->data;
2345 
2346  // Check if email address or user ID is duplicate
2347  if($config->identifier == 'email_address')
2348  {
2349  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($args->email_address);
2350  if($member_srl && $args->member_srl != $member_srl)
2351  {
2352  return new BaseObject(-1,'msg_exists_email_address');
2353  }
2354  $args->email_address = $orgMemberInfo->email_address;
2355  }
2356  else
2357  {
2358  $member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
2359  if($member_srl && $args->member_srl != $member_srl)
2360  {
2361  return new BaseObject(-1,'msg_exists_user_id');
2362  }
2363 
2364  $args->user_id = $orgMemberInfo->user_id;
2365  }
2366 
2367  if($logged_info->is_admin !== 'Y')
2368  {
2369  // Check if ID is prohibited
2370  if($args->user_id && $oMemberModel->isDeniedID($args->user_id))
2371  {
2372  return new BaseObject(-1,'denied_user_id');
2373  }
2374 
2375  // Check if nickname is prohibited
2376  if($args->nick_name && $oMemberModel->isDeniedNickName($args->nick_name))
2377  {
2378  return new BaseObject(-1, 'denied_nick_name');
2379  }
2380  }
2381 
2382  // Check if ID is duplicate
2383  if($args->user_id)
2384  {
2385  $member_srl = $oMemberModel->getMemberSrlByUserID($args->user_id);
2386  if($member_srl && $args->member_srl != $member_srl)
2387  {
2388  return new BaseObject(-1,'msg_exists_user_id');
2389  }
2390  }
2391 
2392  // Check if nickname is duplicate
2393  $member_srl = $oMemberModel->getMemberSrlByNickName($args->nick_name);
2394  if($member_srl && $args->member_srl != $member_srl)
2395  {
2396  return new BaseObject(-1,'msg_exists_nick_name');
2397  }
2398 
2399  list($args->email_id, $args->email_host) = explode('@', $args->email_address);
2400 
2401  $oDB = &DB::getInstance();
2402  $oDB->begin();
2403 
2404  // Check password strength
2405  if($args->password)
2406  {
2407  if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
2408  {
2409  $message = Context::getLang('about_password_strength');
2410  return new BaseObject(-1, $message[$config->password_strength]);
2411  }
2412  $args->password = $oMemberModel->hashPassword($args->password);
2413  }
2414  else
2415  {
2416  $args->password = $orgMemberInfo->password;
2417  }
2418 
2419  if($args->find_account_answer) {
2420  $args->find_account_answer = $oMemberModel->hashPassword($args->find_account_answer);
2421  }
2422  else
2423  {
2424  $oPassword = new Password();
2425  $hashed = $oPassword->checkAlgorithm($orgMemberInfo->find_account_answer);
2426 
2427  if($hashed) {
2428  $args->find_account_answer = $orgMemberInfo->find_account_answer;
2429  } else {
2430  $args->find_account_answer = $oPassword->createHash($orgMemberInfo->find_account_answer);
2431  }
2432  }
2433 
2434  if(!$args->user_name) $args->user_name = $orgMemberInfo->user_name;
2435  if(!$args->user_id) $args->user_id = $orgMemberInfo->user_id;
2436  if(!$args->nick_name) $args->nick_name = $orgMemberInfo->nick_name;
2437  if(!isset($args->description)) $args->description = $orgMemberInfo->description;
2438  if(!$args->birthday) $args->birthday = '';
2439 
2440  $output = executeQuery('member.updateMember', $args);
2441 
2442  if(!$output->toBool())
2443  {
2444  $oDB->rollback();
2445  return $output;
2446  }
2447 
2448  if($args->group_srl_list)
2449  {
2450  if(is_array($args->group_srl_list)) $group_srl_list = $args->group_srl_list;
2451  else $group_srl_list = explode('|@|', $args->group_srl_list);
2452  // If the group information, group information changes
2453  if(count($group_srl_list) > 0)
2454  {
2455  $args->site_srl = 0;
2456  // One of its members to delete all the group
2457  $output = executeQuery('member.deleteMemberGroupMember', $args);
2458  if(!$output->toBool())
2459  {
2460  $oDB->rollback();
2461  return $output;
2462  }
2463  // Enter one of the loop a
2464  for($i=0;$i<count($group_srl_list);$i++)
2465  {
2466  $output = $this->addMemberToGroup($args->member_srl,$group_srl_list[$i]);
2467  if(!$output->toBool())
2468  {
2469  $oDB->rollback();
2470  return $output;
2471  }
2472  }
2473 
2474  // if group is changed, point changed too.
2475  $this->_updatePointByGroup($orgMemberInfo->member_srl, $group_srl_list);
2476  }
2477  }
2478  // Call a trigger (after)
2479  if($output->toBool()) {
2480  $trigger_output = ModuleHandler::triggerCall('member.updateMember', 'after', $args);
2481  if(!$trigger_output->toBool())
2482  {
2483  $oDB->rollback();
2484  return $trigger_output;
2485  }
2486  }
2487 
2488  $oDB->commit();
2489 
2490  //remove from cache
2491  $this->_clearMemberCache($args->member_srl, $args->site_srl);
2492 
2493  // Save Session
2494  if(!$this->memberInfo) $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl);
2495  $logged_info = Context::get('logged_info');
2496 
2497  $output->add('member_srl', $args->member_srl);
2498  return $output;
2499  }
2500 
2505  {
2506  if($args->password)
2507  {
2508 
2509  // check password strength
2510  $oMemberModel = getModel('member');
2511  $config = $oMemberModel->getMemberConfig();
2512 
2513  if(!$oMemberModel->checkPasswordStrength($args->password, $config->password_strength))
2514  {
2515  $message = Context::getLang('about_password_strength');
2516  return new BaseObject(-1, $message[$config->password_strength]);
2517  }
2518 
2519  $args->password = $oMemberModel->hashPassword($args->password);
2520  }
2521  else if($args->hashed_password)
2522  {
2523  $args->password = $args->hashed_password;
2524  }
2525 
2526  $output = executeQuery('member.updateMemberPassword', $args);
2527  if($output->toBool())
2528  {
2529  $result = executeQuery('member.updateChangePasswordDate', $args);
2530  }
2531 
2532  $this->_clearMemberCache($args->member_srl);
2533 
2534  return $output;
2535  }
2536 
2537  function updateFindAccountAnswer($member_srl, $answer)
2538  {
2539  $oPassword = new Password();
2540 
2541  $args = new stdClass();
2542  $args->member_srl = $member_srl;
2543  $args->find_account_answer = $oPassword->createHash($answer);
2544  $output = executeQuery('member.updateFindAccountAnswer', $args);
2545  }
2546 
2550  function deleteMember($member_srl)
2551  {
2552  // Call a trigger (before)
2553  $trigger_obj = new stdClass();
2554  $trigger_obj->member_srl = $member_srl;
2555  $output = ModuleHandler::triggerCall('member.deleteMember', 'before', $trigger_obj);
2556  if(!$output->toBool()) return $output;
2557  // Create a model object
2558  $oMemberModel = getModel('member');
2559  // Bringing the user's information
2560  if(!$this->memberInfo || $this->memberInfo->member_srl != $member_srl || !isset($this->memberInfo->is_admin))
2561  {
2562  $columnList = array('member_srl', 'is_admin');
2563  $this->memberInfo = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
2564  }
2565  if(!$this->memberInfo) return new BaseObject(-1, 'msg_not_exists_member');
2566  // If managers can not be deleted
2567  if($this->memberInfo->is_admin == 'Y') return new BaseObject(-1, 'msg_cannot_delete_admin');
2568 
2569  $oDB = &DB::getInstance();
2570  $oDB->begin();
2571 
2572  $args = new stdClass();
2573  $args->member_srl = $member_srl;
2574  // Delete the entries in member_auth_mail
2575  $output = executeQuery('member.deleteAuthMail', $args);
2576  if(!$output->toBool())
2577  {
2578  $oDB->rollback();
2579  return $output;
2580  }
2581 
2582  // TODO: If the table is not an upgrade may fail.
2583  /*
2584  if(!$output->toBool()) {
2585  $oDB->rollback();
2586  return $output;
2587  }
2588  */
2589  // Delete the entries in member_group_member
2590  $output = executeQuery('member.deleteMemberGroupMember', $args);
2591  if(!$output->toBool())
2592  {
2593  $oDB->rollback();
2594  return $output;
2595  }
2596  // member removed from the table
2597  $output = executeQuery('member.deleteMember', $args);
2598  if(!$output->toBool())
2599  {
2600  $oDB->rollback();
2601  return $output;
2602  }
2603  // Call a trigger (after)
2604  if($output->toBool())
2605  {
2606  $trigger_output = ModuleHandler::triggerCall('member.deleteMember', 'after', $trigger_obj);
2607  if(!$trigger_output->toBool())
2608  {
2609  $oDB->rollback();
2610  return $trigger_output;
2611  }
2612  }
2613 
2614  $oDB->commit();
2615  // Name, image, image, mark, sign, delete
2616  $this->procMemberDeleteImageName($member_srl);
2617  $this->procMemberDeleteImageMark($member_srl);
2618  $this->procMemberDeleteProfileImage($member_srl);
2619  $this->delSignature($member_srl);
2620 
2621  $this->_clearMemberCache($member_srl);
2622 
2623  return $output;
2624  }
2625 
2630  {
2631  if(!$_SESSION || !is_array($_SESSION)) return;
2632 
2633  $memberInfo = Context::get('logged_info');
2634  $memberSrl = $memberInfo->member_srl;
2635 
2636  foreach($_SESSION as $key => $val)
2637  {
2638  $_SESSION[$key] = '';
2639  }
2640 
2641  session_destroy();
2642  setcookie(session_name(), '', $_SERVER['REQUEST_TIME']-42000);
2643  setcookie('sso','',$_SERVER['REQUEST_TIME']-42000);
2644  setcookie('xeak','',$_SERVER['REQUEST_TIME']-42000);
2645  setcookie('xe_logged', 'false', $_SERVER['REQUEST_TIME'] - 42000);
2646 
2647  if($memberSrl || $_COOKIE['xeak'])
2648  {
2649  $args = new stdClass();
2650  $args->member_srl = $memberSrl;
2651  $args->autologin_key = $_COOKIE['xeak'];
2652  $output = executeQuery('member.deleteAutologin', $args);
2653  }
2654  }
2655 
2656  function _updatePointByGroup($memberSrl, $groupSrlList)
2657  {
2658  $oModuleModel = getModel('module');
2659  $pointModuleConfig = $oModuleModel->getModuleConfig('point');
2660  $pointGroup = $pointModuleConfig->point_group;
2661 
2662  $levelGroup = array();
2663  if(is_array($pointGroup) && count($pointGroup)>0)
2664  {
2665  $levelGroup = array_flip($pointGroup);
2666  ksort($levelGroup);
2667  }
2668  $maxLevel = 0;
2669  $resultGroup = array_intersect($levelGroup, $groupSrlList);
2670  if(count($resultGroup) > 0)
2671  $maxLevel = max(array_flip($resultGroup));
2672 
2673  if($maxLevel > 0)
2674  {
2675  $oPointModel = getModel('point');
2676  $originPoint = $oPointModel->getPoint($memberSrl);
2677 
2678  if($pointModuleConfig->level_step[$maxLevel] > $originPoint)
2679  {
2680  $oPointController = getController('point');
2681  $oPointController->setPoint($memberSrl, $pointModuleConfig->level_step[$maxLevel], 'update');
2682  }
2683  }
2684  }
2685 
2687  {
2688  if(!Context::get('is_logged')) return $this->stop('msg_not_logged');
2689 
2690  $member_info = Context::get('logged_info');
2691  $newEmail = Context::get('email_address');
2692 
2693  if(!$newEmail) return $this->stop('msg_invalid_request');
2694 
2695  $oMemberModel = getModel('member');
2696  $member_srl = $oMemberModel->getMemberSrlByEmailAddress($newEmail);
2697  if($member_srl) return new BaseObject(-1,'msg_exists_email_address');
2698 
2699  if($_SESSION['rechecked_password_step'] != 'INPUT_DATA')
2700  {
2701  return $this->stop('msg_invalid_request');
2702  }
2703  unset($_SESSION['rechecked_password_step']);
2704 
2705  $oPassword = new Password();
2706  $auth_args = new stdClass();
2707  $auth_args->user_id = $newEmail;
2708  $auth_args->member_srl = $member_info->member_srl;
2709  $auth_args->auth_key = $oPassword->createSecureSalt(40);
2710  $auth_args->new_password = 'XE_change_emaill_address';
2711 
2712  $oDB = &DB::getInstance();
2713  $oDB->begin();
2714  $output = executeQuery('member.insertAuthMail', $auth_args);
2715  if(!$output->toBool())
2716  {
2717  $oDB->rollback();
2718  return $output;
2719  }
2720 
2721  $oModuleModel = getModel('module');
2722  $member_config = $oModuleModel->getModuleConfig('member');
2723 
2724  $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
2725  if(!is_dir($tpl_path)) $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
2726 
2727  global $lang;
2728 
2729  $memberInfo = array();
2730  $memberInfo[$lang->email_address] = $member_info->email_address;
2731  $memberInfo[$lang->nick_name] = $member_info->nick_name;
2732 
2733  Context::set('memberInfo', $memberInfo);
2734 
2735  Context::set('newEmail', $newEmail);
2736 
2737  $auth_url = getFullUrl('','module','member','act','procMemberAuthEmailAddress','member_srl',$member_info->member_srl, 'auth_key',$auth_args->auth_key);
2738  Context::set('auth_url', $auth_url);
2739 
2740  $oTemplate = &TemplateHandler::getInstance();
2741  $content = $oTemplate->compile($tpl_path, 'confirm_member_new_email');
2742 
2743  $oMail = new Mail();
2744  $oMail->setTitle( Context::getLang('title_modify_email_address') );
2745  $oMail->setContent($content);
2746  $oMail->setSender( $member_config->webmaster_name?$member_config->webmaster_name:'webmaster', $member_config->webmaster_email);
2747  $oMail->setReceiptor( $member_info->nick_name, $newEmail );
2748  $result = $oMail->send();
2749 
2750  $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $newEmail);
2751  $this->setMessage($msg);
2752 
2753  $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
2754  $this->setRedirectUrl($returnUrl);
2755  }
2756 
2758  {
2759  $member_srl = Context::get('member_srl');
2760  $auth_key = Context::get('auth_key');
2761  if(!$member_srl || !$auth_key) return $this->stop('msg_invalid_request');
2762 
2763  // Test logs for finding password by user_id and authkey
2764  $args = new stdClass;
2765  $args->member_srl = $member_srl;
2766  $args->auth_key = $auth_key;
2767  $output = executeQuery('member.getAuthMail', $args);
2768  if(!$output->toBool() || $output->data->auth_key != $auth_key)
2769  {
2770  if(strlen($output->data->auth_key) !== strlen($auth_key)) executeQuery('member.deleteAuthChangeEmailAddress', $args);
2771  return $this->stop('msg_invalid_modify_email_auth_key');
2772  }
2773 
2774  $newEmail = $output->data->user_id;
2775  $args->email_address = $newEmail;
2776  list($args->email_id, $args->email_host) = explode('@', $newEmail);
2777 
2778  $output = executeQuery('member.updateMemberEmailAddress', $args);
2779  if(!$output->toBool()) return $this->stop($output->getMessage());
2780 
2781  // Remove all values having the member_srl and new_password equal to 'XE_change_emaill_address' from authentication table
2782  executeQuery('member.deleteAuthChangeEmailAddress',$args);
2783 
2784  $this->_clearMemberCache($args->member_srl);
2785 
2786  // Notify the result
2787  $this->setTemplatePath($this->module_path.'tpl');
2788  $this->setTemplateFile('msg_success_modify_email_address');
2789  }
2790 
2798  function triggerGetDocumentMenu(&$menu_list)
2799  {
2800  if(!Context::get('is_logged')) return new BaseObject();
2801 
2802  $logged_info = Context::get('logged_info');
2803  $document_srl = Context::get('target_srl');
2804 
2805  $oDocumentModel = getModel('document');
2806  $columnList = array('document_srl', 'module_srl', 'member_srl', 'ipaddress');
2807  $oDocument = $oDocumentModel->getDocument($document_srl, false, false, $columnList);
2808  $member_srl = $oDocument->get('member_srl');
2809  $module_srl = $oDocument->get('module_srl');
2810 
2811  if(!$member_srl) return new BaseObject();
2812  if($oDocumentModel->grant->manager != 1 || $member_srl==$logged_info->member_srl) return new BaseObject();
2813 
2814  $oDocumentController = getController('document');
2815  $url = getUrl('','module','member','act','dispMemberSpammer','member_srl',$member_srl,'module_srl',$module_srl);
2816  $oDocumentController->addDocumentPopupMenu($url,'cmd_spammer','','popup');
2817 
2818  return new BaseObject();
2819  }
2820 
2828  function triggerGetCommentMenu(&$menu_list)
2829  {
2830  if(!Context::get('is_logged')) return new BaseObject();
2831 
2832  $logged_info = Context::get('logged_info');
2833  $comment_srl = Context::get('target_srl');
2834 
2835  $oCommentModel = getModel('comment');
2836  $columnList = array('comment_srl', 'module_srl', 'member_srl', 'ipaddress');
2837  $oComment = $oCommentModel->getComment($comment_srl, FALSE, $columnList);
2838  $module_srl = $oComment->get('module_srl');
2839  $member_srl = $oComment->get('member_srl');
2840 
2841  if(!$member_srl) return new BaseObject();
2842  if($oCommentModel->grant->manager != 1 || $member_srl==$logged_info->member_srl) return new BaseObject();
2843 
2844  $oCommentController = getController('comment');
2845  $url = getUrl('','module','member','act','dispMemberSpammer','member_srl',$member_srl,'module_srl',$module_srl);
2846  $oCommentController->addCommentPopupMenu($url,'cmd_spammer','','popup');
2847 
2848  return new BaseObject();
2849  }
2850 
2857  {
2858  if(!Context::get('is_logged')) return new BaseObject(-1,'msg_not_permitted');
2859 
2860  $logged_info = Context::get('logged_info');
2861  $member_srl = Context::get('member_srl');
2862  $module_srl = Context::get('module_srl');
2863  $cnt_loop = Context::get('cnt_loop');
2864  $proc_type = Context::get('proc_type');
2865  $isMoveToTrash = true;
2866  if($proc_type == "delete")
2867  $isMoveToTrash = false;
2868 
2869  // check grant
2870  $oModuleModel = getModel('module');
2871  $columnList = array('module_srl', 'module');
2872  $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl, $columnList);
2873  $grant = $oModuleModel->getGrant($module_info, $logged_info);
2874 
2875  if(!$grant->manager) return new BaseObject(-1,'msg_not_permitted');
2876 
2877  $proc_msg = "";
2878 
2879  $oDocumentModel = getModel('document');
2880  $oCommentModel = getModel('comment');
2881 
2882  // delete or trash destination
2883  // proc member
2884  if($cnt_loop == 1)
2885  $this->_spammerMember($member_srl);
2886  // proc document and comment
2887  elseif($cnt_loop>1)
2888  $this->_spammerDocuments($member_srl, $isMoveToTrash);
2889 
2890  // get destination count
2891  $cnt_document = $oDocumentModel->getDocumentCountByMemberSrl($member_srl);
2892  $cnt_comment = $oCommentModel->getCommentCountByMemberSrl($member_srl);
2893 
2894  $total_count = Context::get('total_count');
2895  $remain_count = $cnt_document + $cnt_comment;
2896  if($cnt_loop == 1) $total_count = $remain_count;
2897 
2898  // get progress percent
2899  if($total_count > 0)
2900  $progress = intval( ( ( $total_count - $remain_count ) / $total_count ) * 100 );
2901  else
2902  $progress = 100;
2903 
2904  $this->add('total_count', $total_count);
2905  $this->add('remain_count', $remain_count);
2906  $this->add('progress', $progress);
2907  $this->add('member_srl', $member_srl);
2908  $this->add('module_srl', $module_srl);
2909  $this->add('cnt_loop', ++$cnt_loop);
2910  $this->add('proc_type', $proc_type);
2911 
2912  return new BaseObject(0);
2913  }
2914 
2922  private function _spammerMember($member_srl) {
2923  $logged_info = Context::get('logged_info');
2924  $spam_description = trim( Context::get('spam_description') );
2925 
2926  $oMemberModel = getModel('member');
2927  $columnList = array('member_srl', 'email_address', 'user_id', 'nick_name', 'description');
2928  // get member current infomation
2929  $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
2930 
2931  $oDocumentModel = getModel('document');
2932  $oCommentModel = getModel('comment');
2933  $cnt_comment = $oCommentModel->getCommentCountByMemberSrl($member_srl);
2934  $cnt_document = $oDocumentModel->getDocumentCountByMemberSrl($member_srl);
2935  $total_count = $cnt_comment + $cnt_document;
2936 
2937  $args = new stdClass();
2938  $args->member_srl = $member_info->member_srl;
2939  $args->email_address = $member_info->email_address;
2940  $args->user_id = $member_info->user_id;
2941  $args->nick_name = $member_info->nick_name;
2942  $args->denied = "Y";
2943  $args->description = trim( $member_info->description );
2944  if( $args->description != "" ) $args->description .= "\n"; // add new line
2945 
2946  $args->description .= Context::getLang('cmd_spammer') . "[" . date("Y-m-d H:i:s") . " from:" . $logged_info->user_id . " info:" . $spam_description . " docuemnts count:" . $total_count . "]";
2947 
2948  $output = $this->updateMember($args, true);
2949 
2950  $this->_clearMemberCache($args->member_srl);
2951 
2952  return $output;
2953  }
2954 
2963  private function _spammerDocuments($member_srl, $isMoveToTrash) {
2964  $oDocumentController = getController('document');
2965  $oDocumentModel = getModel('document');
2966  $oCommentController = getController('comment');
2967  $oCommentModel = getModel('comment');
2968 
2969  // delete count by one request
2970  $getContentsCount = 10;
2971 
2972  // 1. proc comment, 2. proc document
2973  $cnt_comment = $oCommentModel->getCommentCountByMemberSrl($member_srl);
2974  $cnt_document = $oDocumentModel->getDocumentCountByMemberSrl($member_srl);
2975  if($cnt_comment > 0)
2976  {
2977  $columnList = array();
2978  $commentList = $oCommentModel->getCommentListByMemberSrl($member_srl, $columnList, 0, false, $getContentsCount);
2979  if($commentList) {
2980  foreach($commentList as $v) {
2981  $oCommentController->deleteComment($v->comment_srl, true, $isMoveToTrash);
2982  }
2983  }
2984  } elseif($cnt_document > 0) {
2985  $columnList = array();
2986  $documentList = $oDocumentModel->getDocumentListByMemberSrl($member_srl, $columnList, 0, false, $getContentsCount);
2987  if($documentList) {
2988  foreach($documentList as $v) {
2989  if($isMoveToTrash) $oDocumentController->moveDocumentToTrash($v);
2990  else $oDocumentController->deleteDocument($v->document_srl);
2991  }
2992  }
2993  }
2994 
2995  return array();
2996  }
2997 
2998  function _clearMemberCache($member_srl, $site_srl = 0)
2999  {
3000  $oCacheHandler = CacheHandler::getInstance('object', NULL, TRUE);
3001  if($oCacheHandler->isSupport())
3002  {
3003  $object_key = 'member_groups:' . getNumberingPath($member_srl) . $member_srl . '_' . $site_srl;
3004  $cache_key = $oCacheHandler->getGroupKey('member', $object_key);
3005  $oCacheHandler->delete($cache_key);
3006 
3007  if($site_srl !== 0)
3008  {
3009  $object_key = 'member_groups:' . getNumberingPath($member_srl) . $member_srl . '_0';
3010  $cache_key = $oCacheHandler->getGroupKey('member', $object_key);
3011  $oCacheHandler->delete($cache_key);
3012  }
3013  }
3014 
3015  $oCacheHandler = CacheHandler::getInstance('object');
3016  if($oCacheHandler->isSupport())
3017  {
3018  $object_key = 'member_info:' . getNumberingPath($member_srl) . $member_srl;
3019  $cache_key = $oCacheHandler->getGroupKey('member', $object_key);
3020  $oCacheHandler->delete($cache_key);
3021  }
3022  }
3023 }
3024 /* End of file member.controller.php */
3025 /* Location: ./modules/member/member.controller.php */
procMemberLogin($user_id=null, $password=null, $keep_signed=null)
$oModuleModel
Definition: ko.install.php:236
setMessage($message= 'success', $type=NULL)
getController($module_name)
Definition: func.inc.php:90
getNumberingPath($no, $size=3)
Definition: func.inc.php:1081
zdate($str, $format= 'Y-m-d H:i:s', $conversion=TRUE)
Definition: func.inc.php:692
removeFile($filename)
$obj
Definition: ko.install.php:262
loadLang($path)
doLogin($user_id, $password= '', $keep_signed=false)
$output
Definition: ko.install.php:193
$module_info
Definition: ko.install.php:289
& getInstance($target= 'object', $info=null, $always_use_file=false)
foreach($sitemap as $id=> &$val) $extra_vars
Definition: ko.install.php:180
set($key, $val, $set_to_get_vars=0)
getNotEncodedUrl()
Definition: func.inc.php:316
insertMember(&$args, $password_is_hashed=false)
writeFile($filename, $buff, $mode="w")
updateFindAccountAnswer($member_srl, $answer)
delObjectVars($target_obj, $del_obj)
Definition: func.inc.php:999
_sendAuthMail($auth_args, $member_info)
addMemberToGroup($member_srl, $group_srl, $site_srl=0)
triggerGetDocumentMenu(&$menu_list)
moveFile($source, $target)
procMemberDeleteImageMark($_memberSrl=0)
delSignature($member_srl)
setError($error=0)
$args
Definition: ko.install.php:185
$module_info
an object containing the module information
ztime($str)
Definition: func.inc.php:605
setRedirectUrl($url= './', $output=NULL)
$document_srl
Definition: ko.install.php:279
deleteMember($member_srl)
insertImageMark($member_srl, $target_file)
updateMember($args, $is_admin=FALSE)
getAdminModel($module_name)
Definition: func.inc.php:156
putSignature($member_srl, $signature)
$oDocumentModel
Definition: ko.install.php:259
getInstance($db_type=NULL)
Definition: DB.class.php:142
_updatePointByGroup($memberSrl, $groupSrlList)
makeDir($path_string)
getLang($code)
const _XE_PATH_
Definition: config.inc.php:49
removeHackTag($content)
Definition: func.inc.php:1123
_clearMemberCache($member_srl, $site_srl=0)
createImageFile($source_file, $target_file, $resize_width=0, $resize_height=0, $target_type= '', $thumbnail_type= 'crop', $thumbnail_transparent=FALSE)
$oDocumentController
Definition: ko.install.php:260
getNextSequence()
Definition: func.inc.php:236
getRequestUri($ssl_mode=FOLLOW_REQUEST_SSL, $domain=null)
procMemberDeleteProfileImage($_memberSrl=0)
getModel($module_name)
Definition: func.inc.php:145
triggerGetCommentMenu(&$menu_list)
executeQueryArray($query_id, $args=NULL, $arg_columns=NULL)
Definition: func.inc.php:219
zgap()
Definition: func.inc.php:564
$module_srl
Definition: ko.install.php:254
executeQuery($query_id, $args=NULL, $arg_columns=NULL)
Definition: func.inc.php:203
addMemberPopupMenu($url, $str, $icon= '', $target= 'self')
static clearStatCache($target, $include=false)
$oModuleController
Definition: ko.install.php:287
getUrl()
Definition: func.inc.php:297
getFullUrl()
Definition: func.inc.php:361
insertProfileImage($member_srl, $target_file)
procMemberDeleteImageName($_memberSrl=0)
triggerCall($trigger_name, $called_position, &$obj)
insertImageName($member_srl, $target_file)
if(isset($_REQUEST['encode'])) if(isset($_REQUEST['decode'])) $lang
Definition: example.php:23