source: branches/feature-module-update/html/frontparts/login_check.php @ 15079

Revision 15079, 2.9 KB checked in by nanasess, 14 years ago (diff)

svn:mime-type application/x-httpd-php; charset=UTF-8 設定

  • Property svn:mime-type set to application/x-httpd-php; charset=UTF-8
Line 
1<?php
2/*
3 * Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved.
4 *
5 * http://www.lockon.co.jp/
6 */
7require_once("../require.php");
8
9// ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨
10if (isset($_POST['url']) && lfIsValidURL() !== true) {
11    gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']);
12    sfDispSiteError(PAGE_ERROR);
13}
14
15$objCustomer = new SC_Customer();
16// ¥¯¥Ã¥­¡¼´ÉÍý¥¯¥é¥¹
17$objCookie = new SC_Cookie(COOKIE_EXPIRE);
18// ¥Ñ¥é¥á¡¼¥¿´ÉÍý¥¯¥é¥¹
19$objFormParam = new SC_FormParam();
20// ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½
21lfInitParam();
22// POSTÃͤμèÆÀ
23$objFormParam->setParam($_POST);
24
25switch($_POST['mode']) {
26case 'login':
27    $objFormParam->toLower('login_email');
28    $arrErr = $objFormParam->checkError();
29    $arrForm =  $objFormParam->getHashArray();
30    // ¥¯¥Ã¥­¡¼ÊݸȽÄê
31    if ($arrForm['login_memory'] == "1" && $arrForm['login_email'] != "") {
32        $objCookie->setCookie('login_email', $_POST['login_email']);
33    } else {
34        $objCookie->setCookie('login_email', '');
35    }
36   
37    if(count($arrErr) == 0) {
38        if($objCustomer->getCustomerDataFromEmailPass($arrForm['login_pass'], $arrForm['login_email'])) {
39            header("Location: " . $_POST['url']);
40            exit;
41        } else {
42            $objQuery = new SC_Query;
43            $where = "email ILIKE ? AND status = 1 AND del_flg = 0";
44            $ret = $objQuery->count("dtb_customer", $where, array($arrForm['login_email']));
45           
46            if($ret > 0) {
47                sfDispSiteError(TEMP_LOGIN_ERROR);
48            } else {
49                sfDispSiteError(SITE_LOGIN_ERROR);
50            }
51        }
52    } else {
53        // ÆþÎÏ¥¨¥é¡¼¤Î¾ì¹ç¡¢¸µ¤Î¥¢¥É¥ì¥¹¤ËÌ᤹¡£
54        header("Location: " . $_POST['url']);
55        exit;
56    }
57    break;
58case 'logout':
59    // ¥í¥°¥¤¥ó¾ðÊó¤Î²òÊü
60    $objCustomer->EndSession();
61    $mypage_url_search = strpos('.'.$_POST['url'], "mypage");
62    //¥Þ¥¤¥Ú¡¼¥¸¥í¥°¥¤¥óÃæ¤Ï¥í¥°¥¤¥ó²èÌ̤ذܹÔ
63    if ($mypage_url_search == 2){
64        header("Location: /mypage/login.php");
65    }else{
66        header("Location: " . $_POST['url']);   
67    }
68    exit;
69    break;
70}
71
72//-----------------------------------------------------------------------------------------------------------------------------------
73/* ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½ */
74function lfInitParam() {
75    global $objFormParam;
76    $objFormParam->addParam("µ­²±¤¹¤ë", "login_memory", INT_LEN, "n", array("MAX_LENGTH_CHECK", "NUM_CHECK"));
77    $objFormParam->addParam("¥á¡¼¥ë¥¢¥É¥ì¥¹", "login_email", STEXT_LEN, "a", array("EXIST_CHECK", "MAX_LENGTH_CHECK"));
78    $objFormParam->addParam("¥Ñ¥¹¥ï¡¼¥É", "login_pass", STEXT_LEN, "", array("EXIST_CHECK", "MAX_LENGTH_CHECK"));
79}
80
81/* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/
82function lfIsValidURL() {
83    $site_url  = sfIsHTTPS() ? SSL_URL : SITE_URL;
84    $check_url = trim($_POST['url']);
85
86    // ¥í¡¼¥«¥ë¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯
87    if (!preg_match("|^$site_url|", $check_url) && !preg_match("|^/|", $check_url)) {
88        return false;
89    }
90   
91    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯
92    $pattern = '/\r|\n|\0|%0D|%0A|%00/';
93    if (preg_match_all($pattern, $check_url, $matches) > 0) {
94        return false;
95    }
96   
97    return true;
98}
99
100?>
Note: See TracBrowser for help on using the repository browser.