source: branches/rel/data/downloads/module/security/security.php @ 13402

Revision 13402, 4.8 KB checked in by kakinaka, 17 years ago (diff)
Line 
1<?php
2/**
3 *
4 * @copyright   2000-2006 LOCKON CO.,LTD. All Rights Reserved.
5 * @version CVS: $Id: ebis_tag.php,v 1.0 2006/10/26 04:02:40 naka Exp $
6 * @link        http://www.lockon.co.jp/
7 *
8 */
9 
10//¥Ú¡¼¥¸´ÉÍý¥¯¥é¥¹
11class LC_Page {
12    //¥³¥ó¥¹¥È¥é¥¯¥¿
13    function LC_Page() {
14        //¥á¥¤¥ó¥Æ¥ó¥×¥ì¡¼¥È¤Î»ØÄê
15        $this->tpl_mainpage = MODULE_PATH . 'security/security.tpl';
16        $this->tpl_subtitle = '¥»¥­¥å¥ê¥Æ¥£¥Á¥§¥Ã¥¯';
17    }
18}
19
20$objPage = new LC_Page();
21$objView = new SC_AdminView();
22
23switch($_POST['mode']) {
24case 'edit':
25    $inst_inc = DATA_PATH . 'install.php';
26    // install.php¤Î±£ÊÃ
27    $hidden_inc = MODULE_PATH . 'security/install_inc.php';
28    if(sfIsNormalInstallInc()) {
29        if(copy($inst_inc, $hidden_inc)) {
30            if(file_exists($hidden_inc)) {
31                $require = "<?php\n".
32                           "    require_once('$hidden_inc');\n".
33                           "?>";
34                if($fp = fopen($inst_inc,"w")) {
35                    fwrite($fp, $require);
36                    fclose($fp);
37                }
38            }
39        }
40    }
41    break;
42default:
43    break;
44}
45
46$arrList[] = sfCheckOpenData();
47$arrList[] = sfCheckInstall();
48$arrList[] = sfCheckIDPass('admin', 'password');
49$arrList[] = sfCheckInstallInc();
50
51$objPage->arrList = $arrList;
52
53$objView->assignobj($objPage);                  //ÊÑ¿ô¤ò¥Æ¥ó¥×¥ì¡¼¥È¤Ë¥¢¥µ¥¤¥ó¤¹¤ë
54$objView->display($objPage->tpl_mainpage);      //¥Æ¥ó¥×¥ì¡¼¥È¤Î½ÐÎÏ
55//-------------------------------------------------------------------------------------------------------
56// ÀßÄê¥Õ¥¡¥¤¥ë(data)¤Î¥Ñ¥¹¤¬¸ø³«¥Ñ¥¹¤Ç¤Ê¤¤¤«³Îǧ¤¹¤ë
57function sfCheckOpenData() {
58    // ¥É¥­¥å¥á¥ó¥È¥ë¡¼¥È¤Î¥Ñ¥¹¤ò¿ä¬¤¹¤ë¡£
59    $doc_root = ereg_replace(URL_DIR . "$","/",HTML_PATH);
60    $data_path = realpath(DATA_PATH);
61   
62    // data¤Î¥Ñ¥¹¤¬¥É¥­¥å¥á¥ó¥È¥ë¡¼¥È°Ê²¼¤Ë¤¢¤ë¤«È½Äê
63    if(ereg("^".$doc_root, $data_path)) {
64        $arrResult['result'] = "¡ß";
65        $arrResult['detail'] = "ÀßÄê¥Õ¥¡¥¤¥ë¤¬¡¢¸ø³«¤µ¤ì¤Æ¤¤¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£<br>";
66        $arrResult['detail'].= "/data/¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢Èó¸ø³«¤Î¥Ñ¥¹¤ËÀßÃÖ¤·¤Æ²¼¤µ¤¤¡£";
67    } else {
68        $arrResult['result'] = "¡û";
69        $arrResult['detail'] = "ÀßÄê¥Õ¥¡¥¤¥ë¤Ï¡¢¸ø³«¥Ñ¥¹ÇÛ²¼¤Ë¸ºß¤·¤Þ¤»¤ó¡£";       
70    }
71   
72    $arrResult['title'] = "ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊݸ¥Ñ¥¹";
73    return $arrResult;
74}
75
76// ¥¤¥ó¥¹¥È¡¼¥ë¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤¹¤ë¤«³Îǧ¤¹¤ë
77function sfCheckInstall() {
78    // ¥¤¥ó¥¹¥È¡¼¥ë¥Õ¥¡¥¤¥ë¤Î¸ºß¥Á¥§¥Ã¥¯
79    $inst_path = HTML_PATH . "install/index.php";
80   
81    if(file_exists($inst_path)) {
82        $arrResult['result'] = "¡ß";
83        $arrResult['detail'] = "/install/index.php¤Ï¡¢¥¤¥ó¥¹¥È¡¼¥ë´°Î»¸å¤Ë¥Õ¥¡¥¤¥ë¤òºï½ü¤·¤Æ¤¯¤À¤µ¤¤¡£";           
84    } else {
85        $arrResult['result'] = "¡û";
86        $arrResult['detail'] = "/install/index.php¤Ï¡¢¸«¤Ä¤«¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£";   
87    }
88   
89    $arrResult['title'] = "¥¤¥ó¥¹¥È¡¼¥ë¥Õ¥¡¥¤¥ë¤Î¥Á¥§¥Ã¥¯";
90    return $arrResult;
91}
92
93// ´ÉÍý¼Ô¥æ¡¼¥¶¤ÎID/¥Ñ¥¹¥ï¡¼¥É¥Á¥§¥Ã¥¯
94function sfCheckIDPass($user, $password) {
95    $objQuery = new SC_Query();
96    $sql = "SELECT password FROM dtb_member WHERE login_id = ? AND del_flg = 0";
97    // DB¤«¤é°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¤ò¼èÆÀ¤¹¤ë¡£
98    $arrRet = $objQuery->getAll($sql, array($user));
99    // ¥æ¡¼¥¶ÆþÎϥѥ¹¥ï¡¼¥É¤ÎȽÄê
100    $ret = sha1($password . ":" . AUTH_MAGIC);
101   
102    if($ret == $arrRet[0]['password']) {
103        $arrResult['result'] = "¡ß";
104        $arrResult['detail'] = "Èó¾ï¤Ë¿ä¬¤Î¤·¤ä¤¹¤¤´ÉÍý¼ÔID¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¸Ä¿Í¾ðÊóϳ±Ì¤Î´í¸±À­¤¬¤¢¤ê¤Þ¤¹¡£";       
105    } else {
106        if(count($arrRet) > 0) {
107            $arrResult['result'] = "¢¤";
108            $arrResult['detail'] = "´ÉÍý¼Ô̾¤Ë¡Öadmin¡×¤òÍøÍѤ·¤Ê¤¤¤è¤¦¤Ë¤·¤Æ²¼¤µ¤¤¡£";               
109        } else {
110            $arrResult['result'] = "¡û";
111            $arrResult['detail'] = "Æȼ«¤ÎID¡¢¥Ñ¥¹¥ï¡¼¥É¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£";               
112        }
113    }
114   
115    $arrResult['title'] = "ID/¥Ñ¥¹¥ï¡¼¥É¤Î¥Á¥§¥Ã¥¯";
116    return $arrResult;
117}
118
119
120// install.php¤Î¥Õ¥¡¥¤¥ë¤ò¥Á¥§¥Ã¥¯¤¹¤ë
121function sfCheckInstallInc() {
122    // install.php¤¬±£Êøå¤Î¤â¤Î¤«È½Äꤹ¤ë
123    if(sfIsNormalInstallInc()) {
124        $arrResult['result'] = "¡ß";
125        $arrResult['detail'] = "install.php¤ò´Êñ¤Ëɽ¼¨¤Ç¤­¤Ê¤¯¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ÆâÍƤò±£Êä·¤Þ¤¹¤«¡©";
126        $arrResult['detail'].= "<input type='submit' value='±£Ê乤ë'>";       
127    } else {
128        $arrResult['result'] = "¡û";
129        $arrResult['detail'] = "install.php¤Î±£ÊÃÂкö¤¬¤È¤é¤ì¤Æ¤¤¤Þ¤¹¡£";                       
130    }
131    $arrResult['title'] = "install.php¤Î²ÄÆÉÀ­¥Á¥§¥Ã¥¯";
132    return $arrResult;
133}
134
135// install.php¤¬±£Êøå¤Î¤â¤Î¤«È½Äꤹ¤ë
136function sfIsNormalInstallInc() {
137    // install.php¤Î¥Ñ¥¹¤ò¼èÆÀ¤¹¤ë
138    $inst_inc = DATA_PATH . 'install.php';
139    if(file_exists($inst_inc)) {
140        if($fp = fopen($inst_inc, "r")) {
141            $data = fread($fp, filesize($inst_inc));
142            fclose($fp);
143        }
144        if(ereg("DB_PASSWORD", $data)) {
145            return true;
146        }
147    }
148    return false;
149}
150
151?>
Note: See TracBrowser for help on using the repository browser.