[12157] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | * Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved. |
---|
| 4 | * |
---|
| 5 | * http://www.lockon.co.jp/ |
---|
| 6 | */ |
---|
| 7 | require_once("../require.php"); |
---|
| 8 | |
---|
[15036] | 9 | // ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨ |
---|
| 10 | if (isset($_POST['url']) && lfIsValidURL() !== true) { |
---|
[15039] | 11 | gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']); |
---|
[15036] | 12 | sfDispSiteError(PAGE_ERROR); |
---|
| 13 | } |
---|
| 14 | |
---|
[12157] | 15 | $objCustomer = new SC_Customer(); |
---|
| 16 | // ¥¯¥Ã¥¡¼´ÉÍý¥¯¥é¥¹ |
---|
| 17 | $objCookie = new SC_Cookie(COOKIE_EXPIRE); |
---|
| 18 | // ¥Ñ¥é¥á¡¼¥¿´ÉÍý¥¯¥é¥¹ |
---|
| 19 | $objFormParam = new SC_FormParam(); |
---|
| 20 | // ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½ |
---|
| 21 | lfInitParam(); |
---|
| 22 | // POSTÃͤμèÆÀ |
---|
| 23 | $objFormParam->setParam($_POST); |
---|
| 24 | |
---|
| 25 | switch($_POST['mode']) { |
---|
| 26 | case 'login': |
---|
| 27 | $objFormParam->toLower('login_email'); |
---|
| 28 | $arrErr = $objFormParam->checkError(); |
---|
| 29 | $arrForm = $objFormParam->getHashArray(); |
---|
| 30 | // ¥¯¥Ã¥¡¼ÊݸȽÄê |
---|
| 31 | if ($arrForm['login_memory'] == "1" && $arrForm['login_email'] != "") { |
---|
| 32 | $objCookie->setCookie('login_email', $_POST['login_email']); |
---|
| 33 | } else { |
---|
| 34 | $objCookie->setCookie('login_email', ''); |
---|
| 35 | } |
---|
| 36 | |
---|
| 37 | if(count($arrErr) == 0) { |
---|
| 38 | if($objCustomer->getCustomerDataFromEmailPass($arrForm['login_pass'], $arrForm['login_email'])) { |
---|
| 39 | header("Location: " . $_POST['url']); |
---|
| 40 | exit; |
---|
| 41 | } else { |
---|
| 42 | $objQuery = new SC_Query; |
---|
| 43 | $where = "email ILIKE ? AND status = 1 AND del_flg = 0"; |
---|
| 44 | $ret = $objQuery->count("dtb_customer", $where, array($arrForm['login_email'])); |
---|
| 45 | |
---|
| 46 | if($ret > 0) { |
---|
| 47 | sfDispSiteError(TEMP_LOGIN_ERROR); |
---|
| 48 | } else { |
---|
| 49 | sfDispSiteError(SITE_LOGIN_ERROR); |
---|
| 50 | } |
---|
| 51 | } |
---|
| 52 | } else { |
---|
| 53 | // ÆþÎÏ¥¨¥é¡¼¤Î¾ì¹ç¡¢¸µ¤Î¥¢¥É¥ì¥¹¤ËÌ᤹¡£ |
---|
| 54 | header("Location: " . $_POST['url']); |
---|
| 55 | exit; |
---|
| 56 | } |
---|
| 57 | break; |
---|
| 58 | case 'logout': |
---|
| 59 | // ¥í¥°¥¤¥ó¾ðÊó¤Î²òÊü |
---|
| 60 | $objCustomer->EndSession(); |
---|
| 61 | $mypage_url_search = strpos('.'.$_POST['url'], "mypage"); |
---|
| 62 | //¥Þ¥¤¥Ú¡¼¥¸¥í¥°¥¤¥óÃæ¤Ï¥í¥°¥¤¥ó²èÌÌ¤Ø°Ü¹Ô |
---|
| 63 | if ($mypage_url_search == 2){ |
---|
| 64 | header("Location: /mypage/login.php"); |
---|
| 65 | }else{ |
---|
| 66 | header("Location: " . $_POST['url']); |
---|
| 67 | } |
---|
| 68 | exit; |
---|
| 69 | break; |
---|
| 70 | } |
---|
| 71 | |
---|
| 72 | //----------------------------------------------------------------------------------------------------------------------------------- |
---|
| 73 | /* ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½ */ |
---|
| 74 | function lfInitParam() { |
---|
| 75 | global $objFormParam; |
---|
| 76 | $objFormParam->addParam("µ²±¤¹¤ë", "login_memory", INT_LEN, "n", array("MAX_LENGTH_CHECK", "NUM_CHECK")); |
---|
| 77 | $objFormParam->addParam("¥á¡¼¥ë¥¢¥É¥ì¥¹", "login_email", STEXT_LEN, "a", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); |
---|
| 78 | $objFormParam->addParam("¥Ñ¥¹¥ï¡¼¥É", "login_pass", STEXT_LEN, "", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); |
---|
| 79 | } |
---|
[15036] | 80 | |
---|
| 81 | /* POST¤µ¤ì¤ëURL¤¬¼«¥É¥á¥¤¥ó¤Î¤â¤Î¤«¥Á¥§¥Ã¥¯*/ |
---|
| 82 | function lfIsValidURL() { |
---|
[15038] | 83 | $site_url = sfIsHTTPS() ? SSL_URL : SITE_URL; |
---|
[15036] | 84 | $check_url = trim($_POST['url']); |
---|
| 85 | |
---|
| 86 | // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯ |
---|
| 87 | $pattern = "|^$site_url|"; |
---|
| 88 | if (!preg_match($pattern, $check_url)) { |
---|
| 89 | return false; |
---|
| 90 | } |
---|
| 91 | |
---|
| 92 | // CRLF¥Á¥§¥Ã¥¯ |
---|
| 93 | $pattern = '/\r|\n|%0D|%0A/'; |
---|
| 94 | if (preg_match_all($pattern, $check_url, $matches)) { |
---|
| 95 | return false; |
---|
| 96 | } |
---|
| 97 | |
---|
| 98 | return true; |
---|
| 99 | } |
---|
| 100 | |
---|
[12157] | 101 | ?> |
---|