1 | <?php |
---|
2 | /* |
---|
3 | * Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved. |
---|
4 | * |
---|
5 | * http://www.lockon.co.jp/ |
---|
6 | */ |
---|
7 | require_once("../require.php"); |
---|
8 | |
---|
9 | // ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨ |
---|
10 | if (isset($_POST['url']) && lfIsValidURL() !== true) { |
---|
11 | gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']); |
---|
12 | sfDispSiteError(PAGE_ERROR); |
---|
13 | } |
---|
14 | |
---|
15 | $objCustomer = new SC_Customer(); |
---|
16 | // ¥¯¥Ã¥¡¼´ÉÍý¥¯¥é¥¹ |
---|
17 | $objCookie = new SC_Cookie(COOKIE_EXPIRE); |
---|
18 | // ¥Ñ¥é¥á¡¼¥¿´ÉÍý¥¯¥é¥¹ |
---|
19 | $objFormParam = new SC_FormParam(); |
---|
20 | // ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½ |
---|
21 | lfInitParam(); |
---|
22 | // POSTÃͤμèÆÀ |
---|
23 | $objFormParam->setParam($_POST); |
---|
24 | |
---|
25 | switch($_POST['mode']) { |
---|
26 | case 'login': |
---|
27 | $objFormParam->toLower('login_email'); |
---|
28 | $arrErr = $objFormParam->checkError(); |
---|
29 | $arrForm = $objFormParam->getHashArray(); |
---|
30 | // ¥¯¥Ã¥¡¼ÊݸȽÄê |
---|
31 | if ($arrForm['login_memory'] == "1" && $arrForm['login_email'] != "") { |
---|
32 | $objCookie->setCookie('login_email', $_POST['login_email']); |
---|
33 | } else { |
---|
34 | $objCookie->setCookie('login_email', ''); |
---|
35 | } |
---|
36 | |
---|
37 | if(count($arrErr) == 0) { |
---|
38 | if($objCustomer->getCustomerDataFromEmailPass($arrForm['login_pass'], $arrForm['login_email'])) { |
---|
39 | header("Location: " . $_POST['url']); |
---|
40 | exit; |
---|
41 | } else { |
---|
42 | $objQuery = new SC_Query; |
---|
43 | $where = "email ILIKE ? AND status = 1 AND del_flg = 0"; |
---|
44 | $ret = $objQuery->count("dtb_customer", $where, array($arrForm['login_email'])); |
---|
45 | |
---|
46 | if($ret > 0) { |
---|
47 | sfDispSiteError(TEMP_LOGIN_ERROR); |
---|
48 | } else { |
---|
49 | sfDispSiteError(SITE_LOGIN_ERROR); |
---|
50 | } |
---|
51 | } |
---|
52 | } else { |
---|
53 | // ÆþÎÏ¥¨¥é¡¼¤Î¾ì¹ç¡¢¸µ¤Î¥¢¥É¥ì¥¹¤ËÌ᤹¡£ |
---|
54 | header("Location: " . $_POST['url']); |
---|
55 | exit; |
---|
56 | } |
---|
57 | break; |
---|
58 | case 'logout': |
---|
59 | // ¥í¥°¥¤¥ó¾ðÊó¤Î²òÊü |
---|
60 | $objCustomer->EndSession(); |
---|
61 | $mypage_url_search = strpos('.'.$_POST['url'], "mypage"); |
---|
62 | //¥Þ¥¤¥Ú¡¼¥¸¥í¥°¥¤¥óÃæ¤Ï¥í¥°¥¤¥ó²èÌÌ¤Ø°Ü¹Ô |
---|
63 | if ($mypage_url_search == 2){ |
---|
64 | header("Location: /mypage/login.php"); |
---|
65 | }else{ |
---|
66 | header("Location: " . $_POST['url']); |
---|
67 | } |
---|
68 | exit; |
---|
69 | break; |
---|
70 | } |
---|
71 | |
---|
72 | //----------------------------------------------------------------------------------------------------------------------------------- |
---|
73 | /* ¥Ñ¥é¥á¡¼¥¿¾ðÊó¤Î½é´ü²½ */ |
---|
74 | function lfInitParam() { |
---|
75 | global $objFormParam; |
---|
76 | $objFormParam->addParam("µ²±¤¹¤ë", "login_memory", INT_LEN, "n", array("MAX_LENGTH_CHECK", "NUM_CHECK")); |
---|
77 | $objFormParam->addParam("¥á¡¼¥ë¥¢¥É¥ì¥¹", "login_email", STEXT_LEN, "a", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); |
---|
78 | $objFormParam->addParam("¥Ñ¥¹¥ï¡¼¥É", "login_pass", STEXT_LEN, "", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); |
---|
79 | } |
---|
80 | |
---|
81 | /* POST¤µ¤ì¤ëURL¤¬¼«¥É¥á¥¤¥ó¤Î¤â¤Î¤«¥Á¥§¥Ã¥¯*/ |
---|
82 | function lfIsValidURL() { |
---|
83 | $site_url = sfIsHTTPS() ? SSL_URL : SITE_URL; |
---|
84 | $check_url = trim($_POST['url']); |
---|
85 | |
---|
86 | // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯ |
---|
87 | $pattern = "|^$site_url|"; |
---|
88 | if (!preg_match($pattern, $check_url)) { |
---|
89 | return false; |
---|
90 | } |
---|
91 | |
---|
92 | // CRLF¥Á¥§¥Ã¥¯ |
---|
93 | $pattern = '/\r|\n|%0D|%0A/'; |
---|
94 | if (preg_match_all($pattern, $check_url, $matches)) { |
---|
95 | return false; |
---|
96 | } |
---|
97 | |
---|
98 | return true; |
---|
99 | } |
---|
100 | |
---|
101 | ?> |
---|