source: branches/version-2_4/data/class/pages/admin/LC_Page_Admin_Login.php @ 17771

Revision 17771, 4.6 KB checked in by zeniya, 15 years ago (diff)

パスワード文字数の定数化

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Id Revision Date
  • Property svn:mime-type set to text/x-httpd-php; charset=UTF-8
Line 
1<?php
2/*
3 * This file is part of EC-CUBE
4 *
5 * Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved.
6 *
7 * http://www.lockon.co.jp/
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
22 */
23
24// {{{ requires
25require_once(CLASS_PATH . "pages/LC_Page.php");
26
27/**
28 * 管理者ログイン のページクラス.
29 *
30 * @package Page
31 * @author LOCKON CO.,LTD.
32 * @version $Id$
33 */
34class LC_Page_Admin_Login extends LC_Page {
35
36    // {{{ properties
37
38    /** SC_Session インスタンス */
39    var $objSess;
40
41    // }}}
42    // {{{ functions
43
44    /**
45     * Page を初期化する.
46     *
47     * @return void
48     */
49    function init() {
50        parent::init();
51    }
52
53    /**
54     * Page のプロセス.
55     *
56     * @return void
57     */
58    function process() {
59        $conn = new SC_DBConn();
60        $this->objSess = new SC_Session();
61        $ret = false;
62
63        if (!isset($_POST['login_id'])) $_POST['login_id'] = "";
64        if (!isset($_POST['password'])) $_POST['password'] = "";
65
66
67        // 入力判定
68        if(strlen($_POST{'login_id'}) > 0 && strlen($_POST{'password'}) >= PASSWORD_LEN1 && strlen($_POST{'password'}) <= PASSWORD_LEN2) {
69            // 認証パスワードの判定
70            $ret = $this->fnCheckPassword($conn);
71        }
72
73        if($ret) {
74            // 成功
75            $this->sendRedirect($this->getLocation(URL_HOME));
76            exit;
77        } else {
78            // エラーページの表示
79            SC_Utils_Ex::sfDispError(LOGIN_ERROR);
80            exit;
81        }
82    }
83
84    /**
85     * デストラクタ.
86     *
87     * @return void
88     */
89    function destroy() {
90        parent::destroy();
91    }
92
93    /* 認証パスワードの判定 */
94    function fnCheckPassword($conn) {
95        $sql = "SELECT member_id, password, authority, login_date, name FROM dtb_member WHERE login_id = ? AND del_flg <> 1 AND work = 1";
96        $arrcol = array ($_POST['login_id']);
97        // DBから暗号化パスワードを取得する。
98        $data_list = $conn->getAll($sql ,$arrcol);
99        // パスワードの取得
100        $password = $data_list[0]['password'];
101        // ユーザ入力パスワードの判定
102        $ret = sha1($_POST['password'] . ":" . AUTH_MAGIC);
103
104        if ($ret == $password) {
105               // セッション登録
106            $this->fnSetLoginSession($data_list[0]['member_id'], $data_list[0]['authority'], $data_list[0]['login_date'], $data_list[0]['name']);
107            // ログイン日時の登録
108            $this->fnSetLoginDate();
109            return true;
110        }
111
112        // パスワード
113        GC_Utils_Ex::gfPrintLog($_POST['login_id'] . " password incorrect.");
114        return false;
115    }
116
117    /* 認証セッションの登録 */
118    function fnSetLoginSession($member_id,$authority,$login_date, $login_name = '') {
119
120        // 認証済みの設定
121        $this->objSess->SetSession('cert', CERT_STRING);
122        $this->objSess->SetSession('login_id', $_POST{'login_id'});
123        $this->objSess->SetSession('authority', $authority);
124        $this->objSess->SetSession('member_id', $member_id);
125        $this->objSess->SetSession('login_name', $login_name);
126        $this->objSess->SetSession('uniqid', $this->objSess->getUniqId());
127
128        if(strlen($login_date) > 0) {
129            $this->objSess->SetSession('last_login', $login_date);
130        } else {
131            $this->objSess->SetSession('last_login', date("Y-m-d H:i:s"));
132        }
133        $sid = $this->objSess->GetSID();
134        // ログに記録する
135        GC_Utils_Ex::gfPrintLog("login : user=".$_SESSION{'login_id'}." auth=".$_SESSION{'authority'}." lastlogin=". $_SESSION{'last_login'} ." sid=".$sid);
136    }
137
138    /* ログイン日時の更新 */
139    function fnSetLoginDate() {
140        $oquery = new SC_Query();
141        $sqlval['login_date'] = date("Y-m-d H:i:s");
142        $member_id = $this->objSess->GetSession('member_id');
143        $where = "member_id = " . $member_id;
144        $ret = $oquery->update("dtb_member", $sqlval, $where);
145    }
146}
147?>
Note: See TracBrowser for help on using the repository browser.