Index: /branches/version-2_5-dev/data/class/SC_Customer.php
===================================================================
--- /branches/version-2_5-dev/data/class/SC_Customer.php	(revision 19860)
+++ /branches/version-2_5-dev/data/class/SC_Customer.php	(revision 19986)
@@ -51,5 +51,5 @@
 
         // パスワードが合っていれば顧客情報をcustomer_dataにセットしてtrueを返す
-        if ( sha1($pass . ":" . AUTH_MAGIC) == $data['password'] ){
+        if ( SC_Utils_Ex::sfIsMatchHashPassword($pass, $data['password'], $data['salt']) ) {
             $this->customer_data = $data;
             $this->startSession();
@@ -150,5 +150,5 @@
 
         // パスワードが合っている場合は、顧客情報をcustomer_dataに格納してtrueを返す。
-        if (sha1($pass . ':' . AUTH_MAGIC) == @$data['password']) {
+        if ( SC_Utils_Ex::sfIsMatchHashPassword($pass, $data['password'], $data['salt']) ) {
             $this->customer_data = $data;
             $this->startSession();
Index: /branches/version-2_5-dev/data/class/helper/SC_Helper_Customer.php
===================================================================
--- /branches/version-2_5-dev/data/class/helper/SC_Helper_Customer.php	(revision 19892)
+++ /branches/version-2_5-dev/data/class/helper/SC_Helper_Customer.php	(revision 19986)
@@ -46,5 +46,5 @@
 
         foreach ($arrRegistColumn as $data) {
-            if ($data["column"] != "password") {
+            if ($data["column"] != "password" && $data["column"] != "reminder_answer" ) {
                 if($array[ $data['column'] ] != "") {
                     $arrRegist[ $data["column"] ] = $array[ $data["column"] ];
@@ -61,5 +61,17 @@
 
         //-- パスワードの更新がある場合は暗号化。（更新がない場合はUPDATE文を構成しない）
-        if ($array["password"] != DEFAULT_PASSWORD) $arrRegist["password"] = sha1($array["password"] . ":" . AUTH_MAGIC);
+        $salt = "";
+        if ($array["password"] != DEFAULT_PASSWORD) {
+            $salt = SC_Utils_Ex::sfGetRandomString(10);
+            $arrRegist["salt"] = $salt;
+            $arrRegist["password"] = SC_Utils_Ex::sfGetHashString($array["password"], $salt);
+        }
+        if ($array["reminder_answer"] != DEFAULT_PASSWORD) {
+            if($salt == "") {
+                $salt = $objQuery->get("salt", "dtb_customer", "customer_id = ? ", array($array['customer_id']));
+            }
+            $arrRegist["reminder_answer"] = SC_Utils_Ex::sfGetHashString($array["reminder_answer"], $salt);
+        }
+        
         $arrRegist["update_date"] = "NOW()";
         
@@ -82,8 +94,17 @@
         
         //-- パスワードの更新がある場合は暗号化
-        if ($array["password"] != DEFAULT_PASSWORD){
-            $array["password"] = sha1($array["password"] . ":" . AUTH_MAGIC);
+        $salt = "";
+        if ($array["password"] != DEFAULT_PASSWORD) {
+            $salt = SC_Utils_Ex::sfGetRandomString(10);
+            $array["salt"] = $salt;
+            $array["password"] = SC_Utils_Ex::sfGetHashString($array["password"], $salt);
         } else {
             unset($array["password"]);
+        }
+        if ($array["reminder_answer"] != DEFAULT_PASSWORD) {
+            if(is_numeric($customer_id) and $salt == "") {
+                $salt = $objQuery->get("salt", "dtb_customer", "customer_id = ? ", array($array['customer_id']));
+            }
+            $array["reminder_answer"] = SC_Utils_Ex::sfGetHashString($array["reminder_answer"], $salt);
         }
        
Index: /branches/version-2_5-dev/data/class/util/SC_Utils.php
===================================================================
--- /branches/version-2_5-dev/data/class/util/SC_Utils.php	(revision 19972)
+++ /branches/version-2_5-dev/data/class/util/SC_Utils.php	(revision 19986)
@@ -2247,4 +2247,51 @@
         return true;
     }
+
+    /**
+     * パスワードのハッシュ化
+     *
+     * @param string $str 暗号化したい文言
+     * @param string $salt salt
+     * @return string ハッシュ暗号化された文字列
+     */
+    function sfGetHashString($str, $salt) {
+        $res = '';
+        if ($salt == '') {
+            $salt = AUTH_MAGIC;
+        }
+        if ( AUTH_TYPE == 'PLAIN') {
+            $res = $str;
+        } else {
+            $res = hash_hmac(PASSWORD_HASH_ALGOS, $str . ":" . AUTH_MAGIC, $salt);
+        }
+        return $res;
+    }
+    
+    /**
+     * パスワード文字列のハッシュ一致判定
+     *
+     * @param string $pass 確認したいパスワード文字列
+     * @param string $hashpass 確認したいパスワードハッシュ文字列
+     * @param string $salt salt
+     * @return boolean 一致判定
+     */
+    function sfIsMatchHashPassword($pass, $hashpass, $salt) {
+        $res = false;
+        if ($hashpass != '') {
+            if (AUTH_TYPE == 'PLAIN') {
+                if($pass === $hashpass) {
+                    $res = true;
+                }
+            } else {
+                $hash = SC_Utils_Ex::sfGetHashString($pass, $salt);
+                if($hash === $hashpass) {
+                    $res = true;
+                }
+            }
+        }
+        return $res;
+    }
+    
+
 }
 ?>
Index: /branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Change.php
===================================================================
--- /branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Change.php	(revision 19893)
+++ /branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Change.php	(revision 19986)
@@ -160,4 +160,5 @@
             $this->arrForm['password'] = DEFAULT_PASSWORD;
             $this->arrForm['password02'] = DEFAULT_PASSWORD;
+            $this->arrForm['reminder_answer'] = DEFAULT_PASSWORD;
         }
         $this->transactionid = SC_Helper_Session_Ex::getToken();
@@ -219,4 +220,11 @@
         $objErr = new SC_CheckError($arrRet);
         $objErr->arrErr = $this->objFormParam->checkError();
+        if(isset($objErr->arrErr['password']) and $arrRet['password'] == DEFAULT_PASSWORD) {
+            unset($objErr->arrErr['password']);
+            unset($objErr->arrErr['password02']);
+        }
+        if(isset($objErr->arrErr['reminder_answer']) and $arrRet['reminder_answer'] == DEFAULT_PASSWORD) {
+            unset($objErr->arrErr['reminder_answer']);
+        }
                         
         $objErr->doFunc(array("お電話番号", "tel01", "tel02", "tel03"),array("TEL_CHECK"));
@@ -224,5 +232,7 @@
         $objErr->doFunc(array("生年月日", "year", "month", "day"), array("CHECK_BIRTHDAY"));
         if ($this->isMobile === false){
-            $objErr->doFunc(array('パスワード', 'パスワード(確認)', "password", "password02") ,array("EQUAL_CHECK"));
+            if( $arrRet['password'] != DEFAULT_PASSWORD ) {
+                $objErr->doFunc(array('パスワード', 'パスワード(確認)', "password", "password02") ,array("EQUAL_CHECK"));
+            }
             $objErr->doFunc(array('メールアドレス', 'メールアドレス(確認)', "email", "email02") ,array("EQUAL_CHECK"));
             $objErr->doFunc(array("FAX番号", "fax01", "fax02", "fax03") ,array("TEL_CHECK"));
Index: /branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php
===================================================================
--- /branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php	(revision 19977)
+++ /branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php	(revision 19986)
@@ -365,9 +365,11 @@
 
         // INSERTする値を作成する.
+        $salt                  = SC_Utils_Ex::sfGetRandomString(10);
         $sqlVal = array();
         $sqlVal['name']        = $arrMemberData['name'];
         $sqlVal['department']  = $arrMemberData['department'];
         $sqlVal['login_id']    = $arrMemberData['login_id'];
-        $sqlVal['password']    = sha1($arrMemberData['password'] . ':' . AUTH_MAGIC);
+        $sqlVal['password']    = SC_Utils_Ex::sfGetHashString($arrMemberData['password'], $salt);
+        $sqlVal['salt']        = $salt;
         $sqlVal['authority']   = $arrMemberData['authority'];
         $sqlVal['rank']        = $objQuery->max('rank', 'dtb_member') + 1;
@@ -401,5 +403,7 @@
         $sqlVal['update_date'] = 'NOW()';
         if($arrMemberData['password'] != DUMMY_PASS) {
-            $sqlVal['password'] = sha1($arrMemberData['password'] . ":" . AUTH_MAGIC);
+            $salt = SC_Utils_Ex::sfGetRandomString(10);
+            $sqlVal['salt']     = $salt;
+            $sqlVal['password'] = SC_Utils_Ex::sfGetHashString($arrMemberData['password'], $salt);
         }
 
Index: /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Customer.php
===================================================================
--- /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Customer.php	(revision 19829)
+++ /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Customer.php	(revision 19986)
@@ -183,10 +183,9 @@
         }
 
-        //-- パスワードの更新がある場合は暗号化。（更新がない場合はUPDATE文を構成しない）
-        if ($array["password"] != DEFAULT_PASSWORD) {
-            $arrRegist["password"] = sha1($array["password"] . ":" . AUTH_MAGIC);
-        } else {
-            unset($arrRegist['password']);
-        }
+        //-- パスワード/リマインダーの答え暗号化。
+        $salt = SC_Utils_Ex::sfGetRandomString(10);
+        $arrRegist["salt"] = $salt;
+        $arrRegist["password"] = SC_Utils_Ex::sfGetHashString($array["password"], $salt);
+        $arrRegist["reminder_answer"] = SC_Utils_Ex::sfGetHashString($arrRegist["reminder_answer"], $salt);
 
         $arrRegist["update_date"] = "Now()";
@@ -273,7 +272,5 @@
         $objErr->doFunc(array("ご性別", "sex") ,array("SELECT_CHECK", "NUM_CHECK"));
         $objErr->doFunc(array("ご職業", "job") ,array("NUM_CHECK"));
-        if ($array["password"] != DEFAULT_PASSWORD) {
-            $objErr->doFunc(array("パスワード", 'password', PASSWORD_LEN1, PASSWORD_LEN2), array("EXIST_CHECK", "ALNUM_CHECK", "NUM_RANGE_CHECK"));
-        }
+        $objErr->doFunc(array("パスワード", 'password', PASSWORD_LEN1, PASSWORD_LEN2), array("EXIST_CHECK", "ALNUM_CHECK", "NUM_RANGE_CHECK"));
         $objErr->doFunc(array("パスワードを忘れたときのヒント 質問", "reminder") ,array("SELECT_CHECK", "NUM_CHECK"));
         $objErr->doFunc(array("パスワードを忘れたときのヒント 答え", "reminder_answer", STEXT_LEN) ,array("EXIST_CHECK", "MAX_LENGTH_CHECK"));
Index: /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php
===================================================================
--- /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php	(revision 19892)
+++ /branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php	(revision 19986)
@@ -150,4 +150,5 @@
 
             $this->list_data["password"] = DEFAULT_PASSWORD;
+            $this->list_data["reminder_answer"] = DEFAULT_PASSWORD;
             //DB登録のメールアドレスを渡す
             $this->tpl_edit_email = $result[0]['email'];
@@ -294,5 +295,7 @@
         }
         $objErr->doFunc(array("パスワードを忘れたときのヒント 質問", "reminder") ,array("SELECT_CHECK", "NUM_CHECK"));
-        $objErr->doFunc(array("パスワードを忘れたときのヒント 答え", "reminder_answer", STEXT_LEN) ,array("EXIST_CHECK", "MAX_LENGTH_CHECK"));
+        if ($array["reminder_answer"] != DEFAULT_PASSWORD) {
+            $objErr->doFunc(array("パスワードを忘れたときのヒント 答え", "reminder_answer", STEXT_LEN) ,array("EXIST_CHECK", "MAX_LENGTH_CHECK"));
+        }
         $objErr->doFunc(array("メールマガジン", "mailmaga_flg") ,array("SELECT_CHECK", "NUM_CHECK"));
         $objErr->doFunc(array("生年月日", "year", "month", "day"), array("CHECK_DATE"));
Index: /branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Login.php
===================================================================
--- /branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Login.php	(revision 19943)
+++ /branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Login.php	(revision 19986)
@@ -102,5 +102,5 @@
     /* 認証パスワードの判定 */
     function fnCheckPassword(&$objQuery) {
-        $sql = "SELECT member_id, password, authority, login_date, name FROM dtb_member WHERE login_id = ? AND del_flg <> 1 AND work = 1";
+        $sql = "SELECT member_id, password, salt, authority, login_date, name FROM dtb_member WHERE login_id = ? AND del_flg <> 1 AND work = 1";
         $arrcol = array ($_POST['login_id']);
         // DBから暗号化パスワードを取得する。
@@ -108,8 +108,8 @@
         // パスワードの取得
         $password = $data_list[0]['password'];
+        // saltの取得
+        $salt = $data_list[0]['salt'];
         // ユーザ入力パスワードの判定
-        $ret = sha1($_POST['password'] . ":" . AUTH_MAGIC);
-
-        if ($ret == $password) {
+        if (SC_Utils_Ex::sfIsMatchHashPassword($_POST['password'], $password, $salt)) {
                // セッション登録
             $this->fnSetLoginSession($data_list[0]['member_id'], $data_list[0]['authority'], $data_list[0]['login_date'], $data_list[0]['name']);
Index: /branches/version-2_5-dev/data/require_compat.php
===================================================================
--- /branches/version-2_5-dev/data/require_compat.php	(revision 19986)
+++ /branches/version-2_5-dev/data/require_compat.php	(revision 19986)
@@ -0,0 +1,40 @@
+<?php
+/*
+ * This file is part of EC-CUBE
+ *
+ * Copyright(c) 2000-2010 LOCKON CO.,LTD. All Rights Reserved.
+ *
+ * http://www.lockon.co.jp/
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+require_once(DATA_REALDIR . "module/Compat/Compat.php");
+
+//TODO: ±ÌCuðg¤ÌªÇ¢Ì©APEAR/Crypt_HMAC2ðg¤×«©¢µ½ª
+//      Crypt_HMAC2Í5.0.0ÈãÅ Á½½ßA4.0.0©çÌ®ìªÂ\ÈºLðøpB
+
+// hash_algos (PHP 5 >= 5.1.2, PECL hash >= 1.1)
+// pX[hE}C_[ÌnbV
+Ã»Ép
+PHP_Compat::loadFunction("hash_algos");
+
+// hash_hmac (PHP 5 >= 5.1.2, PECL hash >= 1.1)
+// pX[hE}C_[ÌnbV
+Ã»Ép
+// http://pear.php.net/bugs/bug.php?id=16521 æèPHP_CompatÝ·dlÌhashÖAÖÇÁ
+PHP_Compat::loadFunction("hash_hmac");
+
+?>
Index: /branches/version-2_5-dev/data/module/Compat/tests/function/hash.phpt
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/tests/function/hash.phpt	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/tests/function/hash.phpt	(revision 19986)
@@ -0,0 +1,21 @@
+--TEST--
+Function -- hash
+--FILE--
+<?php
+require_once 'PHP/Compat/Function/hash.php';
+
+$content = "This is a sample string used to test the hash function with various hashing algorithms";
+
+echo "md5: " . php_compat_hash('md5', $content). "\n";
+echo "sha1: " . php_compat_hash('sha1', $content). "\n";
+echo "sha256: " . php_compat_hash('sha256', $content). "\n";
+echo "md5(raw): " . bin2hex(php_compat_hash('md5', $content, true)). "\n";
+echo "sha256(raw): " . bin2hex(php_compat_hash('sha256', $content, true)). "\n";
+
+?>
+--EXPECT--
+md5: bf33deeefaf5a9413160935be950cc07
+sha1: f0dc0e88cc1008e46762f40a1b4a4c0b6baedfa0
+sha256: a78149615dd1ef8aeb22a8254c36edd87713f2e79a052a89ff32ed94e827d47b
+md5(raw): bf33deeefaf5a9413160935be950cc07
+sha256(raw): a78149615dd1ef8aeb22a8254c36edd87713f2e79a052a89ff32ed94e827d47b
Index: /branches/version-2_5-dev/data/module/Compat/tests/function/sha1.phpt
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/tests/function/sha1.phpt	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/tests/function/sha1.phpt	(revision 19986)
@@ -0,0 +1,24 @@
+--TEST--
+Function -- sha1
+--FILE--
+<?php
+require_once 'PHP/Compat/Function/sha1.php';
+
+$tests = array(
+    'abc',
+    'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq',
+    'a',
+    '0123456701234567012345670123456701234567012345670123456701234567',
+    ''
+);
+
+foreach ($tests as $test) {
+    echo php_compat_sha1($test), "\n";
+}
+?>
+--EXPECT--
+a9993e364706816aba3e25717850c26c9cd0d89d
+84983e441c3bd26ebaae4aa1f95129e5e54670f1
+86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
+e0c094e867ef46c350ef54a7f59dd60bed92ae83
+da39a3ee5e6b4b0d3255bfef95601890afd80709
Index: /branches/version-2_5-dev/data/module/Compat/tests/function/hash_algos.phpt
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/tests/function/hash_algos.phpt	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/tests/function/hash_algos.phpt	(revision 19986)
@@ -0,0 +1,17 @@
+--TEST--
+Function -- hash_algos
+--FILE--
+<?php
+require_once 'PHP/Compat/Function/hash_algos.php';
+
+var_dump(php_compat_hash_algos());
+?>
+--EXPECT--
+array(3) {
+  [0]=>
+  string(3) "md5"
+  [1]=>
+  string(4) "sha1"
+  [2]=>
+  string(6) "sha256"
+}
Index: /branches/version-2_5-dev/data/module/Compat/tests/function/sha256.phpt
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/tests/function/sha256.phpt	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/tests/function/sha256.phpt	(revision 19986)
@@ -0,0 +1,20 @@
+--TEST--
+Function -- sha256
+--FILE--
+<?php
+require_once 'PHP/Compat/Function/_sha256.php';
+
+echo php_compat_sha256('') . "\n";
+echo php_compat_sha256('a') . "\n";
+echo php_compat_sha256('012345678901234567890123456789012345678901234567890123456789') . "\n";
+
+/* FIPS-180 Vectors */
+echo php_compat_sha256('abc') . "\n";
+echo php_compat_sha256('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq') . "\n";
+?>
+--EXPECT--
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
+5e43c8704ac81f33d701c1ace046ba9f257062b4d17e78f3254cbf243177e4f2
+ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
+248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1
Index: /branches/version-2_5-dev/data/module/Compat/tests/function/hash_hmac.phpt
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/tests/function/hash_hmac.phpt	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/tests/function/hash_hmac.phpt	(revision 19986)
@@ -0,0 +1,22 @@
+--TEST--
+Function -- hash_hmac
+--FILE--
+<?php
+require_once 'PHP/Compat/Function/hash_hmac.php';
+
+$content = "This is a sample string used to test the hash_hmac function with various hashing algorithms";
+$key = 'secret';
+
+echo "md5: " . php_compat_hash_hmac('md5', $content, $key) . "\n";
+echo "sha1: " . php_compat_hash_hmac('sha1', $content, $key) . "\n";
+echo "sha256: " . php_compat_hash_hmac('sha256', $content, $key) . "\n";
+echo "md5(raw): " . bin2hex(php_compat_hash_hmac('md5', $content, $key, true)) . "\n";
+echo "sha256(raw): " . bin2hex(php_compat_hash_hmac('sha256', $content, $key, true)) . "\n";
+
+?>
+--EXPECT--
+md5: 2a632783e2812cf23de100d7d6a463ae
+sha1: 5bfdb62b97e2c987405463e9f7c193139c0e1fd0
+sha256: 49bde3496b9510a17d0edd8a4b0ac70148e32a1d51e881ec76faa96534125838
+md5(raw): 2a632783e2812cf23de100d7d6a463ae
+sha256(raw): 49bde3496b9510a17d0edd8a4b0ac70148e32a1d51e881ec76faa96534125838
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_hmac.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_hmac.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_hmac.php	(revision 19986)
@@ -0,0 +1,44 @@
+<?php
+
+require_once dirname(__FILE__) . '/hash.php';
+
+/**
+ * Replace hash_hmac()
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.hash_hmac
+ * @author      revulo <revulon@gmail.com>
+ * @since       PHP 5.1.2
+ * @require     PHP 4.0.1 (str_pad)
+ */
+function php_compat_hash_hmac($algo, $data, $key, $raw_output = false)
+{
+    // Block size (byte) for MD5, SHA-1 and SHA-256.
+    $blocksize = 64;
+
+    $ipad = str_repeat("\x36", $blocksize);
+    $opad = str_repeat("\x5c", $blocksize);
+
+    if (strlen($key) > $blocksize) {
+        $key = hash($algo, $key, true);
+    } else {
+        $key = str_pad($key, $blocksize, "\x00");
+    }
+
+    $ipad ^= $key;
+    $opad ^= $key;
+
+    return hash($algo, $opad . hash($algo, $ipad . $data, true), $raw_output);
+}
+
+
+// Define
+if (!function_exists('hash_hmac')) {
+    function hash_hmac($algo, $data, $key, $raw_output = false)
+    {
+        return php_compat_hash_hmac($algo, $data, $key, $raw_output);
+    }
+}
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha1.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha1.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha1.php	(revision 19986)
@@ -0,0 +1,117 @@
+<?php
+
+/**
+ * Replace sha1()
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.sha1
+ * @author      revulo <revulon@gmail.com>
+ * @since       PHP 4.3.0
+ * @require     PHP 4.0.0
+ */
+function php_compat_sha1($str, $raw_output = false)
+{
+    $h0 = (int)0x67452301;
+    $h1 = (int)0xefcdab89;
+    $h2 = (int)0x98badcfe;
+    $h3 = (int)0x10325476;
+    $h4 = (int)0xc3d2e1f0;
+
+    $len = strlen($str);
+
+    $str .= "\x80";
+    $str .= str_repeat("\0", 63 - ($len + 8) % 64);
+    $str .= pack('N2', $len >> 29, $len << 3);
+
+    for ($i = 0; $i < strlen($str); $i += 64) {
+
+        $w = array();
+        for ($j = 0; $j < 16; ++$j) {
+            $index = $i + $j * 4;
+            $w[$j] = ord($str[$index])     << 24
+                   | ord($str[$index + 1]) << 16
+                   | ord($str[$index + 2]) << 8
+                   | ord($str[$index + 3]);
+        }
+        for ($j = 16; $j < 80; ++$j) {
+            $w[$j] = php_compat_sha1_rotl_helper($w[$j - 3] ^ $w[$j - 8] ^ $w[$j - 14] ^ $w[$j - 16], 1);
+        }
+
+        $a = $h0;
+        $b = $h1;
+        $c = $h2;
+        $d = $h3;
+        $e = $h4;
+
+        for ($j = 0; $j < 80; ++$j) {
+            if ($j < 20) {
+                $f = ($b & $c) | (~$b & $d);
+                $k = (int)0x5a827999;
+            } else if ($j < 40) {
+                $f = $b ^ $c ^ $d;
+                $k = (int)0x6ed9eba1;
+            } else if ($j < 60) {
+                $f = ($b & $c) | ($b & $d) | ($c & $d);
+                $k = (int)0x8f1bbcdc;
+            } else {
+                $f = $b ^ $c ^ $d;
+                $k = (int)0xca62c1d6;
+            }
+
+            $t = php_compat_sha1_add32_helper(
+                 php_compat_sha1_add32_helper(
+                 php_compat_sha1_add32_helper(
+                 php_compat_sha1_add32_helper(
+                 php_compat_sha1_rotl_helper($a, 5), $f), $e), $k), $w[$j]);
+
+            $e = $d;
+            $d = $c;
+            $c = php_compat_sha1_rotl_helper($b, 30);
+            $b = $a;
+            $a = $t;
+        }
+
+        $h0 = php_compat_sha1_add32_helper($h0, $a);
+        $h1 = php_compat_sha1_add32_helper($h1, $b);
+        $h2 = php_compat_sha1_add32_helper($h2, $c);
+        $h3 = php_compat_sha1_add32_helper($h3, $d);
+        $h4 = php_compat_sha1_add32_helper($h4, $e);
+    }
+
+    $h0 &= (int)0xffffffff;
+    $h1 &= (int)0xffffffff;
+    $h2 &= (int)0xffffffff;
+    $h3 &= (int)0xffffffff;
+    $h4 &= (int)0xffffffff;
+
+    $hash = sprintf('%08x%08x%08x%08x%08x', $h0, $h1, $h2, $h3, $h4);
+
+    if ($raw_output) {
+        return pack('H*', $hash);
+    } else {
+        return $hash;
+    }
+}
+
+function php_compat_sha1_add32_helper($x, $y)
+{
+    $lsw = ($x & 0xffff) + ($y & 0xffff);
+    $msw = ($x >> 16) + ($y >> 16) + ($lsw >> 16);
+    return ($msw << 16) | ($lsw & 0xffff);
+}
+
+function php_compat_sha1_rotl_helper($x, $n)
+{
+    return ($x << $n) | ($x >> (32 - $n)) & (0x7fffffff >> (31 - $n));
+}
+
+// Define
+if (!function_exists('sha1')) {
+    function sha1($str, $raw_output = false)
+    {
+        return php_compat_sha1($str, $raw_output);
+    }
+}
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha256.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha256.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/sha256.php	(revision 19986)
@@ -0,0 +1,156 @@
+<?php
+
+/**
+ * PHP implementation of SHA-256 hash function
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.hash
+ * @author      revulo <revulon@gmail.com>
+ * @require     PHP 4.0.0
+ */
+function php_compat_sha256($str, $raw_output = false)
+{
+    $h0 = (int)0x6a09e667;
+    $h1 = (int)0xbb67ae85;
+    $h2 = (int)0x3c6ef372;
+    $h3 = (int)0xa54ff53a;
+    $h4 = (int)0x510e527f;
+    $h5 = (int)0x9b05688c;
+    $h6 = (int)0x1f83d9ab;
+    $h7 = (int)0x5be0cd19;
+
+    $k = array(
+        (int)0x428a2f98, (int)0x71374491, (int)0xb5c0fbcf, (int)0xe9b5dba5,
+        (int)0x3956c25b, (int)0x59f111f1, (int)0x923f82a4, (int)0xab1c5ed5,
+        (int)0xd807aa98, (int)0x12835b01, (int)0x243185be, (int)0x550c7dc3,
+        (int)0x72be5d74, (int)0x80deb1fe, (int)0x9bdc06a7, (int)0xc19bf174,
+        (int)0xe49b69c1, (int)0xefbe4786, (int)0x0fc19dc6, (int)0x240ca1cc,
+        (int)0x2de92c6f, (int)0x4a7484aa, (int)0x5cb0a9dc, (int)0x76f988da,
+        (int)0x983e5152, (int)0xa831c66d, (int)0xb00327c8, (int)0xbf597fc7,
+        (int)0xc6e00bf3, (int)0xd5a79147, (int)0x06ca6351, (int)0x14292967,
+        (int)0x27b70a85, (int)0x2e1b2138, (int)0x4d2c6dfc, (int)0x53380d13,
+        (int)0x650a7354, (int)0x766a0abb, (int)0x81c2c92e, (int)0x92722c85,
+        (int)0xa2bfe8a1, (int)0xa81a664b, (int)0xc24b8b70, (int)0xc76c51a3,
+        (int)0xd192e819, (int)0xd6990624, (int)0xf40e3585, (int)0x106aa070,
+        (int)0x19a4c116, (int)0x1e376c08, (int)0x2748774c, (int)0x34b0bcb5,
+        (int)0x391c0cb3, (int)0x4ed8aa4a, (int)0x5b9cca4f, (int)0x682e6ff3,
+        (int)0x748f82ee, (int)0x78a5636f, (int)0x84c87814, (int)0x8cc70208,
+        (int)0x90befffa, (int)0xa4506ceb, (int)0xbef9a3f7, (int)0xc67178f2
+    );
+
+    $len = strlen($str);
+
+    $str .= "\x80";
+    $str .= str_repeat("\0", 63 - ($len + 8) % 64);
+    $str .= pack('N2', $len >> 29, $len << 3);
+
+    for ($i = 0; $i < strlen($str); $i += 64) {
+
+        $w = array();
+        for ($j = 0; $j < 16; ++$j) {
+            $index = $i + $j * 4;
+            $w[$j] = ord($str[$index])     << 24
+                   | ord($str[$index + 1]) << 16
+                   | ord($str[$index + 2]) << 8
+                   | ord($str[$index + 3]);
+        }
+        for ($j = 16; $j < 64; ++$j) {
+            $s0 = php_compat_sha256_rotr_helper($w[$j - 15],  7)
+                ^ php_compat_sha256_rotr_helper($w[$j - 15], 18)
+                ^ php_compat_sha256_shr_helper ($w[$j - 15],  3);
+
+            $s1 = php_compat_sha256_rotr_helper($w[$j - 2], 17)
+                ^ php_compat_sha256_rotr_helper($w[$j - 2], 19)
+                ^ php_compat_sha256_shr_helper ($w[$j - 2], 10);
+
+            $w[$j] = php_compat_sha256_add32_helper(
+                     php_compat_sha256_add32_helper(
+                     php_compat_sha256_add32_helper($w[$j - 16], $s0), $w[$j - 7]), $s1);
+        }
+
+        $a = $h0;
+        $b = $h1;
+        $c = $h2;
+        $d = $h3;
+        $e = $h4;
+        $f = $h5;
+        $g = $h6;
+        $h = $h7;
+
+        for ($j = 0; $j < 64; ++$j) {
+            $s1 = php_compat_sha256_rotr_helper($e,  6)
+                ^ php_compat_sha256_rotr_helper($e, 11)
+                ^ php_compat_sha256_rotr_helper($e, 25);
+
+            $ch = ($e & $f) ^ (~$e & $g);
+
+            $s0 = php_compat_sha256_rotr_helper($a,  2)
+                ^ php_compat_sha256_rotr_helper($a, 13)
+                ^ php_compat_sha256_rotr_helper($a, 22);
+
+            $maj = ($a & $b) ^ ($a & $c) ^ ($b & $c);
+
+            $t1 = php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper($h, $s1), $ch), $k[$j]), $w[$j]);
+
+            $t2 = php_compat_sha256_add32_helper($s0, $maj);
+
+            $h = $g;
+            $g = $f;
+            $f = $e;
+            $e = php_compat_sha256_add32_helper($d, $t1);
+            $d = $c;
+            $c = $b;
+            $b = $a;
+            $a = php_compat_sha256_add32_helper($t1, $t2);
+        }
+
+        $h0 = php_compat_sha256_add32_helper($h0, $a);
+        $h1 = php_compat_sha256_add32_helper($h1, $b);
+        $h2 = php_compat_sha256_add32_helper($h2, $c);
+        $h3 = php_compat_sha256_add32_helper($h3, $d);
+        $h4 = php_compat_sha256_add32_helper($h4, $e);
+        $h5 = php_compat_sha256_add32_helper($h5, $f);
+        $h6 = php_compat_sha256_add32_helper($h6, $g);
+        $h7 = php_compat_sha256_add32_helper($h7, $h);
+    }
+
+    $h0 &= (int)0xffffffff;
+    $h1 &= (int)0xffffffff;
+    $h2 &= (int)0xffffffff;
+    $h3 &= (int)0xffffffff;
+    $h4 &= (int)0xffffffff;
+    $h5 &= (int)0xffffffff;
+    $h6 &= (int)0xffffffff;
+    $h7 &= (int)0xffffffff;
+
+    $hash = sprintf('%08x%08x%08x%08x%08x%08x%08x%08x', $h0, $h1, $h2, $h3, $h4, $h5, $h6, $h7);
+
+    if ($raw_output) {
+        return pack('H*', $hash);
+    } else {
+        return $hash;
+    }
+}
+
+function php_compat_sha256_add32_helper($x, $y)
+{
+    $lsw = ($x & 0xffff) + ($y & 0xffff);
+    $msw = ($x >> 16) + ($y >> 16) + ($lsw >> 16);
+    return ($msw << 16) | ($lsw & 0xffff);
+}
+
+function php_compat_sha256_shr_helper($x, $n)
+{
+    return ($x >> $n) & (0x7fffffff >> ($n - 1));
+}
+
+function php_compat_sha256_rotr_helper($x, $n)
+{
+    return ($x << (32 - $n)) | ($x >> $n) & (0x7fffffff >> ($n - 1));
+}
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_algos.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_algos.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash_algos.php	(revision 19986)
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Replace hash_algos()
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.hash_algos
+ * @author      revulo <revulon@gmail.com>
+ * @since       PHP 5.1.2
+ * @require     PHP 4.0.0
+ */
+function php_compat_hash_algos()
+{
+    return array('md5', 'sha1', 'sha256');
+}
+
+
+// Define
+if (!function_exists('hash_algos')) {
+    function hash_algos()
+    {
+        return php_compat_hash_algos();
+    }
+}
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/hash.php	(revision 19986)
@@ -0,0 +1,56 @@
+<?php
+
+/**
+ * Replace hash()
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.hash
+ * @author      revulo <revulon@gmail.com>
+ * @since       PHP 5.1.2
+ * @require     PHP 4.0.0 (user_error)
+ */
+function php_compat_hash($algo, $data, $raw_output = false)
+{
+    $algo = strtolower($algo);
+    switch ($algo) {
+        case 'md5':
+            $hash = md5($data);
+            break;
+
+        case 'sha1':
+            if (!function_exists('sha1')) {
+                require dirname(__FILE__) . '/sha1.php';
+            }
+            $hash = sha1($data);
+            break;
+
+        case 'sha256':
+            if (!function_exists('php_compat_sha256')) {
+                require dirname(__FILE__) . '/_sha256.php';
+            }
+            $hash = php_compat_sha256($data);
+            break;
+
+        default:
+            user_error('hash(): Unknown hashing algorithm: ' . $algo, E_USER_WARNING);
+            return false;
+    }
+
+    if ($raw_output) {
+        return pack('H*', $hash);
+    } else {
+        return $hash;
+    }
+}
+
+
+// Define
+if (!function_exists('hash')) {
+    function hash($algo, $data, $raw_output = false)
+    {
+        return php_compat_hash($algo, $data, $raw_output);
+    }
+}
Index: /branches/version-2_5-dev/data/module/Compat/Compat/Function/_sha256.php
===================================================================
--- /branches/version-2_5-dev/data/module/Compat/Compat/Function/_sha256.php	(revision 19986)
+++ /branches/version-2_5-dev/data/module/Compat/Compat/Function/_sha256.php	(revision 19986)
@@ -0,0 +1,156 @@
+<?php
+
+/**
+ * PHP implementation of SHA-256 hash function
+ *
+ * @category    PHP
+ * @package     PHP_Compat
+ * @license     LGPL - http://www.gnu.org/licenses/lgpl.html
+ * @copyright   2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
+ * @link        http://php.net/function.hash
+ * @author      revulo <revulon@gmail.com>
+ * @require     PHP 4.0.0
+ */
+function php_compat_sha256($str, $raw_output = false)
+{
+    $h0 = (int)0x6a09e667;
+    $h1 = (int)0xbb67ae85;
+    $h2 = (int)0x3c6ef372;
+    $h3 = (int)0xa54ff53a;
+    $h4 = (int)0x510e527f;
+    $h5 = (int)0x9b05688c;
+    $h6 = (int)0x1f83d9ab;
+    $h7 = (int)0x5be0cd19;
+
+    $k = array(
+        (int)0x428a2f98, (int)0x71374491, (int)0xb5c0fbcf, (int)0xe9b5dba5,
+        (int)0x3956c25b, (int)0x59f111f1, (int)0x923f82a4, (int)0xab1c5ed5,
+        (int)0xd807aa98, (int)0x12835b01, (int)0x243185be, (int)0x550c7dc3,
+        (int)0x72be5d74, (int)0x80deb1fe, (int)0x9bdc06a7, (int)0xc19bf174,
+        (int)0xe49b69c1, (int)0xefbe4786, (int)0x0fc19dc6, (int)0x240ca1cc,
+        (int)0x2de92c6f, (int)0x4a7484aa, (int)0x5cb0a9dc, (int)0x76f988da,
+        (int)0x983e5152, (int)0xa831c66d, (int)0xb00327c8, (int)0xbf597fc7,
+        (int)0xc6e00bf3, (int)0xd5a79147, (int)0x06ca6351, (int)0x14292967,
+        (int)0x27b70a85, (int)0x2e1b2138, (int)0x4d2c6dfc, (int)0x53380d13,
+        (int)0x650a7354, (int)0x766a0abb, (int)0x81c2c92e, (int)0x92722c85,
+        (int)0xa2bfe8a1, (int)0xa81a664b, (int)0xc24b8b70, (int)0xc76c51a3,
+        (int)0xd192e819, (int)0xd6990624, (int)0xf40e3585, (int)0x106aa070,
+        (int)0x19a4c116, (int)0x1e376c08, (int)0x2748774c, (int)0x34b0bcb5,
+        (int)0x391c0cb3, (int)0x4ed8aa4a, (int)0x5b9cca4f, (int)0x682e6ff3,
+        (int)0x748f82ee, (int)0x78a5636f, (int)0x84c87814, (int)0x8cc70208,
+        (int)0x90befffa, (int)0xa4506ceb, (int)0xbef9a3f7, (int)0xc67178f2
+    );
+
+    $len = strlen($str);
+
+    $str .= "\x80";
+    $str .= str_repeat("\0", 63 - ($len + 8) % 64);
+    $str .= pack('N2', $len >> 29, $len << 3);
+
+    for ($i = 0; $i < strlen($str); $i += 64) {
+
+        $w = array();
+        for ($j = 0; $j < 16; ++$j) {
+            $index = $i + $j * 4;
+            $w[$j] = ord($str[$index])     << 24
+                   | ord($str[$index + 1]) << 16
+                   | ord($str[$index + 2]) << 8
+                   | ord($str[$index + 3]);
+        }
+        for ($j = 16; $j < 64; ++$j) {
+            $s0 = php_compat_sha256_rotr_helper($w[$j - 15],  7)
+                ^ php_compat_sha256_rotr_helper($w[$j - 15], 18)
+                ^ php_compat_sha256_shr_helper ($w[$j - 15],  3);
+
+            $s1 = php_compat_sha256_rotr_helper($w[$j - 2], 17)
+                ^ php_compat_sha256_rotr_helper($w[$j - 2], 19)
+                ^ php_compat_sha256_shr_helper ($w[$j - 2], 10);
+
+            $w[$j] = php_compat_sha256_add32_helper(
+                     php_compat_sha256_add32_helper(
+                     php_compat_sha256_add32_helper($w[$j - 16], $s0), $w[$j - 7]), $s1);
+        }
+
+        $a = $h0;
+        $b = $h1;
+        $c = $h2;
+        $d = $h3;
+        $e = $h4;
+        $f = $h5;
+        $g = $h6;
+        $h = $h7;
+
+        for ($j = 0; $j < 64; ++$j) {
+            $s1 = php_compat_sha256_rotr_helper($e,  6)
+                ^ php_compat_sha256_rotr_helper($e, 11)
+                ^ php_compat_sha256_rotr_helper($e, 25);
+
+            $ch = ($e & $f) ^ (~$e & $g);
+
+            $s0 = php_compat_sha256_rotr_helper($a,  2)
+                ^ php_compat_sha256_rotr_helper($a, 13)
+                ^ php_compat_sha256_rotr_helper($a, 22);
+
+            $maj = ($a & $b) ^ ($a & $c) ^ ($b & $c);
+
+            $t1 = php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper(
+                  php_compat_sha256_add32_helper($h, $s1), $ch), $k[$j]), $w[$j]);
+
+            $t2 = php_compat_sha256_add32_helper($s0, $maj);
+
+            $h = $g;
+            $g = $f;
+            $f = $e;
+            $e = php_compat_sha256_add32_helper($d, $t1);
+            $d = $c;
+            $c = $b;
+            $b = $a;
+            $a = php_compat_sha256_add32_helper($t1, $t2);
+        }
+
+        $h0 = php_compat_sha256_add32_helper($h0, $a);
+        $h1 = php_compat_sha256_add32_helper($h1, $b);
+        $h2 = php_compat_sha256_add32_helper($h2, $c);
+        $h3 = php_compat_sha256_add32_helper($h3, $d);
+        $h4 = php_compat_sha256_add32_helper($h4, $e);
+        $h5 = php_compat_sha256_add32_helper($h5, $f);
+        $h6 = php_compat_sha256_add32_helper($h6, $g);
+        $h7 = php_compat_sha256_add32_helper($h7, $h);
+    }
+
+    $h0 &= (int)0xffffffff;
+    $h1 &= (int)0xffffffff;
+    $h2 &= (int)0xffffffff;
+    $h3 &= (int)0xffffffff;
+    $h4 &= (int)0xffffffff;
+    $h5 &= (int)0xffffffff;
+    $h6 &= (int)0xffffffff;
+    $h7 &= (int)0xffffffff;
+
+    $hash = sprintf('%08x%08x%08x%08x%08x%08x%08x%08x', $h0, $h1, $h2, $h3, $h4, $h5, $h6, $h7);
+
+    if ($raw_output) {
+        return pack('H*', $hash);
+    } else {
+        return $hash;
+    }
+}
+
+function php_compat_sha256_add32_helper($x, $y)
+{
+    $lsw = ($x & 0xffff) + ($y & 0xffff);
+    $msw = ($x >> 16) + ($y >> 16) + ($lsw >> 16);
+    return ($msw << 16) | ($lsw & 0xffff);
+}
+
+function php_compat_sha256_shr_helper($x, $n)
+{
+    return ($x >> $n) & (0x7fffffff >> ($n - 1));
+}
+
+function php_compat_sha256_rotr_helper($x, $n)
+{
+    return ($x << (32 - $n)) | ($x >> $n) & (0x7fffffff >> ($n - 1));
+}
Index: /branches/version-2_5-dev/data/mtb_constants_init.php
===================================================================
--- /branches/version-2_5-dev/data/mtb_constants_init.php	(revision 19972)
+++ /branches/version-2_5-dev/data/mtb_constants_init.php	(revision 19986)
@@ -14,6 +14,6 @@
 /** ユーザー作成ページ等 */
 define('USER_URL', HTTP_URL . USER_DIR);
-/** 認証用 magic */
-define('AUTH_MAGIC', "31eafcbd7a81d7b401a7fdc12bba047c02d1fae6");
+/** 認証方式 */
+define('AUTH_TYPE', "HMAC");
 /** テンプレートファイル保存先 */
 define('USER_TEMPLATE_DIR', "templates/");
@@ -91,5 +91,5 @@
 define('OPTION_CLASS_REGIST', 1);
 /** 会員登録変更(マイページ)パスワード用 */
-define('DEFAULT_PASSWORD', "UAhgGR3L");
+define('DEFAULT_PASSWORD', "********");
 /** 別のお届け先最大登録数 */
 define('DELIV_ADDR_MAX', 20);
Index: /branches/version-2_5-dev/data/require_base.php
===================================================================
--- /branches/version-2_5-dev/data/require_base.php	(revision 19805)
+++ /branches/version-2_5-dev/data/require_base.php	(revision 19986)
@@ -25,4 +25,6 @@
     define("DATA_REALDIR", HTML_REALDIR . HTML2DATA_DIR);
 }
+// PHP4互換用関数読み込み(PHP_Compat)
+require_once(DATA_REALDIR . "require_compat.php");
 
 // アプリケーション初期化処理
Index: /branches/version-2_5-dev/html/install/index.php
===================================================================
--- /branches/version-2_5-dev/html/install/index.php	(revision 19972)
+++ /branches/version-2_5-dev/html/install/index.php	(revision 19986)
@@ -281,5 +281,6 @@
     // 管理者登録
     $login_id = $objWebParam->getValue('login_id');
-    $login_pass = sha1($objWebParam->getValue('login_pass') . ":" . AUTH_MAGIC);
+    $salt = SC_Utils_Ex::sfGetRandomString(10);
+    $login_pass = SC_Utils_Ex::sfGetHashString($objWebParam->getValue('login_pass'), $salt);
 
     $objQuery->delete("dtb_member", "login_id = ?", array($login_id));
@@ -290,4 +291,5 @@
                                           "login_id" => $login_id,
                                           "password" => $login_pass,
+                                          "salt" => $salt,
                                           "creator_id" => 0,
                                           "authority" => 0,
@@ -947,4 +949,17 @@
         }
     }
+    //パスワード暗号化方式決定
+    $arrAlgos = hash_algos();
+    if(array_search('sha256', $arrAlgos) !== FALSE) {
+        $algos = 'sha256';
+    }elseif(array_search('sha1', $arrAlgos) !== FALSE) {
+        $algos = 'sha1';
+    }elseif(array_search('md5', $arrAlgos) !== FALSE) {
+        $algos = 'md5';
+    }else{
+        $algos = '';
+    }
+    //MAGICハッシュワード決定
+    $auth_magic = SC_Utils_Ex::sfGetRandomString(40);
     $config_data =
     "<?php\n".
@@ -963,4 +978,6 @@
     "    define ('ADMIN_FORCE_SSL', " . $force_ssl .  ");\n".
     "    define ('ADMIN_ALLOW_HOSTS', '".serialize($allow_hosts)."');\n".
+    "    define ('AUTH_MAGIC', '" . $auth_magic . "');\n".
+    "    define ('PASSWORD_HASH_ALGOS', '" . $algos . "');\n".
     "?>";
 
Index: /branches/version-2_5-dev/html/install/sql/insert_data.sql
===================================================================
--- /branches/version-2_5-dev/html/install/sql/insert_data.sql	(revision 19985)
+++ /branches/version-2_5-dev/html/install/sql/insert_data.sql	(revision 19986)
@@ -481,5 +481,5 @@
 INSERT INTO dtb_mailtemplate (template_id, subject, header, footer, creator_id, del_flg, create_date, update_date) VALUES (5, 'お問い合わせを受け付けました', NULL, NULL, 0, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
 
-INSERT INTO dtb_member (member_id, name, department, login_id, password, authority, rank, work, del_flg, creator_id, update_date, create_date, login_date) VALUES (1, 'dummy', NULL, 'dummy', 'dummy', 0, 0, 1, 1, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL);
+INSERT INTO dtb_member (member_id, name, department, login_id, password, salt, authority, rank, work, del_flg, creator_id, update_date, create_date, login_date) VALUES (1, 'dummy', NULL, 'dummy', 'dummy', 'dummy', 0, 0, 1, 1, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, NULL);
 
 INSERT INTO dtb_module (module_id, module_code, module_name, sub_data, auto_update_flg, del_flg, create_date, update_date) VALUES (0, '0', 'patch', NULL, 0, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
@@ -1030,5 +1030,5 @@
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('ZIP_DSN', 'DEFAULT_DSN', 8, '郵便番号専用DB');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('USER_URL', 'HTTP_URL . USER_DIR', 9, 'ユーザー作成ページ等');
-INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('AUTH_MAGIC', '"31eafcbd7a81d7b401a7fdc12bba047c02d1fae6"', 10, '認証用 magic');
+INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('AUTH_TYPE', '"HMAC"', 10, '認証方式');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('USER_TEMPLATE_DIR', '"templates/"', 16, 'テンプレートファイル保存先');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('USER_PACKAGE_DIR', '"packages/"', 17, 'テンプレートファイル保存先');
@@ -1068,5 +1068,5 @@
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('OPTION_RECOMMEND', '1', 61, 'おすすめ商品登録(有効:1 無効:0)');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('OPTION_CLASS_REGIST', '1', 62, '商品規格登録(有効:1 無効:0)');
-INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('DEFAULT_PASSWORD', '"UAhgGR3L"', 66, '会員登録変更(マイページ)パスワード用');
+INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('DEFAULT_PASSWORD', '"******"', 66, '会員登録変更(マイページ)パスワード用');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('DELIV_ADDR_MAX', '20', 67, '別のお届け先最大登録数');
 INSERT INTO mtb_constants (id, name, rank, remarks) VALUES ('ORDER_STATUS_MAX', '50', 70, '管理画面ステータス一覧表示件数');
Index: /branches/version-2_5-dev/html/install/sql/create_table_mysql.sql
===================================================================
--- /branches/version-2_5-dev/html/install/sql/create_table_mysql.sql	(revision 19966)
+++ /branches/version-2_5-dev/html/install/sql/create_table_mysql.sql	(revision 19986)
@@ -579,4 +579,5 @@
     reminder smallint,
     reminder_answer text,
+    salt text,
     secret_key varchar(50) NOT NULL UNIQUE,
     first_buy_date datetime,
@@ -791,4 +792,5 @@
     login_id text NOT NULL,
     password text NOT NULL,
+    salt text NOT NULL,
     authority smallint NOT NULL,
     rank int NOT NULL DEFAULT 0,
Index: /branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql
===================================================================
--- /branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql	(revision 19966)
+++ /branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql	(revision 19986)
@@ -581,4 +581,5 @@
     reminder smallint,
     reminder_answer text,
+    salt text,
     secret_key text NOT NULL UNIQUE,
     first_buy_date timestamp,
@@ -793,4 +794,5 @@
     login_id text NOT NULL,
     password text NOT NULL,
+    salt text NOT NULL,
     authority smallint NOT NULL,
     rank int NOT NULL DEFAULT 0,
