Update security.php
This commit is contained in:
GitHub
parent
5e488e4fbe
commit
6181072341
|
|
@ -31,10 +31,29 @@ if(!function_exists("make_random_id")) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!function_exists("set_session")) {
|
||||||
|
function set_session($session_name, $value) {
|
||||||
|
if(PHP_VERSION < '5.3.0') {
|
||||||
|
session_register($session_name);
|
||||||
|
}
|
||||||
|
$$session_name = $_SESSION["$session_name"] = $value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!function_exists("get_session")) {
|
||||||
|
function get_session($session_name) {
|
||||||
|
$session_value = "";
|
||||||
|
if(!array_key_empty($session_name, $_SESSION)) {
|
||||||
|
$session_value = $_SESSION[$session_name];
|
||||||
|
}
|
||||||
|
return $session_value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(!function_exists("set_session_token")) {
|
if(!function_exists("set_session_token")) {
|
||||||
function set_session_token() {
|
function set_session_token() {
|
||||||
$random_id = make_random_id(10);
|
$random_id = make_random_id(10);
|
||||||
$_SESSION['random_id'] = $random_id;
|
set_session("random_id", $random_id);
|
||||||
|
|
||||||
return $random_id;
|
return $random_id;
|
||||||
}
|
}
|
||||||
|
|
@ -42,14 +61,14 @@ if(!function_exists("set_session_token")) {
|
||||||
|
|
||||||
if(!function_exists("get_session_token")) {
|
if(!function_exists("get_session_token")) {
|
||||||
function get_session_token() {
|
function get_session_token() {
|
||||||
return $_SESSION['random_id'];
|
return get_session("random_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!function_exists("check_token_abuse_by_requests")) {
|
if(!function_exists("check_token_abuse_by_requests")) {
|
||||||
function check_token_abuse_by_requests($name) {
|
function check_token_abuse_by_requests($name) {
|
||||||
global $requests;
|
global $requests;
|
||||||
return check_token_abuse($requests['_POST'][$name], $_SESSION[$name]);
|
return check_token_abuse($requests['_POST'][$name], get_session($name));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -98,20 +117,18 @@ if(!function_exists("process_safe_login")) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$flag = false;
|
$flag = false;
|
||||||
$ss_key = "";
|
$ss_key = get_session("ss_key");
|
||||||
|
if(!empty($ss_key)) {
|
||||||
if(!array_key_empty("ss_key", $_SESSION)) {
|
$flag = check_login_session($ss_key, $config);
|
||||||
$ss_key = $_SESSION['ss_key'];
|
|
||||||
$flag = check_login_session($_SESSION['ss_key'], $config);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if($flag == false) {
|
if($flag == false) {
|
||||||
$ss_key = make_random_id(10);
|
$ss_key = make_random_id(10);
|
||||||
|
|
||||||
$_SESSION['ss_user_name'] = $user_name;
|
|
||||||
$_SESSION['ss_key'] = $ss_key;
|
|
||||||
|
|
||||||
$flag = store_login_session($ss_key, $config);
|
set_session("ss_user_name", $user_name);
|
||||||
|
set_session("ss_key", $ss_key);
|
||||||
|
|
||||||
|
$flag = store_login_session($ss_key, $config);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $flag;
|
return $flag;
|
||||||
|
|
@ -126,7 +143,7 @@ if(!function_exists("check_empty_fields")) {
|
||||||
$check_data = $method_get ? $requests['_GET'] : $requests['_POST'];
|
$check_data = $method_get ? $requests['_GET'] : $requests['_POST'];
|
||||||
|
|
||||||
foreach($no_empty_fields as $fieldname) {
|
foreach($no_empty_fields as $fieldname) {
|
||||||
if(array_key_empty($fieldname, $requests['_POST'])) {
|
if(array_key_empty($fieldname, $check_data)) {
|
||||||
$errors[] = array(
|
$errors[] = array(
|
||||||
"fieldname" => $fieldname,
|
"fieldname" => $fieldname,
|
||||||
"message" => "{$fieldname} 항목은 공백일 수 없습니다."
|
"message" => "{$fieldname} 항목은 공백일 수 없습니다."
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user