public function testSfIsMatchHashPassword_ハッシュ化後の文字列が一致する場合_trueが返る()
{
$pass = '******';
$salt = 'salt';
$hashpass = SC_Utils_Ex::sfGetHashString($pass, $salt);
$this->expected = TRUE;
$this->actual = SC_Utils::sfIsMatchHashPassword($pass, $hashpass, $salt);
$this->verify('パスワード文字列比較結果');
}
/**
* 会員情報の登録・編集処理を行う.
*
* @param array $arrData 登録するデータの配列(SC_FormParamのgetDbArrayの戻り値)
* @param array $customer_id nullの場合はinsert, 存在する場合はupdate
* @access public
* @return integer 登録編集したユーザーのcustomer_id
*/
public function sfEditCustomerData($arrData, $customer_id = null)
{
$objQuery =& SC_Query_Ex::getSingletonInstance();
$objQuery->begin();
$old_version_flag = false;
$arrData['update_date'] = 'CURRENT_TIMESTAMP';
// 更新日
// salt値の生成(insert時)または取得(update時)。
if (is_numeric($customer_id)) {
$salt = $objQuery->get('salt', 'dtb_customer', 'customer_id = ? ', array($customer_id));
// 旧バージョン(2.11未満)からの移行を考慮
if (strlen($salt) === 0) {
$old_version_flag = true;
}
} else {
$salt = SC_Utils_Ex::sfGetRandomString(10);
$arrData['salt'] = $salt;
}
//-- パスワードの更新がある場合は暗号化
if ($arrData['password'] == DEFAULT_PASSWORD or $arrData['password'] == '') {
//更新しない
unset($arrData['password']);
} else {
// 旧バージョン(2.11未満)からの移行を考慮
if ($old_version_flag) {
$is_password_updated = true;
$salt = SC_Utils_Ex::sfGetRandomString(10);
$arrData['salt'] = $salt;
}
$arrData['password'] = SC_Utils_Ex::sfGetHashString($arrData['password'], $salt);
}
//-- 秘密の質問の更新がある場合は暗号化
if ($arrData['reminder_answer'] == DEFAULT_PASSWORD or $arrData['reminder_answer'] == '') {
//更新しない
unset($arrData['reminder_answer']);
// 旧バージョン(2.11未満)からの移行を考慮
if ($old_version_flag && $is_password_updated) {
// パスワードが更新される場合は、平文になっている秘密の質問を暗号化する
$reminder_answer = $objQuery->get('reminder_answer', 'dtb_customer', 'customer_id = ? ', array($customer_id));
$arrData['reminder_answer'] = SC_Utils_Ex::sfGetHashString($reminder_answer, $salt);
}
} else {
// 旧バージョン(2.11未満)からの移行を考慮
if ($old_version_flag && !$is_password_updated) {
// パスワードが更新されない場合は、平文のままにする
unset($arrData['salt']);
} else {
$arrData['reminder_answer'] = SC_Utils_Ex::sfGetHashString($arrData['reminder_answer'], $salt);
}
}
//デフォルト国IDを追加
if (FORM_COUNTRY_ENABLE == false) {
$arrData['country_id'] = DEFAULT_COUNTRY_ID;
}
//-- 編集登録実行
if (is_numeric($customer_id)) {
// 編集
$objQuery->update('dtb_customer', $arrData, 'customer_id = ? ', array($customer_id));
} else {
// 新規登録
// 会員ID
$customer_id = $objQuery->nextVal('dtb_customer_customer_id');
$arrData['customer_id'] = $customer_id;
// 作成日
if (is_null($arrData['create_date'])) {
$arrData['create_date'] = 'CURRENT_TIMESTAMP';
}
$objQuery->insert('dtb_customer', $arrData);
}
$objQuery->commit();
return $customer_id;
}
/**
* 管理者データをUpdateする.
*
* @param array 管理者データの連想配列
* @return void
*/
function updateMemberData($member_id, $arrMemberData)
{
$objQuery =& SC_Query_Ex::getSingletonInstance();
// Updateする値を作成する.
$sqlVal = array();
$sqlVal['name'] = $arrMemberData['name'];
$sqlVal['department'] = $arrMemberData['department'];
$sqlVal['login_id'] = $arrMemberData['login_id'];
$sqlVal['authority'] = $arrMemberData['authority'];
$sqlVal['work'] = $arrMemberData['work'];
$sqlVal['update_date'] = 'CURRENT_TIMESTAMP';
if ($arrMemberData['password'] != DEFAULT_PASSWORD) {
$salt = SC_Utils_Ex::sfGetRandomString(10);
$sqlVal['salt'] = $salt;
$sqlVal['password'] = SC_Utils_Ex::sfGetHashString($arrMemberData['password'], $salt);
}
$where = 'member_id = ?';
// UPDATEの実行
$objQuery->update('dtb_member', $sqlVal, $where, array($member_id));
}
/**
* パスワード文字列のハッシュ一致判定
*
* @param string $pass 確認したいパスワード文字列
* @param string $hashpass 確認したいパスワードハッシュ文字列
* @param string $salt salt
* @return boolean 一致判定
*/
function sfIsMatchHashPassword($pass, $hashpass, $salt)
{
$res = false;
if ($hashpass != '') {
if (AUTH_TYPE == 'PLAIN') {
if ($pass === $hashpass) {
$res = true;
}
} else {
if (empty($salt)) {
// 旧バージョン(2.11未満)からの移行を考慮
$hash = sha1($pass . ':' . AUTH_MAGIC);
} else {
$hash = SC_Utils_Ex::sfGetHashString($pass, $salt);
}
if ($hash === $hashpass) {
$res = true;
}
}
}
return $res;
}
function lfDispComplete($objPage)
{
global $objWebParam;
global $objDBParam;
// hiddenに入力値を保持
$objPage->arrHidden = $objWebParam->getHashArray();
// hiddenに入力値を保持
$objPage->arrHidden = array_merge($objPage->arrHidden, $objDBParam->getHashArray());
$arrDsn = getArrayDsn($objDBParam);
$sqlval['id'] = 1;
$sqlval['shop_name'] = $objWebParam->getValue('shop_name');
$sqlval['email01'] = $objWebParam->getValue('admin_mail');
$sqlval['email02'] = $objWebParam->getValue('admin_mail');
$sqlval['email03'] = $objWebParam->getValue('admin_mail');
$sqlval['email04'] = $objWebParam->getValue('admin_mail');
$sqlval['email05'] = $objWebParam->getValue('admin_mail');
$sqlval['top_tpl'] = 'default1';
$sqlval['product_tpl'] = 'default1';
$sqlval['detail_tpl'] = 'default1';
$sqlval['mypage_tpl'] = 'default1';
$sqlval['update_date'] = 'CURRENT_TIMESTAMP';
$objQuery = new SC_Query($arrDsn);
$cnt = $objQuery->count('dtb_baseinfo');
if ($cnt > 0) {
$objQuery->update('dtb_baseinfo', $sqlval);
} else {
$objQuery->insert('dtb_baseinfo', $sqlval);
}
// 管理者登録
$login_id = $objWebParam->getValue('login_id');
$salt = SC_Utils_Ex::sfGetRandomString(10);
$login_pass = SC_Utils_Ex::sfGetHashString($objWebParam->getValue('login_pass'), $salt);
$arrVal = array('login_id' => $login_id, 'password' => $login_pass, 'salt' => $salt, 'work' => 1, 'del_flg' => 0, 'update_date' => 'CURRENT_TIMESTAMP');
$member_id = $objQuery->get('member_id', 'dtb_member', 'login_id = ? AND del_flg = 0', array($login_id));
if (strlen($member_id) == 0) {
$member_id = $objQuery->nextVal('dtb_member_member_id');
$arrVal['member_id'] = $member_id;
$arrVal['name'] = '管理者';
$arrVal['creator_id'] = 0;
$arrVal['authority'] = 0;
$arrVal['rank'] = 1;
$objQuery->insert('dtb_member', $arrVal);
} else {
$objQuery->update('dtb_member', $arrVal, 'member_id = ?', array($member_id));
}
$objPage->arrHidden['db_skip'] = $_POST['db_skip'];
$objPage->tpl_mainpage = 'complete.tpl';
$objPage->tpl_mode = 'complete';
$secure_url = $objWebParam->getValue('secure_url');
// 語尾に'/'をつける
$secure_url = rtrim($secure_url, '/') . '/';
$objPage->tpl_sslurl = $secure_url;
//EC-CUBEオフィシャルサイトからのお知らせURL
$objPage->install_info_url = INSTALL_INFO_URL;
return $objPage;
}
function lfDispComplete($objPage)
{
global $objWebParam;
global $objDBParam;
// hiddenに入力値を保持
$objPage->arrHidden = $objWebParam->getHashArray();
// hiddenに入力値を保持
$objPage->arrHidden = array_merge($objPage->arrHidden, $objDBParam->getHashArray());
// ショップマスター情報の書き込み
$arrRet = $objDBParam->getHashArray();
$dsn = array('phptype' => $arrRet['db_type'], 'username' => $arrRet['db_user'], 'password' => $arrRet['db_password'], 'protocol' => 'tcp', 'hostspec' => $arrRet['db_server'], 'port' => $arrRet['db_port'], 'database' => $arrRet['db_name']);
$sqlval['id'] = 1;
$sqlval['shop_name'] = $objWebParam->getValue('shop_name');
$sqlval['email01'] = $objWebParam->getValue('admin_mail');
$sqlval['email02'] = $objWebParam->getValue('admin_mail');
$sqlval['email03'] = $objWebParam->getValue('admin_mail');
$sqlval['email04'] = $objWebParam->getValue('admin_mail');
$sqlval['email05'] = $objWebParam->getValue('admin_mail');
$sqlval['top_tpl'] = "default1";
$sqlval['product_tpl'] = "default1";
$sqlval['detail_tpl'] = "default1";
$sqlval['mypage_tpl'] = "default1";
$sqlval['update_date'] = 'CURRENT_TIMESTAMP';
$objQuery = new SC_Query($dsn);
$cnt = $objQuery->count("dtb_baseinfo");
if ($cnt > 0) {
$objQuery->update("dtb_baseinfo", $sqlval);
} else {
$objQuery->insert("dtb_baseinfo", $sqlval);
}
// 管理者登録
$login_id = $objWebParam->getValue('login_id');
$salt = SC_Utils_Ex::sfGetRandomString(10);
$login_pass = SC_Utils_Ex::sfGetHashString($objWebParam->getValue('login_pass'), $salt);
$arrVal = array('login_id' => $login_id, 'password' => $login_pass, 'salt' => $salt, 'work' => 1, 'del_flg' => 0, 'update_date' => 'CURRENT_TIMESTAMP');
$member_id = $objQuery->get('member_id', 'dtb_member', 'login_id = ? AND del_flg = 0', array($login_id));
if (strlen($member_id) == 0) {
//$member_id = $objQuery->nextVal('dtb_member_member_id');
$member_id = 2;
$arrVal['member_id'] = $member_id;
$arrVal['name'] = '管理者';
$arrVal['creator_id'] = 0;
$arrVal['authority'] = 0;
$arrVal['rank'] = 1;
$objQuery->insert("dtb_member", $arrVal);
} else {
$objQuery->update("dtb_member", $arrVal, 'member_id = ?', array($member_id));
}
$objPage->arrHidden['db_skip'] = $_POST['db_skip'];
$objPage->tpl_mainpage = 'complete.tpl';
$objPage->tpl_mode = 'complete';
$secure_url = $objWebParam->getValue('secure_url');
// 語尾に'/'をつける
if (!ereg("/\$", $secure_url)) {
$secure_url = $secure_url . "/";
}
$objPage->tpl_sslurl = HTTPS_URL;
//EC-CUBEオフィシャルサイトからのお知らせURL
$objPage->install_info_url = INSTALL_INFO_URL;
return $objPage;
}
