public function testSfIsMatchHashPassword_ハッシュ化後の文字列が一致する場合_trueが返る() { $pass = '******'; $salt = 'salt'; $hashpass = SC_Utils_Ex::sfGetHashString($pass, $salt); $this->expected = TRUE; $this->actual = SC_Utils::sfIsMatchHashPassword($pass, $hashpass, $salt); $this->verify('パスワード文字列比較結果'); }
/** * 会員情報の登録・編集処理を行う. * * @param array $arrData 登録するデータの配列(SC_FormParamのgetDbArrayの戻り値) * @param array $customer_id nullの場合はinsert, 存在する場合はupdate * @access public * @return integer 登録編集したユーザーのcustomer_id */ public function sfEditCustomerData($arrData, $customer_id = null) { $objQuery =& SC_Query_Ex::getSingletonInstance(); $objQuery->begin(); $old_version_flag = false; $arrData['update_date'] = 'CURRENT_TIMESTAMP'; // 更新日 // salt値の生成(insert時)または取得(update時)。 if (is_numeric($customer_id)) { $salt = $objQuery->get('salt', 'dtb_customer', 'customer_id = ? ', array($customer_id)); // 旧バージョン(2.11未満)からの移行を考慮 if (strlen($salt) === 0) { $old_version_flag = true; } } else { $salt = SC_Utils_Ex::sfGetRandomString(10); $arrData['salt'] = $salt; } //-- パスワードの更新がある場合は暗号化 if ($arrData['password'] == DEFAULT_PASSWORD or $arrData['password'] == '') { //更新しない unset($arrData['password']); } else { // 旧バージョン(2.11未満)からの移行を考慮 if ($old_version_flag) { $is_password_updated = true; $salt = SC_Utils_Ex::sfGetRandomString(10); $arrData['salt'] = $salt; } $arrData['password'] = SC_Utils_Ex::sfGetHashString($arrData['password'], $salt); } //-- 秘密の質問の更新がある場合は暗号化 if ($arrData['reminder_answer'] == DEFAULT_PASSWORD or $arrData['reminder_answer'] == '') { //更新しない unset($arrData['reminder_answer']); // 旧バージョン(2.11未満)からの移行を考慮 if ($old_version_flag && $is_password_updated) { // パスワードが更新される場合は、平文になっている秘密の質問を暗号化する $reminder_answer = $objQuery->get('reminder_answer', 'dtb_customer', 'customer_id = ? ', array($customer_id)); $arrData['reminder_answer'] = SC_Utils_Ex::sfGetHashString($reminder_answer, $salt); } } else { // 旧バージョン(2.11未満)からの移行を考慮 if ($old_version_flag && !$is_password_updated) { // パスワードが更新されない場合は、平文のままにする unset($arrData['salt']); } else { $arrData['reminder_answer'] = SC_Utils_Ex::sfGetHashString($arrData['reminder_answer'], $salt); } } //デフォルト国IDを追加 if (FORM_COUNTRY_ENABLE == false) { $arrData['country_id'] = DEFAULT_COUNTRY_ID; } //-- 編集登録実行 if (is_numeric($customer_id)) { // 編集 $objQuery->update('dtb_customer', $arrData, 'customer_id = ? ', array($customer_id)); } else { // 新規登録 // 会員ID $customer_id = $objQuery->nextVal('dtb_customer_customer_id'); $arrData['customer_id'] = $customer_id; // 作成日 if (is_null($arrData['create_date'])) { $arrData['create_date'] = 'CURRENT_TIMESTAMP'; } $objQuery->insert('dtb_customer', $arrData); } $objQuery->commit(); return $customer_id; }
/** * 管理者データをUpdateする. * * @param array 管理者データの連想配列 * @return void */ function updateMemberData($member_id, $arrMemberData) { $objQuery =& SC_Query_Ex::getSingletonInstance(); // Updateする値を作成する. $sqlVal = array(); $sqlVal['name'] = $arrMemberData['name']; $sqlVal['department'] = $arrMemberData['department']; $sqlVal['login_id'] = $arrMemberData['login_id']; $sqlVal['authority'] = $arrMemberData['authority']; $sqlVal['work'] = $arrMemberData['work']; $sqlVal['update_date'] = 'CURRENT_TIMESTAMP'; if ($arrMemberData['password'] != DEFAULT_PASSWORD) { $salt = SC_Utils_Ex::sfGetRandomString(10); $sqlVal['salt'] = $salt; $sqlVal['password'] = SC_Utils_Ex::sfGetHashString($arrMemberData['password'], $salt); } $where = 'member_id = ?'; // UPDATEの実行 $objQuery->update('dtb_member', $sqlVal, $where, array($member_id)); }
/** * パスワード文字列のハッシュ一致判定 * * @param string $pass 確認したいパスワード文字列 * @param string $hashpass 確認したいパスワードハッシュ文字列 * @param string $salt salt * @return boolean 一致判定 */ function sfIsMatchHashPassword($pass, $hashpass, $salt) { $res = false; if ($hashpass != '') { if (AUTH_TYPE == 'PLAIN') { if ($pass === $hashpass) { $res = true; } } else { if (empty($salt)) { // 旧バージョン(2.11未満)からの移行を考慮 $hash = sha1($pass . ':' . AUTH_MAGIC); } else { $hash = SC_Utils_Ex::sfGetHashString($pass, $salt); } if ($hash === $hashpass) { $res = true; } } } return $res; }
function lfDispComplete($objPage) { global $objWebParam; global $objDBParam; // hiddenに入力値を保持 $objPage->arrHidden = $objWebParam->getHashArray(); // hiddenに入力値を保持 $objPage->arrHidden = array_merge($objPage->arrHidden, $objDBParam->getHashArray()); $arrDsn = getArrayDsn($objDBParam); $sqlval['id'] = 1; $sqlval['shop_name'] = $objWebParam->getValue('shop_name'); $sqlval['email01'] = $objWebParam->getValue('admin_mail'); $sqlval['email02'] = $objWebParam->getValue('admin_mail'); $sqlval['email03'] = $objWebParam->getValue('admin_mail'); $sqlval['email04'] = $objWebParam->getValue('admin_mail'); $sqlval['email05'] = $objWebParam->getValue('admin_mail'); $sqlval['top_tpl'] = 'default1'; $sqlval['product_tpl'] = 'default1'; $sqlval['detail_tpl'] = 'default1'; $sqlval['mypage_tpl'] = 'default1'; $sqlval['update_date'] = 'CURRENT_TIMESTAMP'; $objQuery = new SC_Query($arrDsn); $cnt = $objQuery->count('dtb_baseinfo'); if ($cnt > 0) { $objQuery->update('dtb_baseinfo', $sqlval); } else { $objQuery->insert('dtb_baseinfo', $sqlval); } // 管理者登録 $login_id = $objWebParam->getValue('login_id'); $salt = SC_Utils_Ex::sfGetRandomString(10); $login_pass = SC_Utils_Ex::sfGetHashString($objWebParam->getValue('login_pass'), $salt); $arrVal = array('login_id' => $login_id, 'password' => $login_pass, 'salt' => $salt, 'work' => 1, 'del_flg' => 0, 'update_date' => 'CURRENT_TIMESTAMP'); $member_id = $objQuery->get('member_id', 'dtb_member', 'login_id = ? AND del_flg = 0', array($login_id)); if (strlen($member_id) == 0) { $member_id = $objQuery->nextVal('dtb_member_member_id'); $arrVal['member_id'] = $member_id; $arrVal['name'] = '管理者'; $arrVal['creator_id'] = 0; $arrVal['authority'] = 0; $arrVal['rank'] = 1; $objQuery->insert('dtb_member', $arrVal); } else { $objQuery->update('dtb_member', $arrVal, 'member_id = ?', array($member_id)); } $objPage->arrHidden['db_skip'] = $_POST['db_skip']; $objPage->tpl_mainpage = 'complete.tpl'; $objPage->tpl_mode = 'complete'; $secure_url = $objWebParam->getValue('secure_url'); // 語尾に'/'をつける $secure_url = rtrim($secure_url, '/') . '/'; $objPage->tpl_sslurl = $secure_url; //EC-CUBEオフィシャルサイトからのお知らせURL $objPage->install_info_url = INSTALL_INFO_URL; return $objPage; }
function lfDispComplete($objPage) { global $objWebParam; global $objDBParam; // hiddenに入力値を保持 $objPage->arrHidden = $objWebParam->getHashArray(); // hiddenに入力値を保持 $objPage->arrHidden = array_merge($objPage->arrHidden, $objDBParam->getHashArray()); // ショップマスター情報の書き込み $arrRet = $objDBParam->getHashArray(); $dsn = array('phptype' => $arrRet['db_type'], 'username' => $arrRet['db_user'], 'password' => $arrRet['db_password'], 'protocol' => 'tcp', 'hostspec' => $arrRet['db_server'], 'port' => $arrRet['db_port'], 'database' => $arrRet['db_name']); $sqlval['id'] = 1; $sqlval['shop_name'] = $objWebParam->getValue('shop_name'); $sqlval['email01'] = $objWebParam->getValue('admin_mail'); $sqlval['email02'] = $objWebParam->getValue('admin_mail'); $sqlval['email03'] = $objWebParam->getValue('admin_mail'); $sqlval['email04'] = $objWebParam->getValue('admin_mail'); $sqlval['email05'] = $objWebParam->getValue('admin_mail'); $sqlval['top_tpl'] = "default1"; $sqlval['product_tpl'] = "default1"; $sqlval['detail_tpl'] = "default1"; $sqlval['mypage_tpl'] = "default1"; $sqlval['update_date'] = 'CURRENT_TIMESTAMP'; $objQuery = new SC_Query($dsn); $cnt = $objQuery->count("dtb_baseinfo"); if ($cnt > 0) { $objQuery->update("dtb_baseinfo", $sqlval); } else { $objQuery->insert("dtb_baseinfo", $sqlval); } // 管理者登録 $login_id = $objWebParam->getValue('login_id'); $salt = SC_Utils_Ex::sfGetRandomString(10); $login_pass = SC_Utils_Ex::sfGetHashString($objWebParam->getValue('login_pass'), $salt); $arrVal = array('login_id' => $login_id, 'password' => $login_pass, 'salt' => $salt, 'work' => 1, 'del_flg' => 0, 'update_date' => 'CURRENT_TIMESTAMP'); $member_id = $objQuery->get('member_id', 'dtb_member', 'login_id = ? AND del_flg = 0', array($login_id)); if (strlen($member_id) == 0) { //$member_id = $objQuery->nextVal('dtb_member_member_id'); $member_id = 2; $arrVal['member_id'] = $member_id; $arrVal['name'] = '管理者'; $arrVal['creator_id'] = 0; $arrVal['authority'] = 0; $arrVal['rank'] = 1; $objQuery->insert("dtb_member", $arrVal); } else { $objQuery->update("dtb_member", $arrVal, 'member_id = ?', array($member_id)); } $objPage->arrHidden['db_skip'] = $_POST['db_skip']; $objPage->tpl_mainpage = 'complete.tpl'; $objPage->tpl_mode = 'complete'; $secure_url = $objWebParam->getValue('secure_url'); // 語尾に'/'をつける if (!ereg("/\$", $secure_url)) { $secure_url = $secure_url . "/"; } $objPage->tpl_sslurl = HTTPS_URL; //EC-CUBEオフィシャルサイトからのお知らせURL $objPage->install_info_url = INSTALL_INFO_URL; return $objPage; }