--------------------------------------------------
http://ithoolic.tistory.com/16 Date : 2013.12.02 14:00
--------------------------------------------------
¼¹ö ÀÌÀü½Ã ·Î±×ÀÎ ¹®Á¦
±×´©º¸µå ±âÁØ ¹öÀü 4.0ÀÌÇÏ¿Í 4.1 À̻󿡼ÀÇ ºñ¹Ð¹øÈ£ °ª¿¡ ´ëÇÑ ¿¬±¸.
MySQL password ÇÔ¼ö 4.0ÀÌÇÏ : 16¹ÙÀÌÆ®
MySQL password ÇÔ¼ö 4.1ÀÌ»ó : 40¹ÙÀÌÆ®
¿©±â¼ »ý±â´Â Ãæµ¹¹®Á¦: °ú°Å 16¹ÙÀÌÆ® ÀÌÇÏ¿¡¼ ·Î±×ÀÎÀÌ °¡´ÉÇÏ´ø °ÍÀÌ ¼¹ö ÀÌÀü ÈÄ ¹ÙÀÌÆ®°ªÀÌ ´Ù¸£±â ¶§¹®¿¡ ·Î±×ÀÎÀÌ µÇÁö ¾Ê½À´Ï´Ù.
[ ¹®Á¦ÇØ°á ¹æ¹ý ]
¾Æ·¡ 3°³ÀÇ ÆÄÀÏ¿¡ ´ëÇÑ ÇÔ¼ö ¼öÁ¤ ¹× ÷°¡·Î °¡´ÉÇÕ´Ï´Ù.
°£´ÜÇÏ°Ô Á¤¸® ÇßÀ¸´Ï µû¶ó ÇØ º¸¼¼¿ä.
=================
lib/common.lib.php
bbs/login_check.php
bbs/register_form.php
=================
common.lib.php
---------------------------------------
function sql_old_password($value)
{
$row = sql_fetch(" select old_password('$value') as pass ");
return $row[pass];
}
---------------------------------------
login_check.phpÀÇ 15¹øÂ° ÁÙ ¹Ù²ãÁÖ±â.
---------------------------------------
if (!$mb[mb_id]) {
alert("°¡ÀÔµÈ È¸¿øÀÌ ¾Æ´Ï°Å³ª ÆÐ½º¿öµå°¡ Ʋ¸³´Ï´Ù.\\n\\nÆÐ½º¿öµå´Â ´ë¼Ò¹®ÀÚ¸¦ ±¸ºÐÇÕ´Ï´Ù.");
} else { //id°¡ Àִ°æ¿ì
if ( (sql_password($mb_password) != $mb[mb_password]) && (sql_old_password($mb_password) != $mb[mb_password]) ) {
alert("°¡ÀÔµÈ È¸¿øÀÌ ¾Æ´Ï°Å³ª ÆÐ½º¿öµå°¡ Ʋ¸³´Ï´Ù.\\n\\nÆÐ½º¿öµå´Â ´ë¼Ò¹®ÀÚ¸¦ ±¸ºÐÇÕ´Ï´Ù.");
}
}
---------------------------------------
register_form.phpÀÇ 66-67¹øÂ° ÁÙ ¹Ù²ãÁÖ±â.
---------------------------------------
if (!($member[mb_password] == sql_password($_POST[mb_password]) && $_POST[mb_password]) && !($member[mb_password] == sql_old_password($_POST[mb_password]) && $_POST[mb_password]))
alert("ÆÐ½º¿öµå°¡ Ʋ¸³´Ï´Ù.");
---------------------------------------
ȸ¿øÀÌ ¸ðµÎ ºñ¹Ð¹øÈ£¸¦ 40¹ÙÀÌÆ®·Î ¹Ù²Û ÈÄ À§¿¡ ¼öÁ¤ÇÑ °ÍµéÀ» ´Ù½Ã ¿ø»óº¹±Í ÇØ ³õ´Â°Ô ÁÁ½À´Ï´Ù.
»çÀÌÆ®¿¡ ȸ¿øÀÌ ¾ø´Ù¸é º° »ó°üÀÌ ¾ø°ÚÀ¸³ª ·Î±×ÀÎÀ» ÇØ¾ß Çϴ ȸ¿øÀÌ ¸¹´Ù¸é ÇÊ¿äÇÑ ºÎºÐÀÔ´Ï´Ù.
¾î·µç ÀÌ·¸°Ô Çϸé Á¤»ó ÀûÀ¸·Î ·Î±×ÀÎÀÌ µÇ¸ç ÀÌ ¼³¸íÀº ±×´©º¸µå·Î ¸¸µç »çÀÌÆ® ±âÁØÀÔ´Ï´Ù.
<ÀÚ·áÃâó : http://ithoolic.tistory.com/16 > |