1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<?
// include Á¤ÀÇ
include_once("dbconnect.php"); // DB Connect Information
// Notice Error ¹æÁö
if(!isset($_POST['sms_id'])) $_POST['sms_id'] = "";
if(!isset($_POST['old_pw'])) $_POST['old_pw'] = "";
if(!isset($_POST['new_pw1'])) $_POST['new_pw1'] = "";
if(!isset($_POST['new_pw2'])) $_POST['new_pw2'] = "";
// º¯¼ö ¼±¾ð
$sms_id = $_POST['sms_id']; // SMS »ç¿ëÀÚ ID
$old_pw = $_POST['old_pw']; // SMS ±âÁ¸ ¾ÏÈ£
$new_pw1 = $_POST['new_pw1']; // SMS ½Å±Ô ¾ÏÈ£
$new_pw2 = $_POST['new_pw2']; // SMS ½Å±Ô ¾ÏÈ£ È®ÀÎ
$userInfo = array(); // »ç¿ëÀÚ Á¤º¸ ¹è¿ ¼±¾ð
$userInfo['id'] = ""; // »ç¿ëÀÚ ID(DB Á¶È¸)
$userInfo['pw'] = ""; // »ç¿ëÀÚ PW(DB Á¶È¸)
$returnCode = 1; // Return Code(1: Á¢±ÙX, 2:¾ÆÀ̵ð ¾øÀ½, 3:¾ÆÀ̵𳪠ºñ¹Ð¹øÈ£ Ʋ¸², 4:¼º°ø)
// ÇʼöÇ׸ñÀÌ ´©¶ô µÇ¾úÀ» °æ¿ì Error Message Ãâ·Â ÈÄ Á¾·á.
if($sms_id == "" || $old_pw == "" || $new_pw1 == "" || $new_pw2 == ""){
echo "<script>alert('ÇʼöÇ׸ñÀÌ ´©¶ô µÇ¾ú½À´Ï´Ù.');</script>";
exit;
}
$sql = "SELECT userid, user_passwd FROM smsuser WHERE userid = '{$sms_id}' LIMIT 1";
$result = mysql_query($sql, $conn);
while($row = mysql_fetch_assoc($result)){
$userInfo['id'] = $row['userid'];
$userInfo['pw'] = $row['user_passwd'];
}
// ID°¡ Á¸Àç ÇÏÁö ¾ÊÀ» ¶§.
if($userInfo['id'] == ""){
$returnCode = 2;
}else{
// SQL Injection °ø°ÝÀ» ¸·±â À§ÇØ ºñ¹Ð¹øÈ£ üũ Query ºÐÇÒ
//echo $userInfo['pw']."<br>";
//echo $old_pw;
$sql = "select sha1('{$old_pw}') as pwd";
$res = mysql_query($sql);
$info = mysql_fetch_array($res);
if($userInfo['pw'] == $info['pwd']){
//$sql = "UPDATE smsuser SET userpw = '{$new_pw1}', user_passwd = SHA1('{$new_pw1}') WHERE userid = '{$userInfo['id']}'";
$sql = "UPDATE smsuser SET user_passwd = SHA1('{$new_pw1}') WHERE userid = '{$userInfo['id']}'";
$result = mysql_query($sql, $conn);
$returnCode = 4;
}else{
$returnCode = 3;
}
}
?>
<!DOCTYPE html>
<html lang="ko">
<head>
<meta charset="euc-kr">
<title>¹ÌÁø¼ÒÇÁÆ® - SMS ¾ÏÈ£º¯°æ ÆäÀÌÁö</title>
<link href="css/sms_pw.css" rel="stylesheet" />
</head>
<body>
<div class="smsWrap1">
<div class="logo"><img src="images/logo.png" alt="¹ÌÁø¼ÒÇÁÆ®"></div>
<div class="smsWrap2">
<div class="header">
<h1><img src="images/sms_title.png" alt="SMS ºñ¹Ð¹øÈ£ º¯°æ"></h1>
<p>ÇöÀç ¾ÆÀ̵ð¿Í ºñ¹Ð¹øÈ£¸¦ ÀÔ·ÂÇÑ ÈÄ »õ·Î »ç¿ëÇÒ ºñ¹Ð¹øÈ£¸¦ ÀÔ·ÂÇϼ¼¿ä.</p>
</div>
<div class="smsContainer">
<?
switch($returnCode){
case 1 :
echo "<p class='result_text'><img src='images/delete.png'>ºñÁ¤»óÀûÀÎ Á¢±ÙÀÔ´Ï´Ù.</p>
<p class='result_btn'><a href='sms_pw.php'><img src='images/sms_btn_back.png' alt='ÀÌÀüÀ¸·Î'></a></p>";
break;
case 2 :
echo "<p class='result_text'><img src='images/delete.png'>SMS ¾ÆÀ̵𰡠Á¸ÀçÇÏÁö ¾Ê½À´Ï´Ù.</p>
<p class='result_btn'><a href='sms_pw.php'><img src='images/sms_btn_back.png' alt='ÀÌÀüÀ¸·Î'></a></p>";
break;
case 3 :
echo "<p class='result_text'><img src='images/cancel.png'>SMS ºñ¹Ð¹øÈ£°¡ ÀÏÄ¡ÇÏÁö ¾Ê½À´Ï´Ù.</p>
<p class='result_btn'><a href='sms_pw.php'><img src='images/sms_btn_back.png' alt='ÀÌÀüÀ¸·Î'></a></p>";
break;
case 4 :
echo "<p><img src='images/check.png'><span class='result_text'>ºñ¹Ð¹øÈ£ º¯°æÀÌ ¿Ï·á µÇ¾ú½À´Ï´Ù.</span></p>
<p class='result_btn'><a href='sms_pw.php'><img src='images/sms_btn_ok.png' alt='È®ÀÎ'></a></p>";
break;
}
?>
</div>
</div><!-- smsWrap2-->
<div class="smsFooter">
<img src="images/sms_copyright.png" alt="Ä«ÇǶóÀÌÆ®">
</div>
</div><!-- smsWrap1-->
</body>
</html>
|