Mysql 4.1 ¹öÀü¿¡¼ Á¦·Îº¸µå ȣȯ¿¡ ¹®Á¦°¡ µÇ´Â ÀÌÀ¯
1. PASSWORD ÇÔ¼öÀÇ »ç¿ë¹ÙÀÌÆ® ¼ö Áõ°¡
±âÁ¸ 4.0 ±îÁöÀÇ password() ÇÔ¼ö´Â ÇÔȣȸ¦ À§ÇØ 16 ¹ÙÀÌÆ®¸¦
»ç¿ëÇߴµ¥ 4.1 ºÎÅÍ´Â 41 ¹ÙÀÌÆ®¸¦ »ç¿ëÇÕ´Ï´Ù.
±×¸®°í 4.1 ¿¡¼ 4.0 ÀÌÀüÀÇ 16 ¹ÙÀÌÆ® ÇÔ¼ö´Â old_password() ¶ó´Â
À̸§À¸·Î ¹Ù²î¾ú½À´Ï´Ù.
¾Æ·¡´Â 4.1 ¿¡¼ÀÇ °£´ÜÇÑ ¿¹ÀÔ´Ï´Ù.
mysql> select password('aabbcc');
+-------------------------------------------+
| password('aabbcc') |
+-------------------------------------------+
| *2413A83E64BC8C0B97D3072004D15A19E48A1C00 |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> select old_password('aabbcc');
+------------------------+
| old_password('aabbcc') |
+------------------------+
| 2cbf598202278785 |
+------------------------+
1 row in set (0.00 sec)
mysql> select length(password('aabbcc'));
+----------------------------+
| length(password('aabbcc')) |
+----------------------------+
| 41 |
+----------------------------+
1 row in set (0.00 sec)
mysql> select length(old_password('aabbcc'));
+--------------------------------+
| length(old_password('aabbcc')) |
+--------------------------------+
| 16 |
+--------------------------------+
1 row in set (0.00 sec)
2. Å×ÀÌºí »ý¼º ½ºÅ°¸¶ Á¦ÇÑ
Á¦·Îº¸µå¿¡¼ »õ Å×À̺íÀ» »ý¼ºÇÒ¶§ ¼Ò½º µð·ºÅ丮ÀÇ schema.sql À̶ó´Â ÆÄÀÏÀ»
ÅëÇؼ »ý¼ºÇÕ´Ï´Ù.
Mysql 4.1 ¿¡¼´Â create table ¿¡¼
create table $admin_table (
no int(11) default '0' not null auto_increment primary key,
group_no int(20) unsigned not null,
....
¿Í °°ÀÌ auto_increment ¿É¼ÇÀ» ÁØ Ä®·³¿¡ default '0' °ú °°Àº
µðÆúÆ® °ªÀ» °°ÀÌ »ç¿ëÇÒ ¼ö°¡ ¾ø½À´Ï´Ù.
±×·¸°Ô »ç¿ëÇÏ¸é ¾Æ·¡ ó·³ ¿¡·¯°¡ ³³´Ï´Ù. ´ç¿¬È÷ Á¦·Îº¸µå¿¡¼
Å×ÀÌºí »ý¼ºÀÌ ¾ÈµË´Ï´Ù.
mysql> create table aaaa ( id int default '0' not null auto_increment primary key );
ERROR 1067 (42000): Invalid default value for 'id'
mysql> create table aaaa ( id int not null auto_increment primary key );
Query OK, 0 rows affected (0.01 sec)
À§ µÎ°¡Áö¸¸ Àß ÀÌÇØÇϸé Mysql 4.1 ¿¡¼ Á¦·Îº¸µå »ç¿ë½Ã ¹ß»ýÇÏ´Â ¿¡·¯µéÀÇ ¿øÀÎÀ»
ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù.
Á»´õ ±¸Ã¼ÀûÀ¸·Î º¸¸é..
[¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷]
Á¦·Îº¸µå¸¦ óÀ½À¸·Î ¼³Ä¡Çؼ »ç¿ëÇϵç ÀÌÀü Á¦·Îº¸µåµ¥ÀÌŸ¿Í ¼Ò½º¸¦ ¿Å±âµçÁö
¹Ýµå½Ã ¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷Àº schema.sql À̶ó´Â ÆÄÀÏ¿¡¼
default '0' not null auto_increment À̺κп¡¼ default '0' À» »èÁ¦ÇÕ´Ï´Ù.
¸ðµç default '0'À» »èÁ¦ÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó ¹Ýµå½Ã auto_increment ¿Í °°ÀÌ »ç¿ëµÇ´Â
Ä®·³ÀÇ default '0' À» »èÁ¦ÇÕ´Ï´Ù.
±×¸®°í Æнº¿öµå ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±âµµ ÀÌÀü 20 ¿¡¼ 41 ·Î ´Ã·ÁÁÖ´Â °ÍÀÌ
ÁÁ½À´Ï´Ù. ¾Æ·¡¿¡¼ ´Ù½Ã..
[ 4.1 ¹öÀüÀÇ »õ password() ÇÔ¼ö¸¦ »ç¿ëÇÒ °æ¿ì]
ÃÖÃÊ·Î Á¦·Îº¸µå¸¦ ±ò¾Æ¼ »ç¿ëÇÏ·Á´Â »ç¶÷µé¿¡°Ô Àû¿ëµÉ µíÇÕ´Ï´Ù.
Á»´õ º¸¾ÈÀÌ °ÈµÈ 4.1 ¹öÀüÀÇ password ÇÔ¼ö¸¦ »ç¿ëÇÏ·Á¸é php ¼Ò½º´Â
±×´ë·Î µÎ°í schema.sql ÆÄÀÏÀ» Ãß°¡ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù.
À§¿¡¼´Â schema.sql ÀÇ default '0' ºÎºÐ¸¸ ¼öÁ¤Çߴµ¥
À̹ø¿¡´Â password ¸¦ ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±â¸¦ ´Ã·Á¾ß ÇÕ´Ï´Ù.
±âÁ¸ÀÇ password Ä®·³Àº 20 ȤÀº 18 µîÀÇ Å©±â·Î µÇ¾î Àִµ¥
password char(20)
À̺κÐÀ» 41 ·Î ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
schema.sql ¿¡¼
29 ¶óÀÎÀÇ password char(20) not null,
38 ¶óÀÎÀÇ jumin char(18),
234 ¶óÀÎÀÇ password char(20),
288 ¶óÀÎÀÇ password char(20),
¸ðµÎ 4 °÷À» 41 ·Î Å©±â¸¦ ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
Á¦·Îº¸µå¿¡¼´Â Áֹεî·Ï¹øÈ£µµ ¾Ïȣȸ¦ ÇϹǷΠjumin Ä®·³µµ
¼öÁ¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ÀÌ ¿Ü¿¡µµ ºüÁøºÎºÐÀÌ ÀÖ´ÂÁö´Â °¢ÀÚ ¾Ë¾Æ¼
üũÇغ¸½Ã±æ.
ÀÌ¿Í °°Àº ÀÛ¾÷Àº ½ÇÁ¦ ¼³Ä¡¸¦ ½ÃÀÛÇÏ°Ô Àü¿¡ ÇØÁà¾ß ÇÕ´Ï´Ù.
¼öÁ¤ÇÏÁö ¾Ê°í ¼³Ä¡ÈÄ ¿¡·¯°¡ ³µÀ» °æ¿ì¿¡´Â »ý¼ºµÈ DB ¸¦
»èÁ¦ÇØÁÖ°í config.php ÆÄÀÏÀ» »èÁ¦ÇÑÈÄ ´Ù½Ã install.php ¸¦
½ÇÇàÇؼ ÷ºÎÅÍ ´Ù½Ã ¼³Ä¡¸¦ ÇÏ½Ã¸é µË´Ï´Ù.
[ÀÌÀü 4.0 ÀÌÇÏ ¹öÀüÀÇ password() ÇÔ¼ö¸¦ ±×´ë·Î »ç¿ëÇÒ °æ¿ì]
4.0 ÀÌÀüÀÇ password()ÇÔ¼ö´Â mysql 4.1x ¿¡¼´Â old_password() ¶ó´Â
ÇÔ¼ö·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÀÌ¹Ì mysql 4.0 ÀÌÇϹöÀü¿¡ Á¦·Îº¸µå·Î ¸¹Àº ȸ¿ø°ú °Ô½ÃÆǵéÀ» ¿î¿µÇÏ°í
ÀÖ¾ú´ø °æ¿ì ±× µ¥ÀÌŸ¸¦ ±×´ë·Î »ì¸®¸é¼ 4.1·Î ¿Å±æ¶§ Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
¿ì¼± Á¦·Îº¸µåÀÇ php ¼Ò½º¿¡¼ »ç¿ëµÈ ¸ðµç password() ÇÔ¼ö¸¦ old_password() ÇÔ¼ö·Î
°íÄ¡¸é µË´Ï´Ù. ¸»ÀÌ ½±Áö ÀÛ¾÷Çϱâ Àå³ ¾Æ´Õ´Ï´Ù.
ÀÏ´Ü ¾î¶² ¼Ò½º¿¡¼ password() ÇÔ¼ö¸¦ ¾²´ÂÁö º¸·Á¸é..
[root@haansoft bbs]# pwd
/var/www/html/bbs
[root@haansoft bbs]# grep -R -i -l "password(" ./*
./admin/admin_exec_member.php
./admin/admin_view_member.php
./comment_ok.php
./del_comment_ok.php
./delete_ok.php
./install2_ok.php
./login_check.php
./lostid_search.php
./member_join_ok.php
./member_modify_ok.php
./member_out.php
./view.php
./write_ok.php
[root@haansoft bbs]#
¿Í °°Àº ÆÄÀϵéÀÌ password() ÇÔ¼ö¸¦ ¾¹´Ï´Ù. ±¸Ã¼ÀûÀÎ ¶óÀÎÀÇ ³»¿ëÀ» º¸·Á¸é
grep -R -i "password(" ./* ¿Í °°ÀÌ -l ¿É¼ÇÀ» »©°í grep ¸í·ÉÀ»
³»·Áº¸¸é µË´Ï´Ù.
À§ 13 °³ ÆÄÀÏÀ» ¿¾î¼ password("$password") ¿Í °°Àº ºÎºÐÀ»
old_password("$password") ¿Í °°ÀÌ ¼öÁ¤ÇØ ÁÖ¸é µË´Ï´Ù.
Ãâó :
http://kasua.namoweb.net/zb41pl4/bbs/skin/ggambo7002_board/print.php?id=home&no=102
¿À´Ã ¿ì¿¬ÇÏ°Ô(?) º½ÀÌ ¹Þ°í Àִ ȣ½ºÆà ¾÷ü¿¡ Á¦·Îº¸µå¸¦ ¼³Ä¡ÇØ ÁÖ´Ù°¡ ¼öÁ¤ÇÑ °ÍÀÔ´Ï´Ù.
ȯ°æÀº
PHP : 5.x
MySQL : 5.x
ÀÌ·¸½À´Ï´Ù.
Çö»óÀº ´ÙÀ½°ú °°½À´Ï´Ù
admin.php ÆäÀÌÁö¿¡¼ ·Î±×ÀÎ id/pw Á¤»óÀûÀ¸·Î ÀÔ·ÂÀ» ÇßÀ½¿¡µµ ºÒ±¸ÇÏ°í admin-setup.php·Î ³Ñ¾î°¡Áö ¾Ê´Â °ÍÀÔ´Ï´Ù.
¸ÕÀú login_check.php ÆÄÀÏÀ» ¿¾î º¾´Ï´Ù.
session_register("zb_logged_no");
session_register("zb_logged_time");
session_register("zb_logged_ip");
session_register("zb_last_connect_check");
ÀÌ·± °Ô ÀÖ½À´Ï´Ù.
Ȥ½Ã³ª Çؼ
print_r($_SESSION);
À» Çß´õ´Ï ºó°ªÀÔ´Ï´Ù.
¿ì¼±Àº login_check.php ÆÄÀϺÎÅÍ ¼ÕÀ» Àá±ñ º¸°Ú½À´Ï´Ù.
À§¿¡ Àú ºÎºÐÀ»
$_SESSION["zb_logged_no"] = $zb_logged_no;
$_SESSION["zb_logged_time"] = $zb_logged_time;
$_SESSION["zb_logged_ip"] = $zb_logged_ip;
$_SESSION["zb_last_connect_check"]= $zb_last_connect_check;
ÀÌ·¸°Ô ¹Ù²ß´Ï´Ù.
print_r($_SESSION);
À» ÇÏ°Ô µÇ¸é
Array
(
[zb_last_connect_check] => 0
[zb_logged_no] => 1
[zb_logged_time] => 1229406938
[zb_logged_ip] => xxx.xxx.xxx.xxx <- ÀÌ°Å´Â ÀÚü ÇÊÅ͸µ;; Äð·°
)
ÀÌ·¸°Ô ³ª¿À³×¿ä.
php.ini¿¡ º¸¸é register_globals¶ó´Â Ç׸ñÀÌ Àִµ¥ Off·Î µÇ¾î Àֱ⠶§¹®¿¡ ±×·¸½À´Ï´Ù.
¿ì¸®³ª¶óÀÇ °æ¿ì´Â ¾îÁö°£ÇÑ È£½ºÆà ¾÷ü´Â OnÀÔ´Ï´Ù.
º¸¾ÈÀ̳ª ÀÌ·± °ÍµéÀ» À§Çؼµµ Off·Î »ç¿ëÇϽô °Ô ÁÁ½À´Ï´Ù.
ÀÚ ÀÌÁ¦ µÆÀ¸´Ï ´Ù½Ã ·Î±×ÀÎÀ» ÇØ º¾´Ï´Ù.
¶Ç ¾Æ±î¿Í °°Àº »óȲÀÔ´Ï´Ù.
¼¼¼ÇÀº Á¤»óÀûÀ¸·Î »ý¼ºÀÌ µÇ¾ú½À´Ï´Ù.
Ȥ½Ã³ª Çؼ admin.php ¼Ò½º¸¦ º¸¸é admin_setup.php ÆäÀÌÁö·Î ³Ñ±â´Â ºÎºÐÀÌ º¸ÀÌ°í
<?
include "lib.php";
$connect=dbConn();
$member=member_info();
if(($member[no]&&$member[is_admin]<3&&$member[is_admin]>=1)||($member[no]&&$member[board_name])) move page("admin_setup.php");
ÀÌ·¸°Ô µÇ¾î ÀÖ½À´Ï´Ù.
if¹®¿¡ ÀÖ´Â Á¶°Ç¿¡ ºÎÇÕÇÏÁö ¾Ê´Ù´Â °Å°ÚÁÒ.
À̹ø¿£ lib.php¸¦ ¿¾î º¾´Ï´Ù.
$member=member_info();
¾ê¸¦ ¸ÕÀú º¾´Ï´Ù.
member_info()¶ó´Â ÇÔ¼ö¸¦ °Ë»öÇØ º¸°Ú½À´Ï´Ù.
function member_info() {
global $HTTP_SESSION_VARS, $member_table, $member, $connect;
if(defined("_member_info_included")&&$member[no]) return $member;
define("_member_info_included", true);
if($member[no]) return $member;
if($HTTP_SESSION_VARS["zb_logged_no"]) {
$member=mysql_fetch_array(mysql_query("select * from $member_table where no ='".$HTTP_SESSION_VARS["zb_logged_no"]."'"));
if(!$member[no]) {
unset($member);
$member[level] = 10;
}
} else $member[level] = 10;
return $member;
}
Àú·¸°Ô ³ª¿À³×¿ä.
À§¿¡ ¶Ç ÀÌ»óÇÑ °Ô º¸ÀÔ´Ï´Ù.
$HTTP_SESSION_VARS;
$HTTP_SESSION_VARS["zb_logged_no"];
php.ini¿¡¼ register_long_arrays°¡ Off·Î µÇ¾î ÀÖÀ¸¸é Àú·¸°Ô ±ä ³à¼®µµ »ç¿ëÀ» ÇÒ ¼ö°¡ ¾ø½À´Ï´Ù.
Âü°í·Î PHP6¿¡¼± ¾Æ¿¹ »èÁ¦ÇÑ´Ù°í ÇÕ´Ï´Ù.
±×·¯´Ï ¾Æ¿¹ Áö±ÝºÎÅÍ »ç¿ëÀ» ¾Ê´Â °Ô ÁÁ°ÚÁÒ.
http://kr2.php.net/manual/kr/function.session-register.php
$_SESSION;
$_SESSION["zb_logged_no"];
ÀÌ·¸°Ô ¹Ù²ã ÁÖ½Ã¸é µË´Ï´Ù.
ÀÌÁ¦ Á¤»óÀûÀ¸·Î Àß µÇ´ÂÁö Å×½ºÆ® ÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
Ãâó:
http://www.nyaongnyaong.com/636 [zzin]