[Svn-src-all:1422] [version-2_5-dev 20313] * 管理画面の認証を require_base.php で行うよう修正

[nanasess]

Subversion committed to /home/svn/open 20313
http://svn.ec-cube.net/open_trac/changeset/20313
┌────────────────────────────┐
│更新者　:  nanasess                                     │
│更新日時:  2011-02-22 06:50:04 +0900 (火, 22  2月 2011)│
└────────────────────────────┘

Log:
--------------------------------------------------------
 * 管理画面の認証を require_base.php で行うよう修正
   * TODO 各ページに記載している SC_Utils_Ex::sfIsSuccess(new SC_Session()); を削除する.


Changed:                      [U:修正，A:追加，D:削除]
--------------------------------------------------------
U   branches/version-2_5-dev/data/Smarty/templates/admin/admin_popup_header.tpl
U   branches/version-2_5-dev/data/Smarty/templates/admin/login.tpl
U   branches/version-2_5-dev/data/Smarty/templates/admin/login_frame.tpl
U   branches/version-2_5-dev/data/Smarty/templates/admin/main_frame.tpl
U   branches/version-2_5-dev/data/Smarty/templates/default/popup_header.tpl
U   branches/version-2_5-dev/data/Smarty/templates/default/site_frame.tpl
U   branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php
U   branches/version-2_5-dev/data/class/pages/LC_Page.php
U   branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin.php
U   branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Index.php
U   branches/version-2_5-dev/data/class/pages/error/LC_Page_Error.php
U   branches/version-2_5-dev/data/class/pages/error/LC_Page_Error_DispError.php
U   branches/version-2_5-dev/data/require_base.php
U   branches/version-2_5-dev/html/install/sql/create_table_mysql.sql
U   branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql
U   branches/version-2_5-dev/html/install/sql/insert_data.sql

変更: branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php
===================================================================
--- branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php	2011-02-21 19:53:09 UTC (rev 20312)
+++ branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php	2011-02-21 21:50:04 UTC (rev 20313)
@@ -203,5 +203,32 @@
         }
         return $ret;
     }
+
+    /**
+     * 管理画面の認証を行う.
+     *
+     * mtb_auth_excludes へ登録されたページは, 認証を除外する.
+     *
+     * @return void
+     */
+    function adminAuthorization() {
+        $masterData = new SC_DB_MasterData_Ex();
+        $arrExcludes = $masterData->getMasterData('mtb_auth_excludes');
+        if (preg_match('|^' . ROOT_URLPATH . ADMIN_DIR . '|',
+                       $_SERVER['PHP_SELF'])) {
+            $is_auth = true;
+
+            foreach ($arrExcludes as $exclude) {
+                if (preg_match('|^' . ROOT_URLPATH . ADMIN_DIR . $exclude . '|',
+                               $_SERVER['PHP_SELF'])) {
+                    $is_auth = false;
+                    break;
+                }
+            }
+            if ($is_auth) {
+                SC_Utils_Ex::sfIsSuccess(new SC_Session());
+            }
+        }
+    }
 }
 ?>

変更: branches/version-2_5-dev/data/require_base.php
===================================================================
--- branches/version-2_5-dev/data/require_base.php	2011-02-21 19:53:09 UTC (rev 20312)
+++ branches/version-2_5-dev/data/require_base.php	2011-02-21 21:50:04 UTC (rev 20313)
@@ -47,6 +47,12 @@
     $sessionFactory = SC_SessionFactory::getInstance();
     $sessionFactory->initSession();
 
+    /*
+     * 管理画面の場合は認証行う.
+     * 認証処理忘れ防止のため, LC_Page_Admin::init() 等ではなく, ここでチェックする.
+     */
+    $objSession->adminAuthorization();
+
     // プラグインを読み込む
     //require_once(DATA_REALDIR . 'require_plugin.php');
 }

変更: branches/version-2_5-dev/html/install/sql/create_table_mysql.sql
===================================================================
--- branches/version-2_5-dev/html/install/sql/create_table_mysql.sql	2011-02-21 19:53:09 UTC (rev 20312)
+++ branches/version-2_5-dev/html/install/sql/create_table_mysql.sql	2011-02-21 21:50:04 UTC (rev 20313)
@@ -942,6 +942,13 @@
     PRIMARY KEY (id)
 ) ENGINE=InnoDB;
 
+CREATE TABLE mtb_auth_excludes (
+    id smallint,
+    name text,
+    rank smallint NOT NULL DEFAULT 0,
+    PRIMARY KEY (id)
+) ENGINE=InnoDB;
+
 CREATE TABLE mtb_work (
     id smallint,
     name text,

変更: branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql
===================================================================
--- branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql	2011-02-21 19:53:09 UTC (rev 20312)
+++ branches/version-2_5-dev/html/install/sql/create_table_pgsql.sql	2011-02-21 21:50:04 UTC (rev 20313)
@@ -942,6 +942,13 @@
     PRIMARY KEY (id)
 );
 
+CREATE TABLE mtb_auth_excludes (
+    id smallint,
+    name text,
+    rank smallint NOT NULL DEFAULT 0,
+    PRIMARY KEY (id)
+);
+
 CREATE TABLE mtb_work (
     id smallint,
     name text,

変更: branches/version-2_5-dev/html/install/sql/insert_data.sql
===================================================================
--- branches/version-2_5-dev/html/install/sql/insert_data.sql	2011-02-21 19:53:09 UTC (rev 20312)
+++ branches/version-2_5-dev/html/install/sql/insert_data.sql	2011-02-21 21:50:04 UTC (rev 20313)
@@ -682,6 +682,9 @@
 INSERT INTO mtb_authority (id, name, rank) VALUES (0, 'システム管理者', 0);
 INSERT INTO mtb_authority (id, name, rank) VALUES (1, '店舗オーナー', 1);
 
+INSERT INTO mtb_auth_excludes (id, name, rank) VALUES (0, 'index.php', 0);
+INSERT INTO mtb_auth_excludes (id, name, rank) VALUES (1, 'logout.php', 1);
+
 INSERT INTO mtb_class (id, name, rank) VALUES (1, '規格無し', 0);
 INSERT INTO mtb_class (id, name, rank) VALUES (2, '規格有り', 1);