From 45b91e78fd71fe7ac3391799af54931631222e27 Mon Sep 17 00:00:00 2001
From: jity7777 <jity7777  @example.com>
Date: Mon, 13 Mar 2023 01:30:27 +0000
Subject: [PATCH] =?UTF-8?q?<=EA=B8=B0=EB=8A=A5=EA=B0=9C=EC=84=A0>=201.=20P?=
 =?UTF-8?q?MS=20NO=20:=202.=20(=EC=A3=BC=EC=9A=94)=EC=9E=91=EC=97=85?=
 =?UTF-8?q?=EB=82=B4=EC=9A=A9=20(1)=20=EB=B3=B4=EC=95=88=EC=A0=95=EC=B1=85?=
 =?UTF-8?q?=EC=97=90=20=EB=94=B0=EB=A5=B8=20=EB=B9=84=EB=B2=88=20=EB=A3=B0?=
 =?UTF-8?q?=20=EC=A0=81=EC=9A=A9(=EC=82=AC=EC=9A=A9=EC=9E=90=EB=8B=A8=20?=
 =?UTF-8?q?=EC=9D=BC=EA=B4=84=20=EC=A0=81=EC=9A=A9)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Base/Controller/FCommonMy.cs     | 32 ++++++++++++++++++++++++++++++++
 Base/Controller/FOCommon.cs      | 10 +++++++++-
 Dao/MyBatis/Maps/User.xml        | 31 +++++++++++++++++++++++++++++--
 FO/Views/Account/FindMe.cshtml   |  1 +
 FO/Views/Account/Join.cshtml     |  1 +
 FO/Views/Account/PwChange.cshtml | 14 +++++++++++++-
 FO/Views/My/MyInfoCheck.cshtml   | 16 ++++++++++++++--
 FO/js/site.js                    | 13 +++++++++++++
 8 files changed, 112 insertions(+), 6 deletions(-)

diff --git a/Base/Controller/FCommonMy.cs b/Base/Controller/FCommonMy.cs
index f98d313..7daae0c 100644
--- a/Base/Controller/FCommonMy.cs
+++ b/Base/Controller/FCommonMy.cs
@@ -142,6 +142,38 @@ namespace NP.Base.Controllers
             }
             return JsonOK(0);
         }
+        [HttpPost]
+        public JsonResult UserPassCheck(Users u, VMUser vm)
+        {
+            int passResult = 0;
+            // 중복 사용된 비번이 있을 경우 0 이상의 숫자가 반환됨
+
+            if(vm.userno > 0)
+            {
+                u.userpass = string.IsNullOrEmpty(u.userpass) ? null : NP.Base.Lib.KISA_SHA256.SHA256Hash(vm.User.userpass.Trim());
+                if (u.userpass == null)
+                {
+                    u.userpass = Request["User.userpass"];
+                }
+
+                if (u.userpass != null)
+                {
+                    u.userpass = NP.Base.Lib.KISA_SHA256.SHA256Hash(vm.User.userpass.Trim());
+                    passResult = Dao.Get<int>("users.pass.check", new System.Collections.Hashtable() { { "userno", vm.userno }, { "userpass", u.userpass } }).FirstOrDefault();
+                }
+            }
+            else
+            {
+                u.userpass = string.IsNullOrEmpty(u.userpass) ? null : NP.Base.Lib.KISA_SHA256.SHA256Hash(u.userpass.Trim());
+                if (u.userpass != null)
+                {
+                    passResult = Dao.Get<int>("users.pass.check", new System.Collections.Hashtable() { { "userno", SUserInfo.UserNo }, { "userpass", u.userpass } }).FirstOrDefault();
+                }
+            }
+
+            return JsonOK(passResult);
+        }
+
         [HttpPost]
         public JsonResult UserExit(String exitreason)
         {
diff --git a/Base/Controller/FOCommon.cs b/Base/Controller/FOCommon.cs
index f831cc2..8c1ad73 100644
--- a/Base/Controller/FOCommon.cs
+++ b/Base/Controller/FOCommon.cs
@@ -151,7 +151,15 @@ namespace NP.Base.Controllers
             }
             if (vm.userno > 0 && !string.IsNullOrEmpty(vm.User.userpass) && vm.User.userpass.Trim() != "")
             {
-                if (Dao.Save("users.resetuserpass", new Hashtable() { { "userpass", NP.Base.Lib.KISA_SHA256.SHA256Hash(vm.User.userpass) }, { "userno", vm.userno } }) == 1)
+                //if (Dao.Save("users.resetuserpass", new Hashtable() { { "userpass", NP.Base.Lib.KISA_SHA256.SHA256Hash(vm.User.userpass) }, { "userno", vm.userno } }) == 1)
+                //{
+                //    var u = GoLogin(vm.User.userid, vm.User.userpass);
+                //    if (u != null)
+                //    {
+                //        return JsonOK(1);
+                //    }
+                //}
+                if (Dao.Save("users.resetuserpass", new Hashtable() { { "userpass", NP.Base.Lib.KISA_SHA256.SHA256Hash(vm.User.userpass) }, { "userno", vm.userno } }) > 0)
                 {
                     var u = GoLogin(vm.User.userid, vm.User.userpass);
                     if (u != null)
diff --git a/Dao/MyBatis/Maps/User.xml b/Dao/MyBatis/Maps/User.xml
index 88ba4b2..89b96f8 100644
--- a/Dao/MyBatis/Maps/User.xml
+++ b/Dao/MyBatis/Maps/User.xml
@@ -339,7 +339,25 @@
 
             <selectKey type="post" property="userno" resultClass="int">SELECT  LAST_INSERT_ID()</selectKey>
         </insert>
+
+      <select id="users.pass.check" parameterClass="hashtable" resultClass="int">
+        select count(userno)
+        from userpasslog
+        where userno = #userno# and userpass = #userpass#
+      </select>
+      
         <update id="users.up" parameterClass="hashtable">
+          <isNotNull property="userpass">
+            insert into userpasslog (userno, userpass, cdt, uip)
+            select #userno#, #userpass#, now(), #uip#
+            from (select 1 col1) a
+            left outer join userpasslog b on b.userno=#userno#
+            where b.userno is null;
+
+            update userpasslog set userpass = #userpass#
+            where userno=#userno#;
+          </isNotNull>
+          
             update users set <include refid="sql.up"></include>
             ,usertype=#usertype#
             ,userkind        =#userkind#
@@ -381,7 +399,7 @@
             ,di              =case when #di# is not null then #di# else di end
             ,ci              =case when #ci# is not null then #ci# else ci end
             ,vssn            =case when #vssn# is not null then #vssn# else vssn end
-            where userno=#userno#
+            where userno=#userno#;
         </update>
         <update id="users.exitjoin" parameterClass="hashtable">
             update users set <include refid="sql.up"></include>
@@ -837,7 +855,16 @@
 		</update>
 
     <update id="users.resetuserpass" parameterClass="hashtable">
-      update users set <isNotEmpty property="userpass">userpass=#userpass#,</isNotEmpty>udt=<include refid="sql.now"></include> where userno=#userno#
+      insert into userpasslog (userno, userpass, cdt, uip)
+      select #userno#, #userpass#, now(), #uip#
+      from (select 1 col1) a
+      left outer join userpasslog b on b.userno=#userno#
+      where b.userno is null;
+
+      update userpasslog set userpass = #userpass#
+      where userno=#userno#;
+
+      update users set <isNotEmpty property="userpass">userpass=#userpass#,</isNotEmpty>udt=<include refid="sql.now"></include> where userno=#userno#;
     </update>
 
     <select id="users.dormants" parameterClass="hashtable" resultClass="users">
diff --git a/FO/Views/Account/FindMe.cshtml b/FO/Views/Account/FindMe.cshtml
index 9e8abf1..f0f8941 100644
--- a/FO/Views/Account/FindMe.cshtml
+++ b/FO/Views/Account/FindMe.cshtml
@@ -73,6 +73,7 @@
         function save() {
             if (check("up1", null, "비밀번호를 입력해주세요.")) { }
             else if (!ispassword(val("up1"))) { focus("up1"); msg("(8자 이상, 영문/숫자/특수기호 포함) 규칙으로 비밀번호를 입력해주세요."); }
+            else if (isRepeatedString(val("up1"))) { focus("up1"); msg("반복되는 문자/숫자를 사용할 수 없습니다."); }
             else if (val("up1") != val("up2")) { focus("up2"); msg("비밀번호확인이 일치하지 않습니다. 다시 입력해주세요."); }
             else {
                 cap("/focommon/findmefinal", "mform", "cbsave");
diff --git a/FO/Views/Account/Join.cshtml b/FO/Views/Account/Join.cshtml
index 423d6b9..bedef7d 100644
--- a/FO/Views/Account/Join.cshtml
+++ b/FO/Views/Account/Join.cshtml
@@ -185,6 +185,7 @@ else
         else if (val("IsSaveOK") != 1) { focus("userid"); msg("중복여부체크를 진행해주세요"); }
         else if (check("userpass", null, "비밀번호를 입력해주세요.")) { }
         else if (!ispassword(val("userpass"))) { focus("userpass"); msg("(8자 이상, 영문/숫자/특수기호 포함) 규칙으로 비밀번호를 입력해주세요."); }
+        else if (isRepeatedString(val("userpass"))) { focus("userpass"); msg("반복되는 문자/숫자를 사용할 수 없습니다."); }
         else if (val("userpass") != val("userpass2")) { focus("userpass2"); msg("비밀번호 확인이 다릅니다."); }
         else if (check("userpno", null, "주민등록번호를 입력해주세요")) { }
         else if (getBytes(val("userpno1")) != 6 || getBytes(val("userpno2")) != 7) { focus("userpno2"); msg("주민등록번호를 확인해주세요"); }
diff --git a/FO/Views/Account/PwChange.cshtml b/FO/Views/Account/PwChange.cshtml
index e9a7bbd..44bd88d 100644
--- a/FO/Views/Account/PwChange.cshtml
+++ b/FO/Views/Account/PwChange.cshtml
@@ -33,12 +33,24 @@
             } else {
                 if (check("up1", null, "비밀번호를 입력해주세요.")) { }
                 else if (!ispassword(val("up1"))) { focus("up1"); msg("(8자 이상, 영문/숫자/특수기호 포함) 규칙으로 비밀번호를 입력해주세요."); }
+                else if (isRepeatedString(val("up1"))) { focus("up1"); msg("반복되는 문자/숫자를 사용할 수 없습니다."); }
                 else if (val("up1") != val("up2")) { focus("up2"); msg("비밀번호확인이 일치하지 않습니다. 다시 입력해주세요."); }
                 else {
-                    cap("/focommon/pwchange", "mform", "cbsave");
+                    cap("/fcommon/UserPassCheck", "mform", "save2");
                 }
             }
         }
+
+
+        function save2() {
+            if (capResult.obj == 0) {
+                cap("/focommon/pwchange", "mform", "cbsave");
+            }
+            else {
+                msg("이미 사용된 비밀번호는 사용할 수 없습니다.");
+            }
+        }
+
         function cbsave() {
             if (capResult.code == 1000) {
                 bglayer(true);
diff --git a/FO/Views/My/MyInfoCheck.cshtml b/FO/Views/My/MyInfoCheck.cshtml
index 7ecfedb..ae6329a 100644
--- a/FO/Views/My/MyInfoCheck.cshtml
+++ b/FO/Views/My/MyInfoCheck.cshtml
@@ -324,7 +324,8 @@
             $("#asname").text(v.split(':')[1]);
         }
         function save(idx) {
-            if (idx == 1) { 
+            if (idx == 1) {
+
                 setv("userpass", val("userpass").replace(/ /, '').replace(/	/, ''));
                 setv("userpass2", val("userpass2").replace(/ /, '').replace(/	/, ''));
                 setv("username", val("username").replace(/ /, '').replace(/	/, ''));
@@ -345,13 +346,14 @@
                 setv("edus", ($("#edus1").prop("checked") ? "1" : "0") + ($("#edus2").prop("checked") ? "1" : "0") + ($("#edus3").prop("checked") ? "1" : "0") + ($("#edus4").prop("checked") ? "1" : "0") + ($("#edus5").prop("checked") ? "1" : "0"));
                 if (val("userpass") != "" && check("userpass", null, "비밀번호를 입력해주세요.")) { }
                 else if (val("userpass") != "" && !ispassword(val("userpass"))) { focus("userpass"); msg("(8자 이상, 영문/숫자/특수기호 포함) 규칙으로 비밀번호를 입력해주세요."); }
+                else if (isRepeatedString(val("userpass"))) { focus("userpass"); msg("반복되는 문자/숫자를 사용할 수 없습니다."); }
                 else if (val("userpass") != "" && val("userpass") != val("userpass2")) { focus("userpass2"); msg("비밀번호 확인이 다릅니다."); }
                 else if (check("mobile", null, "휴대전화번호를 입력해주세요.")) { }
                 else if (!ismobilenumber(val("mobile"))) { focus("mobile"); msg("휴대전화번호를 확인해주세요."); }
                 else if (!isemail(val("email"))) { focus("email1"); msg("올바른 이메일주소를 입력해주세요."); }
                 //else if ($("input:radio[name='isCompany']:checked").val() == "1" && check("asno", "btnassign", "직장을 선택해주세요.")) { }
                 else {
-                    cap("/fcommon/usersave", "mform", "cbsave");
+                    cap("/fcommon/UserPassCheck", "mform", "save2");
                 }
             } else if (idx == 0) {
                 $('html, body').addClass('lock');
@@ -360,6 +362,16 @@
                 confirmtoggle(true, "탈퇴를 진행하시겠습니까?", "gogo()");
             }
         }
+
+        function save2() {
+            if (capResult.obj == 0) {
+                cap("/fcommon/usersave", "mform", "cbsave");
+            }
+            else {
+                msg("이미 사용된 비밀번호는 사용할 수 없습니다.");
+            }
+        }
+
         function gogo() {
             capp("/fcommon/userexit", { exitreason: val("exitreason") }, "cbexit");
         }
diff --git a/FO/js/site.js b/FO/js/site.js
index 0141708..a980fbf 100644
--- a/FO/js/site.js
+++ b/FO/js/site.js
@@ -1036,7 +1036,20 @@ function getBytes(v, nocrtrim) {
 }
 
 
+function isRepeatedString(str) {
+    // 반복 문자열 검증
+    const len = str.length;
 
+    for (let i = 1; i < len; i++) {
+        if (len % i === 0) {
+            const pattern = str.slice(0, i).repeat(len / i);
+            if (pattern === str) {
+                return true;
+            }
+        }
+    }
+    return false;
+}