폼메일에서의 이메일주소 노출 수정

gnuboard · May 3, 2016 · 6495f33 · 6495f33
1 parent fe130fb
commit 6495f33
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 5 deletions.
diff --git a/bbs/formmail.php b/bbs/formmail.php
@@ -28,14 +28,17 @@
 $g5['title'] = '메일 쓰기';
 include_once(G5_PATH.'/head.sub.php');
 
-$email = get_email_address(base64_decode($email));
+$email_enc = new str_encrypt();
+$email_dec = $email_enc->decrypt($email);
+
+$email = get_email_address($email_dec);
 if(!$email)
     alert_close('이메일이 올바르지 않습니다.');
 
-$email = base64_encode($email);
+$email = $email_enc->encrypt($email);
 
 if (!$name)
-    $name = base64_decode($email);
+    $name = $email;
 else
     $name = get_text(stripslashes($name), true);
 

diff --git a/bbs/formmail_send.php b/bbs/formmail_send.php
@@ -9,7 +9,8 @@
 if (!$is_member && $config['cf_formmail_is_member'])
     alert_close('회원만 이용하실 수 있습니다.');
 
-$to = base64_decode($to);
+$email_enc = new str_encrypt();
+$to = $email_enc->decrypt($to);
 
 if (substr_count($to, "@") > 1)
     alert_close('한번에 한사람에게만 메일을 발송할 수 있습니다.');

diff --git a/lib/common.lib.php b/lib/common.lib.php
@@ -1200,7 +1200,8 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
     global $g5;
     global $bo_table, $sca, $is_admin, $member;
 
-    $email = base64_encode($email);
+    $email_enc = new str_encrypt();
+    $email = $email_enc->encrypt($email);
     $homepage = set_http(clean_xss_tags($homepage));
 
     $name     = get_text($name, 0, true);
@@ -3188,4 +3189,51 @@ function check_vaild_callback($callback){
              return true;
    }
 }
+
+// 문자열 암복호화
+class str_encrypt
+{
+    var $salt;
+    var $lenght;
+
+    function __construct($salt='')
+    {
+        if(!$salt)
+            $this->salt = md5(G5_MYSQL_PASSWORD);
+        else
+            $this->salt = $salt;
+
+        $this->length = strlen($this->salt);
+    }
+
+    function encrypt($str)
+    {
+        $length = strlen($str);
+        $result = '';
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) + ord($keychar));
+            $result .= $char;
+        }
+
+        return base64_encode($result);
+    }
+
+    function decrypt($str) {
+        $result = '';
+        $str    = base64_decode($str);
+        $length = strlen($str);
+
+        for($i=0; $i<$length; $i++) {
+            $char    = substr($str, $i, 1);
+            $keychar = substr($this->salt, ($i % $this->length) - 1, 1);
+            $char    = chr(ord($char) - ord($keychar));
+            $result .= $char;
+        }
+
+        return $result;
+    }
+}
 ?>