fc2blog · fc2dev · Feb 8, 2021 · Jan 31, 2021 · Feb 1, 2021 · Feb 1, 2021
diff --git a/app/locale/en_US.UTF-8/LC_MESSAGES/messages.po b/app/locale/en_US.UTF-8/LC_MESSAGES/messages.po
@@ -2488,3 +2488,12 @@ msgstr ""
 
 msgid "(If not exists, will be try create)"
 msgstr ""
+
+msgid "Password already registered."
+msgstr ""
+
+msgid "Password not registered."
+msgstr ""
+
+msgid "(Leave blank if you do not wish to change.)"
+msgstr ""
diff --git a/app/locale/ja_JP.UTF-8/LC_MESSAGES/messages.mo b/app/locale/ja_JP.UTF-8/LC_MESSAGES/messages.mo
diff --git a/app/locale/ja_JP.UTF-8/LC_MESSAGES/messages.po b/app/locale/ja_JP.UTF-8/LC_MESSAGES/messages.po
@@ -2535,3 +2535,12 @@ msgstr "`CREATE DATABASE`のsql実行に失敗しました、事前に`CREATE DA
 
 msgid "(If not exists, will be try create)"
 msgstr "(未作成の場合、作成を試行します)"
+
+msgid "Password already registered."
+msgstr "パスワード設定済み"
+
+msgid "Password not registered."
+msgstr "パスワード未設定"
+
+msgid "(Leave blank if you do not wish to change.)"
+msgstr "(パスワードを変更しない場合、空欄のままとしてください)"
diff --git a/app/src/Model/BlogsModel.php b/app/src/Model/BlogsModel.php
@@ -34,19 +34,36 @@ public function getTableName(): string
   /**
    * プライベートモード時のパスワード必須チェック
    * @param $value
-   * @param $valid
-   * @param $k
-   * @param $d
+   * @param $option
+   * @param $key
+   * @param $data
    * @return bool|string
    */
-  public static function privateCheck($value, $valid, $k, $d)
-  {
-    if ($value == null || $value === '') {
-      if ($d['open_status'] == Config::get('BLOG.OPEN_STATUS.PRIVATE')) {
-        return __('Please Be sure to set the password if you want to private');
-      }
+  public static function privateCheck($value, $option, $key, $data)
+  {
+    if (
+      $data['open_status'] == Config::get('BLOG.OPEN_STATUS.PRIVATE') &&
+      (
+        // パスワードを入力したか、あるいはすでにパスワード設定済みか
+        strlen((string)$value) === 0 &&
+        !static::isPasswordRegistered($data['_blog_id'])
+      )
+    ) {
+      return __('Please Be sure to set the password if you want to private');
+    }else{
+      return true;
     }
-    return true;
+  }
+
+  /**
+   * 指定blog idのブログのパスワードが設定済みか？
+   * @param $blog_id
+   * @return bool
+   */
+  public static function isPasswordRegistered($blog_id)
+  {
+    $blog = (new BlogsModel)->findById($blog_id);
+    return (!empty($blog) && strlen($blog['blog_password']) > 0);
   }
 
   /**
@@ -474,7 +491,7 @@ public static function regeneratePluginPhpByBlogId(string $blog_id): void
    * @param array $options
    * @return array|false|int|mixed
    */
-  public function updateById(array $values, $id, array $options = array())
+  public function updateById(array $values, $id, array $options = [])
   {
     $values['updated_at'] = date('Y-m-d H:i:s');
     return parent::updateById($values, $id, $options);

diff --git a/app/src/Web/Controller/Admin/BlogsController.php b/app/src/Web/Controller/Admin/BlogsController.php
@@ -104,8 +104,19 @@ public function edit(Request $request): string
 
     // 更新処理
     $white_list = ['name', 'introduction', 'nickname', 'timezone', 'blog_password', 'open_status', 'ssl_enable', 'redirect_status_code'];
-    $errors['blog'] = $blogs_model->validate($request->get('blog'), $blog_data, $white_list);
+    $errors['blog'] = $blogs_model->validate(
+      // バリデーションのために、blog_idを引き回している。バリデーションを作り変えたい
+      array_merge($request->get('blog'), ["_blog_id"=>$blog_id]),
+      $blog_data,
+      $white_list
+    );
     if (empty($errors['blog'])) {
+      // パスワード空欄なら、パスワードを更新しない
+      if (strlen($blog_data['blog_password']) > 0) {
+        $blog_data['blog_password'] = password_hash($blog_data['blog_password'], PASSWORD_DEFAULT);
+      }else{
+        $blog_data['blog_password'] = ($blogs_model->findById($blog_id))['blog_password'];
+      }
       if ($blogs_model->updateById($blog_data, $blog_id)) {
         $this->setBlog(['id' => $blog_id, 'nickname' => $blog_data['nickname']]); // ニックネームの更新
         $this->setInfoMessage(__('I updated a blog'));

diff --git a/app/src/Web/Controller/User/EntriesController.php b/app/src/Web/Controller/User/EntriesController.php
@@ -730,7 +730,7 @@ public function blog_password(Request $request): string
 
     // 認証処理
     if ($request->get('blog')) {
-      if ($request->get('blog.password') == $blog['blog_password']) {
+      if (password_verify($request->get('blog.password'), $blog['blog_password'])) {
         Session::set($this->getBlogPasswordKey($blog['id']), true);
         $this->set('auth_success', true); // for testing.
         $this->redirect($request, ['action' => 'index', 'blog_id' => $blog_id]);

diff --git a/app/src/Web/Html.php b/app/src/Web/Html.php
@@ -148,6 +148,11 @@ public static function input(Request $request, $name, $type, $attrs = array(), $
         $html = '<input type="password" ' . $attr . ' value="' . h($rvalue) . '" />';
         break;
 
+      case 'blank_password':
+        // 一方向に設定するので、表示しない
+        $html = '<input type="password" ' . $attr . ' />';
+        break;
+
       case 'file':
         $html = '<input type="file" ' . $attr . ' />';
         break;

diff --git a/app/templates/default/fc2_default_template_sp.php b/app/templates/default/fc2_default_template_sp.php
@@ -7,7 +7,7 @@
   <meta name="format-detection" content="telephone=no" />
   <!--/ios-->
   <meta name="description" content="<%introduction>" />
-  <title><%sub_title> - <%blog_name></title>
+  <title><!--not_index_area--><%sub_title> - <!--/not_index_area--><%blog_name></title>
   <link rel="icon" href="https://static.fc2.com/share/image/favicon.ico">
   <link rel="stylesheet" href="<%css_link>" />
   <link rel="apple-touch-icon" href="https://static.fc2.com/image/iphone/apple-touch-icon.png" />
@@ -188,7 +188,7 @@ function submit(){
           <input type="hidden" name="mobile" value="1" />
           <!--private_area--><input type="hidden" name="spass" value="<%spass>" /><!--/private_area-->
           <div class="submit_btn">
-            <a href="#" onclick="submit()"><%template_send></a>
+            <a href="#" onclick="submit();return false;"><%template_send></a>
           </div>
         </form>
         <ul class="contents_footer">

diff --git a/app/twig_templates/admin/blogs/edit.twig b/app/twig_templates/admin/blogs/edit.twig
@@ -41,7 +41,14 @@
             <tr>
                 <th>{{ _('View password blog') }}</th>
                 <td>
-                    {{ input(req, 'blog[blog_password]', 'text') }}
+                    {{ input(req, 'blog[blog_password]', 'blank_password') }}<br>
+                    {% if blog.blog_password %}
+                        {{ _('Password already registered.') }}
+                    {% else %}
+                        {{ _('Password not registered.') }}
+                    {% endif %}
+                    <br>
+                    {{ _('(Leave blank if you do not wish to change.)') }}
                     {% if errors.blog.blog_password %}<p class="error">{{ errors.blog.blog_password }}</p>{% endif %}
                 </td>
             </tr>