Browse Source

20241210

pull/205/head
xiaoz 1 month ago
parent
commit
f8a10616ae
  1. 1
      controller/admin.php
  2. 4
      controller/index.php
  3. 25
      controller/init.php
  4. 9
      controller/login.php

1
controller/admin.php

@ -323,6 +323,7 @@ $page = $page.'.php';
function check_auth($user,$password){ function check_auth($user,$password){
if ( !is_login() ) { if ( !is_login() ) {
// exit("dsdfd");
$msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>"; $msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>";
require('templates/admin/403.php'); require('templates/admin/403.php');
exit; exit;

4
controller/index.php

@ -10,10 +10,12 @@ $site = unserialize($site);
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']); $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接 //如果已经登录,获取所有分类和链接
// 载入辅助函数 // 载入辅助函数
require('functions/helper.php'); require('functions/helper.php');
// 明文密码检查
unSafe();
if( is_login() ){ if( is_login() ){
//查询所有分类目录 //查询所有分类目录
$categorys = []; $categorys = [];

25
controller/init.php

@ -10,18 +10,33 @@
function check_env() { function check_env() {
//获取组件信息 //获取组件信息
$ext = get_loaded_extensions(); $ext = get_loaded_extensions();
//检查PHP版本,需要大于5.6小于8.0 //检查PHP版本,需要大于7.0小于8.0
$php_version = floatval(PHP_VERSION); $php_version = floatval(PHP_VERSION);
$uri = $_SERVER["REQUEST_URI"]; $uri = $_SERVER["REQUEST_URI"];
if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) { if( ( $php_version < 7 ) || ( $php_version > 8 ) ) {
exit("当前PHP版本{$php_version}不满足要求,需要5.6 <= PHP <= 7.4"); exit("当前PHP版本{$php_version}不满足要求,需要7.0 <= PHP <= 7.4");
} }
//检查是否支持pdo_sqlite //检查是否支持pdo_sqlite
if ( !array_search('pdo_sqlite',$ext) ) { if ( !array_search('pdo_sqlite',$ext) ) {
exit("不支持PDO_SQLITE组件,请先开启!"); exit("不支持PDO_SQLITE组件,请先开启!");
} }
if ( !array_search('openssl', $ext) ) {
exit("不支持OPENSSL组件,请先开启!");
}
//检查是否支持zlib
if ( !array_search('zlib', $ext) ) {
exit("不支持ZLIB组件,请先开启!");
}
//检查是否支持curl
if ( !array_search('curl', $ext) ) {
exit("不支持CURL组件,请先开启!");
}
//如果配置文件存在 //如果配置文件存在
if( file_exists("data/config.php") ) { if( file_exists("data/config.php") ) {
exit("配置文件已存在,无需再次初始化!"); exit("配置文件已存在,无需再次初始化!");
@ -88,7 +103,9 @@ function init($data){
//替换内容 //替换内容
$content = str_replace('{email}',$data['email'],$content); $content = str_replace('{email}',$data['email'],$content);
$content = str_replace('{username}',$data['username'],$content); $content = str_replace('{username}',$data['username'],$content);
$content = str_replace('{password}',$data['password'],$content); // $content = str_replace('{password}',$data['password'],$content);
// 存入加密后的密码,用户名 + 密码,再进行MD5加密
$content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content);
//写入配置文件 //写入配置文件
if( !file_put_contents($config_file,$content) ) { if( !file_put_contents($config_file,$content) ) {

9
controller/login.php

@ -7,7 +7,8 @@
require('functions/helper.php'); require('functions/helper.php');
$username = $site_setting['user']; $username = $site_setting['user'];
$password = $site_setting['password']; // 加密后的密码
$password = ENCRYPTED_PASSWORD;
$ip = getIP(); $ip = getIP();
//如果认证通过,直接跳转到后台管理 //如果认证通过,直接跳转到后台管理
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']); $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
@ -25,8 +26,10 @@ if( is_login() ){
//登录检查 //登录检查
if( $_GET['check'] == 'login' ) { if( $_GET['check'] == 'login' ) {
$user = $_POST['user']; $user = trim($_POST['user']);
$pass = $_POST['password']; $pass = trim($_POST['password']);
// 用户密码进行加密处理,加密算法为用户名 + 密码,再进行MD5加密
$pass = md5($user.$pass);
header('Content-Type:application/json; charset=utf-8'); header('Content-Type:application/json; charset=utf-8');
if( ($user === $username) && ($pass === $password) ) { if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']); $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);

Loading…
Cancel
Save