20241210

2 weeks ago · f8a10616ae
4 changed files with 31 additions and 8 deletions
--- a/controller/admin.php
+++ b/controller/admin.php
@ -323,6 +323,7 @@ $page = $page.'.php';
				@@ -323,6 +323,7 @@ $page = $page.'.php';

 function check_auth($user,$password){
    if ( !is_login() ) {
+        // exit("dsdfd");
        $msg = "<h3>认证失败，请<a href = 'index.php?c=login'>重新登录</a>！</h3>";
        require('templates/admin/403.php');
        exit;
--- a/controller/index.php
+++ b/controller/index.php
@ -10,10 +10,12 @@ $site = unserialize($site);
				@@ -10,10 +10,12 @@ $site = unserialize($site);
 $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);


-
 //如果已经登录，获取所有分类和链接
 // 载入辅助函数
 require('functions/helper.php');
+// 明文密码检查
+unSafe();
+
 if( is_login() ){
    //查询所有分类目录
    $categorys = [];
--- a/controller/init.php
+++ b/controller/init.php
@ -10,18 +10,33 @@
				@@ -10,18 +10,33 @@
 function check_env() {
    //获取组件信息
    $ext = get_loaded_extensions();
-    //检查PHP版本，需要大于5.6小于8.0
+    //检查PHP版本，需要大于7.0小于8.0
    $php_version = floatval(PHP_VERSION);
    $uri = $_SERVER["REQUEST_URI"];
    
-    if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) {
-        exit("当前PHP版本{$php_version}不满足要求，需要5.6 <= PHP <= 7.4");
+    if( ( $php_version < 7 ) || ( $php_version > 8 ) ) {
+        exit("当前PHP版本{$php_version}不满足要求，需要7.0 <= PHP <= 7.4");
    }
    
    //检查是否支持pdo_sqlite
    if ( !array_search('pdo_sqlite',$ext) ) {
        exit("不支持PDO_SQLITE组件，请先开启!");
    }
+
+    if ( !array_search('openssl', $ext) ) {
+        exit("不支持OPENSSL组件，请先开启!");
+    }
+    
+    //检查是否支持zlib
+    if ( !array_search('zlib', $ext) ) {
+        exit("不支持ZLIB组件，请先开启!");
+    }
+    
+    //检查是否支持curl
+    if ( !array_search('curl', $ext) ) {
+        exit("不支持CURL组件，请先开启!");
+    }
+
    //如果配置文件存在
    if( file_exists("data/config.php") ) {
        exit("配置文件已存在，无需再次初始化!");
@ -88,7 +103,9 @@ function init($data){
				@@ -88,7 +103,9 @@ function init($data){
    //替换内容
    $content = str_replace('{email}',$data['email'],$content);
    $content = str_replace('{username}',$data['username'],$content);
-    $content = str_replace('{password}',$data['password'],$content);
+    // $content = str_replace('{password}',$data['password'],$content);
+    // 存入加密后的密码，用户名 + 密码，再进行MD5加密
+    $content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content);

    //写入配置文件
    if( !file_put_contents($config_file,$content) ) {
--- a/controller/login.php
+++ b/controller/login.php
@ -7,7 +7,8 @@
				@@ -7,7 +7,8 @@
 require('functions/helper.php');

 $username = $site_setting['user'];
-$password = $site_setting['password'];
+// 加密后的密码
+$password = ENCRYPTED_PASSWORD;
 $ip = getIP();
 //如果认证通过，直接跳转到后台管理
 $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
@ -25,8 +26,10 @@ if( is_login() ){
				@@ -25,8 +26,10 @@ if( is_login() ){

 //登录检查
 if( $_GET['check'] == 'login' ) {
-    $user = $_POST['user'];
-    $pass = $_POST['password'];
+    $user = trim($_POST['user']);
+    $pass = trim($_POST['password']);
+    // 用户密码进行加密处理，加密算法为用户名 + 密码，再进行MD5加密
+    $pass = md5($user.$pass);
    header('Content-Type:application/json; charset=utf-8');
    if( ($user === $username) && ($pass === $password) ) {
        $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);