diff --git a/controller/admin.php b/controller/admin.php index 0afc081..facdff3 100755 --- a/controller/admin.php +++ b/controller/admin.php @@ -323,6 +323,7 @@ $page = $page.'.php'; function check_auth($user,$password){ if ( !is_login() ) { + // exit("dsdfd"); $msg = "

认证失败,请重新登录

"; require('templates/admin/403.php'); exit; diff --git a/controller/index.php b/controller/index.php index f78470e..e6f97ba 100755 --- a/controller/index.php +++ b/controller/index.php @@ -10,10 +10,12 @@ $site = unserialize($site); $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']); - //如果已经登录,获取所有分类和链接 // 载入辅助函数 require('functions/helper.php'); +// 明文密码检查 +unSafe(); + if( is_login() ){ //查询所有分类目录 $categorys = []; diff --git a/controller/init.php b/controller/init.php index 893c48b..a0ff397 100755 --- a/controller/init.php +++ b/controller/init.php @@ -10,18 +10,33 @@ function check_env() { //获取组件信息 $ext = get_loaded_extensions(); - //检查PHP版本,需要大于5.6小于8.0 + //检查PHP版本,需要大于7.0小于8.0 $php_version = floatval(PHP_VERSION); $uri = $_SERVER["REQUEST_URI"]; - if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) { - exit("当前PHP版本{$php_version}不满足要求,需要5.6 <= PHP <= 7.4"); + if( ( $php_version < 7 ) || ( $php_version > 8 ) ) { + exit("当前PHP版本{$php_version}不满足要求,需要7.0 <= PHP <= 7.4"); } //检查是否支持pdo_sqlite if ( !array_search('pdo_sqlite',$ext) ) { exit("不支持PDO_SQLITE组件,请先开启!"); } + + if ( !array_search('openssl', $ext) ) { + exit("不支持OPENSSL组件,请先开启!"); + } + + //检查是否支持zlib + if ( !array_search('zlib', $ext) ) { + exit("不支持ZLIB组件,请先开启!"); + } + + //检查是否支持curl + if ( !array_search('curl', $ext) ) { + exit("不支持CURL组件,请先开启!"); + } + //如果配置文件存在 if( file_exists("data/config.php") ) { exit("配置文件已存在,无需再次初始化!"); @@ -88,7 +103,9 @@ function init($data){ //替换内容 $content = str_replace('{email}',$data['email'],$content); $content = str_replace('{username}',$data['username'],$content); - $content = str_replace('{password}',$data['password'],$content); + // $content = str_replace('{password}',$data['password'],$content); + // 存入加密后的密码,用户名 + 密码,再进行MD5加密 + $content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content); //写入配置文件 if( !file_put_contents($config_file,$content) ) { diff --git a/controller/login.php b/controller/login.php index 2d2d6ce..e017d45 100755 --- a/controller/login.php +++ b/controller/login.php @@ -7,7 +7,8 @@ require('functions/helper.php'); $username = $site_setting['user']; -$password = $site_setting['password']; +// 加密后的密码 +$password = ENCRYPTED_PASSWORD; $ip = getIP(); //如果认证通过,直接跳转到后台管理 $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']); @@ -25,8 +26,10 @@ if( is_login() ){ //登录检查 if( $_GET['check'] == 'login' ) { - $user = $_POST['user']; - $pass = $_POST['password']; + $user = trim($_POST['user']); + $pass = trim($_POST['password']); + // 用户密码进行加密处理,加密算法为用户名 + 密码,再进行MD5加密 + $pass = md5($user.$pass); header('Content-Type:application/json; charset=utf-8'); if( ($user === $username) && ($pass === $password) ) { $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);