DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
85MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/dede/login.php

101 lines
3.4KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * 后台登录

  5.  *

  6.  * @version        $Id: login.php 1 8:48 2010年7月13日Z tianya $

  7.  * @package        DedeBIZ.Administrator

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__) . '/../include/common.inc.php');

  13. require_once(DEDEINC . '/userlogin.class.php');

  14. if (empty($dopost)) $dopost = '';

  15. if (empty($gotopage)) $gotopage = '';

  16. 

  17. $gotopage = RemoveXSS($gotopage);

  18. 

  19. //检测安装目录安全性

  20. if (is_dir(dirname(__FILE__) . '/../install')) {

  21.     if (!file_exists(dirname(__FILE__) . '/../install/install_lock.txt')) {

  22.         $fp = fopen(dirname(__FILE__) . '/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');

  23.         fwrite($fp, 'ok');

  24.         fclose($fp);

  25.     }

  26.     //为了防止未知安全性问题,强制禁用安装程序的文件

  27.     if (file_exists("../install/index.php")) {

  28.         @rename("../install/index.php", "../install/index.php.bak");

  29.     }

  30.     if (file_exists("../install/module-install.php")) {

  31.         @rename("../install/module-install.php", "../install/module-install.php.bak");

  32.     }

  33.     $fileindex = "../install/index.html";

  34.     if (!file_exists($fileindex)) {

  35.         $fp = @fopen($fileindex, 'w');

  36.         fwrite($fp, 'dir');

  37.         fclose($fp);

  38.     }

  39. }

  40. 

  41. //更新服务器

  42. require_once(DEDEDATA . '/admin/config_update.php');

  43. 

  44. //检测后台目录是否更名

  45. $cururl = GetCurUrl();

  46. if (preg_match('/dede\/login/i', $cururl)) {

  47.     $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';

  48. } else {

  49.     $redmsg = '';

  50. }

  51. 

  52. //登录检测

  53. $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__)));

  54. $admindir = $admindirs[count($admindirs) - 1];

  55. if ($dopost == 'login') {

  56.     $validate = empty($validate) ? '' : strtolower(trim($validate));

  57.     $svali = strtolower(GetCkVdValue());

  58.     if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {

  59.         ResetVdValue();

  60.         ShowMsg('验证码不正确!', 'login.php', 0, 1000);

  61.         exit;

  62.     } else {

  63.         $cuserLogin = new userLogin($admindir);

  64.         if (!empty($userid) && !empty($pwd)) {

  65.             $res = $cuserLogin->checkUser($userid, $pwd);

  66. 

  67.             //success

  68.             if ($res == 1) {

  69.                 $cuserLogin->keepUser();

  70.                 if (!empty($gotopage)) {

  71.                     ShowMsg('成功登录,正在转向管理管理主页!', $gotopage);

  72.                     exit();

  73.                 } else {

  74.                     ShowMsg('成功登录,正在转向管理管理主页!', "index.php");

  75.                     exit();

  76.                 }

  77.             }

  78. 

  79.             //error

  80.             else if ($res == -1) {

  81.                 ResetVdValue();

  82.                 ShowMsg('你的用户名不存在!', 'login.php', 0, 1000);

  83.                 exit;

  84.             } else {

  85.                 ResetVdValue();

  86.                 ShowMsg('你的密码错误!', 'login.php', 0, 1000);

  87.                 exit;

  88.             }

  89.         }

  90. 

  91.         //password empty

  92.         else {

  93.             ResetVdValue();

  94.             ShowMsg('用户和密码没填写完整!', 'login.php', 0, 1000);

  95.             exit;

  96.         }

  97.     }

  98. }

  99. 

  100. include('templets/login.htm');