国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
3.4KB

  1. <?php
  2. /**
  3. * 后台登录
  4. *
  5. * @version $Id: login.php 1 8:48 2010年7月13日Z tianya $
  6. * @package DedeCMS.Administrator
  7. * @copyright Copyright (c) 2020, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__).'/../include/common.inc.php');
  12. require_once(DEDEINC.'/userlogin.class.php');
  13. if(empty($dopost)) $dopost = '';
  14. if(empty($gotopage)) $gotopage = '';
  15. $gotopage = RemoveXSS($gotopage);
  16. //检测安装目录安全性
  17. if( is_dir(dirname(__FILE__).'/../install') )
  18. {
  19. if(!file_exists(dirname(__FILE__).'/../install/install_lock.txt') )
  20. {
  21. $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');
  22. fwrite($fp,'ok');
  23. fclose($fp);
  24. }
  25. //为了防止未知安全性问题,强制禁用安装程序的文件
  26. if( file_exists("../install/index.php") ) {
  27. @rename("../install/index.php", "../install/index.php.bak");
  28. }
  29. if( file_exists("../install/module-install.php") ) {
  30. @rename("../install/module-install.php", "../install/module-install.php.bak");
  31. }
  32. $fileindex = "../install/index.html";
  33. if( !file_exists($fileindex) ) {
  34. $fp = @fopen($fileindex,'w');
  35. fwrite($fp,'dir');
  36. fclose($fp);
  37. }
  38. }
  39. //更新服务器
  40. require_once (DEDEDATA.'/admin/config_update.php');
  41. //检测后台目录是否更名
  42. $cururl = GetCurUrl();
  43. if(preg_match('/dede\/login/i',$cururl))
  44. {
  45. $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';
  46. }
  47. else
  48. {
  49. $redmsg = '';
  50. }
  51. //登录检测
  52. $admindirs = explode('/',str_replace("\\",'/',dirname(__FILE__)));
  53. $admindir = $admindirs[count($admindirs)-1];
  54. if($dopost=='login')
  55. {
  56. $validate = empty($validate) ? '' : strtolower(trim($validate));
  57. $svali = strtolower(GetCkVdValue());
  58. if(($validate=='' || $validate != $svali) && preg_match("/6/",$safe_gdopen)){
  59. ResetVdValue();
  60. ShowMsg('验证码不正确!','login.php',0,1000);
  61. exit;
  62. } else {
  63. $cuserLogin = new userLogin($admindir);
  64. if(!empty($userid) && !empty($pwd))
  65. {
  66. $res = $cuserLogin->checkUser($userid,$pwd);
  67. //success
  68. if($res==1)
  69. {
  70. $cuserLogin->keepUser();
  71. if(!empty($gotopage))
  72. {
  73. ShowMsg('成功登录,正在转向管理管理主页!',$gotopage);
  74. exit();
  75. }
  76. else
  77. {
  78. ShowMsg('成功登录,正在转向管理管理主页!',"index.php");
  79. exit();
  80. }
  81. }
  82. //error
  83. else if($res==-1)
  84. {
  85. ResetVdValue();
  86. ShowMsg('你的用户名不存在!','login.php',0,1000);
  87. exit;
  88. }
  89. else
  90. {
  91. ResetVdValue();
  92. ShowMsg('你的密码错误!','login.php',0,1000);
  93. exit;
  94. }
  95. }
  96. //password empty
  97. else
  98. {
  99. ResetVdValue();
  100. ShowMsg('用户和密码没填写完整!','login.php',0,1000);
  101. exit;
  102. }
  103. }
  104. }
  105. include('templets/login.htm');