DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
3 Branches
3.8GB
Tree: 6684bcb0e0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6684bcb0e0'
${ noResults }
DedeV6/src/dede/login.php

117 lines
3.5KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 后台登陆

  4.  *

  5.  * @version        $Id: login.php 1 8:48 2010年7月13日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. require_once(dirname(__FILE__).'/../include/common.inc.php');

  12. require_once(DEDEINC.'/userlogin.class.php');

  13. if(empty($dopost)) $dopost = '';

  14. 

  15. //检测安装目录安全性

  16. if( is_dir(dirname(__FILE__).'/../install') )

  17. {

  18.     if(!file_exists(dirname(__FILE__).'/../install/install_lock.txt') )

  19.     {

  20.       $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');

  21.       fwrite($fp,'ok');

  22.       fclose($fp);

  23.     }

  24.     //为了防止未知安全性问题,强制禁用安装程序的文件

  25.     if( file_exists("../install/index.php") ) {

  26.         @rename("../install/index.php", "../install/index.php.bak");

  27.     }

  28.     if( file_exists("../install/module-install.php") ) {

  29.         @rename("../install/module-install.php", "../install/module-install.php.bak");

  30.     }

  31. 	$fileindex = "../install/index.html";

  32. 	if( !file_exists($fileindex) ) {

  33. 		$fp = @fopen($fileindex,'w');

  34. 		fwrite($fp,'dir');

  35. 		fclose($fp);

  36. 	}

  37. }

  38. 

  39. //更新服务器

  40. require_once (DEDEDATA.'/admin/config_update.php');

  41. 

  42. if ($dopost=='showad')

  43. {

  44.     include('templets/login_ad.htm');

  45.     exit;

  46. }

  47. 

  48. //检测后台目录是否更名

  49. $cururl = GetCurUrl();

  50. if(preg_match('/dede\/login/i',$cururl))

  51. {

  52.     $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';

  53. }

  54. else

  55. {

  56.     $redmsg = '';

  57. }

  58. 

  59. //登录检测

  60. $admindirs = explode('/',str_replace("\\",'/',dirname(__FILE__)));

  61. $admindir = $admindirs[count($admindirs)-1];

  62. if($dopost=='login')

  63. {

  64.     $validate = empty($validate) ? '' : strtolower(trim($validate));

  65.     $svali = strtolower(GetCkVdValue());

  66.     if(($validate=='' || $validate != $svali) && preg_match("/6/",$safe_gdopen)){

  67.         ResetVdValue();

  68.         ShowMsg('验证码不正确!','login.php',0,1000);

  69.         exit;

  70.     } else {

  71.         $cuserLogin = new userLogin($admindir);

  72.         if(!empty($userid) && !empty($pwd))

  73.         {

  74.             $res = $cuserLogin->checkUser($userid,$pwd);

  75. 

  76.             //success

  77.             if($res==1)

  78.             {

  79.                 $cuserLogin->keepUser();

  80.                 if(!empty($gotopage))

  81.                 {

  82.                     ShowMsg('成功登录,正在转向管理管理主页!',$gotopage);

  83.                     exit();

  84.                 }

  85.                 else

  86.                 {

  87.                     ShowMsg('成功登录,正在转向管理管理主页!',"index.php");

  88.                     exit();

  89.                 }

  90.             }

  91. 

  92.             //error

  93.             else if($res==-1)

  94.             {

  95.                 ResetVdValue();

  96. 				ShowMsg('你的用户名不存在!','login.php',0,1000);

  97. 				exit;

  98.             }

  99.             else

  100.             {

  101.                 ResetVdValue();

  102.                 ShowMsg('你的密码错误!','login.php',0,1000);

  103. 				exit;

  104.             }

  105.         }

  106. 

  107.         //password empty

  108.         else

  109.         {

  110.             ResetVdValue();

  111.             ShowMsg('用户和密码没填写完整!','login.php',0,1000);

  112. 			exit;

  113.         }

  114.     }

  115. }

  116. 

  117. include('templets/login.htm');