DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
3 Branches
3.1GB
Tree: a1c0f0d4dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a1c0f0d4dd'
${ noResults }
DedeV6/src/dede/login.php

119 lines
3.5KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 后台登陆

  4.  *

  5.  * @version        $Id: login.php 1 8:48 2010年7月13日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. require_once(dirname(__FILE__).'/../include/common.inc.php');

  12. require_once(DEDEINC.'/userlogin.class.php');

  13. if(empty($dopost)) $dopost = '';

  14. 

  15. $gotopage = RemoveXSS($gotopage);

  16. 

  17. //检测安装目录安全性

  18. if( is_dir(dirname(__FILE__).'/../install') )

  19. {

  20.     if(!file_exists(dirname(__FILE__).'/../install/install_lock.txt') )

  21.     {

  22.       $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');

  23.       fwrite($fp,'ok');

  24.       fclose($fp);

  25.     }

  26.     //为了防止未知安全性问题,强制禁用安装程序的文件

  27.     if( file_exists("../install/index.php") ) {

  28.         @rename("../install/index.php", "../install/index.php.bak");

  29.     }

  30.     if( file_exists("../install/module-install.php") ) {

  31.         @rename("../install/module-install.php", "../install/module-install.php.bak");

  32.     }

  33. 	$fileindex = "../install/index.html";

  34. 	if( !file_exists($fileindex) ) {

  35. 		$fp = @fopen($fileindex,'w');

  36. 		fwrite($fp,'dir');

  37. 		fclose($fp);

  38. 	}

  39. }

  40. 

  41. //更新服务器

  42. require_once (DEDEDATA.'/admin/config_update.php');

  43. 

  44. if ($dopost=='showad')

  45. {

  46.     include('templets/login_ad.htm');

  47.     exit;

  48. }

  49. 

  50. //检测后台目录是否更名

  51. $cururl = GetCurUrl();

  52. if(preg_match('/dede\/login/i',$cururl))

  53. {

  54.     $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';

  55. }

  56. else

  57. {

  58.     $redmsg = '';

  59. }

  60. 

  61. //登录检测

  62. $admindirs = explode('/',str_replace("\\",'/',dirname(__FILE__)));

  63. $admindir = $admindirs[count($admindirs)-1];

  64. if($dopost=='login')

  65. {

  66.     $validate = empty($validate) ? '' : strtolower(trim($validate));

  67.     $svali = strtolower(GetCkVdValue());

  68.     if(($validate=='' || $validate != $svali) && preg_match("/6/",$safe_gdopen)){

  69.         ResetVdValue();

  70.         ShowMsg('验证码不正确!','login.php',0,1000);

  71.         exit;

  72.     } else {

  73.         $cuserLogin = new userLogin($admindir);

  74.         if(!empty($userid) && !empty($pwd))

  75.         {

  76.             $res = $cuserLogin->checkUser($userid,$pwd);

  77. 

  78.             //success

  79.             if($res==1)

  80.             {

  81.                 $cuserLogin->keepUser();

  82.                 if(!empty($gotopage))

  83.                 {

  84.                     ShowMsg('成功登录,正在转向管理管理主页!',$gotopage);

  85.                     exit();

  86.                 }

  87.                 else

  88.                 {

  89.                     ShowMsg('成功登录,正在转向管理管理主页!',"index.php");

  90.                     exit();

  91.                 }

  92.             }

  93. 

  94.             //error

  95.             else if($res==-1)

  96.             {

  97.                 ResetVdValue();

  98. 				ShowMsg('你的用户名不存在!','login.php',0,1000);

  99. 				exit;

  100.             }

  101.             else

  102.             {

  103.                 ResetVdValue();

  104.                 ShowMsg('你的密码错误!','login.php',0,1000);

  105. 				exit;

  106.             }

  107.         }

  108. 

  109.         //password empty

  110.         else

  111.         {

  112.             ResetVdValue();

  113.             ShowMsg('用户和密码没填写完整!','login.php',0,1000);

  114. 			exit;

  115.         }

  116.     }

  117. }

  118. 

  119. include('templets/login.htm');