DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 Commits
3 Branches
110MB
Tree: a3619b7ef6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a3619b7ef6'
${ noResults }
DedeV6/src/dede/login.php

120 lines
3.5KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 后台登陆

  4.  *

  5.  * @version        $Id: login.php 1 8:48 2010年7月13日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. require_once(dirname(__FILE__).'/../include/common.inc.php');

  12. require_once(DEDEINC.'/userlogin.class.php');

  13. if(empty($dopost)) $dopost = '';

  14. if(empty($gotopage)) $gotopage = '';

  15. 

  16. $gotopage = RemoveXSS($gotopage);

  17. 

  18. //检测安装目录安全性

  19. if( is_dir(dirname(__FILE__).'/../install') )

  20. {

  21.     if(!file_exists(dirname(__FILE__).'/../install/install_lock.txt') )

  22.     {

  23.       $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');

  24.       fwrite($fp,'ok');

  25.       fclose($fp);

  26.     }

  27.     //为了防止未知安全性问题,强制禁用安装程序的文件

  28.     if( file_exists("../install/index.php") ) {

  29.         @rename("../install/index.php", "../install/index.php.bak");

  30.     }

  31.     if( file_exists("../install/module-install.php") ) {

  32.         @rename("../install/module-install.php", "../install/module-install.php.bak");

  33.     }

  34. 	$fileindex = "../install/index.html";

  35. 	if( !file_exists($fileindex) ) {

  36. 		$fp = @fopen($fileindex,'w');

  37. 		fwrite($fp,'dir');

  38. 		fclose($fp);

  39. 	}

  40. }

  41. 

  42. //更新服务器

  43. require_once (DEDEDATA.'/admin/config_update.php');

  44. 

  45. if ($dopost=='showad')

  46. {

  47.     include('templets/login_ad.htm');

  48.     exit;

  49. }

  50. 

  51. //检测后台目录是否更名

  52. $cururl = GetCurUrl();

  53. if(preg_match('/dede\/login/i',$cururl))

  54. {

  55.     $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';

  56. }

  57. else

  58. {

  59.     $redmsg = '';

  60. }

  61. 

  62. //登录检测

  63. $admindirs = explode('/',str_replace("\\",'/',dirname(__FILE__)));

  64. $admindir = $admindirs[count($admindirs)-1];

  65. if($dopost=='login')

  66. {

  67.     $validate = empty($validate) ? '' : strtolower(trim($validate));

  68.     $svali = strtolower(GetCkVdValue());

  69.     if(($validate=='' || $validate != $svali) && preg_match("/6/",$safe_gdopen)){

  70.         ResetVdValue();

  71.         ShowMsg('验证码不正确!','login.php',0,1000);

  72.         exit;

  73.     } else {

  74.         $cuserLogin = new userLogin($admindir);

  75.         if(!empty($userid) && !empty($pwd))

  76.         {

  77.             $res = $cuserLogin->checkUser($userid,$pwd);

  78. 

  79.             //success

  80.             if($res==1)

  81.             {

  82.                 $cuserLogin->keepUser();

  83.                 if(!empty($gotopage))

  84.                 {

  85.                     ShowMsg('成功登录,正在转向管理管理主页!',$gotopage);

  86.                     exit();

  87.                 }

  88.                 else

  89.                 {

  90.                     ShowMsg('成功登录,正在转向管理管理主页!',"index.php");

  91.                     exit();

  92.                 }

  93.             }

  94. 

  95.             //error

  96.             else if($res==-1)

  97.             {

  98.                 ResetVdValue();

  99. 				ShowMsg('你的用户名不存在!','login.php',0,1000);

  100. 				exit;

  101.             }

  102.             else

  103.             {

  104.                 ResetVdValue();

  105.                 ShowMsg('你的密码错误!','login.php',0,1000);

  106. 				exit;

  107.             }

  108.         }

  109. 

  110.         //password empty

  111.         else

  112.         {

  113.             ResetVdValue();

  114.             ShowMsg('用户和密码没填写完整!','login.php',0,1000);

  115. 			exit;

  116.         }

  117.     }

  118. }

  119. 

  120. include('templets/login.htm');