国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

79 lines
2.8KB

  1. <?php
  2. /**
  3. * 后台登录
  4. *
  5. * @version $id:login.php 8:48 2010年7月13日 tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2022 DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__).'/../system/common.inc.php');
  12. require_once(DEDEINC.'/userlogin.class.php');
  13. if (empty($dopost)) $dopost = '';
  14. if (empty($gotopage)) $gotopage = '';
  15. $gotopage = RemoveXSS($gotopage);
  16. //检测安装目录安全性
  17. if (is_dir(dirname(__FILE__).'/../install')) {
  18. if (!file_exists(dirname(__FILE__).'/../install/install_lock.txt')) {
  19. $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录');
  20. fwrite($fp, 'ok');
  21. fclose($fp);
  22. }
  23. $fileindex = "../install/index.html";
  24. if (!file_exists($fileindex)) {
  25. $fp = @fopen($fileindex, 'w');
  26. fwrite($fp, 'dir');
  27. fclose($fp);
  28. }
  29. }
  30. //检测后台目录是否更名
  31. $cururl = GetCurUrl();
  32. if (preg_match('/admin/', $cururl)) {
  33. $redmsg = '<div class="alert alert-warning">安全提示:后台管理目录名称中包含默认名称admin,建议把它修改为其它名称</div>';
  34. } else {
  35. $redmsg = '';
  36. }
  37. //登录检测
  38. $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__)));
  39. $admindir = $admindirs[count($admindirs) - 1];
  40. if ($dopost == 'login') {
  41. $cuserLogin = new userLogin($admindir);
  42. if (!empty($userid) && !empty($pwd)) {
  43. $isNeed = $cuserLogin->isNeedCheckCode($userid);
  44. if ($isNeed) {
  45. $validate = empty($validate) ? '' : strtolower(trim($validate));
  46. $svali = strtolower(GetCkVdValue());
  47. if ($validate == '' || $validate != $svali) {
  48. ResetVdValue();
  49. ShowMsg('验证码不正确', 'login.php', 0, 1000);
  50. exit;
  51. }
  52. }
  53. $res = $cuserLogin->checkUser($userid, $pwd);
  54. if ($res == 1) {
  55. $cuserLogin->keepUser();
  56. if (!empty($gotopage)) {
  57. ShowMsg('成功登录,正在跳转管理管理主页', $gotopage);
  58. exit();
  59. } else {
  60. ShowMsg('成功登录,正在跳转管理管理主页', 'index.php');
  61. exit();
  62. }
  63. } else if ($res == -1) {
  64. ResetVdValue();
  65. ShowMsg('管理员账号不存在', 'login.php', 0, 1000);
  66. exit;
  67. } else {
  68. ResetVdValue();
  69. ShowMsg('管理员密码错误', 'login.php', 0, 1000);
  70. exit;
  71. }
  72. } else {
  73. ResetVdValue();
  74. ShowMsg('管理员账号和密码没填完整', 'login.php', 0, 1000);
  75. exit;
  76. }
  77. }
  78. include('templets/login.htm');
  79. ?>