DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
924 Commits
3 Branches
110MB
Tree: e82490df74
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e82490df74'
${ noResults }
DedeV6/src/admin/login.php

83 lines
3.0KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 后台登录

  4.  *

  5.  * @version        $Id: login.php 1 8:48 2010年7月13日Z tianya $

  6.  * @package        DedeBIZ.Administrator

  7.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__).'/../system/common.inc.php');

  12. require_once(DEDEINC.'/userlogin.class.php');

  13. if (empty($dopost)) $dopost = '';

  14. if (empty($gotopage)) $gotopage = '';

  15. $gotopage = RemoveXSS($gotopage);

  16. //检测安装目录安全性

  17. if (is_dir(dirname(__FILE__).'/../install')) {

  18.     if (!file_exists(dirname(__FILE__).'/../install/install_lock.txt')) {

  19.         $fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录');

  20.         fwrite($fp, 'ok');

  21.         fclose($fp);

  22.     }

  23.     $fileindex = "../install/index.html";

  24.     if (!file_exists($fileindex)) {

  25.         $fp = @fopen($fileindex, 'w');

  26.         fwrite($fp, 'dir');

  27.         fclose($fp);

  28.     }

  29. }

  30. //更新服务器

  31. require_once(DEDEDATA.'/admin/config_update.php');

  32. //检测后台目录是否更名

  33. $cururl = GetCurUrl();

  34. if (preg_match('/admin\/login/i', $cururl)) {

  35.     $redmsg = '<div class="alert alert-warning"><div class=\"safe-tips\">您的管理目录的名称中包含默认名称admin,建议在FTP里把它修改为其它名称,那样会更安全</div></div>';

  36. } else {

  37.     $redmsg = '';

  38. }

  39. //登录检测

  40. $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__)));

  41. $admindir = $admindirs[count($admindirs) - 1];

  42. if ($dopost == 'login') {

  43.     $validate = empty($validate) ? '' : strtolower(trim($validate));

  44.     $svali = strtolower(GetCkVdValue());

  45.     if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {

  46.         ResetVdValue();

  47.         ShowMsg('验证码不正确', 'login.php', 0, 1000);

  48.         exit;

  49.     } else {

  50.         $cuserLogin = new userLogin($admindir);

  51.         if (!empty($userid) && !empty($pwd)) {

  52.             $res = $cuserLogin->checkUser($userid, $pwd);

  53.             //success

  54.             if ($res == 1) {

  55.                 $cuserLogin->keepUser();

  56.                 if (!empty($gotopage)) {

  57.                     ShowMsg('成功登录,正在转向管理管理主页', $gotopage);

  58.                     exit();

  59.                 } else {

  60.                     ShowMsg('成功登录,正在转向管理管理主页', "index.php");

  61.                     exit();

  62.                 }

  63.             }

  64.             //error

  65.             else if ($res == -1) {

  66.                 ResetVdValue();

  67.                 ShowMsg('您的用户名不存在', 'login.php', 0, 1000);

  68.                 exit;

  69.             } else {

  70.                 ResetVdValue();

  71.                 ShowMsg('您的密码错误', 'login.php', 0, 1000);

  72.                 exit;

  73.             }

  74.         }

  75.         //password empty

  76.         else {

  77.             ResetVdValue();

  78.             ShowMsg('用户和密码没填写完整', 'login.php', 0, 1000);

  79.             exit;

  80.         }

  81.     }

  82. }

  83. include('templets/login.htm');