国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

90 lines

  1. <?php
  2. /**
  3. * 后台登录
  4. *
  5. * @version $Id: login.php 1 8:48 2010年7月13日Z tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2021, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. require_once(dirname(__FILE__) . '/../include/common.inc.php');
  12. require_once(DEDEINC . '/userlogin.class.php');
  13. if (empty($dopost)) $dopost = '';
  14. if (empty($gotopage)) $gotopage = '';
  15. $gotopage = RemoveXSS($gotopage);
  16. //检测安装目录安全性
  17. if (is_dir(dirname(__FILE__) . '/../install')) {
  18. if (!file_exists(dirname(__FILE__) . '/../install/install_lock.txt')) {
  19. $fp = fopen(dirname(__FILE__) . '/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');
  20. fwrite($fp, 'ok');
  21. fclose($fp);
  22. }
  23. //为了防止未知安全性问题,强制禁用安装程序的文件
  24. if (file_exists("../install/index.php")) {
  25. @rename("../install/index.php", "../install/index.php.bak");
  26. }
  27. if (file_exists("../install/module-install.php")) {
  28. @rename("../install/module-install.php", "../install/module-install.php.bak");
  29. }
  30. $fileindex = "../install/index.html";
  31. if (!file_exists($fileindex)) {
  32. $fp = @fopen($fileindex, 'w');
  33. fwrite($fp, 'dir');
  34. fclose($fp);
  35. }
  36. }
  37. //更新服务器
  38. require_once(DEDEDATA . '/admin/config_update.php');
  39. //检测后台目录是否更名
  40. $cururl = GetCurUrl();
  41. if (preg_match('/dede\/login/i', $cururl)) {
  42. $redmsg = '<div class="alert alert-warning" role="alert"><div class=\"safe-tips\">您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div></div>';
  43. } else {
  44. $redmsg = '';
  45. }
  46. //登录检测
  47. $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__)));
  48. $admindir = $admindirs[count($admindirs) - 1];
  49. if ($dopost == 'login') {
  50. $validate = empty($validate) ? '' : strtolower(trim($validate));
  51. $svali = strtolower(GetCkVdValue());
  52. if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {
  53. ResetVdValue();
  54. ShowMsg('验证码不正确', 'login.php', 0, 1000);
  55. exit;
  56. } else {
  57. $cuserLogin = new userLogin($admindir);
  58. if (!empty($userid) && !empty($pwd)) {
  59. $res = $cuserLogin->checkUser($userid, $pwd);
  60. //success
  61. if ($res == 1) {
  62. $cuserLogin->keepUser();
  63. if (!empty($gotopage)) {
  64. ShowMsg('成功登录,正在转向管理管理主页', $gotopage);
  65. exit();
  66. } else {
  67. ShowMsg('成功登录,正在转向管理管理主页', "index.php");
  68. exit();
  69. }
  70. }
  71. //error
  72. else if ($res == -1) {
  73. ResetVdValue();
  74. ShowMsg('你的用户名不存在', 'login.php', 0, 1000);
  75. exit;
  76. } else {
  77. ResetVdValue();
  78. ShowMsg('你的密码错误', 'login.php', 0, 1000);
  79. exit;
  80. }
  81. }
  82. //password empty
  83. else {
  84. ResetVdValue();
  85. ShowMsg('用户和密码没填写完整', 'login.php', 0, 1000);
  86. exit;
  87. }
  88. }
  89. }
  90. include('templets/login.htm');