yanglc
/
OneManager-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: ?login can return loginpage

pull/538/head
qkqpttgf 2022-01-30 15:55:54 +08:00 committed by GitHub
parent 29840c8b26
commit 4073323d7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
common.php
View File

@ -190,22 +190,24 @@ function main($path)
} else { } else {
$adminloginpage = getConfig('adminloginpage'); $adminloginpage = getConfig('adminloginpage');
} }
if (isset($_GET['login'])&&$_GET['login']==$adminloginpage) { if (isset($_GET['login'])) {
/*if (isset($_GET['preview'])) { if ($_GET['login']===$adminloginpage) {
$url = $_SERVER['PHP_SELF'] . '?preview'; /*if (isset($_GET['preview'])) {
} else { $url = $_SERVER['PHP_SELF'] . '?preview';
$url = path_format($_SERVER['PHP_SELF'] . '/'); } else {
}*/ $url = path_format($_SERVER['PHP_SELF'] . '/');
if (isset($_POST['password1'])) { }*/
$compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin')); if (isset($_POST['password1'])) {
if ($compareresult=='') { $compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin'));
$timestamp = time()+7*24*60*60; if ($compareresult=='') {
$randnum = rand(10, 99999); $timestamp = time()+7*24*60*60;
$admincookie = adminpass2cookie('admin', getConfig('admin'), $timestamp, $randnum); $randnum = rand(10, 99999);
$adminlocalstorage = adminpass2storage('admin', getConfig('admin'), $timestamp, $randnum); $admincookie = adminpass2cookie('admin', getConfig('admin'), $timestamp, $randnum);
return adminform('admin', $admincookie, $adminlocalstorage); $adminlocalstorage = adminpass2storage('admin', getConfig('admin'), $timestamp, $randnum);
} else return adminform($compareresult); return adminform('admin', $admincookie, $adminlocalstorage);
} else return adminform(); } else return adminform($compareresult);
} else return adminform();
}
} }
if ( isset($_COOKIE['admin'])&&compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin']) ) { if ( isset($_COOKIE['admin'])&&compareadminmd5('admin', getConfig('admin'), $_COOKIE['admin']) ) {
$_SERVER['admin']=1; $_SERVER['admin']=1;