sha1 admin pass in submit

pull/276/head
qkqpttgf 2021-03-09 16:04:19 +08:00 committed by GitHub
parent 928d028d7f
commit 6949fae7eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 16 deletions

View File

@ -166,11 +166,11 @@ function main($path)
} else { } else {
$url = path_format($_SERVER['PHP_SELF'] . '/'); $url = path_format($_SERVER['PHP_SELF'] . '/');
} }
if ($_POST['password1']==getConfig('admin')) { if (compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin'))) {
return adminform('admin', pass2cookie('admin', $_POST['password1']), $url); return adminform('admin', adminpass2cookie('admin', getConfig('admin')), $url);
} else return adminform(); } else return adminform();
} }
if ( isset($_COOKIE['admin'])&&$_COOKIE['admin']==pass2cookie('admin', getConfig('admin')) ) { if ( isset($_COOKIE['admin'])&&compareadminmd5($_COOKIE['admin'], 'admin', getConfig('admin')) ) {
$_SERVER['admin']=1; $_SERVER['admin']=1;
$_SERVER['needUpdate'] = needUpdate(); $_SERVER['needUpdate'] = needUpdate();
} else { } else {
@ -436,9 +436,27 @@ function isreferhost() {
return false; return false;
} }
function pass2cookie($name, $pass) function adminpass2cookie($name, $pass)
{ {
return md5($name . ':' . md5($pass)); $timestamp = time()+7*24*60*60;
return md5($name . ':' . md5($pass) . '@' . $timestamp) . "(" . $timestamp . ")";
}
function compareadminmd5($admincookie, $name, $pass)
{
$c = splitfirst($admincookie, '(');
$c_md5 = $c[0];
$c_time = substr($c[1], 0, -1);
if (!is_numeric($c_time)) return false;
if (time() > $c_time) return false;
if (md5($name . ':' . md5($pass) . '@' . $c_time) == $c_md5) return true;
else return false;
}
function compareadminsha1($adminsha1, $timestamp, $pass)
{
if (!is_numeric($timestamp)) return false;
if (abs(time()-$timestamp) > 5*60) return false;
if ($adminsha1 == sha1($timestamp . $pass)) return true;
else return false;
} }
function proxy_replace_domain($url, $domainforproxy) function proxy_replace_domain($url, $domainforproxy)
@ -868,9 +886,9 @@ function adminform($name = '', $pass = '', $path = '')
<body> <body>
<div> <div>
<center><h4>' . getconstStr('InputPassword') . '</h4> <center><h4>' . getconstStr('InputPassword') . '</h4>
<form action="" method="post" onsubmit="return md5pass(this);"> <form action="" method="post" onsubmit="return sha1loginpass(this);">
<div> <div>
<input name="password1" type="password"/> <input id="password1" name="password1" type="password"/>
<input name="timestamp" type="hidden"/> <input name="timestamp" type="hidden"/>
<input type="submit" value="' . getconstStr('Login') . '"> <input type="submit" value="' . getconstStr('Login') . '">
</div> </div>
@ -879,12 +897,16 @@ function adminform($name = '', $pass = '', $path = '')
</div> </div>
</body>'; </body>';
$html .= ' $html .= '
<script src="https://cdn.bootcdn.net/ajax/libs/js-sha1/0.6.0/sha1.min.js"></script>
<script> <script>
function md5pass(f) { document.getElementById("password1").focus();
return true; function sha1loginpass(f) {
var timestamp = new Date().getTime(); if (f.password1.value=="") return false;
timestamp = new Date().getTime() + "";
timestamp = timestamp.substr(0, timestamp.length-3);
f.timestamp.value = timestamp; f.timestamp.value = timestamp;
//f.password1.value = f.password1.value = sha1(timestamp + "" + f.password1.value);
return true;
} }
</script>'; </script>';
$html .= '</html>'; $html .= '</html>';
@ -1105,8 +1127,11 @@ function EnvOpt($needUpdate = 0)
return message($html, $title); return message($html, $title);
} }
if (isset($_POST['config_b'])) { if (isset($_POST['config_b'])) {
//return output(json_encode($_POST)); if (!$_POST['pass']) return output("{\"Error\": \"No admin pass\"}", 403);
if ($_POST['pass']!=''&&$_POST['pass']==getConfig('admin')) { if (!is_numeric($_POST['timestamp'])) return output("{\"Error\": \"Error time\"}", 403);
if (abs(time() - $_POST['timestamp']/1000) > 5*60) return output("{\"Error\": \"Timeout\"}", 403);
if ($_POST['pass']==sha1(getConfig('admin') . $_POST['timestamp'])) {
if ($_POST['config_b'] == 'export') { if ($_POST['config_b'] == 'export') {
foreach ($EnvConfigs as $env => $v) { foreach ($EnvConfigs as $env => $v) {
if (isCommonEnv($env)) { if (isCommonEnv($env)) {
@ -1156,7 +1181,7 @@ function EnvOpt($needUpdate = 0)
} }
return output(json_encode($_POST), 500); return output(json_encode($_POST), 500);
} else { } else {
return output("{\"Error\": \"Error admin pass\"}", 403); return output("{\"Error\": \"Admin pass error\"}", 403);
} }
} }
@ -1361,6 +1386,7 @@ function EnvOpt($needUpdate = 0)
} }
} }
$html .= ' $html .= '
<script src="https://cdn.bootcdn.net/ajax/libs/js-sha1/0.6.0/sha1.min.js"></script>
<table> <table>
<form id="config_f" name="config" action="" method="POST" onsubmit="return false;"> <form id="config_f" name="config" action="" method="POST" onsubmit="return false;">
<tr> <tr>
@ -1380,6 +1406,7 @@ function EnvOpt($needUpdate = 0)
alert("admin pass"); alert("admin pass");
return false; return false;
} }
var timestamp = new Date().getTime();
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("POST", ""); xhr.open("POST", "");
xhr.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=utf-8"); xhr.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=utf-8");
@ -1398,7 +1425,7 @@ function EnvOpt($needUpdate = 0)
xhr.onerror = function(e){ xhr.onerror = function(e){
alert("Network Error "+xhr.status); alert("Network Error "+xhr.status);
} }
xhr.send("pass=" + config_f.pass.value + "&config_b=" + b.value); xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_b=" + b.value + "&timestamp=" + timestamp);
} }
function importConfig(b) { function importConfig(b) {
if (config_f.pass.value=="") { if (config_f.pass.value=="") {
@ -1416,6 +1443,7 @@ function EnvOpt($needUpdate = 0)
return false; return false;
} }
} }
var timestamp = new Date().getTime();
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("POST", ""); xhr.open("POST", "");
xhr.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=utf-8"); xhr.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=utf-8");
@ -1431,7 +1459,7 @@ function EnvOpt($needUpdate = 0)
xhr.onerror = function(e){ xhr.onerror = function(e){
alert("Network Error "+xhr.status); alert("Network Error "+xhr.status);
} }
xhr.send("pass=" + config_f.pass.value + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value); xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value + "&timestamp=" + timestamp);
} }
</script><br>'; </script><br>';
$Driver_arr = scandir(__DIR__ . $slash . 'disk'); $Driver_arr = scandir(__DIR__ . $slash . 'disk');