From 6e66ec05d87d78c42f2839099dc7e92e7f8d2cf8 Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Tue, 9 Mar 2021 17:18:59 +0800 Subject: [PATCH] Can change admin password now --- common.php | 63 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 58 insertions(+), 5 deletions(-) diff --git a/common.php b/common.php index 3f0d5e6..81bef93 100644 --- a/common.php +++ b/common.php @@ -1184,6 +1184,24 @@ function EnvOpt($needUpdate = 0) return output("{\"Error\": \"Admin pass error\"}", 403); } } + if (isset($_POST['changePass'])) { + if (!is_numeric($_POST['timestamp'])) return message("Error time" . getconstStr('Back') . "", "Error", 403); + if (abs(time() - $_POST['timestamp']/1000) > 5*60) return message("Timeout" . getconstStr('Back') . "", "Error", 403); + if ($_POST['newPass1']==''||$_POST['newPass2']=='') return message("Empty new pass" . getconstStr('Back') . "", "Error", 403); + if ($_POST['newPass1']!==$_POST['newPass2']) return message("Twice new pass not the same" . getconstStr('Back') . "", "Error", 403); + if ($_POST['newPass1']==getConfig('admin')) return message("New pass same to old one" . getconstStr('Back') . "", "Error", 403); + if ($_POST['oldPass']==sha1(getConfig('admin') . $_POST['timestamp'])) { + $tmp['admin'] = $_POST['newPass1']; + $response = setConfigResponse( setConfig($tmp) ); + if (api_error($response)) { + return message(api_error_msg($response) . "" . getconstStr('Back') . "", "Error", 403); + } else { + return message("Success" . getconstStr('Back') . "", "Success", 200); + } + } else { + return message("Old pass error" . getconstStr('Back') . "", "Error", 403); + } + } if (isset($_GET['preview'])) { $preurl = $_SERVER['PHP_SELF'] . '?preview'; @@ -1388,14 +1406,31 @@ function EnvOpt($needUpdate = 0) $html .= ' - + - - + - - + + + + + + + + + +
admin pass:old pass: +
config:new pass:
reinput:

+ + + + + + +
admin pass: +
config: +
@@ -1461,6 +1496,24 @@ function EnvOpt($needUpdate = 0) } xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value + "×tamp=" + timestamp); } + function changePassword(f) { + if (f.oldPass.value==""||f.newPass1.value==""||f.newPass2.value=="") { + alert("Input"); + return false; + } + if (f.oldPass.value==f.newPass1.value) { + alert("Same password"); + return false; + } + if (f.newPass1.value!==f.newPass1.value) { + alert("Input twice new password"); + return false; + } + var timestamp = new Date().getTime(); + f.timestamp.value = timestamp; + f.oldPass.value = sha1(f.oldPass.value + "" + timestamp); + return true; + }
'; $Driver_arr = scandir(__DIR__ . $slash . 'disk'); $html .= '