From ab4979666113bac7b795b486a0aef43030bba86e Mon Sep 17 00:00:00 2001 From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com> Date: Thu, 11 Mar 2021 18:48:43 +0800 Subject: [PATCH] Show error in login --- common.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/common.php b/common.php index 81bef93..5261b6f 100644 --- a/common.php +++ b/common.php @@ -166,8 +166,11 @@ function main($path) } else { $url = path_format($_SERVER['PHP_SELF'] . '/'); } - if (compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin'))) { - return adminform('admin', adminpass2cookie('admin', getConfig('admin')), $url); + if (isset($_POST['password1'])) { + $compareresult = compareadminsha1($_POST['password1'], $_POST['timestamp'], getConfig('admin')); + if ($compareresult=='') { + return adminform('admin', adminpass2cookie('admin', getConfig('admin')), $url); + } else return adminform($compareresult); } else return adminform(); } if ( isset($_COOKIE['admin'])&&compareadminmd5($_COOKIE['admin'], 'admin', getConfig('admin')) ) { @@ -453,10 +456,10 @@ function compareadminmd5($admincookie, $name, $pass) } function compareadminsha1($adminsha1, $timestamp, $pass) { - if (!is_numeric($timestamp)) return false; - if (abs(time()-$timestamp) > 5*60) return false; - if ($adminsha1 == sha1($timestamp . $pass)) return true; - else return false; + if (!is_numeric($timestamp)) return 'Timestamp not Number'; + if (abs(time()-$timestamp) > 5*60) return 'The timestamp in server is ' . time() . ' (' . date("Y-m-d\TH:i:s\Z") . '),
and your posted timestamp is ' . $timestamp . ' (' . date("Y-m-d\TH:i:s\Z", $timestamp) . ')'; + if ($adminsha1 == sha1($timestamp . $pass)) return ''; + else return 'Error password'; } function proxy_replace_domain($url, $domainforproxy) @@ -870,10 +873,9 @@ function time_format($ISO) function adminform($name = '', $pass = '', $path = '') { - $html = '' . getconstStr('AdminLogin') . ''; - if ($name!=''&&$pass!='') { + $html = '' . getconstStr('AdminLogin') . ''; + if ($name=='admin'&&$pass!='') { $html .= ' - ' . getconstStr('LoginSuccess') . ''; $statusCode = 201; date_default_timezone_set('UTC'); @@ -882,10 +884,10 @@ function adminform($name = '', $pass = '', $path = '') } $statusCode = 401; $html .= ' -

' . getconstStr('InputPassword') . '

+ ' . $name . '