mirror of
https://github.com/netcccyun/dnsmgr.git
synced 2024-11-16 03:32:28 +08:00
修改syskey存储
This commit is contained in:
parent
424d2c8132
commit
5cd6b108f0
|
@ -2,7 +2,6 @@ APP_DEBUG = false
|
|||
|
||||
[APP]
|
||||
DEFAULT_TIMEZONE = Asia/Shanghai
|
||||
SYS_KEY = {syskey}
|
||||
|
||||
[DATABASE]
|
||||
TYPE = mysql
|
||||
|
|
|
@ -47,7 +47,7 @@ class Auth extends BaseController
|
|||
DB::name('user')->where('id', $user['id'])->update(['lasttime' => date("Y-m-d H:i:s")]);
|
||||
$session = md5($user['id'].$user['password']);
|
||||
$expiretime = time()+2562000;
|
||||
$token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key'));
|
||||
$token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key'));
|
||||
cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]);
|
||||
if (file_exists($login_limit_file)) {
|
||||
unlink($login_limit_file);
|
||||
|
@ -93,7 +93,7 @@ class Auth extends BaseController
|
|||
if($timestamp < time()-300 || $timestamp > time()+300){
|
||||
return $this->alert('error', '时间戳无效');
|
||||
}
|
||||
if(md5(env('app.sys_key').$domain.$timestamp.$token.env('app.sys_key')) !== $sign){
|
||||
if(md5(config_get('sys_key').$domain.$timestamp.$token.config_get('sys_key')) !== $sign){
|
||||
return $this->alert('error', '签名错误');
|
||||
}
|
||||
if($token != cache('quicklogin_'.$domain)){
|
||||
|
@ -111,7 +111,7 @@ class Auth extends BaseController
|
|||
|
||||
$session = md5($row['id'].$row['name']);
|
||||
$expiretime = time()+2562000;
|
||||
$token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key'));
|
||||
$token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key'));
|
||||
cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]);
|
||||
return redirect('/record/'.$row['id']);
|
||||
}
|
||||
|
|
|
@ -291,7 +291,7 @@ class Domain extends BaseController
|
|||
$token = getSid();
|
||||
cache('quicklogin_'.$drow['name'], $token, 3600);
|
||||
$timestamp = time();
|
||||
$sign = md5(env('app.sys_key').$drow['name'].$timestamp.$token.env('app.sys_key'));
|
||||
$sign = md5(config_get('sys_key').$drow['name'].$timestamp.$token.config_get('sys_key'));
|
||||
$drow['loginurl'] = request()->root(true).'/quicklogin?domain='.$drow['name'].'×tamp='.$timestamp.'&token='.$token.'&sign='.$sign;
|
||||
}
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ class Install extends BaseController
|
|||
}
|
||||
|
||||
$configdata = file_get_contents(app()->getRootPath().'.example.env');
|
||||
$configdata = str_replace(['{syskey}','{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [random(16), $mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata);
|
||||
$configdata = str_replace(['{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [$mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata);
|
||||
|
||||
try{
|
||||
$DB=new PDO("mysql:host=".$mysql_host.";dbname=".$mysql_name.";port=".$mysql_port,$mysql_user,$mysql_pwd);
|
||||
|
@ -53,6 +53,7 @@ class Install extends BaseController
|
|||
$sqls=explode(';', $sqls);
|
||||
|
||||
$password = password_hash($admin_password, PASSWORD_DEFAULT);
|
||||
$sqls[]="REPLACE INTO `".$mysql_prefix."config` VALUES ('sys_key', '".random(16)."')";
|
||||
$sqls[]="INSERT INTO `".$mysql_prefix."user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('".addslashes($admin_username)."', '$password', 2, NOW(), NOW(), 1)";
|
||||
|
||||
$success=0;$error=0;$errorMsg=null;
|
||||
|
|
|
@ -13,7 +13,7 @@ class AuthUser
|
|||
$cookie = cookie('user_token');
|
||||
$user = null;
|
||||
if($cookie){
|
||||
$token=authcode($cookie, 'DECODE', env('app.sys_key'));
|
||||
$token=authcode($cookie, 'DECODE', config_get('sys_key'));
|
||||
if($token){
|
||||
list($type, $uid, $sid, $expiretime) = explode("\t", $token);
|
||||
if($type == 'user'){
|
||||
|
|
|
@ -31,6 +31,10 @@ class LoadConfig
|
|||
|
||||
try{
|
||||
$res = Db::name('config')->cache('configs',0)->column('value','key');
|
||||
if(empty($res['sys_key']) && !empty(env('app.sys_key'))){
|
||||
config_set('sys_key', env('app.sys_key'));
|
||||
$res['sys_key'] = env('app.sys_key');
|
||||
}
|
||||
Config::set($res, 'sys');
|
||||
}catch(Exception $e){
|
||||
if(!strpos($e->getMessage(), 'doesn\'t exist')){
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
|
||||
<title>抱歉,出错了</title>
|
||||
<link href="//res.wx.qq.com/open/libs/weui/0.4.3/weui.css" rel="stylesheet">
|
||||
<style>.page{position:absolute;top:0;right:0;bottom:0;left:0;overflow-y:auto;-webkit-overflow-scrolling:touch;box-sizing:border-box}</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="weui_msg">
|
||||
<div class="weui_icon_area"><i class="weui_icon_info weui_icon_msg"></i></div>
|
||||
<div class="weui_text_area">
|
||||
<h4 class="weui_msg_title">{$errmsg}</h4>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
document.body.addEventListener('touchmove', function (event) {
|
||||
event.preventDefault();
|
||||
},{ passive: false });
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user