renun/TwoNav
1
0
Fork 0
mirror of https://github.com/tznb1/TwoNav.git synced 2025-08-10 08:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
b9eaa4099d7c24f8b255f2dfe65c1729e26865f3
TwoNav/system/auth.php
MI15\Win 851ff8285c v2.1.09-20231220
2023-12-21 23:02:38 +08:00

91 lines
3.6 KiB
PHP
Raw Blame History

<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}
// 鉴权接口: 账号登录
//忽略GET/POST以外的请求
if(!in_array($_SERVER['REQUEST_METHOD'],['GET','POST'])){
exit;
}
if(!isset($auth_mode)){
$auth_mode = $_GET['mode'];
}
//账号登录
if($auth_mode == 'uname'){
$username = $_POST['username'];
$password = $_POST['password'];
$log = ["uid" => '',"user"=>$username,"ip"=>Get_IP(),"time"=>time(),"type" => 'login',"content"=>Get_Request_Content(),"description"=>""];
//密码长度
if(strlen($password)!==32){
$log['description'] = '请求登录>密码错误(长度应该是32位的MD5)';
insert_db("user_log",$log);
msg(-1,'账号或密码错误');
}
//浏览器UA
if(strlen($_SERVER['HTTP_USER_AGENT']) > 1024){
$log['description'] = '请求登录>浏览器UA长度>1024';
insert_db("user_log",$log);
msg(-1,"浏览器UA长度异常,请更换浏览器!");
}
//读取资料
$USER_DB = get_db("global_user", "*", ["OR"=>['User'=>$username,'Email'=>$username]]);
if(empty($USER_DB)){
$log['description'] = '请求登录>账号不存在';
insert_db("user_log",$log);
msg(-1,'账号不存在');
}
$log['uid'] = $USER_DB['ID'];
//登录入口
session_start();
if($_SESSION['login'] != $global_config["Login"] && $_SESSION['login'] != $USER_DB['Login'] ){
$log['description'] = '请求登录>登录入口错误';
insert_db("user_log",$log);
msg(-1,"请求失败,请刷新登录页面再试");
}
//双重验证
$LoginConfig = unserialize( $USER_DB['LoginConfig'] );
if(!empty($LoginConfig['totp_key'])){
if(empty($_POST['otp_code'])){
msgA(['code'=>2]);
}
require DIR . '/system/Authenticator.php';
$totp = new PHPGangsta_GoogleAuthenticator();
$checkResult = $totp->verifyCode($LoginConfig['totp_key'], $_POST['otp_code'], 2);
if(!$checkResult){
$log['description'] = '请求登录>动态口令错误';
insert_db("user_log",$log);
msgA(['code'=>-1,'msg'=>'动态口令错误']);
}
}
//验证密码
if(Get_MD5_Password($password,$USER_DB["RegTime"]) === $USER_DB["Password"]){
$log['description'] = '请求登录>登录成功';
insert_db("user_log",$log);
//保持登录
$keep_login = isset($_POST['keep']) && $_POST['keep'] == 'on';
if($keep_login == true){
$LoginConfig['Session'] = ($LoginConfig['Session'] > 0 ? $LoginConfig['Session'] : 7 );
}else{
$LoginConfig['Session'] = 0;
}
$USER_DB['LoginConfig'] = serialize($LoginConfig);
//设置Cookie
Set_key($USER_DB);
if(empty($LoginConfig['login_page']) || $LoginConfig['login_page'] == 'admin'){
$url = "./?c=admin&u={$USER_DB['User']}";
}elseif($LoginConfig['login_page'] == 'index'){
$url = "./?c=index&u={$USER_DB['User']}";
}else{
$url = preg_match('/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i',$_SERVER['HTTP_USER_AGENT']) ? "./?c=index&u={$USER_DB['User']}" : "./?c=admin&u={$USER_DB['User']}";
}
//默认页面
if(!empty($global_config['default_page'])){
setcookie('Default_User', $USER_DB['User'], strtotime("+360 day"),"/",'',false,false);
}
msgA(['code'=>1,'msg'=>'登录成功','url'=>$url]);
}else{
$log['description'] = '请求登录>账户或密码错误';
insert_db("user_log",$log);
msg(-1,"账户或密码错误");
}
}
Reference in New Issue View Git Blame Copy Permalink