password auth check done

conf/custom_password.json

@@ -1,10 +1,10 @@
 {
-	"password_auth": {
-		"enable": true,
-		"alldirs": "helloWorld",
-		"nonebutdirs": {
-			"test": "hello",
-			"邻家小妹": "world"
-		}
-	}
+    "password_auth": {
+        "enable": true,
+        "default": "helloWorld",
+        "allow": {
+            "test": "hello",
+            "邻家小妹": "world"
+        }
+    }
 }

plugins/Common.php

@@ -655,17 +655,19 @@ Class Common {
         }
 
         $allowed = true;
-        $authDirs = Common::getPwdAuthDirsFromSession();
-        if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
+        $authDirs = self::getPwdAuthDirsFromSession();
+        if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && !in_array('default', $authDirs)) {
+            //所有目录都需要授权
             $allowed = false;
-        }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
+        }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && !in_array($dir, $authDirs)) {
+            //只有部分目录需要授权
             $allowed = false;
         }
 
         return $allowed;
     }
 
-    //密码授权检查
+    //密码授权检查，如果密码正确，则增加目录到已授权列表
     public static function pwdAuthToDir($dir, $userPassword) {
         if( empty(FSC::$app['config']['password_auth']) ) {
             return true;
@@ -676,15 +678,17 @@ Class Common {
             return true;
         }
 
-        $allowed = true;
-        $authDirs = Common::getPwdAuthDirsFromSession();
-        if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
-            $allowed = false;
-        }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
-            $allowed = false;
+        $authed = false;
+        $authDirs = self::getPwdAuthDirsFromSession();
+        if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && $userPassword == $authConfig['default']) {
+            self::savePwdAuthDirToSession($dir);
+            $authed = true;
+        }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && $authConfig['allow'][$dir] == $userPassword) {
+            self::savePwdAuthDirToSession($dir);
+            $authed = true;
         }
 
-        return $allowed;
+        return $authed;
     }
 
 }

themes/beauty/controller/SiteController.php

@@ -654,9 +654,16 @@ Class SiteController extends Controller {
             throw new Exception("缺少参数！", 403);
         }
 
+        $errorMsg = '';
         $post = $this->post();
         if (!empty($post)) {
             $password = $this->post('password', '');
+            $authed = Common::pwdAuthToDir($checkDir, $password);
+            if ($authed == false) {
+                $errorMsg = '密码错误，请仔细检查后重试。';
+            }else {
+                return $this->redirect($goBackUrl);
+            }
         }
 
         $pageTitle = '密码授权';
@@ -664,7 +671,8 @@ Class SiteController extends Controller {
         $params = compact(
             'checkDir',
             'goBackUrl',
-            'password'
+            'password',
+            'errorMsg'
         );
         return $this->render($viewName, $params, $pageTitle);
     }

themes/beauty/views/site/pwdauth.php

@@ -15,11 +15,21 @@
 
 <!-- 页面内容 -->
 <div class="container">
-	<form class="simple-form" action="" method="POST">
-		<div class="alert alert-warning">
-			<h3>当前页面需密码授权</h3>
-			<p class="mt-1">如果你不知道密码，请联系管理员索要。</p>
-		</div>
+    <form class="simple-form" action="" method="POST">
+        <div class="alert alert-warning">
+            <h3>当前页面需密码授权</h3>
+            <p class="mt-1">如果你不知道密码，请联系管理员索要。</p>
+        </div>
+        <?php
+        if (!empty($viewData['errorMsg'])) {
+            echo <<<eof
+        <div class="alert alert-danger">
+            <h3>Oops，出错啦！</h3>
+            <p class="mt-1">{$viewData['errorMsg']}</p>
+        </div>
+eof;
+        }
+        ?>
         <div class="form-group">
             <input name="password" placeholder="请填写密码" type="password" class="form-control">
         </div>