diff --git a/conf/custom_password.json b/conf/custom_password.json
index b519742..c3c057d 100644
--- a/conf/custom_password.json
+++ b/conf/custom_password.json
@@ -1,10 +1,10 @@
{
- "password_auth": {
- "enable": true,
- "alldirs": "helloWorld",
- "nonebutdirs": {
- "test": "hello",
- "邻家小妹": "world"
- }
- }
+ "password_auth": {
+ "enable": true,
+ "default": "helloWorld",
+ "allow": {
+ "test": "hello",
+ "邻家小妹": "world"
+ }
+ }
}
\ No newline at end of file
diff --git a/plugins/Common.php b/plugins/Common.php
index a548d96..86c2f10 100644
--- a/plugins/Common.php
+++ b/plugins/Common.php
@@ -655,17 +655,19 @@ Class Common {
}
$allowed = true;
- $authDirs = Common::getPwdAuthDirsFromSession();
- if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
+ $authDirs = self::getPwdAuthDirsFromSession();
+ if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && !in_array('default', $authDirs)) {
+ //所有目录都需要授权
$allowed = false;
- }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
+ }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && !in_array($dir, $authDirs)) {
+ //只有部分目录需要授权
$allowed = false;
}
return $allowed;
}
- //密码授权检查
+ //密码授权检查,如果密码正确,则增加目录到已授权列表
public static function pwdAuthToDir($dir, $userPassword) {
if( empty(FSC::$app['config']['password_auth']) ) {
return true;
@@ -676,15 +678,17 @@ Class Common {
return true;
}
- $allowed = true;
- $authDirs = Common::getPwdAuthDirsFromSession();
- if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
- $allowed = false;
- }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
- $allowed = false;
+ $authed = false;
+ $authDirs = self::getPwdAuthDirsFromSession();
+ if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && $userPassword == $authConfig['default']) {
+ self::savePwdAuthDirToSession($dir);
+ $authed = true;
+ }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && $authConfig['allow'][$dir] == $userPassword) {
+ self::savePwdAuthDirToSession($dir);
+ $authed = true;
}
- return $allowed;
+ return $authed;
}
}
\ No newline at end of file
diff --git a/themes/beauty/controller/SiteController.php b/themes/beauty/controller/SiteController.php
index fce981e..8f7f1bc 100644
--- a/themes/beauty/controller/SiteController.php
+++ b/themes/beauty/controller/SiteController.php
@@ -654,9 +654,16 @@ Class SiteController extends Controller {
throw new Exception("缺少参数!", 403);
}
+ $errorMsg = '';
$post = $this->post();
if (!empty($post)) {
$password = $this->post('password', '');
+ $authed = Common::pwdAuthToDir($checkDir, $password);
+ if ($authed == false) {
+ $errorMsg = '密码错误,请仔细检查后重试。';
+ }else {
+ return $this->redirect($goBackUrl);
+ }
}
$pageTitle = '密码授权';
@@ -664,7 +671,8 @@ Class SiteController extends Controller {
$params = compact(
'checkDir',
'goBackUrl',
- 'password'
+ 'password',
+ 'errorMsg'
);
return $this->render($viewName, $params, $pageTitle);
}
diff --git a/themes/beauty/views/site/pwdauth.php b/themes/beauty/views/site/pwdauth.php
index 30a6b64..77dc5f5 100644
--- a/themes/beauty/views/site/pwdauth.php
+++ b/themes/beauty/views/site/pwdauth.php
@@ -15,11 +15,21 @@
+eof;
+ }
+ ?>