password auth check done

3 months ago · 5d312824c3
4 changed files with 47 additions and 25 deletions
--- a/conf/custom_password.json
+++ b/conf/custom_password.json
@ -1,8 +1,8 @@
 {
    "password_auth": {
        "enable": true,
-		"alldirs": "helloWorld",
+        "default": "helloWorld",
-		"nonebutdirs": {
+        "allow": {
            "test": "hello",
            "邻家小妹": "world"
        }
--- a/plugins/Common.php
+++ b/plugins/Common.php
@ -655,17 +655,19 @@ Class Common {
        }
        $allowed = true;
-        $authDirs = Common::getPwdAuthDirsFromSession();
+        $authDirs = self::getPwdAuthDirsFromSession();
-        if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
+        if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && !in_array('default', $authDirs)) {
            //所有目录都需要授权
            $allowed = false;
-        }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
+        }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && !in_array($dir, $authDirs)) {
            //只有部分目录需要授权
            $allowed = false;
        }
        return $allowed;
    }
-    //密码授权检查
+    //密码授权检查，如果密码正确，则增加目录到已授权列表
    public static function pwdAuthToDir($dir, $userPassword) {
        if( empty(FSC::$app['config']['password_auth']) ) {
            return true;
@ -676,15 +678,17 @@ Class Common {
            return true;
        }
-        $allowed = true;
+        $authed = false;
-        $authDirs = Common::getPwdAuthDirsFromSession();
+        $authDirs = self::getPwdAuthDirsFromSession();
-        if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
+        if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && $userPassword == $authConfig['default']) {
-            $allowed = false;
+            self::savePwdAuthDirToSession($dir);
-        }else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
+            $authed = true;
-            $allowed = false;
+        }else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && $authConfig['allow'][$dir] == $userPassword) {
            self::savePwdAuthDirToSession($dir);
            $authed = true;
        }
-        return $allowed;
+        return $authed;
    }
 }
--- a/themes/beauty/controller/SiteController.php
+++ b/themes/beauty/controller/SiteController.php
@ -654,9 +654,16 @@ Class SiteController extends Controller {
            throw new Exception("缺少参数！", 403);
        }
        $errorMsg = '';
        $post = $this->post();
        if (!empty($post)) {
            $password = $this->post('password', '');
            $authed = Common::pwdAuthToDir($checkDir, $password);
            if ($authed == false) {
                $errorMsg = '密码错误，请仔细检查后重试。';
            }else {
                return $this->redirect($goBackUrl);
            }
        }
        $pageTitle = '密码授权';
@ -664,7 +671,8 @@ Class SiteController extends Controller {
        $params = compact(
            'checkDir',
            'goBackUrl',
-            'password'
+            'password',
            'errorMsg'
        );
        return $this->render($viewName, $params, $pageTitle);
    }
--- a/themes/beauty/views/site/pwdauth.php
+++ b/themes/beauty/views/site/pwdauth.php
@ -20,6 +20,16 @@
            <h3>当前页面需密码授权</h3>
            <p class="mt-1">如果你不知道密码，请联系管理员索要。</p>
        </div>
        <?php
        if (!empty($viewData['errorMsg'])) {
            echo <<<eof
        <div class="alert alert-danger">
            <h3>Oops，出错啦！</h3>
            <p class="mt-1">{$viewData['errorMsg']}</p>
        </div>
 eof;
        }
        ?>
        <div class="form-group">
            <input name="password" placeholder="请填写密码" type="password" class="form-control">
        </div>