Browse Source

password auth check done

master
filesite 3 months ago
parent
commit
5d312824c3
  1. 4
      conf/custom_password.json
  2. 26
      plugins/Common.php
  3. 10
      themes/beauty/controller/SiteController.php
  4. 10
      themes/beauty/views/site/pwdauth.php

4
conf/custom_password.json

@ -1,8 +1,8 @@ @@ -1,8 +1,8 @@
{
"password_auth": {
"enable": true,
"alldirs": "helloWorld",
"nonebutdirs": {
"default": "helloWorld",
"allow": {
"test": "hello",
"邻家小妹": "world"
}

26
plugins/Common.php

@ -655,17 +655,19 @@ Class Common { @@ -655,17 +655,19 @@ Class Common {
}
$allowed = true;
$authDirs = Common::getPwdAuthDirsFromSession();
if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
$authDirs = self::getPwdAuthDirsFromSession();
if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && !in_array('default', $authDirs)) {
//所有目录都需要授权
$allowed = false;
}else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
}else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && !in_array($dir, $authDirs)) {
//只有部分目录需要授权
$allowed = false;
}
return $allowed;
}
//密码授权检查
//密码授权检查,如果密码正确,则增加目录到已授权列表
public static function pwdAuthToDir($dir, $userPassword) {
if( empty(FSC::$app['config']['password_auth']) ) {
return true;
@ -676,15 +678,17 @@ Class Common { @@ -676,15 +678,17 @@ Class Common {
return true;
}
$allowed = true;
$authDirs = Common::getPwdAuthDirsFromSession();
if (!empty($authConfig['alldirs']) && empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs['alldirs'])) {
$allowed = false;
}else if (!empty($authConfig['nonebutdirs'][$dir]) && empty($authDirs[$dir])) {
$allowed = false;
$authed = false;
$authDirs = self::getPwdAuthDirsFromSession();
if (!empty($authConfig['default']) && empty($authConfig['allow'][$dir]) && $userPassword == $authConfig['default']) {
self::savePwdAuthDirToSession($dir);
$authed = true;
}else if (empty($authConfig['default']) && !empty($authConfig['allow'][$dir]) && $authConfig['allow'][$dir] == $userPassword) {
self::savePwdAuthDirToSession($dir);
$authed = true;
}
return $allowed;
return $authed;
}
}

10
themes/beauty/controller/SiteController.php

@ -654,9 +654,16 @@ Class SiteController extends Controller { @@ -654,9 +654,16 @@ Class SiteController extends Controller {
throw new Exception("缺少参数!", 403);
}
$errorMsg = '';
$post = $this->post();
if (!empty($post)) {
$password = $this->post('password', '');
$authed = Common::pwdAuthToDir($checkDir, $password);
if ($authed == false) {
$errorMsg = '密码错误,请仔细检查后重试。';
}else {
return $this->redirect($goBackUrl);
}
}
$pageTitle = '密码授权';
@ -664,7 +671,8 @@ Class SiteController extends Controller { @@ -664,7 +671,8 @@ Class SiteController extends Controller {
$params = compact(
'checkDir',
'goBackUrl',
'password'
'password',
'errorMsg'
);
return $this->render($viewName, $params, $pageTitle);
}

10
themes/beauty/views/site/pwdauth.php

@ -20,6 +20,16 @@ @@ -20,6 +20,16 @@
<h3>当前页面需密码授权</h3>
<p class="mt-1">如果你不知道密码,请联系管理员索要。</p>
</div>
<?php
if (!empty($viewData['errorMsg'])) {
echo <<<eof
<div class="alert alert-danger">
<h3>Oops,出错啦!</h3>
<p class="mt-1">{$viewData['errorMsg']}</p>
</div>
eof;
}
?>
<div class="form-group">
<input name="password" placeholder="请填写密码" type="password" class="form-control">
</div>

Loading…
Cancel
Save