From 75504cd509e452a51f8dde9d8b40cb7f42d53f72 Mon Sep 17 00:00:00 2001 From: filesite Date: Mon, 7 Oct 2024 15:29:24 +0800 Subject: [PATCH] add password fail time check --- conf/app.php | 4 +-- plugins/Common.php | 2 ++ themes/beauty/controller/SiteController.php | 39 +++++++++++++++++---- themes/beauty/views/site/pwdauth.php | 6 ++-- 4 files changed, 40 insertions(+), 11 deletions(-) diff --git a/conf/app.php b/conf/app.php index 41eff6e..24fc63b 100644 --- a/conf/app.php +++ b/conf/app.php @@ -3,8 +3,8 @@ * Config */ $configs = array( - 'version' => '0.3.4', - 'releaseDate' => '2024-10-05', + 'version' => '0.3.5', + 'releaseDate' => '2024-10-07', 'showVersion' => false, //默认不显示版本号和发布日期 'default_timezone' => 'Asia/Hong_Kong', //timezone, check more: https://www.php.net/manual/en/timezones.asia.php diff --git a/plugins/Common.php b/plugins/Common.php index 82f2b32..7d230c3 100644 --- a/plugins/Common.php +++ b/plugins/Common.php @@ -4,6 +4,8 @@ */ Class Common { public static function cleanSpecialChars($str) { + if (empty($str)) {return $str;} + $findChars = array( '"', "'", diff --git a/themes/beauty/controller/SiteController.php b/themes/beauty/controller/SiteController.php index c4cce41..da32ef9 100644 --- a/themes/beauty/controller/SiteController.php +++ b/themes/beauty/controller/SiteController.php @@ -126,7 +126,7 @@ Class SiteController extends Controller { //提示信息支持 $alertWarning = $this->get('err', ''); - + $alertWarning = Common::cleanSpecialChars($alertWarning); //翻页支持 $page = $this->get('page', 1); @@ -882,6 +882,8 @@ Class SiteController extends Controller { //密码授权 public function actionPwdauth() { $checkDir = $this->get('dir', ''); + $checkDir = Common::cleanSpecialChars($checkDir); + $goBackUrl = $this->get('back', ''); $password = ''; @@ -892,12 +894,37 @@ Class SiteController extends Controller { $errorMsg = ''; $post = $this->post(); if (!empty($post)) { - $password = $this->post('password', ''); - $authed = Common::pwdAuthToDir($checkDir, $password); - if ($authed == false) { - $errorMsg = '密码错误,请仔细检查后重试。'; + //增加频率限制 + $user_ip = $this->getUserIp(); + $ipLockKey = $this->getCacheKey($user_ip, $checkDir); + $lockCacheDir = 'lock'; + $expireSeconds = 600; //缓存 10 分钟 + $maxFailNum = 5; //最多失败次数 + $ipTryData = Common::getCacheFromFile($ipLockKey, $expireSeconds, $lockCacheDir); + if (!empty($ipTryData) && $ipTryData['fail'] >= $maxFailNum) { + $authed = false; + $minutes = $expireSeconds/60; + $errorMsg = "密码错误已达 {$maxFailNum} 次,请 {$minutes} 分钟后再试!"; }else { - return $this->redirect($goBackUrl); + $password = $this->post('password', ''); + $authed = Common::pwdAuthToDir($checkDir, $password); + + if ($authed == false) { + if (empty($ipTryData)) { + $ipTryData = array( + 'at' => time(), + 'fail' => 1, + ); + }else { + $ipTryData['fail'] ++; + $ipTryData['at'] = time(); + } + Common::saveCacheToFile($ipLockKey, $ipTryData, $lockCacheDir); + + $errorMsg = "第 {$ipTryData['fail']} 次密码错误,请仔细检查后重试。"; + }else { + return $this->redirect($goBackUrl); + } } } diff --git a/themes/beauty/views/site/pwdauth.php b/themes/beauty/views/site/pwdauth.php index 77dc5f5..ce50742 100644 --- a/themes/beauty/views/site/pwdauth.php +++ b/themes/beauty/views/site/pwdauth.php @@ -17,8 +17,8 @@
-

当前页面需密码授权

-

如果你不知道密码,请联系管理员索要。

+

】需要输入密码才能浏览

+

如果你还不知道密码,请联系管理员。