Browse Source

add password fail time check

master
filesite 2 months ago
parent
commit
75504cd509
  1. 4
      conf/app.php
  2. 2
      plugins/Common.php
  3. 31
      themes/beauty/controller/SiteController.php
  4. 6
      themes/beauty/views/site/pwdauth.php

4
conf/app.php

@ -3,8 +3,8 @@
* Config * Config
*/ */
$configs = array( $configs = array(
'version' => '0.3.4', 'version' => '0.3.5',
'releaseDate' => '2024-10-05', 'releaseDate' => '2024-10-07',
'showVersion' => false, //默认不显示版本号和发布日期 'showVersion' => false, //默认不显示版本号和发布日期
'default_timezone' => 'Asia/Hong_Kong', //timezone, check more: https://www.php.net/manual/en/timezones.asia.php 'default_timezone' => 'Asia/Hong_Kong', //timezone, check more: https://www.php.net/manual/en/timezones.asia.php

2
plugins/Common.php

@ -4,6 +4,8 @@
*/ */
Class Common { Class Common {
public static function cleanSpecialChars($str) { public static function cleanSpecialChars($str) {
if (empty($str)) {return $str;}
$findChars = array( $findChars = array(
'"', '"',
"'", "'",

31
themes/beauty/controller/SiteController.php

@ -126,7 +126,7 @@ Class SiteController extends Controller {
//提示信息支持 //提示信息支持
$alertWarning = $this->get('err', ''); $alertWarning = $this->get('err', '');
$alertWarning = Common::cleanSpecialChars($alertWarning);
//翻页支持 //翻页支持
$page = $this->get('page', 1); $page = $this->get('page', 1);
@ -882,6 +882,8 @@ Class SiteController extends Controller {
//密码授权 //密码授权
public function actionPwdauth() { public function actionPwdauth() {
$checkDir = $this->get('dir', ''); $checkDir = $this->get('dir', '');
$checkDir = Common::cleanSpecialChars($checkDir);
$goBackUrl = $this->get('back', ''); $goBackUrl = $this->get('back', '');
$password = ''; $password = '';
@ -892,14 +894,39 @@ Class SiteController extends Controller {
$errorMsg = ''; $errorMsg = '';
$post = $this->post(); $post = $this->post();
if (!empty($post)) { if (!empty($post)) {
//增加频率限制
$user_ip = $this->getUserIp();
$ipLockKey = $this->getCacheKey($user_ip, $checkDir);
$lockCacheDir = 'lock';
$expireSeconds = 600; //缓存 10 分钟
$maxFailNum = 5; //最多失败次数
$ipTryData = Common::getCacheFromFile($ipLockKey, $expireSeconds, $lockCacheDir);
if (!empty($ipTryData) && $ipTryData['fail'] >= $maxFailNum) {
$authed = false;
$minutes = $expireSeconds/60;
$errorMsg = "密码错误已达 {$maxFailNum} 次,请 {$minutes} 分钟后再试!";
}else {
$password = $this->post('password', ''); $password = $this->post('password', '');
$authed = Common::pwdAuthToDir($checkDir, $password); $authed = Common::pwdAuthToDir($checkDir, $password);
if ($authed == false) { if ($authed == false) {
$errorMsg = '密码错误,请仔细检查后重试。'; if (empty($ipTryData)) {
$ipTryData = array(
'at' => time(),
'fail' => 1,
);
}else {
$ipTryData['fail'] ++;
$ipTryData['at'] = time();
}
Common::saveCacheToFile($ipLockKey, $ipTryData, $lockCacheDir);
$errorMsg = "第 {$ipTryData['fail']} 次密码错误,请仔细检查后重试。";
}else { }else {
return $this->redirect($goBackUrl); return $this->redirect($goBackUrl);
} }
} }
}
$maxScanDeep = 0; $maxScanDeep = 0;

6
themes/beauty/views/site/pwdauth.php

@ -17,8 +17,8 @@
<div class="container"> <div class="container">
<form class="simple-form" action="" method="POST"> <form class="simple-form" action="" method="POST">
<div class="alert alert-warning"> <div class="alert alert-warning">
<h3>当前页面需密码授权</h3> <h3><?php echo $viewData['checkDir']; ?>】需要输入密码才能浏览</h3>
<p class="mt-1">如果你不知道密码,请联系管理员索要</p> <p class="mt-1">如果你不知道密码,请联系管理员。</p>
</div> </div>
<?php <?php
if (!empty($viewData['errorMsg'])) { if (!empty($viewData['errorMsg'])) {
@ -35,7 +35,7 @@ eof;
</div> </div>
<div class=""> <div class="">
<button class="btn btn-primary" type="submit"> <button class="btn btn-primary" type="submit">
继续访问 继续浏览
</button> </button>
</div> </div>
</form> </form>

Loading…
Cancel
Save