首先我们看看请求的URL:
/admin/login.php
在$admindirs = explode(‘/’,str_replace(“\\”,’/’,dirname(__FILE__)));之前,打印下POST参数:
array(7) { [“gotopage”]=> string(0) “” [“dopost”]=> string(5) “login” [“adminstyle”]=> string(10) “newdedecms” [“userid”]=> string(5) “admin” [“pwd”]=> string(5) “admin” [“validate”]=> string(4) “DTCT” [“sm1”]=> string(6) “登录” }
接下来就有判断if($dopost==’login’),执行的是登录方法
$cuserLogin = new userLogin($admindir);
在这里进行了实例化userLogin,并且带个管理的目录参数
真郁闷,居然直接是构造方法来实现:
var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;
function __construct($admindir=”)
{
global $admin_path;
if(isset($_SESSION[$this->keepUserIDTag]))
{
$this->userID = $_SESSION[$this->keepUserIDTag];
$this->userType = $_SESSION[$this->keepUserTypeTag];
$this->userChannel = $_SESSION[$this->keepUserChannelTag];
$this->userName = $_SESSION[$this->keepUserNameTag];
$this->userPurview = $_SESSION[$this->keepUserPurviewTag];
$this->adminStyle = $_SESSION[$this->keepAdminStyleTag];
}
if($admindir!=”)
{
$this->adminDir = $admindir;
}
else
{
$this->adminDir = $admin_path;
}
}
我们在来看看数据成员:
var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;
好吧,PHP5.3以前的语句真心难懂
写入了参数之后
$res = $cuserLogin->checkUser($userid,$pwd);
在这里有点好奇$userid,$pwd的参数原型,应该是/group/global.inc.php里定义的全局变量,没有去详细查看核心。
看看原型:
function checkUser($username,$userpwd)
{
global $dsql;
//只允许用户名和密码用0-9,a-z,A-Z,’@’,’_’,’.’,’-‘这些字符
$this->userName = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$username);
$this->userPwd = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$userpwd);
$pwd = substr(md5($this->userPwd),5,20);
$dsql->SetQuery(“Select admin.*,atype.purviews From `#@__admin` admin left join `#@__admintype` atype on atype.rank=admin.usertype where admin.userid like ‘”.$this->userName.”‘ limit 0,1″);
$dsql->Execute();
$row = $dsql->GetObject();
if(!isset($row->pwd))
{
return -1;
}
else if($pwd!=$row->pwd)
{
return -2;
}
else
{
$loginip = GetIP();
$this->userID = $row->id;
$this->userType = $row->usertype;
$this->userChannel = $row->typeid;
$this->userName = $row->uname;
$this->userPurview = $row->purviews;
$inquery = “update `#@__admin` set loginip=’$loginip’,logintime='”.time().”‘ where id='”.$row->id.”‘”;
$dsql->ExecuteNoneQuery($inquery);
$sql = “update #@__member set logintime=”.time().”, loginip=’$loginip’ where mid=”.$row->id;
$dsql->ExecuteNoneQuery($sql);
return 1;
}
}
通过正则方法判断帐号密码,然后执行SQL判断和更新登录信息
如果返回1
$cuserLogin->keepUser();
function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) $adminstyle = ‘dedecms’;
@session_register($this->keepUserIDTag);
$_SESSION[$this->keepUserIDTag] = $this->userID;
@session_register($this->keepUserTypeTag);
$_SESSION[$this->keepUserTypeTag] = $this->userType;
@session_register($this->keepUserChannelTag);
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;
@session_register($this->keepUserNameTag);
$_SESSION[$this->keepUserNameTag] = $this->userName;
@session_register($this->keepUserPurviewTag);
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
@session_register($this->keepAdminStyleTag);
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;
PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);
$this->ReWriteAdminChannel();
return 1;
}
else
{
return -1;
}
}
好吧,结果很清晰了,使用了废弃的函数,PHP5.3+应该使用$_SESSION的方法,修改下:
修改下该函数体:
function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) {
$adminstyle = ‘dedecms’;
}
$_SESSION[$this->keepUserIDTag] = $this->keepUserIDTag;
$_SESSION[$this->keepUserIDTag] = $this->userID;
$_SESSION[$this->keepUserTypeTag] = $this->keepUserTypeTag;
$_SESSION[$this->keepUserTypeTag] = $this->userType;
$_SESSION[$this->keepUserChannelTag] = $this->keepUserChannelTag;
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;
$_SESSION[$this->keepUserNameTag] = $this->keepUserNameTag;
$_SESSION[$this->keepUserNameTag] = $this->userName;
$_SESSION[$this->keepUserPurviewTag] = $this->keepUserPurviewTag;
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
$_SESSION[$this->keepAdminStyleTag] = $this->keepAdminStyleTag;
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;
PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);
$this->ReWriteAdminChannel();
return 1;
}
else
{
return -1;
}
}
成功解决!
