通过清心醉

dedecms-PHP5.3+版本后台登录空白解决方法

首先我们看看请求的URL:

/admin/login.php

在$admindirs = explode(‘/’,str_replace(“\\”,’/’,dirname(__FILE__)));之前,打印下POST参数:

array(7) { [“gotopage”]=> string(0) “” [“dopost”]=> string(5) “login” [“adminstyle”]=> string(10) “newdedecms” [“userid”]=> string(5) “admin” [“pwd”]=> string(5) “admin” [“validate”]=> string(4) “DTCT” [“sm1”]=> string(6) “登录” }

接下来就有判断if($dopost==’login’),执行的是登录方法

$cuserLogin = new userLogin($admindir);

在这里进行了实例化userLogin,并且带个管理的目录参数

真郁闷,居然直接是构造方法来实现:

var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;

 

function __construct($admindir=”)
{
global $admin_path;
if(isset($_SESSION[$this->keepUserIDTag]))
{
$this->userID = $_SESSION[$this->keepUserIDTag];
$this->userType = $_SESSION[$this->keepUserTypeTag];
$this->userChannel = $_SESSION[$this->keepUserChannelTag];
$this->userName = $_SESSION[$this->keepUserNameTag];
$this->userPurview = $_SESSION[$this->keepUserPurviewTag];
$this->adminStyle = $_SESSION[$this->keepAdminStyleTag];
}

if($admindir!=”)
{
$this->adminDir = $admindir;
}
else
{
$this->adminDir = $admin_path;
}
}

 

我们在来看看数据成员:

 

var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;

好吧,PHP5.3以前的语句真心难懂

写入了参数之后

$res = $cuserLogin->checkUser($userid,$pwd);

在这里有点好奇$userid,$pwd的参数原型,应该是/group/global.inc.php里定义的全局变量,没有去详细查看核心。

 

看看原型:

function checkUser($username,$userpwd)
{
global $dsql;

//只允许用户名和密码用0-9,a-z,A-Z,’@’,’_’,’.’,’-‘这些字符
$this->userName = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$username);
$this->userPwd = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$userpwd);
$pwd = substr(md5($this->userPwd),5,20);
$dsql->SetQuery(“Select admin.*,atype.purviews From `#@__admin` admin left join `#@__admintype` atype on atype.rank=admin.usertype where admin.userid like ‘”.$this->userName.”‘ limit 0,1″);
$dsql->Execute();
$row = $dsql->GetObject();
if(!isset($row->pwd))
{
return -1;
}
else if($pwd!=$row->pwd)
{
return -2;
}
else
{
$loginip = GetIP();
$this->userID = $row->id;
$this->userType = $row->usertype;
$this->userChannel = $row->typeid;
$this->userName = $row->uname;
$this->userPurview = $row->purviews;
$inquery = “update `#@__admin` set loginip=’$loginip’,logintime='”.time().”‘ where id='”.$row->id.”‘”;
$dsql->ExecuteNoneQuery($inquery);
$sql = “update #@__member set logintime=”.time().”, loginip=’$loginip’ where mid=”.$row->id;
$dsql->ExecuteNoneQuery($sql);
return 1;
}
}

通过正则方法判断帐号密码,然后执行SQL判断和更新登录信息

如果返回1

$cuserLogin->keepUser();

function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) $adminstyle = ‘dedecms’;

@session_register($this->keepUserIDTag);
$_SESSION[$this->keepUserIDTag] = $this->userID;

@session_register($this->keepUserTypeTag);
$_SESSION[$this->keepUserTypeTag] = $this->userType;

@session_register($this->keepUserChannelTag);
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;

@session_register($this->keepUserNameTag);
$_SESSION[$this->keepUserNameTag] = $this->userName;

@session_register($this->keepUserPurviewTag);
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

@session_register($this->keepAdminStyleTag);
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;

PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);

$this->ReWriteAdminChannel();

return 1;
}
else
{
return -1;
}
}

好吧,结果很清晰了,使用了废弃的函数,PHP5.3+应该使用$_SESSION的方法,修改下:

修改下该函数体:

function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) {
$adminstyle = ‘dedecms’;
}
$_SESSION[$this->keepUserIDTag] = $this->keepUserIDTag;
$_SESSION[$this->keepUserIDTag] = $this->userID;
$_SESSION[$this->keepUserTypeTag] = $this->keepUserTypeTag;
$_SESSION[$this->keepUserTypeTag] = $this->userType;
$_SESSION[$this->keepUserChannelTag] = $this->keepUserChannelTag;
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;
$_SESSION[$this->keepUserNameTag] = $this->keepUserNameTag;
$_SESSION[$this->keepUserNameTag] = $this->userName;
$_SESSION[$this->keepUserPurviewTag] = $this->keepUserPurviewTag;
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
$_SESSION[$this->keepAdminStyleTag] = $this->keepAdminStyleTag;
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;
PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);
$this->ReWriteAdminChannel();
return 1;

}
else
{
return -1;
}
}

 

成功解决!

关于作者

清心醉 administrator

发表评论

请输入验证码: