lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-05 07:20:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

secure login use ip instead of REMOTE_ADDR

Browse Source
This commit is contained in:
xiaomlove
2022-08-25 22:38:06 +08:00
parent e34a11d70c
commit 414aaf9bf5
3 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Controllers/AuthenticateController.php
View File

@@ -50,9 +50,10 @@ class AuthenticateController extends Controller
if ($deadline && $deadline > now()->toDateTimeString()) {
$user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']);
if ($user) {
$passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]);
do_log(sprintf('passhash: %s, remote_addr: %s, md5: %s', $user->passhash, $_SERVER["REMOTE_ADDR"], $passhash));
logincookie($user->id, $passhash,false, 86400 * 30, true, true, true);
$ip = getip();
$passhash = md5($user->passhash . $ip);
do_log(sprintf('passhash: %s, ip: %s, md5: %s', $user->passhash, $ip, $passhash));
logincookie($user->id, $passhash,false, 0x7fffffff, true, true, true);
$user->last_login = now();
$user->save();
}

4
include/functions.php
View File

@@ -1976,8 +1976,8 @@ function userlogin() {
if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
$md5 = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $md5";
$md5 = md5($row["passhash"].$ip);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, md5: $md5";
if ($_COOKIE["c_secure_pass"] != $md5) {
do_log("$log, c_secure_pass != md5");
return $loginResult = false;

8
public/takelogin.php
View File

@@ -7,7 +7,7 @@ dbconn();
require_once(get_langfile_path("", false, get_langfolder_cookie()));
failedloginscheck ();
cur_user_check () ;
$ip = getip();
function bark($text = "")
{
global $lang_takelogin;
@@ -33,7 +33,7 @@ if (!empty($row['two_step_secret'])) {
failedlogins($lang_takelogin['std_invalid_two_step_code']);
}
}
$log = "user: " . $row['id'];
$log = "user: {$row['id']}, ip: $ip";
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
login_failedlogins();
@@ -43,8 +43,8 @@ if ($row["enabled"] == "no")
if (isset($_POST["securelogin"]) && $_POST["securelogin"] == "yes")
{
$securelogin_indentity_cookie = true;
$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $passh";
$passh = md5($row["passhash"].$ip);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, md5: $passh";
}
else
{