lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

add log to userlogin()

Browse Source
This commit is contained in:
xiaomlove
2022-08-25 21:45:55 +08:00
parent 0fbd198610
commit c831349dc5
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/AuthenticateController.php
+1 -1
View File
@@ -51,7 +51,7 @@ class AuthenticateController extends Controller
$user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']); $user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']);
if ($user) { if ($user) {
$passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]); $passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]);
logincookie($user->id, $passhash,false,0x7fffffff, true, true, true); logincookie($user->id, $passhash,false, 86400 * 30, true, true, true);
$user->last_login = now(); $user->last_login = now();
$user->save(); $user->save();
} }
include/constants.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.23'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.7.23');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-08-24'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2022-08-25');
defined('IN_TRACKER') || define('IN_TRACKER', false); defined('IN_TRACKER') || define('IN_TRACKER', false);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org"); defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
include/functions.php
+6
View File
@@ -1926,6 +1926,7 @@ function userlogin() {
global $SITE_ONLINE, $oldip; global $SITE_ONLINE, $oldip;
global $enablesqldebug_tweak, $sqldebug_tweak; global $enablesqldebug_tweak, $sqldebug_tweak;
unset($GLOBALS["CURUSER"]); unset($GLOBALS["CURUSER"]);
$log = "cookie: " . json_encode($_COOKIE);
$ip = getip(); $ip = getip();
$nip = ip2long($ip); $nip = ip2long($ip);
@@ -1941,6 +1942,7 @@ function userlogin() {
} }
if (empty($_COOKIE["c_secure_pass"]) || empty($_COOKIE["c_secure_uid"]) || empty($_COOKIE["c_secure_login"])) { if (empty($_COOKIE["c_secure_pass"]) || empty($_COOKIE["c_secure_uid"]) || empty($_COOKIE["c_secure_login"])) {
do_log("$log, param not enough");
return $loginResult = false; return $loginResult = false;
} }
if ($_COOKIE["c_secure_login"] == base64("yeah")) if ($_COOKIE["c_secure_login"] == base64("yeah"))
@@ -1951,6 +1953,7 @@ function userlogin() {
$b_id = base64($_COOKIE["c_secure_uid"],false); $b_id = base64($_COOKIE["c_secure_uid"],false);
$id = intval($b_id ?? 0); $id = intval($b_id ?? 0);
if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) { if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) {
do_log("$log, invalid c_secure_uid");
return $loginResult = false; return $loginResult = false;
} }
@@ -1963,6 +1966,7 @@ function userlogin() {
$res = sql_query("SELECT * FROM users WHERE users.id = ".sqlesc($id)." AND users.enabled='yes' AND users.status = 'confirmed' LIMIT 1"); $res = sql_query("SELECT * FROM users WHERE users.id = ".sqlesc($id)." AND users.enabled='yes' AND users.status = 'confirmed' LIMIT 1");
$row = mysql_fetch_array($res); $row = mysql_fetch_array($res);
if (!$row) { if (!$row) {
do_log("$log, c_secure_uid not exists");
return $loginResult = false; return $loginResult = false;
} }
@@ -1974,12 +1978,14 @@ function userlogin() {
{ {
if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) { if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) {
do_log("$log, secure login == yeah, c_secure_pass invalid");
return $loginResult = false; return $loginResult = false;
} }
} }
else else
{ {
if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) { if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) {
do_log("$log, c_secure_pass invalid");
return $loginResult = false; return $loginResult = false;
} }
} }