lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-21 18:37:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

more signin log

Browse Source
This commit is contained in:
xiaomlove
2022-08-25 22:07:57 +08:00
parent c831349dc5
commit e34a11d70c
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/AuthenticateController.php
+1
View File
@@ -51,6 +51,7 @@ class AuthenticateController extends Controller
$user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']);
if ($user) {
$passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]);
do_log(sprintf('passhash: %s, remote_addr: %s, md5: %s', $user->passhash, $_SERVER["REMOTE_ADDR"], $passhash));
logincookie($user->id, $passhash,false, 86400 * 30, true, true, true);
$user->last_login = now();
$user->save();
include/functions.php
+8 -5
View File
@@ -1976,16 +1976,19 @@ function userlogin() {
if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) {
do_log("$log, secure login == yeah, c_secure_pass invalid");
$md5 = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $md5";
if ($_COOKIE["c_secure_pass"] != $md5) {
do_log("$log, c_secure_pass != md5");
return $loginResult = false;
}
}
else
{
if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) {
do_log("$log, c_secure_pass invalid");
$md5 = md5($row["passhash"]);
$log .= "$log, passhash: {$row['passhash']}, md5: $md5";
if ($_COOKIE["c_secure_pass"] !== $md5) {
do_log("$log, c_secure_pass != md5");
return $loginResult = false;
}
}
public/takelogin.php
+6 -1
View File
@@ -33,7 +33,7 @@ if (!empty($row['two_step_secret'])) {
failedlogins($lang_takelogin['std_invalid_two_step_code']);
}
}
$log = "user: " . $row['id'];
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
login_failedlogins();
@@ -44,11 +44,13 @@ if (isset($_POST["securelogin"]) && $_POST["securelogin"] == "yes")
{
$securelogin_indentity_cookie = true;
$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, remote_addr: {$_SERVER["REMOTE_ADDR"]}, md5: $passh";
}
else
{
$securelogin_indentity_cookie = false;
$passh = md5($row["passhash"]);
$log .= ", passhash: {$row['passhash']}, md5: $passh";
}
if ($securelogin=='yes' || (isset($_POST["ssl"]) && $_POST["ssl"] == "yes"))
@@ -69,6 +71,9 @@ else
{
$trackerssl = false;
}
do_log($log);
if (isset($_POST["logout"]) && $_POST["logout"] == "yes")
{
logincookie($row["id"], $passh,1,900,$securelogin_indentity_cookie, $ssl, $trackerssl);