这是一个创建于 2125 天前的主题,其中的信息可能已经有所发展或是发生改变。
网上找了一个网站的源码,建好以后首页没问题就是后台进不去,输入账号密码后提示登录成功,但是点击确定后又回到了登录界面,有人说是 PHP 版本的问题,它支持 5.2-5.5,我都挨个试过了,还是不行。是 login.php 的问题吗?代码我也贴上来,大佬给看看。我看到里面有验证码的代码,我在登录的时候没有看到验证码。
============================================
<?php
/**
* 登录
**/
$verifycode = 0;//验证码开关
if(!function_exists("imagecreate") || !file_exists('code.php'))$verifycode=0;
include '../ayangw/common.php';
if(isset($_POST['user']) && isset($_POST['pass'])){
$user=daddslashes($_POST['user']);
$pass=daddslashes($_POST['pass']);
$code=daddslashes($_POST['code']);
$pass = md5($pass.$password_hash);
if ($verifycode==1 && (!$code || strtolower($code) != $_SESSION['vc_code'])) {
unset($_SESSION['vc_code']);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('验证码错误!');history.go(-1);</script>");
}elseif($user == $conf['admin'] && $pass== $conf['pwd']) {
unset($_SESSION['vc_code']);
$session=md5($user.$pass.$password_hash);
$token=authcode("{$user}\t{$session}", 'ENCODE', SYS_KEY);
setcookie("admin_token", $token, time() + 604800);
wsyslog("登陆后台成功!","登陆 IP:".real_ip().",城市:".get_ip_city(real_ip()));
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('登陆管理中心成功!');window.location.href='./';</script>");
}else {
unset($_SESSION['vc_code']);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('用户名或密码不正确!');history.go(-1);</script>");
}
}elseif(isset($_GET['logout'])){
setcookie("admin_token", "", time() - 604800);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('您已成功注销本次登陆!');window.location.href='./login.php';</script>");
}elseif($islogin==5){
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('您已登陆!');window.location.href='./';</script>");
}
$title='用户登录';
?>
<?php
@header('Content-Type: text/html; charset=UTF-8');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title><?php echo $title ?></title>
<link href="//lib.baomitu.com/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet"/>
<link href="//lib.ayangw.com/nifty/nifty.min.css" rel="stylesheet">
<script src="//lib.baomitu.com/jquery/1.12.4/jquery.min.js"></script>
<script src="//lib.baomitu.com/twitter-bootstrap/3.3.7/js/bootstrap.min.js"></script>
<!--[if lt IE 9]>
<script src="//lib.baomitu.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="//lib.baomitu.com/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<div style="padding-top:70px;">
<div class="col-xs-12 col-sm-10 col-md-8 col-lg-6 center-block" style="float: none;">
<div class="panel panel-primary">
<div><h3>管理员登陆</h3></div>
<div>
<form action="./login.php" method="post" role="form">
<div>
<span><span class="glyphicon glyphicon-user"></span></span>
<input type="text" name="user" value="<?php echo @$_POST['user'];?>" placeholder="用户名" required="required"/>
</div><br/>
<div>
<span><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" placeholder="密码" required="required"/>
</div><br/>
<?php if($verifycode==1){?>
<div>
<span><span class="glyphicon glyphicon-adjust"></span></span>
<input type="text" class="form-control input-lg" name="code" placeholder="输入验证码" autocomplete="off" required>
<span style="padding: 0">
<img src="./code.php?r=<?php echo time();?>"height="35"onclick="this.src='./code.php?r='+Math.random();" title="点击更换验证码">
</span>
</div><br/>
<?php }?>
<div>
<div><input type="submit" value="登陆" class="btn btn-primary form-control"/></div>
</div>
</form>
</div>
</div>
</div>
</div>
============================================
<?php
/**
* 登录
**/
$verifycode = 0;//验证码开关
if(!function_exists("imagecreate") || !file_exists('code.php'))$verifycode=0;
include '../ayangw/common.php';
if(isset($_POST['user']) && isset($_POST['pass'])){
$user=daddslashes($_POST['user']);
$pass=daddslashes($_POST['pass']);
$code=daddslashes($_POST['code']);
$pass = md5($pass.$password_hash);
if ($verifycode==1 && (!$code || strtolower($code) != $_SESSION['vc_code'])) {
unset($_SESSION['vc_code']);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('验证码错误!');history.go(-1);</script>");
}elseif($user == $conf['admin'] && $pass== $conf['pwd']) {
unset($_SESSION['vc_code']);
$session=md5($user.$pass.$password_hash);
$token=authcode("{$user}\t{$session}", 'ENCODE', SYS_KEY);
setcookie("admin_token", $token, time() + 604800);
wsyslog("登陆后台成功!","登陆 IP:".real_ip().",城市:".get_ip_city(real_ip()));
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('登陆管理中心成功!');window.location.href='./';</script>");
}else {
unset($_SESSION['vc_code']);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('用户名或密码不正确!');history.go(-1);</script>");
}
}elseif(isset($_GET['logout'])){
setcookie("admin_token", "", time() - 604800);
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('您已成功注销本次登陆!');window.location.href='./login.php';</script>");
}elseif($islogin==5){
@header('Content-Type: text/html; charset=UTF-8');
exit("<script language='javascript'>alert('您已登陆!');window.location.href='./';</script>");
}
$title='用户登录';
?>
<?php
@header('Content-Type: text/html; charset=UTF-8');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title><?php echo $title ?></title>
<link href="//lib.baomitu.com/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet"/>
<link href="//lib.ayangw.com/nifty/nifty.min.css" rel="stylesheet">
<script src="//lib.baomitu.com/jquery/1.12.4/jquery.min.js"></script>
<script src="//lib.baomitu.com/twitter-bootstrap/3.3.7/js/bootstrap.min.js"></script>
<!--[if lt IE 9]>
<script src="//lib.baomitu.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="//lib.baomitu.com/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<div style="padding-top:70px;">
<div class="col-xs-12 col-sm-10 col-md-8 col-lg-6 center-block" style="float: none;">
<div class="panel panel-primary">
<div><h3>管理员登陆</h3></div>
<div>
<form action="./login.php" method="post" role="form">
<div>
<span><span class="glyphicon glyphicon-user"></span></span>
<input type="text" name="user" value="<?php echo @$_POST['user'];?>" placeholder="用户名" required="required"/>
</div><br/>
<div>
<span><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" placeholder="密码" required="required"/>
</div><br/>
<?php if($verifycode==1){?>
<div>
<span><span class="glyphicon glyphicon-adjust"></span></span>
<input type="text" class="form-control input-lg" name="code" placeholder="输入验证码" autocomplete="off" required>
<span style="padding: 0">
<img src="./code.php?r=<?php echo time();?>"height="35"onclick="this.src='./code.php?r='+Math.random();" title="点击更换验证码">
</span>
</div><br/>
<?php }?>
<div>
<div><input type="submit" value="登陆" class="btn btn-primary form-control"/></div>
</div>
</form>
</div>
</div>
</div>
</div>
 |
1
akcode 2019-01-13 23:04:26 +08:00
这个代码没开验证码但功能,看定不用填验证码了。
这是登录页面,看不出什么问题。要看权限相关的。 |
 |
2
llrg222 2019-01-13 23:44:01 +08:00
那你就把 alert('登陆管理中心成功!'); 删掉看看效果呗
是 alert 弹出确定取消的对话框 不弹出确定消息框,能不能顺利跳转 wsyslog("登陆后台成功!","登陆 IP:".real_ip().",城市:".get_ip_city(real_ip())); 登录成功后,输出了一段 js exit("<script language='javascript'>alert('登陆管理中心成功!');window.location.href='./';</script>"); |
 |
3
NBOne 2019-01-14 04:31:09 +08:00 via Android
先 F12 分别输入正确的密码和错误的密码,看看显示一样不,再对比 http 数据包,返回对不。如果都正确设定的值,那就代码写得有问题
|
 |
4
bhy5899s OP 谢谢各位大佬帮忙,原来是主机的问题,我刚才随便找了一个免费主机装了以后进去了,但阿里云的却不行
|
Select Language