问题描述
在网上下载了个thinkphp5.3的源码学习,因为没有安装文件,只能通过数据库导入的方式安装,数据库导入和配置好数据库连接文件后,在phpmydmin里面的admin表里找到
admin:admin
password:12eefdf664f0e07e65a2c35e01e98d29
我把password解密后得到明文密码:o8889t
在登录源码后台的时候一直提示密码或者账号错误,然后我把admin表里面的password改成e10adc3949ba59abbe56e057f20f883e 明文是:123456
再次登录还是发现提示账号或者密码错误,我想知道这个后台的密码是什么加密方式。或者要怎么样后台才能登录成功。列出了三个文件,请大佬赐教,感激不尽。
后台登录AdminController.class.php代码如下:
----------------------------------------------------------------------------------
<?php
namespace AdminController;
use ThinkController;
class IndexController extends Controller
{
public function index()
{
layout(false);
$this->display();
}
//登录
public function loginin()
{
layout(false);
if(I('post.adminuser') and I('post.adminpwd'))
{
$adminuser=I('post.adminuser');
$adminpwd=I('post.adminpwd');
//记住账号
$remember=I('post.remember');
if(!empty($remember))
{
cookie('remember',$remember,3600*24*30);
cookie('loginname',$adminuser,3600*24*30);
cookie('loginpwd',$adminpwd,3600*24*30);
}else {
cookie('remember',null);
cookie('loginname',null);
cookie('loginpwd',null);
}
$auth=I('post.auth');
$verify = new ThinkVerify();
$res=$verify->check($auth, '');
if($res==false)
{
$this->assign('error','验证码不正确!');
$this->display('index');
exit();
}
$admin=new AdminModelAdminModel();
$res=$admin->where("adminname='$adminuser'")->find();
if($res)
{
$status=$res['status'];
if($status==0)
{
$this->assign('error','该管理员已被禁用!');
$this->display('index');
exit();
}else {
$password=$res['password'];
//MD5加密
$pwd=$admin->encrypt($adminpwd);
if($password!=$pwd)
{
$this->assign('error','用户名或密码错误!');
$this->display('index');
exit();
}else {
//判断管理员组是否被禁用
$group_id=$res['group_id'];
$AdminGroup=new AdminModelAdminGroupModel();
$res_g=$AdminGroup->where("id=$group_id")->field('status')->find();
if($res_g['status']=='1')
{
//更新登录状态
$ip=getIP();
$login_num=$res['login_num']+1;
$data=array(
'last_login_time'=>date('Y-m-d H:i:s'),
'last_login_ip'=>$ip,
'login_num'=>$login_num
);
$res2=$admin->where("adminname='$adminuser'")->save($data);
if($res2)
{
//保存用户SESSION
$_SESSION['admin_id']=$res['uid'];
$_SESSION['a_group_id']=$res['group_id'];
//跳转页面
$this->redirect('System/index');
}else {
$this->assign('error','登录失败!');
$this->display('index');
}
}else {
$this->assign('error','您所在的管理员组已被禁用!');
$this->display('index');
exit();
}
}
}
}else {
$this->assign('error','该管理员不存在!');
$this->display('index');
}
}else {
$this->assign('error','账号、密码不能为空!');
$this->display('index');
}
}
//退出登录
public function loginout()
{
$_SESSION['admin_id']=null;
$_SESSION['a_group_id']=null;
//跳转页面
$this->redirect('Index/index');
}
//生成验证码
public function verify()
{
ob_end_clean();
$config =array(
'expire' => 1800, // 验证码过期时间(s)
'useImgBg' => false, // 使用背景图片
'fontSize' => 10, // 验证码字体大小(px)
'useCurve' => false, // 是否画混淆曲线
'useNoise' => false, // 是否添加杂点
'imageH' => 30, // 验证码图片高度
'imageW' => 80, // 验证码图片宽度
'length' => 4, // 验证码位数
'fontttf' => '5.ttf', // 验证码字体,不设置随机获取
'bg' => array(243, 251, 254), // 背景颜色
);
$verify=new ThinkVerify($config);
/**
* 输出验证码并把验证码的值保存的session中
* 验证码保存到session的格式为: array('verify_code' => '验证码值', 'verify_time' => '验证码创建时间');
* */
$verify->entry();
}
}
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
第二个文件AdminController.class.php代码如下:
----------------------------------------------------------------------------------
<?php
/**
* 管理员管理
*/
namespace AdminController;
use AdminCommonControllerAuthController;
class AdminController extends AuthController
{
public function index()
{
if(I('get.search'))
{
$search=I('get.search');
$where="adminname='$search' or email='$search' or phone='$search'";
}
if(I('get.group_id'))
{
$group_id=I('get.group_id');
$where="group_id='$group_id'";
}
if(I('get.group_name'))
{
$group_name=I('get.group_name');
$res_ag=D('AdminGroup')->where("title='$group_name'")->field('id')->find();
$group_id=$res_ag['id'];
$where="group_id='$group_id'";
}
if(I('get.search')=='' and I('get.group_id')=='' and I('get.group_name')=='')
{
$where='1';
}
$Admin=new AdminModelAdminModel();
$count=$Admin->where($where)->count();
$per = 15;
if($_GET['p'])
{
$p=$_GET['p'];
}else {
$p=1;
}
$Page= new ThinkPage($count,$per);// 实例化分页类 传入总记录数和每页显示的记录数(25)
$Page->rollPage=10; // 分页栏每页显示的页数
$Page -> setConfig('header','共%TOTAL_ROW%条');
$Page -> setConfig('first','首页');
$Page -> setConfig('last','共%TOTAL_PAGE%页');
$Page -> setConfig('prev','上一页');
$Page -> setConfig('next','下一页');
$Page -> setConfig('link','indexpagenumb');//pagenumb 会替换成页码
$Page -> setConfig('theme','%FIRST% %UP_PAGE% %LINK_PAGE% %DOWN_PAGE% %END% 第 '.I('p',1).' 页/共 %TOTAL_PAGE% 页 (<font color="red">'.$per.'</font> 条/页 共 %TOTAL_ROW% 条)');
$show= $Page->show();// 分页显示输出
$adminlist = $Admin->where($where)->page($p.','.$per)->select();
$this->assign('alist',$adminlist);// 赋值数据集
$this->assign('page',$show);
$this->display();
}
//新增管理员
public function add()
{
//获取管理员组列表
$group=new AdminModelAdminGroupModel();
$grouplist=$group->getGroupList2();
$this->assign('glist',$grouplist);
if(I('post.'))
{
if(I('post.adminname'))
{
$adminname=I('post.adminname');
$Admin=new AdminModelAdminModel();
$res=$Admin->where("adminname='$adminname'")->find();
if($res)
{
$str='X该用户名已存在';
echo $str;
exit();
}else {
$str='';
$a='a';
}
}
if(I('post.password') and I('post.password2'))
{
$password=I('post.password');
$password2=I('post.password2');
if (strlen($password2)<=5)
{
$str='X密码不少于6位';
echo $str;
exit();
}else {
if($password!=$password2)
{
$str='X两次密码不相同';
echo $str;
exit();
}else {
$str='';
$a.='a';
}
}
}
if(I('post.email'))
{
$email=I('post.email');
if(is_email($email))
{
$str='';
}else {
$str='X邮箱格式不正确';
echo $str;
exit();
}
}
if(I('post.phone'))
{
$phone=I('post.phone');
if(is_phone($phone))
{
$str='';
}else {
$str='X手机号码格式不正确';
echo $str;
exit();
}
}
if($a=='aa')
{
$adminname=I('post.adminname');
$password2=I('post.password2');
//MD5加密
$pwd=$Admin->encrypt($password2);
$email=I('post.email');
$phone=I('post.phone');
$group_id=I('post.group_id');
$status=I('post.status');
$register_time=date('Y-m-d H:i:s');
//php获取ip的算法
$ip = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$ip = ($ip) ? $ip : $_SERVER["REMOTE_ADDR"];
$data=array(
'adminname'=>$adminname,
'password'=>$pwd,
'email'=>$email,
'phone'=>$phone,
'province'=>trim(I('post.province')),
'city'=>trim(I('post.city')),
'group_id'=>$group_id,
'status'=>$status,
'register_time'=>$register_time,
'register_ip'=>$ip,
'last_login_time'=>date('Y-m-d H:i:s')
);
$res=$Admin->add($data);
if($res)
{
echo '1';
}else {
echo '0';
}
}
}else {
$this->display();
}
}
//编辑管理员
public function edit($uid)
{
//获取管理员信息
$Admin=new AdminModelAdminModel();
$aMsg=$Admin->getAdminMsg($uid);
$this->assign('msg',$aMsg);
//获取管理员组列表
$group=D('admin_group');
$grouplist=$group->getGroupList2();
$this->assign('glist',$grouplist);
if(IS_POST)
{
//var_dump(I('post.'));exit;
if(I('post.adminname'))
{
$adminname=I('post.adminname');
$res=$Admin->where("adminname='$adminname' and uid!='$uid'")->find();
if($res)
{
$error='X该用户名已存在';
$this->assign('error',$error);
$this->display();
exit();
}
}
$email=I('post.email');
if($email)
{
if(is_email($email)!==true)
{
$error1='X邮箱格式不正确';
$this->assign('error1',$error1);
$this->display();
exit();
}
}
$phone=I('post.phone');
if($phone)
{
if(is_phone($phone)!==true)
{
$error2='X手机号码格式不正确';
$this->assign('error2',$error2);
$this->display();
exit();
}
}
$group_id=I('post.group_id');
$login_num=I('post.login_num');
$status=I('post.status');
$data=array(
'adminname'=>$adminname,
'email'=>$email,
'phone'=>$phone,
'province'=>trim(I('post.province')),
'city'=>trim(I('post.city')),
'group_id'=>$group_id,
'login_num'=>$login_num,
'status'=>$status,
);
if(I('post.password'))
{
$password=I('post.password');
//MD5加密
$pwd=$Admin->encrypt($password);
$data['password']=$pwd;
}
$res=$Admin->where("uid=$uid")->save($data);
if($res!==false)
{
layout(false);
$this->success('编辑管理员成功!',U('index'),3);
}else {
layout(false);
$this->error('操作失败!');
}
}else {
$this->display();
}
}
//修改管理员禁用状态
public function changestatus($id,$status)
{
$data=array(
'status'=>$status
);
$Admin=new AdminModelAdminModel();
$res=$Admin->where("uid=$id")->save($data);
if($res===false)
{
echo '0';
}else {
echo '1';
}
}
//删除管理员
public function del($id)
{
$Admin=new AdminModelAdminModel();
$res=$Admin->where("uid=$id")->delete();
if($res===false)
{
echo '0';
}else {
echo '1';
}
}
//修改密码
public function changepwd()
{
if($_SESSION['admin_id']!='')
{
$admin_id=$_SESSION['admin_id'];
if(I('post.'))
{
$oldpwd=I('post.oldpwd');
if($oldpwd=='')
{
$this->assign('error1','原密码不能为空!');
$this->display();
exit();
}
$pwd1=I('post.pwd1');
$pwd2=I('post.pwd2');
if($pwd1=='')
{
$this->assign('error2','新密码不能为空!');
$this->display();
exit();
}
if($pwd2=='')
{
$this->assign('error3','重复密码不能为空!');
$this->display();
exit();
}
if($pwd1==$pwd2)
{
if(strlen($pwd2)>5)
{
//验证原密码是否正确
$Admin=new AdminModelAdminModel();
$res=$Admin->checkPwd($admin_id,$oldpwd);
if($res)
{
//修改密码
$newpwd=$Admin->encrypt($pwd2);
$data=array(
'password'=>$newpwd
);
$res2=$Admin->where("uid=$admin_id")->save($data);
layout(false);
if($res2===false)
{
$this->error('修改密码失败!');
}else {
$this->success('编辑密码成功!');
}
}else {
$this->assign('error1','原密码错误!');
$this->display();
exit();
}
}else {
$this->assign('error3','新密码长度不少于5位!');
$this->display();
exit();
}
}else {
$this->assign('error3','两次密码不相同!');
$this->display();
exit();
}
}else {
$this->display();
}
}else {
$this->redirect('Index/index');
}
}
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------
第三个文件如下:
<?php
namespace AdminCommonController;
use ThinkController;
use ThinkAuth;
//权限认证
class AuthController extends Controller {
protected function _initialize(){
//session不存在时,不允许直接访问
if(!$_SESSION['admin_id'])
{
layout(false);
$this->error('还没有登录,正在跳转到登录页',U('Index/index'));
}
//session存在时,不需要验证的权限
$not_check = array(
'Admin/changepwd','System/index','System/index_show','System/cleancache','System/clearrubbish',//修改密码、系统首页、
'ArticleCat/deloldimg','Article/deloldimg','Article/deloldbigimg','Article/deloldfile',//删除文章分类原图片、删除文章原图片、删除文章原大图片、删除文章原文件
'GoodsCat/deloldimg',//删除商品分类原图片
);
//当前操作的请求 模块名/方法名
if(in_array(CONTROLLER_NAME.'/'.ACTION_NAME, $not_check))
{
return true;
}
$auth = new Auth();
if(!$auth->check(CONTROLLER_NAME.'/'.ACTION_NAME,$_SESSION['admin_id']) and $_SESSION['a_group_id']!='1')
{
layout(false);
echo '没有权限!';die();
$this->error('没有权限');
}
}
}
问题解答
回答1:已经解决,谢谢