1. 添加管理员密码修改功能 2. 优化完善代码，修复部分bug

shinn-lancelot · Sep 10, 2018 · 409efcf · 409efcf
1 parent 4eba759
commit 409efcf
Show file tree

Hide file tree

Showing 11 changed files with 113 additions and 41 deletions.
diff --git a/common/addSafeDomainName.php b/common/addSafeDomainName.php
@@ -13,7 +13,7 @@
         exit();
     }
 
-    $domainName = strip_tags(trim($_POST['domain_name']));
+    $domainName = isset($_POST['domain_name']) ? strip_tags(trim($_POST['domain_name'])) : '';
 
     if (empty($domainName)) {
         echo json_encode($res);
@@ -38,7 +38,7 @@
 
     if (!$hasDomainName) {
         array_unshift($domainNameArr, $domainName);
-        file_put_contents('./domainName.json', json_encode($domainNameArr));
+        file_put_contents($file, json_encode($domainNameArr));
     }
 
     $res['code'] = 1;

diff --git a/common/clearDomainName.php b/common/clearDomainName.php
@@ -13,7 +13,7 @@
         exit();
     }
 
-    $domainName = strip_tags(trim($_POST['domain_name']));
+    $domainName = isset($_POST['domain_name']) ? strip_tags(trim($_POST['domain_name'])) : '';
 
     if (empty($domainName)) {
         echo json_encode($res);
@@ -43,7 +43,7 @@
         exit();
     }
 
-    file_put_contents('./domainName.json', json_encode($domainNameArr));
+    file_put_contents($file, json_encode($domainNameArr));
 
     $res['code'] = 1;
     $res['message'] = '移除成功！';

diff --git a/common/clearVerify.php b/common/clearVerify.php
@@ -13,7 +13,7 @@
         exit();
     }
 
-    $verify = strip_tags(trim($_POST['verify']));
+    $verify = isset($_POST['verify']) ? strip_tags(trim($_POST['verify'])) : '';
 
     if (empty($verify)) {
         echo json_encode($res);

diff --git a/common/loginHandle.php b/common/loginHandle.php
@@ -4,8 +4,8 @@
     $res['code'] = 0;
     $res['message'] = '登录失败！';
 
-    $user = strip_tags(trim($_POST['user']));
-    $password = $_POST['password'];
+    $user = isset($_POST['user']) ? strip_tags(trim($_POST['user'])) : '';
+    $password = isset($_POST['password']) ? strip_tags(trim($_POST['password'])) : '';
     if (empty($user)) {
         $res['message'] = '用户名不能为空！';
         echo json_encode($res);
@@ -23,7 +23,7 @@
     $userArr = array();
     $file = './user.json';
     if (file_exists($file)) {
-        $userArr = json_decode(file_get_contents('./user.json'), true);
+        $userArr = json_decode(file_get_contents($file), true);
     }
 
     $hasUser = false;

diff --git a/common/modifyPasswordHandle.php b/common/modifyPasswordHandle.php
@@ -0,0 +1,67 @@
+<?php
+
+if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
+    $res['code'] = 0;
+    $res['message'] = '修改失败！';
+
+    $user = isset($_POST['user']) ? $_POST['user'] : '';
+    $oldPassword = isset($_POST['old_password']) ? strip_tags(trim($_POST['old_password'])) : '';
+    $newPassword = isset($_POST['new_password']) ? strip_tags(trim($_POST['new_password'])) : '';
+    $againNewPassword = isset($_POST['again_new_password']) ? strip_tags(trim($_POST['again_new_password'])) : '';
+    if (empty($oldPassword)) {
+        $res['message'] = '旧密码不能为空！';
+        echo json_encode($res);
+        exit();
+    }
+    if (empty($newPassword)) {
+        $res['message'] = '新密码不能为空！';
+        echo json_encode($res);
+        exit();
+    }
+    if (empty($againNewPassword)) {
+        $res['message'] = '确认新密码不能为空！';
+        echo json_encode($res);
+        exit();
+    }
+    if ($newPassword != $againNewPassword) {
+        $res['message'] = '两次输入的新密码不一致！请重新填写！';
+        echo json_encode($res);
+        exit();
+    }
+
+    // 密码盐
+    $salt = md5('shinn_lancelot');
+
+    $userArr = array();
+    $file = './user.json';
+    if (file_exists($file)) {
+        $userArr = json_decode(file_get_contents($file), true);
+    }
+
+    $hasUser = false;
+    if (count($userArr) > 0) {
+        foreach ($userArr as $key=>$value) {
+            if ($value['user'] == $user) {
+                $hasUser = true;
+                if ($value['password'] == md5($oldPassword . $salt)) {
+                    // 更新为新密码
+                    $userArr[$key]['password'] = md5($newPassword . $salt);
+                    // 写入文件
+                    file_put_contents($file, json_encode($userArr));
+
+                    $res['code'] = 1;
+                    $res['message'] = '修改成功！';
+                } else {
+                    $res['message'] = '旧密码错误！';
+                }
+                break;
+            }
+        }
+    }
+
+    if (!$hasUser) {
+        $res['message'] = '该用户不存在！';
+    }
+
+    echo json_encode($res);
+}
diff --git a/common/verifyHandle.php b/common/verifyHandle.php
@@ -14,9 +14,8 @@
     }
 
     $filePrefix = 'MP_verify_';
-    $callBackUrl = $_SERVER['HTTP_HOST'];
 
-    $txt = strip_tags(trim($_POST['txt']));
+    $txt = isset($_POST['txt']) ? strip_tags(trim($_POST['txt'])) : '';
 
     if (empty($txt)) {
         echo json_encode($res);
@@ -26,8 +25,5 @@
     file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $filePrefix . $txt . '.txt' , $txt);
     $res['code'] = 1;
     $res['message'] = '提交成功！';
-    $res['data'] = array(
-        'callBackUrl'=>$callBackUrl
-    );
     echo json_encode($res);
 }
diff --git a/index.php b/index.php
@@ -6,17 +6,17 @@
 // 限制来源
 $referer =  getReferer();
 $domain = $referer != '' ? parse_url($referer)['host'] : '';
-$code = $_GET['code'];
+$code = isset($_GET['code']) ? $_GET['code'] : '';
 $domain || $code || exit('禁止访问！');
 $file = './common/domainName.json';
 if (file_exists($file) && $domain) {
     $domainNameArr = json_decode(file_get_contents($file), true);
     count($domainNameArr) > 0 && !in_array($domain, $domainNameArr) && exit('禁止访问！代理接口安全域名校验出错！');
 }
 
-$proxyScope = $_REQUEST['proxy_scope'];
+$proxyScope = isset($_REQUEST['proxy_scope']) ? $_REQUEST['proxy_scope'] : '';
 $proxyScope = $proxyScope ? $proxyScope : 'code';    // 代理操作作用域，默认仅获取code 'code':仅获取code 'access_token':获取access_token及openid
-$state = $_REQUEST['state'];
+$state = isset($_REQUEST['state']) ? $_REQUEST['state'] : '';
 $state = $state ? $state : getNonceStr();
 
 // 有code且代理作用域为code，拼接code和state参数，直接跳转回请求源
@@ -30,19 +30,19 @@
     }
 }
 
-$appId = $_REQUEST['app_id'];
-$appSecret = $_REQUEST['app_secret'];
-$oauthType = $_REQUEST['oauth_type'];
+$appId = isset($_REQUEST['app_id']) ? $_REQUEST['app_id'] : '';
+$appSecret = isset($_REQUEST['app_secret']) ? $_REQUEST['app_secret'] : '';
+$oauthType = isset($_REQUEST['oauth_type']) ? $_REQUEST['oauth_type'] : '';
 $oauthType = $oauthType ? $oauthType : 1;   //授权类型，默认公众号授权 1:公众号授权 2:开放平台网页授权
-$scope = $_REQUEST['scope'];
+$scope = isset($_REQUEST['scope']) ? $_REQUEST['scope'] : '';
 $scope = $scope ? $scope : 'snsapi_userinfo';
 
 $protocol = isHttps() ? 'https' : 'http';
 $phpSelf = $_SERVER['PHP_SELF'];
 $mark = strpos($phpSelf, '?') === false ? '?' : '';
 $queryString = $proxyScope == 'access_token' ? $mark . '&' . http_build_query(array('app_id'=>$appId,'app_secret'=>$appSecret,'proxy_scope'=>$proxyScope)) : '';
 $proxyRedirectUri = $protocol . '://' . $_SERVER['HTTP_HOST'] . $phpSelf . $queryString;
-$redirectUri = $_REQUEST['redirect_uri'];
+$redirectUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : '';
 
 // code为空，进行重定向获取code
 if (empty($code)) {

diff --git a/login.php b/login.php
@@ -253,11 +253,13 @@
         user = userObj.value;
         if (user == '') {
             alert('请输入用户名！');
+            loginState = 1;
             return;
         }
         password = passwordObj.value;
         if (password == '') {
             alert('请输入密码！');
+            loginState = 1;
             return;
         }
 
@@ -374,7 +376,7 @@ function listenInput() {
         clearIconObjs[i].addEventListener('click', clearFunc);
     }
 
-    formObj.addEventListener('keydown', function (e) {
+    document.addEventListener('keydown', function (e) {
         user = userObj.value;
         password = passwordObj.value;
         if (e.keyCode == 13) {

diff --git a/modifyPassword.php b/modifyPassword.php
@@ -155,7 +155,7 @@
             margin: 0 2vw;
         }
 
-        #domain_name {
+        #old_password, #new_password, #again_new_password {
             background: transparent;
             border-bottom: 1px solid #eee;
         }
@@ -214,15 +214,15 @@
         <div class="box">
             <form id="form">
                 <div class="input-box">
-                    <input type="text" class="field" name="old_password" id="old_password" value="" autocomplete="off" placeholder="请填写旧密码">
+                    <input type="password" class="field" name="old_password" id="old_password" value="" autocomplete="off" placeholder="请填写旧密码">
                     <i class="icon icon-clear" title="移除"></i>
                 </div>
                 <div class="input-box">
-                    <input type="text" class="field" name="new_password" id="new_password" value="" autocomplete="off" placeholder="请填写新密码">
+                    <input type="password" class="field" name="new_password" id="new_password" value="" autocomplete="off" placeholder="请填写新密码">
                     <i class="icon icon-clear" title="移除"></i>
                 </div>
                 <div class="input-box">
-                    <input type="text" class="field" name="again_new_password" id="again_new_password" value="" autocomplete="off" placeholder="请再次填写新密码">
+                    <input type="password" class="field" name="again_new_password" id="again_new_password" value="" autocomplete="off" placeholder="请再次填写新密码">
                     <i class="icon icon-clear" title="移除"></i>
                 </div>
                 <div class="field disable" id="submit_btn">
@@ -242,6 +242,7 @@
         oldPassword = '',
         newPassword = '',
         againNewPassword = '',
+        user = document.getElementsByClassName('user')[0].innerHTML,
         responseObj = '',
         submitState = 1,
         submitBtnClass = '',
@@ -269,39 +270,41 @@
         oldPassword = oldPasswordObj.value;
         if (oldPassword == '') {
             alert('请填写旧密码！');
+            submitState = 1;
             return;
         }
         newPassword = newPasswordObj.value;
         if (newPassword == '') {
             alert('请填写新密码！');
+            submitState = 1;
             return;
         }
         againNewPassword = againNewPasswordObj.value;
         if (againNewPassword == '') {
             alert('请再次填写新密码！');
+            submitState = 1;
             return;
         }
         if (newPassword != againNewPassword) {
             alert('两次输入的新密码不一致！请重新填写！');
-            newPasswordObj.value = '';
-            againNewPasswordObj.value = '';
+            submitState = 1;
             return
         }
 
         xhr.open('post', './common/modifyPasswordHandle.php', true);
         xhr.setRequestHeader('Content-type','application/x-www-form-urlencoded');
-        xhr.send('oldPassword=' + oldPassword + '&newPassword=' + newPassword + '&againNewPassword=' + againNewPassword);
+        xhr.send('user=' + user + '&old_password=' + oldPassword + '&new_password=' + newPassword + '&again_new_password=' + againNewPassword);
         xhr.onreadystatechange = function() {
             if (xhr.readyState == 4) {
                 responseObj = JSON.parse(xhr.response);
                 alert(responseObj.message);
-                // responseObj.code == 1 && clearFunc();
-                // responseObj.code == -1 && setTimeout(function() {
-                //     window.location.href = './login.php';
-                // }, 500);
-                // if (responseObj.code != -1) {
-                //     submitState = 1;
-                // }
+                if (responseObj.code == 1) {
+                    setTimeout(function() {
+                        window.location.href = './admin.php';
+                    }, 500);
+                } else {
+                    submitState = 1;
+                }
             } else {
                 console.log(xhr.readyState);
             }
@@ -345,6 +348,10 @@
             newPasswordObj.value = '';
             newPassword = '';
         }
+        if (inputId == 'again_new_password') {
+            againNewPasswordObj.value = '';
+            againNewPassword = '';
+        }
 
         submitBtnClass = submitBtnObj.getAttribute('class');
         if (submitBtnClass == 'field') {
@@ -376,7 +383,7 @@ function listenInput() {
         newPassword = newPasswordObj.value;
         againNewPassword = againNewPasswordObj.value;
         submitBtnClass = submitBtnObj.getAttribute('class');
-        if (oldPassword.length > 0 && newPassword.length > 0 && againNewPasswordObj.length > 0) {
+        if (oldPassword.length > 0 && newPassword.length > 0 && againNewPassword.length > 0) {
             if (submitBtnClass == 'field disable') {
                 submitBtnObj.setAttribute('class', 'field');
             }
@@ -450,13 +457,13 @@ function listenInput() {
         clearIconObjs[i].addEventListener('click', clearFunc);
     }
 
-    formObj.addEventListener('keydown', function (e) {
+    document.addEventListener('keydown', function (e) {
         oldPassword = oldPasswordObj.value;
         newPassword = newPasswordObj.value;
         againNewPassword = againNewPasswordObj.value;
         if (e.keyCode == 13) {
             if (oldPassword.length > 0 && newPassword.length > 0 && againNewPassword.length > 0) {
-                loginFunc(e);
+                submitFunc(e);
             } else {
                 e.preventDefault();
             }

diff --git a/safeDomainName.php b/safeDomainName.php
@@ -375,7 +375,7 @@
 
     clearIconObj.addEventListener('click', clearFunc);
 
-    formObj.addEventListener('keydown', function (e) {
+    document.addEventListener('keydown', function (e) {
         domainName = domainNameObj.value;
         if (e.keyCode == 13) {
             if (domainName.length > 0) {

diff --git a/verify.php b/verify.php
@@ -380,7 +380,7 @@
 
     clearIconObj.addEventListener('click', clearFunc);
 
-    formObj.addEventListener('keydown', function (e) {
+    document.addEventListener('keydown', function (e) {
         txt = txtObj.value;
         if (e.keyCode == 13) {
             if (txt.length > 0) {