diff --git a/common/addSafeDomainName.php b/common/addSafeDomainName.php index 7903a05..d3ec03f 100644 --- a/common/addSafeDomainName.php +++ b/common/addSafeDomainName.php @@ -13,7 +13,7 @@ exit(); } - $domainName = strip_tags(trim($_POST['domain_name'])); + $domainName = isset($_POST['domain_name']) ? strip_tags(trim($_POST['domain_name'])) : ''; if (empty($domainName)) { echo json_encode($res); @@ -38,7 +38,7 @@ if (!$hasDomainName) { array_unshift($domainNameArr, $domainName); - file_put_contents('./domainName.json', json_encode($domainNameArr)); + file_put_contents($file, json_encode($domainNameArr)); } $res['code'] = 1; diff --git a/common/clearDomainName.php b/common/clearDomainName.php index 42a3096..9a6422c 100644 --- a/common/clearDomainName.php +++ b/common/clearDomainName.php @@ -13,7 +13,7 @@ exit(); } - $domainName = strip_tags(trim($_POST['domain_name'])); + $domainName = isset($_POST['domain_name']) ? strip_tags(trim($_POST['domain_name'])) : ''; if (empty($domainName)) { echo json_encode($res); @@ -43,7 +43,7 @@ exit(); } - file_put_contents('./domainName.json', json_encode($domainNameArr)); + file_put_contents($file, json_encode($domainNameArr)); $res['code'] = 1; $res['message'] = '移除成功!'; diff --git a/common/clearVerify.php b/common/clearVerify.php index 253321f..0f56ca5 100644 --- a/common/clearVerify.php +++ b/common/clearVerify.php @@ -13,7 +13,7 @@ exit(); } - $verify = strip_tags(trim($_POST['verify'])); + $verify = isset($_POST['verify']) ? strip_tags(trim($_POST['verify'])) : ''; if (empty($verify)) { echo json_encode($res); diff --git a/common/loginHandle.php b/common/loginHandle.php index 98c6857..f1f62cc 100644 --- a/common/loginHandle.php +++ b/common/loginHandle.php @@ -4,8 +4,8 @@ $res['code'] = 0; $res['message'] = '登录失败!'; - $user = strip_tags(trim($_POST['user'])); - $password = $_POST['password']; + $user = isset($_POST['user']) ? strip_tags(trim($_POST['user'])) : ''; + $password = isset($_POST['password']) ? strip_tags(trim($_POST['password'])) : ''; if (empty($user)) { $res['message'] = '用户名不能为空!'; echo json_encode($res); @@ -23,7 +23,7 @@ $userArr = array(); $file = './user.json'; if (file_exists($file)) { - $userArr = json_decode(file_get_contents('./user.json'), true); + $userArr = json_decode(file_get_contents($file), true); } $hasUser = false; diff --git a/common/modifyPasswordHandle.php b/common/modifyPasswordHandle.php new file mode 100644 index 0000000..037ac70 --- /dev/null +++ b/common/modifyPasswordHandle.php @@ -0,0 +1,67 @@ + 0) { + foreach ($userArr as $key=>$value) { + if ($value['user'] == $user) { + $hasUser = true; + if ($value['password'] == md5($oldPassword . $salt)) { + // 更新为新密码 + $userArr[$key]['password'] = md5($newPassword . $salt); + // 写入文件 + file_put_contents($file, json_encode($userArr)); + + $res['code'] = 1; + $res['message'] = '修改成功!'; + } else { + $res['message'] = '旧密码错误!'; + } + break; + } + } + } + + if (!$hasUser) { + $res['message'] = '该用户不存在!'; + } + + echo json_encode($res); +} \ No newline at end of file diff --git a/common/verifyHandle.php b/common/verifyHandle.php index 41f4e48..f1e41c0 100644 --- a/common/verifyHandle.php +++ b/common/verifyHandle.php @@ -14,9 +14,8 @@ } $filePrefix = 'MP_verify_'; - $callBackUrl = $_SERVER['HTTP_HOST']; - $txt = strip_tags(trim($_POST['txt'])); + $txt = isset($_POST['txt']) ? strip_tags(trim($_POST['txt'])) : ''; if (empty($txt)) { echo json_encode($res); @@ -26,8 +25,5 @@ file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $filePrefix . $txt . '.txt' , $txt); $res['code'] = 1; $res['message'] = '提交成功!'; - $res['data'] = array( - 'callBackUrl'=>$callBackUrl - ); echo json_encode($res); } \ No newline at end of file diff --git a/index.php b/index.php index 423907a..ea3d7c3 100644 --- a/index.php +++ b/index.php @@ -6,7 +6,7 @@ // 限制来源 $referer = getReferer(); $domain = $referer != '' ? parse_url($referer)['host'] : ''; -$code = $_GET['code']; +$code = isset($_GET['code']) ? $_GET['code'] : ''; $domain || $code || exit('禁止访问!'); $file = './common/domainName.json'; if (file_exists($file) && $domain) { @@ -14,9 +14,9 @@ count($domainNameArr) > 0 && !in_array($domain, $domainNameArr) && exit('禁止访问!代理接口安全域名校验出错!'); } -$proxyScope = $_REQUEST['proxy_scope']; +$proxyScope = isset($_REQUEST['proxy_scope']) ? $_REQUEST['proxy_scope'] : ''; $proxyScope = $proxyScope ? $proxyScope : 'code'; // 代理操作作用域,默认仅获取code 'code':仅获取code 'access_token':获取access_token及openid -$state = $_REQUEST['state']; +$state = isset($_REQUEST['state']) ? $_REQUEST['state'] : ''; $state = $state ? $state : getNonceStr(); // 有code且代理作用域为code,拼接code和state参数,直接跳转回请求源 @@ -30,11 +30,11 @@ } } -$appId = $_REQUEST['app_id']; -$appSecret = $_REQUEST['app_secret']; -$oauthType = $_REQUEST['oauth_type']; +$appId = isset($_REQUEST['app_id']) ? $_REQUEST['app_id'] : ''; +$appSecret = isset($_REQUEST['app_secret']) ? $_REQUEST['app_secret'] : ''; +$oauthType = isset($_REQUEST['oauth_type']) ? $_REQUEST['oauth_type'] : ''; $oauthType = $oauthType ? $oauthType : 1; //授权类型,默认公众号授权 1:公众号授权 2:开放平台网页授权 -$scope = $_REQUEST['scope']; +$scope = isset($_REQUEST['scope']) ? $_REQUEST['scope'] : ''; $scope = $scope ? $scope : 'snsapi_userinfo'; $protocol = isHttps() ? 'https' : 'http'; @@ -42,7 +42,7 @@ $mark = strpos($phpSelf, '?') === false ? '?' : ''; $queryString = $proxyScope == 'access_token' ? $mark . '&' . http_build_query(array('app_id'=>$appId,'app_secret'=>$appSecret,'proxy_scope'=>$proxyScope)) : ''; $proxyRedirectUri = $protocol . '://' . $_SERVER['HTTP_HOST'] . $phpSelf . $queryString; -$redirectUri = $_REQUEST['redirect_uri']; +$redirectUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : ''; // code为空,进行重定向获取code if (empty($code)) { diff --git a/login.php b/login.php index fadf21f..d64c3f1 100644 --- a/login.php +++ b/login.php @@ -253,11 +253,13 @@ user = userObj.value; if (user == '') { alert('请输入用户名!'); + loginState = 1; return; } password = passwordObj.value; if (password == '') { alert('请输入密码!'); + loginState = 1; return; } @@ -374,7 +376,7 @@ function listenInput() { clearIconObjs[i].addEventListener('click', clearFunc); } - formObj.addEventListener('keydown', function (e) { + document.addEventListener('keydown', function (e) { user = userObj.value; password = passwordObj.value; if (e.keyCode == 13) { diff --git a/modifyPassword.php b/modifyPassword.php index 6ee313c..bb3efd8 100644 --- a/modifyPassword.php +++ b/modifyPassword.php @@ -155,7 +155,7 @@ margin: 0 2vw; } - #domain_name { + #old_password, #new_password, #again_new_password { background: transparent; border-bottom: 1px solid #eee; } @@ -214,15 +214,15 @@
- +
- +
- +
@@ -242,6 +242,7 @@ oldPassword = '', newPassword = '', againNewPassword = '', + user = document.getElementsByClassName('user')[0].innerHTML, responseObj = '', submitState = 1, submitBtnClass = '', @@ -269,39 +270,41 @@ oldPassword = oldPasswordObj.value; if (oldPassword == '') { alert('请填写旧密码!'); + submitState = 1; return; } newPassword = newPasswordObj.value; if (newPassword == '') { alert('请填写新密码!'); + submitState = 1; return; } againNewPassword = againNewPasswordObj.value; if (againNewPassword == '') { alert('请再次填写新密码!'); + submitState = 1; return; } if (newPassword != againNewPassword) { alert('两次输入的新密码不一致!请重新填写!'); - newPasswordObj.value = ''; - againNewPasswordObj.value = ''; + submitState = 1; return } xhr.open('post', './common/modifyPasswordHandle.php', true); xhr.setRequestHeader('Content-type','application/x-www-form-urlencoded'); - xhr.send('oldPassword=' + oldPassword + '&newPassword=' + newPassword + '&againNewPassword=' + againNewPassword); + xhr.send('user=' + user + '&old_password=' + oldPassword + '&new_password=' + newPassword + '&again_new_password=' + againNewPassword); xhr.onreadystatechange = function() { if (xhr.readyState == 4) { responseObj = JSON.parse(xhr.response); alert(responseObj.message); - // responseObj.code == 1 && clearFunc(); - // responseObj.code == -1 && setTimeout(function() { - // window.location.href = './login.php'; - // }, 500); - // if (responseObj.code != -1) { - // submitState = 1; - // } + if (responseObj.code == 1) { + setTimeout(function() { + window.location.href = './admin.php'; + }, 500); + } else { + submitState = 1; + } } else { console.log(xhr.readyState); } @@ -345,6 +348,10 @@ newPasswordObj.value = ''; newPassword = ''; } + if (inputId == 'again_new_password') { + againNewPasswordObj.value = ''; + againNewPassword = ''; + } submitBtnClass = submitBtnObj.getAttribute('class'); if (submitBtnClass == 'field') { @@ -376,7 +383,7 @@ function listenInput() { newPassword = newPasswordObj.value; againNewPassword = againNewPasswordObj.value; submitBtnClass = submitBtnObj.getAttribute('class'); - if (oldPassword.length > 0 && newPassword.length > 0 && againNewPasswordObj.length > 0) { + if (oldPassword.length > 0 && newPassword.length > 0 && againNewPassword.length > 0) { if (submitBtnClass == 'field disable') { submitBtnObj.setAttribute('class', 'field'); } @@ -450,13 +457,13 @@ function listenInput() { clearIconObjs[i].addEventListener('click', clearFunc); } - formObj.addEventListener('keydown', function (e) { + document.addEventListener('keydown', function (e) { oldPassword = oldPasswordObj.value; newPassword = newPasswordObj.value; againNewPassword = againNewPasswordObj.value; if (e.keyCode == 13) { if (oldPassword.length > 0 && newPassword.length > 0 && againNewPassword.length > 0) { - loginFunc(e); + submitFunc(e); } else { e.preventDefault(); } diff --git a/safeDomainName.php b/safeDomainName.php index ceadd52..d798753 100644 --- a/safeDomainName.php +++ b/safeDomainName.php @@ -375,7 +375,7 @@ clearIconObj.addEventListener('click', clearFunc); - formObj.addEventListener('keydown', function (e) { + document.addEventListener('keydown', function (e) { domainName = domainNameObj.value; if (e.keyCode == 13) { if (domainName.length > 0) { diff --git a/verify.php b/verify.php index 3e62069..245a149 100644 --- a/verify.php +++ b/verify.php @@ -380,7 +380,7 @@ clearIconObj.addEventListener('click', clearFunc); - formObj.addEventListener('keydown', function (e) { + document.addEventListener('keydown', function (e) { txt = txtObj.value; if (e.keyCode == 13) { if (txt.length > 0) {