Skip to content

O
OneManager-php

lwsswl / OneManager-php
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
O
OneManager-php

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 6e66ec05 编写于 作者: Q qkqpttgf 提交者: GitHub
浏览文件
操作

Can change admin password now

上级 6949fae7
隐藏空白更改
内联 并排
Showing with 57 addition and 4 deletion
common.php
浏览文件 @ 6e66ec05
......@@ -1184,6 +1184,24 @@ function EnvOpt($needUpdate = 0)
return output("{\"Error\": \"Admin pass error\"}", 403);
}
}
if (isset($_POST['changePass'])) {
if (!is_numeric($_POST['timestamp'])) return message("Error time<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
if (abs(time() - $_POST['timestamp']/1000) > 5*60) return message("Timeout<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
if ($_POST['newPass1']==''||$_POST['newPass2']=='') return message("Empty new pass<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
if ($_POST['newPass1']!==$_POST['newPass2']) return message("Twice new pass not the same<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
if ($_POST['newPass1']==getConfig('admin')) return message("New pass same to old one<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
if ($_POST['oldPass']==sha1(getConfig('admin') . $_POST['timestamp'])) {
$tmp['admin'] = $_POST['newPass1'];
$response = setConfigResponse( setConfig($tmp) );
if (api_error($response)) {
return message(api_error_msg($response) . "<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
} else {
return message("Success<a href=\"\">" . getconstStr('Back') . "</a>", "Success", 200);
}
} else {
return message("Old pass error<a href=\"\">" . getconstStr('Back') . "</a>", "Error", 403);
}
}
if (isset($_GET['preview'])) {
$preurl = $_SERVER['PHP_SELF'] . '?preview';
......@@ -1387,15 +1405,32 @@ function EnvOpt($needUpdate = 0)
}
$html .= '
<script src="https://cdn.bootcdn.net/ajax/libs/js-sha1/0.6.0/sha1.min.js"></script>
<table>
<form id="change_pass" name="change_pass" action="" method="POST" onsubmit="return changePassword(this);">
<tr>
<td>old pass:</td><td><input type="password" name="oldPass">
<input type="hidden" name="timestamp"></td>
</tr>
<tr>
<td>new pass:</td><td><input type="password" name="newPass1"></td>
</tr>
<tr>
<td>reinput:</td><td><input type="password" name="newPass2"></td>
</tr>
<tr>
<td></td><td><button name="changePass" value="changePass">Change Admin Pass</button></td>
</tr>
</form>
</table><br>
<table>
<form id="config_f" name="config" action="" method="POST" onsubmit="return false;">
<tr>
<td>admin pass:<input type="password" name="pass"></td>
<td><button name="config_b" value="export" onclick="exportConfig(this);">export</button></td>
<td>admin pass:<input type="password" name="pass">
<button name="config_b" value="export" onclick="exportConfig(this);">export</button></td>
</tr>
<tr>
<td>config:<textarea name="config_t"></textarea></td>
<td><button name="config_b" value="import" onclick="importConfig(this);">import</button></td>
<td>config:<textarea name="config_t"></textarea>
<button name="config_b" value="import" onclick="importConfig(this);">import</button></td>
</tr>
</form>
</table>
......@@ -1461,6 +1496,24 @@ function EnvOpt($needUpdate = 0)
}
xhr.send("pass=" + sha1(config_f.pass.value + "" + timestamp) + "&config_t=" + encodeURIComponent(config_f.config_t.value) + "&config_b=" + b.value + "&timestamp=" + timestamp);
}
function changePassword(f) {
if (f.oldPass.value==""||f.newPass1.value==""||f.newPass2.value=="") {
alert("Input");
return false;
}
if (f.oldPass.value==f.newPass1.value) {
alert("Same password");
return false;
}
if (f.newPass1.value!==f.newPass1.value) {
alert("Input twice new password");
return false;
}
var timestamp = new Date().getTime();
f.timestamp.value = timestamp;
f.oldPass.value = sha1(f.oldPass.value + "" + timestamp);
return true;
}
</script><br>';
$Driver_arr = scandir(__DIR__ . $slash . 'disk');
$html .= '
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册