dedecms添加登录管理认证码的方法
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>本文实例讲述了dedecms添加登录管理认证码的方法。分享给大家供大家参考。具体分析如下:</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
随着dedecms用的人越来越多,也就引来各种关注,然后就各种漏洞、入侵,最近又爆出了一个堪称全版本都有的漏洞,的确,我googlehack了一下,基本上 5.5-5.7 的版本测试都可以,不过MD5是个硬伤,多余的话就不说了.</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
其实就是在后台登录界面添加个表单验证而已,管理认证,应该知道吧,动易、帝国的那种,本地字符验证,而不是数据库验证,所以SQL查询不了,入侵时碰到这种登录最纠结,最无奈的.</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
首先看看,我们要改的是这2个文件/(后台路径)/templets/login.htm 这是后台登录界面,/(后台路径)/login.php 登录消息的处理文件.</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
我们先来改login.htm文件,可能大家的模板不一样,不过自己改改吧,这是验证表单是否为空的代码,可以直接放在HTML里,也可以link到JS文件里,代码如下:<br>
</p>
<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
<span><u>复制代码</u></span>
</div>
代码如下:</div>
<div class="msgborder" id="phpcode5" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
</div>
<p>
<br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>这是我的form框架和input提交,其实那个认证码的input 直接复制用户名的 input或密码的input就可以,改下name名就可以了,代码如下:</span></p>
<blockquote>
<ol class="dp-xml">
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">form</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"form1"</span><span> </span><span class="attribute">id</span><span>=</span><span class="attribute-value">"form1"</span><span> </span><span class="attribute">method</span><span>=</span><span class="attribute-value">"post"</span><span> </span><span class="attribute">action</span><span>=</span><span class="attribute-value">"login.php"</span><span> </span><span class="attribute">onsubmit</span><span>=</span><span class="attribute-value">'return CheckForm();'</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"hidden"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"gotopage"</span><span> </span><span class="attribute">value</span><span>=</span><span class="attribute-value">"<?php if(!empty($gotopage)) echo $gotopage;?>"</span><span> </span><span class="tag">/></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"hidden"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"dopost"</span><span> </span><span class="attribute">value</span><span>=</span><span class="attribute-value">"login"</span><span class="tag">/></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">ul</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">li</span><span class="tag">></span><span class="tag"><</span><span class="tag-name">span</span><span class="tag">></span><span>用户名:</span><span class="tag"></</span><span class="tag-name">span</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"text"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"userid"</span><span> </span><span class="attribute">class</span><span>=</span><span class="attribute-value">"input_out"</span><span> </span><span class="attribute">maxlength</span><span>=</span><span class="attribute-value">"20"</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">"width:148px;"</span><span> </span><span class="attribute">onfocus</span><span>=</span><span class="attribute-value">"this.className='input_on';this.onmouseout=''"</span><span> </span><span class="attribute">onblur</span><span>=</span><span class="attribute-value">"this.className='input_off';this.onmouseout=function(){this.className='input_out'};"</span><span> </span><span class="attribute">onmousemove</span><span>=</span><span class="attribute-value">"this.className='input_move'"</span><span> </span><span class="attribute">onmouseout</span><span>=</span><span class="attribute-value">"this.className='input_out'"</span><span class="tag">/></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"></</span><span class="tag-name">li</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">li</span><span class="tag">></span><span class="tag"><</span><span class="tag-name">span</span><span class="tag">></span><span>密&nbsp;&nbsp;码:</span><span class="tag"></</span><span class="tag-name">span</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"password"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"pwd"</span><span> </span><span class="attribute">class</span><span>=</span><span class="attribute-value">"input_out"</span><span> </span><span class="attribute">maxlength</span><span>=</span><span class="attribute-value">"20"</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">"width:148px;"</span><span> </span><span class="attribute">onfocus</span><span>=</span><span class="attribute-value">"this.className='input_on';this.onmouseout=''"</span><span> </span><span class="attribute">onblur</span><span>=</span><span class="attribute-value">"this.className='input_off';this.onmouseout=function(){this.className='input_out'};"</span><span> </span><span class="attribute">onmousemove</span><span>=</span><span class="attribute-value">"this.className='input_move'"</span><span> </span><span class="attribute">onmouseout</span><span>=</span><span class="attribute-value">"this.className='input_out'"</span><span class="tag">/></span><span> </span></span>
</li>
<li>
<span><span class="tag"></</span><span class="tag-name">li</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">li</span><span class="tag">></span><span class="tag"><</span><span class="tag-name">span</span><span class="tag">></span><span>认证码:</span><span class="tag"></</span><span class="tag-name">span</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"password"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"vacodes"</span><span> </span><span class="attribute">class</span><span>=</span><span class="attribute-value">"input_out"</span><span> </span><span class="attribute">maxlength</span><span>=</span><span class="attribute-value">"20"</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">"width:148px;"</span><span> </span><span class="attribute">onfocus</span><span>=</span><span class="attribute-value">"this.className='input_on';this.onmouseout=''"</span><span> </span><span class="attribute">onblur</span><span>=</span><span class="attribute-value">"this.className='input_off';this.onmouseout=function(){this.className='input_out'};"</span><span> </span><span class="attribute">onmousemove</span><span>=</span><span class="attribute-value">"this.className='input_move'"</span><span> </span><span class="attribute">onmouseout</span><span>=</span><span class="attribute-value">"this.className='input_out'"</span><span class="tag">/></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"></</span><span class="tag-name">li</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">li</span><span class="tag">></span><span class="tag"><</span><span class="tag-name">span</span><span class="tag">></span><span>验证码:</span><span class="tag"></</span><span class="tag-name">span</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"validate"</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"text"</span><span> </span><span class="attribute">id</span><span>=</span><span class="attribute-value">"vdcode"</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">"width:50px;text-transform:uppercase;"</span><span> </span><span class="attribute">onfocus</span><span>=</span><span class="attribute-value">"this.className='input_on';this.onmouseout=''"</span><span> </span><span class="attribute">onblur</span><span>=</span><span class="attribute-value">"this.className='input_off';this.onmouseout=function(){this.className='input_out'};"</span><span> </span><span class="attribute">onmousemove</span><span>=</span><span class="attribute-value">"this.className='input_move'"</span><span> </span><span class="attribute">onmouseout</span><span>=</span><span class="attribute-value">"this.className='input_out'"</span><span> </span><span class="attribute">class</span><span>=</span><span class="attribute-value">"input_out"</span><span class="tag">/></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">img</span><span> </span><span class="attribute">id</span><span>=</span><span class="attribute-value">"vdimgck"</span><span> </span><span class="attribute">src</span><span>=</span><span class="attribute-value">"../include/vdimgck.php"</span><span> </span><span class="attribute">alt</span><span>=</span><span class="attribute-value">"看不清?点击更换"</span><span> </span><span class="attribute">align</span><span>=</span><span class="attribute-value">"absmiddle"</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">"cursor:pointer"</span><span> </span><span class="attribute">onclick</span><span>=</span><span class="attribute-value">"this.src=this.src+'?'"</span><span class="tag">/></span><span class="tag"></</span><span class="tag-name">li</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"><</span><span class="tag-name">span</span><span class="tag">></span><span>&nbsp;</span><span class="tag"></</span><span class="tag-name">span</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"><</span><span class="tag-name">input</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">'Submit'</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">'image'</span><span> </span><span class="attribute">style</span><span>=</span><span class="attribute-value">'width:60px; HEIGHT: 25px;'</span><span> </span><span class="attribute">src</span><span>=</span><span class="attribute-value">'img/submit.gif'</span><span> </span><span class="attribute">width</span><span>=</span><span class="attribute-value">'60'</span><span> </span><span class="attribute">height</span><span>=</span><span class="attribute-value">'27'</span><span class="tag">/></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"></</span><span class="tag-name">li</span><span class="tag">></span><span> </span></span>
</li>
<li>
<span><span class="tag"></</span><span class="tag-name">ul</span><span class="tag">></span><span> </span></span>
</li>
<li class="alt">
<span><span class="tag"></</span><span class="tag-name">form</span><span class="tag">></span><span> </span></span>
</li>
</ol>
</blockquote>
<p>
<br><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>然后就是提交验证(/login.php)了,代码第50行就有注释 //登录检测,我们把验证内嵌在如下代码:</span></p>
<blockquote>
<ol class="dp-c">
<li class="alt">
<span><span class="keyword">if</span><span> (!emptyempty(</span><span class="vars">$userid</span><span>) && !emptyempty(</span><span class="vars">$pwd</span><span>)) { </span></span>
</li>
<li>
<span><span class="vars">$res</span><span> = </span><span class="vars">$cuserLogin</span><span>->checkUser(</span><span class="vars">$userid</span><span>, </span><span class="vars">$pwd</span><span>); </span></span>
</li>
<li class="alt">
<span><span class="comment">//success </span><span> </span></span>
</li>
<li>
<span><span class="keyword">if</span><span> (</span><span class="vars">$res</span><span> == 1) { </span></span>
</li>
<li class="alt">
<span><span class="comment">//里,如下。 </span><span> </span></span>
</li>
<li>
<span><span class="keyword">if</span><span> (!emptyempty(</span><span class="vars">$userid</span><span>) && !emptyempty(</span><span class="vars">$pwd</span><span>)) { </span></span>
</li>
<li class="alt">
<span><span class="vars">$res</span><span> = </span><span class="vars">$cuserLogin</span><span>->checkUser(</span><span class="vars">$userid</span><span>, </span><span class="vars">$pwd</span><span>); </span></span>
</li>
<li>
<span><span class="comment">//success </span><span> </span></span>
</li>
<li class="alt">
<span><span class="keyword">if</span><span> (</span><span class="vars">$res</span><span> == 1) { </span><span class="comment">//嵌套到这里面! </span><span> </span></span>
</li>
<li>
<span><span class="vars">$uservacodes</span><span> = </span><span class="vars">$_POST</span><span>[</span><span class="string">'vacodes'</span><span>]; </span><span class="comment">//取出vacodes内容放入另一个变量 </span><span> </span></span>
</li>
<li class="alt">
<span><span class="keyword">if</span><span> (</span><span class="vars">$uservacodes</span><span> != </span><span class="string">'认证码自定义'</span><span>) { </span><span class="comment">//自行修改认证码自定义内容! </span><span> </span></span>
</li>
<li>
<span>ResetVdValue(); </span>
</li>
<li class="alt">
<span>ShowMsg(<span class="string">'认证码不正确!'</span><span>, </span><span class="string">'login.php'</span><span>, 0, 1000); </span><span class="comment">//不等于跑这里 </span><span> </span></span>
</li>
<li>
<span><span class="keyword">die</span><span>; </span></span>
</li>
<li class="alt">
<span>} <span class="keyword">else</span><span> { </span><span class="comment">//等于就跑这里 </span><span> </span></span>
</li>
<li>
<span><span class="vars">$cuserLogin</span><span>->keepUser(); </span></span>
</li>
<li class="alt">
<span><span class="keyword">if</span><span> (!emptyempty(</span><span class="vars">$gotopage</span><span>)) { </span></span>
</li>
<li>
<span>ShowMsg(<span class="string">'成功登录,正在转向管理管理主页!'</span><span>, </span><span class="vars">$gotopage</span><span>); </span></span>
</li>
<li class="alt">
<span><span class="keyword">die</span><span>; </span></span>
</li>
<li>
<span>} <span class="keyword">else</span><span> { </span></span>
</li>
<li class="alt">
<span><span class="vars">$uservacodes</span><span> = </span><span class="vars">$_POST</span><span>[</span><span class="string">'vacodes'</span><span>]; </span></span>
</li>
<li>
<span>ShowMsg(<span class="string">'成功登录,正在转向管理管理主页!'</span><span>, </span><span class="string">'index.php'</span><span>); </span></span>
</li>
<li class="alt">
<span><span class="keyword">die</span><span>; </span></span>
</li>
<li>
<span>} </span>
</li>
<li class="alt">
<span>} </span>
</li>
</ol>
</blockquote>
<strong style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>解释:</strong><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>先验证<u>图片</u>验证码,在验证用户名,在验证密码,最后验证认证码,以免认证码被爆破.</span>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
<strong>注意:</strong>if的块语句{}一定要对应,不然会出错,可以用Notepad++来修改.</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
也可以把认证码比较那里设置成变量,链接到包含的文件里,比如config文件,自己操作吧,个人博客我就不讲究互动性了,其他的网站源码也大同小异,找到登录界面和提交页面,修改之即可.</p>
<p style='margin: 0px; padding: 5px 0px; outline: none; font-size: 14px; line-height: 30px; font-family: tahoma, arial, "Microsoft YaHei";'>
希望本文所述对大家的dedecms建站有所帮助.</p>
頁:
[1]