代码拉取完成,页面将自动刷新
同步操作将从 evlon/BlueLotus_XSSReceiver 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
<?php
define("IN_XSS_PLATFORM", true);
require_once("functions.php");
require_once("dio.php");
//CSP开启
require_once("waf.php");
//设置httponly
ini_set("session.cookie_httponly", 1);
session_start();
//判断是否登陆
if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) {
header("Location: admin.php");
exit();
}
//判断ip是否在封禁列表中
$forbiddenIPList = loadForbiddenIPList();
$ip = getRealIP();
$is_pass_wrong = false;
if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
if (isset($_POST['password']) && $_POST['password'] != "") {
if (checkPassword($_POST['password'])) {
$_SESSION['isLogin'] = true;
$_SESSION['user_IP'] = $ip;
$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
if (isset($forbiddenIPList[$ip])) {
unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList);
}
header("Location: admin.php");
exit();
} else {
if (isset($forbiddenIPList[$ip]))
$forbiddenIPList[$ip]++;
else
$forbiddenIPList[$ip] = 1;
saveForbiddenIPList($forbiddenIPList);
$is_pass_wrong = true;
}
}
} else
$is_pass_wrong = true;
/*
生成密码
php -r '$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";$key="你的密码";$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;'
*/
function checkPassword($p) {
if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) {
//改了这个盐记得改login.js里的,两个要一致
$salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$key = PASS;
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
$key = md5($salt . $key . $_SESSION['firesunCheck'] . $salt);
return $key === $p;
}
return false;
}
//生成挑战应答的随机值
function generate_password($length = 32) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ($i = 0; $i < $length; $i++)
$password .= $chars[mt_rand(0, strlen($chars) - 1)];
return $password;
}
?>
<html>
<head>
<meta charset="utf-8" />
<title>登录</title>
<link rel="stylesheet" href='static/css/font-awesome.min.css' type="text/css" >
<link rel="stylesheet" href="static/css/login.min.css" type="text/css" />
<script type="text/javascript" src="static/js/jquery.min.js" ></script>
<script type="text/javascript" src="static/js/login.min.js" ></script>
<?php
if ($is_pass_wrong)
echo '<script type="text/javascript" src="static/js/pass_is_wrong.js" ></script>';
?>
</head>
<body>
<div id="loginform">
<div id="logo"></div>
<div id="mainlogin">
<h1>
登录控制面板
</h1>
<form action="" method="post">
<input type="password" placeholder="password" id="password" name="password" required="required">
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php
$firesunCheck = generate_password(32);
$_SESSION['firesunCheck'] = $firesunCheck;
echo json_encode($_SESSION['firesunCheck']);
?> />
<button type="submit" id="submit" disabled="disabled">
<i class="fa fa-arrow-right">
</i>
</button>
</form>
<div id="note">
<a href="#">
忘记密码?
</a>
</div>
</div>
</div>
</body>
</html>
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。