I can’t log in to the TP5 backend, please give me some advice, thank you.
I downloaded a source code study of thinkphp5.3 from the Internet. Because there is no installation file, it can only be installed through database import. After importing the database and configuring the database connection file, find
in the admin table in phpmydmin.admin:admin
password:12eefdf664f0e07e65a2c35e01e98d29
I decrypted the password and got the clear text password: o8889t
When logging in to the source code backend, it keeps prompting for an incorrect password or account number. Then I changed the password in the admin table to e10adc3949ba59abbe56e057f20f883e. The plain text is: 123456
When I log in again, I still find that the account or password is wrong. I want to know what encryption method the backend password is. Or how can I successfully log in to the background? Three files are listed, please give me some advice, thank you very much.
Backend login AdminController.class.php code is as follows:
---------------------------- -------------------------------------------------- ----
<?php
namespace Admin\Controller;
use Think\Controller;
class IndexController extends Controller
{
public function index()
{
layout(false);
$this->display();
}
//Login
public function loginin()
{
layout(false);
if(I('post.adminuser') and I('post.adminpwd'))
{
$adminuser=I('post.adminuser');
$adminpwd=I('post.adminpwd');
//Remember the account number
$remember=I('post.remember' );
if(!empty($remember))
{
cookie('remember',$remember,3600*24*30);
cookie('loginname',$adminuser,3600*24*30);
cookie('loginpwd',$adminpwd,3600*24*30);
}else {
cookie('remember',null);
cookie('loginname',null);
cookie('loginpwd',null);
}
$auth=I('post.auth');
$verify = new \Think\Verify();
$res =$verify->check($auth, '');
if($res==false)
{
$this->assign(' error','The verification code is incorrect! ');
$this->display('index');
exit();
}
$admin=new \Admin \Model\AdminModel();
$res=$admin->where("adminname='$adminuser'")->find();
if($res)
{
$status=$res['status'];
if($status==0)
{
$this->assign('error','This administrator has been disabled!');
$this->display('index');
exit ();
}else {
$password=$res['password'];
//MD5 encryption
$pwd=$admin ->encrypt($adminpwd);
if($password!=$pwd)
{
$this->assign('error','User Wrong name or password!');
$this->display('index');
exit();
}else {
//Determine whether the administrator group is disabled
$group_id=$res['group_id'];
$AdminGroup=new \Admin\Model\AdminGroupModel();
$res_g=$AdminGroup->where("id=$group_id")->field('status')->find();
if($res_g['status'] =='1')
{
//Update login status
$ip=getIP();
$login_num=$res[' login_num'] 1;
$data=array(
'last_login_time'=>date('Y-m-d H:i:s'),
'last_login_ip'= >$ip,
'login_num'=>$login_num
);
$res2=$admin->where("adminname='$adminuser' ")->save($data);
if($res2)
{
//Save user SESSION
$_SESSION[' admin_id']=$res['uid'];
$_SESSION['a_group_id']=$res['group_id'];
//Jump page
$this->redirect('System/index');
}else {
$this->assign('error','Login failed! ');
$this->display('index');
}
}else {
$this->assign( 'error','The administrator group you are in has been disabled!');
$this->display('index');
exit();
}
}
}
}else {
$this->assign('error','This administrator does not exist! ');
$this->display('index');
}
}else {
$this->assign( 'error','Account number and password cannot be empty!');
$this->display('index');
}
}
//Log out
public function loginout()
{
$_SESSION['admin_id']=null;
$_SESSION['a_group_id']=null;
//Jump page
$this->redirect('Index/index');
}
//Generate verification code
public function verify()
{
ob_end_clean();
$config = array(
'expire' => 1800, // Verification code expiration time (s)
'useImgBg' => false, // Use background image
'fontsize' = & gt; 10, // Verify code font size (PX)
'usecurve' = & gt; // Whether to draw confusion curve
'usenoise '= & Gt; false, // Whether to add miscellaneous points
' Imageh '= & GT; 30, // Verification code picture height
' Imagew '= & gt; 80, // Verification code Picture width
'length' = & gt; 4, // Verification code number
'fontttf' = & gt
'bg' => array(243, 251, 254), // Background color
);
$verify=new \Think\Verify($config );
/**
* Output the verification code and save the verification code value in the session
* The format of saving the verification code to the session is: array('verify_code' => 'Verification code value', 'verify_time' => 'Verification code creation time');
**/
$verify->entry();
}
}
------------------------------------------------ -------------------------------------------------- -------------------------------------------------- ------------
The second file AdminController.class.php code is as follows:
-------------- -------------------------------------------------- ------------------
<?php
/**
* Administrator management
*/
namespace Admin \Controller;
use Admin\Common\Controller\AuthController;
class AdminController extends AuthController
{
public function index()
{
if(I('get.search'))
{
$search=I('get.search');
$where="adminname='$search' or email='$search' or phone='$search'";
}
if(I('get.group_id'))
{
$group_id=I('get.group_id');
$where="group_id='$group_id'";
}
if(I('get.group_name'))
{
$group_name=I('get.group_name');
$res_ag=D('AdminGroup')->where("title='$group_name'")->field('id')->find();
$group_id=$res_ag['id'];
$where="group_id='$group_id'";
}
if(I('get.search')=='' and I('get.group_id')=='' and I('get.group_name')=='')
{
$where='1';
}
$Admin=new \Admin\Model\AdminModel();
$count=$Admin->where($where)->count();
$per = 15;
if($_GET['p'])
{
$p=$_GET['p'];
}else {
$p=1;
}
$Page= new \Think\Page($count,$per);// 实例化分页类 传入总记录数和每页显示的记录数(25)
$Page->rollPage=10; // 分页栏每页显示的页数
$Page -> setConfig('header','共%TOTAL_ROW%条');
$Page -> setConfig('first','首页');
$Page -> setConfig('last','共%TOTAL_PAGE%页');
$Page -> setConfig('prev','上一页');
$Page -> setConfig('next','下一页');
$Page -> setConfig('link','indexpagenumb');//pagenumb 会替换成页码
$Page -> setConfig('theme','%FIRST% %UP_PAGE% %LINK_PAGE% %DOWN_PAGE% %END% 第 '.I('p',1).' 页/共 %TOTAL_PAGE% 页 (<font color="red">'.$per.'</font> 条/页 共 %TOTAL_ROW% 条)');
$show= $Page->show();// 分页显示输出
$adminlist = $Admin->where($where)->page($p.','.$per)->select();
$this->assign('alist',$adminlist);// 赋值数据集
$this->assign('page',$show);
$this->display();
}
//新增管理员
public function add()
{
//Get the administrator group list
$group=new \Admin\Model\AdminGroupModel();
$grouplist=$group->getGroupList2();
$this->assign('glist',$grouplist);
if(I('post.'))
{
if(I ('post.adminname'))
{
$adminname=I('post.adminname');
$Admin=new \Admin\Model\AdminModel( );
$res=$Admin->where("adminname='$adminname'")->find();
if($res)
{
$str='XThis username already exists';
echo $str;
exit();
}else {
$str='';
$a='a';
}
}
if(I('post.password') and I('post.password2'))
{
$password=I('post.password');
$password2=I('post.password2');
if (strlen($password2)<=5)
{
$str='X password Not less than 6 characters';
echo $str;
exit();
}else {
if($password!=$password2 )
{
$str='XThe two passwords are not the same';
echo $str;
exit();
}else {
$str='';
$a.='a';
}
}
}
if(I('post.email'))
{
$email=I('post.email');
if(is_email($email))
{
$str='';
}else {
$str ='X email format is incorrect';
echo $str;
exit();
}
}
if(I('post.phone'))
{
$phone=I('post.phone');
if(is_phone ($phone))
{
$str='';
}else {
$str='X mobile number format is incorrect' ;
echo $str;
exit();
}
}
if($ a=='aa')
{
$adminname=I('post.adminname');
$password2=I('post.password2');
//MD5 encryption
$pwd=$Admin->encrypt($password2);
$email=I('post.email');
$phone=I('post.phone');
$group_id=I('post.group_id');
$status=I('post.status');
$register_time=date('Y-m-d H:i:s');
//php获取ip的算法
$ip = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$ip = ($ip) ? $ip : $_SERVER["REMOTE_ADDR"];
$data=array(
'adminname'=>$adminname,
'password'=>$pwd,
'email'=>$email,
'phone'=>$phone,
'province'=>trim(I('post.province')),
'city'=>trim(I('post.city')),
'group_id'=>$group_id,
'status'=>$status,
'register_time'=>$register_time,
'register_ip'=>$ip,
'last_login_time'=>date('Y-m-d H:i:s')
);
$res=$Admin->add($data);
if($res)
{
echo '1';
}else {
echo '0';
}
}
}else {
$this->display();
}
}
//编辑管理员
public function edit($uid)
{
//获取管理员信息
$Admin=new \Admin\Model\AdminModel();
$aMsg=$Admin->getAdminMsg($uid);
$this->assign('msg',$aMsg);
//获取管理员组列表
$group=D('admin_group');
$grouplist=$group->getGroupList2();
$this->assign('glist',$grouplist);
if(IS_POST)
{
//var_dump(I('post.'));exit;
if(I('post.adminname'))
{
$adminname=I('post.adminname');
$res=$Admin->where("adminname='$adminname' and uid!='$uid'")->find();
if($res)
{
$error='X该用户名已存在';
$this->assign('error',$error);
$this->display();
exit();
}
}
$email=I('post.email');
if($email)
{
if(is_email($email)!==true)
{
$error1='X邮箱格式不正确';
$this->assign('error1',$error1);
$this->display();
exit();
}
}
$phone=I('post.phone');
if($phone)
{
if(is_phone($phone)!==true)
{
$error2='X手机号码格式不正确';
$this->assign('error2',$error2);
$this->display();
exit();
}
}
$group_id=I('post.group_id');
$login_num=I('post.login_num');
$status=I('post.status');
$data=array(
'adminname'=>$adminname,
'email'=>$email,
'phone'=>$phone,
'province'=>trim(I('post.province')),
'city'=>trim(I('post.city')),
'group_id'=>$group_id,
'login_num'=>$login_num,
'status'=>$status,
);
if(I('post.password'))
{
$password=I('post.password');
//MD5加密
$pwd=$Admin->encrypt($password);
$data['password']=$pwd;
}
$res=$Admin->where("uid=$uid")->save($data);
if($res!==false)
{
layout(false);
$this->success('编辑管理员成功!',U('index'),3);
}else {
layout(false);
$this->error('操作失败!');
}
}else {
$this->display();
}
}
//修改管理员禁用状态
public function changestatus($id,$status)
{
$data=array(
'status'=>$status
);
$Admin=new \Admin\Model\AdminModel();
$res=$Admin->where("uid=$id")->save($data);
if($res===false)
{
echo '0';
}else {
echo '1';
}
}
//Delete administrator
public function del($id)
{
$Admin=new \Admin\Model\AdminModel ();
$res=$Admin->where("uid=$id")->delete();
if($res===false)
{
echo '0';
}else {
echo '1';
}
}
//Change password
public function changepwd()
{
if($_SESSION['admin_id']! ='')
{
$admin_id=$_SESSION['admin_id'];
if(I('post.'))
{
$oldpwd=I('post.oldpwd');
if($oldpwd=='')
{
$this- >assign('error1','The original password cannot be empty!');
$this->display();
exit();
}
$pwd1=I('post.pwd1');
$pwd2=I('post.pwd2');
if($pwd1=='' )
{
$this->assign('error2','The new password cannot be empty!');
$this->display();
exit();
}
if($pwd2=='')
{
$this-> assign('error3','Repeat password cannot be empty!');
$this->display();
exit();
}
if($pwd1==$pwd2)
{
if(strlen($pwd2)>5)
{
//Verify whether the original password is correct
$Admin=new \Admin\Model\AdminModel();
$res=$Admin->checkPwd($admin_id,$oldpwd);
if($res)
{
//Change password
$newpwd=$Admin->encrypt($pwd2);
$data=array(
'password'=>$newpwd
);
$res2=$Admin->where("uid=$ admin_id")->save($data);
layout(false);
if($res2===false)
{
$this->error('Failed to change password! ');
}else {
} $this->success('Password editing successful!');
}
}else {
$this->assign('error1','Original password is wrong!');
$this->display();
exit();
}
}else {
$this->assign('error3','The new password must be no less than 5 characters in length!');
$this->display();
exit( );
}
}else {
$this->assign('error3','The two passwords are not the same!');
$this->display();
exit();
}
}else {
$this->display() ;
}
}else {
$this->redirect('Index/index');
}
}
}
------------------------------------------------ -------------------------------------------------- -------------------------------------------------- --------------------------
The third file is as follows:
<?php
namespace Admin\Common\Controller;
use Think\Controller;
use Think\Auth;
//Permission Authentication
class AuthController extends Controller {
protected function _initialize(){
//When session does not exist, direct access is not allowed
if(!$_SESSION ['admin_id'])
{
layout(false);
$this->error('Not logged in yet, jumping to the login page', U('Index/index'));
}
//When the session exists, no verification is required
$not_check = array (
'Admin/changepwd','System/index','System/index_show','System/cleancache','System/clearrubbish',//Change password, system home page,
'ArticleCat/deloldimg','Article/deloldimg','Article/deloldbigimg','Article/deloldfile',//Delete the original image of the article category, delete the original image of the article, delete the original large image of the article, delete the original file of the article
'GoodsCat/deloldimg',//Delete the original image of the product category
);
//Request for the current operation Module name/method name
if(in_array(CONTROLLER_NAME.'/'.ACTION_NAME, $not_check))
{
return true;
}
$auth = new Auth();
if(!$auth->check(CONTROLLER_NAME.'/'.ACTION_NAME,$_SESSION['admin_id']) and $_SESSION[' a_group_id']!='1')
{
layout(false);
echo 'No permission!';die();
$this->error('No permission');
}
}
}
