forked from cyyself/vie-to-answer
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadmin.php
More file actions
94 lines (94 loc) · 2.93 KB
/
Copy pathadmin.php
File metadata and controls
94 lines (94 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
function auth($config) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($config['adminuser'] == $username && $config['adminpass'] == md5($password)) return true;
else return false;
}
$config = json_decode(file_get_contents("config.db"),true);
$auth = auth($config);
if (!$auth) {
header('WWW-Authenticate: Basic realm="Default username: admin Default password: admin"');
}
else {
//处理操作
switch ($_GET['action']) {
case 'deluser' :
foreach ($config['user'] as $name => $pass) {
if ($name == $_GET['username']) unset($config['user'][$name]);
}
file_put_contents('config.db',json_encode($config));
break;
case 'adduser' :
$username = $_GET['username'];
if (strpos($username,"\t") === false && strpos($username,"\n") === false) {
$config['user'][$username] = $_GET['password'];
file_put_contents('config.db',json_encode($config));
}
break;
case 'passwd' :
if ($_GET['password1'] == $_GET['password2']) {
$config['adminpass'] = md5($_GET['password2']);
file_put_contents('config.db',json_encode($config));
}
else $msg = "密码校验不匹配。";
break;
}
}
?>
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<title>云抢答系统-后台管理</title>
<?php if ($msg) { ?>
<script type="text/javascript">
alert("<?php echo $msg ?>");
</script>
<?php } ?>
</head>
<body>
<h1>云抢答系统-后台管理</h1>
<h3>当前用户:<?php if ($auth) echo $_SERVER['PHP_AUTH_USER']; else echo "Error 401 Unauthorized"; ?></h3>
<p>默认用户名:admin<br>默认密码:admin</p>
<hr>
<h2>用户管理</h2>
<form name="adduser" action="" method="get" autocomplete="off">
<input type="password" style="display: none;">
<input type="text" name="action" value="adduser" hidden>
<input type="text" name="username" id="username">:<input type="password" name="password" autocomplete="new-password">
<input type="submit" value="添加/修改">
</form>
<table border="1">
<tr>
<td>用户名</td>
<td>密码</td>
<td>操作</td>
</tr>
<?php
if ($auth) {
$usertable = $config['user'];
foreach ($usertable as $name => $pass) {
?><tr>
<td><?php echo htmlspecialchars($name); ?></td>
<td><a href='javascript:alert("<?php echo $pass; ?>")'>显示密码</a></td>
<td>
<a href="?action=deluser&username=<?php echo $name; ?>">删除</a>
</td>
</tr><?php
}
}
?>
</table>
<hr>
<h2>管理员密码修改</h2>
<form name="passwd" action="" method="get" autocomplete="off">
<input type="password" style="display: none;"/>
<input type="text" name="action" value="passwd" hidden>
密码:<input type="password" name="password1" autocomplete="new-password"><br>
校验:<input type="password" name="password2" autocomplete="new-password"><br>
<input type="submit" value="修改">
</form>
<hr>
<h2>控制面板</h2>
<a href="board.html" target="_Blank">点击进入</a>
</body>