V2.8.1

修复几处bug
2021-05-18 00:31:24 +08:00
parent 78efeef490
commit 5fbc2bbe6e
16 changed files with 73 additions and 38 deletions
--- a/controllers/common.go
+++ b/controllers/common.go
@@ -67,8 +67,7 @@ func (self *BaseController) Auth() {
 		if userId > 0 {
 			user, err := models.AdminGetById(userId)

-			//if err == nil && password == libs.Md5([]byte(self.getClientIp()+"|"+user.Password+user.Salt)) {
-			if err == nil && password == libs.Md5([]byte(user.Password+user.Salt)){
+			if err == nil && password == libs.Md5([]byte(self.getClientIp()+"|"+user.Password+user.Salt)) {
 				self.userId = user.Id
 				self.loginName = user.LoginName
 				self.userName = user.RealName
@@ -78,7 +77,7 @@ func (self *BaseController) Auth() {
 			}

 			isHasAuth := strings.Contains(self.allowUrl, self.controllerName+"/"+self.actionName)
-			noAuth := "ajaxsave/table/loginin/loginout/getnodes/start／apitask/apistart/apipause"
+			noAuth := "ajaxsave/table/loginin/loginout/getnodes/start/apitask/apistart/apipause"
 			isNoAuth := strings.Contains(noAuth, self.actionName)

 			if isHasAuth == false && isNoAuth == false {
--- a/controllers/login.go
+++ b/controllers/login.go
@@ -50,7 +50,7 @@ func (self *LoginController) LoginIn() {
 				user.LastIp = self.getClientIp()
 				user.LastLogin = time.Now().Unix()
 				user.Update()
-				authkey := libs.Md5([]byte(user.Password + user.Salt))
+				authkey := libs.Md5([]byte(self.getClientIp() + "|" + user.Password + user.Salt))
 				self.Ctx.SetCookie("auth", strconv.Itoa(user.Id)+"|"+authkey, 7*86400)

 				self.ajaxMsg("登录成功", MSG_OK)