@@ -35,7 +35,7 @@ function current_user() {
3535 if ($ userCheckedfalse ) {
3636 $ wxdbupdate ('admin_user ' , array ('lastActivity ' => date ('c ' )), array ('userName ' => $ user'userName ' ]));
3737
38- $ sql$ wxdbprepare ("select count(*) from `security_log` where `userName` = '%s' and `opName` = '%s' and `timestamp` > timestamp(DATE_SUB(NOW(), INTERVAL 20 MINUTE)) " , $ user'userName ' ], 'User.startSession ' );
38+ $ sql$ wxdbprepare ("select count(*) from `security_log` where `userName` = '%s' and `opName` = '%s' and `timestamp` > timestamp(DATE_SUB(NOW(), INTERVAL 60 MINUTE)) " , $ user'userName ' ], 'User.startSession ' );
3939 $ count$ wxdbget_var ($ sql
4040 if ($ count0 ) {
4141 $ wxdbinsert ('security_log ' , array (
@@ -71,6 +71,10 @@ function current_user_name() {
7171}
7272
7373function current_user_can_manage ($ page
74+ global $ public_pages
75+ if (in_array ($ page$ public_pages
76+ return true ;
77+
7478 $ usercurrent_user ();
7579 if ($ user'isSuperAdmin ' ] == 1 )
7680 return true ;
@@ -142,6 +146,51 @@ function register($username, $password) {
142146 return false != $ success
143147}
144148
149+ function changePassword ($ username$ password
150+ global $ wxdb/* @var $wxdb wxdb */
151+ $ success$ wxdbupdate ('admin_user ' , array (
152+ 'hashedPassword ' => sha1 ($ password
153+ ), array (
154+ 'userName ' => $ username
155+ ));
156+
157+ return false !== $ success
158+ }
159+
160+ function passwordDisallowed ($ password
161+ // disallow passwords that only contain 1 kind of character
162+ $ platitudetrue ;
163+ for ($ i1 ; $ istrlen ($ password$ i
164+ if ($ password$ i$ password0 ])
165+ $ platitudefalse ;
166+ }
167+ if ($ platitude
168+ return true ;
169+
170+ // disallow certain patterns
171+ $ disallowListarray (
172+ "123456 " , "password " , "qwerty "
173+ );
174+ foreach ($ disallowListas $ test
175+ if ($ test$ password
176+ return true ;
177+
178+ return false ;
179+ }
180+
181+ function validatePassword ($ password
182+ if (strlen ($ password6 || strlen ($ password20 )
183+ return 4 ; // 密码长度必须在6~20位之间
184+
185+ if (preg_match ("/[^A-Za-z0-9!@\# \$\%\^\&\*\_\-\+\=\(\)\[\]\{\}\<\>\| \\\?\,\.\;\:\' \"\/\~\`]/ " , $ password
186+ return 5 ; // 密码包含非法字符
187+
188+ if (passwordDisallowed ($ password
189+ return 6 ; // 该密码已被系统禁止使用
190+
191+ return 0 ;
192+ }
193+
145194// Pages and Items
146195
147196function has_settings_page ($ module
@@ -164,13 +213,17 @@ function include_settings($page_or_module_name) {
164213 require_once ABSPATH . 'modules/ ' . $ page_or_module_name'/settings.php ' ;
165214}
166215
216+ function include_welcome_page () {
217+ require_once ABSPATH . 'admin/includes/welcome.php ' ;
218+ }
219+
167220function list_global_setting_items () {
168221 global $ global_options
169222 global $ global_option_icons
170223 foreach ($ global_optionsas $ slug_name$ display_name
171224 if (current_user_can_manage ($ slug_name
172225 $ icon_name$ global_option_icons$ slug_name
173- $ class$ _GET 'page ' ] == $ slug_name'current ' : '' ;
226+ $ class@ $ _GET 'page ' ] == $ slug_name'current ' : '' ;
174227 $ template'<li class="module-navigation-item %s"><a href="%s"><i class="fa fa-lg fa-fw fa-%s"></i> %s</a></li> ' ;
175228 echo sprintf ($ template$ classROOT_URL . 'admin/index.php?page= ' . $ slug_name$ icon_name$ display_name
176229 }
@@ -182,13 +235,14 @@ function list_module_setting_items() {
182235 foreach ($ modulesas $ module
183236 if (has_settings_page ($ modulecurrent_user_can_manage (get_class ($ module
184237 /* @var $module BaseModule */
185- $ class$ _GET 'page ' ] == get_class ($ module'current ' : '' ;
238+ $ class@ $ _GET 'page ' ] == get_class ($ module'current ' : '' ;
186239 $ template'<li class="module-navigation-item %s"><a href="%s">%s</a></li> ' ;
187240 echo sprintf ($ template$ classROOT_URL . 'admin/index.php?page= ' . get_class ($ module$ moduledisplay_name ());
188241 }
189242 }
190243}
191244
245+
192246// Misc.
193247
194248function redirect ($ location$ status302 ) {
0 commit comments