From 79a83f768af32f0e85b5422fa7024c32758a840a Mon Sep 17 00:00:00 2001
From: LyLme <admin@lylme.com>
Date: Mon, 23 May 2022 13:04:15 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=20=E5=8A=A0=E5=AF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 include/go.php | 9 +++++----
 index.php      | 7 ++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/include/go.php b/include/go.php
index 105c81e..ed2aad6 100644
--- a/include/go.php
+++ b/include/go.php
@@ -10,10 +10,11 @@ if($_POST['exit']=='exit'){
 }
 if($_SESSION['pass'] != 1){
     //未登录
-    if(!empty($_POST['pass'])){
+	$pass = daddslashes($_POST['pass']);
+    if(!empty()){
         //用户提交登录
         $show = array();
-        $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$_POST['pass']."';"); 
+        $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$pass."';"); 
     	while ($pwd = $DB->fetch($pwds)) {
     	    array_push($show,$pwd[pwd_id]);
     	}
@@ -30,9 +31,9 @@ if($_SESSION['pass'] != 1){
 }
 else {
     //已登录
-    if(!empty($_POST['pass'])){
+    if(!empty($pass)){
         $show = array();
-        $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$_POST['pass']."';"); 
+        $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$pass."';"); 
     	while ($pwd = $DB->fetch($pwds)) {
     	    array_push($show,$pwd['pwd_id']);
     	}
diff --git a/index.php b/index.php
index 96d7d74..d6c9f79 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,9 @@
 <?php
 @header('Content-Type: text/html; charset=UTF-8');
 if (!file_exists('install/install.lock'))
-exit('<title>六零导航页 - 安装程序</title>您还未安装，点击<a href="install"><font color="blue">这里</font></a>开始安装！');
+exit('<title>安装程序</title>您还未安装，点击<a href="install"><font color="blue">这里</font></a>开始安装！');
 include "./include/common.php";
-session_start();
+session_start(); //设置session
+$_SESSION['list'] = isset($_SESSION['list'])?$_SESSION['list']:array();
 include $template;
-?>
+?>
\ No newline at end of file