diff --git a/admin/head.php b/admin/head.php index a3583e3..2822603 100644 --- a/admin/head.php +++ b/admin/head.php @@ -1,6 +1,6 @@ window.location.href='./login.php';"); +if(isset($islogin)==1){}else exit(""); $update = update(); //检查更新 ?> diff --git a/admin/login.php b/admin/login.php index bd6260c..68cc0d5 100644 --- a/admin/login.php +++ b/admin/login.php @@ -4,7 +4,7 @@ if(isset($_POST['user']) && isset($_POST['pass'])){ $user=daddslashes($_POST['user']); $pass=daddslashes($_POST['pass']); if($user==$conf['admin_user'] && $pass==$conf['admin_pwd']) { - $session=md5($user.$pass.$password_hash); + $session=md5($user.$pass); $token=authcode("{$user}\t{$session}", 'ENCODE', SYS_KEY); setcookie("admin_token", $token, time() + 604800); @header('Content-Type: text/html; charset=UTF-8'); @@ -17,7 +17,7 @@ if(isset($_POST['user']) && isset($_POST['pass'])){ setcookie("admin_token", "", time() - 604800); @header('Content-Type: text/html; charset=UTF-8'); exit(""); -}elseif($islogin==1){ +}elseif(isset($islogin)==1){ exit(""); } ?>