|
|
@@ -450,8 +450,12 @@ class LoginController extends AbstractController
|
|
|
{
|
|
|
// 获取请求数据并设置默认值
|
|
|
$reqData = $this->request->all();
|
|
|
+
|
|
|
+ // 安全过滤 Admin-Token 和 ticket
|
|
|
+ $cookieList = $this->request->getCookieParams();
|
|
|
// 安全过滤 Admin-Token 和 ticket
|
|
|
- $adminToken = !empty($_COOKIE['Admin-Token']) ? $this->sanitizeInput($_COOKIE['Admin-Token']) : '';
|
|
|
+ $adminToken = !empty($cookieList['Admin-Token']) ? $this->sanitizeInput($cookieList['Admin-Token']) : '';
|
|
|
+
|
|
|
$ticket = !empty($reqData['ticket']) ? $this->sanitizeInput($reqData['ticket']) : '';
|
|
|
$backurl = $this->sanitizeBackUrl($reqData['backurl'] ?? $_SERVER['HTTP_REFERER'] ?? '');
|
|
|
|
|
|
@@ -460,36 +464,28 @@ class LoginController extends AbstractController
|
|
|
if (empty($theHost)) {
|
|
|
return Result::error('系统配置错误:THE_HOST 未定义');
|
|
|
}
|
|
|
-
|
|
|
// 如果存在 adminToken,则进行登录校验
|
|
|
if (!empty($adminToken)) {
|
|
|
- try {
|
|
|
- $redis = $this->container->get(\Hyperf\Redis\Redis::class);
|
|
|
-
|
|
|
- // 如果 ticket 存在且有效,则直接跳转
|
|
|
+ // 处理登录
|
|
|
+ $redis = $this->container->get(\Hyperf\Redis\Redis::class);
|
|
|
+ if(!empty($ticket)){
|
|
|
if (!empty($ticket) && $redis->exists('ticket:' . $ticket)) {
|
|
|
- $this->redirectWithTicket($backurl, $ticket, $adminToken);
|
|
|
- // return;
|
|
|
+
|
|
|
+ $backurl = rtrim($backurl, '/');
|
|
|
+ return $this->response->redirect($this->fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken)), 302);
|
|
|
+
|
|
|
+ }else{
|
|
|
+ return $this->response->redirect($this-> fun_http('http://'.$theHost.'/#/login?backurl='.urlencode($backurl)), 302);
|
|
|
}
|
|
|
-
|
|
|
- // 如果 ticket 不存在或无效,则重新生成 ticket 并跳转
|
|
|
- if (empty($ticket)) {
|
|
|
- $ticket = md5($adminToken);
|
|
|
- }
|
|
|
-
|
|
|
- // 跳转到目标页面
|
|
|
- $this->redirectWithTicket($backurl, $ticket, $adminToken);
|
|
|
- // return;
|
|
|
- } catch (\Throwable $e) {
|
|
|
- // 记录异常日志
|
|
|
-// \Hyperf\Logger\LoggerFactory::get('default')->error('Redis 操作失败: ' . $e->getMessage());
|
|
|
- // 捕获 Redis 异常,返回错误信息
|
|
|
- return Result::error('系统错误:Redis 操作失败');
|
|
|
+
|
|
|
+ }else{
|
|
|
+ $ticket = md5($adminToken);
|
|
|
}
|
|
|
+ return $this->response->redirect(fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken)), 302);
|
|
|
+
|
|
|
+ }else{
|
|
|
+ return $this->response->redirect(fun_http('http://'.$theHost.'/#/login?backurl='.urlencode($backurl)), 302);
|
|
|
}
|
|
|
- // 如果没有 adminToken,则跳转到登录页面
|
|
|
- $loginUrl = 'http://' . $theHost . '/#/login?backurl=' . urlencode($backurl);
|
|
|
- return $this->response->redirect($loginUrl, 302);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -524,6 +520,9 @@ class LoginController extends AbstractController
|
|
|
{
|
|
|
$backurl = rtrim($backurl, '/');
|
|
|
$redirectUrl = $this->fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken));
|
|
|
+
|
|
|
+// $loginUrl = 'http://' . $theHost . '/#/login?backurl=' . urlencode($backurl);
|
|
|
+// return $this->response->redirect($loginUrl, 302);
|
|
|
return $this->response->redirect($redirectUrl, 302);
|
|
|
}
|
|
|
|
rkljw