Force other sessions to log in again when modifying the username or password

083ce57d · jose · 161499b9 · 083ce57d · 083ce57d · 083ce57d
Commit 083ce57d authored Jul 11, 2019 by jose
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 1 deletion

public.js BTPanel/static/js/public.js +22 -1

layout.html BTPanel/templates/default/layout.html +1 -0

userlogin.py class/userlogin.py +13 -0

No files found.
--- a/BTPanel/static/js/public.js
+++ b/BTPanel/static/js/public.js
@@ -5,6 +5,23 @@ $(document).ready(function() {
 	});
 });

+var my_headers = {};
+var request_token_ele = document.getElementById("request_token_head");
+if (request_token_ele) {
+    var request_token = request_token_ele.getAttribute('token');
+    if (request_token) {
+        my_headers['x-http-token'] = request_token
+    }
+}
+request_token_cookie = getCookie('request_token');
+if (request_token_cookie) {
+    my_headers['x-cookie-token'] = request_token_cookie
+}
+
+if (my_headers) {
+    $.ajaxSetup({ headers: my_headers });
+}
+
 function RandomStrPwd(b) {
 	b = b || 32;
 	var c = "AaBbCcDdEeFfGHhiJjKkLMmNnPpRSrTsWtXwYxZyz2345678";
@@ -921,7 +938,11 @@ function GetTaskList(a) {
 }

 function GetTaskCount() {
-	$.post("/ajax?action=GetTaskCount", "", function(a) {
+    $.post("/ajax?action=GetTaskCount", "", function (a) {
+        if (a.status === false) {
+            window.location.href = '/login?dologin=True';
+            return;
+        }
 		$(".task").text(a)
 	})
 }

--- a/BTPanel/templates/default/layout.html
+++ b/BTPanel/templates/default/layout.html
@@ -34,6 +34,7 @@
 <body>
    <div class="bt-warp bge6">
        <div class="top-tips">{{session['top_tips']}}</div>
+        <a style="display:none;" id="request_token_head" token="{{session['request_token_head']}}"></a>
        <div id="container" class="container-fluid {% if 'tmp_login' in session %}group-control{% endif %}">
            <div class="sidebar-scroll{% if 'tmp_login' in session %}-panel{% endif %}">
                <div class="sidebar-auto">

--- a/class/userlogin.py
+++ b/class/userlogin.py
@@ -45,6 +45,8 @@ class userlogin:
            cache.delete('dologin')
            sess_input_path = 'data/session_last.pl'
            public.writeFile(sess_input_path,str(int(time.time())))
+            self.set_request_token()
+            self.login_token()
            return public.returnJson(True,'LOGIN_SUCCESS'),json_header
        except Exception as ex:
            stringEx = str(ex)
@@ -78,10 +80,17 @@ class userlogin:
            del(data['tmp_token'])
            del(data['tmp_time'])
            public.writeFile(save_path,json.dumps(data))
+            self.set_request_token()
+            self.login_token()
            return redirect('/')
        except:
            return public.returnJson(False,'Login failed,' + public.get_error_info()),json_header

+
+    def login_token(self):
+        import config
+        config.config().reload_session()
+
    def request_get(self,get):
        #if os.path.exists('/www/server/panel/install.pl'): raise redirect('/install');
        if not 'title' in session: session['title'] = public.getMsg('NAME');
@@ -115,6 +124,10 @@ class userlogin:
            session['code'] = False
        self.error_num(False)

+    #生成request_token
+    def set_request_token(self):
+        session['request_token_head'] = public.GetRandomString(48)
+
    #防暴破
    def error_num(self,s = True):
        nKey = 'panelNum'