管理员登录新增验证码

api/admin.php

@@ -1,9 +1,17 @@
 <?php
 header('content-type:application/json');
+session_start();
 include('../config.php');
 include('../includes/function.php');
 switch ($_POST['mode']) {
     case "login":
+        $timestamp = $_POST['timestamp'];
+        if ($_SESSION['vcode'] != md5($_POST['vcode'] . $VERIFICATION_KEY) && $IMAGE_VERIFICATION) {
+            exit('{"code":-1,"msg":"抱歉，人机验证失败","result":""}');
+        }
+        if ($timestamp - time() > 60 || time() - $timestamp > 60) {
+            exit('{"code":-2,"msg":"请求失败！请检查您的系统时间！"}');
+        }
         if ($_POST['username'] == $ADMIN_USER && $_POST['password'] == $ADMIN_PASS) {
             setcookie("loveway_token", md5($ADMIN_USER . $ADMIN_PASS . 'KAGAMINE WORLD!' . date('Y-m-d', time())), time() + 3600, '/');
             exit('{"code":1,"msg":"success"}');

pages/login.php

@@ -28,59 +28,34 @@ if ($templateMode) {
         </div>
 
         <div class="mdui-card-actions">
-            <button onclick="submit();" style="border-radius: 8px" id='submitbtn' class="mdui-btn mdui-ripple mdui-btn-dense mdui-color-theme-accent mdui-float-right">立即登录</button>
+            <button onclick="submit()" style="border-radius: 8px" id='login-BTN' class="mdui-btn mdui-ripple mdui-btn-dense mdui-color-theme-accent mdui-float-right">立即登录</button>
         </div>
 
     </div>
 </div>
 <script>
     function submit() {
-        $("#submitbtn").attr("disabled", true);
-        setTimeout(function() {
-            $("#submitbtn").attr("disabled", false);
-        }, 200000);
-        var username = $("#username").val();
-        var password = $("#password").val();
-        $.ajax({
-            type: 'post',
-            url: '/api/admin.php',
-            data: {
-                mode: "login",
-                username: username,
-                password: password
-            },
-            dataType: 'text',
-            success: function(data) {
-                console.log(data)
-                data = JSON.parse(data);
-                if (data.code == 1) {
-                    mdui.snackbar({
-                        message: '登录成功！',
-                        position: 'right-top'
-                    });
-                    $.pjax.reload({
-                        container: "#pjax-container"
-                    })
-                } else {
-                    mdui.snackbar({
-                        message: data.msg,
-                        position: 'right-top'
-                    });
-                }
-                $("#username").val("");
-                $("#password").val("");
-                $("#submitbtn").attr("disabled", false);
-            },
-            error: function(data) {
-                $("#submitbtn").attr("disabled", false);
-                var errors = data.responseJSON;
-                $.each(errors.errors, function(key, value) {
-                    mdui.snackbar({
-                        message: "出现了一个未知错误",
-                        position: 'right-top'
-                    });
-                });
-            },
-        });
+        if (<?php if ($IMAGE_VERIFICATION) echo 'true';
+            else echo 'false'; ?>) {
+            imageVerification(function(answer) {
+                login(answer)
+            })
+        } else {
+            login('0000');
+        }
+    }
+
+    function login(vcode) {
+        var timestamp = this.timestamp = Date.parse(new Date()) / 1000;
+        requestApi("admin", {
+            mode: "login",
+            username: $("#username").val(),
+            password: $("#password").val(),
+            vcode: vcode,
+            timestamp: timestamp
+        }, function(){
+            $("#username").val("")
+            $("#password").val("")
+        }, true, true, "login-BTN")
     }
 </script>