Version 3.0.0

1. 完成js模板，我的js模块，可以直接添加修改用于xss的js 2. 采用ace编辑器实现js代码高亮与错误检测 3. 使用js_beautify实现js代码格式化，使用jsmin实现js代码压缩 4. 整合xss'or工具部分功能，自由编码，方便生成最终的payload 5. 增加加密方式RC4，更改默认加密方式为RC4 6. 从旧版本升级并想保留记录的请务必查看Readme里的升级步骤 7. 修复一系列bug
2016-01-24 01:07:17 +08:00
parent f5ab50bb89
commit 264460650b
73 changed files with 6487 additions and 1177 deletions
--- a/login.php
+++ b/login.php
@@ -21,7 +21,7 @@ if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
 //判断ip是否在封禁列表中
 $forbiddenIPList=loadForbiddenIPList();
 $ip=$_SERVER['REMOTE_ADDR'];
-if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<3)
+if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5)
 {
 	if(isset($_POST['password']) && $_POST['password']!="")
 	{
@@ -54,9 +54,13 @@ function loadForbiddenIPList()
 {
 	$logfile = DATA_PATH . '/forbiddenIPList.dat';
 	!file_exists( $logfile ) && @touch( $logfile );
-	$str = file_get_contents( $logfile );
-	if(ENABLE_ENCRYPT)	
-		$str =decrypt($str,ENCRYPT_PASS);
+	$str = @file_get_contents( $logfile );
+	if($str===false)
+		return array();
+	
+	$str =decrypt($str);
+	
+	
 	if($str!='')
 	{
 		$result=json_decode($str,true);
@@ -74,8 +78,7 @@ function saveForbiddenIPList($forbiddenIPList)
 	$logfile = DATA_PATH . '/forbiddenIPList.dat';
 	!file_exists( $logfile ) && @touch( $logfile );
 	$str=json_encode($forbiddenIPList);
-	if(ENABLE_ENCRYPT)	
-		$str = encrypt($str,ENCRYPT_PASS);
+	$str = encrypt($str);
 	@file_put_contents($logfile, $str);
 }

@@ -132,10 +135,12 @@ function generate_password( $length = 32 ) {
                <form action="" method="post">
                    <input type="password" placeholder="password" id="password" name="password" required="required">
 					<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> />
-                    <button type="submit" id="submit">
+                    
+					<button type="submit" id="submit" disabled="disabled">
                        <i class="fa fa-arrow-right">
                        </i>
                    </button>
+					
                </form>
                <div id="note">
                    <a href="#">