From 2dc038f0f8e91c946f3e37f33341c7a1724154c4 Mon Sep 17 00:00:00 2001
From: icret <thetopuser@gmail.com>
Date: Sat, 4 Mar 2023 14:45:03 +0800
Subject: [PATCH] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=A0=81=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 admin/index.php | 46 ++++++++++++++++++++++++++--------------------
 docs/update.md  |  6 ++++--
 2 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/admin/index.php b/admin/index.php
index 5128c95..1c8d3ee 100755
--- a/admin/index.php
+++ b/admin/index.php
@@ -5,8 +5,6 @@
 require_once __DIR__ . '/../application/function.php';
 require_once APP_ROOT . '/application/header.php';
 require_once APP_ROOT . '/config/config.guest.php';
-// 验证登录
-header("Content-Type: text/html;charset=utf-8");
 
 // 退出
 if (isset($_GET['login'])) {
@@ -41,27 +39,35 @@ if (isset($_GET['login'])) {
     exit(require_once APP_ROOT . '/application/footer.php');
 }
 
-// 验证码
-if ($config['captcha']) {
-    if (isset($_REQUEST['code'])) {
-        session_start();
-        if (strtolower($_REQUEST['code']) !== $_SESSION['code']) {
-            echo '
-            <script>
-                new $.zui.Messager("验证码错误!", {type: "danger" // 定义颜色主题 
-                }).show();
-                // 延时2s跳转
-				window.setTimeout("window.location=\'./index.php\'",2000);
-            </script>';
-
-            exit(require_once APP_ROOT . '/application/footer.php');
-        }
-    }
-}
-
 // 提交登录
 if (isset($_POST['password']) and isset($_POST['user'])) {
 
+    // 验证码
+    if ($config['captcha']) {
+        if (empty($_REQUEST['code'])) {
+            echo '
+            <script>
+                new $.zui.Messager("请填写验证码!", {type: "danger" // 定义颜色主题 
+                }).show();
+                // 延时2s跳转
+                window.setTimeout("window.location=\'./index.php\'",2000);
+            </script>';
+            exit(require_once APP_ROOT . '/application/footer.php');
+        } else {
+            session_start();
+            if (strtolower($_REQUEST['code']) !== $_SESSION['code']) {
+                echo '
+                <script>
+                    new $.zui.Messager("验证码错误!", {type: "danger" // 定义颜色主题 
+                    }).show();
+                    // 延时2s跳转
+				    window.setTimeout("window.location=\'./index.php\'",2000);
+                </script>';
+                exit(require_once APP_ROOT . '/application/footer.php');
+            }
+        }
+    }
+
     $login = _login($_POST['user'], $_POST['password']);
     $login = json_decode($login, true);
 
diff --git a/docs/update.md b/docs/update.md
index 77f0975..30d99c3 100644
--- a/docs/update.md
+++ b/docs/update.md
@@ -1,11 +1,13 @@
 * 2023-03-04 v2.7.6 dev
 - 增加删除文件时限定目录
-- 增加对SVG文件格式过滤 致谢：[xulei1112](https://github.com/xulei1112)
-- 修复弱类型验证导致的异常登录 致谢：[xulei1112](https://github.com/xulei1112)
+- 增加对SVG文件格式过滤
+- 修复弱类型验证导致的异常登录
+- 修复开启验证码后登录绕过 
 - 更换加密删除链接算法 - 链接更短
 - 更换存储密码算法为SHA256
 - 默认不支持SVG文件上传
 - 完全兼容 PHP5.6-8.0
+- 本次漏洞修复和代码增强感谢 [xulei1112](https://github.com/xulei1112)
 
 * 2023-02-24 v2.7.5
 - 增加定时删除文件