方法1:
微擎微贊都一樣,使用前確認幾個JS文件都有,沒有的話直接下載然后從服務器添加到對應位置
放在站點跟目錄,直接訪問,輸入訪問密碼admin后即可重置密碼,重置完成刪除文件
<?php //定義你的訪問密碼后上傳 $auth = 'admin'; define('IN_SYS', true); require './framework/bootstrap.inc.php'; load()->web('template'); load()->web('common'); load()->model('user'); if($_W['ispost'] && $_GPC['auth'] == $auth && $auth != '') { $isok = true; $username = trim($_GPC['username']); $password = $_GPC['password']; if(!empty($username) && !empty($password)) { $member = user_single(array('username'=>$username)); if(empty($member)) { message('輸入的用戶名不存在.'); } $hash = user_hash($password, $member['salt']); $r = array(); $r['password'] = $hash; pdo_update('users', $r, array('uid'=>$member['uid'])); exit('<script>alert("密碼修改成功, 請重新登陸, 並盡快刪除本文件, 避免密碼泄露隱患.");location.href = "./"</script>'); } } ?> <!DOCTYPE html> <html lang="zh-cn"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="shortcut icon" href="./resource/favicon.png"> <title>密碼重置工具 FOR 0.6 - 微擎 - 公眾平台自助引擎</title> <link href="./web/resource/css/bootstrap.min.css" rel="stylesheet"> <link href="./web/resource/css/font-awesome.min.css" rel="stylesheet"> <link href="./web/resource/css/common.css" rel="stylesheet"> <script src="./web/resource/js/require.js"></script> <script src="./web/resource/js/jquery.min.js"></script> <script src="./web/resource/js/app/config.js"></script> </head> <body> <div class="main"> <form class="form-horizontal form" action="" method="post" enctype="multipart/form-data" onSubmit="return formcheck(this)"> <div class="panel panel-default" style="margin:10px;"> <div class="panel-heading"> 重置密碼 <span class="text-muted">如果你的管理密碼意外遺失, 請使用此工具重置密碼, 重置成功后請盡快將此文件從服務器刪除, 避免造成安全隱患<a href="https://www.cnblogs.com/xuanjiange">[我的博客]</a></span> </div> <div class="panel-body"> <?php if($isok) {?> <div class="form-group"> <label class="col-xs-12 col-sm-3 col-md-2 col-lg-2 control-label">用戶名:</label> <div class="col-sm-9"> <input name="auth" type="hidden" value="<?php echo $auth;?>" /> <input name="username" type="text" class="form-control" placeholder="請輸入你要重置密碼的用戶名"> </div> </div> <div class="form-group"> <label class="col-xs-12 col-sm-3 col-md-2 col-lg-2 control-label">新的登錄密碼:</label> <div class="col-sm-9"> <input name="password" type="password" class="form-control" placeholder=""> </div> </div> <?php } else {?> <div class="form-group"> <label class="col-xs-12 col-sm-3 col-md-2 col-lg-2 control-label">請輸入訪問密碼</label> <div class="col-sm-9"> <input name="auth" type="password" class="form-control" placeholder=""> </div> </div> <?php }?> <div class="form-group"> <label class="col-xs-12 col-sm-3 col-md-2 col-lg-2 control-label"></label> <div class="col-sm-9"> <button type="submit" class="btn btn-primary btn-block" name="submit" value="提交">提交</button> <input type="hidden" name="token" value="{$_W['token']}" /> </div> </div> </div> </div> </form> </div> </body> </html>
方法2:
\framework\model\user.mod.php
$password = user_hash($user['password'], $record['salt']);(搜索這句,在下面返回) return $password;
v2.5 line219左右
v1.8 line190左右
v1.5 line165左右
\web\source\user\login.ctrl.php
$record = user_single($member);(搜索這句,在下面返回)
iajax(-1, $record);
v2.5 line76左右
v1.8 line57左右
v1.5 line43左右
之后再登陸頁輸入任意密碼,將返回的字符串填入ims_users的password中,再次點擊登錄即可