Skip to content

Commit

Permalink
safe login
Browse files Browse the repository at this point in the history 
Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
  • Loading branch information
@MHSanaei @alireza0
MHSanaei and alireza0 committed Jul 14, 2024
1 parent dfe0bbd commit de98526
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions web/controller/index.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package controller

import (
"net/http"
"text/template"
"time"

"x-ui/logger"
Expand Down Expand Up @@ -64,14 +65,17 @@ func (a *IndexController) login(c *gin.Context) {

user := a.userService.CheckUser(form.Username, form.Password, form.LoginSecret)
timeStr := time.Now().Format("2006-01-02 15:04:05")
safeUser := template.HTMLEscapeString(form.Username)
safePass := template.HTMLEscapeString(form.Password)
safeSecret := template.HTMLEscapeString(form.LoginSecret)
if user == nil {
logger.Warningf("wrong username or password or secret: \"%s\" \"%s\" \"%s\"", form.Username, form.Password, form.LoginSecret)
a.tgbot.UserLoginNotify(form.Username, form.Password, getRemoteIp(c), timeStr, 0)
logger.Warningf("wrong username or password or secret: \"%s\" \"%s\" \"%s\"", safeUser, safePass, safeSecret)
a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
return
} else {
logger.Infof("%s logged in successfully, Ip Address: %s\n", form.Username, getRemoteIp(c))
a.tgbot.UserLoginNotify(form.Username, ``, getRemoteIp(c), timeStr, 1)
logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
}

sessionMaxAge, err := a.settingService.GetSessionMaxAge()
Expand Down

0 comments on commit de98526

Please sign in to comment.