|
@@ -2,6 +2,7 @@ package controller
|
|
|
|
|
|
import (
|
|
|
"net/http"
|
|
|
+ "text/template"
|
|
|
"time"
|
|
|
|
|
|
"x-ui/logger"
|
|
@@ -64,14 +65,17 @@ func (a *IndexController) login(c *gin.Context) {
|
|
|
|
|
|
user := a.userService.CheckUser(form.Username, form.Password, form.LoginSecret)
|
|
|
timeStr := time.Now().Format("2006-01-02 15:04:05")
|
|
|
+ safeUser := template.HTMLEscapeString(form.Username)
|
|
|
+ safePass := template.HTMLEscapeString(form.Password)
|
|
|
+ safeSecret := template.HTMLEscapeString(form.LoginSecret)
|
|
|
if user == nil {
|
|
|
- logger.Warningf("wrong username or password or secret: \"%s\" \"%s\" \"%s\"", form.Username, form.Password, form.LoginSecret)
|
|
|
- a.tgbot.UserLoginNotify(form.Username, form.Password, getRemoteIp(c), timeStr, 0)
|
|
|
+ logger.Warningf("wrong username or password or secret: \"%s\" \"%s\" \"%s\"", safeUser, safePass, safeSecret)
|
|
|
+ a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
|
|
|
pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
|
|
|
return
|
|
|
} else {
|
|
|
- logger.Infof("%s logged in successfully, Ip Address: %s\n", form.Username, getRemoteIp(c))
|
|
|
- a.tgbot.UserLoginNotify(form.Username, ``, getRemoteIp(c), timeStr, 1)
|
|
|
+ logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
|
|
|
+ a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
|
|
|
}
|
|
|
|
|
|
sessionMaxAge, err := a.settingService.GetSessionMaxAge()
|