Javascript Web FTP门户登录
我有一个web ftp门户,它是几年前由一个不再存在的开发人员创建的。该网站的代码是在Node.js中编写的。app.js的内部是以下代码:Javascript Web FTP门户登录,javascript,node.js,ftp,Javascript,Node.js,Ftp,我有一个web ftp门户,它是几年前由一个不再存在的开发人员创建的。该网站的代码是在Node.js中编写的。app.js的内部是以下代码: var validUsers = [{ name:'x', user:'907c78ef73998eafc2680e5fdd4798a8eef0881a', pass:'95489cf3039eb2f5938e3daa954d04276bbf90e7', dir:'' },{ name:'y', us
var validUsers = [{
name:'x',
user:'907c78ef73998eafc2680e5fdd4798a8eef0881a',
pass:'95489cf3039eb2f5938e3daa954d04276bbf90e7',
dir:''
},{
name:'y',
user:'b26e5ebda152e81099ec78be2f9c191ee25e1cd6',
pass:'e3725873ae302e3f12eb97b02feb7457de9706c2',
dir:'y'
},{
name:'y2',
user:'3182b54d9f4d08641b5a9a0fb33f74df5d76b222',
pass:'916b2e1941c9e23610f8bd3462cdb19f55b5c631',
dir:'y2'
},{
name:'y3',
user:'38aa53de31c04bcfae9163cc23b7963ed9cf90f7',
pass:'7a98cf84c2c61a30f6c4e3984c0cad2eb29f5d6f',
dir:'y3'
},{
name:'y4',
user:'51e822c50cc62cdbdb850a439ea75b6d45ac487b',
pass:'da6a77293ddcdc7047dd461a94c88c8377753265',
dir:'y4'
},{
name:'y5',
user:'14ad0aca26e00f615990946181ee3405c6ede0f1',
pass:'4eb4e0e1ea0f04422b5bc6031ee37c8dc971236d',
dir:'y5'
},{
name:'y6',
user:'4ec9bdb28c5da0f9813e9eed55a0f1dc6217a305',
pass:'e72bd0bbd37423bb0c9b9edfb9ce94446161c511',
dir:'y6'
},{
name:'y7',
user:'f4603bd4ae9e4aa2a11d903d0b178b37a57b1bac',
pass:'8a6a67f235738c4b2e4f88d4608bdcf0bbc49f51',
dir:'y7'
},{
name:'Guest',
user:'35675e68f4b5af7b995d9205ad0fc43842f16450',
pass:'370bb444ef91a3999b1c36af97e166f18848e7b7',
dir:'Guest'
},{
name:'y8',
user:'d8f51fbf5e13e9f2637a8d5c4bd1ab251bd61c30',
pass:'1a047e6dd554ffdd67524916820a8fa23acd2c6e',
dir:'y8'
}];
x和y1-8是实际客户端名称和相应目录的替换。示例为“来宾”名称和目录。我的问题是,user和pass是来自crypto的散列值。但它们会产生特定的用户名和密码。如果我想重置用户名或密码,或添加另一个。如何根据要添加的用户名/密码字符串计算出要添加到代码中的相应哈希值
任何意见都会很有帮助
编辑:
FTP代码的其余部分:
app.get('/ftp/', function(req, res){
var pageName = 'File Transfer Portal';
var rNav = '',
sNav = '',
cNav = '',
imNav = '',
title = 'companyNameOmitted: '+pageName,
bodyClass = 'top ftp',
keywords = 'keywordsOmitted',
description = 'descriptionOmiited',
url = '/ftp/';
res.render('ftp', {
title: title,
bodyClass: bodyClass,
keywords: keywords,
description: description,
url: siteRoot+url,
pageEmail: 'mailto:?subject='+escape(title)+'&body='+escape(description)+'%0A'+siteRoot+url,
eUrl:escape(siteRoot+url),
eTitle:escape(title),
eDescription:escape(description),
rNav:rNav,
sNav:sNav,
cNav:cNav,
imNav:imNav});
//console.log(uniqId()+':'+pageName);
});
app.post('/ftp/upload', function(req, res){
//console.log(req.files);
var SID = req.cookies.SID;
var sessionUser = (users[SID]) ? users[SID] : false;
if (!!sessionUser){
_.each(req.files,function (file) {
console.log(new Date(curTime()).toGMTString()+' | Recieved '+file.name+' ('+file.size+' bytes) from '+sessionUser.name);
var newPath = __dirname + '/complete/'+_.where(validUsers,{user:sessionUser.user})[0].dir+'/'+file.name;
fs.rename(file.path,newPath,function(err) {
if (err) throw err;
else {
res.redirect('back');
if (sessionUser.name != 'adminOmitted') {
var htmlString = '<b>'+sessionUser.name+'</b> has uploaded a file <b>'+file.name+'</b>.<br /><br />View it on the <a href="https://url/ftp/">File Transfer Portal</a>.';
var transport = nodemailer.createTransport("SMTP",{
host: "hostname.com", // hostname
secureConnection: true, // use SSL
port: 465, // port for secure SMTP
auth: {
user: "user@host.com",
pass: "pass"
}
});
transport.sendMail({
sender:'sender@host.com',
to:'receiver@host.com',
subject:'File Upload: '+sessionUser.name+' uploaded '+file.name,
html: htmlString
},function(err) {
if (err) console.log(err);
else console.log('Notification Sent: S&A File Upload: '+sessionUser.name+' uploaded '+file.name);
});
}
}
});
还有断开连接功能,登录和断开连接功能之间的唯一代码是移动文件和删除文件功能,我怀疑它们是否有用
//console.log(users);
socket.on('disconnect',function() {
setTimeout(function() {
if (!!users[SID]) {
if (curTime()-users[SID].lastTap>30000)
unregister(SID);
else console.log('Not removing; connection still active. ('+users[SID].name+')');
} else (unregister(SID));
},30000);
});
});
最后,加密功能:
function getMD5(string) {
return crypto.
createHash('md5').
update(string).
digest("hex");
}
function getSHA1(string) {
return crypto.
createHash('sha1').
update(string).
digest("hex");
}
我知道格式并不完美,我已经尽可能地保持整洁,我想这就是所有相关的函数。我怀疑FTP门户的.jade文件是否有用。你不能
//console.log(users);
socket.on('disconnect',function() {
setTimeout(function() {
if (!!users[SID]) {
if (curTime()-users[SID].lastTap>30000)
unregister(SID);
else console.log('Not removing; connection still active. ('+users[SID].name+')');
} else (unregister(SID));
},30000);
});
});
用户名和密码已通过非对称加密(即MD5)。这样做可能是为了在服务器遭到黑客攻击时保护用户的个人信息
您仍然缺少处理身份验证和设置会话cookie的代码部分
如果您可以找到处理身份验证的代码,并且您事先知道用户名,那么您可以将其重新散列,以将用户名交叉引用到条目列表中
否则,您唯一的选择就是破解用户名/密码,这可能很难/不可能,具体取决于它们的复杂性
祝你好运…找出在代码中输入的用户/通行证在哪里转换回这些值,以便验证登录。这将确切地告诉您生成自己的文件所需的内容。由于您没有提供实际的节点,因此我们无法帮助您。添加了更多代码,如果缺少任何函数或有任何问题,请告诉我。