From 09ca411da65a97808898e639466f85808c491153 Mon Sep 17 00:00:00 2001
From: HuoZhangqi <h947136@qq.com>
Date: Fri, 24 Nov 2023 15:43:03 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=9B=B4=E6=96=B0Cookie?=
 =?UTF-8?q?=E5=8A=A0=E5=AF=86=E7=AE=97=E6=B3=95=E5=90=8E=E5=88=87=E6=8D=A2?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=A4=B1=E6=95=88=20(#256)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setting.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setting.php b/setting.php
index 270b7353..2fa4057d 100644
--- a/setting.php
+++ b/setting.php
@@ -334,12 +334,12 @@
         break;
     case 'admin:users':
         if (!empty($_GET['control'])) {
-            $osq = $m->once_fetch_array("SELECT `role`,`pw` FROM  `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `id` = '{$_GET['control']}' LIMIT 1");
+            $osq = $m->once_fetch_array("SELECT `id`,`role`,`pw` FROM  `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `id` = '{$_GET['control']}' LIMIT 1");
             empty($osq['pw']) and msg('用户不存在');
             $osq['role'] == 'admin' and msg('无法控制管理员');
             doAction('admin_users_control');
             setcookie("uid", $_GET['control'], time() + 999999);
-            setcookie("pwd", substr(sha1(EncodePwd($osq['pw'])), 4, 32), time() + 999999);
+            setcookie("pwd", hash_hmac('sha256', $osq['pw'], $osq['id'] . $osq['pw']), time() + 999999);
             setcookie("con_uid", UID);
             setcookie("con_pwd", $_COOKIE['pwd']);
             redirect('index.php');