There is a ulnerability that User credentials are sent in clear text(admin/index.php)

# Steps to Reproduce
**1、the backstage address**
http://127.0.0.1/DiliCMS-develop-3.x/admin/index.php

**2、login and use BurpSuite to intercepte packets，and then we can see the User credentials are transmitted over an unencrypted channel**

![default](https://user-images.githubusercontent.com/29420758/39341513-1e0c200a-49c3-11e8-9392-8cae958a52c4.jpg)



