From 6c233876ea470d261d8b422a5d7881e3d7f4d3aa Mon Sep 17 00:00:00 2001 From: icret Date: Thu, 20 Jan 2022 01:55:20 +0800 Subject: [PATCH] =?UTF-8?q?=E9=BB=91=E7=99=BD=E5=90=8D=E5=8D=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + admin/admin.inc.php | 35 +++++---- api/index.php | 21 +++++- application/function.php | 83 +++++++++++++++++++++ application/{logs-write.php => process.php} | 34 +++++---- application/real_ip.php | 51 ------------- config/config.php | 11 ++- file.php | 23 +++++- 8 files changed, 166 insertions(+), 93 deletions(-) rename application/{logs-write.php => process.php} (91%) delete mode 100755 application/real_ip.php diff --git a/README.md b/README.md index 3c6dbbf..c9892bb 100755 --- a/README.md +++ b/README.md @@ -87,6 +87,7 @@ Deny from all * 2022-1-19 v2.4.6 beta - 增加图片信息页面 +- 增加上传黑/白名单 - 视图优化 * 2022-1-13 v2.4.5 diff --git a/admin/admin.inc.php b/admin/admin.inc.php index 28bd196..d3e65a8 100755 --- a/admin/admin.inc.php +++ b/admin/admin.inc.php @@ -502,7 +502,7 @@ if (isset($_GET['reimg'])) { -
+
@@ -520,6 +520,21 @@ if (isset($_GET['reimg'])) {
+
+
+ + > + +
+
+
+ + +
+
+ + +
@@ -534,12 +549,6 @@ if (isset($_GET['reimg'])) {
-
-

- 当前版本: - Github: -

-
" placeholder="隐藏的保存">
@@ -604,12 +613,6 @@ if (isset($_GET['reimg'])) {
-
-

- 当前版本: - Github: -

-
" placeholder="隐藏的保存">
@@ -687,7 +690,8 @@ if (isset($_GET['reimg'])) {

我的IP:

图床信息
-

+ TinyImag Key
'; } else { @@ -699,8 +703,8 @@ if (isset($_GET['reimg'])) { echo 'Moderatecontent Key
'; } ?> + 当前版本: Github:

-

当前版本:,Github版本:

@@ -713,7 +717,6 @@ if (isset($_GET['reimg'])) {
-
" placeholder="隐藏的保存">
diff --git a/api/index.php b/api/index.php index 2f5a878..cfbc11c 100755 --- a/api/index.php +++ b/api/index.php @@ -11,6 +11,18 @@ $token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非 // 检查api合法性 check_api($token); +// 黑/白IP名单上传 +if ($config['check_ip']) { + if (checkIP(null, $config['check_ip_list'], $config['check_ip_model'])) { + // 上传错误 code:403 未授权IP + exit(json_encode(array( + "result" => "failed", + "code" => 403, + "message" => "黑名单内或白名单外用户不允许上传", + ))); + } +} + $handle = new Upload($_FILES['image'], 'zh_CN'); if ($handle->uploaded) { @@ -113,11 +125,14 @@ if ($handle->uploaded) { exit(json_encode($reJson, JSON_UNESCAPED_UNICODE)); } - // 上传日志控制 + // 后续处理 + require_once APP_ROOT . '/application/process.php'; + // 日志 if ($config['upload_logs']) { - require_once APP_ROOT . '/application/logs-write.php'; - @write_log(config_path() . $handle->file_dst_name, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, "API upload"); + @write_log(config_path() . $handle->file_dst_name, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size); } + // 压缩|鉴黄 + process(config_path() . $handle->file_dst_name, $handle->file_dst_pathname); unset($handle); } diff --git a/application/function.php b/application/function.php index bba28a1..9046595 100755 --- a/application/function.php +++ b/application/function.php @@ -762,3 +762,86 @@ function writefile($filename, $writetext, $openmod = 'w') return false; } } + +/* + * 获得用户的真实IP地址 + *
来源:ecshop + *
$_SERVER和getenv的区别,getenv不支持IIS的isapi方式运行的php + * @access public + * @return string + */ +function real_ip() +{ + static $realip = NULL; + if ($realip !== NULL) { + return $realip; + } + if (isset($_SERVER)) { + if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); + /* 取X-Forwarded-For中第一个非unknown的有效IP字符串 */ + foreach ($arr as $ip) { + $ip = trim($ip); + + if ($ip != 'unknown') { + $realip = $ip; + + break; + } + } + } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { + $realip = $_SERVER['HTTP_CLIENT_IP']; + } else { + if (isset($_SERVER['REMOTE_ADDR'])) { + $realip = $_SERVER['REMOTE_ADDR']; + } else { + $realip = '0.0.0.0'; + } + } + } else { + if (getenv('HTTP_X_FORWARDED_FOR')) { + $realip = getenv('HTTP_X_FORWARDED_FOR'); + } elseif (getenv('HTTP_CLIENT_IP')) { + $realip = getenv('HTTP_CLIENT_IP'); + } else { + $realip = getenv('REMOTE_ADDR'); + } + } + // 使用正则验证IP地址的有效性,防止伪造IP地址进行SQL注入攻击 + preg_match("/[\d\.]{7,15}/", $realip, $onlineip); + $realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0'; + return $realip; +} + +/* + * IP黑白名单检测,支持IP段检测 + * @param string $ipNow 要检测的IP + * @param string|array $ipList 白名单IP或者黑名单IP + * @return boolean false|true true:白名单模式,false:黑名单模式 + */ +function checkIP($ipNow = null, $ipList = null, $model = false) +{ + // global $config; + $ipNow = isset($ipNow) ?: real_ip(); + + // 将IP文本转换为数组 + if (is_string($ipList)) { + $ipList = explode(",", $ipList); + } else { + echo 'IP名单错误'; + } + + $ipregexp = implode('|', str_replace(array('*', '.'), array('\d+', '\.'), $ipList)); + $result = preg_match("/^(" . $ipregexp . ")$/", $ipNow); + + // 白名单模式 + if ($model) { + if (in_array($ipNow, $ipList)) { + return false; + } + } + // 黑名单模式 + if ($result) { + return true; + } +} diff --git a/application/logs-write.php b/application/process.php similarity index 91% rename from application/logs-write.php rename to application/process.php index 07f8400..ba3241b 100755 --- a/application/logs-write.php +++ b/application/process.php @@ -1,15 +1,9 @@ 源文件名称->上传时间(Asia/Shanghai)->IP地址->浏览器信息->文件相对路径->图片的MD5 - * $filePath 文件相对路径 - * $sourceName 源文件名称 - * $absolutePath 图片的绝对路径 - * $fileSize 图片的大小 - */ -function write_log($filePath, $sourceName, $absolutePath, $fileSize, $from = "Web upload") + +// 压缩图片与图片鉴黄 +function process($filePath, $absolutePath) { global $config; // 压缩图片 后压缩模式,不影响前台输出速度 @@ -28,12 +22,22 @@ function write_log($filePath, $sourceName, $absolutePath, $fileSize, $from = "We if ($config['checkImg']) { require_once APP_ROOT . '/config/api_key.php'; @checkImg($config['imgurl'] . $filePath); - // 检查通过 - $checkImg = "Images Passed"; - } else { - // 未开通 - $checkImg = "Check Closed"; } +} + +/** + * 写日志 + * 日志格式:图片名称->源文件名称->上传时间(Asia/Shanghai)->IP地址->浏览器信息->文件相对路径->图片的MD5 + * $filePath 文件相对路径 + * $sourceName 源文件名称 + * $absolutePath 图片的绝对路径 + * $fileSize 图片的大小 + */ +function write_log($filePath, $sourceName, $absolutePath, $fileSize, $from = "Web upload") +{ + global $config; + + $checkImg = $config['checkImg'] == true ? "Images Passed" : "Check Closed"; $name = trim(basename($filePath), " \t\n\r\0\x0B"); // 当前图片名称 $log = array($name => array( diff --git a/application/real_ip.php b/application/real_ip.php deleted file mode 100755 index eb9594b..0000000 --- a/application/real_ip.php +++ /dev/null @@ -1,51 +0,0 @@ -来源:ecshop - *
$_SERVER和getenv的区别,getenv不支持IIS的isapi方式运行的php - * @access public - * @return string - */ -function real_ip() -{ - static $realip = NULL; - if ($realip !== NULL) { - return $realip; - } - if (isset($_SERVER)) { - if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); - /* 取X-Forwarded-For中第一个非unknown的有效IP字符串 */ - foreach ($arr as $ip) { - $ip = trim($ip); - - if ($ip != 'unknown') { - $realip = $ip; - - break; - } - } - } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { - $realip = $_SERVER['HTTP_CLIENT_IP']; - } else { - if (isset($_SERVER['REMOTE_ADDR'])) { - $realip = $_SERVER['REMOTE_ADDR']; - } else { - $realip = '0.0.0.0'; - } - } - } else { - if (getenv('HTTP_X_FORWARDED_FOR')) { - $realip = getenv('HTTP_X_FORWARDED_FOR'); - } elseif (getenv('HTTP_CLIENT_IP')) { - $realip = getenv('HTTP_CLIENT_IP'); - } else { - $realip = getenv('REMOTE_ADDR'); - } - } - // 使用正则验证IP地址的有效性,防止伪造IP地址进行SQL注入攻击 - preg_match("/[\d\.]{7,15}/", $realip, $onlineip); - $realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0'; - return $realip; -} \ No newline at end of file diff --git a/config/config.php b/config/config.php index 3bbce28..2fee876 100755 --- a/config/config.php +++ b/config/config.php @@ -1,4 +1,4 @@ -'简单图床 - EasyImage', @@ -68,11 +68,14 @@ $config=Array })(); ', 'checkEnv'=>1, - 'checkImg'=>1, + 'checkImg'=>0, 'checkImg_value'=>50, 'upload_logs'=>1, 'cache_freq'=>2, 'first_show'=>1, - 'version'=>'2.4.5', - 'form'=>'2022-01-19 16:48:54' + 'check_ip'=>0, + 'check_ip_model'=>0, + 'check_ip_list'=>'', + 'version'=>'2.4.6 beta', + 'form'=>'2022-01-20 01:31:54' ); \ No newline at end of file diff --git a/file.php b/file.php index 9dca4ad..45cbd16 100755 --- a/file.php +++ b/file.php @@ -4,6 +4,18 @@ require __DIR__ . '/application/function.php'; require APP_ROOT . '/application/class.upload.php'; require APP_ROOT . '/application/WaterMask.php'; +// 黑/白IP名单上传 +if ($config['check_ip']) { + if (checkIP(null, $config['check_ip_list'], $config['check_ip_model'])) { + // 上传错误 code:403 未授权IP + exit(json_encode(array( + "result" => "failed", + "code" => 403, + "message" => "黑名单内或白名单外用户不允许上传", + ))); + } +} + $handle = new Upload($_FILES['file'], 'zh_CN'); if ($handle->uploaded) { @@ -102,10 +114,10 @@ if ($handle->uploaded) { echo json_encode($reJson); $handle->clean(); } else { - // 上传错误 code:403 客户端文件有问题 + // 上传错误 code:400 客户端文件有问题 $reJson = array( "result" => "failed", - "code" => 403, + "code" => 400, "message" => $handle->error, //"log" => $handle->log, ); @@ -114,11 +126,14 @@ if ($handle->uploaded) { exit(json_encode($reJson, JSON_UNESCAPED_UNICODE)); } - // 上传日志控制 + // 后续处理 + require_once APP_ROOT . '/application/process.php'; + // 日志 if ($config['upload_logs']) { - require_once APP_ROOT . '/application/logs-write.php'; @write_log(config_path() . $handle->file_dst_name, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size); } + // 压缩|鉴黄 + process(config_path() . $handle->file_dst_name, $handle->file_dst_pathname); unset($handle); }