diff --git a/admin/admin.inc.php b/admin/admin.inc.php
index 34f6356..f503110 100755
--- a/admin/admin.inc.php
+++ b/admin/admin.inc.php
@@ -572,14 +572,14 @@ auto_delete(); //定时删除
-
+
-
+
diff --git a/api/index.php b/api/index.php
index 5b179ef..cac39a8 100755
--- a/api/index.php
+++ b/api/index.php
@@ -167,24 +167,24 @@ if ($handle->uploaded) {
// 上传成功后返回json数据
$reJson = array(
- "result" => "success",
- "code" => 200,
- "url" => $imageUrl,
- "srcName" => $handle->file_src_name_body,
- "thumb" => $handleThumb,
- "del" => $delUrl,
- "ID" => $tokenID, // 202-02-11 增加返回Token ID
- // "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
+ "result" => "success",
+ "code" => 200,
+ "url" => $imageUrl,
+ "srcName" => $handle->file_src_name_body,
+ "thumb" => $handleThumb,
+ "del" => $delUrl,
+ "ID" => $tokenID, // 202-02-11 增加返回Token ID
+ // "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
);
echo json_encode($reJson, JSON_UNESCAPED_UNICODE);
$handle->clean();
} else {
// 上传错误 code:206 客户端文件有问题
$reJson = array(
- "result" => "failed",
- "code" => 206,
- "message" => $handle->error,
- "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
+ "result" => "failed",
+ "code" => 206,
+ "message" => $handle->error,
+ "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
// 'log' => $handle->log, // 仅用作调试用
);
unset($handle);
@@ -202,9 +202,9 @@ if ($handle->uploaded) {
@write_upload_logs($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID);
// 鉴黄
@process_checkImg($processUrl);
- // 水印
+ // 水印
@water($handle->file_dst_pathname);
- // 压缩
+ // 压缩
@process_compress($handle->file_dst_pathname);
} else { // 普通模式
// 记录同IP上传次数
diff --git a/application/upload.php b/application/upload.php
index 6b91cae..21eb72f 100755
--- a/application/upload.php
+++ b/application/upload.php
@@ -9,9 +9,9 @@ require __DIR__ . '/class.upload.php';
if ($config['mustLogin']) {
if (!is_who_login('status')) {
exit(json_encode(array(
- "result" => "failed",
- "code" => 401,
- "message" => "本站已开启登陆上传,您尚未登陆",
+ "result" => "failed",
+ "code" => 401,
+ "message" => "本站已开启登陆上传,您尚未登陆",
)));
}
}
@@ -20,21 +20,30 @@ if ($config['mustLogin']) {
if (empty($_FILES['file'])) {
exit(json_encode(
array(
- "result" => "failed",
- "code" => 204,
- "message" => "没有选择上传的文件",
+ "result" => "failed",
+ "code" => 204,
+ "message" => "没有选择上传的文件",
)
));
}
+// sign
+if (empty($_POST['sign']) || $_POST['sign'] !== md5($config['password'] . date('YmdH'))) {
+ exit(json_encode(array(
+ "result" => "failed",
+ "code" => 403,
+ "message" => "签名错误,请刷新重试",
+ )));
+}
+
// 黑/白IP名单上传
if ($config['check_ip']) {
if (checkIP(null, $config['check_ip_list'], $config['check_ip_model'])) {
// 上传错误 code:403 未授权IP
exit(json_encode(array(
- "result" => "failed",
- "code" => 403,
- "message" => "黑名单内或白名单外用户不允许上传",
+ "result" => "failed",
+ "code" => 403,
+ "message" => "黑名单内或白名单外用户不允许上传",
)));
}
}
@@ -182,12 +191,12 @@ if ($handle->uploaded) {
// 上传成功后返回json数据
$reJson = array(
- "result" => "success",
- "code" => 200,
- "url" => $imageUrl,
- "srcName" => $handle->file_src_name_body,
- "thumb" => $handleThumb,
- "del" => $delUrl,
+ "result" => "success",
+ "code" => 200,
+ "url" => $imageUrl,
+ "srcName" => $handle->file_src_name_body,
+ "thumb" => $handleThumb,
+ "del" => $delUrl,
// "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
);
echo json_encode($reJson);
@@ -195,10 +204,10 @@ if ($handle->uploaded) {
} else {
// 上传错误 code:206 客户端文件有问题
$reJson = array(
- "result" => "failed",
- "code" => 206,
- "message" => $handle->error,
- "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
+ "result" => "failed",
+ "code" => 206,
+ "message" => $handle->error,
+ "memory" => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
// 'log' => $handle->log, // 仅用作调试用
);
unset($handle);
diff --git a/application/viewlog.php b/application/viewlog.php
index 06918f4..bfc7d21 100644
--- a/application/viewlog.php
+++ b/application/viewlog.php
@@ -9,7 +9,7 @@ require_once __DIR__ . '/function.php';
// 非管理员不可访问!
if (!is_who_login('admin')) exit('Permission denied');
// 禁止直接访问
-if (empty($_REQUEST['pass']) || $_REQUEST['pass'] !== md5($config['password'] . date('ymdh'))) exit('Authentication error!');
+if (empty($_REQUEST['sign']) || $_REQUEST['sign'] !== md5($config['password'] . date('ymdh'))) exit('Authentication error!');
// 登录日志
if (isset($_GET['login_log'])) {
diff --git a/docs/update.md b/docs/update.md
index 6c51a6a..c2a3dd2 100644
--- a/docs/update.md
+++ b/docs/update.md
@@ -1,4 +1,7 @@
-* 2023-03-05 v2.7.7 dev
+* 2023-03-06 v2.7.8
+- 增加前端上传签名
+
+* 2023-03-05 v2.7.7
- 增加登录日志
- 修复备用文件管理登录失效
diff --git a/index.php b/index.php
index 2918cdc..70af5eb 100755
--- a/index.php
+++ b/index.php
@@ -128,6 +128,10 @@ mustLogin();
flash_swf_url: '/public/static/zui/lib/uploader/Moxie.swf',
// silverlight 上传组件地址
flash_swf_url: '/public/static/zui/lib/uploader/Moxie.xap',
+ // sign
+ multipart_params: {
+ 'sign': '', // new Date().format("YYYYMMddhh")
+ },
// 预览图尺寸
previewImageSize: {
'width': 80,