github
/
EasyImages2.0
mirror of https://github.com/icret/EasyImages2.0
1
0
Fork 0
Code Issues Releases Wiki Activity

修复登陆逻辑

pull/141/head
icret 2022-04-11 05:35:48 +00:00
parent 241e473bf7
commit bf20244b64
8 changed files with 183 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -150,10 +150,11 @@ $HTTP["url"] =~ "^/(i|public)/" {
<details><summary>点击查看2.0版更新日志</summary>
* 2022-04-02 v2.5.9 deving
- 增加安装提示
- 增加检测水印图片/水印字体是否存在
- 修复广场重复显示图片
- 调整了广告的位置
- 调整后台设置分表
- 增加安装提示
* 2022-04-02 v2.5.8
- 修复在PHP8环境下的bugs

9
admin/admin.inc.php
View File

@ -192,7 +192,7 @@ if (isset($_GET['recycle_reimg'])) {
<h5>本人仅为程序开源创作,如非法网站使用与本人无关,请勿用于非法用途;</h5>
<h5>请为本人博客<a class="alert-link" href="https://blog.png.cm/" target="_blank">blog.png.cm</a>加上网址链接,谢谢支持。作为开发者你可以对相应的后台功能进行扩展(增删改相应代码),但请保留代码中相关来源信息(例如: <a class="alert-link" href="https://blog.png.cm/">本人博客</a>,邮箱等)</h5>
<a href="https://png.cm/" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-external-link"></i> 演示网站</button></a>
<a href="https://www.kancloud.cn/easyimage/easyimage" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-hand-right"></i> 使用手册</button></a>
<a href="https://www.kancloud.cn/easyimage/easyimage/content" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-hand-right"></i> 使用手册</button></a>
<!-- <a href="https://support.qq.com/products/367633" target="_blank"><button type="button" class="btn btn-mini hidden-xs inline-block"><i class="icon icon-bug"></i> 问题反馈</button></a> -->
<a href="https://qm.qq.com/cgi-bin/qm/qr?k=kpzasY8VdPfrJrpAYdk0rxQJjqddgyAm&jump_from=webapi" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-qq"></i> 问题反馈</button></a>
<a href="../public/images/wechat.jpg" title="您的赞美是我开发的动力!" data-toggle="lightbox" class="btn btn-mini" style="color:#329d38;"><i class="icon icon-wechat"></i> 打赏作者</a>
@ -692,6 +692,11 @@ if (isset($_GET['recycle_reimg'])) {
<p class="text-ellipsis">Browser: <?php echo $_SERVER['HTTP_USER_AGENT']; ?></p>
<h5>图床信息</h5>
<hr />
<h6>API 插件</h6>
<a href="https://github.com/icret/EasyImage-Browser-Extension" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="浏览器插件">Edge/Chrome</span></a>
<a href="https://www.kancloud.cn/easyimage/easyimage/2625228" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="使用ShareX上传">ShareX</span></a>
<a href="https://www.kancloud.cn/easyimage/easyimage/2625229" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="使用PicGo上传">PicGo</span></a>
<h6>图床依赖</h6>
<p>
<?php if (empty($config['TinyPng_key'])) : ?>
<span class="label label-badge label-warning" data-toggle="tooltip" title="图片压缩TinyPng未填写">TinyPng</span>
@ -837,7 +842,7 @@ if (isset($_GET['recycle_reimg'])) {
<!-- 上传用户管理 start-->
<hr>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" onsubmit="return uploader_md5_post()">
<h5>上传者账号管理 | 开启登录上传后可添加</h5>
<h5>上传者账号 | 开启登陆上传后只能上传的账号</h5>
<div class="form-group">
<div class="input-control has-icon-left" data-toggle="tooltip" title="上传者账号只能上传不能操作其他项目">
<input type="text" name="uploader_user" id="account" class="form-control" value="" required="required" placeholder="添加上传者账号" onkeyup="this.value=this.value.replace(/\s/g,'')">

20
admin/index.php
View File

@ -15,10 +15,10 @@ if (isset($_REQUEST['code'])) {
// 提交登录
if (isset($_POST['password']) and isset($_POST['user'])) {
global $guestConfig;
$postUser = strip_tags($_POST['user']);
$postPWD = strip_tags($_POST['password']);
global $guestConfig;
if ($postUser == $config['user'] || in_array($postPWD, $guestConfig)) {
if ($postPWD == $config['password'] || $postPWD == $guestConfig[$postUser]) {
// 将账号密码序列化后存储
@ -37,15 +37,15 @@ if (isset($_REQUEST['code'])) {
new $.zui.Messager("密码错误", {type: "danger" // 定义颜色主题
}).show();
</script>';
exit(header("refresh:1;"));
header("refresh:2;");
}
} else {
echo '
<script>
$.zui.Messager("用户名错误", {type: "danger" // 定义颜色主题
}).show();
</script>';
exit(header("refresh:2;"));
<script>
new $.zui.Messager("账号不存在", {type: "danger" // 定义颜色主题
}).show();
</script>';
header("refresh:2;");
}
}
} else {
@ -93,13 +93,13 @@ if (isset($_GET['login'])) {
<div class="form-group">
<label for="account" class="col-sm-2">账号</label>
<div class="has-success col-md-3 col-sm-5">
<input type="text" name="user" id="account" class="form-control" value="" placeholder="请输入登录账号">
<input type="text" name="user" id="account" class="form-control" value="" placeholder="请输入登录账号" required="required">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2">密码</label>
<div class="has-success col-md-3 col-sm-5">
<input type="password" name="password" id="password" class="form-control" value="" placeholder="请输入登录密码">
<input type="password" name="password" id="password" class="form-control" value="" placeholder="请输入登录密码" required="required">
</div>
<input type="hidden" name="password" id="md5_password">
</div>
@ -107,7 +107,7 @@ if (isset($_GET['login'])) {
<label class="col-sm-2">验证码</label>
<div class="has-success col-md-3 col-sm-5">
<label><img src="<?php echo $config["domain"] . "/application/captcha.php"; ?>" onClick="this.src='<?php echo $config["domain"] . "/application/captcha.php"; ?>?nocache='+Math.random()" title="点击换一张" /></label>
<input class="form-control" type="text" name="code" value="" placeholder="请输入上方4位数验证码 - 不区分大小写" />
<input class="form-control" type="text" name="code" value="" placeholder="请输入上方4位数验证码 - 不区分大小写" required="required" />
</div>
</div>
<div class="form-group">

26
api/index.php
View File

@ -4,11 +4,6 @@ require_once APP_ROOT . '/application/class.upload.php';
require_once APP_ROOT . '/config/api_key.php';
header('Access-Control-Allow-Origin:*');
$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字删除空格;
// 检查api合法性
check_api($token);
$tokenID = $tokenList[$token]['id'];
// 黑/白IP名单上传
if ($config['check_ip']) {
@ -16,11 +11,26 @@ if ($config['check_ip']) {
// 上传错误 code:403 未授权IP
exit(json_encode(array(
"result" => "failed",
"code" => 403,
"code" => 401,
"message" => "黑名单内或白名单外用户不允许上传",
)));
}
}
$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字删除空格;
// 检查api合法性
check_api($token);
$tokenID = $tokenList[$token]['id'];
if (empty($_FILES['image'])) {
exit(json_encode(
array(
"result" => "NoFile",
"code" => 402,
"message" => "没有选择上传的文件",
)
));
}
$handle = new Upload($_FILES['image'], 'zh_CN');
@ -102,7 +112,7 @@ if ($handle->uploaded) {
// 鉴黄
@process_checkImg($imageUrl);
// 日志
if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID);
if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID);
// 水印
@water($handle->file_dst_pathname);
// 压缩
@ -111,7 +121,7 @@ if ($handle->uploaded) {
// 鉴黄
@process_checkImg($imageUrl);
// 日志
if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID);
if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID);
// 水印
@water($handle->file_dst_pathname);
// 压缩

101
application/function.php
View File

@ -62,38 +62,32 @@ function checkLogin()
// 无cookie
if (empty($_COOKIE['auth'])) {
echo '
<script>
new $.zui.Messager("请登录后再上传!", {type: "danger" // 定义颜色主题
}).show();
</script>';
header("refresh:1;url=" . $config['domain'] . "/admin/index.php");
return 201;
}
// 存在cookie 但是cookie错误
// 存在cookie
if (isset($_COOKIE['auth'])) {
$getCOK = unserialize($_COOKIE['auth']);
// 无法读取cookie
if (!$getCOK) {
echo '
<script>
new $.zui.Messager("密码已更改,请重新登录", {
type: "special", // 定义颜色主题
icon: "exclamation-sign" // 定义消息图标
}).show();
</script>';
header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
return 202;
}
if ($getCOK[1] != $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) {
echo '
<script>
new $.zui.Messager("密码已更改,请重新登录", {
type: "special", // 定义颜色主题
icon: "exclamation-sign" // 定义消息图标
}).show();
</script>';
exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php"));
// 密码错误
if ($getCOK[1] !== $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) {
return 203;
}
// 管理员登陆
if ($getCOK[1] == $config['password']) {
return 204;
}
// 上传者账号登陆
if ($getCOK[1] == $guestConfig[$getCOK[0]]) {
return 205;
}
}
}
@ -105,7 +99,59 @@ function mustLogin()
{
global $config;
if ($config['mustLogin']) {
checkLogin();
switch (checkLogin()) {
case 201:
echo '
<script>
new $.zui.Messager("本站已开启登陆上传, 请登录!", {
type: "danger", // 定义颜色主题
icon: "bullhorn" // 定义消息图标
}).show();
</script>';
header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
break;
case 202:
echo '
<script>
new $.zui.Messager("登陆超时,请重新登录", {
type: "special", // 定义颜色主题
icon: "exclamation-sign" // 定义消息图标
}).show();
</script>';
header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
break;
case 203:
echo '
<script>
new $.zui.Messager("密码已更改,请重新登录", {
type: "special", // 定义颜色主题
icon: "exclamation-sign" // 定义消息图标
}).show();
</script>';
exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php"));
break;
case 205:
echo '
<script>
new $.zui.Messager("上传者用户已登陆", {
type: "success", // 定义颜色主题
icon: "check", // 定义消息图标
placement:"bottom-right" // 消息位置
}).show();
</script>';
break;
case 204:
echo '
<script>
new $.zui.Messager("管理员已登陆", {
type: "success", // 定义颜色主题
icon: "check", // 定义消息图标
placement:"bottom-right" // 消息位置
}).show();
</script>';
break;
}
}
}
@ -354,7 +400,7 @@ function get_file_by_glob($dir_fileName_suffix, $type = 'list')
$res += get_file_by_glob($v . "/*", $type = 'number');
}
}
}else{
} else {
$res = 0;
}
}
@ -516,6 +562,9 @@ function is_who_login($user)
global $guestConfig;
if (isset($_COOKIE['auth'])) {
$getCOK = unserialize($_COOKIE['auth']);
if (!$getCOK) {
return false;
}
if ($user == 'admin') {
if ($getCOK[1] == $config['password']) return true;
}

8
application/upload.php
View File

@ -5,7 +5,13 @@ require __DIR__ . '/class.upload.php';
// 检查登录
if ($config['mustLogin']) {
checkLogin();
if (checkLogin() !== 204 && checkLogin() !== 205) {
exit(json_encode(array(
"result" => "failed",
"code" => 401,
"message" => "本站已开启登陆上传,您尚未登陆",
)));
}
}
// 黑/白IP名单上传

4
config/config.php
View File

@ -83,7 +83,7 @@ var _hmt = _hmt || [];
'chart_on'=>1,
'check_ip'=>0,
'check_ip_model'=>0,
'check_ip_list'=>'',
'check_ip_list'=>'127.0.0.1',
'public'=>0,
'public_list'=>Array
(
@ -104,7 +104,7 @@ var _hmt = _hmt || [];
'delDir'=>'thumbnails/',
'hide'=>0,
'version'=>'2.5.8',
'update'=>'2022-04-09 13:07:01',
'update'=>'2022-04-11 13:31:22',
'terms'=>'<div class="container">
<div class="row">
<div class="col-xs-3">

66
public/static/tinyfilemanager/translation.json
View File

@ -732,7 +732,7 @@
"code": "de",
"translation": {
"AppName": "Tiny File Manager",
"AppTitle": "Datei Manager",
"AppTitle": "Dateimanager",
"Login": "Einloggen",
"Username": "Benutzername",
"Password": "Passwort",
@ -748,7 +748,7 @@
"Perms": "Berechtigungen",
"Modified": "Geändert",
"Owner": "Eigentümer",
"Search": "Suchen",
"Search": "Suchbegriff eingeben",
"NewItem": "Neues Element",
"Folder": "Ordner",
"Delete": "Löschen",
@ -775,16 +775,74 @@
"UnZip": "Entpacken",
"UnZipToFolder": "Entpacken im Ordner",
"Edit": "Bearbeiten",
"NormalEditor": "Standard Editor",
"NormalEditor": "Standard-Editor",
"BackUp": "Backup",
"SourceFolder": "Quellordner",
"Files": "Dateien",
"Change": "Ändern",
"Settings": "Einstellungen",
"Language": "Sprache",
"Folder is empty": "Ordner ist leer",
"PartitionSize": "Partitionsgröße",
"ErrorReporting": "Fehler-Berichterstattung",
"ShowHiddenFiles": "Versteckte Dateien anzeigen",
"Full size": "Gesamtgröße",
"Help": "Hilfe",
"Free of": "Frei von",
"Preview": "Vorschau",
"Help Documents": "Hilfe anzeigen (Englisch)",
"Report Issue": "Problem melden",
"Generate": "Erzeugen",
"FullSize": "Gesamtgröße",
"FreeOf": "frei von",
"CalculateFolderSize": "Ordnergröße berechnen",
"ProcessID": "Prozess-ID",
"Created": "Erstellt",
"HideColumns": "Spalten Berechtigungen / Besitzer verstecken",
"Generate new password hash": "Password-Hash neu erzeugen",
"Check Latest Version": "Auf neue Version überprüfen",
"You are logged in": "Du bist eingeloggt.",
"Login failed. Invalid username or password": "Login fehlgeschlagen. Falscher Benutzername oder Passwort.",
"password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version"
"password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version",
"Advanced Search": "Erweiterte Suche",
"Error while copying from": "Fehler beim Kopieren aus",
"Nothing selected": "Nichts ausgewählt",
"Paths must be not equal": "Quell- und Zielpfad dürfen nicht identisch sein",
"Renamed from": "Umbenannt von",
"Archive not unpacked": "Archiv nicht entpackt",
"Deleted": "Gelöscht",
"Archive not created": "Archiv nicht erstellt",
"Copied from": "Kopiert aus",
"Permissions changed": "Berechtigungen geändert",
"to": "nach",
"Saved Successfully": "Erfolgreich gespeichert",
"not found!": "nicht gefunden!",
"File Saved Successfully": "Datei erfolgreich gespeichert",
"Archive": "Archiv",
"Permissions not changed": "Berechtigungen nicht geändert",
"Select folder": "Ordner auswählen",
"Source path not defined": "Quellpfad nicht definiert",
"already exists": "existiert bereits",
"Error while moving from": "Fehler beim Verschieben aus",
"Create archive?": "Archiv erstellen?",
"Invalid file or folder name": "Ungältiger Datei- oder Ordnername",
"Archive unpacked": "Archive entpackt",
"File extension is not allowed": "Dateityp nicht erlaubt",
"Root path": "Quellverzeichnis",
"Error while renaming from": "Fehler beim Umbenennen von",
"File not found": "Datei nicht gefunden",
"Error while deleting items": "Fehler beim Löschen der Objekte",
"Invalid characters in file name": "Unzulässige Zeichen im Dateinamen",
"FILE EXTENSION HAS NOT SUPPORTED": "DATEITYP NICHT UNTERSTÜTZT",
"Selected files and folder deleted": "Ausgewählte Dateien und Ordner gelöscht",
"Error while fetching archive info": "Fehler beim Abrufen der Archiv-Informationen",
"Delete selected files and folders?": "Ausgewählte Dateien und Ordner löschen?",
"Search file in folder and subfolders...": "Suchen in Ordnern und Unterordnern...",
"Access denied. IP restriction applicable": "Zugriff verweigert - IP-Beschränkung.",
"Invalid characters in file or folder name": "Unzulässige Zeichen im Datei- oder Ordnernamen",
"Operations with archives are not available": "Archiv-Funktionen nicht verfägbar",
"File or folder with this path already exists": "Datei oder Ordner mit diesem Pfad existiert bereits",
"Moved from": "Verschoben aus"
}
},
{