From bf20244b64d71457708634c7382c6a78ee5fdb22 Mon Sep 17 00:00:00 2001 From: icret Date: Mon, 11 Apr 2022 05:35:48 +0000 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=99=BB=E9=99=86=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 +- admin/admin.inc.php | 9 +- admin/index.php | 20 ++-- api/index.php | 26 +++-- application/function.php | 101 +++++++++++++----- application/upload.php | 8 +- config/config.php | 4 +- .../static/tinyfilemanager/translation.json | 66 +++++++++++- 8 files changed, 183 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 6a1bd3c..4690ef7 100755 --- a/README.md +++ b/README.md @@ -150,10 +150,11 @@ $HTTP["url"] =~ "^/(i|public)/" {
点击查看2.0版更新日志 * 2022-04-02 v2.5.9 deving +- 增加安装提示 +- 增加检测水印图片/水印字体是否存在 - 修复广场重复显示图片 - 调整了广告的位置 - 调整后台设置分表 -- 增加安装提示 * 2022-04-02 v2.5.8 - 修复在PHP8环境下的bugs diff --git a/admin/admin.inc.php b/admin/admin.inc.php index e84eda3..5fa1511 100755 --- a/admin/admin.inc.php +++ b/admin/admin.inc.php @@ -192,7 +192,7 @@ if (isset($_GET['recycle_reimg'])) {
本人仅为程序开源创作,如非法网站使用与本人无关,请勿用于非法用途;
请为本人博客blog.png.cm加上网址链接,谢谢支持。作为开发者你可以对相应的后台功能进行扩展(增删改相应代码),但请保留代码中相关来源信息(例如: 本人博客,邮箱等)。
- + 打赏作者 @@ -692,6 +692,11 @@ if (isset($_GET['recycle_reimg'])) {

Browser:

图床信息
+
API 插件
+ Edge/Chrome + ShareX + PicGo +
图床依赖

TinyPng @@ -837,7 +842,7 @@ if (isset($_GET['recycle_reimg'])) {

-
上传者账号管理 | 开启登录上传后可添加
+
上传者账号 | 开启登陆上传后只能上传的账号
diff --git a/admin/index.php b/admin/index.php index 75948b3..e79beb8 100755 --- a/admin/index.php +++ b/admin/index.php @@ -15,10 +15,10 @@ if (isset($_REQUEST['code'])) { // 提交登录 if (isset($_POST['password']) and isset($_POST['user'])) { + global $guestConfig; $postUser = strip_tags($_POST['user']); $postPWD = strip_tags($_POST['password']); - global $guestConfig; if ($postUser == $config['user'] || in_array($postPWD, $guestConfig)) { if ($postPWD == $config['password'] || $postPWD == $guestConfig[$postUser]) { // 将账号密码序列化后存储 @@ -37,15 +37,15 @@ if (isset($_REQUEST['code'])) { new $.zui.Messager("密码错误", {type: "danger" // 定义颜色主题 }).show(); '; - exit(header("refresh:1;")); + header("refresh:2;"); } } else { echo ' - '; - exit(header("refresh:2;")); + '; + header("refresh:2;"); } } } else { @@ -93,13 +93,13 @@ if (isset($_GET['login'])) {
- +
- +
@@ -107,7 +107,7 @@ if (isset($_GET['login'])) {
- +
diff --git a/api/index.php b/api/index.php index 7e589e2..04c1ccd 100755 --- a/api/index.php +++ b/api/index.php @@ -4,11 +4,6 @@ require_once APP_ROOT . '/application/class.upload.php'; require_once APP_ROOT . '/config/api_key.php'; header('Access-Control-Allow-Origin:*'); -$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字,删除空格; - -// 检查api合法性 -check_api($token); -$tokenID = $tokenList[$token]['id']; // 黑/白IP名单上传 if ($config['check_ip']) { @@ -16,11 +11,26 @@ if ($config['check_ip']) { // 上传错误 code:403 未授权IP exit(json_encode(array( "result" => "failed", - "code" => 403, + "code" => 401, "message" => "黑名单内或白名单外用户不允许上传", ))); } } +$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字,删除空格; + +// 检查api合法性 +check_api($token); +$tokenID = $tokenList[$token]['id']; + +if (empty($_FILES['image'])) { + exit(json_encode( + array( + "result" => "NoFile", + "code" => 402, + "message" => "没有选择上传的文件", + ) + )); +} $handle = new Upload($_FILES['image'], 'zh_CN'); @@ -102,7 +112,7 @@ if ($handle->uploaded) { // 鉴黄 @process_checkImg($imageUrl); // 日志 - if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID); + if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID); // 水印 @water($handle->file_dst_pathname); // 压缩 @@ -111,7 +121,7 @@ if ($handle->uploaded) { // 鉴黄 @process_checkImg($imageUrl); // 日志 - if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID); + if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID); // 水印 @water($handle->file_dst_pathname); // 压缩 diff --git a/application/function.php b/application/function.php index 9039e14..f562cb1 100755 --- a/application/function.php +++ b/application/function.php @@ -62,38 +62,32 @@ function checkLogin() // 无cookie if (empty($_COOKIE['auth'])) { - echo ' - '; - header("refresh:1;url=" . $config['domain'] . "/admin/index.php"); + return 201; } - // 存在cookie 但是cookie错误 + // 存在cookie if (isset($_COOKIE['auth'])) { + $getCOK = unserialize($_COOKIE['auth']); + // 无法读取cookie if (!$getCOK) { - echo ' - '; - header("refresh:2;url=" . $config['domain'] . "/admin/index.php"); + return 202; } - if ($getCOK[1] != $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) { - echo ' - '; - exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php")); + // 密码错误 + if ($getCOK[1] !== $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) { + return 203; + } + + // 管理员登陆 + if ($getCOK[1] == $config['password']) { + return 204; + } + + // 上传者账号登陆 + if ($getCOK[1] == $guestConfig[$getCOK[0]]) { + return 205; } } } @@ -105,7 +99,59 @@ function mustLogin() { global $config; if ($config['mustLogin']) { - checkLogin(); + + switch (checkLogin()) { + case 201: + echo ' + '; + header("refresh:2;url=" . $config['domain'] . "/admin/index.php"); + break; + case 202: + echo ' + '; + header("refresh:2;url=" . $config['domain'] . "/admin/index.php"); + break; + case 203: + echo ' + '; + exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php")); + break; + case 205: + echo ' + '; + break; + case 204: + echo ' + '; + break; + } } } @@ -354,7 +400,7 @@ function get_file_by_glob($dir_fileName_suffix, $type = 'list') $res += get_file_by_glob($v . "/*", $type = 'number'); } } - }else{ + } else { $res = 0; } } @@ -516,6 +562,9 @@ function is_who_login($user) global $guestConfig; if (isset($_COOKIE['auth'])) { $getCOK = unserialize($_COOKIE['auth']); + if (!$getCOK) { + return false; + } if ($user == 'admin') { if ($getCOK[1] == $config['password']) return true; } diff --git a/application/upload.php b/application/upload.php index 694ac4e..17d04a2 100755 --- a/application/upload.php +++ b/application/upload.php @@ -5,7 +5,13 @@ require __DIR__ . '/class.upload.php'; // 检查登录 if ($config['mustLogin']) { - checkLogin(); + if (checkLogin() !== 204 && checkLogin() !== 205) { + exit(json_encode(array( + "result" => "failed", + "code" => 401, + "message" => "本站已开启登陆上传,您尚未登陆", + ))); + } } // 黑/白IP名单上传 diff --git a/config/config.php b/config/config.php index bcbe750..d475c88 100755 --- a/config/config.php +++ b/config/config.php @@ -83,7 +83,7 @@ var _hmt = _hmt || []; 'chart_on'=>1, 'check_ip'=>0, 'check_ip_model'=>0, - 'check_ip_list'=>'', + 'check_ip_list'=>'127.0.0.1', 'public'=>0, 'public_list'=>Array ( @@ -104,7 +104,7 @@ var _hmt = _hmt || []; 'delDir'=>'thumbnails/', 'hide'=>0, 'version'=>'2.5.8', - 'update'=>'2022-04-09 13:07:01', + 'update'=>'2022-04-11 13:31:22', 'terms'=>'
diff --git a/public/static/tinyfilemanager/translation.json b/public/static/tinyfilemanager/translation.json index 97e2fab..bc17bd9 100755 --- a/public/static/tinyfilemanager/translation.json +++ b/public/static/tinyfilemanager/translation.json @@ -732,7 +732,7 @@ "code": "de", "translation": { "AppName": "Tiny File Manager", - "AppTitle": "Datei Manager", + "AppTitle": "Dateimanager", "Login": "Einloggen", "Username": "Benutzername", "Password": "Passwort", @@ -748,7 +748,7 @@ "Perms": "Berechtigungen", "Modified": "Geändert", "Owner": "Eigentümer", - "Search": "Suchen", + "Search": "Suchbegriff eingeben", "NewItem": "Neues Element", "Folder": "Ordner", "Delete": "Löschen", @@ -775,16 +775,74 @@ "UnZip": "Entpacken", "UnZipToFolder": "Entpacken im Ordner", "Edit": "Bearbeiten", - "NormalEditor": "Standard Editor", + "NormalEditor": "Standard-Editor", "BackUp": "Backup", "SourceFolder": "Quellordner", "Files": "Dateien", "Change": "Ändern", "Settings": "Einstellungen", "Language": "Sprache", + "Folder is empty": "Ordner ist leer", + "PartitionSize": "Partitionsgröße", + "ErrorReporting": "Fehler-Berichterstattung", + "ShowHiddenFiles": "Versteckte Dateien anzeigen", + "Full size": "Gesamtgröße", + "Help": "Hilfe", + "Free of": "Frei von", + "Preview": "Vorschau", + "Help Documents": "Hilfe anzeigen (Englisch)", + "Report Issue": "Problem melden", + "Generate": "Erzeugen", + "FullSize": "Gesamtgröße", + "FreeOf": "frei von", + "CalculateFolderSize": "Ordnergröße berechnen", + "ProcessID": "Prozess-ID", + "Created": "Erstellt", + "HideColumns": "Spalten Berechtigungen / Besitzer verstecken", + "Generate new password hash": "Password-Hash neu erzeugen", + "Check Latest Version": "Auf neue Version überprüfen", "You are logged in": "Du bist eingeloggt.", "Login failed. Invalid username or password": "Login fehlgeschlagen. Falscher Benutzername oder Passwort.", - "password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version" + "password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version", + "Advanced Search": "Erweiterte Suche", + "Error while copying from": "Fehler beim Kopieren aus", + "Nothing selected": "Nichts ausgewählt", + "Paths must be not equal": "Quell- und Zielpfad dürfen nicht identisch sein", + "Renamed from": "Umbenannt von", + "Archive not unpacked": "Archiv nicht entpackt", + "Deleted": "Gelöscht", + "Archive not created": "Archiv nicht erstellt", + "Copied from": "Kopiert aus", + "Permissions changed": "Berechtigungen geändert", + "to": "nach", + "Saved Successfully": "Erfolgreich gespeichert", + "not found!": "nicht gefunden!", + "File Saved Successfully": "Datei erfolgreich gespeichert", + "Archive": "Archiv", + "Permissions not changed": "Berechtigungen nicht geändert", + "Select folder": "Ordner auswählen", + "Source path not defined": "Quellpfad nicht definiert", + "already exists": "existiert bereits", + "Error while moving from": "Fehler beim Verschieben aus", + "Create archive?": "Archiv erstellen?", + "Invalid file or folder name": "Ungältiger Datei- oder Ordnername", + "Archive unpacked": "Archive entpackt", + "File extension is not allowed": "Dateityp nicht erlaubt", + "Root path": "Quellverzeichnis", + "Error while renaming from": "Fehler beim Umbenennen von", + "File not found": "Datei nicht gefunden", + "Error while deleting items": "Fehler beim Löschen der Objekte", + "Invalid characters in file name": "Unzulässige Zeichen im Dateinamen", + "FILE EXTENSION HAS NOT SUPPORTED": "DATEITYP NICHT UNTERSTÜTZT", + "Selected files and folder deleted": "Ausgewählte Dateien und Ordner gelöscht", + "Error while fetching archive info": "Fehler beim Abrufen der Archiv-Informationen", + "Delete selected files and folders?": "Ausgewählte Dateien und Ordner löschen?", + "Search file in folder and subfolders...": "Suchen in Ordnern und Unterordnern...", + "Access denied. IP restriction applicable": "Zugriff verweigert - IP-Beschränkung.", + "Invalid characters in file or folder name": "Unzulässige Zeichen im Datei- oder Ordnernamen", + "Operations with archives are not available": "Archiv-Funktionen nicht verfägbar", + "File or folder with this path already exists": "Datei oder Ordner mit diesem Pfad existiert bereits", + "Moved from": "Verschoben aus" } }, {