修复登陆逻辑

README.md

@@ -150,10 +150,11 @@ $HTTP["url"] =~ "^/(i|public)/" {
 <details><summary>点击查看2.0版更新日志</summary>
 
 * 2022-04-02 v2.5.9 deving
+- 增加安装提示
+- 增加检测水印图片/水印字体是否存在
 - 修复广场重复显示图片
 - 调整了广告的位置
 - 调整后台设置分表
-- 增加安装提示
 
 * 2022-04-02 v2.5.8
 - 修复在PHP8环境下的bugs

admin/admin.inc.php

@@ -192,7 +192,7 @@ if (isset($_GET['recycle_reimg'])) {
         <h5>本人仅为程序开源创作,如非法网站使用与本人无关,请勿用于非法用途;</h5>
         <h5>请为本人博客<a class="alert-link" href="https://blog.png.cm/" target="_blank">blog.png.cm</a>加上网址链接,谢谢支持。作为开发者你可以对相应的后台功能进行扩展(增删改相应代码),但请保留代码中相关来源信息(例如: <a class="alert-link" href="https://blog.png.cm/">本人博客</a>,邮箱等)。</h5>
         <a href="https://png.cm/" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-external-link"></i> 演示网站</button></a>
-        <a href="https://www.kancloud.cn/easyimage/easyimage" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-hand-right"></i> 使用手册</button></a>
+        <a href="https://www.kancloud.cn/easyimage/easyimage/content" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-hand-right"></i> 使用手册</button></a>
         <!-- <a href="https://support.qq.com/products/367633" target="_blank"><button type="button" class="btn btn-mini hidden-xs inline-block"><i class="icon icon-bug"></i> 问题反馈</button></a> -->
         <a href="https://qm.qq.com/cgi-bin/qm/qr?k=kpzasY8VdPfrJrpAYdk0rxQJjqddgyAm&jump_from=webapi" target="_blank"><button type="button" class="btn btn-mini"><i class="icon icon-qq"></i> 问题反馈</button></a>
         <a href="../public/images/wechat.jpg" title="您的赞美是我开发的动力!" data-toggle="lightbox" class="btn btn-mini" style="color:#329d38;"><i class="icon icon-wechat"></i> 打赏作者</a>
@@ -692,6 +692,11 @@ if (isset($_GET['recycle_reimg'])) {
                 <p class="text-ellipsis">Browser: <?php echo $_SERVER['HTTP_USER_AGENT']; ?></p>
                 <h5>图床信息</h5>
                 <hr />
+                <h6>API 插件</h6>
+                <a href="https://github.com/icret/EasyImage-Browser-Extension" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="浏览器插件">Edge/Chrome</span></a>
+                <a href="https://www.kancloud.cn/easyimage/easyimage/2625228" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="使用ShareX上传">ShareX</span></a>
+                <a href="https://www.kancloud.cn/easyimage/easyimage/2625229" target="_blank"><span class="label label-badge label-success" data-toggle="tooltip" title="使用PicGo上传">PicGo</span></a>
+                <h6>图床依赖</h6>
                 <p>
                     <?php if (empty($config['TinyPng_key'])) : ?>
                         <span class="label label-badge label-warning" data-toggle="tooltip" title="图片压缩TinyPng未填写">TinyPng</span>
@@ -837,7 +842,7 @@ if (isset($_GET['recycle_reimg'])) {
             <!-- 上传用户管理 start-->
             <hr>
             <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" onsubmit="return uploader_md5_post()">
-                <h5>上传者账号管理 | 开启登录上传后可添加</h5>
+                <h5>上传者账号 | 开启登陆上传后只能上传的账号</h5>
                 <div class="form-group">
                     <div class="input-control has-icon-left" data-toggle="tooltip" title="上传者账号只能上传不能操作其他项目">
                         <input type="text" name="uploader_user" id="account" class="form-control" value="" required="required" placeholder="添加上传者账号" onkeyup="this.value=this.value.replace(/\s/g,'')">

admin/index.php

@@ -15,10 +15,10 @@ if (isset($_REQUEST['code'])) {
 		// 提交登录
 		if (isset($_POST['password']) and isset($_POST['user'])) {
 
+			global $guestConfig;
 			$postUser = strip_tags($_POST['user']);
 			$postPWD = strip_tags($_POST['password']);
 
-			global $guestConfig;
 			if ($postUser == $config['user'] || in_array($postPWD, $guestConfig)) {
 				if ($postPWD == $config['password'] || $postPWD == $guestConfig[$postUser]) {
 					// 将账号密码序列化后存储
@@ -37,15 +37,15 @@ if (isset($_REQUEST['code'])) {
                         new $.zui.Messager("密码错误", {type: "danger" // 定义颜色主题
                         }).show();
                         </script>';
-					exit(header("refresh:1;"));
+					header("refresh:2;");
 				}
 			} else {
 				echo '
 					<script> 
-					$.zui.Messager("用户名错误", {type: "danger" // 定义颜色主题
+                    new $.zui.Messager("账号不存在", {type: "danger" // 定义颜色主题
                     }).show();
                     </script>';
-				exit(header("refresh:2;"));
+				header("refresh:2;");
 			}
 		}
 	} else {
@@ -93,13 +93,13 @@ if (isset($_GET['login'])) {
 	<div class="form-group">
 		<label for="account" class="col-sm-2">账号</label>
 		<div class="has-success col-md-3 col-sm-5">
-			<input type="text" name="user" id="account" class="form-control" value="" placeholder="请输入登录账号">
+			<input type="text" name="user" id="account" class="form-control" value="" placeholder="请输入登录账号" required="required">
 		</div>
 	</div>
 	<div class="form-group">
 		<label for="password" class="col-sm-2">密码</label>
 		<div class="has-success col-md-3 col-sm-5">
-			<input type="password" name="password" id="password" class="form-control" value="" placeholder="请输入登录密码">
+			<input type="password" name="password" id="password" class="form-control" value="" placeholder="请输入登录密码" required="required">
 		</div>
 		<input type="hidden" name="password" id="md5_password">
 	</div>
@@ -107,7 +107,7 @@ if (isset($_GET['login'])) {
 		<label class="col-sm-2">验证码</label>
 		<div class="has-success col-md-3 col-sm-5">
 			<label><img src="<?php echo $config["domain"] . "/application/captcha.php"; ?>" onClick="this.src='<?php echo $config["domain"] . "/application/captcha.php"; ?>?nocache='+Math.random()" title="点击换一张" /></label>
-			<input class="form-control" type="text" name="code" value="" placeholder="请输入上方4位数验证码 - 不区分大小写" />
+			<input class="form-control" type="text" name="code" value="" placeholder="请输入上方4位数验证码 - 不区分大小写" required="required" />
 		</div>
 	</div>
 	<div class="form-group">

api/index.php

@@ -4,11 +4,6 @@ require_once APP_ROOT . '/application/class.upload.php';
 require_once APP_ROOT . '/config/api_key.php';
 
 header('Access-Control-Allow-Origin:*');
-$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字，删除空格;
-
-// 检查api合法性
-check_api($token);
-$tokenID = $tokenList[$token]['id'];
 
 // 黑/白IP名单上传
 if ($config['check_ip']) {
@@ -16,11 +11,26 @@ if ($config['check_ip']) {
         // 上传错误 code:403 未授权IP
         exit(json_encode(array(
             "result"    =>  "failed",
-            "code"      =>  403,
+            "code"      =>  401,
             "message"   =>  "黑名单内或白名单外用户不允许上传",
         )));
     }
 }
+$token = preg_replace('/[\W]/', '', $_POST['token']); // 获取Token并过滤非字母数字，删除空格;
+
+// 检查api合法性
+check_api($token);
+$tokenID = $tokenList[$token]['id'];
+
+if (empty($_FILES['image'])) {
+    exit(json_encode(
+        array(
+            "result"    =>  "NoFile",
+            "code"      =>  402,
+            "message"   =>  "没有选择上传的文件",
+        )
+    ));
+}
 
 $handle = new Upload($_FILES['image'], 'zh_CN');
 
@@ -102,7 +112,7 @@ if ($handle->uploaded) {
         // 鉴黄
         @process_checkImg($imageUrl);
         // 日志
-        if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID);
+        if ($config['upload_logs']) @write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID);
         // 水印        
         @water($handle->file_dst_pathname);
         // 压缩        
@@ -111,7 +121,7 @@ if ($handle->uploaded) {
         // 鉴黄
         @process_checkImg($imageUrl);
         // 日志
-        if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size,$tokenID);
+        if ($config['upload_logs']) write_log($pathIMG, $handle->file_src_name, $handle->file_dst_pathname, $handle->file_src_size, $tokenID);
         // 水印
         @water($handle->file_dst_pathname);
         // 压缩

application/function.php

@@ -62,38 +62,32 @@ function checkLogin()
 
     // 无cookie
     if (empty($_COOKIE['auth'])) {
-        echo '
+        return 201;
-            <script>
-            new $.zui.Messager("请登录后再上传!", {type: "danger" // 定义颜色主题 
-            }).show();
-            </script>';
-        header("refresh:1;url=" . $config['domain'] . "/admin/index.php");
     }
 
-    // 存在cookie 但是cookie错误
+    // 存在cookie
     if (isset($_COOKIE['auth'])) {
+
         $getCOK = unserialize($_COOKIE['auth']);
 
+        // 无法读取cookie
         if (!$getCOK) {
-            echo '
+            return 202;
-                <script> 
-                new $.zui.Messager("密码已更改，请重新登录", {
-					type: "special", // 定义颜色主题 
-					icon: "exclamation-sign" // 定义消息图标
-                }).show();
-                </script>';
-            header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
         }
 
-        if ($getCOK[1] != $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) {
+        // 密码错误
-            echo '
+        if ($getCOK[1] !== $config['password'] && $getCOK[1] !== $guestConfig[$getCOK[0]]) {
-                <script> 
+            return 203;
-                new $.zui.Messager("密码已更改，请重新登录", {
+        }
-					type: "special", // 定义颜色主题 
+
-					icon: "exclamation-sign" // 定义消息图标
+        // 管理员登陆
-                }).show();
+        if ($getCOK[1] == $config['password']) {
-                </script>';
+            return 204;
-            exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php"));
+        }
+
+        // 上传者账号登陆
+        if ($getCOK[1] == $guestConfig[$getCOK[0]]) {
+            return 205;
         }
     }
 }
@@ -105,7 +99,59 @@ function mustLogin()
 {
     global $config;
     if ($config['mustLogin']) {
-        checkLogin();
+
+        switch (checkLogin()) {
+            case 201:
+                echo '
+                <script>
+                new $.zui.Messager("本站已开启登陆上传, 请登录!", {
+                    type: "danger", // 定义颜色主题 
+                    icon: "bullhorn" // 定义消息图标
+                }).show();
+                </script>';
+                header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
+                break;
+            case 202:
+                echo '
+                <script> 
+                new $.zui.Messager("登陆超时，请重新登录", {
+					type: "special", // 定义颜色主题 
+					icon: "exclamation-sign" // 定义消息图标
+                }).show();
+                </script>';
+                header("refresh:2;url=" . $config['domain'] . "/admin/index.php");
+                break;
+            case 203:
+                echo '
+                    <script> 
+                    new $.zui.Messager("密码已更改，请重新登录", {
+                        type: "special", // 定义颜色主题 
+                        icon: "exclamation-sign" // 定义消息图标
+                    }).show();
+                    </script>';
+                exit(header("refresh:2;url=" . $config['domain'] . "/admin/index.php"));
+                break;
+            case 205:
+                echo '
+                    <script> 
+                    new $.zui.Messager("上传者用户已登陆", {
+                        type: "success", // 定义颜色主题 
+                        icon: "check", // 定义消息图标
+                        placement:"bottom-right" // 消息位置
+                    }).show();
+                    </script>';
+                break;
+            case 204:
+                echo '
+                    <script> 
+                    new $.zui.Messager("管理员已登陆", {
+                        type: "success", // 定义颜色主题 
+                        icon: "check", // 定义消息图标
+                        placement:"bottom-right" // 消息位置
+                    }).show();
+                    </script>';
+                break;
+        }
     }
 }
 
@@ -354,7 +400,7 @@ function get_file_by_glob($dir_fileName_suffix, $type = 'list')
                     $res += get_file_by_glob($v . "/*", $type = 'number');
                 }
             }
-        }else{
+        } else {
             $res = 0;
         }
     }
@@ -516,6 +562,9 @@ function is_who_login($user)
     global $guestConfig;
     if (isset($_COOKIE['auth'])) {
         $getCOK = unserialize($_COOKIE['auth']);
+        if (!$getCOK) {
+            return false;
+        }
         if ($user == 'admin') {
             if ($getCOK[1] == $config['password']) return true;
         }

application/upload.php

@@ -5,7 +5,13 @@ require __DIR__ . '/class.upload.php';
 
 // 检查登录
 if ($config['mustLogin']) {
-    checkLogin();
+    if (checkLogin() !== 204 && checkLogin() !== 205) {
+        exit(json_encode(array(
+            "result"    =>  "failed",
+            "code"      =>  401,
+            "message"   =>  "本站已开启登陆上传,您尚未登陆",
+        )));
+    }
 }
 
 // 黑/白IP名单上传

config/config.php

@@ -83,7 +83,7 @@ var _hmt = _hmt || [];
 	'chart_on'=>1,
 	'check_ip'=>0,
 	'check_ip_model'=>0,
-	'check_ip_list'=>'',
+	'check_ip_list'=>'127.0.0.1',
 	'public'=>0,
 	'public_list'=>Array
 		(
@@ -104,7 +104,7 @@ var _hmt = _hmt || [];
 	'delDir'=>'thumbnails/',
 	'hide'=>0,
 	'version'=>'2.5.8',
-	'update'=>'2022-04-09 13:07:01',
+	'update'=>'2022-04-11 13:31:22',
 	'terms'=>'<div class="container">
   <div class="row">
     <div class="col-xs-3">

public/static/tinyfilemanager/translation.json

@@ -732,7 +732,7 @@
       "code": "de",
       "translation": {
         "AppName": "Tiny File Manager",
-        "AppTitle": "Datei Manager",
+        "AppTitle": "Dateimanager",
         "Login": "Einloggen",
         "Username": "Benutzername",
         "Password": "Passwort",
@@ -748,7 +748,7 @@
         "Perms": "Berechtigungen",
         "Modified": "Geändert",
         "Owner": "Eigentümer",
-        "Search": "Suchen",
+        "Search": "Suchbegriff eingeben",
         "NewItem": "Neues Element",
         "Folder": "Ordner",
         "Delete": "Löschen",
@@ -775,16 +775,74 @@
         "UnZip": "Entpacken",
         "UnZipToFolder": "Entpacken im Ordner",
         "Edit": "Bearbeiten",
-        "NormalEditor": "Standard Editor",
+        "NormalEditor": "Standard-Editor",
         "BackUp": "Backup",
         "SourceFolder": "Quellordner",
         "Files": "Dateien",
         "Change": "Ändern",
         "Settings": "Einstellungen",
         "Language": "Sprache",
+        "Folder is empty": "Ordner ist leer",
+        "PartitionSize": "Partitionsgröße",
+        "ErrorReporting": "Fehler-Berichterstattung",
+        "ShowHiddenFiles": "Versteckte Dateien anzeigen",
+        "Full size": "Gesamtgröße",
+        "Help": "Hilfe",
+        "Free of": "Frei von",
+        "Preview": "Vorschau",
+        "Help Documents": "Hilfe anzeigen (Englisch)",
+        "Report Issue": "Problem melden",
+        "Generate": "Erzeugen",
+        "FullSize": "Gesamtgröße",
+        "FreeOf": "frei von",
+        "CalculateFolderSize": "Ordnergröße berechnen",
+        "ProcessID": "Prozess-ID",
+        "Created": "Erstellt",
+        "HideColumns": "Spalten Berechtigungen / Besitzer verstecken",
+        "Generate new password hash": "Password-Hash neu erzeugen",
+        "Check Latest Version": "Auf neue Version überprüfen",
         "You are logged in": "Du bist eingeloggt.",
         "Login failed. Invalid username or password": "Login fehlgeschlagen. Falscher Benutzername oder Passwort.",
-        "password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version"
+        "password_hash not supported, Upgrade PHP version": "password_hash wird nicht unterstützt, aktualisiere die PHP-Version",
+        "Advanced Search": "Erweiterte Suche",
+        "Error while copying from": "Fehler beim Kopieren aus",
+        "Nothing selected": "Nichts ausgewählt",
+        "Paths must be not equal": "Quell- und Zielpfad dürfen nicht identisch sein",
+        "Renamed from": "Umbenannt von",
+        "Archive not unpacked": "Archiv nicht entpackt",
+        "Deleted": "Gelöscht",
+        "Archive not created": "Archiv nicht erstellt",  
+        "Copied from": "Kopiert aus",
+        "Permissions changed": "Berechtigungen geändert",
+        "to": "nach",
+        "Saved Successfully": "Erfolgreich gespeichert",
+        "not found!": "nicht gefunden!",
+        "File Saved Successfully": "Datei erfolgreich gespeichert",
+        "Archive": "Archiv",
+        "Permissions not changed": "Berechtigungen nicht geändert",  
+        "Select folder": "Ordner auswählen",
+        "Source path not defined": "Quellpfad nicht definiert",
+        "already exists": "existiert bereits",
+        "Error while moving from": "Fehler beim Verschieben aus",
+        "Create archive?": "Archiv erstellen?",
+        "Invalid file or folder name": "Ungältiger Datei- oder Ordnername",
+        "Archive unpacked": "Archive entpackt",
+        "File extension is not allowed": "Dateityp nicht erlaubt",
+        "Root path": "Quellverzeichnis",
+        "Error while renaming from": "Fehler beim Umbenennen von",
+        "File not found": "Datei nicht gefunden",
+        "Error while deleting items": "Fehler beim Löschen der Objekte",
+        "Invalid characters in file name": "Unzulässige Zeichen im Dateinamen",
+        "FILE EXTENSION HAS NOT SUPPORTED": "DATEITYP NICHT UNTERSTÜTZT",
+        "Selected files and folder deleted": "Ausgewählte Dateien und Ordner gelöscht",
+        "Error while fetching archive info": "Fehler beim Abrufen der Archiv-Informationen",
+        "Delete selected files and folders?": "Ausgewählte Dateien und Ordner löschen?",
+        "Search file in folder and subfolders...": "Suchen in Ordnern und Unterordnern...",
+        "Access denied. IP restriction applicable": "Zugriff verweigert - IP-Beschränkung.",
+        "Invalid characters in file or folder name": "Unzulässige Zeichen im Datei- oder Ordnernamen",
+        "Operations with archives are not available": "Archiv-Funktionen nicht verfägbar",
+        "File or folder with this path already exists": "Datei oder Ordner mit diesem Pfad existiert bereits",
+        "Moved from": "Verschoben aus"
       }
     },
     {