parent
95a6caf1c6
commit
f311863c73
|
@ -566,18 +566,22 @@ auto_delete(); //定时删除
|
|||
</div>
|
||||
<div class="tab-pane fade" id="Content6">
|
||||
<div class="col-md-12">
|
||||
<div class="col-md-5">
|
||||
<div class="col-md-4">
|
||||
<h5 class="header-dividing">上传日志 <small>需要开启上传日志</small></h5>
|
||||
<form class="form-inline" action="../application/viewlog.php" method="post" target="_blank">
|
||||
<div class="form-group">
|
||||
<label for="logDate" class="text-primary">选择月份: </label>
|
||||
<label for="logDate" class="text-primary">月份: </label>
|
||||
<input type="text" class="form-control logDate" id="logDate" name="logDate" value="<?php echo date('Y-m'); ?>" required="required" readonly>
|
||||
<input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('YMDH')); ?>" placeholder="日志访问秘钥">
|
||||
<input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('ymdh')); ?>" placeholder="日志访问秘钥">
|
||||
</div>
|
||||
<button type="submit" class="btn btn-primary">查看日志</button>
|
||||
<button type="submit" class="btn btn-primary">查看</button>
|
||||
</form>
|
||||
</div>
|
||||
<div class="form-group col-md-3">
|
||||
<div class="col-md-2">
|
||||
<h5 class="header-dividing">登录日志 <small>仅显示当月</small></h5>
|
||||
<button type="button" class="btn btn-primary" data-toggle="modal" data-title="登录日志 - 仅显示当月" data-icon="book" data-moveable="true" data-width="60%" data-type="ajax" data-url="../application/viewlog.php?login_log&pass=<?php echo md5($config['password'] . date('ymdh')); ?>">查看</button>
|
||||
</div>
|
||||
<div class="col-md-3">
|
||||
<h5 class="header-dividing" data-toggle="tooltip" title="仅限存储分类路径为 Y/m/d/ 格式<br/>且每天需要访问一次后台才执行<br/>先重命名要删除文件夹作为备份<br/>超过定时日期的2倍后再彻底删除重命名的文件夹<br/>超过定时日期前和开启分离的文件夹不删除">定时删除 <small>数值为<code>0</code>时关闭</small></h5>
|
||||
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
|
||||
<div class="input-group">
|
||||
|
@ -588,8 +592,8 @@ auto_delete(); //定时删除
|
|||
<input type="hidden" class="form-control" name="update" value="<?php echo date("Y-m-d H:i:s"); ?>" placeholder="隐藏的保存">
|
||||
</form>
|
||||
</div>
|
||||
<div class="col-md-4">
|
||||
<h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '文件 | 占用' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
|
||||
<div class="col-md-3">
|
||||
<h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '个 | 占用 ' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
|
||||
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
|
||||
<button type="submit" class="btn btn-success" name="delDir" value="cache/" onClick="return confirm('确认要清理缓存?\n* 删除文件夹后将无法恢复! ');"><i class="icon icon-trash"> 清理缓存</i></button>
|
||||
</form>
|
||||
|
@ -1131,7 +1135,7 @@ auto_delete(); //定时删除
|
|||
<li>直接输入账号和密码即可完成修改</li>
|
||||
<li>更改后会立即生效并重新登录,请务必牢记账号和密码! </li>
|
||||
<li>如果忘记账号可以打开-><code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'user'=><strong>admin</strong>'">user</code>对应的键值->填入</li>
|
||||
<li>如果忘记密码请将密码->转换成MD5小写-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
|
||||
<li>如果忘记密码请将密码->转换成SHA256-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1569,7 +1573,7 @@ auto_delete(); //定时删除
|
|||
width: 0.1
|
||||
},
|
||||
{
|
||||
label: '密码(md5)',
|
||||
label: '密码 (SHA256)',
|
||||
name: 'password',
|
||||
html: true,
|
||||
width: 0.2
|
||||
|
|
|
@ -90,6 +90,9 @@ if (isset($_POST['password']) and isset($_POST['user'])) {
|
|||
</script>';
|
||||
header("refresh:2;");
|
||||
}
|
||||
|
||||
// 登录日志
|
||||
write_login_log($_POST['user'], $_POST['password'], $login["messege"]);
|
||||
}
|
||||
?>
|
||||
<link href="<?php static_cdn(); ?>/public/static/login.css" rel="stylesheet">
|
||||
|
@ -160,8 +163,6 @@ if (isset($_POST['password']) and isset($_POST['user'])) {
|
|||
</form>
|
||||
<script src="<?php static_cdn(); ?>/public/static/crypto/SHA256.js"></script>
|
||||
<script>
|
||||
console.log(SHA256('admin@123'));
|
||||
|
||||
function md5_post() {
|
||||
var password = document.getElementById('password');
|
||||
var md5pwd = document.getElementById('md5_password');
|
||||
|
|
|
@ -1 +1 @@
|
|||
2.7.6
|
||||
2.7.7
|
|
@ -1695,3 +1695,17 @@ function auto_delete()
|
|||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function write_login_log($user, $password, $messege)
|
||||
{
|
||||
$log_path = APP_ROOT . '/admin/logs/login/';
|
||||
$log_file = $log_path . date('/Y-m-') . 'logs.php';
|
||||
|
||||
/** 创建日志文件夹及文件 */
|
||||
if (!is_dir($log_path)) mkdir($log_path, 0755, true);
|
||||
if (!is_file($log_file)) file_put_contents($log_file, '<?php /** 登录日志 */ exit; ?>' . PHP_EOL, FILE_APPEND | LOCK_EX);
|
||||
|
||||
/** 写入日志 */
|
||||
$log = '时间: ' . date('Y-m-d H:i:s') . ' IP: ' . real_ip() . ' 账号: ' . $user . ' 密码: ' . $password . ' 消息: ' . $messege;
|
||||
file_put_contents($log_file, $log . PHP_EOL, FILE_APPEND | LOCK_EX);
|
||||
}
|
||||
|
|
|
@ -7,13 +7,23 @@
|
|||
require_once __DIR__ . '/function.php';
|
||||
|
||||
// 非管理员不可访问!
|
||||
if (!is_who_login('admin')) {
|
||||
exit;
|
||||
if (!is_who_login('admin')) exit('Permission denied');
|
||||
// 禁止直接访问
|
||||
if (empty($_REQUEST['pass']) || $_REQUEST['pass'] !== md5($config['password'] . date('ymdh'))) exit('Authentication error!');
|
||||
|
||||
// 登录日志
|
||||
if (isset($_GET['login_log'])) {
|
||||
$file = APP_ROOT . '/admin/logs/login/' . date('/Y-m-') . 'logs.php';
|
||||
echo '<pre class="pre-scrollable" style="background-color: rgba(0, 0, 0, 0);border-color:rgba(0, 0, 0, 0);">';
|
||||
if (is_file($file)) {
|
||||
echo file_get_contents($file);
|
||||
} else {
|
||||
echo '并未生成登录日志,请检查文件权限!';
|
||||
}
|
||||
exit('</pre>');
|
||||
}
|
||||
|
||||
// 禁止直接访问
|
||||
if (empty($_POST['pass']) || $_POST['pass'] !== md5($config['password'] . date('YMDH'))) exit('Permission denied!');
|
||||
|
||||
// 上传日志
|
||||
require_once APP_ROOT . '/application/header.php';
|
||||
|
||||
if (isset($_POST['logDate'])) {
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,3 +1,7 @@
|
|||
* 2023-03-05 v2.7.7 dev
|
||||
- 增加登录日志
|
||||
- 修复备用文件管理登录失效
|
||||
|
||||
* 2023-03-04 v2.7.6
|
||||
- 增加限定删除文件目录
|
||||
- 增加对SVG文件格式过滤
|
||||
|
|
|
@ -641,7 +641,7 @@ class RexAction
|
|||
if (empty(RexHelper::$users[$uname])) {
|
||||
RExplorer::url_redirect('?r=fail', 2, '用户不存在!');
|
||||
}
|
||||
if (RexHelper::$users[$uname]['password'] != md5(G('password'))) {
|
||||
if (RexHelper::$users[$uname]['password'] != hash('sha256', (G('password')))) {
|
||||
RExplorer::url_redirect('?r=fail', 2, '密码错误!');
|
||||
}
|
||||
$_SESSION[RexHelper::$ssid] = array(
|
||||
|
|
Loading…
Reference in New Issue