2.7.7 dev

pull/141/head 2.7.7
icret 2023-03-05 11:06:06 +08:00
parent 95a6caf1c6
commit f311863c73
9 changed files with 54 additions and 21 deletions

View File

@ -566,18 +566,22 @@ auto_delete(); //定时删除
</div>
<div class="tab-pane fade" id="Content6">
<div class="col-md-12">
<div class="col-md-5">
<div class="col-md-4">
<h5 class="header-dividing">上传日志 <small>需要开启上传日志</small></h5>
<form class="form-inline" action="../application/viewlog.php" method="post" target="_blank">
<div class="form-group">
<label for="logDate" class="text-primary">选择月份: </label>
<label for="logDate" class="text-primary">月份: </label>
<input type="text" class="form-control logDate" id="logDate" name="logDate" value="<?php echo date('Y-m'); ?>" required="required" readonly>
<input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('YMDH')); ?>" placeholder="日志访问秘钥">
<input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('ymdh')); ?>" placeholder="日志访问秘钥">
</div>
<button type="submit" class="btn btn-primary">查看日志</button>
<button type="submit" class="btn btn-primary">查看</button>
</form>
</div>
<div class="form-group col-md-3">
<div class="col-md-2">
<h5 class="header-dividing">登录日志 <small>仅显示当月</small></h5>
<button type="button" class="btn btn-primary" data-toggle="modal" data-title="登录日志 - 仅显示当月" data-icon="book" data-moveable="true" data-width="60%" data-type="ajax" data-url="../application/viewlog.php?login_log&pass=<?php echo md5($config['password'] . date('ymdh')); ?>">查看</button>
</div>
<div class="col-md-3">
<h5 class="header-dividing" data-toggle="tooltip" title="仅限存储分类路径为 Y/m/d/ 格式<br/>且每天需要访问一次后台才执行<br/>先重命名要删除文件夹作为备份<br/>超过定时日期的2倍后再彻底删除重命名的文件夹<br/>超过定时日期前和开启分离的文件夹不删除">定时删除 <small>数值为<code>0</code>时关闭</small></h5>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<div class="input-group">
@ -588,8 +592,8 @@ auto_delete(); //定时删除
<input type="hidden" class="form-control" name="update" value="<?php echo date("Y-m-d H:i:s"); ?>" placeholder="隐藏的保存">
</form>
</div>
<div class="col-md-4">
<h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '文件 | 占用' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
<div class="col-md-3">
<h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '个 | 占用 ' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<button type="submit" class="btn btn-success" name="delDir" value="cache/" onClick="return confirm('确认要清理缓存?\n* 删除文件夹后将无法恢复! ');"><i class="icon icon-trash"> 清理缓存</i></button>
</form>
@ -1131,7 +1135,7 @@ auto_delete(); //定时删除
<li>直接输入账号和密码即可完成修改</li>
<li>更改后会立即生效并重新登录,请务必牢记账号和密码! </li>
<li>如果忘记账号可以打开-><code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'user'=><strong>admin</strong>'">user</code>对应的键值->填入</li>
<li>如果忘记密码请将密码->转换成MD5小写-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
<li>如果忘记密码请将密码->转换成SHA256-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
</ul>
</div>
</div>
@ -1569,7 +1573,7 @@ auto_delete(); //定时删除
width: 0.1
},
{
label: '密码(md5)',
label: '密码 (SHA256)',
name: 'password',
html: true,
width: 0.2

View File

@ -90,6 +90,9 @@ if (isset($_POST['password']) and isset($_POST['user'])) {
</script>';
header("refresh:2;");
}
// 登录日志
write_login_log($_POST['user'], $_POST['password'], $login["messege"]);
}
?>
<link href="<?php static_cdn(); ?>/public/static/login.css" rel="stylesheet">
@ -160,8 +163,6 @@ if (isset($_POST['password']) and isset($_POST['user'])) {
</form>
<script src="<?php static_cdn(); ?>/public/static/crypto/SHA256.js"></script>
<script>
console.log(SHA256('admin@123'));
function md5_post() {
var password = document.getElementById('password');
var md5pwd = document.getElementById('md5_password');

View File

@ -1 +1 @@
2.7.6
2.7.7

View File

@ -1695,3 +1695,17 @@ function auto_delete()
}
return false;
}
function write_login_log($user, $password, $messege)
{
$log_path = APP_ROOT . '/admin/logs/login/';
$log_file = $log_path . date('/Y-m-') . 'logs.php';
/** 创建日志文件夹及文件 */
if (!is_dir($log_path)) mkdir($log_path, 0755, true);
if (!is_file($log_file)) file_put_contents($log_file, '<?php /** 登录日志 */ exit; ?>' . PHP_EOL, FILE_APPEND | LOCK_EX);
/** 写入日志 */
$log = '时间: ' . date('Y-m-d H:i:s') . ' IP: ' . real_ip() . ' 账号: ' . $user . ' 密码: ' . $password . ' 消息: ' . $messege;
file_put_contents($log_file, $log . PHP_EOL, FILE_APPEND | LOCK_EX);
}

View File

@ -7,13 +7,23 @@
require_once __DIR__ . '/function.php';
// 非管理员不可访问!
if (!is_who_login('admin')) {
exit;
if (!is_who_login('admin')) exit('Permission denied');
// 禁止直接访问
if (empty($_REQUEST['pass']) || $_REQUEST['pass'] !== md5($config['password'] . date('ymdh'))) exit('Authentication error!');
// 登录日志
if (isset($_GET['login_log'])) {
$file = APP_ROOT . '/admin/logs/login/' . date('/Y-m-') . 'logs.php';
echo '<pre class="pre-scrollable" style="background-color: rgba(0, 0, 0, 0);border-color:rgba(0, 0, 0, 0);">';
if (is_file($file)) {
echo file_get_contents($file);
} else {
echo '并未生成登录日志,请检查文件权限!';
}
exit('</pre>');
}
// 禁止直接访问
if (empty($_POST['pass']) || $_POST['pass'] !== md5($config['password'] . date('YMDH'))) exit('Permission denied!');
// 上传日志
require_once APP_ROOT . '/application/header.php';
if (isset($_POST['logDate'])) {

File diff suppressed because one or more lines are too long

View File

@ -1,3 +1,7 @@
* 2023-03-05 v2.7.7 dev
- 增加登录日志
- 修复备用文件管理登录失效
* 2023-03-04 v2.7.6
- 增加限定删除文件目录
- 增加对SVG文件格式过滤

View File

@ -641,7 +641,7 @@ class RexAction
if (empty(RexHelper::$users[$uname])) {
RExplorer::url_redirect('?r=fail', 2, '用户不存在!');
}
if (RexHelper::$users[$uname]['password'] != md5(G('password'))) {
if (RexHelper::$users[$uname]['password'] != hash('sha256', (G('password')))) {
RExplorer::url_redirect('?r=fail', 2, '密码错误!');
}
$_SESSION[RexHelper::$ssid] = array(