v2.5.6

2025-12-13 11:43:58 +08:00 · 2022-03-14 17:52:21 +08:00
parent d2ce0a2470
commit 699b4451ce
12 changed files with 123 additions and 44 deletions
--- a/application/check_admin.inc.php
+++ b/application/check_admin.inc.php
@@ -29,7 +29,7 @@ if ($config['password'] === 'e6e061838856bf47e1de730719fb2609') {
    <script>
    new $.zui.Messager("请修改默认密码,否则会有泄露风险! ",{
        type: "warning", // 定义颜色主题 
-        time:7000
+        time:6000
    }).show();
    </script>
    ';
@@ -83,14 +83,26 @@ if ($configp['checkImg'] !== 0) {
 if (file_exists(APP_ROOT . '/.user.ini')) {
    echo '
    <script>
-        new $.zui.Messager("请关闭防跨目录读写或删除.user.ini文件 ",{
+        new $.zui.Messager("请关闭防跨目录读写或删除.user.ini文件",{
            type: "danger", // 定义颜色主题 
-            time:10000
+            time:7000
        }).show();
    </script>
    ';
 }

+// 检查当前版本与GitHub版本
+if (@getVersion() !== $config['version']) {
+    echo '
+    <script>
+    new $.zui.Messager("当前版本与GitHub不一致,请检查当前是否最新版本!",{
+        type: "danger", // 定义颜色主题 
+        time:9000
+    }).show();
+    </script>
+    ';
+}
+
 // 检测是否开启登录上传
 if ($config['mustLogin']) {
    echo '
--- a/application/function.php
+++ b/application/function.php
@@ -372,11 +372,16 @@ function getActive($url)
 * 加密/解密图片路径
 * @param string $data 要加密的内容
 * @param int $mode =1或0  1解密 0加密
+ * @param String $key 盐
 */
-function urlHash($data, $mode)
+function urlHash($data, $mode, $key = null)
 {
    global $config;
-    $key = $config['password'];
+
+    if ($key) {
+        $key = $config['password'];
+    }
+
    $iv = 'sciCuBC7orQtDhTO';
    if ($mode) {
        return openssl_decrypt(base64_decode($data), "AES-128-CBC", $key, 0, $iv);
--- a/application/hide.php
+++ b/application/hide.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * Program: EasyImage2.0
+ * Author: Icret
+ * Date: 2022/3/13 20:11
+ * For: 原图保护解密
+ */
+
+require_once __DIR__ . '/function.php';
+
+if (isset($_GET['key'])) {
+    $hide_original = $_GET['key'];
+    $real_path =  APP_ROOT . urlHash($hide_original, 1, crc32($config['password']));
+} else {
+    $real_path = APP_ROOT . '/public/images/404.png';
+}
+
+// 文件不存在
+if (!is_file($real_path)) {
+    $real_path = APP_ROOT . '/public/images/404.png';
+}
+
+// 获取文件后缀
+$ex = pathinfo($real_path, PATHINFO_EXTENSION);
+
+// 设置头
+header("Content-Type: image/" . $ex . ";text/html; charset=utf-8");
+
+//输出文件
+echo file_get_contents($real_path);
+
+exit;
--- a/application/upload.php
+++ b/application/upload.php
@@ -64,6 +64,9 @@ if ($handle->uploaded) {
        $pathIMG = config_path() . $handle->file_dst_name;
        $imageUrl = $config['imgurl'] . $pathIMG;

+        // 原图保护 key值是由crc32加密的登录密码
+        $hide_original = $config['hide'] == 1 ? $config['domain'] . '/application/hide.php?key=' . urlHash($pathIMG, 0, crc32($config['password'])) : $imageUrl;
+
        // 关闭上传后显示加密删除链接
        if ($config['show_user_hash_del']) {
            // 判断PHP版本启用删除
@@ -79,7 +82,7 @@ if ($handle->uploaded) {
        $reJson = array(
            "result"    => "success",
            "code"      => 200,
-            "url"       => $imageUrl,
+            "url"       => $hide_original,
            "srcName"   => $handle->file_src_name_body,
            "thumb"     => $config['domain'] . '/application/thumb.php?img=' . $pathIMG,
            "del"       => $delUrl,
@@ -95,7 +98,6 @@ if ($handle->uploaded) {
        );
        unset($handle);
        header('Content-Type:application/json; charset=utf-8');
-        unset($handle);
        exit(json_encode($reJson, JSON_UNESCAPED_UNICODE));
    }