v2.0.29-20230705

system/ATool.php

@@ -218,7 +218,7 @@ function echo_Atool(){
 <head>
     <meta charset="UTF-8">
     <title>ATool 工具箱</title>
-    <link rel="stylesheet" href="../static/Layui/v2.8.3/css/layui.css">
+    <link rel="stylesheet" href="../static/Layui/v2.8.10/css/layui.css">
     <style>
         html, body {min-width: 1200px;background-color: #fff;position: relative;}
         .page-wrapper {width: 1200px;margin: 0 auto;padding: 0 15px;}
@@ -269,7 +269,7 @@ function echo_Atool(){
         <a class="layui-btn layui-btn-primary layui-btn-xs" lay-event="set_user_name">改账号</a>
     </div>
 </script>
-<script src="../static/Layui/v2.8.3/layui.js"></script>
+<script src="../static/Layui/v2.8.10/layui.js"></script>
 <script src="../static/jquery/jquery-3.6.0.min.js"></script>
 <script src="../static/jquery/jquery.md5.js"></script>
 <script src="../templates/admin/js/public.js?v=<?php echo time();?>"></script>
@@ -398,7 +398,7 @@ function echo_verify(){ ?>
 <head>
     <meta charset="UTF-8">
     <title>ATool 工具箱</title>
-    <link rel="stylesheet" href="../static/Layui/v2.8.3/css/layui.css">
+    <link rel="stylesheet" href="../static/Layui/v2.8.10/css/layui.css">
     <link rel="stylesheet" href="../static/Other/login.css">
 </head>
 <body>
@@ -423,7 +423,7 @@ function echo_verify(){ ?>
     </div>
 </div>
 <script src = "../static/jquery/jquery-3.6.0.min.js"></script>
-<script src = "../static/Layui/v2.8.3/layui.js"></script>
+<script src = "../static/Layui/v2.8.10/layui.js"></script>
 <script src = '../static/jquery/jquery.md5.js'></script>
 <script>
     layui.use(['form','jquery'], function () {

system/MySQL/install.sql

@@ -260,3 +260,16 @@ CREATE TABLE IF NOT EXISTS `user_share` (
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
+-- 图标缓存
+CREATE TABLE IF NOT EXISTS `global_icon` (
+  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
+  `url_md5` varchar(32) NOT NULL COMMENT 'url_md5',
+  `url` text NOT NULL COMMENT 'url',
+  `ico_url` text NOT NULL COMMENT 'url_ico',
+  `add_time` int(10) UNSIGNED NOT NULL COMMENT '创建时间',
+  `update_time` int(10) UNSIGNED NOT NULL COMMENT '更新时间',
+  `file_name` text NOT NULL COMMENT '文件名',
+  `file_mime` text NOT NULL COMMENT 'MIME类型',
+  `extend` text NOT NULL COMMENT '预留扩展',
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4;

system/SQLite/install.sql

@@ -38,7 +38,6 @@ CREATE TABLE IF NOT EXISTS "updatadb_logs" (
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230417.php', '1681719049', 'TRUE', '');
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230420.php', '1681977368', 'TRUE', '');
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230522.php', '1684762253', 'TRUE', '');
-INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230605.php', '1685960298', 'TRUE', '');
 
 -- 创建用户表
 CREATE TABLE IF NOT EXISTS "global_user" (
@@ -225,3 +224,18 @@ CREATE TABLE IF NOT EXISTS "user_share" (
   "data" TEXT,
   "pv" integer(1) DEFAULT "0"
 );
+
+-- 图标缓存
+CREATE TABLE IF NOT EXISTS "global_icon" (
+  "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  "url_md5" text(32) NOT NULL DEFAULT "",
+  "url" text NOT NULL DEFAULT "",
+  "ico_url" text NOT NULL DEFAULT "",
+  "add_time" integer(10) NOT NULL,
+  "update_time" integer(10) NOT NULL,
+  "file_name" text NOT NULL DEFAULT "",
+  "file_mime" text NOT NULL DEFAULT "",
+  "extend" text NOT NULL DEFAULT "",
+  CONSTRAINT "id" UNIQUE ("id" ASC)
+);
+

system/admin.php

@@ -221,7 +221,7 @@ if ($page == 'menu') {
           [
             ['title'=>'系统设置','href'=>'root/sys_setting','icon'=>'fa fa-gears'],
             ['title'=>'授权管理','href'=>'root/vip','icon'=>'fa fa-diamond'],
-            ['title'=>'默认设置','href'=>'root/default_setting','icon'=>'fa fa-heart-o'],
+            //['title'=>'默认设置','href'=>'root/default_setting','icon'=>'fa fa-heart-o'],
             ['title'=>'用户管理','href'=>'root/user_control','icon'=>'fa fa-user'],
             ['title'=>'用户分组','href'=>'root/users_control','icon'=>'fa fa-users'],
             ['title'=>'注册管理','href'=>'root/reg_control','icon'=>'fa fa-user-plus'],
@@ -269,6 +269,7 @@ function load_static($type){
     }elseif($type == 'js.layui'){
         echo 
 '<script src="'.$GLOBALS['layui']['js'].'" charset="utf-8"></script>
+<script src="./templates/admin/js/lay-config.js?v='.$GLOBALS['Ver'].'" charset="utf-8"></script>
 <script>layui.config({version:"'.$GLOBALS['Ver'].'"})</script>
 ';
     }

system/api.php

@@ -1559,7 +1559,16 @@ function read_data(){
         msg(1,$log);
     //输出phpinfo信息
     }elseif($_GET['type'] == 'phpinfo'){
-        phpinfo();
+        session_start();
+        if($_SESSION['phpinfo_id'] != $_GET['pid']){
+            exit('验证失败,请刷新页面后重试!');
+        }elseif(Get_MD5_Password($_GET["p"],$GLOBALS['USER_DB']["RegTime"]) === $GLOBALS['USER_DB']["Password"]){
+            $_COOKIE = [];
+            $_SERVER['HTTP_COOKIE'] = 'privacy';
+            phpinfo();
+        }else{
+            exit('密码验证失败,请重试!');
+        }
     }
 }
 

system/api_root.php

@@ -547,6 +547,7 @@ function write_sys_settings(){
         'global_header'=>['empty'=>true],
         'global_footer'=>['empty'=>true],
         'api_extend'=>['empty'=>true],
+        'c_code'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'自定义代码参数错误'],
         //更新设置
         'Update_Source'=>['empty'=>true],
         'Update_Overtime'=>['int'=>true,'min'=>3,'max'=>60,'msg'=>'资源超时参数错误'],

system/index.php

@@ -10,6 +10,10 @@ if(!is_login && ($global_config['Privacy'] == 1 || !check_purview('Common_home',
 }
 //载入站点设置
 $site = unserialize(get_db('user_config','v',['uid'=>UID,'k'=>'s_site']));
+//如果没有权限则清除自定义代码
+if(!check_purview('header',1)){$site['custom_header'] = '';}
+if(!check_purview('footer',1)){$site['custom_footer'] = '';}
+
 $site['Title']  =  $site['title'].(empty($site['subtitle'])?'':' - '.$site['subtitle']);
 //免费用户请保留版权,谢谢!
 $copyright = empty($global_config['copyright'])?'<a target="_blank" href="https://gitee.com/tznb/TwoNav">Copyright © TwoNav</a>':$global_config['copyright'];

system/install.php

@@ -4,8 +4,8 @@ if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Fou
 //初始化
 session_name('TwoNav_initial');
 session_start();
-$layui['js']  = './static/Layui/v2.8.3/layui.js';
-$layui['css'] = './static/Layui/v2.8.3/css/layui.css';
+$layui['js']  = './static/Layui/v2.8.10/layui.js';
+$layui['css'] = './static/Layui/v2.8.10/css/layui.css';
 
 //判断请求类型
 if($_SERVER['REQUEST_METHOD'] === 'POST'){
@@ -284,7 +284,7 @@ function Write_Config(){
     //写站点配置
     $o_config['Login'] = 'login'; //登录入口
     $o_config['Register'] = 'register'; //注册入口
-    $o_config['RegOption'] = '1'; //注册配置
+    $o_config['RegOption'] = '0'; //注册配置
     $o_config['Libs'] = './static'; //静态库路径
     $o_config['Default_User'] = $_POST['User']; //默认用户
     $o_config['XSS_WAF'] = '1'; //防XSS脚本
@@ -294,6 +294,7 @@ function Write_Config(){
     $o_config['Maintenance'] = '0'; //维护模式
     $o_config['Sub_domain'] = '0'; //二级域名
     $o_config['copyright'] = ''; //版权信息
+    $o_config['c_code'] = '0'; //禁用默认用户使用自定义代码
     
     insert_db("global_config", ["k" => "o_config","v" => $o_config,"d" => '网站配置']);  
     

system/public.php

@@ -642,6 +642,10 @@ function is_Duplicated($array, $field){
 //检查权限(有权限返回true 没有权限时根传递参数1是返回false 2是直接返回错误信息)
 function check_purview($name,$return_type){
     global $USER_DB;
+    //230705新增,禁止判断默认用户是否可以使用自定义代码
+    if($USER_DB['UserGroup'] == 'default' && $GLOBALS['global_config']['c_code'] != '1' && ( $name == 'header' || $name == 'footer' )){
+        return false;
+    }
     if($USER_DB['UserGroup'] == 'root' || $USER_DB['UserGroup'] == 'default'){
         return true;
     }

system/version.txt

@@ -1 +1 @@
-v2.0.28-20230624
+v2.0.29-20230705