v2.0.24-20230605

system/MySQL/20230605.php

@@ -0,0 +1,17 @@
+<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}
+$sql ="
+ALTER TABLE `global_user` CHANGE `RegIP` `RegIP` VARCHAR( 64 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '注册IP';
+ALTER TABLE `user_apply` CHANGE `ip` `ip` VARCHAR( 64 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT 'ip';
+ALTER TABLE `user_apply` CHANGE `ua` `ua` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '浏览器UA';
+ALTER TABLE `user_share` CHANGE `description` `description` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '备注';
+ALTER TABLE `user_log` CHANGE `ip` `ip` VARCHAR( 64 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT '' COMMENT '请求ip';
+ALTER TABLE `user_log` CHANGE `description` `description` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '描述';
+ALTER TABLE `user_login_info` CHANGE `ip` `ip` VARCHAR( 64 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '登录IP';
+ALTER TABLE `user_login_info` CHANGE `ua` `ua` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT '浏览器UA';
+
+";
+if(exe_sql($sql)){
+    insert_db('updatadb_logs',['file_name'=>$file_name,'update_time'=>time(),'status'=>'TRUE','extra'=>'']);
+}else{
+    msg(-1,'数据库更新失败');
+}

system/MySQL/install.sql

@@ -45,6 +45,7 @@ CREATE TABLE IF NOT EXISTS `updatadb_logs` (
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230417.php', '1681719049', 'TRUE', '');
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230420.php', '1681977368', 'TRUE', '');
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230518.php', '1684393068', 'TRUE', '');
+INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230522.php', '1684762253', 'TRUE', '');
 
 -- 创建用户表
 DROP TABLE IF EXISTS `global_user`;
@@ -57,7 +58,7 @@ CREATE TABLE IF NOT EXISTS `global_user` (
   `Email` varchar(32) NOT NULL COMMENT '邮箱',
   `SecretKey` varchar(32) NOT NULL DEFAULT '' COMMENT 'SecretKey',
   `Token` varchar(32) NOT NULL DEFAULT '' COMMENT 'Token',
-  `RegIP` varchar(15) NOT NULL COMMENT '注册IP',
+  `RegIP` varchar(64) NOT NULL DEFAULT '' COMMENT '注册IP',
   `RegTime` int(10) UNSIGNED NOT NULL COMMENT '注册时间',
   `Login` varchar(16) NOT NULL COMMENT '登录入口',
   `LoginConfig` text NOT NULL COMMENT '登陆配置',
@@ -130,8 +131,8 @@ CREATE TABLE IF NOT EXISTS `user_login_info` (
   `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
   `uid` int(10) UNSIGNED NOT NULL COMMENT '用户id',
   `user` varchar(32) NOT NULL COMMENT '用户名',
-  `ip` varchar(15) NOT NULL COMMENT '登录IP',
-  `ua` varchar(256) NOT NULL COMMENT '浏览器UA',
+  `ip` varchar(64) NOT NULL DEFAULT '' COMMENT '登录IP',
+  `ua` TEXT NOT NULL DEFAULT '' COMMENT '浏览器UA',
   `login_time` int(10) UNSIGNED NOT NULL COMMENT '登录时间',
   `last_time` int(10) UNSIGNED NOT NULL COMMENT '最后访问时间',
   `expire_time` int(10) UNSIGNED NOT NULL COMMENT '过期时间',
@@ -145,11 +146,11 @@ CREATE TABLE IF NOT EXISTS `user_log` (
   `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
   `uid` int(10) UNSIGNED NOT NULL COMMENT '用户id',
   `user` varchar(32) NOT NULL COMMENT '用户名',
-  `ip` varchar(15) NOT NULL COMMENT '请求ip',
+  `ip` varchar(64) NOT NULL DEFAULT '' COMMENT '请求ip',
   `time` varchar(13) NOT NULL COMMENT '请求时间',
   `type` varchar(16) NOT NULL COMMENT '日志类型',
   `content` text NOT NULL COMMENT '请求内容',
-  `description` varchar(128) NOT NULL COMMENT '描述',
+  `description` text NOT NULL DEFAULT '' COMMENT '描述',
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COMMENT='日志';
 
@@ -191,7 +192,8 @@ INSERT INTO `purview_list` (`code`, `name`, `description`) VALUES
 ('guestbook', '留言板', '允许使用留言板功能'),
 ('link_extend', '链接扩展', '允许使用链接扩展字段'),
 ('theme_in', '主题设置', '后台显示主题设置菜单'),
-('theme_set', '主题配置', '允许自定义主题配置');
+('theme_set', '主题配置', '允许自定义主题配置'),
+('icon_pull', '图标拉取', '允许用户拉取链接图标');
 
 -- 注册码列表
 DROP TABLE IF EXISTS `regcode_list`;
@@ -228,9 +230,9 @@ CREATE TABLE IF NOT EXISTS `user_apply` (
   `iconurl` varchar(512) NOT NULL COMMENT '图标url',
   `title` varchar(512) NOT NULL COMMENT '标题',
   `url` varchar(512) NOT NULL COMMENT '链接',
-  `ip` varchar(16) NOT NULL DEFAULT '' COMMENT 'ip',
+  `ip` varchar(64) NOT NULL DEFAULT '' COMMENT 'ip',
   `email` varchar(128) NOT NULL DEFAULT '' COMMENT '邮箱',
-  `ua` varchar(512) NOT NULL DEFAULT '' COMMENT '浏览器UA',
+  `ua` TEXT NOT NULL DEFAULT '' COMMENT '浏览器UA',
   `time` int(10) NOT NULL DEFAULT '0' COMMENT '时间',
   `state` int(1) NOT NULL DEFAULT '0' COMMENT '状态',
   `category_id` int(10) NOT NULL DEFAULT '0' COMMENT '分类id',
@@ -251,7 +253,7 @@ CREATE TABLE IF NOT EXISTS `user_share` (
   `up_time` Bigint(13) NOT NULL DEFAULT '0' COMMENT '修改时间',
   `expire_time` Bigint(13) UNSIGNED NOT NULL DEFAULT '0' COMMENT '到期时间',
   `views` Bigint(13) NOT NULL DEFAULT '0' COMMENT '浏览数',
-  `description` varchar(13) NOT NULL DEFAULT '' COMMENT '备注',
+  `description` TEXT NOT NULL DEFAULT '' COMMENT '备注',
   `type` int(1) NOT NULL COMMENT '类型',
   `data` text NOT NULL COMMENT '数据',
   `pv` int(1) NOT NULL COMMENT '私有可见',

system/SQLite/install.sql

@@ -37,6 +37,8 @@ CREATE TABLE IF NOT EXISTS "updatadb_logs" (
 );
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230417.php', '1681719049', 'TRUE', '');
 INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230420.php', '1681977368', 'TRUE', '');
+INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230522.php', '1684762253', 'TRUE', '');
+INSERT INTO "updatadb_logs" ("file_name", "update_time", "status", "extra") VALUES ('20230605.php', '1685960298', 'TRUE', '');
 
 -- 创建用户表
 CREATE TABLE IF NOT EXISTS "global_user" (
@@ -48,7 +50,7 @@ CREATE TABLE IF NOT EXISTS "global_user" (
   "Email" TEXT(32) NOT NULL,
   "SecretKey" TEXT(32) NOT NULL DEFAULT "",
   "Token" TEXT(32) NOT NULL DEFAULT "",
-  "RegIP" TEXT(15) NOT NULL,
+  "RegIP" TEXT(64) NOT NULL DEFAULT "",
   "RegTime" integer(10) NOT NULL,
   "Login" TEXT(16) NOT NULL,
   "LoginConfig" TEXT NOT NULL,
@@ -107,8 +109,8 @@ CREATE TABLE IF NOT EXISTS "user_login_info" (
   "id" integer NOT NULL PRIMARY KEY AUTOINCREMENT,
   "uid" integer(10) NOT NULL,
   "user" TEXT(32) NOT NULL,
-  "ip" TEXT(15) NOT NULL,
-  "ua" TEXT(256) NOT NULL,
+  "ip" TEXT(64) NOT NULL,
+  "ua" TEXT NOT NULL,
   "login_time" integer(10) NOT NULL,
   "last_time" integer(10) NOT NULL,
   "expire_time" integer(10) NOT NULL,
@@ -120,11 +122,11 @@ CREATE TABLE IF NOT EXISTS "user_log" (
   "id" integer NOT NULL PRIMARY KEY AUTOINCREMENT,
   "uid" integer(10) NOT NULL,
   "user" TEXT(32) NOT NULL,
-  "ip" TEXT(15) NOT NULL,
+  "ip" TEXT(64) NOT NULL,
   "time" TEXT(13) NOT NULL,
   "type" TEXT(16) NOT NULL,
   "content" TEXT NOT NULL,
-  "description" TEXT(128) NOT NULL
+  "description" TEXT NOT NULL
 );
 
 -- 用户组
@@ -163,7 +165,8 @@ INSERT INTO `purview_list` (`code`, `name`, `description`) VALUES
 ('guestbook', '留言板', '允许使用留言板功能'),
 ('link_extend', '链接扩展', '允许使用链接扩展字段'),
 ('theme_in', '主题设置', '后台显示主题设置菜单'),
-('theme_set', '主题配置', '允许自定义主题配置');
+('theme_set', '主题配置', '允许自定义主题配置'),
+('icon_pull', '图标拉取', '允许用户拉取链接图标');
 
 -- 注册码列表
 CREATE TABLE IF NOT EXISTS "regcode_list" (
@@ -197,8 +200,8 @@ CREATE TABLE IF NOT EXISTS "user_apply" (
   "title" TEXT(512) DEFAULT "",
   "url" TEXT(512) DEFAULT "",
   "email" TEXT(128) DEFAULT "",
-  "ip" TEXT(16) DEFAULT "",
-  "ua" TEXT(512) DEFAULT "",
+  "ip" TEXT(64) DEFAULT "",
+  "ua" TEXT DEFAULT "",
   "time" integer DEFAULT "0",
   "state" integer DEFAULT "0",
   "category_id" INTEGER DEFAULT "0",
@@ -217,7 +220,7 @@ CREATE TABLE IF NOT EXISTS "user_share" (
   "up_time" integer(13) DEFAULT "0",
   "expire_time" integer(13) DEFAULT "0",
   "views" integer(13) DEFAULT "0",
-  "description" TEXT(13) DEFAULT "",
+  "description" TEXT DEFAULT "",
   "type" integer(1) NOT NULL,
   "data" TEXT,
   "pv" integer(1) DEFAULT "0"

system/api.php

@@ -766,7 +766,7 @@ function write_security_setting(){
     global $USER_DB;
     if($USER_DB['Password'] !== Get_MD5_Password($_POST['Password'],$USER_DB['RegTime'])){
         msg(-1,'密码错误,请核对后再试！');
-    }elseif( $_POST['KeyClear'] > $_POST['Session']){
+    }elseif( intval($_POST['Session']) > 0 && intval($_POST['KeyClear']) > intval($_POST['Session'])){
         msg(-1,'Key清理时间不能大于登录保持时间');
     }
     
@@ -1137,6 +1137,9 @@ function write_theme(){
         }else{
             msg(-1,"获取程序版本异常");
         }
+        if(!is_writable('./templates')){
+            msg(-1,"检测到模板目录不可写<br />请检查templates目录权限<br />宝塔面板请注意所有者为www<br />其他疑问请联系技术支持");
+        }
         //从数据库查找主题信息
         $template = get_db('global_config','v',['k'=> 'theme_'.$fn.'_cache']);
         if(empty($template)){
@@ -1156,7 +1159,10 @@ function write_theme(){
         }
         
         //下载主题包
-        if (!is_dir('./data/temp')) mkdir('./data/temp',0755,true) or msg(-1,'下载失败,创建临时[/data/temp]目录失败');
+        if(!is_dir('./data/temp')) mkdir('./data/temp',0755,true) or msg(-1,'下载失败,创建临时[/data/temp]目录失败');
+        if(!is_writable('./data/temp')){
+            msg(-1,"检测到临时目录不可写<br />请检查data/temp目录权限<br />宝塔面板请注意所有者为www<br />其他疑问请联系技术支持");
+        }
         $data = $key;
         foreach($data['url'] as $url){
             if(downFile( $url , $file , DIR.'/data/temp/')){
@@ -1280,7 +1286,7 @@ function read_login_info(){
     $limit  = empty(intval($_REQUEST['limit'])) ? 50 : intval($_REQUEST['limit']);
     $offset = ($page - 1) * $limit; //起始行号
     $where["uid"] = UID;
-    $where["cookie_key[!]"] = md5($_COOKIE[U.'_key']);
+    //$where["cookie_key[!]"] = md5($_COOKIE[U.'_key']); //不显示当前设备
     //统计条数
     $count = count_db('user_login_info',$where);
     //权重排序(数字小的排前面)
@@ -1289,7 +1295,10 @@ function read_login_info(){
     $where['LIMIT'] = [$offset,$limit];
     //查询
     $datas = select_db('user_login_info',['id','ip','ua','login_time','last_time','expire_time'],$where);
-    msgA(['code'=>1,'msg'=>'获取成功','count'=>$count,'data'=>$datas]);
+    //获取当前登录ID,用于前端标记
+    $where["cookie_key"] = md5($_COOKIE[U.'_key']); 
+    $current_id = get_db('user_login_info','id',$where);
+    msgA(['code'=>1,'msg'=>'获取成功','count'=>$count,'data'=>$datas,'current_id'=>$current_id]);
 }
 
 //写登录信息

system/login.php

@@ -31,7 +31,7 @@ if(!isset($User)){
 }elseif($c != $global_config["Login"] && $c != $USER_DB['Login'] ){
     update_db("user_log", ["description" => "请求登录>登录入口错误"], ["id"=>$log_id]);
     msg(-1,"登录入口错误");
-}elseif(strlen($_SERVER['HTTP_USER_AGENT'])>256){
+}elseif(strlen($_SERVER['HTTP_USER_AGENT'])>1024){
     update_db("user_log", ["description" => "请求登录>浏览器UA长度异常"], ["id"=>$log_id]);
     msg(-1,"浏览器UA长度异常,请更换浏览器!");
 }

system/public.php

@@ -335,23 +335,40 @@ function Get_ExpireTime($day =30){
 }
 //验证登录
 function is_login(){
-    global $USER_DB,$db;
+    global $USER_DB;
     $time = time();
     $LoginConfig = unserialize($USER_DB['LoginConfig']);
     
-    //清理间隔30分钟(1800秒)
-    if( ($USER_DB['kct'] + 1800) < $time ){
-        $lt = $time - ($LoginConfig['KeyClear'] * 24 * 60 * 60);
-        $where =  ["AND" => 
-            [
-              "uid" => $USER_DB['ID'],
-		      "OR" => ["expire_time[<]" => $time,"last_time[<]" => $lt]
-	        ]
-        ];
+    function delete_expired_info($time,$LoginConfig){
+        global $USER_DB;
+        if(empty($LoginConfig['Session'])){
+            $where = [ 
+                "uid" => $USER_DB['ID'],
+                //"expire_time" => 0,
+                "OR" => [
+                    "last_time[<]" => strtotime('-1 day'),
+                    "login_time[<]" => strtotime('-15 day')
+                ]
+            ];
+        }else{
+            $where = [ 
+                "uid" => $USER_DB['ID'],
+                "OR" => [
+                    "expire_time[<]" => $time,
+                    "last_time[<]" => strtotime("-{$LoginConfig['KeyClear']} day")
+                ]
+            ];
+        }
+        //var_dump(select_db('user_login_info','*',$where),$where);exit;
         delete_db("user_login_info", $where); //清理到期Key
         update_db("global_user",["kct"=>$time],["User" => $USER_DB['User']]); //记录清理时间
     }
     
+    //清理间隔30分钟(1800秒)
+    if( ($USER_DB['kct'] + 1800) < $time ){
+        delete_expired_info($time,$LoginConfig);
+    }
+    
     //查询登录信息
     $where = ["cookie_key"=>md5($_COOKIE[U.'_key']),"uid"=>$USER_DB['ID']];
     $info =  get_db("user_login_info", "*", $where);
@@ -359,26 +376,22 @@ function is_login(){
     //没找到返回未登录
     if(empty($info)){return false;}
     
-
-    
     //UA验证
     if($LoginConfig['KeySecurity'] > 0 && $_SERVER['HTTP_USER_AGENT'] != $info['ua']){return false;}
     //IP验证
     if($LoginConfig['KeySecurity'] > 1 && Get_IP() != $info['ip']){return false;}
     
-    //到期验证(同时重新计算)
-    if( $info['expire_time'] != 0 && ($time > $info['expire_time'] || $time > ($info['login_time'] + ($LoginConfig['Session'] * 24 * 60 * 60) )  )){
-        delete_db("user_login_info", $where);
-        return false;
-    }
-    //会话Key验证(没有到期时间时如果距上次访问时间大于24小时认为无效)
-    if($info['expire_time'] == 0 &&  ($info['last_time'] + 86400) < $time){
-        delete_db("user_login_info", $where);
-        return false;
-    }//有到期时间,且开启了Key清理
-    elseif($LoginConfig['KeyClear'] != 0 && ($info['last_time'] + ($LoginConfig['KeyClear'] * 24 * 60 * 60)) < $time ){
-        delete_db("user_login_info", $where);
-        return false;
+    //根据登录保持选项来判断key是否有效
+    if(empty($LoginConfig['Session'])){ //浏览器关闭时
+        if($info['last_time'] < strtotime('-1 day') || $info['login_time'] < strtotime('-15 day')){ //上次访问超过1天 或 登录时间超过15天
+            delete_expired_info($time,$LoginConfig);
+            return false;
+        }
+    }else{ //保持天数(已到期或上次访问时间超时)
+        if($info['expire_time'] < $time || $info['last_time'] < strtotime("-{$LoginConfig['KeyClear']} day")){ 
+            delete_expired_info($time,$LoginConfig);
+            return false;
+        }
     }
     
     //Key验证

system/version.txt

@@ -1 +1 @@
-v2.0.23-20230527
+v2.0.24-20230606