v2.1.08-20231219

2025-08-10 08:51:49 +00:00 · 2023-12-21 01:36:27 +08:00
parent f2ce9c4eef
commit b856c288b9
27 changed files with 204 additions and 465 deletions
--- a/index.php
+++ b/index.php
@@ -35,8 +35,8 @@ if($db_config['type'] == 'sqlite'){
 $global_config = unserialize( get_db("global_config", "v", ["k" => "o_config"]) ); //全局配置
 $c = Get('c');
 $libs = $global_config['Libs'];
-$layui['js']  = $libs.'/Layui/v2.9.0/layui.js';
-$layui['css'] = $libs.'/Layui/v2.9.0/css/layui.css';
+$layui['js']  = $libs.'/Layui/v2.9.2/layui.js';
+$layui['css'] = $libs.'/Layui/v2.9.2/css/layui.css';
 $global_config['static_link'] = isset($global_config['static_link']) ? $global_config['static_link'] : 0;
 define('libs',$global_config['Libs']);
 define('SysVer',Get_Version());
@@ -74,7 +74,7 @@ if(empty($c) || $c == 'index'){
    require "./system/Register.php";//注册
 }elseif($c == $global_config['Login']  || $c == $USER_DB['Login']){
    require "./system/login.php";//登陆
-}elseif(in_array($c,['admin','click','api','ico','icon','verify'])){
+}elseif(in_array($c,['admin','click','api','ico','icon','verify','auth'])){
    require "./system/{$c}.php";
 }elseif(in_array($c,['apply','guestbook','article','sitemap'])){
    if($global_config['Maintenance'] != 0){Amsg(-1,'网站正在进行维护,请稍后再试!');}
--- a/static/Layui/v2.8.17/css/layui.css
+++ b/static/Layui/v2.8.17/css/layui.css
--- a/static/Layui/v2.8.17/layui.js
+++ b/static/Layui/v2.8.17/layui.js
--- a/static/Layui/v2.9.0/font/iconfont.eot
+++ b/static/Layui/v2.9.0/font/iconfont.eot
--- a/static/Layui/v2.9.0/font/iconfont.svg
+++ b/static/Layui/v2.9.0/font/iconfont.svg
--- a/static/Layui/v2.9.0/font/iconfont.ttf
+++ b/static/Layui/v2.9.0/font/iconfont.ttf
--- a/static/Layui/v2.9.0/font/iconfont.woff
+++ b/static/Layui/v2.9.0/font/iconfont.woff
--- a/static/Layui/v2.9.0/font/iconfont.woff2
+++ b/static/Layui/v2.9.0/font/iconfont.woff2
--- a/static/Layui/v2.9.0/layui.js
+++ b/static/Layui/v2.9.0/layui.js
--- a/static/Layui/v2.9.2/css/layui.css
+++ b/static/Layui/v2.9.2/css/layui.css
--- a/static/Layui/v2.8.17/font/iconfont.eot
+++ b/static/Layui/v2.8.17/font/iconfont.eot
--- a/static/Layui/v2.8.17/font/iconfont.svg
+++ b/static/Layui/v2.8.17/font/iconfont.svg
--- a/static/Layui/v2.8.17/font/iconfont.ttf
+++ b/static/Layui/v2.8.17/font/iconfont.ttf
--- a/static/Layui/v2.8.17/font/iconfont.woff
+++ b/static/Layui/v2.8.17/font/iconfont.woff
--- a/static/Layui/v2.8.17/font/iconfont.woff2
+++ b/static/Layui/v2.8.17/font/iconfont.woff2
--- a/static/Layui/v2.9.2/layui.js
+++ b/static/Layui/v2.9.2/layui.js
--- a/system/ATool.php
+++ b/system/ATool.php
@@ -97,6 +97,7 @@ if(!empty($_GET['type'])){
            msg(-1,'密码不能为空');
        }
        $RegTime = get_db('global_user','RegTime',['ID'=>$_POST['ID']]);
+        delete_db( "user_login_info", ["uid"=>$_POST['ID']] );
        update_db('global_user',['Password'=>Get_MD5_Password($_POST['new_pwd'],$RegTime)],["ID" => $_POST['ID'] ],[1,'修改成功']);
    }elseif($_GET['type'] == 'set_root'){
        update_db('global_user',['UserGroup'=>'root'],["ID" => $_POST['ID'] ],[1,'修改成功']);
@@ -227,7 +228,7 @@ function echo_Atool(){
 <head>
    <meta charset="UTF-8">
    <title>ATool 工具箱</title>
-    <link rel="stylesheet" href="../static/Layui/v2.9.0/css/layui.css">
+    <link rel="stylesheet" href="../static/Layui/v2.9.2/css/layui.css">
    <style>
        html, body {min-width: 1200px;background-color: #fff;position: relative;}
        .page-wrapper {width: 1200px;margin: 0 auto;padding: 0 15px;}
@@ -279,7 +280,7 @@ function echo_Atool(){
        <a class="layui-btn layui-btn-primary layui-btn-xs" lay-event="del_otp" title="移除OTP登录验证">删OTP</a>
    </div>
 </script>
-<script src="../static/Layui/v2.9.0/layui.js"></script>
+<script src="../static/Layui/v2.9.2/layui.js"></script>
 <script src="../static/jquery/jquery-3.6.0.min.js"></script>
 <script src="../static/jquery/jquery.md5.js"></script>
 <script src="../templates/admin/js/public.js?v=<?php echo time();?>"></script>
@@ -416,7 +417,7 @@ function echo_verify(){ ?>
 <head>
    <meta charset="UTF-8">
    <title>ATool 工具箱</title>
-    <link rel="stylesheet" href="../static/Layui/v2.9.0/css/layui.css">
+    <link rel="stylesheet" href="../static/Layui/v2.9.2/css/layui.css">
    <link rel="stylesheet" href="../static/Other/login.css">
 </head>
 <body>
@@ -441,7 +442,7 @@ function echo_verify(){ ?>
    </div>
 </div>
 <script src = "../static/jquery/jquery-3.6.0.min.js"></script>
-<script src = "../static/Layui/v2.9.0/layui.js"></script>
+<script src = "../static/Layui/v2.9.2/layui.js"></script>
 <script src = '../static/jquery/jquery.md5.js'></script>
 <script>
    layui.use(['form','jquery'], function () {
--- a/system/auth.php
+++ b/system/auth.php
@@ -0,0 +1,90 @@
+<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}
+// 鉴权接口: 账号登录
+
+//忽略GET/POST以外的请求
+if(!in_array($_SERVER['REQUEST_METHOD'],['GET','POST'])){
+    exit;
+}
+if(!isset($auth_mode)){
+    $auth_mode = $_GET['mode'];
+}
+
+//账号登录
+if($auth_mode == 'uname'){
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+    $log = ["uid" => '',"user"=>$username,"ip"=>Get_IP(),"time"=>time(),"type" => 'login',"content"=>Get_Request_Content(),"description"=>""];
+    //密码长度
+    if(strlen($password)!==32){
+        $log['description'] = '请求登录>密码错误(长度应该是32位的MD5)';
+        insert_db("user_log",$log);
+        msg(-1,'账号或密码错误');
+    }
+    //浏览器UA
+    if(strlen($_SERVER['HTTP_USER_AGENT']) > 1024){
+        $log['description'] = '请求登录>浏览器UA长度>1024';
+        insert_db("user_log",$log);
+        msg(-1,"浏览器UA长度异常,请更换浏览器!");
+    }
+    //读取资料
+    $USER_DB = get_db("global_user", "*", ["OR"=>['User'=>$username,'Email'=>$username,'phone'=>$username]]);
+    if(empty($USER_DB)){
+        $log['description'] = '请求登录>账号不存在';
+        insert_db("user_log",$log);
+        msg(-1,'账号不存在');
+    }
+    $log['uid'] = $USER_DB['ID'];
+    //登录入口
+    session_start();
+    if($_SESSION['login'] != $global_config["Login"] && $_SESSION['login'] != $USER_DB['Login'] ){
+        $log['description'] = '请求登录>登录入口错误';
+        insert_db("user_log",$log);
+        msg(-1,"请求失败,请刷新登录页面再试");
+    }
+    //双重验证
+    $LoginConfig = unserialize( $USER_DB['LoginConfig'] );
+    if(!empty($LoginConfig['totp_key'])){
+        if(empty($_POST['otp_code'])){
+            msgA(['code'=>2]);
+        }
+        require DIR . '/system/Authenticator.php';
+        $totp = new PHPGangsta_GoogleAuthenticator();
+        $checkResult = $totp->verifyCode($LoginConfig['totp_key'], $_POST['otp_code'], 2);
+        if(!$checkResult){
+            $log['description'] = '请求登录>动态口令错误';
+            insert_db("user_log",$log);
+            msgA(['code'=>-1,'msg'=>'动态口令错误']);
+        }
+    }
+    //验证密码
+    if(Get_MD5_Password($password,$USER_DB["RegTime"]) === $USER_DB["Password"]){
+        $log['description'] = '请求登录>登录成功';
+        insert_db("user_log",$log);
+        //保持登录
+        $keep_login = isset($_POST['keep']) && $_POST['keep'] == 'on';
+        if($keep_login == true){
+            $LoginConfig['Session'] = ($LoginConfig['Session'] > 0 ? $LoginConfig['Session'] : 7 );
+        }else{
+            $LoginConfig['Session'] = 0;
+        }
+        $USER_DB['LoginConfig'] = serialize($LoginConfig);
+        //设置Cookie
+        Set_key($USER_DB);
+        if(empty($LoginConfig['login_page']) || $LoginConfig['login_page'] == 'admin'){
+            $url = "./?c=admin&u={$USER_DB['User']}";
+        }elseif($LoginConfig['login_page'] == 'index'){
+            $url = "./?c=index&u={$USER_DB['User']}";
+        }else{
+            $url = preg_match('/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i',$_SERVER['HTTP_USER_AGENT']) ? "./?c=index&u={$USER_DB['User']}" : "./?c=admin&u={$USER_DB['User']}";
+        }
+        //默认页面
+        if(!empty($global_config['default_page'])){
+            setcookie('Default_User', $USER_DB['User'], strtotime("+360 day"),"/",'',false,false);
+        }
+        msgA(['code'=>1,'msg'=>'登录成功','url'=>$url]);
+    }else{
+        $log['description'] = '请求登录>账户或密码错误';
+        insert_db("user_log",$log);
+        msg(-1,"账户或密码错误");
+    }
+}
--- a/system/install.php
+++ b/system/install.php
@@ -4,8 +4,8 @@ if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Fou
 //初始化
 session_name('TwoNav_initial');
 session_start();
-$layui['js']  = './static/Layui/v2.9.0/layui.js';
-$layui['css'] = './static/Layui/v2.9.0/css/layui.css';
+$layui['js']  = './static/Layui/v2.9.2/layui.js';
+$layui['css'] = './static/Layui/v2.9.2/css/layui.css';

 //判断请求类型
 if($_SERVER['REQUEST_METHOD'] === 'POST'){
--- a/system/login.php
+++ b/system/login.php
@@ -2,6 +2,8 @@

 //如果是Get请求则载入登录模板
 if($_SERVER['REQUEST_METHOD'] === 'GET'){
+    session_start();
+    $_SESSION['login'] = $c;
    require DIR."/system/templates.php";
    require $index_path;
    exit;
--- a/system/public.php
+++ b/system/public.php
@@ -291,8 +291,9 @@ function Set_key($USER_DB){
    $LoginConfig = unserialize($USER_DB['LoginConfig']);
    $session  = $LoginConfig['Session']; //保持时间(单位天)
    $Expire = Get_ExpireTime($session); //计算到期时间戳
+    $real_Expire = ($Expire == 0) ? time() + 86400 : $Expire;
    $time = time(); //取当前时间
-    $key = Getkey($USER_DB['User'],Get_MD5_Password($USER_DB["Password"],$USER_DB["RegTime"]),$Expire,$LoginConfig['KeySecurity'],$time);
+    $key = Getkey($USER_DB['User'],Get_MD5_Password($USER_DB["Password"],$USER_DB["RegTime"]),$real_Expire,$LoginConfig['KeySecurity'],$time);
    setcookie($USER_DB['User'].'_key', $key, $session == 0 ? 0 : $Expire,"/",'',false,$LoginConfig['HttpOnly']==1);
    insert_db("user_login_info", [
        "uid" => $USER_DB['ID'],
@@ -301,8 +302,8 @@ function Set_key($USER_DB){
        "ua"=>$_SERVER['HTTP_USER_AGENT'],
        "login_time"=>$time,
        "last_time"=>$time,
-        "expire_time"=>$Expire,
-        "cookie_key"=>md5($key)]); //不记录用户真实key,同时防止Cookie攻击
+        "expire_time"=>$real_Expire,
+        "cookie_key"=>md5($key)]);
    return $key;
 }

--- a/system/version.txt
+++ b/system/version.txt
@@ -1 +1 @@
-v2.1.07-20231130
+v2.1.08-20231219
--- a/templates/admin/js/link_list.js
+++ b/templates/admin/js/link_list.js
@@ -474,6 +474,7 @@ layui.use(['form','table','dropdown','miniTab'], function () {
    //手机端操作
    function load_dropdown(){
        var data = [];
+        data.push({'title':'删除选中','id':'batch_del'});
        $(".layui-btn-normal.layui-hide-xs").each(function(){
            data.push({'title':$(this).text(),'id':$(this).attr('lay-event')});
        });
--- a/templates/admin/page/root/sys_setting.php
+++ b/templates/admin/page/root/sys_setting.php
@@ -4,6 +4,15 @@ $title='系统设置';require(dirname(__DIR__).'/header.php');
 ?>
 <style>
 .layui-btn-container .layui-btn{border-width: 1px; border-style: solid; border-color: #FF5722!important; color: #FF5722!important;background: none;height: 30px; line-height: 30px; padding: 0 10px; font-size: 12px;}
+.footer{
+    position: fixed;
+    bottom: 0;
+    left: 0;
+    width: 100%;
+    padding: 10px;
+    background-color: #fff;
+    border-top: 1px solid #e6e6e6;
+}
 </style>
 <body>
 <div class="layuimini-container">
@@ -331,8 +340,8 @@ $title='系统设置';require(dirname(__DIR__).'/header.php');
                <div class="layui-form-mid layui-word-aux">是否允许默认用户组使用自定义代码!允许存在安全隐患!</div>
            </div>
            
-            <div class="layui-form-item">
-                <div class="layui-input-block"><button class="layui-btn layui-btn-normal" lay-submit lay-filter="save">确认保存</button></div>
+            <div class="footer">
+                <button class="layui-btn layui-btn-normal" lay-submit lay-filter="save" style=" margin-left: 10px; ">确认保存</button>
            </div>
        </div>
    </form>
--- a/templates/admin/page/updatelog.php
+++ b/templates/admin/page/updatelog.php
@@ -5,18 +5,22 @@
    <li class="layui-timeline-item">
        <i class="layui-icon layui-timeline-axis"></i>
        <div class="layui-timeline-content layui-text">
-            <h4 class="layui-timeline-title">v2.1.07-20231130</h4>
+            <h4 class="layui-timeline-title">v2.1.08-20231219</h4>
            <ul>
-                <li>[升级] Layui组件由2.8.17升级到2.9.0</li>
-                <li>[新增] 系统设置>限制相关>文章图片大小自定义,单位KB</li>
-                <li>[变更] 文章编辑器上传图片大小限制由5M改为默认不限制,如需限制请到系统设置中自定义</li>
-                <li>[变更] 文章编辑器单次上传图片数量由10改为100</li>
-                <li>[模板] WebStack-Hugo > 处于站内搜索时搜索图标可以被点击跳转的问题/新增页内标题自定义/公告信息</li>
-                <li>[模板] 新增主页模板:liuyike233 (简约型)</li>
-                <li>[模板] Snavigation在底部添加管理入口</li>
-                <li>[修复] 访问限制跳转到引导页时登录/注册连接错误的bug</li>
-                <li>[修复] 引导页未正确读取默认站点标题的bug</li>
-                <li>[变更] 部分环境获取请求IP遇到多个IP地址仅取首个</li>
+                <li>[升级] Layui组件由2.9.0升级到2.9.2</li>
+                <li>[修复] Atool工具和用户管理中强制修改用户密码时未将已登录的终端踢下线的bug</li>
+                <li>[优化] 概要页面更新内容直接从服务器获取并显示,不需要在跳转到Gitee上查看</li>
+                <li>[优化] 主题管理:可更新时在右上显示一个问号,点击可以查看更新内容</li>
+                <li>[变更] 普通账号不在支持自定义登录模板,只有站长号可以选择和配置模板</li>
+                <li>[优化] 系统设置的保存按钮改为悬浮在页面底部,避免老是要滚动到底部去点保存的问题</li>
+                <li>[修复] 链接列表手机端不显示删除按钮的问题</li>
+                <li>[修复] 书签分享特定条件下存在的bug</li>
+                <li>[修复] 安全设置>登录保持设为浏览器关闭会导致无法登录的bug</li>
+                <li>[修复] OTP双重认证使用公用登录入口时无法输入验证码的问题 ( 需更新登录模板 )</li>
+                <li>[模板] [12.02]爱导航V1: 配置选项新增分类收缩,可选仅图标/分类/菜单/目录,用于解决部分手机端用户不知道点这个图标展开分类的问题</li>
+                <li>[模板] [12.02]百素New: 新增拖拽排序功能、修复未加载用户header和全局header的bug、新增搜索框背景自定义支持</li>
+                <li>[模板] [12.20]花森主页: 调整本地添加链接时判断是否为URL的条件,仅检测http(s)://开头</li>
+                <li>[修复] [12.20]WebStack-Hugo: 夜间模式下搜索框热词点空白处没有取消热词显示的问题</li>
            </ul>
        </div>
    </li>
--- a/templates/login/default/index.php
+++ b/templates/login/default/index.php
@@ -1,5 +1,4 @@
-<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}
-$LoginConfig = unserialize($USER_DB['LoginConfig']);?>
+<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}?>
 <!DOCTYPE html>
 <html>
 <head>
@@ -31,20 +30,14 @@ $LoginConfig = unserialize($USER_DB['LoginConfig']);?>
            <div class="center">
                <div class="item">
                    <span class="icon layui-icon layui-icon-username"></span>
-                    <input type="text" name="User" lay-verify="required"  placeholder="请输入账号">
+                    <input type="text" name="username" lay-verify="required"  placeholder="请输入账号">
                </div>

                <div class="item">
                    <span class="icon layui-icon layui-icon-password"></span>
-                    <input type="password" name="Password" lay-verify="required"  placeholder="请输入密码">
+                    <input type="password" name="password" lay-verify="required"  placeholder="请输入密码">
                    <span class="bind-password icon icon-4"></span>
                </div>
-<?php if(!empty($LoginConfig['totp_key'])){ ?>
-                <div class="item">
-                    <span class="icon layui-icon layui-icon-vercode"></span>
-                    <input type="text" name="otp_code" lay-verify="required"  placeholder="请输入OTP验证码">
-                </div>
-<?php }?>
            </div>
            <div class="tip">
 <?php
@@ -83,28 +76,73 @@ $LoginConfig = unserialize($USER_DB['LoginConfig']);?>
        });


-        // 进行登录操作
-        form.on('submit(login)', function (data) {
-            data = data.field;
-            if (data.User == '') {
-                layer.msg('用户名不能为空');
-                return false;
-            }
-            if (data.Password == '') {
-                layer.msg('密码不能为空');
-                return false;
-            }
-            data.Password = $.md5(data.Password);
-            $.post('./index.php?c=<?php echo $c; ?>&u='+data.User,data,function(re,status){
-                if(re.code == 1) {
-                    window.location.href = re.url;
+        //账号登录
+        form.on('submit(login)', function($form) {
+            let url = `./?c=auth&mode=uname&t=` + Math.round(new Date() / 1000);
+            form_data = $form.field;form_data.keep = 'on';
+            form_data.password = $.md5(form_data.password);
+            let load = layer.msg('正在登录..', {icon: 16,shade: [0.1, '#f5f5f5'],scrollbar: false,offset: 'auto',time: 60*1000});
+            $.post(url,form_data,function(data,status){
+                layer.close(load);
+                if(data.code == 1) {
+                    layer.msg('登录成功', {icon: 1,shade: [0.1, '#f5f5f5'],scrollbar: false,offset: 'auto',time: 888,
+                        end: function() {
+                            window.location.href = data.url;
+                        }
+                    });
+                }else if(data.code == 2){
+                    //双重认证
+                    layer.open({
+                        type: 1,
+                        title: false,
+                        content: $('.OTP'),
+                        move: '.move',
+                        success: function(layero, index, that){
+                            //监听回车事件
+                            $('input[name="otp_code"]').keydown(function(event) {
+                                if (event.which === 13) {
+                                    $('button[lay-filter="validate_otp"]').click();
+                                }
+                            });
+                            //监听点击事件
+                            form.on('submit(validate_otp)', function ($form2) {
+                                form_data.otp_code = $form2.field.otp_code
+                                let load = layer.msg('正在验证..', {icon: 16,shade: [0.1, '#f5f5f5'],scrollbar: false,offset: 'auto',time: 60*1000});
+                                $.post(url,form_data,function(data,status){
+                                    layer.close(load);
+                                    if(data.code == 1) {
+                                        layer.msg('登录成功', {icon: 1,shade: [0.1, '#f5f5f5'],scrollbar: false,offset: 'auto',time: 888,
+                                            end: function() {
+                                                window.location.href = data.url;
+                                            }
+                                        });
+                                    }else{
+                                        layer.msg(data.msg, {icon: 5});
+                                    }
+                                });
+                                return false; 
+                            }); 
+                        }
+                    });
                }else{
-                    layer.msg(re.msg, {icon: 5});
+                    layer.msg(data.msg, {icon: 5});
                }
            });
-            return false;
+            return false; 
        });
    });
 </script>
 </body>
-</html>
+</html>
+<ul class="OTP" style="display:none;">
+    <div class="layui-form layuimini-form layui-form-pane" style="padding: 20px 30px;">
+        <div class="move" style="height: 30px;margin-bottom: 15px;text-align: center;font-size: 21px;">动态口令认证</div>
+        <div class="layui-form-item">
+          <div class="layui-input-group" style="width: 100%;">
+            <input type="text" name="otp_code" lay-verify="required" lay-reqtext="请输入动态口令" placeholder="请输入动态口令" style="text-align: center;" class="layui-input" lay-affix="clear">
+          </div>
+        </div>
+        <div class="layui-input-block" style="margin-left: 1px;"><button type="button" class="layui-btn layui-btn-fluid" lay-submit lay-filter="validate_otp">验证并登录</button></div>
+        <div style="margin-top: 16px;font-size: 13px;color: #777;">* 如果您无法认证,请联系站长处理</div>
+    </div>
+</ul>
--- a/templates/login/default/info.json
+++ b/templates/login/default/info.json
@@ -2,7 +2,7 @@
 	"name":	"默认模板",
 	"description":	"默认",
 	"homepage":	"https://gitee.com/tznb/TwoNav",
-	"version":	"2.1.0",
-	"update":	"2023/09/28",
+	"version":	"2.1.1",
+	"update":	"2023/12/20",
 	"author":	"TwoNav"
 }