From 49facb7b7c897422ed7d7c3deedfeccd2129ce69 Mon Sep 17 00:00:00 2001 From: Karson Date: Thu, 31 Oct 2019 23:36:54 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=90=8E=E5=8F=B0IP=E5=8F=98?= =?UTF-8?q?=E5=8A=A8=E6=8E=A7=E5=88=B6=E5=BC=80=E5=85=B3=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E5=90=8E=E5=8F=B0=E6=8F=92=E4=BB=B6=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E6=98=BE=E7=A4=BA=20=E4=BC=98=E5=8C=96Fast.api.ajax=E6=96=B9?= =?UTF-8?q?=E6=B3=95=E8=BF=94=E5=9B=9E=20=E4=BC=98=E5=8C=96=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E6=97=A5=E5=BF=97=E6=98=BE=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../command/Crud/stubs/controllerindex.stub | 2 +- application/admin/controller/Index.php | 2 + application/admin/library/Auth.php | 13 ++- application/admin/model/AdminLog.php | 2 +- application/admin/view/addon/index.html | 106 +++++++++--------- .../admin/view/auth/adminlog/detail.html | 2 +- application/common/library/Auth.php | 4 +- application/config.php | 4 +- public/assets/js/backend/addon.js | 24 ++-- public/assets/js/fast.js | 2 +- public/assets/js/require-backend.min.js | 2 +- public/assets/js/require-frontend.min.js | 2 +- 12 files changed, 87 insertions(+), 78 deletions(-) diff --git a/application/admin/command/Crud/stubs/controllerindex.stub b/application/admin/command/Crud/stubs/controllerindex.stub index 2771aa63..74470ca4 100755 --- a/application/admin/command/Crud/stubs/controllerindex.stub +++ b/application/admin/command/Crud/stubs/controllerindex.stub @@ -7,7 +7,7 @@ //当前是否为关联查询 $this->relationSearch = {%relationSearch%}; //设置过滤方法 - $this->request->filter(['strip_tags']); + $this->request->filter(['strip_tags', 'trim']); if ($this->request->isAjax()) { //如果发送的来源是Selectpage,则转发到Selectpage diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php index 56f2b7e6..185200e8 100644 --- a/application/admin/controller/Index.php +++ b/application/admin/controller/Index.php @@ -22,6 +22,8 @@ class Index extends Backend public function _initialize() { parent::_initialize(); + //移除HTML标签 + $this->request->filter('trim,strip_tags,htmlspecialchars'); } /** diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php index 1054e6e6..ed68db81 100644 --- a/application/admin/library/Auth.php +++ b/application/admin/library/Auth.php @@ -59,7 +59,7 @@ class Auth extends \fast\Auth } $admin->loginfailure = 0; $admin->logintime = time(); - $admin->loginip = request()->ip(0, false); + $admin->loginip = request()->ip(); $admin->token = Random::uuid(); $admin->save(); Session::set("admin", $admin->toArray()); @@ -103,7 +103,7 @@ class Auth extends \fast\Auth if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) { return false; } - $ip = request()->ip(0, false); + $ip = request()->ip(); //IP有变动 if ($admin->loginip != $ip) { return false; @@ -183,11 +183,16 @@ class Auth extends \fast\Auth if (Config::get('fastadmin.login_unique')) { $my = Admin::get($admin['id']); if (!$my || $my['token'] != $admin['token']) { + $this->logout(); return false; } } - if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip(0, false)) { - return false; + //判断管理员IP是否变动 + if (Config::get('fastadmin.loginip_check')) { + if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) { + $this->logout(); + return false; + } } $this->logined = true; return true; diff --git a/application/admin/model/AdminLog.php b/application/admin/model/AdminLog.php index 5f951129..e0d92af7 100644 --- a/application/admin/model/AdminLog.php +++ b/application/admin/model/AdminLog.php @@ -35,7 +35,7 @@ class AdminLog extends Model $username = $auth->isLogin() ? $auth->username : __('Unknown'); $content = self::$content; if (!$content) { - $content = request()->param(); + $content = request()->param('', null, 'trim,strip_tags,htmlspecialchars'); foreach ($content as $k => $v) { if (is_string($v) && strlen($v) > 200 || stripos($k, 'password') !== false) { unset($content[$k]); diff --git a/application/admin/view/addon/index.html b/application/admin/view/addon/index.html index 0d5756b1..2c974c10 100644 --- a/application/admin/view/addon/index.html +++ b/application/admin/view/addon/index.html @@ -233,6 +233,7 @@ + \ No newline at end of file + + \ No newline at end of file diff --git a/application/admin/view/auth/adminlog/detail.html b/application/admin/view/auth/adminlog/detail.html index b63f9431..2adb9051 100644 --- a/application/admin/view/auth/adminlog/detail.html +++ b/application/admin/view/auth/adminlog/detail.html @@ -9,7 +9,7 @@ {volist name="row" id="vo" } {:__($key)} - {$vo} + {$vo|htmlentities} {/volist} diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php index 102199dc..5822241e 100644 --- a/application/common/library/Auth.php +++ b/application/common/library/Auth.php @@ -256,7 +256,7 @@ class Auth try { $salt = Random::alnum(); $newpassword = $this->getEncryptPassword($newpassword, $salt); - $this->_user->save(['password' => $newpassword, 'salt' => $salt]); + $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]); Token::delete($this->_token); //修改密码成功的事件 @@ -298,6 +298,8 @@ class Auth //记录本次登录的IP和时间 $user->loginip = $ip; $user->logintime = $time; + //重置登录失败次数 + $user->loginfailure = 0; $user->save(); diff --git a/application/config.php b/application/config.php index cdd94936..64fda49a 100755 --- a/application/config.php +++ b/application/config.php @@ -265,6 +265,8 @@ return [ 'login_failure_retry' => true, //是否同一账号同一时间只能在一个地方登录 'login_unique' => false, + //是否开启IP变动检测 + 'loginip_check' => true, //登录页默认背景图 'login_background' => "/assets/img/loginbg.jpg", //是否启用多级菜单导航 @@ -272,7 +274,7 @@ return [ //自动检测更新 'checkupdate' => false, //版本号 - 'version' => '1.0.0.20190930_beta', + 'version' => '1.0.0.20191101_beta', //API接口地址 'api_url' => 'https://api.fastadmin.net', ], diff --git a/public/assets/js/backend/addon.js b/public/assets/js/backend/addon.js index 1349bfeb..94e9d9a8 100644 --- a/public/assets/js/backend/addon.js +++ b/public/assets/js/backend/addon.js @@ -441,19 +441,17 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'template'], function var userinfo = Controller.api.userinfo.get(); var uid = userinfo ? userinfo.id : 0; - if ($(that).data("type") !== 'free') { - if (parseInt(uid) === 0) { - return Layer.alert(__('Not login tips'), { - title: __('Warning'), - btn: [__('Login now'), __('Continue install')], - yes: function (index, layero) { - $(".btn-userinfo").trigger("click"); - }, - btn2: function () { - install(name, version, false); - } - }); - } + if (parseInt(uid) === 0) { + return Layer.alert(__('Not login tips'), { + title: __('Warning'), + btn: [__('Login now')], + yes: function (index, layero) { + $(".btn-userinfo").trigger("click"); + }, + btn2: function () { + install(name, version, false); + } + }); } install(name, version, false); }); diff --git a/public/assets/js/fast.js b/public/assets/js/fast.js index 388ebddd..695ab00d 100644 --- a/public/assets/js/fast.js +++ b/public/assets/js/fast.js @@ -83,7 +83,7 @@ define(['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, undefine Fast.events.onAjaxError(ret, error); } }, options); - $.ajax(options); + return $.ajax(options); }, //修复URL fixurl: function (url) { diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js index 4c292c2a..2eb71276 100644 --- a/public/assets/js/require-backend.min.js +++ b/public/assets/js/require-backend.min.js @@ -743,7 +743,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u Fast.events.onAjaxError(ret, error); } }, options); - $.ajax(options); + return $.ajax(options); }, //修复URL fixurl: function (url) { diff --git a/public/assets/js/require-frontend.min.js b/public/assets/js/require-frontend.min.js index c2c58e0d..a9e17748 100644 --- a/public/assets/js/require-frontend.min.js +++ b/public/assets/js/require-frontend.min.js @@ -736,7 +736,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u Fast.events.onAjaxError(ret, error); } }, options); - $.ajax(options); + return $.ajax(options); }, //修复URL fixurl: function (url) {