hitsword
/
fastadmin
mirror of https://gitee.com/karson/fastadmin.git
1
0
Fork 0
Code Issues Releases Wiki Activity

优化退出逻辑

1.x
Karson 2026-06-02 15:59:15 +08:00
parent 308e86c345
commit 6ab37ef8b7
4 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
application/admin/controller/Index.php
View File

@ -127,7 +127,14 @@ class Index extends Backend
*/ */
public function logout() public function logout()
{ {
if ($this->request->isPost()) { if ($this->request->isPost()) {
// 加强校验referer是否来自服务器
$referer = $this->request->server('HTTP_REFERER');
if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
$this->error(__('Invalid request'));
}
$this->token(); $this->token();
$this->auth->logout(); $this->auth->logout();
Hook::listen("admin_logout_after", $this->request); Hook::listen("admin_logout_after", $this->request);

11
application/admin/view/index/logout.html
View File

@ -2,6 +2,7 @@
<html> <html>
<head> <head>
{include file="common/meta" /} {include file="common/meta" /}
<meta name="referrer" content="origin" />
<style type="text/css"> <style type="text/css">
body { body {
@ -16,13 +17,13 @@
.logout-main { .logout-main {
text-align: center; text-align: center;
max-width: 500px; max-width: 430px;
margin: 0 auto; margin: 0 auto;
margin-top: 150px; margin-top: 150px;
background-color: #fff; background-color: #fff;
padding: 50px 30px; padding: 40px 30px;
border-radius: 5px; border-radius: 3px;
box-shadow: 0 0 5px rgba(0, 0, 0, .1); box-shadow: 0 0 30px rgba(0, 0, 0, 0.1);
} }
</style> </style>
@ -38,7 +39,7 @@
{:token()} {:token()}
<div class="form-group"> <div class="form-group">
<button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button> <button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button>
<button type="button" class="btn btn-default btn-lg btn-block mt-2" onclick="history.back()">{:__('Cancel')}</button> <button type="button" class="btn btn-default btn-lg btn-block mt-3" onclick="history.back()">{:__('Cancel')}</button>
</div> </div>
</form> </form>
</div> </div>

11
application/index/controller/User.php
View File

@ -195,13 +195,14 @@ class User extends Frontend
*/ */
public function logout() public function logout()
{ {
// 加强校验referer是否来自服务器
$referer = $this->request->server('HTTP_REFERER');
if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
$this->error(__('Invalid request'));
}
if ($this->request->isPost()) { if ($this->request->isPost()) {
// 加强校验referer是否来自服务器
$referer = $this->request->server('HTTP_REFERER');
if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
$this->error(__('Invalid request'));
}
$this->token(); $this->token();
//退出本站 //退出本站
$this->auth->logout(); $this->auth->logout();

2
application/index/view/user/logout.html
View File

@ -9,7 +9,7 @@
{:token()} {:token()}
<div class="form-group"> <div class="form-group">
<button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button> <button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button>
<button type="button" class="btn btn-default btn-lg btn-block mt-2" onclick="history.back()">{:__('Cancel')}</button> <button type="button" class="btn btn-default btn-lg btn-block mt-3" onclick="history.back()">{:__('Cancel')}</button>
</div> </div>
</form> </form>
</div> </div>