新增后台IP变动控制开关

优化后台插件管理显示
优化Fast.api.ajax方法返回
优化管理员日志显示
pull/150/head v1.0.0.20191101_beta
Karson 2019-10-31 23:36:54 +08:00
parent b6f2307737
commit 49facb7b7c
12 changed files with 87 additions and 78 deletions

View File

@ -7,7 +7,7 @@
//当前是否为关联查询 //当前是否为关联查询
$this->relationSearch = {%relationSearch%}; $this->relationSearch = {%relationSearch%};
//设置过滤方法 //设置过滤方法
$this->request->filter(['strip_tags']); $this->request->filter(['strip_tags', 'trim']);
if ($this->request->isAjax()) if ($this->request->isAjax())
{ {
//如果发送的来源是Selectpage则转发到Selectpage //如果发送的来源是Selectpage则转发到Selectpage

View File

@ -22,6 +22,8 @@ class Index extends Backend
public function _initialize() public function _initialize()
{ {
parent::_initialize(); parent::_initialize();
//移除HTML标签
$this->request->filter('trim,strip_tags,htmlspecialchars');
} }
/** /**

View File

@ -59,7 +59,7 @@ class Auth extends \fast\Auth
} }
$admin->loginfailure = 0; $admin->loginfailure = 0;
$admin->logintime = time(); $admin->logintime = time();
$admin->loginip = request()->ip(0, false); $admin->loginip = request()->ip();
$admin->token = Random::uuid(); $admin->token = Random::uuid();
$admin->save(); $admin->save();
Session::set("admin", $admin->toArray()); Session::set("admin", $admin->toArray());
@ -103,7 +103,7 @@ class Auth extends \fast\Auth
if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) { if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) {
return false; return false;
} }
$ip = request()->ip(0, false); $ip = request()->ip();
//IP有变动 //IP有变动
if ($admin->loginip != $ip) { if ($admin->loginip != $ip) {
return false; return false;
@ -183,12 +183,17 @@ class Auth extends \fast\Auth
if (Config::get('fastadmin.login_unique')) { if (Config::get('fastadmin.login_unique')) {
$my = Admin::get($admin['id']); $my = Admin::get($admin['id']);
if (!$my || $my['token'] != $admin['token']) { if (!$my || $my['token'] != $admin['token']) {
$this->logout();
return false; return false;
} }
} }
if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip(0, false)) { //判断管理员IP是否变动
if (Config::get('fastadmin.loginip_check')) {
if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
$this->logout();
return false; return false;
} }
}
$this->logined = true; $this->logined = true;
return true; return true;
} }

View File

@ -35,7 +35,7 @@ class AdminLog extends Model
$username = $auth->isLogin() ? $auth->username : __('Unknown'); $username = $auth->isLogin() ? $auth->username : __('Unknown');
$content = self::$content; $content = self::$content;
if (!$content) { if (!$content) {
$content = request()->param(); $content = request()->param('', null, 'trim,strip_tags,htmlspecialchars');
foreach ($content as $k => $v) { foreach ($content as $k => $v) {
if (is_string($v) && strlen($v) > 200 || stripos($k, 'password') !== false) { if (is_string($v) && strlen($v) > 200 || stripos($k, 'password') !== false) {
unset($content[$k]); unset($content[$k]);

View File

@ -233,6 +233,7 @@
</tbody> </tbody>
</table> </table>
</script> </script>
<!--@formatter:off-->
<script id="operatetpl" type="text/html"> <script id="operatetpl" type="text/html">
<% var labelarr = ['primary', 'success', 'info', 'danger', 'warning']; %> <% var labelarr = ['primary', 'success', 'info', 'danger', 'warning']; %>
<% var label = labelarr[item.id % 5]; %> <% var label = labelarr[item.id % 5]; %>
@ -296,7 +297,6 @@
<a href="javascript:;" class="btn btn-xs btn-danger btn-uninstall" title="{:__('Uninstall')}"><i class="fa fa-times"></i> <a href="javascript:;" class="btn btn-xs btn-danger btn-uninstall" title="{:__('Uninstall')}"><i class="fa fa-times"></i>
{:__('Uninstall')}</a> {:__('Uninstall')}</a>
<% } %> <% } %>
</div> </div>
</script> </script>
<!--@formatter:on-->

View File

@ -9,7 +9,7 @@
{volist name="row" id="vo" } {volist name="row" id="vo" }
<tr> <tr>
<td>{:__($key)}</td> <td>{:__($key)}</td>
<td>{$vo}</td> <td>{$vo|htmlentities}</td>
</tr> </tr>
{/volist} {/volist}
</tbody> </tbody>

View File

@ -256,7 +256,7 @@ class Auth
try { try {
$salt = Random::alnum(); $salt = Random::alnum();
$newpassword = $this->getEncryptPassword($newpassword, $salt); $newpassword = $this->getEncryptPassword($newpassword, $salt);
$this->_user->save(['password' => $newpassword, 'salt' => $salt]); $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
Token::delete($this->_token); Token::delete($this->_token);
//修改密码成功的事件 //修改密码成功的事件
@ -298,6 +298,8 @@ class Auth
//记录本次登录的IP和时间 //记录本次登录的IP和时间
$user->loginip = $ip; $user->loginip = $ip;
$user->logintime = $time; $user->logintime = $time;
//重置登录失败次数
$user->loginfailure = 0;
$user->save(); $user->save();

View File

@ -265,6 +265,8 @@ return [
'login_failure_retry' => true, 'login_failure_retry' => true,
//是否同一账号同一时间只能在一个地方登录 //是否同一账号同一时间只能在一个地方登录
'login_unique' => false, 'login_unique' => false,
//是否开启IP变动检测
'loginip_check' => true,
//登录页默认背景图 //登录页默认背景图
'login_background' => "/assets/img/loginbg.jpg", 'login_background' => "/assets/img/loginbg.jpg",
//是否启用多级菜单导航 //是否启用多级菜单导航
@ -272,7 +274,7 @@ return [
//自动检测更新 //自动检测更新
'checkupdate' => false, 'checkupdate' => false,
//版本号 //版本号
'version' => '1.0.0.20190930_beta', 'version' => '1.0.0.20191101_beta',
//API接口地址 //API接口地址
'api_url' => 'https://api.fastadmin.net', 'api_url' => 'https://api.fastadmin.net',
], ],

View File

@ -441,11 +441,10 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'template'], function
var userinfo = Controller.api.userinfo.get(); var userinfo = Controller.api.userinfo.get();
var uid = userinfo ? userinfo.id : 0; var uid = userinfo ? userinfo.id : 0;
if ($(that).data("type") !== 'free') {
if (parseInt(uid) === 0) { if (parseInt(uid) === 0) {
return Layer.alert(__('Not login tips'), { return Layer.alert(__('Not login tips'), {
title: __('Warning'), title: __('Warning'),
btn: [__('Login now'), __('Continue install')], btn: [__('Login now')],
yes: function (index, layero) { yes: function (index, layero) {
$(".btn-userinfo").trigger("click"); $(".btn-userinfo").trigger("click");
}, },
@ -454,7 +453,6 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'template'], function
} }
}); });
} }
}
install(name, version, false); install(name, version, false);
}); });

View File

@ -83,7 +83,7 @@ define(['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, undefine
Fast.events.onAjaxError(ret, error); Fast.events.onAjaxError(ret, error);
} }
}, options); }, options);
$.ajax(options); return $.ajax(options);
}, },
//修复URL //修复URL
fixurl: function (url) { fixurl: function (url) {

View File

@ -743,7 +743,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error); Fast.events.onAjaxError(ret, error);
} }
}, options); }, options);
$.ajax(options); return $.ajax(options);
}, },
//修复URL //修复URL
fixurl: function (url) { fixurl: function (url) {

View File

@ -736,7 +736,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error); Fast.events.onAjaxError(ret, error);
} }
}, options); }, options);
$.ajax(options); return $.ajax(options);
}, },
//修复URL //修复URL
fixurl: function (url) { fixurl: function (url) {