diff --git a/application/admin/command/Install/fastadmin.sql b/application/admin/command/Install/fastadmin.sql
index 72b78422..9206eeaa 100755
--- a/application/admin/command/Install/fastadmin.sql
+++ b/application/admin/command/Install/fastadmin.sql
@@ -23,6 +23,7 @@ CREATE TABLE `fa_admin` (
`email` varchar(100) NOT NULL DEFAULT '' COMMENT '电子邮箱',
`loginfailure` tinyint(1) unsigned NOT NULL DEFAULT '0' COMMENT '失败次数',
`logintime` int(10) DEFAULT NULL COMMENT '登录时间',
+ `loginip` varchar(50) DEFAULT NULL COMMENT '登录IP',
`createtime` int(10) DEFAULT NULL COMMENT '创建时间',
`updatetime` int(10) DEFAULT NULL COMMENT '更新时间',
`token` varchar(59) NOT NULL DEFAULT '' COMMENT 'Session标识',
diff --git a/application/admin/controller/general/Config.php b/application/admin/controller/general/Config.php
index 14365b8a..c01b241b 100644
--- a/application/admin/controller/general/Config.php
+++ b/application/admin/controller/general/Config.php
@@ -6,6 +6,7 @@ use app\common\controller\Backend;
use app\common\library\Email;
use app\common\model\Config as ConfigModel;
use think\Exception;
+use think\Validate;
/**
* 系统配置
@@ -50,8 +51,8 @@ class Config extends Backend
if (in_array($value['type'], ['select', 'selects', 'checkbox', 'radio'])) {
$value['value'] = explode(',', $value['value']);
}
- $value['content'] = json_decode($value['content'], TRUE);
- $value['tip'] = htmlspecialchars($value['tip']);
+ $value['content'] = json_decode($value['content'], true);
+ $value['tip'] = htmlspecialchars($value['tip']);
$siteList[$v['group']]['list'][] = $value;
}
$index = 0;
@@ -106,7 +107,7 @@ class Config extends Backend
* 编辑
* @param null $ids
*/
- public function edit($ids = NULL)
+ public function edit($ids = null)
{
if ($this->request->isPost()) {
$row = $this->request->post("row/a");
@@ -136,11 +137,15 @@ class Config extends Backend
}
}
+ /**
+ * 删除
+ * @param string $ids
+ */
public function del($ids = "")
{
- $name = $this->request->request('name');
+ $name = $this->request->post('name');
$config = ConfigModel::getByName($name);
- if ($config) {
+ if ($name && $config) {
try {
$config->delete();
$this->refreshFile();
@@ -160,17 +165,19 @@ class Config extends Backend
{
$config = [];
foreach ($this->model->all() as $k => $v) {
-
$value = $v->toArray();
if (in_array($value['type'], ['selects', 'checkbox', 'images', 'files'])) {
$value['value'] = explode(',', $value['value']);
}
if ($value['type'] == 'array') {
- $value['value'] = (array)json_decode($value['value'], TRUE);
+ $value['value'] = (array)json_decode($value['value'], true);
}
$config[$value['name']] = $value['value'];
}
- file_put_contents(APP_PATH . 'extra' . DS . 'site.php', 'request->post("row/a");
if ($params) {
-
$config = $this->model->get($params);
if (!$config) {
return $this->success();
@@ -200,19 +206,25 @@ class Config extends Backend
public function emailtest()
{
$row = $this->request->post('row/a');
- \think\Config::set('site', array_merge(\think\Config::get('site'), $row));
- $receiver = $this->request->request("receiver");
- $email = new Email;
- $result = $email
- ->to($receiver)
- ->subject(__("This is a test mail"))
- ->message('
' . __('This is a test mail content') . '
')
- ->send();
- if ($result) {
- $this->success();
+ $receiver = $this->request->post("receiver");
+ if ($receiver) {
+ if (!Validate::is($receiver, "email")) {
+ $this->error(__('Please input correct email'));
+ }
+ \think\Config::set('site', array_merge(\think\Config::get('site'), $row));
+ $email = new Email;
+ $result = $email
+ ->to($receiver)
+ ->subject(__("This is a test mail"))
+ ->message('' . __('This is a test mail content') . '
')
+ ->send();
+ if ($result) {
+ $this->success();
+ } else {
+ $this->error($email->getError());
+ }
} else {
- $this->error($email->getError());
+ return $this->error(__('Invalid parameters'));
}
}
-
}
diff --git a/application/admin/controller/general/Profile.php b/application/admin/controller/general/Profile.php
index 1a9c0c65..5956f789 100644
--- a/application/admin/controller/general/Profile.php
+++ b/application/admin/controller/general/Profile.php
@@ -22,23 +22,22 @@ class Profile extends Backend
{
//设置过滤方法
$this->request->filter(['strip_tags']);
- if ($this->request->isAjax())
- {
+ if ($this->request->isAjax()) {
$model = model('AdminLog');
list($where, $sort, $order, $offset, $limit) = $this->buildparams();
$total = $model
- ->where($where)
- ->where('admin_id', $this->auth->id)
- ->order($sort, $order)
- ->count();
+ ->where($where)
+ ->where('admin_id', $this->auth->id)
+ ->order($sort, $order)
+ ->count();
$list = $model
- ->where($where)
- ->where('admin_id', $this->auth->id)
- ->order($sort, $order)
- ->limit($offset, $limit)
- ->select();
+ ->where($where)
+ ->where('admin_id', $this->auth->id)
+ ->order($sort, $order)
+ ->limit($offset, $limit)
+ ->select();
$result = array("total" => $total, "rows" => $list);
@@ -52,18 +51,18 @@ class Profile extends Backend
*/
public function update()
{
- if ($this->request->isPost())
- {
+ if ($this->request->isPost()) {
$params = $this->request->post("row/a");
- $params = array_filter(array_intersect_key($params, array_flip(array('email', 'nickname', 'password', 'avatar'))));
+ $params = array_filter(array_intersect_key(
+ $params,
+ array_flip(array('email', 'nickname', 'password', 'avatar'))
+ ));
unset($v);
- if (isset($params['password']))
- {
+ if (isset($params['password'])) {
$params['salt'] = Random::alnum();
$params['password'] = md5(md5($params['password']) . $params['salt']);
}
- if ($params)
- {
+ if ($params) {
$admin = Admin::get($this->auth->id);
$admin->save($params);
//因为个人资料面板读取的Session显示,修改自己资料后同时更新Session
@@ -74,5 +73,4 @@ class Profile extends Backend
}
return;
}
-
}
diff --git a/application/admin/lang/zh-cn/dashboard.php b/application/admin/lang/zh-cn/dashboard.php
index 8bd0bb95..6e01d309 100644
--- a/application/admin/lang/zh-cn/dashboard.php
+++ b/application/admin/lang/zh-cn/dashboard.php
@@ -44,5 +44,5 @@ return [
'Timezone' => '时区',
'Language' => '语言',
'View more' => '查看更多',
- 'Security tips' => ' 安全提示:你正在使用默认的后台登录入口,为了你的网站安全,建议你修改后台登录入口,点击查看修改方法',
+ 'Security tips' => ' 安全提示:你正在使用默认的后台登录入口,为了你的网站安全,强烈建议你修改后台登录入口,点击查看修改方法',
];
diff --git a/application/admin/lang/zh-cn/general/config.php b/application/admin/lang/zh-cn/general/config.php
index 94da678d..317ee88f 100644
--- a/application/admin/lang/zh-cn/general/config.php
+++ b/application/admin/lang/zh-cn/general/config.php
@@ -57,4 +57,5 @@ return [
'This is a test mail content' => '这是一封来自FastAdmin校验邮件,用于校验邮件配置是否正常!',
'This is a test mail' => '这是一封来自FastAdmin的邮件',
'Please input your email' => '请输入测试接收者邮箱',
+ 'Please input correct email' => '请输入正确的邮箱地址',
];
diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php
index 99698a0d..d9a655e3 100644
--- a/application/admin/library/Auth.php
+++ b/application/admin/library/Auth.php
@@ -30,9 +30,9 @@ class Auth extends \fast\Auth
/**
* 管理员登录
*
- * @param string $username 用户名
- * @param string $password 密码
- * @param int $keeptime 有效时长
+ * @param string $username 用户名
+ * @param string $password 密码
+ * @param int $keeptime 有效时长
* @return boolean
*/
public function login($username, $password, $keeptime = 0)
@@ -58,6 +58,7 @@ class Auth extends \fast\Auth
}
$admin->loginfailure = 0;
$admin->logintime = time();
+ $admin->loginip = request()->ip(0, false);
$admin->token = Random::uuid();
$admin->save();
Session::set("admin", $admin->toArray());
@@ -101,6 +102,11 @@ class Auth extends \fast\Auth
if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) {
return false;
}
+ $ip = request()->ip(0, false);
+ //IP有变动
+ if ($admin->loginip != $ip) {
+ return false;
+ }
Session::set("admin", $admin->toArray());
//刷新自动登录的时效
$this->keeplogin($keeptime);
@@ -113,7 +119,7 @@ class Auth extends \fast\Auth
/**
* 刷新保持登录的Cookie
*
- * @param int $keeptime
+ * @param int $keeptime
* @return boolean
*/
protected function keeplogin($keeptime = 0)
@@ -178,6 +184,9 @@ class Auth extends \fast\Auth
return false;
}
}
+ if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip(0, false)) {
+ return false;
+ }
$this->logined = true;
return true;
}
@@ -258,10 +267,17 @@ class Auth extends \fast\Auth
foreach ($groups as $k => $v) {
$groupIds[] = $v['id'];
}
+ $originGroupIds = $groupIds;
+ foreach ($groups as $k => $v) {
+ if (in_array($v['pid'], $originGroupIds)) {
+ $groupIds = array_diff($groupIds, [$v['id']]);
+ unset($groups[$k]);
+ }
+ }
// 取出所有分组
$groupList = \app\admin\model\AuthGroup::where(['status' => 'normal'])->select();
$objList = [];
- foreach ($groups as $K => $v) {
+ foreach ($groups as $k => $v) {
if ($v['rules'] === '*') {
$objList = $groupList;
break;
@@ -295,7 +311,6 @@ class Auth extends \fast\Auth
field('uid,group_id')
->where('group_id', 'in', $groupIds)
->select();
-
foreach ($authGroupList as $k => $v) {
$childrenAdminIds[] = $v['uid'];
}
@@ -340,7 +355,7 @@ class Auth extends \fast\Auth
/**
* 获取左侧和顶部菜单栏
*
- * @param array $params URL对应的badge数据
+ * @param array $params URL对应的badge数据
* @param string $fixedPage 默认页
* @return array
*/
@@ -435,18 +450,36 @@ class Auth extends \fast\Auth
$selectParentIds = $tree->getParentsIds($select_id, true);
}
foreach ($topList as $index => $item) {
- $childList = Tree::instance()->getTreeMenu($item['id'], ' @title @caret @badge @childlist', $select_id, '', 'ul', 'class="treeview-menu"');
+ $childList = Tree::instance()->getTreeMenu(
+ $item['id'],
+ ' @title @caret @badge @childlist',
+ $select_id,
+ '',
+ 'ul',
+ 'class="treeview-menu"'
+ );
$current = in_array($item['id'], $selectParentIds);
$url = $childList ? 'javascript:;' : url($item['url']);
$addtabs = $childList || !$url ? "" : (stripos($url, "?") !== false ? "&" : "?") . "ref=addtabs";
- $childList = str_replace('" pid="' . $item['id'] . '"', ' treeview ' . ($current ? '' : 'hidden') . '" pid="' . $item['id'] . '"', $childList);
+ $childList = str_replace(
+ '" pid="' . $item['id'] . '"',
+ ' treeview ' . ($current ? '' : 'hidden') . '" pid="' . $item['id'] . '"',
+ $childList
+ );
$nav .= ' ' . $item['title'] . ' ';
$menu .= $childList;
}
} else {
// 构造菜单数据
Tree::instance()->init($ruleList);
- $menu = Tree::instance()->getTreeMenu(0, ' @title @caret @badge @childlist', $select_id, '', 'ul', 'class="treeview-menu"');
+ $menu = Tree::instance()->getTreeMenu(
+ 0,
+ ' @title @caret @badge @childlist',
+ $select_id,
+ '',
+ 'ul',
+ 'class="treeview-menu"'
+ );
if ($selected) {
$nav .= ' ' . $selected['title'] . ' ';
}
diff --git a/application/admin/view/common/header.html b/application/admin/view/common/header.html
index 43588d90..379efb12 100755
--- a/application/admin/view/common/header.html
+++ b/application/admin/view/common/header.html
@@ -1,9 +1,9 @@
- {$site.name|mb_substr=0,4,'utf-8'|mb_strtoupper='utf-8'}
+ {$site.name|mb_substr=0,4,'utf-8'|mb_strtoupper='utf-8'|htmlentities}
- {$site.name|mb_substr=0,4,'utf-8'}{$site.name|mb_substr=4,null,'utf-8'}
+ {$site.name|mb_substr=0,4,'utf-8'|htmlentities}{$site.name|mb_substr=4,null,'utf-8'|htmlentities}
@@ -72,16 +72,16 @@