From 49facb7b7c897422ed7d7c3deedfeccd2129ce69 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Thu, 31 Oct 2019 23:36:54 +0800
Subject: [PATCH] 新增后台IP变动控制开关 优化后台插件管理显示 优化Fast.api.ajax方法返回 优化管理员日志显示
---
application/admin/command/Crud/stubs/controllerindex.stub | 2 +-
application/admin/controller/Index.php | 2 ++
application/admin/library/Auth.php | 13 +++++++++----
application/admin/model/AdminLog.php | 2 +-
application/admin/view/addon/index.html | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------
application/admin/view/auth/adminlog/detail.html | 2 +-
application/common/library/Auth.php | 4 +++-
application/config.php | 4 +++-
public/assets/js/backend/addon.js | 24 +++++++++++-------------
public/assets/js/fast.js | 2 +-
public/assets/js/require-backend.min.js | 2 +-
public/assets/js/require-frontend.min.js | 2 +-
12 files changed, 87 insertions(+), 78 deletions(-)
diff --git a/application/admin/command/Crud/stubs/controllerindex.stub b/application/admin/command/Crud/stubs/controllerindex.stub
index 2771aa6..74470ca 100755
--- a/application/admin/command/Crud/stubs/controllerindex.stub
+++ b/application/admin/command/Crud/stubs/controllerindex.stub
@@ -7,7 +7,7 @@
//当前是否为关联查询
$this->relationSearch = {%relationSearch%};
//设置过滤方法
- $this->request->filter(['strip_tags']);
+ $this->request->filter(['strip_tags', 'trim']);
if ($this->request->isAjax())
{
//如果发送的来源是Selectpage,则转发到Selectpage
diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php
index 56f2b7e..185200e 100644
--- a/application/admin/controller/Index.php
+++ b/application/admin/controller/Index.php
@@ -22,6 +22,8 @@ class Index extends Backend
public function _initialize()
{
parent::_initialize();
+ //移除HTML标签
+ $this->request->filter('trim,strip_tags,htmlspecialchars');
}
/**
diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php
index 1054e6e..ed68db8 100644
--- a/application/admin/library/Auth.php
+++ b/application/admin/library/Auth.php
@@ -59,7 +59,7 @@ class Auth extends \fast\Auth
}
$admin->loginfailure = 0;
$admin->logintime = time();
- $admin->loginip = request()->ip(0, false);
+ $admin->loginip = request()->ip();
$admin->token = Random::uuid();
$admin->save();
Session::set("admin", $admin->toArray());
@@ -103,7 +103,7 @@ class Auth extends \fast\Auth
if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token)) {
return false;
}
- $ip = request()->ip(0, false);
+ $ip = request()->ip();
//IP有变动
if ($admin->loginip != $ip) {
return false;
@@ -183,11 +183,16 @@ class Auth extends \fast\Auth
if (Config::get('fastadmin.login_unique')) {
$my = Admin::get($admin['id']);
if (!$my || $my['token'] != $admin['token']) {
+ $this->logout();
return false;
}
}
- if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip(0, false)) {
- return false;
+ //判断管理员IP是否变动
+ if (Config::get('fastadmin.loginip_check')) {
+ if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
+ $this->logout();
+ return false;
+ }
}
$this->logined = true;
return true;
diff --git a/application/admin/model/AdminLog.php b/application/admin/model/AdminLog.php
index 5f95112..e0d92af 100644
--- a/application/admin/model/AdminLog.php
+++ b/application/admin/model/AdminLog.php
@@ -35,7 +35,7 @@ class AdminLog extends Model
$username = $auth->isLogin() ? $auth->username : __('Unknown');
$content = self::$content;
if (!$content) {
- $content = request()->param();
+ $content = request()->param('', null, 'trim,strip_tags,htmlspecialchars');
foreach ($content as $k => $v) {
if (is_string($v) && strlen($v) > 200 || stripos($k, 'password') !== false) {
unset($content[$k]);
diff --git a/application/admin/view/addon/index.html b/application/admin/view/addon/index.html
index 0d5756b..2c974c1 100644
--- a/application/admin/view/addon/index.html
+++ b/application/admin/view/addon/index.html
@@ -233,6 +233,7 @@
</tbody>
</table>
</script>
+<!--@formatter:off-->
<script id="operatetpl" type="text/html">
<% var labelarr = ['primary', 'success', 'info', 'danger', 'warning']; %>
<% var label = labelarr[item.id % 5]; %>
@@ -240,63 +241,62 @@
<div class="operate" data-id="<%=item.id%>" data-name="<%=item.name%>">
<% if(!addon){ %>
- <% if(typeof item.releaselist !="undefined" && item.releaselist.length>1){%>
- <span class="btn-group">
+ <% if(typeof item.releaselist !="undefined" && item.releaselist.length>1){%>
+ <span class="btn-group">
+ <a href="javascript:;" class="btn btn-xs btn-primary btn-success btn-install"
+ data-type="<%=item.price<=0?'free':'price';%>" data-donateimage="<%=item.donateimage%>"
+ data-version="<%=item.version%>"><i class="fa fa-cloud-download"></i> {:__('Install')}</a>
+ <a class="btn btn-xs btn-success dropdown-toggle" data-toggle="dropdown" href="javascript:;">
+ <span class="fa fa-caret-down"></span>
+ </a>
+ <ul class="dropdown-menu">
+ <% for(var j=0;j< item.releaselist.length;j++){ %>
+ <li><a href="javascript:;" class="btn-install" data-type="<%=item.price<=0?'free':'price';%>"
+ data-donateimage="<%=item.donateimage%>"
+ data-version="<%=item.releaselist[j].version%>"><%=item.releaselist[j].version%></a></li>
+ <% } %>
+ </ul>
+ </span>
+ <% }else{%>
<a href="javascript:;" class="btn btn-xs btn-primary btn-success btn-install"
data-type="<%=item.price<=0?'free':'price';%>" data-donateimage="<%=item.donateimage%>"
data-version="<%=item.version%>"><i class="fa fa-cloud-download"></i> {:__('Install')}</a>
- <a class="btn btn-xs btn-success dropdown-toggle" data-toggle="dropdown" href="javascript:;">
- <span class="fa fa-caret-down"></span>
- </a>
- <ul class="dropdown-menu">
- <% for(var j=0;j< item.releaselist.length;j++){ %>
- <li><a href="javascript:;" class="btn-install" data-type="<%=item.price<=0?'free':'price';%>"
- data-donateimage="<%=item.donateimage%>"
- data-version="<%=item.releaselist[j].version%>"><%=item.releaselist[j].version%></a></li>
- <% } %>
- </ul>
- </span>
- <% }else{%>
- <a href="javascript:;" class="btn btn-xs btn-primary btn-success btn-install"
- data-type="<%=item.price<=0?'free':'price';%>" data-donateimage="<%=item.donateimage%>"
- data-version="<%=item.version%>"><i class="fa fa-cloud-download"></i> {:__('Install')}</a>
- <% } %>
+ <% } %>
- <% if(item.demourl){ %>
- <a href="<%=item.demourl%>" class="btn btn-xs btn-primary btn-info btn-demo" target="_blank">
- <i class="fa fa-flash"></i> {:__('Demo')}
- </a>
- <% } %>
+ <% if(item.demourl){ %>
+ <a href="<%=item.demourl%>" class="btn btn-xs btn-primary btn-info btn-demo" target="_blank">
+ <i class="fa fa-flash"></i> {:__('Demo')}
+ </a>
+ <% } %>
<% } else {%>
- <% if(addon.version!=item.version){%>
- <% if(typeof item.releaselist !="undefined" && item.releaselist.length>1){%>
- <span class="btn-group">
- <a href="javascript:;" class="btn btn-xs btn-info btn-success btn-upgrade"
- data-version="<%=item.version%>"><i class="fa fa-cloud"></i> {:__('Upgrade')}</a>
- <a class="btn btn-xs btn-info dropdown-toggle" data-toggle="dropdown"
- href="javascript:;">
- <span class="fa fa-caret-down"></span>
- </a>
- <ul class="dropdown-menu">
- <% for(var j=0;j< item.releaselist.length;j++){ %>
- <li><a href="javascript:;" class="btn-upgrade"
- data-version="<%=item.releaselist[j].version%>"><%=item.releaselist[j].version%></a></li>
- <% } %>
- </ul>
- </span>
- <% }else{%>
- <a href="javascript:;" class="btn btn-xs btn-info btn-upgrade" title="{:__('Upgrade')}" data-version="<%=item.version%>"><i
- class="fa fa-cloud"></i> {:__('Upgrade')}</a>
- <% }%>
- <% }%>
- <% if(addon.config){ %>
- <a href="javascript:;" class="btn btn-xs btn-primary btn-config" title="{:__('Setting')}"><i class="fa fa-pencil"></i>
- {:__('Setting')}</a>
+ <% if(addon.version!=item.version){%>
+ <% if(typeof item.releaselist !="undefined" && item.releaselist.length>1){%>
+ <span class="btn-group">
+ <a href="javascript:;" class="btn btn-xs btn-info btn-success btn-upgrade"
+ data-version="<%=item.version%>"><i class="fa fa-cloud"></i> {:__('Upgrade')}</a>
+ <a class="btn btn-xs btn-info dropdown-toggle" data-toggle="dropdown"
+ href="javascript:;">
+ <span class="fa fa-caret-down"></span>
+ </a>
+ <ul class="dropdown-menu">
+ <% for(var j=0;j< item.releaselist.length;j++){ %>
+ <li><a href="javascript:;" class="btn-upgrade"
+ data-version="<%=item.releaselist[j].version%>"><%=item.releaselist[j].version%></a></li>
+ <% } %>
+ </ul>
+ </span>
+ <% }else{%>
+ <a href="javascript:;" class="btn btn-xs btn-info btn-upgrade" title="{:__('Upgrade')}" data-version="<%=item.version%>"><i
+ class="fa fa-cloud"></i> {:__('Upgrade')}</a>
+ <% }%>
+ <% }%>
+ <% if(addon.config){ %>
+ <a href="javascript:;" class="btn btn-xs btn-primary btn-config" title="{:__('Setting')}"><i class="fa fa-pencil"></i>
+ {:__('Setting')}</a>
+ <% } %>
+ <a href="javascript:;" class="btn btn-xs btn-danger btn-uninstall" title="{:__('Uninstall')}"><i class="fa fa-times"></i>
+ {:__('Uninstall')}</a>
<% } %>
- <a href="javascript:;" class="btn btn-xs btn-danger btn-uninstall" title="{:__('Uninstall')}"><i class="fa fa-times"></i>
- {:__('Uninstall')}</a>
- <% } %>
-
-
</div>
-</script>
\ No newline at end of file
+</script>
+<!--@formatter:on-->
\ No newline at end of file
diff --git a/application/admin/view/auth/adminlog/detail.html b/application/admin/view/auth/adminlog/detail.html
index b63f943..2adb905 100644
--- a/application/admin/view/auth/adminlog/detail.html
+++ b/application/admin/view/auth/adminlog/detail.html
@@ -9,7 +9,7 @@
{volist name="row" id="vo" }
<tr>
<td>{:__($key)}</td>
- <td>{$vo}</td>
+ <td>{$vo|htmlentities}</td>
</tr>
{/volist}
</tbody>
diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php
index 102199d..5822241 100644
--- a/application/common/library/Auth.php
+++ b/application/common/library/Auth.php
@@ -256,7 +256,7 @@ class Auth
try {
$salt = Random::alnum();
$newpassword = $this->getEncryptPassword($newpassword, $salt);
- $this->_user->save(['password' => $newpassword, 'salt' => $salt]);
+ $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
Token::delete($this->_token);
//修改密码成功的事件
@@ -298,6 +298,8 @@ class Auth
//记录本次登录的IP和时间
$user->loginip = $ip;
$user->logintime = $time;
+ //重置登录失败次数
+ $user->loginfailure = 0;
$user->save();
diff --git a/application/config.php b/application/config.php
index cdd9493..64fda49 100755
--- a/application/config.php
+++ b/application/config.php
@@ -265,6 +265,8 @@ return [
'login_failure_retry' => true,
//是否同一账号同一时间只能在一个地方登录
'login_unique' => false,
+ //是否开启IP变动检测
+ 'loginip_check' => true,
//登录页默认背景图
'login_background' => "/assets/img/loginbg.jpg",
//是否启用多级菜单导航
@@ -272,7 +274,7 @@ return [
//自动检测更新
'checkupdate' => false,
//版本号
- 'version' => '1.0.0.20190930_beta',
+ 'version' => '1.0.0.20191101_beta',
//API接口地址
'api_url' => 'https://api.fastadmin.net',
],
diff --git a/public/assets/js/backend/addon.js b/public/assets/js/backend/addon.js
index 1349bfe..94e9d9a 100644
--- a/public/assets/js/backend/addon.js
+++ b/public/assets/js/backend/addon.js
@@ -441,19 +441,17 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'template'], function
var userinfo = Controller.api.userinfo.get();
var uid = userinfo ? userinfo.id : 0;
- if ($(that).data("type") !== 'free') {
- if (parseInt(uid) === 0) {
- return Layer.alert(__('Not login tips'), {
- title: __('Warning'),
- btn: [__('Login now'), __('Continue install')],
- yes: function (index, layero) {
- $(".btn-userinfo").trigger("click");
- },
- btn2: function () {
- install(name, version, false);
- }
- });
- }
+ if (parseInt(uid) === 0) {
+ return Layer.alert(__('Not login tips'), {
+ title: __('Warning'),
+ btn: [__('Login now')],
+ yes: function (index, layero) {
+ $(".btn-userinfo").trigger("click");
+ },
+ btn2: function () {
+ install(name, version, false);
+ }
+ });
}
install(name, version, false);
});
diff --git a/public/assets/js/fast.js b/public/assets/js/fast.js
index 388ebdd..695ab00 100644
--- a/public/assets/js/fast.js
+++ b/public/assets/js/fast.js
@@ -83,7 +83,7 @@ define(['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, undefine
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {
diff --git a/public/assets/js/require-backend.min.js b/public/assets/js/require-backend.min.js
index 4c292c2..2eb7127 100644
--- a/public/assets/js/require-backend.min.js
+++ b/public/assets/js/require-backend.min.js
@@ -743,7 +743,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {
diff --git a/public/assets/js/require-frontend.min.js b/public/assets/js/require-frontend.min.js
index c2c58e0..a9e1774 100644
--- a/public/assets/js/require-frontend.min.js
+++ b/public/assets/js/require-frontend.min.js
@@ -736,7 +736,7 @@ define('fast',['jquery', 'bootstrap', 'toastr', 'layer', 'lang'], function ($, u
Fast.events.onAjaxError(ret, error);
}
}, options);
- $.ajax(options);
+ return $.ajax(options);
},
//修复URL
fixurl: function (url) {
--
libgit2 0.24.0