diff --git a/web/admin/common.php b/web/admin/common.php index f12be76..9de209c 100644 --- a/web/admin/common.php +++ b/web/admin/common.php @@ -17,9 +17,12 @@ * get/set/del memvar 从SaaS内存表中读写变量 */ -$tokenfield = "ciyadm"; -$tokensalt = "ast34h$3"; //做数据加解密时的加密因子,每个项目都不要相同。 -$logpath = PATH_ROOT . 'log/'; +$_token = array(); +$_token['type'] = 'cookie'; //cookie(更安全) 、 localstorage(兼容性好) +$_token['swapsec'] = 10; //更换JWT时间 +$_token['expsec'] = 86400; //过期退出时间 +$_token['field'] = 'ciyadm'; +$_token['salt'] = 'ast34h$3'; //做数据加解密时的加密因子,每个项目都不要相同。 function verifyfast() { $rsuser = verifyuser(); @@ -29,13 +32,14 @@ function verifyfast() { } function verifyuser() { global $db; - global $tokensalt; - global $tokenfield; - if (isset($_SERVER['HTTP_' . strtoupper($tokenfield)])) - $ciyauth = $_SERVER['HTTP_' . strtoupper($tokenfield)]; + global $_token; + if (isset($_COOKIE[$_token['field']])) + $ciyauth = $_COOKIE[$_token['field']]; + else if (isset($_SERVER['HTTP_CIYAUTH'])) + $ciyauth = $_SERVER['HTTP_CIYAUTH']; else - $ciyauth = get('_' . $tokenfield); - $auth = json_decode(encrypt($ciyauth, 'D', $tokensalt), true); + $ciyauth = get('_ciyauth'); + $auth = json_decode(encrypt($ciyauth, 'D', $_token['salt']), true); if ($auth == null) return null; $csql = new \ciy\sql('zc_online'); //弃用redis集群 @@ -47,6 +51,8 @@ function verifyuser() { return null; if ($onlinerow['sid'] != $auth['_s']) return null; + if ($onlinerow['exptimes'] < time() - $_token['expsec']) + return null; if ($onlinerow['usrchg'] == 9) { $csql = new \ciy\sql('zc_admin'); $csql->where('id', $auth['id']); @@ -57,18 +63,27 @@ function verifyuser() { return null; } if ($onlinerow['usrchg'] == 2) { - header($tokenfield . 're: true'); + header('_re: true'); } if ($onlinerow['exptimes'] > time()) return $auth; - $exp = time() + 86400; + $exp = time() + $_token['swapsec']; $sid = randstr(10); $auth['_s'] = $sid; if ($db->execute('update zc_online set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['_o'])) === false) return null; $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); - $enauth = encrypt($authstr, 'E', $tokensalt); - header($tokenfield . ': ' . $enauth); + $enauth = encrypt($authstr, 'E', $_token['salt']); + + if ($_token['type'] == 'cookie') { + $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly'; + if (ishttps()) + $headercookie .= '; SameSite=None; Secure'; + header($headercookie); //Cookie方式,安全性好 + } else { + $_token['__ciyauth'] = $enauth; //Localstorage方式,兼容性更好 + //header('_ciyauth: ' . $enauth); + } return $auth; } //true无权限,false有权限 @@ -81,7 +96,7 @@ function nopower($db, $userid, $chkpower) { return true; if (strlen($chkpower) < 3) return true; - if($userid == 10) + if ($userid == 10) return false; $pows = explode('.', $mepower); foreach ($pows as $p) { @@ -216,10 +231,10 @@ function delmemvar($db, $types) { function addcats($cat, $val) { $cats = explode(',', $cat); - $cats = array_filter($cats, function($value) { + $cats = array_filter($cats, function ($value) { return !empty($value); }); if (!in_array($val, $cats)) - $cats[] = $val; + $cats[] = $val; return ',' . implode(',', $cats) . ','; } diff --git a/web/admin/demo/demo_css.html b/web/admin/demo/demo_css.html index 37e8450..99eb8fa 100644 --- a/web/admin/demo/demo_css.html +++ b/web/admin/demo/demo_css.html @@ -139,13 +139,12 @@ fieldset/legend box tips
原子css
 txt-sm/smm/smmm txt-lg/lgg/lggg txt-left/center/right/just
-txt-wb 加粗 txt-wl 细线 txt-un 下划线 txt-un-hover 悬停下划线
+txt-wb 加粗 txt-wl 细线 txt-un 下划线
 txt[1-9] bg[1-9] px[1-4] py[1-4] r[1-5]
 cursor-p/d txt-nowrap txt-over
 flex flex-center flex-top
 flex1 flexnone
-auto-w auto-wmin
-hide noselect tran5 tran1
+hide noselect tran5
 sta abs fix rel sti r0 l0 t0 b0 r1 l1 t1 b1
diff --git a/web/admin/index.html b/web/admin/index.html index 64f2f88..4fc1559 100644 --- a/web/admin/index.html +++ b/web/admin/index.html @@ -586,10 +586,6 @@ html += '
  • ' + ciyfn.lang(opn.menu[i].name) + '
    • '; } $5('.ciy-logo').after(html); - function logout() { - ciyfn.setstorage(ciy_vars.tokenfield, ''); - location.href = '/' + ciy_vars.loginurl; - } html = ''; if (opn.mnufav.length > 0) { diff --git a/web/admin/login.php b/web/admin/login.php index bebf32f..ac38e4e 100644 --- a/web/admin/login.php +++ b/web/admin/login.php @@ -1,10 +1,11 @@ get('user'); if (empty($user)) @@ -39,12 +40,12 @@ class login { $csql = new \ciy\sql('zc_admin'); $csql->where('id', $rsuser['id']); $db->update($csql, $updata); - savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误 密码1:[' . md5('1' . $tokensalt) . ']'); + savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误 密码1:[' . md5('1' . $_token['salt']) . ']'); return errjson('用户名或密码错误.'); } $id = $rsuser['id']; $db->execute('delete from zc_online where exptimesupdate($csql, $updata) === false) return errjson('user数据库更新失败:' . $db->error); - $auth = array(); - $auth['id'] = $id; - $auth['_o'] = $oid; - $auth['_s'] = $sid; - $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); - - $enauth = encrypt($authstr, 'E', $tokensalt); - header($tokenfield . ': ' . $enauth); savelog($db, $rsuser['id'], 'LOGIN', '登录成功'); - return self::getsync($rsuser); + return self::getsync($rsuser, $oid, $sid); } public static function json_restorage() { global $db; @@ -85,8 +78,26 @@ class login { $db->execute('update zc_online set usrchg=0 where id=?', array($rsuser['_o'])); return self::getsync($userrow); } - static function getsync($userrow) { + static function getsync($userrow, $oid = 0, $sid = '') { global $db; + global $_token; + if ($oid > 0) { + $auth = array(); + $auth['id'] = $userrow['id']; + $auth['_o'] = $oid; + $auth['_s'] = $sid; + $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); + $enauth = encrypt($authstr, 'E', $_token['salt']); + if ($_token['type'] == 'cookie') { + $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly'; + if(ishttps()) + $headercookie.= '; SameSite=None; Secure'; + header($headercookie); + } else { + $ret['_ciyauth'] = $enauth; + //header('_ciyauth: ' . $enauth); + } + } $ret['storage'] = array(); $csql = new \ciy\sql('zc_admin'); $csql->column('id,name'); @@ -109,7 +120,7 @@ class login { $ret['me']['sex'] = $userrow['sex']; $ret['me']['name'] = $userrow['name']; $power = $userrow['power']; - if($userrow['id'] == 10) + if ($userrow['id'] == 10) $power = '.*.'; $ret['me']['power'] = $power; $ret['me']['needpass'] = empty($userrow['password']); diff --git a/web/admin/rigger/cata.html b/web/admin/rigger/cata.html index 59bc07f..39b36d1 100644 --- a/web/admin/rigger/cata.html +++ b/web/admin/rigger/cata.html @@ -45,7 +45,7 @@ -
    +
    diff --git a/web/admin/welcome.php b/web/admin/welcome.php index a3af699..54be6bb 100644 --- a/web/admin/welcome.php +++ b/web/admin/welcome.php @@ -5,6 +5,7 @@ namespace web\admin; class welcome { public static function json_init() { global $db; + $rsuser = verifyfast(); $works = array(); $csql = new \ciy\sql('ap_usr_real_apply'); diff --git a/web/jscss/ciy.js b/web/jscss/ciy.js index 8787539..cff3808 100644 --- a/web/jscss/ciy.js +++ b/web/jscss/ciy.js @@ -1106,6 +1106,7 @@ ciyfn.ajax = function (opn) { //IE8 OK url += datastr; } var request = new XMLHttpRequest(); + request.withCredentials = true; request.open(method, url, true); if (typeof (header) == 'object') { for (var i in header) { diff --git a/web/jscss/ciycmp2.js b/web/jscss/ciycmp2.js index f2aa6c1..f6635f7 100644 --- a/web/jscss/ciycmp2.js +++ b/web/jscss/ciycmp2.js @@ -952,13 +952,6 @@ ciycmpfunc.ciymarkdown = function (opn) { .mdedit_textcont{display: block;overflow-y: hidden;width:100%;font:17px Helvetica Neue, Helvetica, PingFang SC, \\5FAE\\8F6F\\96C5\\9ED1, Tahoma, Arial, sans-serif;} .mdedit_retit{position: absolute;left: 1em;top: -1.6em;padding: 0.2em 1em;background: var(--bg6);line-height: 1.3em;font-size: 0.8em;border-radius: 5px 5px 0 0;} .mdedit_review{overflow: overlay;border: 1px solid var(--bg6);background:var(--bg2);} - .md-h1 {font-weight: bold;font-size: 1.2em;padding: 0.5em;margin: 0 0.3em;line-height: 1.5em;text-align: left;} - .md-h2 {font-weight: bold;font-size: 1.1em;padding: 0.5em;margin: 0 0.4em;line-height: 1.8em;} - .md-h3 {font-weight: bold;font-size: 1em;padding: 0.5em;margin: 0 1.5em;line-height: 1.5em;} - .md-h4 {font-weight: bold;font-size: 1em;padding: 0.5em;margin: 0 2em;line-height: 1.5em;} - .md-content {font-size: 1.1em;text-indent: 1em;padding: 0.3em 1em;line-height: 2em;white-space: pre-wrap;} - .md-content * {text-indent: 0;} - .md-code {display: inline;padding: 2px 4px;margin: 0 4px;color: #ac0e0e;background-color: #f0f2f2;border-radius: 4px;} `); var html = `
    diff --git a/web/jscss/style.css b/web/jscss/style.css index 24c8e7c..3a692a7 100644 --- a/web/jscss/style.css +++ b/web/jscss/style.css @@ -2437,42 +2437,10 @@ fieldset.tips>div>ul>li { padding-bottom: 1em; } -.r1.r1.r1 { - border-radius: 0.25em; -} - -.r2.r2.r2 { - border-radius: 0.5em; -} - -.r3.r3.r3 { - border-radius: 0.75em; -} - -.r4.r4.r4 { - border-radius: 1em; -} - -.r5.r5.r5 { - border-radius: 2em; -} - .txt-un.txt-un.txt-un, .target { text-decoration: underline; } -.txt-un-hover:hover { - text-decoration: underline; -} - -.cursor-p.cursor-p.cursor-p { - cursor: pointer; -} - -.cursor-d.cursor-d.cursor-d { - cursor: default; -} - .txt-left.txt-left.txt-left { text-align: left; } @@ -2514,18 +2482,6 @@ fieldset.tips>div>ul>li { align-items: center; } -.flex-top.flex-top.flex-top { - align-items: flex-start; -} - -.auto-w.auto-w.auto-w { - width: auto; -} - -.auto-wmin.auto-wmin.auto-wmin { - min-width: auto; -} - .txt-nowrap.txt-nowrap.txt-nowrap { white-space: nowrap; } @@ -2550,11 +2506,6 @@ fieldset.tips>div>ul>li { -webkit-transition: all .5s; } -.tran1.tran1.tran1 { - transition: all 1s; - -webkit-transition: all 1s; -} - .sta.sta.sta { position: static; } diff --git a/zciyphp/comm.php b/zciyphp/comm.php index 93eb8a0..1bdfdc4 100644 --- a/zciyphp/comm.php +++ b/zciyphp/comm.php @@ -210,6 +210,13 @@ function timems() { $comps = explode(' ', $microtime); return (int)sprintf('%d%03d', $comps[1], $comps[0] * 1000); } +function ishttps() { + if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') + return true; + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + return true; + return false; +} function ismobile($mob) { return preg_match('/^1\d{10}$/', $mob); } @@ -798,6 +805,7 @@ function _delmemvar($db, $types) { } function ciy_ouputJSON($retarr, $ms = 0, $uri = '') { global $db; + global $_token; if ($db) { if ($ms > 0) { _setmemvar($db, 'func_runms', array('params+' . $ms)); @@ -816,6 +824,8 @@ function ciy_ouputJSON($retarr, $ms = 0, $uri = '') { else _setmemvar($db, 'func_fail', array('params+1')); } + if (isset($_token['__ciyauth'])) + $retarr['_ciyauth'] = $_token['__ciyauth']; $jsonstr = json_encode($retarr, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_UNICODE); if ($jsonstr === false) { $retarr['errmsg'] = mb_convert_encoding($retarr['errmsg'], 'UTF-8', 'ISO-8859-1');