LiuZhengYu/KunWeb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fromdao

This commit is contained in:
boi 2025-07-10 16:35:09 +08:00
parent ade688f804
commit c1f94c8461
10 changed files with 72 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
web/admin/common.php
View File

@ -17,9 +17,12 @@
* get/set/del memvar 从SaaS内存表中读写变量 * get/set/del memvar 从SaaS内存表中读写变量
*/ */
$tokenfield = "ciyadm"; $_token = array();
$tokensalt = "ast34h$3"; //做数据加解密时的加密因子,每个项目都不要相同。 $_token['type'] = 'cookie'; //cookie(更安全) 、 localstorage(兼容性好)
$logpath = PATH_ROOT . 'log/'; $_token['swapsec'] = 10; //更换JWT时间
$_token['expsec'] = 86400; //过期退出时间
$_token['field'] = 'ciyadm';
$_token['salt'] = 'ast34h$3'; //做数据加解密时的加密因子,每个项目都不要相同。
function verifyfast() { function verifyfast() {
$rsuser = verifyuser(); $rsuser = verifyuser();
@ -29,13 +32,14 @@ function verifyfast() {
} }
function verifyuser() { function verifyuser() {
global $db; global $db;
global $tokensalt; global $_token;
global $tokenfield; if (isset($_COOKIE[$_token['field']]))
if (isset($_SERVER['HTTP_' . strtoupper($tokenfield)])) $ciyauth = $_COOKIE[$_token['field']];
$ciyauth = $_SERVER['HTTP_' . strtoupper($tokenfield)]; else if (isset($_SERVER['HTTP_CIYAUTH']))
$ciyauth = $_SERVER['HTTP_CIYAUTH'];
else else
$ciyauth = get('_' . $tokenfield); $ciyauth = get('_ciyauth');
$auth = json_decode(encrypt($ciyauth, 'D', $tokensalt), true); $auth = json_decode(encrypt($ciyauth, 'D', $_token['salt']), true);
if ($auth == null) if ($auth == null)
return null; return null;
$csql = new \ciy\sql('zc_online'); //弃用redis集群 $csql = new \ciy\sql('zc_online'); //弃用redis集群
@ -47,6 +51,8 @@ function verifyuser() {
return null; return null;
if ($onlinerow['sid'] != $auth['_s']) if ($onlinerow['sid'] != $auth['_s'])
return null; return null;
if ($onlinerow['exptimes'] < time() - $_token['expsec'])
return null;
if ($onlinerow['usrchg'] == 9) { if ($onlinerow['usrchg'] == 9) {
$csql = new \ciy\sql('zc_admin'); $csql = new \ciy\sql('zc_admin');
$csql->where('id', $auth['id']); $csql->where('id', $auth['id']);
@ -57,18 +63,27 @@ function verifyuser() {
return null; return null;
} }
if ($onlinerow['usrchg'] == 2) { if ($onlinerow['usrchg'] == 2) {
header($tokenfield . 're: true'); header('_re: true');
} }
if ($onlinerow['exptimes'] > time()) if ($onlinerow['exptimes'] > time())
return $auth; return $auth;
$exp = time() + 86400; $exp = time() + $_token['swapsec'];
$sid = randstr(10); $sid = randstr(10);
$auth['_s'] = $sid; $auth['_s'] = $sid;
if ($db->execute('update zc_online set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['_o'])) === false) if ($db->execute('update zc_online set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['_o'])) === false)
return null; return null;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $tokensalt); $enauth = encrypt($authstr, 'E', $_token['salt']);
header($tokenfield . ': ' . $enauth);
if ($_token['type'] == 'cookie') {
$headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly';
if (ishttps())
$headercookie .= '; SameSite=None; Secure';
header($headercookie); //Cookie方式安全性好
} else {
$_token['__ciyauth'] = $enauth; //Localstorage方式兼容性更好
//header('_ciyauth: ' . $enauth);
}
return $auth; return $auth;
} }
//true无权限false有权限 //true无权限false有权限
@ -81,7 +96,7 @@ function nopower($db, $userid, $chkpower) {
return true; return true;
if (strlen($chkpower) < 3) if (strlen($chkpower) < 3)
return true; return true;
if($userid == 10) if ($userid == 10)
return false; return false;
$pows = explode('.', $mepower); $pows = explode('.', $mepower);
foreach ($pows as $p) { foreach ($pows as $p) {
@ -216,10 +231,10 @@ function delmemvar($db, $types) {
function addcats($cat, $val) { function addcats($cat, $val) {
$cats = explode(',', $cat); $cats = explode(',', $cat);
$cats = array_filter($cats, function($value) { $cats = array_filter($cats, function ($value) {
return !empty($value); return !empty($value);
}); });
if (!in_array($val, $cats)) if (!in_array($val, $cats))
$cats[] = $val; $cats[] = $val;
return ',' . implode(',', $cats) . ','; return ',' . implode(',', $cats) . ',';
} }

5
web/admin/demo/demo_css.html
View File

@ -139,13 +139,12 @@ fieldset/legend box tips
<blockquote>原子css</blockquote> <blockquote>原子css</blockquote>
<pre> <pre>
txt-sm/smm/smmm txt-lg/lgg/lggg txt-left/center/right/just txt-sm/smm/smmm txt-lg/lgg/lggg txt-left/center/right/just
txt-wb 加粗 txt-wl 细线 txt-un 下划线 txt-un-hover 悬停下划线 txt-wb 加粗 txt-wl 细线 txt-un 下划线
txt[1-9] bg[1-9] px[1-4] py[1-4] r[1-5] txt[1-9] bg[1-9] px[1-4] py[1-4] r[1-5]
cursor-p/d txt-nowrap txt-over cursor-p/d txt-nowrap txt-over
flex flex-center flex-top flex flex-center flex-top
flex1 flexnone flex1 flexnone
auto-w auto-wmin hide noselect tran5
hide noselect tran5 tran1
sta abs fix rel sti r0 l0 t0 b0 r1 l1 t1 b1 sta abs fix rel sti r0 l0 t0 b0 r1 l1 t1 b1
</pre> </pre>
<script type="text/javascript" src="/jscss/ciy.js"></script> <script type="text/javascript" src="/jscss/ciy.js"></script>

4
web/admin/index.html
View File

@ -586,10 +586,6 @@
html += '<li ' + createlipropurl(opn.menu[i].url) + '><a>' + ciyfn.lang(opn.menu[i].name) + '</a></li>'; html += '<li ' + createlipropurl(opn.menu[i].url) + '><a>' + ciyfn.lang(opn.menu[i].name) + '</a></li>';
} }
$5('.ciy-logo').after(html); $5('.ciy-logo').after(html);
function logout() {
ciyfn.setstorage(ciy_vars.tokenfield, '');
location.href = '/' + ciy_vars.loginurl;
}
html = ''; html = '';
if (opn.mnufav.length > 0) { if (opn.mnufav.length > 0) {

41
web/admin/login.php
View File

@ -1,10 +1,11 @@
<?php <?php
namespace web\admin; namespace web\admin;
class login { class login {
public static function json_login() { public static function json_login() {
global $db; global $db;
global $tokenfield; global $_token;
global $tokensalt;
$post = new \ciy\post(); $post = new \ciy\post();
$user = $post->get('user'); $user = $post->get('user');
if (empty($user)) if (empty($user))
@ -39,12 +40,12 @@ class login {
$csql = new \ciy\sql('zc_admin'); $csql = new \ciy\sql('zc_admin');
$csql->where('id', $rsuser['id']); $csql->where('id', $rsuser['id']);
$db->update($csql, $updata); $db->update($csql, $updata);
savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误 密码1:[' . md5('1' . $tokensalt) . ']'); savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误 密码1:[' . md5('1' . $_token['salt']) . ']');
return errjson('用户名或密码错误.'); return errjson('用户名或密码错误.');
} }
$id = $rsuser['id']; $id = $rsuser['id'];
$db->execute('delete from zc_online where exptimes<? and user=?', array(time(), $id)); $db->execute('delete from zc_online where exptimes<? and user=?', array(time(), $id));
$exp = tostamp() + 86400; //默认三天过期,每天换秘钥 $exp = tostamp() + $_token['swapsec']; //默认三天过期,每天换秘钥
$sid = randstr(10); $sid = randstr(10);
$updata = array(); $updata = array();
$updata['user'] = $id; $updata['user'] = $id;
@ -65,16 +66,8 @@ class login {
if ($db->update($csql, $updata) === false) if ($db->update($csql, $updata) === false)
return errjson('user数据库更新失败:' . $db->error); return errjson('user数据库更新失败:' . $db->error);
$auth = array();
$auth['id'] = $id;
$auth['_o'] = $oid;
$auth['_s'] = $sid;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $tokensalt);
header($tokenfield . ': ' . $enauth);
savelog($db, $rsuser['id'], 'LOGIN', '登录成功'); savelog($db, $rsuser['id'], 'LOGIN', '登录成功');
return self::getsync($rsuser); return self::getsync($rsuser, $oid, $sid);
} }
public static function json_restorage() { public static function json_restorage() {
global $db; global $db;
@ -85,8 +78,26 @@ class login {
$db->execute('update zc_online set usrchg=0 where id=?', array($rsuser['_o'])); $db->execute('update zc_online set usrchg=0 where id=?', array($rsuser['_o']));
return self::getsync($userrow); return self::getsync($userrow);
} }
static function getsync($userrow) { static function getsync($userrow, $oid = 0, $sid = '') {
global $db; global $db;
global $_token;
if ($oid > 0) {
$auth = array();
$auth['id'] = $userrow['id'];
$auth['_o'] = $oid;
$auth['_s'] = $sid;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $_token['salt']);
if ($_token['type'] == 'cookie') {
$headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly';
if(ishttps())
$headercookie.= '; SameSite=None; Secure';
header($headercookie);
} else {
$ret['_ciyauth'] = $enauth;
//header('_ciyauth: ' . $enauth);
}
}
$ret['storage'] = array(); $ret['storage'] = array();
$csql = new \ciy\sql('zc_admin'); $csql = new \ciy\sql('zc_admin');
$csql->column('id,name'); $csql->column('id,name');
@ -109,7 +120,7 @@ class login {
$ret['me']['sex'] = $userrow['sex']; $ret['me']['sex'] = $userrow['sex'];
$ret['me']['name'] = $userrow['name']; $ret['me']['name'] = $userrow['name'];
$power = $userrow['power']; $power = $userrow['power'];
if($userrow['id'] == 10) if ($userrow['id'] == 10)
$power = '.*.'; $power = '.*.';
$ret['me']['power'] = $power; $ret['me']['power'] = $power;
$ret['me']['needpass'] = empty($userrow['password']); $ret['me']['needpass'] = empty($userrow['password']);

2
web/admin/rigger/cata.html
View File

@ -45,7 +45,7 @@
<ciy-radio com="multi_format" value="1"></ciy-radio> <ciy-radio com="multi_format" value="1"></ciy-radio>
</div> </div>
</div> </div>
<div class="ciy-form flex-top"> <div class="ciy-form top">
<label class="lang">代码</label> <label class="lang">代码</label>
<div> <div>
<ciy-textarea com="multi_code" minheight="26em"></ciy-textarea> <ciy-textarea com="multi_code" minheight="26em"></ciy-textarea>

1
web/admin/welcome.php
View File

@ -5,6 +5,7 @@ namespace web\admin;
class welcome { class welcome {
public static function json_init() { public static function json_init() {
global $db; global $db;
$rsuser = verifyfast();
$works = array(); $works = array();
$csql = new \ciy\sql('ap_usr_real_apply'); $csql = new \ciy\sql('ap_usr_real_apply');

1
web/jscss/ciy.js
View File

@ -1106,6 +1106,7 @@ ciyfn.ajax = function (opn) { //IE8 OK
url += datastr; url += datastr;
} }
var request = new XMLHttpRequest(); var request = new XMLHttpRequest();
request.withCredentials = true;
request.open(method, url, true); request.open(method, url, true);
if (typeof (header) == 'object') { if (typeof (header) == 'object') {
for (var i in header) { for (var i in header) {

7
web/jscss/ciycmp2.js
View File

@ -952,13 +952,6 @@ ciycmpfunc.ciymarkdown = function (opn) {
.mdedit_textcont{display: block;overflow-y: hidden;width:100%;font:17px Helvetica Neue, Helvetica, PingFang SC, \\5FAE\\8F6F\\96C5\\9ED1, Tahoma, Arial, sans-serif;} .mdedit_textcont{display: block;overflow-y: hidden;width:100%;font:17px Helvetica Neue, Helvetica, PingFang SC, \\5FAE\\8F6F\\96C5\\9ED1, Tahoma, Arial, sans-serif;}
.mdedit_retit{position: absolute;left: 1em;top: -1.6em;padding: 0.2em 1em;background: var(--bg6);line-height: 1.3em;font-size: 0.8em;border-radius: 5px 5px 0 0;} .mdedit_retit{position: absolute;left: 1em;top: -1.6em;padding: 0.2em 1em;background: var(--bg6);line-height: 1.3em;font-size: 0.8em;border-radius: 5px 5px 0 0;}
.mdedit_review{overflow: overlay;border: 1px solid var(--bg6);background:var(--bg2);} .mdedit_review{overflow: overlay;border: 1px solid var(--bg6);background:var(--bg2);}
.md-h1 {font-weight: bold;font-size: 1.2em;padding: 0.5em;margin: 0 0.3em;line-height: 1.5em;text-align: left;}
.md-h2 {font-weight: bold;font-size: 1.1em;padding: 0.5em;margin: 0 0.4em;line-height: 1.8em;}
.md-h3 {font-weight: bold;font-size: 1em;padding: 0.5em;margin: 0 1.5em;line-height: 1.5em;}
.md-h4 {font-weight: bold;font-size: 1em;padding: 0.5em;margin: 0 2em;line-height: 1.5em;}
.md-content {font-size: 1.1em;text-indent: 1em;padding: 0.3em 1em;line-height: 2em;white-space: pre-wrap;}
.md-content * {text-indent: 0;}
.md-code {display: inline;padding: 2px 4px;margin: 0 4px;color: #ac0e0e;background-color: #f0f2f2;border-radius: 4px;}
`); `);
var html = `<input type="hidden" name="${opn.name}" /><input type="file" style="display:none;" multiple/> var html = `<input type="hidden" name="${opn.name}" /><input type="file" style="display:none;" multiple/>
<div class="row" style="padding-top:1.5em;"> <div class="row" style="padding-top:1.5em;">

49
web/jscss/style.css
View File

@ -2437,42 +2437,10 @@ fieldset.tips>div>ul>li {
padding-bottom: 1em; padding-bottom: 1em;
} }
.r1.r1.r1 {
border-radius: 0.25em;
}
.r2.r2.r2 {
border-radius: 0.5em;
}
.r3.r3.r3 {
border-radius: 0.75em;
}
.r4.r4.r4 {
border-radius: 1em;
}
.r5.r5.r5 {
border-radius: 2em;
}
.txt-un.txt-un.txt-un, .target { .txt-un.txt-un.txt-un, .target {
text-decoration: underline; text-decoration: underline;
} }
.txt-un-hover:hover {
text-decoration: underline;
}
.cursor-p.cursor-p.cursor-p {
cursor: pointer;
}
.cursor-d.cursor-d.cursor-d {
cursor: default;
}
.txt-left.txt-left.txt-left { .txt-left.txt-left.txt-left {
text-align: left; text-align: left;
} }
@ -2514,18 +2482,6 @@ fieldset.tips>div>ul>li {
align-items: center; align-items: center;
} }
.flex-top.flex-top.flex-top {
align-items: flex-start;
}
.auto-w.auto-w.auto-w {
width: auto;
}
.auto-wmin.auto-wmin.auto-wmin {
min-width: auto;
}
.txt-nowrap.txt-nowrap.txt-nowrap { .txt-nowrap.txt-nowrap.txt-nowrap {
white-space: nowrap; white-space: nowrap;
} }
@ -2550,11 +2506,6 @@ fieldset.tips>div>ul>li {
-webkit-transition: all .5s; -webkit-transition: all .5s;
} }
.tran1.tran1.tran1 {
transition: all 1s;
-webkit-transition: all 1s;
}
.sta.sta.sta { .sta.sta.sta {
position: static; position: static;
} }

10
zciyphp/comm.php
View File

@ -210,6 +210,13 @@ function timems() {
$comps = explode(' ', $microtime); $comps = explode(' ', $microtime);
return (int)sprintf('%d%03d', $comps[1], $comps[0] * 1000); return (int)sprintf('%d%03d', $comps[1], $comps[0] * 1000);
} }
function ishttps() {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
return true;
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
return true;
return false;
}
function ismobile($mob) { function ismobile($mob) {
return preg_match('/^1\d{10}$/', $mob); return preg_match('/^1\d{10}$/', $mob);
} }
@ -798,6 +805,7 @@ function _delmemvar($db, $types) {
} }
function ciy_ouputJSON($retarr, $ms = 0, $uri = '') { function ciy_ouputJSON($retarr, $ms = 0, $uri = '') {
global $db; global $db;
global $_token;
if ($db) { if ($db) {
if ($ms > 0) { if ($ms > 0) {
_setmemvar($db, 'func_runms', array('params+' . $ms)); _setmemvar($db, 'func_runms', array('params+' . $ms));
@ -816,6 +824,8 @@ function ciy_ouputJSON($retarr, $ms = 0, $uri = '') {
else else
_setmemvar($db, 'func_fail', array('params+1')); _setmemvar($db, 'func_fail', array('params+1'));
} }
if (isset($_token['__ciyauth']))
$retarr['_ciyauth'] = $_token['__ciyauth'];
$jsonstr = json_encode($retarr, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_UNICODE); $jsonstr = json_encode($retarr, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_UNICODE);
if ($jsonstr === false) { if ($jsonstr === false) {
$retarr['errmsg'] = mb_convert_encoding($retarr['errmsg'], 'UTF-8', 'ISO-8859-1'); $retarr['errmsg'] = mb_convert_encoding($retarr['errmsg'], 'UTF-8', 'ISO-8859-1');