From 5cd6b108f0ceac96caf48580b40ed20a17f051f4 Mon Sep 17 00:00:00 2001 From: net909 Date: Thu, 23 May 2024 16:26:40 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9syskey=E5=AD=98=E5=82=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .example.env | 1 - app/controller/Auth.php | 6 +++--- app/controller/Domain.php | 2 +- app/controller/Install.php | 3 ++- app/middleware/AuthUser.php | 2 +- app/middleware/LoadConfig.php | 4 ++++ app/view/index/error.html | 23 ----------------------- 7 files changed, 11 insertions(+), 30 deletions(-) delete mode 100644 app/view/index/error.html diff --git a/.example.env b/.example.env index 1a50053..95e1469 100644 --- a/.example.env +++ b/.example.env @@ -2,7 +2,6 @@ APP_DEBUG = false [APP] DEFAULT_TIMEZONE = Asia/Shanghai -SYS_KEY = {syskey} [DATABASE] TYPE = mysql diff --git a/app/controller/Auth.php b/app/controller/Auth.php index e744ad1..389cb2c 100644 --- a/app/controller/Auth.php +++ b/app/controller/Auth.php @@ -47,7 +47,7 @@ class Auth extends BaseController DB::name('user')->where('id', $user['id'])->update(['lasttime' => date("Y-m-d H:i:s")]); $session = md5($user['id'].$user['password']); $expiretime = time()+2562000; - $token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key')); + $token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key')); cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]); if (file_exists($login_limit_file)) { unlink($login_limit_file); @@ -93,7 +93,7 @@ class Auth extends BaseController if($timestamp < time()-300 || $timestamp > time()+300){ return $this->alert('error', '时间戳无效'); } - if(md5(env('app.sys_key').$domain.$timestamp.$token.env('app.sys_key')) !== $sign){ + if(md5(config_get('sys_key').$domain.$timestamp.$token.config_get('sys_key')) !== $sign){ return $this->alert('error', '签名错误'); } if($token != cache('quicklogin_'.$domain)){ @@ -111,7 +111,7 @@ class Auth extends BaseController $session = md5($row['id'].$row['name']); $expiretime = time()+2562000; - $token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key')); + $token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key')); cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]); return redirect('/record/'.$row['id']); } diff --git a/app/controller/Domain.php b/app/controller/Domain.php index 726ac4e..565c613 100644 --- a/app/controller/Domain.php +++ b/app/controller/Domain.php @@ -291,7 +291,7 @@ class Domain extends BaseController $token = getSid(); cache('quicklogin_'.$drow['name'], $token, 3600); $timestamp = time(); - $sign = md5(env('app.sys_key').$drow['name'].$timestamp.$token.env('app.sys_key')); + $sign = md5(config_get('sys_key').$drow['name'].$timestamp.$token.config_get('sys_key')); $drow['loginurl'] = request()->root(true).'/quicklogin?domain='.$drow['name'].'×tamp='.$timestamp.'&token='.$token.'&sign='.$sign; } diff --git a/app/controller/Install.php b/app/controller/Install.php index 3f39265..0b0ceb9 100644 --- a/app/controller/Install.php +++ b/app/controller/Install.php @@ -29,7 +29,7 @@ class Install extends BaseController } $configdata = file_get_contents(app()->getRootPath().'.example.env'); - $configdata = str_replace(['{syskey}','{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [random(16), $mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata); + $configdata = str_replace(['{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [$mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata); try{ $DB=new PDO("mysql:host=".$mysql_host.";dbname=".$mysql_name.";port=".$mysql_port,$mysql_user,$mysql_pwd); @@ -53,6 +53,7 @@ class Install extends BaseController $sqls=explode(';', $sqls); $password = password_hash($admin_password, PASSWORD_DEFAULT); + $sqls[]="REPLACE INTO `".$mysql_prefix."config` VALUES ('sys_key', '".random(16)."')"; $sqls[]="INSERT INTO `".$mysql_prefix."user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('".addslashes($admin_username)."', '$password', 2, NOW(), NOW(), 1)"; $success=0;$error=0;$errorMsg=null; diff --git a/app/middleware/AuthUser.php b/app/middleware/AuthUser.php index d2f2c81..07b78b2 100644 --- a/app/middleware/AuthUser.php +++ b/app/middleware/AuthUser.php @@ -13,7 +13,7 @@ class AuthUser $cookie = cookie('user_token'); $user = null; if($cookie){ - $token=authcode($cookie, 'DECODE', env('app.sys_key')); + $token=authcode($cookie, 'DECODE', config_get('sys_key')); if($token){ list($type, $uid, $sid, $expiretime) = explode("\t", $token); if($type == 'user'){ diff --git a/app/middleware/LoadConfig.php b/app/middleware/LoadConfig.php index 8de6485..f9c0ff8 100644 --- a/app/middleware/LoadConfig.php +++ b/app/middleware/LoadConfig.php @@ -31,6 +31,10 @@ class LoadConfig try{ $res = Db::name('config')->cache('configs',0)->column('value','key'); + if(empty($res['sys_key']) && !empty(env('app.sys_key'))){ + config_set('sys_key', env('app.sys_key')); + $res['sys_key'] = env('app.sys_key'); + } Config::set($res, 'sys'); }catch(Exception $e){ if(!strpos($e->getMessage(), 'doesn\'t exist')){ diff --git a/app/view/index/error.html b/app/view/index/error.html deleted file mode 100644 index 4841d4b..0000000 --- a/app/view/index/error.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - 抱歉,出错了 - - - - -
-
-
-

{$errmsg}

-
-
- - - \ No newline at end of file