修改syskey存储

2024-11-15 19:22:22 +08:00 · 2024-05-23 16:26:40 +08:00 · 2024-05-23 16:26:40 +08:00 · 5cd6b108f0
commit 5cd6b108f0
parent 424d2c8132
7 changed files with 11 additions and 30 deletions
--- a/.example.env
+++ b/.example.env
@ -2,7 +2,6 @@ APP_DEBUG = false

 [APP]
 DEFAULT_TIMEZONE = Asia/Shanghai
-SYS_KEY = {syskey}

 [DATABASE]
 TYPE = mysql
--- a/app/controller/Auth.php
+++ b/app/controller/Auth.php
@ -47,7 +47,7 @@ class Auth extends BaseController
                DB::name('user')->where('id', $user['id'])->update(['lasttime' => date("Y-m-d H:i:s")]);
                $session = md5($user['id'].$user['password']);
                $expiretime = time()+2562000;
-                $token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key'));
+                $token = authcode("user\t{$user['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key'));
                cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]);
                if (file_exists($login_limit_file)) {
                    unlink($login_limit_file);
@ -93,7 +93,7 @@ class Auth extends BaseController
        if($timestamp < time()-300 || $timestamp > time()+300){
            return $this->alert('error', '时间戳无效');
        }
-        if(md5(env('app.sys_key').$domain.$timestamp.$token.env('app.sys_key')) !== $sign){
+        if(md5(config_get('sys_key').$domain.$timestamp.$token.config_get('sys_key')) !== $sign){
            return $this->alert('error', '签名错误');
        }
        if($token != cache('quicklogin_'.$domain)){
@ -111,7 +111,7 @@ class Auth extends BaseController

        $session = md5($row['id'].$row['name']);
        $expiretime = time()+2562000;
-        $token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', env('app.sys_key'));
+        $token = authcode("domain\t{$row['id']}\t{$session}\t{$expiretime}", 'ENCODE', config_get('sys_key'));
        cookie('user_token', $token, ['expire' => $expiretime, 'httponly' => true]);
        return redirect('/record/'.$row['id']);
    }
--- a/app/controller/Domain.php
+++ b/app/controller/Domain.php
@ -291,7 +291,7 @@ class Domain extends BaseController
            $token = getSid();
            cache('quicklogin_'.$drow['name'], $token, 3600);
            $timestamp = time();
-            $sign = md5(env('app.sys_key').$drow['name'].$timestamp.$token.env('app.sys_key'));
+            $sign = md5(config_get('sys_key').$drow['name'].$timestamp.$token.config_get('sys_key'));
            $drow['loginurl'] = request()->root(true).'/quicklogin?domain='.$drow['name'].'&timestamp='.$timestamp.'&token='.$token.'&sign='.$sign;
        }

--- a/app/controller/Install.php
+++ b/app/controller/Install.php
@ -29,7 +29,7 @@ class Install extends BaseController
            }

            $configdata = file_get_contents(app()->getRootPath().'.example.env');
-            $configdata = str_replace(['{syskey}','{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [random(16), $mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata);
+            $configdata = str_replace(['{dbhost}','{dbname}','{dbuser}','{dbpwd}','{dbport}','{dbprefix}'], [$mysql_host, $mysql_name, $mysql_user, $mysql_pwd, $mysql_port, $mysql_prefix], $configdata);

            try{
                $DB=new PDO("mysql:host=".$mysql_host.";dbname=".$mysql_name.";port=".$mysql_port,$mysql_user,$mysql_pwd);
@ -53,6 +53,7 @@ class Install extends BaseController
            $sqls=explode(';', $sqls);

            $password = password_hash($admin_password, PASSWORD_DEFAULT);
+            $sqls[]="REPLACE INTO `".$mysql_prefix."config` VALUES ('sys_key', '".random(16)."')";
            $sqls[]="INSERT INTO `".$mysql_prefix."user` (`username`,`password`,`level`,`regtime`,`lasttime`,`status`) VALUES ('".addslashes($admin_username)."', '$password', 2, NOW(), NOW(), 1)";

            $success=0;$error=0;$errorMsg=null;
--- a/app/middleware/AuthUser.php
+++ b/app/middleware/AuthUser.php
@ -13,7 +13,7 @@ class AuthUser
        $cookie = cookie('user_token');
        $user = null;
        if($cookie){
-            $token=authcode($cookie, 'DECODE', env('app.sys_key'));
+            $token=authcode($cookie, 'DECODE', config_get('sys_key'));
            if($token){
                list($type, $uid, $sid, $expiretime) = explode("\t", $token);
                if($type == 'user'){
--- a/app/middleware/LoadConfig.php
+++ b/app/middleware/LoadConfig.php
@ -31,6 +31,10 @@ class LoadConfig
        
        try{
            $res = Db::name('config')->cache('configs',0)->column('value','key');
+            if(empty($res['sys_key']) && !empty(env('app.sys_key'))){
+                config_set('sys_key', env('app.sys_key'));
+                $res['sys_key'] = env('app.sys_key');
+            }
            Config::set($res, 'sys');
        }catch(Exception $e){
            if(!strpos($e->getMessage(), 'doesn\'t exist')){
--- a/app/view/index/error.html
+++ b/app/view/index/error.html
@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="UTF-8">
-    <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
-    <title>抱歉，出错了</title>
-    <link href="//res.wx.qq.com/open/libs/weui/0.4.3/weui.css" rel="stylesheet">
-    <style>.page{position:absolute;top:0;right:0;bottom:0;left:0;overflow-y:auto;-webkit-overflow-scrolling:touch;box-sizing:border-box}</style>
-</head>
-<body>
-    <div class="weui_msg">
-        <div class="weui_icon_area"><i class="weui_icon_info weui_icon_msg"></i></div>
-        <div class="weui_text_area">
-            <h4 class="weui_msg_title">{$errmsg}</h4>
-        </div>
-    </div>
-<script>
-document.body.addEventListener('touchmove', function (event) {
-	event.preventDefault();
-},{ passive: false });
-</script>
-</body>
-</html>