From 8ad1182298dceabce38a7ba0ac3b3a3af04af60a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B0=8F=E8=83=A1?= <3203164629@qq.com>
Date: Mon, 29 Jul 2024 14:44:06 +0800
Subject: [PATCH] =?UTF-8?q?=E9=80=82=E9=85=8Dipv6=E5=AE=89=E8=A3=85?=
=?UTF-8?q?=E7=A8=8B=E5=BA=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
admin/login/login.php | 2 +-
core/core_version.php | 4 +-
.../template/default/common/footer_system.htm | 5 ---
install/data/install.sql | 2 +-
install/include/install_function.php | 41 +++++++++++++++----
install/index.php | 8 +---
user/login/logging/login.php | 34 +++++++--------
7 files changed, 55 insertions(+), 41 deletions(-)
diff --git a/admin/login/login.php b/admin/login/login.php
index feefa7e..103175c 100644
--- a/admin/login/login.php
+++ b/admin/login/login.php
@@ -70,7 +70,7 @@ function html_login_form() {
$lang1 = lang();
$maintitle=lang('title_admincp');
$loginuser = $isguest ? '
-
' : '' . $_G['member']['email'] . '
';
+
' : '' . $_G['member']['username'] . '
' . $_G['member']['email'] . '
';
$sid = getglobal('sid');
$avatarstatus=getglobal('avatarstatus','member');
if(!$uid){
diff --git a/core/core_version.php b/core/core_version.php
index 960862e..f8cf9da 100644
--- a/core/core_version.php
+++ b/core/core_version.php
@@ -14,7 +14,7 @@ if(!defined('CORE_VERSION')) {
define('CORE_VERSION', '2.02');
define('CORE_RELEASE', '20180909');
define('CORE_FIXBUG' , '20000000');
- define('CORE_XHVERSION', '1.88.81');
- define('CORE_XHRELEASE', '20240725');
+ define('CORE_XHVERSION', '1.88.82');
+ define('CORE_XHRELEASE', '20240729');
define('CORE_XHFIXBUG' , '20240706');
}
\ No newline at end of file
diff --git a/core/template/default/common/footer_system.htm b/core/template/default/common/footer_system.htm
index 6892218..95784fa 100644
--- a/core/template/default/common/footer_system.htm
+++ b/core/template/default/common/footer_system.htm
@@ -44,11 +44,6 @@ try{
// 过滤或脱敏stack信息(根据需要实现)
reportError(stack);
showmessage(stack, 'error', 3000, 1);
- } else if (event.target && (event.target.src || event.target.href)) {
- // 构造错误信息
- const errorMsg = "fail to load resource: " + (event.target.src || event.target.href);
- reportError(errorMsg);
- showmessage(errorMsg, 'error', 3000, 1);
}
} catch (error) {
// 对reportError和showmessage的调用进行了异常捕获
diff --git a/install/data/install.sql b/install/data/install.sql
index 0bb322b..5fdb8f4 100644
--- a/install/data/install.sql
+++ b/install/data/install.sql
@@ -1371,4 +1371,4 @@ CREATE TABLE dzz_hooks (
PRIMARY KEY (id),
KEY app_market_id (`name`),
KEY priority (priority)
-) ENGINE=MyISAM;
\ No newline at end of file
+) ENGINE=MyISAM;
diff --git a/install/include/install_function.php b/install/include/install_function.php
index 351f484..f17f807 100644
--- a/install/include/install_function.php
+++ b/install/include/install_function.php
@@ -526,20 +526,43 @@ function redirect($url) {
exit();
}
+function validate_ip($ip) {
+ return filter_var($ip, FILTER_VALIDATE_IP) !== false;
+}
function get_onlineip() {
- $onlineip = '';
- if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
- $onlineip = getenv('HTTP_CLIENT_IP');
- } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
- $onlineip = getenv('HTTP_X_FORWARDED_FOR');
- } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
- $onlineip = getenv('REMOTE_ADDR');
- } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
- $onlineip = $_SERVER['REMOTE_ADDR'];
+ $onlineip = $_SERVER['REMOTE_ADDR'];
+ if (isset($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
+ $onlineip = $_SERVER['HTTP_CLIENT_IP'];
+ } elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ",") > 0) {
+ $exp = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
+ $onlineip = validate_ip(trim($exp[0])) ? $exp[0] : $onlineip;
+ } else {
+ $onlineip = validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $onlineip;
+ }
}
return $onlineip;
}
+
+function is_https() {
+ if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') {
+ return true;
+ }
+ if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') {
+ return true;
+ }
+ if(isset($_SERVER['HTTP_X_CLIENT_SCHEME']) && strtolower($_SERVER['HTTP_X_CLIENT_SCHEME']) == 'https') {
+ return true;
+ }
+ if(isset($_SERVER['HTTP_FROM_HTTPS']) && strtolower($_SERVER['HTTP_FROM_HTTPS']) != 'off') {
+ return true;
+ }
+ if(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
+ return true;
+ }
+ return false;
+}
function timezone_set($timeoffset = 8) {
if(function_exists('date_default_timezone_set')) {
@date_default_timezone_set('Etc/GMT'.($timeoffset > 0 ? '-' : '+').(abs($timeoffset)));
diff --git a/install/index.php b/install/index.php
index e28c3b1..e714298 100644
--- a/install/index.php
+++ b/install/index.php
@@ -55,14 +55,10 @@ if(file_exists($lockfile) && $method != 'ext_info') {
timezone_set();
-
-
if(in_array($method, array('ext_info'))) {
- $isHTTPS = ($_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;
+ $isHTTPS = is_https();
$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
- $sitepath = substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'));
- $sitepath=preg_replace('/install$/i','',$sitepath);
- $bbserver = 'http'.($isHTTPS ? 's' : '').'://'.preg_replace("/\:\d+/", '', $_SERVER['HTTP_HOST']).($_SERVER['SERVER_PORT'] && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':'.$_SERVER['SERVER_PORT'] : '').($sitepath);
+ $bbserver = 'http'.($isHTTPS ? 's' : '').'://'.$_SERVER['HTTP_HOST'];
}
if($method == 'show_license') {
diff --git a/user/login/logging/login.php b/user/login/logging/login.php
index c39fabf..8af4a60 100644
--- a/user/login/logging/login.php
+++ b/user/login/logging/login.php
@@ -36,26 +36,26 @@ if ($_G['setting']['loginset']['template'] == 4){
$orgids=array('1','2','3');
if(isset($_GET['loginsubmit'])) {//是否提交
if(in_array($_GET['uid'],$orgids)){
- if(C::t('user')->fetch_by_uid($_GET['uid'])){
- $result = getuserbyuid($_GET['uid'], 1);
- if($result['status']>0){
- //写入日志
- writelog('loginlog', '尝试免密登录失败,此用户已停用');
- showmessage('此用户已停用,请联系管理员');
- }
- //设置登录
- setloginstatus($result, $_GET['cookietime'] ? 2592000 : 0);
+ if(C::t('user')->fetch_by_uid($_GET['uid'])){
+ $result = getuserbyuid($_GET['uid'], 1);
+ if($result['status']>0){
+ //写入日志
+ writelog('loginlog', '尝试免密登录失败,此用户已停用');
+ showmessage('此用户已停用,请联系管理员');
+ }
+ //设置登录
+ setloginstatus($result, $_GET['cookietime'] ? 2592000 : 0);
- if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
+ if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
- dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
- }
+ dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
+ }
- //记录登录
- C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
- writelog('loginlog', '免密登录成功');
- showmessage('登录成功',dreferer());
- exit();
+ //记录登录
+ C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
+ writelog('loginlog', '免密登录成功');
+ showmessage('登录成功',dreferer());
+ exit();
}else{
$errorlog="uid:".$_GET['uid'].",尝试免密登录失败,此账号不存在";
writelog('loginlog', $errorlog);