v2.8.5

Author: icret

admin/admin.inc.php

@@ -250,7 +250,7 @@
 auto_delete(); //定时删除
 ?>
 <div class="row">
-    <?php echo $config['set_notice']; ?>
+    <?php if (!empty($config['set_notice'])) echo $config['set_notice']; ?>
     <div class="col-md-2 col-xs-4">
         <ul class="nav nav-tabs nav-stacked">
             <li><a data-tab href="#Content1">网站设置</a></li>
@@ -530,8 +530,8 @@
                     </form>
                 </div>
                 <div class="col-md-3">
-                    <h5 class="header-dividing">缩略图缓存 <small><?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '个 | 占 ' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
-                    <button type="button" class="btn btn-primary" onclick="ajax_post('cache/','delDir')"><i class="icon icon-trash"> 清理缓存</i></button>
+                    <h5 class="header-dividing">缩略图缓存</h5>
+                    <button type="button" class="btn btn-primary" onclick="ajax_post('cache/','delDir')"><i class="icon icon-trash"> <small><?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . ' | ' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></i></button>
                 </div>
                 <div class="col-md-1">
                     <h5 class="header-dividing" data-toggle="tooltip" title="如果开启OPcache 点击重置缓存">OPcache</h5>
@@ -571,10 +571,6 @@
                     </div>
                     <div class="col-md-12">
                         <div class="col-md-6">
-                            <div class="form-group">
-                                <label for="report" data-toggle="tooltip" title="举报地址支持Zoho表单、金数据、表单大师等<br/>(推荐ZOHO)留空则不显示">举报地址 <a href="https://store.zoho.com.cn/referral.do?servicename=ZohoForms&category=ZohoForms&ref=52f8a4e98a7a7d4c2475713784605af0dc842f6cc9732dd77f37b87f2959149e212e550f50a869f70360f15b80a4abc6" target="_blank"><i class="icon icon-external-link"></i></a></label>
-                                <input type="text" class="form-control" id="report" name="report" value="<?php echo $config['report']; ?>" placeholder="可以是网址或邮箱地址" onkeyup="this.value=this.value.replace(/\s/g,'')">
-                            </div>
                             <div class="form-group">
                                 <div class="switch switch-inline">
                                     <input type="hidden" name="static_cdn" value="0">
@@ -584,18 +580,36 @@
                                 <input type="url" class="form-control" name="static_cdn_url" value="<?php echo $config['static_cdn_url']; ?>" onkeyup="this.value=this.value.replace(/\s/g,'')" data-toggle="tooltip" title="jsdelivr可在后边添加版本号 例:@2.5.6">
                             </div>
                         </div>
+                        <div class="col-md-6">
+                            <div class="form-group">
+                                <label for="report" data-toggle="tooltip" title="举报地址支持Zoho表单、金数据、表单大师等<br/>(推荐ZOHO)留空则不显示">举报地址 <a href="https://store.zoho.com.cn/referral.do?servicename=ZohoForms&category=ZohoForms&ref=52f8a4e98a7a7d4c2475713784605af0dc842f6cc9732dd77f37b87f2959149e212e550f50a869f70360f15b80a4abc6" target="_blank"><i class="icon icon-external-link"></i></a></label>
+                                <input type="text" class="form-control" id="report" name="report" value="<?php echo $config['report']; ?>" placeholder="可以是网址或邮箱地址" onkeyup="this.value=this.value.replace(/\s/g,'')">
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-md-12">
                         <div class="col-md-6">
                             <div class="form-group">
                                 <div class="switch switch-inline">
                                     <input type="hidden" name="check_ip" value="0">
                                     <input type="checkbox" name="check_ip" value="1" <?php if ($config['check_ip']) echo 'checked="checked"'; ?>>
                                     <label style="font-weight: bold">黑/白IP名单上传</label>
                                 </div>
-                                <textarea class="form-control" rows="4" name="check_ip_list" data-toggle="tooltip" title="每个IP以英文,结尾 支持IP段 例:123.23.23.44,193.134.*.*" placeholder=" 每个IP以英文,结尾 支持IP段 例:192.168.1.13,123.23.23.44,193.134.*.*" onkeyup="this.value=this.value.replace(/\s/g,'')"><?php echo $config['check_ip_list']; ?></textarea>
+                                <textarea class="form-control" rows="4" name="check_ip_list" data-toggle="tooltip" title="每个IP以英文,结尾 支持IP段 例:123.23.23.44,193.134.*.*" placeholder="每个IP以英文,结尾 支持IP段 例:192.168.1.13,123.23.23.44,193.134.*.*" onkeyup="this.value=this.value.replace(/\s/g,'')"><?php echo $config['check_ip_list']; ?></textarea>
                                 <label class="radio-inline"><input type="radio" name="check_ip_model" value="0" <?php if ($config['check_ip_model'] == 0) echo 'checked'; ?>> 黑名单模式</label>
                                 <label class="radio-inline"><input type="radio" name="check_ip_model" value="1" <?php if ($config['check_ip_model'] == 1) echo 'checked'; ?>> 白名单模式</label>
                             </div>
                         </div>
+                        <div class="col-md-6">
+                            <div class="form-group">
+                                <div class="switch switch-inline">
+                                    <input type="hidden" name="md5_black" value="0">
+                                    <input type="checkbox" name="md5_black" value="1" <?php if ($config['md5_black']) echo 'checked="checked"'; ?>>
+                                    <label style="font-weight: bold">通过文件MD5禁止上传</label>
+                                </div>
+                                <textarea class="form-control" rows="4" name="md5_blacklist" data-toggle="tooltip" title="上传前后文件md5均可匹配<br/>不区分大小写, 直接输入即可匹配" placeholder="上传前后文件md5均可匹配, 不区分大小写, 直接输入即可匹配" onkeyup="this.value=this.value.replace(/\s/g,'')"><?php echo $config['md5_blacklist']; ?></textarea>
+                            </div>
+                        </div>
                     </div>
                     <div class="col-md-12">
                         <h5 class="header-dividing">高级设置 <?php if ($config['domain'] == $config['imgurl']) echo '<small> 网站域名与图片域名相同,锁定隐藏' . $config['path'] . '目录开关</small>'; ?></h5>
@@ -680,7 +694,7 @@
                             <div class="switch switch-inline" data-toggle="tooltip" title="关闭后将不能进入后台设置<br/>再次开启需修改config.php: <code>'show_admin_inc'=>1,</code>">
                                 <input type="hidden" name="show_admin_inc" value="0">
                                 <input type="checkbox" name="show_admin_inc" value="1" <?php if ($config['show_admin_inc']) echo 'checked="checked"'; ?>>
-                                <label style="font-weight: bold">后台设置</label>
+                                <label style="font-weight: bold">关闭设置</label>
                             </div>
                         </div>
                         <div class="col-md-2">
@@ -900,6 +914,8 @@
                 <h5>我的信息</h5>
                 <hr />
                 <p class="text-ellipsis">IP: <?php echo real_ip() . ip2region(real_ip()); ?></p>
+
+                <p class="text-ellipsis">配置文件更新日期：<?php echo date('Y-m-d H:i:s', filemtime($config_file)); ?></p>
                 <p class="text-ellipsis">Browser: <?php echo $_SERVER['HTTP_USER_AGENT']; ?></p>
                 <h5>图床信息</h5>
                 <hr />
@@ -922,7 +938,7 @@
                     <a href="https://www.openzui.com/" target="_blank"><span class="label label-badge label-primary" data-toggle="tooltip" title="前端框架">ZUI</span></a>
                     <a href="https://github.com/verot/class.upload.php" target="_blank"><span class="label label-badge label-primary" data-toggle="tooltip" title="图像处理类">Verot</span></a>
                     <a href="https://tinyfilemanager.github.io/" target="_blank"><span class="label label-badge label-primary" data-toggle="tooltip" title="文件管理">Tinyfilemanager</span></a>
-                    <a href="https://github.com/rehiy/web-indexr" target="_blank"><span class="label label-badge label-primary" data-toggle="tooltip" title="文件管理">Web-indexr</span></a>
+                    <a href="#"><span class="label label-badge label-primary" data-toggle="tooltip" title="文件管理">Web-indexr</span></a>
                     <a href="#Ip2Region" data-toggle="collapse" target="_blank"><span class="label label-badge label-primary" data-toggle="tooltip" title="IP地址数据库">Ip2Region<i class="icon icon-angle-down"></i></span></a>
                     <?php if (empty($config['TinyPng_key'])) : ?>
                         <span class="label label-badge label-warning" data-toggle="tooltip" title="压缩图片 TinyPng<br/>未填写">TinyPng</span>

admin/version.php

@@ -1 +1 @@
-2.8.4
+2.8.5

api/index.php

@@ -163,7 +163,7 @@
         // 上传错误 code:206 客户端文件有问题
         $reJson = array(
             "result"  => "failed",
-            "code"    => 206,
+            "code"    => 400,
             "srcName" => $handle->file_src_name_body, // 2023-04-03 原始上传文件名称
             "id"      => $tokenID, // 2023-04-03 增加 Token ID
             "message" => $handle->error,

app/base.php

@@ -33,6 +33,6 @@
 // 判断当前系统是否为windows
 define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0);
 // 定义程序版本
-define('APP_VERSION', '2.8.4');
+define('APP_VERSION', '2.8.5');
 
 /*---------------基础配置结束-------------------*/

app/del.php

@@ -41,7 +41,7 @@
             ), JSON_UNESCAPED_UNICODE));
         } else {
             exit(json_encode(array(
-                'code' => 200,
+                'code' => 404,
                 'msg'  => '文件不存在',
                 'type' => 'danger',
                 'icon' => 'exclamation-sign',
@@ -64,7 +64,7 @@
         ), JSON_UNESCAPED_UNICODE));
     }
     exit(json_encode(array(
-        'code' => 200,
+        'code' => 404,
         'msg'  => '删除失败',
         'type' => 'danger',
         'icon' => 'exclamation-sign',
@@ -115,7 +115,7 @@
         ), JSON_UNESCAPED_UNICODE));
     } else {
         exit(json_encode(array(
-            'code' => 200,
+            'code' => 404,
             'msg'  => '删除失败',
             'type' => 'danger',
             'icon' => 'exclamation-sign',
@@ -139,7 +139,7 @@
         ), JSON_UNESCAPED_UNICODE));
     } else {
         exit(json_encode(array(
-            'code' => 200,
+            'code' => 404,
             'msg'  => '回收失败',
             'type' => 'danger',
             'icon' => 'exclamation-sign',

app/upload.php

@@ -53,7 +53,7 @@
         exit(json_encode(
             array(
                 "result"  => "failed",
-                "code"    => 403,
+                "code"    => 205,
                 "message" => "你不能上传任何文件",
             ),
             JSON_UNESCAPED_UNICODE
@@ -67,7 +67,7 @@
         exit(json_encode(
             array(
                 "result"  => "failed",
-                "code"    => 403,
+                "code"    => 202,
                 "message" => sprintf("游客限制每日上传 %d 张", $config['ip_upload_counts']),
             ),
             JSON_UNESCAPED_UNICODE
@@ -97,7 +97,7 @@
             exit(json_encode(
                 array(
                     "result"  => "failed",
-                    "code"    => 205,
+                    "code"    => 406,
                     "message" => "请勿上传非法文件",
                 ),
                 JSON_UNESCAPED_UNICODE
@@ -166,6 +166,22 @@
 
     // 图片完整相对路径:/i/2021/05/03/k88e7p.jpg
     if ($handle->processed) {
+        // 黑名单文件 - 通过MD5检测
+        if ($config['md5_black']) {
+            $befor_upload_file_md5 = md5_file($handle->file_src_pathname);
+            $after_upload_file_md5 = md5_file($handle->file_dst_pathname);
+            if (stristr($config['md5_blacklist'], $befor_upload_file_md5) || stristr($config['md5_blacklist'], $after_upload_file_md5)) {
+                if (file_exists($handle->file_dst_pathname)) unlink($handle->file_dst_pathname);
+                exit(json_encode(
+                    array(
+                        "result"  => "failed",
+                        "code"    => 205,
+                        "message" => "当前文件禁止上传",
+                    ),
+                    JSON_UNESCAPED_UNICODE
+                ));
+            }
+        }
         // 图片相对路径
         $pathIMG = $Img_path . $handle->file_dst_name;
         // 图片访问网址
@@ -217,10 +233,10 @@
         );
         echo json_encode($reJson, JSON_UNESCAPED_UNICODE);
         $handle->clean(); // 如果取消上传生成缩略图需要恢复此选项功能
-    } else { // 上传错误 code:206 客户端文件有问题
+    } else { // 上传错误 code:400 客户端文件有问题
         $reJson = array(
             "result"  =>  "failed",
-            "code"    =>  206,
+            "code"    =>  400,
             "message" =>  $handle->error,
             "memory"  => getDistUsed(memory_get_peak_usage()), // 占用内存 2023-02-12
             // 'log' => $handle->log, // 仅用作调试用

config/config.php

@@ -1,3 +1,4 @@
+返回状态可以参考 [常见状态代码](./常见状态代码.md)
 - 上传成功后返回JSON
 
 ```json

docs/API.md

@@ -22,6 +22,7 @@
 * [图床更新升级](./图床更新升级.md)
 * [更改域名/服务器](./更改域名-服务器.md)
 * [常见问题与环境要求](./常见问题.md)
+* [常见状态代码](./常见状态代码.md)
 * [打赏开发者](./打赏开发者.md)
 * [更新日志](./update.md)
 * [许可证](./许可证.md)

docs/_sidebar.md

@@ -1,3 +1,8 @@
+* 2024-03-04 v2.8.5
+- 返回状态统一
+- 增加返回状态文档解释
+- 增加通过文件md5禁止上传
+
 * 2024-01-20 v2.8.4
 - Fix [#163](https://github.com/icret/EasyImages2.0/pull/163)
 - Fix [#159](https://github.com/icret/EasyImages2.0/pull/159)

docs/update.md

@@ -0,0 +1,23 @@
+#### 上传状态代码
+- 200 - 上传成功
+- 202 - 超出游客上传限制
+- 204 - 没有选择上传的文件
+- 205 - 黑名单内或白名单外用户不允许上传
+- 400 - 代码或上传文件有问题
+- 401 - 已开启登陆上传且尚未登陆
+- 403 - 上传签名错误
+- 406 - 非法文件
+
+#### 删除状态代码
+- 200 - 删除成功
+- 404 - 文件不存在
+
+#### 登录状态代码
+- 201 - cookie不存在
+- 202 - 无法读取cookie
+- 203 - 密码错误
+- 204 - 管理员已登录
+- 205 - 普通用户已登录
+- 206 - 普通用户账号过期
+
+<!-- https://mp.weixin.qq.com/s?__biz=MzI3NDc4NTQ0Nw==&mid=2247495035&idx=2&sn=05d56806e9dd42774d2982e8e28f7146&chksm=eb0c18b3dc7b91a575f49b72efb32e0921efd831571b1f06e011faba3cea72eac4f83407971b&scene=27 -->