2.7.7 dev

icret · icret · commit f311863c7329 · 2023-03-05T11:06:06.000+08:00
diff --git a/admin/admin.inc.php b/admin/admin.inc.php
@@ -566,18 +566,22 @@
         </div>
         <div class="tab-pane fade" id="Content6">
             <div class="col-md-12">
-                <div class="col-md-5">
+                <div class="col-md-4">
                     <h5 class="header-dividing">上传日志 <small>需要开启上传日志</small></h5>
                     <form class="form-inline" action="../application/viewlog.php" method="post" target="_blank">
                         <div class="form-group">
-                            <label for="logDate" class="text-primary">选择月份: </label>
+                            <label for="logDate" class="text-primary">月份: </label>
                             <input type="text" class="form-control logDate" id="logDate" name="logDate" value="<?php echo date('Y-m'); ?>" required="required" readonly>
-                            <input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('YMDH')); ?>" placeholder="日志访问秘钥">
+                            <input type="hidden" class="form-control" name="pass" value="<?php echo md5($config['password'] . date('ymdh')); ?>" placeholder="日志访问秘钥">
                         </div>
-                        <button type="submit" class="btn btn-primary">查看日志</button>
+                        <button type="submit" class="btn btn-primary">查看</button>
                     </form>
                 </div>
-                <div class="form-group col-md-3">
+                <div class="col-md-2">
+                    <h5 class="header-dividing">登录日志 <small>仅显示当月</small></h5>
+                    <button type="button" class="btn btn-primary" data-toggle="modal" data-title="登录日志 - 仅显示当月" data-icon="book" data-moveable="true" data-width="60%" data-type="ajax" data-url="../application/viewlog.php?login_log&pass=<?php echo md5($config['password'] . date('ymdh')); ?>">查看</button>
+                </div>
+                <div class="col-md-3">
                     <h5 class="header-dividing" data-toggle="tooltip" title="仅限存储分类路径为 Y/m/d/ 格式<br/>且每天需要访问一次后台才执行<br/>先重命名要删除文件夹作为备份<br/>超过定时日期的2倍后再彻底删除重命名的文件夹<br/>超过定时日期前和开启分离的文件夹不删除">定时删除 <small>数值为<code>0</code>时关闭</small></h5>
                     <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
                         <div class="input-group">
@@ -588,8 +592,8 @@
                         <input type="hidden" class="form-control" name="update" value="<?php echo date("Y-m-d H:i:s"); ?>" placeholder="隐藏的保存">
                     </form>
                 </div>
-                <div class="col-md-4">
-                    <h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '文件 | 占用' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
+                <div class="col-md-3">
+                    <h5 class="header-dividing">清理缓存 <small>已缓存: <?php echo getFileNumber(APP_ROOT . $config['path'] . 'cache/') . '个 | 占用 ' . getDistUsed(getDirectorySize(APP_ROOT . $config['path'] . 'cache/')); ?></small></h5>
                     <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
                         <button type="submit" class="btn btn-success" name="delDir" value="cache/" onClick="return confirm('确认要清理缓存？\n* 删除文件夹后将无法恢复! ');"><i class="icon icon-trash"> 清理缓存</i></button>
                     </form>
@@ -1131,7 +1135,7 @@
                             <li>直接输入账号和密码即可完成修改</li>
                             <li>更改后会立即生效并重新登录,请务必牢记账号和密码! </li>
                             <li>如果忘记账号可以打开-><code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'user'=><strong>admin</strong>'">user</code>对应的键值->填入</li>
-                            <li>如果忘记密码请将密码->转换成MD5小写-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
+                            <li>如果忘记密码请将密码->转换成SHA256-><a href="<?php echo $config['domain'] . '/application/reset_password.php'; ?>" target="_blank" class="text-purple">转换网址</a>->打开<code>/config/config.php</code>文件->找到<code data-toggle="tooltip" title="'password'=>'<strong>e6e0612609</strong>'">password</code>对应的键值->填入</li>
                         </ul>
                     </div>
                 </div>
@@ -1569,7 +1573,7 @@ function getWord() {
                     width: 0.1
                 },
                 {
-                    label: '密码(md5)',
+                    label: '密码 (SHA256)',
                     name: 'password',
                     html: true,
                     width: 0.2
@@ -1638,7 +1642,7 @@ function getWord() {
 
     /** 引入设置页面检测文件 */
     <?php if ($config['checkEnv']) require_once APP_ROOT . '/application/check_admin.inc.php'; ?>
-    
+
     // 更改网页标题
     document.title = "图床设置 - <?php echo $config['title']; ?>"
 </script>
diff --git a/admin/index.php b/admin/index.php
@@ -90,6 +90,9 @@
         </script>';
         header("refresh:2;");
     }
+
+    // 登录日志
+    write_login_log($_POST['user'], $_POST['password'], $login["messege"]);
 }
 ?>
 <link href="<?php static_cdn(); ?>/public/static/login.css" rel="stylesheet">
@@ -160,8 +163,6 @@
 </form>
 <script src="<?php static_cdn(); ?>/public/static/crypto/SHA256.js"></script>
 <script>
-    console.log(SHA256('admin@123'));
-
     function md5_post() {
         var password = document.getElementById('password');
         var md5pwd = document.getElementById('md5_password');
diff --git a/admin/version.php b/admin/version.php
@@ -1 +1 @@
-2.7.6
+2.7.7
diff --git a/application/check_admin.inc.php b/application/check_admin.inc.php
@@ -151,4 +151,4 @@
             time:7000
         }).show();
     ';
-}
+}
diff --git a/application/function.php b/application/function.php
@@ -1695,3 +1695,17 @@ function auto_delete()
     }
     return false;
 }
+
+function write_login_log($user, $password, $messege)
+{
+    $log_path = APP_ROOT . '/admin/logs/login/';
+    $log_file = $log_path . date('/Y-m-') . 'logs.php';
+
+    /** 创建日志文件夹及文件 */
+    if (!is_dir($log_path)) mkdir($log_path, 0755, true);
+    if (!is_file($log_file)) file_put_contents($log_file, '<?php /** 登录日志 */ exit; ?>' . PHP_EOL, FILE_APPEND | LOCK_EX);
+
+    /** 写入日志 */
+    $log = '时间: ' . date('Y-m-d H:i:s') . ' IP: ' . real_ip() . ' 账号: ' . $user . ' 密码: ' .  $password . ' 消息: ' . $messege;
+    file_put_contents($log_file, $log . PHP_EOL, FILE_APPEND | LOCK_EX);
+}
diff --git a/application/viewlog.php b/application/viewlog.php
@@ -7,13 +7,23 @@
 require_once __DIR__ . '/function.php';
 
 // 非管理员不可访问!
-if (!is_who_login('admin')) {
-    exit;
-}
-
+if (!is_who_login('admin')) exit('Permission denied');
 // 禁止直接访问
-if (empty($_POST['pass']) || $_POST['pass'] !== md5($config['password'] . date('YMDH'))) exit('Permission denied!');
+if (empty($_REQUEST['pass']) || $_REQUEST['pass'] !== md5($config['password'] . date('ymdh'))) exit('Authentication error!');
+
+// 登录日志
+if (isset($_GET['login_log'])) {
+    $file = APP_ROOT . '/admin/logs/login/' . date('/Y-m-') . 'logs.php';
+    echo '<pre class="pre-scrollable" style="background-color: rgba(0, 0, 0, 0);border-color:rgba(0, 0, 0, 0);">';
+    if (is_file($file)) {
+        echo file_get_contents($file);
+    } else {
+        echo '并未生成登录日志,请检查文件权限!';
+    }
+    exit('</pre>');
+}
 
+// 上传日志
 require_once APP_ROOT . '/application/header.php';
 
 if (isset($_POST['logDate'])) {
diff --git a/config/config.php b/config/config.php
diff --git a/docs/update.md b/docs/update.md
diff --git a/i/manag.php b/i/manag.php
