diff --git a/_db/dbstructure_v1.6.sql b/_db/dbstructure_v1.6.sql index 3b32b213..10c07ec4 100644 --- a/_db/dbstructure_v1.6.sql +++ b/_db/dbstructure_v1.6.sql @@ -2324,4 +2324,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2021-02-01 20:09:25 +-- Dump completed on 2021-02-03 18:34:39 diff --git a/include/bittorrent.php b/include/bittorrent.php index d3838022..02b9690d 100644 --- a/include/bittorrent.php +++ b/include/bittorrent.php @@ -13,5 +13,3 @@ $rootpath .= "/"; require $rootpath . 'include/functions.php'; require $rootpath . 'include/globalfunctions.php'; require $rootpath . 'include/core.php'; - - diff --git a/include/core.php b/include/core.php index 589f794a..9cc7bd0c 100644 --- a/include/core.php +++ b/include/core.php @@ -4,7 +4,8 @@ if(!defined('IN_TRACKER')) { } define('ROOT_PATH', $rootpath); define('VERSION_NUMBER', '1.6.0'); -define('IS_ANNOUNCE', (basename($_SERVER['SCRIPT_FILENAME']) == 'announce.php')); +define('CURRENT_SCRIPT', strstr(basename($_SERVER['SCRIPT_FILENAME']), '.', true)); +define('IS_ANNOUNCE', CURRENT_SCRIPT == 'announce'); if (!empty($_SERVER['HTTP_X_REQUEST_ID'])) { define('REQUEST_ID', $_SERVER['HTTP_X_REQUEST_ID']); } else { @@ -29,6 +30,7 @@ require $rootpath . 'classes/class_cache_redis.php'; require $rootpath . 'include/config.php'; if (!IS_ANNOUNCE) { require $rootpath . get_langfile_path("functions.php"); + checkGuestVisit(); } $Cache = new class_cache_redis(); //Load the caching class $Cache->setLanguageFolderArray(get_langfolder_list()); diff --git a/include/functions.php b/include/functions.php index 8cae2981..1ddd7f2a 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1610,7 +1610,7 @@ function show_image_code () { unset($imagehash); $imagehash = image_code () ; print ("".$lang_functions['row_security_image'].""); - print ("\"CAPTCHA\""); + print ("\"CAPTCHA\""); print ("".$lang_functions['row_security_code'].""); print(""); print(""); @@ -1787,6 +1787,10 @@ function get_user_row($id) } function userlogin() { + static $loginResult; + if (!is_null($loginResult)) { + return $loginResult; + } global $lang_functions; global $Cache; global $SITE_ONLINE, $oldip; @@ -1806,8 +1810,9 @@ function userlogin() { } } - if (empty($_COOKIE["c_secure_pass"]) || empty($_COOKIE["c_secure_uid"]) || empty($_COOKIE["c_secure_login"])) - return; + if (empty($_COOKIE["c_secure_pass"]) || empty($_COOKIE["c_secure_uid"]) || empty($_COOKIE["c_secure_login"])) { + return $loginResult = false; + } if ($_COOKIE["c_secure_login"] == base64("yeah")) { //if (empty($_SESSION["s_secure_uid"]) || empty($_SESSION["s_secure_pass"])) @@ -1815,8 +1820,9 @@ function userlogin() { } $b_id = base64($_COOKIE["c_secure_uid"],false); $id = intval($b_id ?? 0); - if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) - return; + if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) { + return $loginResult = false; + } if ($_COOKIE["c_secure_login"] == base64("yeah")) { @@ -1826,8 +1832,9 @@ function userlogin() { $res = sql_query("SELECT * FROM users WHERE users.id = ".sqlesc($id)." AND users.enabled='yes' AND users.status = 'confirmed' LIMIT 1"); $row = mysql_fetch_array($res); - if (!$row) - return; + if (!$row) { + return $loginResult = false; + } $sec = hash_pad($row["secret"]); @@ -1836,13 +1843,15 @@ function userlogin() { if ($_COOKIE["c_secure_login"] == base64("yeah")) { - if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) - return; + if ($_COOKIE["c_secure_pass"] != md5($row["passhash"].$_SERVER["REMOTE_ADDR"])) { + return $loginResult = false; + } } else { - if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) - return; + if ($_COOKIE["c_secure_pass"] !== md5($row["passhash"])) { + return $loginResult = false; + } } if ($_COOKIE["c_secure_login"] == base64("yeah")) @@ -1861,10 +1870,16 @@ function userlogin() { if (isset($_GET['clearcache']) && $_GET['clearcache'] && get_user_class() >= UC_MODERATOR) { $Cache->setClearCache(1); } - if ($enablesqldebug_tweak == 'yes' && get_user_class() >= $sqldebug_tweak) { + /** + * no need any more, already set in core.php + * @since v1.6 + */ +// if ($enablesqldebug_tweak == 'yes' && get_user_class() >= $sqldebug_tweak) { // error_reporting(E_ALL & ~E_NOTICE); - error_reporting(-1); - } +// error_reporting(-1); +// } + + return $loginResult = true; } function autoclean() { @@ -4404,6 +4419,8 @@ function return_category_image($categoryid, $link="") return $catimg; } +/******************************************** bellow functioons avaliable since v1.6 ***********************************************************/ + function saveSetting($prefix, $nameAndValue) { $prefix = strtolower($prefix); @@ -4428,4 +4445,89 @@ function getFullDirectory($dir) return realpath($dir); } +function checkGuestVisit() +{ + if (userlogin()) { + //already login + return; + } + $setting = get_setting('security'); + //all type: normal, static_page, custom_content, redirect + $guestVisitType = $setting['guest_visit_type'] ?? ''; + if (empty($guestVisitType) || $guestVisitType == 'normal') { + return; + } + if (in_array(CURRENT_SCRIPT, ['login', 'takelogin', 'image']) && canDoLogin()) { + return; + } + + $valueKey = "guest_visit_value_$guestVisitType"; + if (empty($setting[$valueKey])) { + do_log("setting: security.$valueKey empty"); + die(0); + } + $guestVisitValue = $setting[$valueKey]; + if ($guestVisitType == 'static_page') { + $pageFile = ROOT_PATH . 'resources/static-pages/' . $guestVisitValue; + if (!file_exists($pageFile) || !is_readable($pageFile)) { + do_log("pageFile: $pageFile is not exists or readable"); + die(0); + } + $content = file_get_contents($pageFile); + die($content); + } + if ($guestVisitType == 'custom_content') { + $content = format_comment($guestVisitValue); + render('resources/templates/guest-visit-custom-content', ['content' => $content]); + } + if ($guestVisitType == 'redirect') { + header('Location: ' . $guestVisitValue); + die(0); + } + +} + +function render($view, $data, $return = false) +{ + extract($data); + if (!file_exists($view)) { + $view = ROOT_PATH . $view; + } + if (substr($view, -4) !== '.php') { + $view .= ".php"; + } + ob_start(); + ob_implicit_flush(0); + require $view; + $result = ob_get_clean(); + if ($return) { + return $result; + } + die($result); +} + +function canDoLogin() +{ + $setting = get_setting('security'); + if (empty($setting['login_type']) || $setting['login_type'] == 'normal') { + return true; + } + $loginType = $setting['login_type']; + if ($loginType == 'secret') { + if (empty($_REQUEST['secret'])) { + do_log("no secret"); + return false; + } + if ($_REQUEST['secret'] != $setting['login_secret']) { + do_log("invlaid secret: " . $_REQUEST['secret']); + return false; + } + if ($setting['login_secret_deadline'] < date('Y-m-d H:i:s')) { + do_log("secret: {$_REQUEST['secret']} expires(deadline: {$setting['login_secret_deadline']})"); + return false; + } + } + return true; +} + ?> diff --git a/include/globalfunctions.php b/include/globalfunctions.php index 824e2e8e..7c495421 100644 --- a/include/globalfunctions.php +++ b/include/globalfunctions.php @@ -388,7 +388,7 @@ function arr_set(&$array, $key, $value) } -function getSchemaAndHttpHost() +function getSchemeAndHttpHost() { $isHttps = !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) !== 'off'); $protocol = $isHttps ? 'https' : 'http'; @@ -403,7 +403,7 @@ function getSchemaAndHttpHost() function getBaseUrl() { - $url = getSchemaAndHttpHost(); + $url = getSchemeAndHttpHost(); $requestUri = $_SERVER['REQUEST_URI']; $pos = strpos($requestUri, '?'); if ($pos !== false) { diff --git a/lang/chs/lang_settings.php b/lang/chs/lang_settings.php index 5077aa63..6834eea2 100644 --- a/lang/chs/lang_settings.php +++ b/lang/chs/lang_settings.php @@ -689,6 +689,18 @@ $lang_settings = array 'row_guest_visit_value_custom_content' => '自定义内容', 'row_guest_visit_value_redirect' => '指定 URL', 'text_guest_visit_value_static_page' => '位于:resources/static-pages/ 目录下的文件', + 'row_login_type' => '登录方式', + 'text_login_type_normal' => '正常', + 'text_login_type_secret' => '秘密', + 'row_login_secret' => '登录密钥', + 'text_login_secret_current' => '当前密钥', + 'text_login_url_with_secret' => '登录链接', + 'text_login_secret_regenerate_yes' => '重新生成(保存后会更新并延长有效期)', + 'text_login_secret_regenerate_no' => '保持当前(保存后不变)', + 'text_login_secret_lifetime' => '有效期', + 'text_login_secret_lifetime_unit' => '分钟', + 'row_login_secret_lifetime' => '登录密钥有效期', + 'text_login_secret_lifetime_deadline' => '当前密钥有效期至', ); ?> diff --git a/lang/cht/lang_settings.php b/lang/cht/lang_settings.php index 911333b5..fb46d73e 100644 --- a/lang/cht/lang_settings.php +++ b/lang/cht/lang_settings.php @@ -689,6 +689,18 @@ $lang_settings = array 'row_guest_visit_value_custom_content' => '自定義內容', 'row_guest_visit_value_redirect' => '指定 URL', 'text_guest_visit_value_static_page' => '位於:resources/static-pages/ 目錄下的文件', + 'row_login_type' => '登錄方式', + 'text_login_type_normal' => '正常', + 'text_login_type_secret' => '秘密', + 'row_login_secret' => '登錄密鑰', + 'text_login_secret_current' => '當前密鑰', + 'text_login_url_with_secret' => '登錄鏈接', + 'text_login_secret_regenerate_yes' => '重新生成(保存後會更新並延長有效期)', + 'text_login_secret_regenerate_no' => '保持當前(保存後不變)', + 'text_login_secret_lifetime' => '有效期', + 'text_login_secret_lifetime_unit' => '分鐘', + 'row_login_secret_lifetime' => '登錄密鑰有效期', + 'text_login_secret_lifetime_deadline' => '當前密鑰有效期至', ); ?> diff --git a/lang/en/lang_settings.php b/lang/en/lang_settings.php index 996b8d82..becd6e43 100644 --- a/lang/en/lang_settings.php +++ b/lang/en/lang_settings.php @@ -680,15 +680,27 @@ $lang_settings = array 'text_email_notification_note' => "Allow users to receive email notification when he gets new pm, comment, etc.", 'text_users_get' => "Users would get ", 'text_invitations_default' => " invitations the first time he is promoted to this class. Default ", - 'row_guest_visit_type' => "游客访问", - 'text_guest_visit_type_normal' => '正常', - 'text_guest_visit_type_static_page' => '展示指定静态页', - 'text_guest_visit_type_custom_content' => '展示自定义内容', - 'text_guest_visit_type_redirect' => '跳转指定 URL', - 'row_guest_visit_value_static_page' => '指定静态页', - 'row_guest_visit_value_custom_content' => '自定义内容', - 'row_guest_visit_value_redirect' => '指定 URL', - 'text_guest_visit_value_static_page' => '位于:resources/static-pages/ 目录下的文件', + 'row_guest_visit_type' => "Guest visit", + 'text_guest_visit_type_normal' => 'Normal', + 'text_guest_visit_type_static_page' => 'Display a static page', + 'text_guest_visit_type_custom_content' => 'Display custom content', + 'text_guest_visit_type_redirect' => 'Redirect to a URL', + 'row_guest_visit_value_static_page' => 'Specific static page', + 'row_guest_visit_value_custom_content' => 'Custom content', + 'row_guest_visit_value_redirect' => 'Specific URL', + 'text_guest_visit_value_static_page' => 'File locate:resources/static-pages/', + 'row_login_type' => 'Login type', + 'text_login_type_normal' => 'Normal', + 'text_login_type_secret' => 'Secret', + 'row_login_secret' => 'Login secret', + 'text_login_secret_current' => 'Current secret', + 'text_login_url_with_secret' => 'Login URL', + 'text_login_secret_regenerate_yes' => "Re-generate(will update secret and extend it's lifetime after save)", + 'text_login_secret_regenerate_no' => "Remain(won't change secret and it's lifetime after save)", + 'text_login_secret_lifetime' => 'Deadline', + 'text_login_secret_lifetime_unit' => 'minute', + 'row_login_secret_lifetime' => 'Login secret lifetime', + 'text_login_secret_lifetime_deadline' => 'Current login secret deadline', ); ?> diff --git a/nexus/Install/install/install.php b/nexus/Install/install/install.php index a2187a95..61c8cd28 100644 --- a/nexus/Install/install/install.php +++ b/nexus/Install/install/install.php @@ -201,7 +201,7 @@ if ($currentStep == 5) { - 回首页 + 回首页 diff --git a/nexus/Install/update/update.php b/nexus/Install/update/update.php index a1e3c69e..c7344065 100644 --- a/nexus/Install/update/update.php +++ b/nexus/Install/update/update.php @@ -235,7 +235,7 @@ if ($currentStep == 4) { - 回首页 + 回首页 diff --git a/public/login.php b/public/login.php index b05f2326..7fa262ea 100644 --- a/public/login.php +++ b/public/login.php @@ -46,6 +46,7 @@ if (!empty($_GET["returnto"])) { } ?>
+


[]

diff --git a/public/settings.php b/public/settings.php index affea6f3..aaf7c8ff 100644 --- a/public/settings.php +++ b/public/settings.php @@ -159,12 +159,18 @@ elseif ($action == 'savesettings_security') // save security $validConfig = array( 'securelogin', 'securetracker', 'https_announce_url','iv','maxip','maxloginattempts','changeemail','cheaterdet','nodetect', 'guest_visit_type', 'guest_visit_value_static_page', 'guest_visit_value_custom_content', 'guest_visit_value_redirect', + 'login_type', 'login_secret_lifetime', ); GetVar($validConfig); $SECURITY = []; foreach($validConfig as $config) { $SECURITY[$config] = $$config ?? null; } + if ($_POST['login_secret_regenerate'] == 'yes') { + $minute = intval($_POST['login_secret_lifetime']); + $SECURITY['login_secret_deadline'] = date('Y-m-d H:i:s', strtotime("+ $minute minutes")); + $SECURITY['login_secret'] = md5(microtime(true)); + } saveSetting('security', $SECURITY); $actiontime = date("F j, Y, g:i a"); write_log("Tracker SECURITY settings updated by $CURUSER[username]. $actiontime",'mod'); @@ -298,7 +304,7 @@ elseif ($action == 'securitysettings') //security settings tr($lang_settings['row_max_ips']," ".$lang_settings['text_max_ips_note'], 1); tr($lang_settings['row_max_login_attemps']," ".$lang_settings['text_max_login_attemps_note'], 1); - $guestVisitTypeRadio = ''; + $guestVisitTypeRadio = ''; $guestVisitTypeRadio .= '
'; $guestVisitTypeRadio .= '
'; $guestVisitTypeRadio .= '
'; @@ -320,8 +326,27 @@ elseif ($action == 'securitysettings') //security settings print ''; $input = sprintf('', $SECURITY['guest_visit_value_redirect'] ?? ''); tr($lang_settings['row_guest_visit_value_redirect'], $input, 1); - print ''; + print ''; + $loginTypeRadio = ''; + $loginTypeRadio .= ''; + tr($lang_settings['row_login_type'], $loginTypeRadio, 1); + + print ''; + $loginSecret = sprintf('%s:%s', $lang_settings['text_login_secret_current'], $SECURITY['login_secret'] ?? ''); + if (!empty($SECURITY['login_secret'])) { + $loginSecret .= sprintf('
%s: %s/login.php?secret=%s', $lang_settings['text_login_url_with_secret'], getSchemeAndHttpHost(), $SECURITY['login_secret']); + } + $loginSecret .= sprintf('
', !empty($SECURITY['login_secret']) ? ' checked' : '', $lang_settings['text_login_secret_regenerate_no']); + $loginSecret .= sprintf('
', empty($SECURITY['login_secret']) ? ' checked' : '', $lang_settings['text_login_secret_regenerate_yes']); + tr($lang_settings['row_login_secret'], $loginSecret, 1); + + $loginSecretLifetime = sprintf('%s', $SECURITY['login_secret_lifetime'], $lang_settings['text_login_secret_lifetime_unit']); + if (!empty($SECURITY['login_secret_lifetime'])) { + $loginSecretLifetime .= sprintf('%s: %s', $lang_settings['text_login_secret_lifetime_deadline'], $SECURITY['login_secret_deadline']); + } + tr($lang_settings['row_login_secret_lifetime'], $loginSecretLifetime, 1); + print ''; tr($lang_settings['row_save_settings'],"", 1); print (""); diff --git a/resources/static-pages/beian-aliyun2.html b/resources/static-pages/beian-aliyun2.html deleted file mode 100644 index a23ef687..00000000 --- a/resources/static-pages/beian-aliyun2.html +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - - 阿里云备案阻断页 - - - - - - - - - - - - - - - -
- -
- -
-
-
-
- - -
- - - - \ No newline at end of file diff --git a/resources/templates/guest-visit-custom-content.php b/resources/templates/guest-visit-custom-content.php new file mode 100644 index 00000000..34bf22aa --- /dev/null +++ b/resources/templates/guest-visit-custom-content.php @@ -0,0 +1,14 @@ + + + + + Hello World! + + +
+
+ +
+
+ + \ No newline at end of file