fix: missing redis key prefix & code type & login remember me setting

composer.lock

@@ -69,16 +69,16 @@
         },
         {
             "name": "aws/aws-crt-php",
-            "version": "v1.2.1",
+            "version": "v1.2.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/awslabs/aws-crt-php.git",
-                "reference": "1926277fc71d253dfa820271ac5987bdb193ccf5"
+                "reference": "2f1dc7b7eda080498be96a4a6d683a41583030e9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/awslabs/aws-crt-php/zipball/1926277fc71d253dfa820271ac5987bdb193ccf5",
-                "reference": "1926277fc71d253dfa820271ac5987bdb193ccf5",
+                "url": "https://api.github.com/repos/awslabs/aws-crt-php/zipball/2f1dc7b7eda080498be96a4a6d683a41583030e9",
+                "reference": "2f1dc7b7eda080498be96a4a6d683a41583030e9",
                 "shasum": ""
             },
             "require": {
@@ -117,22 +117,22 @@
             ],
             "support": {
                 "issues": "https://github.com/awslabs/aws-crt-php/issues",
-                "source": "https://github.com/awslabs/aws-crt-php/tree/v1.2.1"
+                "source": "https://github.com/awslabs/aws-crt-php/tree/v1.2.2"
             },
-            "time": "2023-03-24T20:22:19+00:00"
+            "time": "2023-07-20T16:49:55+00:00"
         },
         {
             "name": "aws/aws-sdk-php",
-            "version": "3.276.5",
+            "version": "3.277.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/aws/aws-sdk-php.git",
-                "reference": "bd01bbc5ea4d62a070c7064a386bf0008871c6a5"
+                "reference": "9f36e76a3e1f8c7eba8cacbfa1d5f1257cd04241"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/bd01bbc5ea4d62a070c7064a386bf0008871c6a5",
-                "reference": "bd01bbc5ea4d62a070c7064a386bf0008871c6a5",
+                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/9f36e76a3e1f8c7eba8cacbfa1d5f1257cd04241",
+                "reference": "9f36e76a3e1f8c7eba8cacbfa1d5f1257cd04241",
                 "shasum": ""
             },
             "require": {
@@ -212,9 +212,9 @@
             "support": {
                 "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
                 "issues": "https://github.com/aws/aws-sdk-php/issues",
-                "source": "https://github.com/aws/aws-sdk-php/tree/3.276.5"
+                "source": "https://github.com/aws/aws-sdk-php/tree/3.277.4"
             },
-            "time": "2023-07-25T18:12:23+00:00"
+            "time": "2023-07-28T22:10:53+00:00"
         },
         {
             "name": "bacon/bacon-qr-code",
@@ -4765,16 +4765,16 @@
         },
         {
             "name": "stripe/stripe-php",
-            "version": "v10.18.0",
+            "version": "v10.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/stripe/stripe-php.git",
-                "reference": "c32549e443a619d1b885b99d624568ecae82d6a0"
+                "reference": "9ea3ba13791217bd697e896bb839d905d170cba6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/stripe/stripe-php/zipball/c32549e443a619d1b885b99d624568ecae82d6a0",
-                "reference": "c32549e443a619d1b885b99d624568ecae82d6a0",
+                "url": "https://api.github.com/repos/stripe/stripe-php/zipball/9ea3ba13791217bd697e896bb839d905d170cba6",
+                "reference": "9ea3ba13791217bd697e896bb839d905d170cba6",
                 "shasum": ""
             },
             "require": {
@@ -4820,9 +4820,9 @@
             ],
             "support": {
                 "issues": "https://github.com/stripe/stripe-php/issues",
-                "source": "https://github.com/stripe/stripe-php/tree/v10.18.0"
+                "source": "https://github.com/stripe/stripe-php/tree/v10.19.0"
             },
-            "time": "2023-07-20T16:59:49+00:00"
+            "time": "2023-07-27T23:18:52+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",

resources/views/tabler/auth/login.tpl

@@ -73,7 +73,7 @@
                     code: $('#code').val(),
                     email: $('#email').val(),
                     passwd: $('#passwd').val(),
-                    remember_me: $('#remember_me').val(),
+                    remember_me: $('#remember_me').is(":checked"),
                     {if $public_setting['enable_login_captcha']}
                         {if $public_setting['captcha_provider'] === 'turnstile'}
                             turnstile: $('input[name=cf-turnstile-response]').val(),

src/Command/Cron.php

@@ -78,7 +78,7 @@ EOL;
                 $jobs->sendTelegramDailyJob();
             }
 
-            Setting::where('item', '=', 'last_daily_job_time')->update([
+            Setting::where('item', 'last_daily_job_time')->update([
                 'value' => mktime(
                     Setting::obtain('daily_job_hour'),
                     Setting::obtain('daily_job_minute'),

src/Command/Tool.php

@@ -125,7 +125,7 @@ EOL;
         foreach ($settings as $item) {
             $config[] = $item['item'];
             $item_name = $item['item'];
-            $query = Setting::where('item', '=', $item['item'])->first();
+            $query = Setting::where('item', $item['item'])->first();
 
             if ($query === null) {
                 $new_item = new Setting();

src/Controllers/Admin/Setting/BillingController.php

@@ -83,7 +83,7 @@ final class BillingController extends BaseController
             }
         }
 
-        $gateway = Setting::where('item', '=', 'payment_gateway')->first();
+        $gateway = Setting::where('item', 'payment_gateway')->first();
         $gateway->value = json_encode($gateway_in_use);
 
         if (! $gateway->save()) {
@@ -96,7 +96,7 @@ final class BillingController extends BaseController
         $list = self::$update_field;
 
         foreach ($list as $item) {
-            $setting = Setting::where('item', '=', $item)->first();
+            $setting = Setting::where('item', $item)->first();
 
             if ($setting->type === 'array') {
                 $setting->value = json_encode($request->getParam($item));
@@ -131,7 +131,7 @@ final class BillingController extends BaseController
 
     public function returnActiveGateways()
     {
-        $payment_gateways = Setting::where('item', '=', 'payment_gateway')->first();
+        $payment_gateways = Setting::where('item', 'payment_gateway')->first();
         return json_decode($payment_gateways->value);
     }
 }

src/Controllers/AuthController.php

@@ -59,6 +59,7 @@ final class AuthController extends BaseController
     {
         if (Setting::obtain('enable_login_captcha')) {
             $ret = Captcha::verify($request->getParams());
+
             if (! $ret) {
                 return $response->withJson([
                     'ret' => 0,
@@ -67,11 +68,13 @@ final class AuthController extends BaseController
             }
         }
 
-        $code = $request->getParam('code');
+        $antiXss = new AntiXSS();
+
+        $code = $antiXss->xss_clean($request->getParam('code'));
         $passwd = $request->getParam('passwd');
-        $rememberMe = $request->getParam('remember_me');
-        $email = strtolower(trim($request->getParam('email')));
-        $redir = Cookie::get('redir') ?? '/user';
+        $rememberMe = $request->getParam('remember_me') === 'true' ? 1 : 0;
+        $email = strtolower(trim($antiXss->xss_clean($request->getParam('email'))));
+        $redir = Cookie::get('redir') === '' ? $antiXss->xss_clean(Cookie::get('redir')) : '/user';
 
         $user = User::where('email', $email)->first();
 
@@ -92,7 +95,7 @@ final class AuthController extends BaseController
             ]);
         }
 
-        if ($user->ga_enable === 1) {
+        if ($user->ga_enable) {
             if (strlen($code) !== 6) {
                 // 记录登录失败
                 $user->collectLoginIP($_SERVER['REMOTE_ADDR'], 1);
@@ -117,9 +120,10 @@ final class AuthController extends BaseController
             }
         }
 
-        $time = 3600 * 24;
+        $time = 3600;
+
         if ($rememberMe) {
-            $time = 3600 * 24 * ($_ENV['rememberMeDuration'] ?: 7);
+            $time = 86400 * ($_ENV['rememberMeDuration'] ?: 7);
         }
 
         Auth::login($user->id, $time);
@@ -144,18 +148,16 @@ final class AuthController extends BaseController
             $captcha = Captcha::generate();
         }
 
-        $ary = $request->getQueryParams();
-        $code = '';
-        if (isset($ary['code'])) {
-            $antiXss = new AntiXSS();
-            $code = $antiXss->xss_clean($ary['code']);
-        }
-
-        return $response->write($this->view()
-            ->assign('code', $code)
-            ->assign('base_url', $_ENV['baseUrl'])
-            ->assign('captcha', $captcha)
-            ->fetch('auth/register.tpl'));
+        $antiXss = new AntiXSS();
+        $code = $antiXss->xss_clean($request->getParam('code'));
+
+        return $response->write(
+            $this->view()
+                ->assign('code', $code)
+                ->assign('base_url', $_ENV['baseUrl'])
+                ->assign('captcha', $captcha)
+                ->fetch('auth/register.tpl')
+        );
     }
 
     /**
@@ -413,7 +415,7 @@ final class AuthController extends BaseController
                 return ResponseHelper::error($response, '你的邮箱验证码不正确');
             }
 
-            $redis->del($email_verify_code);
+            $redis->del('email_verify:' . $email_verify_code);
         }
 
         return $this->registerHelper($response, $name, $email, $passwd, $code, $imtype, $imvalue, 0, 0, 0);

src/Controllers/PasswordController.php

@@ -148,7 +148,7 @@ final class PasswordController extends BaseController
             $user->cleanLink();
         }
 
-        $redis->del($token);
+        $redis->del('password_reset:' . $token);
 
         return ResponseHelper::success($response, '重置成功');
     }

src/Controllers/User/InfoController.php

@@ -94,7 +94,7 @@ final class InfoController extends BaseController
                 return ResponseHelper::error($response, '你的邮箱验证码不正确');
             }
 
-            $redis->del($email_verify_code);
+            $redis->del('email_verify:' . $email_verify_code);
         }
 
         $user->email = $new_email;

src/Controllers/UserController.php

@@ -58,9 +58,9 @@ final class UserController extends BaseController
     public function profile(ServerRequest $request, Response $response, array $args): Response|ResponseInterface
     {
         // 登录IP
-        $logins = LoginIp::where('userid', '=', $this->user->id)
+        $logins = LoginIp::where('userid', $this->user->id)
             ->where('type', '=', 0)->orderBy('datetime', 'desc')->take(10)->get();
-        $ips = OnlineLog::where('user_id', '=', $this->user->id)
+        $ips = OnlineLog::where('user_id', $this->user->id)
             ->where('last_time', '>', time() - 90)->orderByDesc('last_time')->get();
 
         foreach ($logins as $login) {
@@ -122,7 +122,7 @@ final class UserController extends BaseController
             $paybacks_sum = 0;
         }
 
-        $invite_url = $_ENV['baseUrl'] . '/auth/register?code=' . $code->code;
+        $invite_url = $_ENV['baseUrl'] . '/auth/register?code=' . $code;
         $rebate_ratio_per = Setting::obtain('rebate_ratio') * 100;
         $payback_count = $paybacks->count();
 

src/Middleware/NodeToken.php

@@ -51,7 +51,8 @@ final class NodeToken implements MiddlewareInterface
 
         if ($_ENV['checkNodeIp']) {
             $ip = $request->getServerParam('REMOTE_ADDR');
-            if ($ip !== '127.0.0.1' && ! Node::where('node_ip', 'LIKE', "{$ip}%")->exists()) {
+
+            if ($ip !== '127.0.0.1' && ! Node::where('node_ip', $ip)->exists()) {
                 return AppFactory::determineResponseFactory()->createResponse(401)->withJson([
                     'ret' => 0,
                     'data' => 'Invalid request IP.',

src/Models/Setting.php

@@ -11,7 +11,7 @@ final class Setting extends Model
 
     public static function obtain($item): bool|int|string
     {
-        $config = self::where('item', '=', $item)->first();
+        $config = self::where('item', $item)->first();
 
         return match ($config->type) {
             'bool' => (bool) $config->value,

src/Models/User.php

@@ -298,13 +298,13 @@ final class User extends Model
     {
         $uid = $this->id;
 
-        DetectBanLog::where('user_id', '=', $uid)->delete();
-        DetectLog::where('user_id', '=', $uid)->delete();
-        InviteCode::where('user_id', '=', $uid)->delete();
-        OnlineLog::where('user_id', '=', $uid)->delete();
-        Link::where('userid', '=', $uid)->delete();
-        LoginIp::where('userid', '=', $uid)->delete();
-        SubscribeLog::where('user_id', '=', $uid)->delete();
+        DetectBanLog::where('user_id', $uid)->delete();
+        DetectLog::where('user_id', $uid)->delete();
+        InviteCode::where('user_id', $uid)->delete();
+        OnlineLog::where('user_id', $uid)->delete();
+        Link::where('userid', $uid)->delete();
+        LoginIp::where('userid', $uid)->delete();
+        SubscribeLog::where('user_id', $uid)->delete();
 
         return $this->delete();
     }

src/Services/Analytics.php

@@ -104,11 +104,11 @@ final class Analytics
 
     public function getInactiveUser()
     {
-        return User::where('is_inactive', '=', 1)->count();
+        return User::where('is_inactive', 1)->count();
     }
 
     public function getActiveUser()
     {
-        return User::where('is_inactive', '=', 0)->count();
+        return User::where('is_inactive', 0)->count();
     }
 }

src/Services/Auth/Cookie.php

@@ -6,7 +6,7 @@ namespace App\Services\Auth;
 
 use App\Models\Node;
 use App\Models\User;
-use App\Utils;
+use App\Utils\Cookie as CookieUtils;
 use App\Utils\Hash;
 use function strval;
 use function time;
@@ -17,11 +17,11 @@ final class Cookie extends Base
     {
         $user = User::find($uid);
         $expire_in = $time + time();
-        $key = Hash::cookieHash($user->pass, $expire_in);
-        Utils\Cookie::set([
+
+        CookieUtils::set([
             'uid' => strval($uid),
             'email' => $user->email,
-            'key' => $key,
+            'key' => Hash::cookieHash($user->pass, $expire_in),
             'ip' => Hash::ipHash($_SERVER['REMOTE_ADDR'], $uid, $expire_in),
             'expire_in' => strval($expire_in),
         ], $expire_in);
@@ -29,11 +29,11 @@ final class Cookie extends Base
 
     public function getUser(): User
     {
-        $uid = Utils\Cookie::get('uid');
-        $email = Utils\Cookie::get('email');
-        $key = Utils\Cookie::get('key');
-        $ipHash = Utils\Cookie::get('ip');
-        $expire_in = Utils\Cookie::get('expire_in');
+        $uid = CookieUtils::get('uid');
+        $email = CookieUtils::get('email');
+        $key = CookieUtils::get('key');
+        $ipHash = CookieUtils::get('ip');
+        $expire_in = CookieUtils::get('expire_in');
 
         $user = new User();
         $user->isLogin = false;
@@ -47,13 +47,15 @@ final class Cookie extends Base
         }
 
         if ($_ENV['enable_login_bind_ip']) {
-            $nodes = Node::where('node_ip', '=', $_SERVER['REMOTE_ADDR'])->first();
+            $nodes = Node::where('node_ip', $_SERVER['REMOTE_ADDR'])->first();
+
             if (($nodes === null) && $ipHash !== Hash::ipHash($_SERVER['REMOTE_ADDR'], $uid, $expire_in)) {
                 return $user;
             }
         }
 
         $user = User::find($uid);
+
         if ($user === null) {
             $user = new User();
             $user->isLogin = false;
@@ -72,16 +74,20 @@ final class Cookie extends Base
         }
 
         $user->isLogin = true;
+
         return $user;
     }
 
     public function logout(): void
     {
         $time = time() - 1000;
-        Utils\Cookie::set([
+
+        CookieUtils::set([
             'uid' => '',
             'email' => '',
             'key' => '',
+            'ip' => '',
+            'expire_in' => '',
         ], $time);
     }
 }

src/Services/CronDetect.php

@@ -27,8 +27,8 @@ final class CronDetect
      */
     public static function gfw(): void
     {
-        $nodes = Node::where('type', '=', 1)->where('node_ip', '!=', '')->where('online', '=', 1)->get();
-        $adminUser = User::where('is_admin', '=', '1')->get();
+        $nodes = Node::where('type', 1)->where('node_ip', '!=', '')->where('online', 1)->get();
+        $adminUser = User::where('is_admin', '1')->get();
 
         foreach ($nodes as $node) {
             $api_url = str_replace(

src/Services/CronJob.php

@@ -79,22 +79,22 @@ final class CronJob
         $login_days = Setting::obtain('detect_inactive_user_login_days');
         $use_days = Setting::obtain('detect_inactive_user_use_days');
 
-        User::where('is_admin', '=', '0')
-            ->where('is_inactive', '=', '0')
+        User::where('is_admin', 0)
+            ->where('is_inactive', 0)
             ->where('last_check_in_time', '<', time() - 86400 * $checkin_days)
             ->where('last_login_time', '<', time() - 86400 * $login_days)
             ->where('last_use_time', '<', time() - 86400 * $use_days)
             ->update(['is_inactive' => 1]);
 
-        User::where('is_admin', '=', '0')
-            ->where('is_inactive', '=', '1')
+        User::where('is_admin', 0)
+            ->where('is_inactive', 1)
             ->where('last_check_in_time', '>', time() - 86400 * $checkin_days)
             ->where('last_login_time', '>', time() - 86400 * $login_days)
             ->where('last_use_time', '>', time() - 86400 * $use_days)
             ->update(['is_inactive' => 0]);
 
         echo Tools::toDateTime(time()) .
-            ' 检测到 ' . User::where('is_inactive', '=', '1')->count() . ' 个账户处于闲置状态' . PHP_EOL;
+            ' 检测到 ' . User::where('is_inactive', 1)->count() . ' 个账户处于闲置状态' . PHP_EOL;
     }
 
     /**
@@ -103,7 +103,7 @@ final class CronJob
     public static function detectNodeOffline(): void
     {
         $nodes = Node::where('type', 1)->get();
-        $adminUsers = User::where('is_admin', '=', '1')->get();
+        $adminUsers = User::where('is_admin', 1)->get();
 
         foreach ($nodes as $node) {
             if ($node->getNodeOnlineStatus() >= 0 && $node->online === 1) {

src/Services/Gateway/AbstractPayment.php

@@ -114,7 +114,7 @@ abstract class AbstractPayment
 
     protected static function getActiveGateway($key): bool
     {
-        $payment_gateways = Setting::where('item', '=', 'payment_gateway')->first();
+        $payment_gateways = Setting::where('item', 'payment_gateway')->first();
         $active_gateways = json_decode($payment_gateways->value);
         if (in_array($key, $active_gateways)) {
             return true;

src/Utils/Telegram.php

@@ -160,7 +160,7 @@ final class Telegram
             return 0;
         }
 
-        $redis->del($token);
+        $redis->del('telegram_bind:' . $token);
 
         return (int) $uid;
     }

src/Utils/Telegram/Callback.php

@@ -407,7 +407,7 @@ final class Callback
         switch ($OpEnd) {
             case 'login_log':
                 // 登录记录
-                $total = LoginIp::where('userid', '=', $this->User->id)
+                $total = LoginIp::where('userid', $this->User->id)
                     ->where('type', '=', 0)
                     ->orderBy('datetime', 'desc')
                     ->take(10)
@@ -436,7 +436,7 @@ final class Callback
                 break;
             case 'usage_log':
                 // 使用记录
-                $logs = OnlineLog::where('user_id', '=', $this->User->id)
+                $logs = OnlineLog::where('user_id', $this->User->id)
                     ->where('last_time', '>', time() - 90)->orderByDesc('last_time')->get('ip');
                 $text = '<strong>以下是你账户在线 IP 和地理位置：</strong>' . PHP_EOL;
                 $text .= PHP_EOL;