1，加强后台登录验证。

2，修复安装时创建管理员问题。

application/admin/controller/Art.php

@@ -48,7 +48,7 @@ class Art extends Base
         if(!empty($param['repeat'])){
             if($param['page'] ==1){
                 Db::execute('DROP TABLE IF EXISTS '.config('database.prefix').'tmpart');
-                Db::execute('CREATE TABLE IF NOT EXISTS `'.config('database.prefix').'tmpart` as (SELECT min(art_id)as id1,art_name as name1 FROM '.config('database.prefix').'art GROUP BY name1 HAVING COUNT(name1)>1)');
+                Db::execute('CREATE TABLE IF NOT EXISTS `'.config('database.prefix').'tmpart` ENGINE=MyISAM as (SELECT min(art_id)as id1,art_name as name1 FROM '.config('database.prefix').'art GROUP BY name1 HAVING COUNT(name1)>1)');
             }
             $order='art_name asc';
             $res = model('Art')->listRepeatData($where,$order,$param['page'],$param['limit']);

application/admin/controller/Vod.php

@@ -100,7 +100,7 @@ class Vod extends Base
         if(!empty($param['repeat'])){
             if($param['page'] ==1){
                 Db::execute('DROP TABLE IF EXISTS '.config('database.prefix').'tmpvod');
-                Db::execute('CREATE TABLE IF NOT EXISTS `'.config('database.prefix').'tmpvod` as (SELECT min(vod_id) as id1,vod_name as name1 FROM '.config('database.prefix').'vod GROUP BY name1 HAVING COUNT(name1)>1)');
+                Db::execute('CREATE TABLE IF NOT EXISTS `'.config('database.prefix').'tmpvod` ENGINE=MyISAM as (SELECT min(vod_id) as id1,vod_name as name1 FROM '.config('database.prefix').'vod GROUP BY name1 HAVING COUNT(name1)>1)');
             }
             $order='vod_name asc';
             $res = model('Vod')->listRepeatData($where,$order,$param['page'],$param['limit']);

application/common.php

@@ -24,7 +24,7 @@ function slog($logs)
 //foreach($_GET as $k=>$v){ $getData .= $k.'='.$v.'&'; }
 //foreach($_POST as $k=>$v){ $postData .= $k.'='.$v.'&'; }
 //foreach($_COOKIE as $k=>$v){ $cookieData .= $k.'='.$v.'&'; }
-//$log = $_SERVER['PHP_SELF'] . '---get:' .$getData .'---post:' . $postData ;
+//$log = $_SERVER['PHP_SELF'] . '---get:' .$getData .'---post:' . $postData .'---'. json_encode($_POST).'---cookie:' . $cookieData ;
 //slog($log);
 
 

application/common/model/Admin.php

@@ -146,7 +146,7 @@ class Admin extends Base {
 
         cookie('admin_id',$row['admin_id']);
         cookie('admin_name',$row['admin_name']);
-        cookie('admin_check',md5($random .'-'. $row['admin_name'] .'-'.$row['admin_id'] .'-'.request()->ip().'-'.$_SERVER['SERVER_ADDR'] ) );
+        cookie('admin_check',md5($random .'-'. $row['admin_name'] .'-'.$row['admin_id'] .'-'.$_SERVER['SERVER_ADDR'] ) );
 
         return ['code'=>1,'msg'=>'登录成功'];
     }
@@ -166,14 +166,18 @@ class Admin extends Base {
         $admin_name = cookie('admin_name');
         $admin_check = cookie('admin_check');
 
+        $admin_id = htmlspecialchars(urldecode(trim($admin_id)));
+        $admin_name = htmlspecialchars(urldecode(trim($admin_name)));
+        $admin_check = htmlspecialchars(urldecode(trim($admin_check)));
+
         if(empty($admin_id) || empty($admin_name) || empty($admin_check)){
             return ['code'=>1001, 'msg'=>'未登录'];
         }
 
         $where = [];
-        $where['admin_id'] = $admin_id;
-        $where['admin_name'] = $admin_name;
-        $where['admin_status'] =1 ;
+        $where['admin_id'] = ['eq',$admin_id];
+        $where['admin_name'] = ['eq',$admin_name];
+        $where['admin_status'] = ['eq',1] ;
 
         $info = $this->where($where)->find();
         if(empty($info)){
@@ -181,7 +185,7 @@ class Admin extends Base {
         }
         $info = $info->toArray();
 
-        $login_check = md5($info['admin_random'] .'-'. $info['admin_name'] .'-'.$info['admin_id'] .'-'.request()->ip().'-'.$_SERVER['SERVER_ADDR']) ;
+        $login_check = md5($info['admin_random'] .'-'. $info['admin_name'] .'-'.$info['admin_id'] .'-'.$_SERVER['SERVER_ADDR']) ;
         if($login_check != $admin_check){
             return ['code'=>1003,'msg'=>'未登录'];
         }

application/common/model/User.php

@@ -389,39 +389,12 @@ class User extends Base
         cookie('user_name', $row['user_name'],['expire'=>2592000] );
         cookie('group_id', $group['group_id'],['expire'=>2592000] );
         cookie('group_name', $group['group_name'],['expire'=>2592000] );
-        cookie('user_check', md5($random . '-' .$row['user_name'] . '-' . $row['user_id'] .'-'.request()->ip().'-'.$_SERVER['SERVER_ADDR'] ),['expire'=>2592000] );
+        cookie('user_check', md5($random . '-' .$row['user_name'] . '-' . $row['user_id'] .'-'.$_SERVER['SERVER_ADDR'] ),['expire'=>2592000] );
         cookie('user_portrait', mac_get_user_portrait($row['user_id']),['expire'=>2592000] );
 
         return ['code' => 1, 'msg' => '登录成功'];
     }
 
-    public function expire()
-    {
-        $where=[];
-        $where['group_id'] = ['gt',2];
-        $where['user_end_time'] = ['elt',time()];
-
-        $update=[];
-        $update['group_id'] = 2;
-
-        $res = $this->where($where)->update($update);
-        if ($res === false) {
-            return ['code' => 101, 'msg' => '更新会员组过期会员信息失败'];
-        }
-        return ['code' => 1, 'msg' => '更新过期信息成功'];
-    }
-
-    public function logout()
-    {
-        cookie('user_id', null);
-        cookie('user_name', null);
-        cookie('group_id', null);
-        cookie('group_name', null);
-        cookie('user_check', null);
-        cookie('user_portrait', null);
-        return ['code' => 1, 'msg' => '退出成功'];
-    }
-
     public function checkLogin()
     {
         $user_id = cookie('user_id');
@@ -446,7 +419,7 @@ class User extends Base
             return ['code' => 1002, 'msg' => '未登录'];
         }
         $info = $info->toArray();
-        $login_check = md5($info['user_random'] . '-' . $info['user_name']. '-' . $info['user_id'] .'-'.request()->ip().'-'.$_SERVER['SERVER_ADDR'] );
+        $login_check = md5($info['user_random'] . '-' . $info['user_name']. '-' . $info['user_id'] .'-'.$_SERVER['SERVER_ADDR'] );
         if($login_check != $user_check) {
             return ['code' => 1003, 'msg' => '未登录'];
         }
@@ -475,6 +448,33 @@ class User extends Base
         return ['code' => 1, 'msg' => '已登录', 'info' => $info];
     }
 
+    public function expire()
+    {
+        $where=[];
+        $where['group_id'] = ['gt',2];
+        $where['user_end_time'] = ['elt',time()];
+
+        $update=[];
+        $update['group_id'] = 2;
+
+        $res = $this->where($where)->update($update);
+        if ($res === false) {
+            return ['code' => 101, 'msg' => '更新会员组过期会员信息失败'];
+        }
+        return ['code' => 1, 'msg' => '更新过期信息成功'];
+    }
+
+    public function logout()
+    {
+        cookie('user_id', null);
+        cookie('user_name', null);
+        cookie('group_id', null);
+        cookie('group_name', null);
+        cookie('user_check', null);
+        cookie('user_portrait', null);
+        return ['code' => 1, 'msg' => '退出成功'];
+    }
+
     public function resetPwd()
     {
 

application/extra/version.php

@@ -3,7 +3,7 @@ return array (
     'name' => '苹果CMS',
     'copyright' => 'MacCMS.LA',
     'url' => '//www.maccms.la/',
-    'code' => '2020.1000.1036',
+    'code' => '2020.1000.1037',
     'license' => '免费版',
 );
 ?>

application/install/controller/Index.php

@@ -142,7 +142,7 @@ class Index extends Controller
         $password = input('post.password');
         $install_dir = input('post.install_dir');
         $initdata = input('post.initdata');
-
+	 $token = input('post.__token__');
         $config = include APP_PATH.'database.php';
         if (empty($config['hostname']) || empty($config['database']) || empty($config['username'])) {
             return $this->error('请先点击测试数据库连接！');
@@ -219,6 +219,7 @@ class Index extends Controller
             'admin_name' => $account,
             'admin_pwd' => $password,
             'admin_status' =>1,
+            '__token__'=>$token,
         ];
         $res = model('Admin')->saveData($data);
         if (!$res['code']>1) {

application/install/view/index/step3.html

@@ -65,6 +65,7 @@
     </form>
     <form class="layui-form layui-form-pane" action="?step=5" method="post">
         <input type="hidden" name="install_dir" value="{$install_dir}">
+        <input type="hidden" name="__token__" value="{$Request.token}" />
         <fieldset class="layui-elem-field layui-field-title">
             <legend>其他设置</legend>
         </fieldset>