fix #792 邮箱增加黑白名单校验

application/admin/view/system/configuser.html

@@ -55,6 +55,18 @@
                             <input type="radio" name="user[reg_email_sms]" value="1" title="{:lang('open')}" {if condition="$config['user']['reg_email_sms'] eq 1"}checked {/if}>
                         </div>
                     </div>
+                    <div class="layui-form-item">
+                        <label class="layui-form-label">{:lang('admin/system/configuser/email_white_hosts')}：</label>
+                        <div class="layui-input-block">
+                            <textarea name="user[email_white_hosts]" class="layui-textarea" placeholder="{:lang('admin/system/configuser/email_white_hosts_tip')}">{$config['user']['email_white_hosts']}</textarea>
+                        </div>
+                    </div>
+                    <div class="layui-form-item">
+                        <label class="layui-form-label">{:lang('admin/system/configuser/email_black_hosts')}：</label>
+                        <div class="layui-input-block">
+                            <textarea name="user[email_black_hosts]" class="layui-textarea" placeholder="{:lang('admin/system/configuser/email_black_hosts_tip')}">{$config['user']['email_black_hosts']}</textarea>
+                        </div>
+                    </div>
 
                     <div class="layui-form-item">
                         <label class="layui-form-label">{:lang('admin/system/configuser/reg_verify')}：</label>

application/common/model/User.php

@@ -1,7 +1,9 @@
 <?php
 namespace app\common\model;
+
 use think\Db;
 use think\View;
+use app\common\validate\User as UserValidate;
 
 class User extends Base
 {
@@ -190,7 +192,7 @@ class User extends Base
                 $param['type'] = 3;
                 $res = $this->check_msg($param);
                 if($res['code'] >1){
-                    return ['code'=>$res['code'],'msg'=>$res['msg']];
+                    return $res;
                 }
                 $fields['user_phone'] = $param['to'];
 
@@ -209,7 +211,7 @@ class User extends Base
                 $param['type'] = 3;
                 $res = $this->check_msg($param);
                 if($res['code'] >1){
-                    return ['code'=>$res['code'],'msg'=>$res['msg']];
+                    return $res;
                 }
                 $fields['user_email'] = $param['to'];
 
@@ -604,6 +606,13 @@ class User extends Base
         if(!in_array($param['ac'],['email','phone']) || empty($param['to']) || empty($param['code']) || empty($param['type'])){
             return ['code'=>9001,'msg'=>lang('param_err')];
         }
+        // https://github.com/magicblack/maccms10/issues/792 邮箱增加黑白名单校验
+        if ($param['ac'] == 'email' && in_array($param['type'], [1, 3])) {
+            $result = UserValidate::validateEmail($param['to']);
+            if ($result['code'] > 1) {
+                return $result;
+            }
+        }
         //msg_type  1绑定2找回3注册
         $stime = strtotime('-5 min');
         if($param['ac']=='email' && intval($GLOBALS['config']['email']['time'])>0){
@@ -627,16 +636,21 @@ class User extends Base
         $param['to'] = htmlspecialchars(urldecode(trim($param['to'])));
         $param['code'] = htmlspecialchars(urldecode(trim($param['code'])));
 
-
-        if(!in_array($param['ac'],['email','phone']) || !in_array($param['type'],['1','2','3']) || empty($param['to'])  || empty($param['type'])){
-            return ['code'=>9001,'msg'=>lang('param_err')];
-        }
-
         $type_arr = [
             1=>['des'=>lang('bind'),'flag'=>'bind'],
             2=>['des'=>lang('findpass'),'flag'=>'findpass'],
             3=>['des'=>lang('register'),'flag'=>'reg'],
-            ];
+        ];
+        if(!in_array($param['ac'],['email','phone']) || !isset($type_arr[$param['type']]) || empty($param['to'])  || empty($param['type'])){
+            return ['code'=>9001,'msg'=>lang('param_err')];
+        }
+        // https://github.com/magicblack/maccms10/issues/792 邮箱增加黑白名单校验
+        if ($param['ac'] == 'email' && in_array($param['type'], [1, 3])) {
+            $result = UserValidate::validateEmail($param['to']);
+            if ($result['code'] > 1) {
+                return $result;
+            }
+        }
 
         $type_des = $type_arr[$param['type']]['des'];
         $type_flag = $type_arr[$param['type']]['flag'];

application/common/validate/User.php

@@ -20,4 +20,36 @@ class User extends Validate
         'edit'  =>  ['user_name'],
     ];
 
-}
+    /**
+     * 校验邮箱
+     * @param $email
+     */
+    public static function validateEmail($email)
+    {
+        list(, $email_host) = explode('@', $email, 2);
+        // 不在白名单内，报错
+        $email_white_host_sets = self::formatEmailHostSets('white');
+        if (!empty($email_white_host_sets) && !isset($email_white_host_sets[$email_host])) {
+            return ['code' => 1001, 'msg' => lang('model/user/email_host_not_allowed')];
+        }
+        // 在黑名单内，报错
+        $email_black_host_sets = self::formatEmailHostSets('black');
+        if (isset($email_black_host_sets[$email_host])) {
+            return ['code' => 1002, 'msg' => lang('model/user/email_host_not_allowed')];
+        }
+        return ['code' => 1, 'msg' => 'ok'];
+    }
+
+    private static function formatEmailHostSets($type) {
+        $config_string = isset($GLOBALS['config']['user']['email_' . $type . '_hosts']) ? $GLOBALS['config']['user']['email_' . $type . '_hosts'] : '';
+        $email_host_sets = [];
+        foreach (explode(',', str_replace("\n", ',', $config_string)) as $host) {
+            $host = trim($host);
+            if (strlen($host) == 0) {
+                continue;
+            }
+            $email_host_sets[$host] = true;
+        }
+        return $email_host_sets;
+    }
+}

application/lang/zh-cn.php

@@ -685,6 +685,7 @@ https://www.baidu.com/123.jpg
     'model/user/pass_length_err'=>'密码最少6个字符',
     'model/user/email_format_err'=>'邮箱地址格式不正确',
     'model/user/email_err'=>'邮箱地址不正确',
+    'model/user/email_host_not_allowed'=>'邮箱域名不允许',
     'model/user/phone_format_err'=>'手机号码格式不正确',
     'model/user/phone_err'=>'手机号码不正确',
     'model/user/pass_reset_err'=>'密码重置失败，请重试',
@@ -1184,6 +1185,10 @@ https://www.baidu.com/123.jpg
     'admin/system/configuser/reg_status'=>'注册开关',
     'admin/system/configuser/phone_reg_verify'=>'手机注册验证',
     'admin/system/configuser/email_reg_verify'=>'邮箱注册验证',
+    'admin/system/configuser/email_white_hosts'=>'邮箱白名单',
+    'admin/system/configuser/email_white_hosts_tip'=>"填写后，只有在白名单内的邮箱主机名才允许注册。多个用,或换行分隔。如: qq.com,360.com\n注：如果黑白名单都填写，策略将同时生效",
+    'admin/system/configuser/email_black_hosts'=>'邮箱黑名单',
+    'admin/system/configuser/email_black_hosts_tip'=>"填写后，在黑名单内的邮箱主机名不允许注册。多个用,或换行分隔。如: protonmail.com,gmail.com\n注：如果黑白名单都填写，策略将同时生效",
     'admin/system/configuser/reg_verify'=>'注册验证码',
     'admin/system/configuser/login_verify'=>'登录验证码',
     'admin/system/configuser/reg_points'=>'注册赠分',

application/lang/zh-tw.php

@@ -685,6 +685,7 @@ https://www.baidu.com/123.jpg
     'model/user/pass_length_err'=>'密碼最少6個字符',
     'model/user/email_format_err'=>'郵箱地址格式不正確',
     'model/user/email_err'=>'郵箱地址不正確',
+    'model/user/email_host_not_allowed'=>'郵箱域名不允許',
     'model/user/phone_format_err'=>'手機號碼格式不正確',
     'model/user/phone_err'=>'手機號碼不正確',
     'model/user/pass_reset_err'=>'密碼重置失敗，請重試',
@@ -1184,6 +1185,10 @@ https://www.baidu.com/123.jpg
     'admin/system/configuser/reg_status'=>'註冊開關',
     'admin/system/configuser/phone_reg_verify'=>'手機註冊驗證',
     'admin/system/configuser/email_reg_verify'=>'郵箱註冊驗證',
+    'admin/system/configuser/email_white_hosts'=>'郵箱白名單',
+    'admin/system/configuser/email_white_hosts_tip'=>"填寫後，只有在白名單內的郵箱主機名才允許註冊。多個用,或換行分隔。如: qq.com,360.com\n注：如果黑白名單都填寫，策略將同時生效",
+    'admin/system/configuser/email_black_hosts'=>'郵箱黑名單',
+    'admin/system/configuser/email_black_hosts_tip'=>"填寫後，在黑名單內的郵箱主機名不允許註冊。多個用,或換行分隔。如: protonmail.com,gmail.com\n注：如果黑白名單都填寫，策略將同時生效",
     'admin/system/configuser/reg_verify'=>'註冊驗證碼',
     'admin/system/configuser/login_verify'=>'登錄驗證碼',
     'admin/system/configuser/reg_points'=>'註冊贈分',