From 44d039dc90f190df411b4b843a4fcf1fab344f8b Mon Sep 17 00:00:00 2001 From: tianya Date: Wed, 21 Oct 2020 17:36:14 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A8=A1=E5=9D=97=E6=89=93=E5=8C=85=E5=AE=89?= =?UTF-8?q?=E8=A3=85=E7=AE=A1=E7=90=86=E5=8A=9F=E8=83=BD=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/dede/css/base.css | 5 + src/dede/module_make.php | 113 +++++-- src/dede/module_upload.php | 10 +- src/dede/templets/module_edit.htm | 103 +++---- src/dede/templets/module_main.htm | 20 +- src/dede/templets/module_make.htm | 491 +++++++++++++++--------------- src/include/common.inc.php | 2 +- src/include/dedemodule.class.php | 18 +- 8 files changed, 413 insertions(+), 349 deletions(-) diff --git a/src/dede/css/base.css b/src/dede/css/base.css index 560cb993..a9925164 100755 --- a/src/dede/css/base.css +++ b/src/dede/css/base.css @@ -82,6 +82,11 @@ box-shadow: 0 0 3px #A5C760; outline: none; } +input:disabled, input[readonly] { + background-color: #e9ecef; + opacity: 1; +} + label { display: inline-block; margin: .5rem 0; diff --git a/src/dede/module_make.php b/src/dede/module_make.php index 799af5e7..c0bac3ca 100755 --- a/src/dede/module_make.php +++ b/src/dede/module_make.php @@ -20,21 +20,25 @@ if($action=='') require_once(dirname(__FILE__)."/templets/module_make.htm"); exit(); } -/*--------- -//获得Hash码 -function GetHash() -----------*/ -else if($action=='gethash') -{ - echo md5($modulname.$email); - exit(); -} /*------------- //生成项目 function Makemodule() --------------*/ else if($action=='make') { + require_once(DEDEINC.'/dedehttpdown.class.php'); + + // 校验私钥,确定开发者身份 + $devURL = DEDECDNURL."/developers/$dev_id.json"; + $dhd = new DedeHttpDown(); + $dhd->OpenUrl($devURL); + $devContent = $dhd->GetHtml(); + $devInfo = (array)json_decode($devContent); + if (($devInfo['auth_at']+60*60*24*365) < time()) { + ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1"); + exit(); + } + $filelist = str_replace("\r", "\n", trim($filelist)); $filelist = trim(preg_replace("#[\n]{1,}#", "\n", $filelist)); if($filelist=='') @@ -42,6 +46,37 @@ else if($action=='make') ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1"); exit(); } + if (empty($dev_id)) { + ShowMsg("开发者ID不能为空!","-1"); + exit(); + } + if (empty($priv)) { + ShowMsg("请填写开发者私钥信息","-1"); + exit(); + } + if (strlen($modulname) > 150) { + ShowMsg("模块名称过长","-1"); + exit(); + } + + // 校验私钥合法性 + $enstr = json_encode(array( + "module_name" => $modulname, + "dev_id" => $devInfo['dev_id'], + )); + // 私钥加密模块信息 + openssl_private_encrypt($enstr,$encotent,$priv); + + $moduleInfo = base64url_encode($encotent); + + openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']); + + $minfo = (array)json_decode($decontent); + + if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) { + ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1"); + exit(); + } //去除转义 foreach($_POST as $k=>$v) $$k = stripslashes($v); @@ -49,7 +84,7 @@ else if($action=='make') if(!isset($autosetup)) $autosetup = 0; if(!isset($autodel)) $autodel = 0; $mdir = DEDEDATA.'/module'; - $hashcode = md5($modulname.$email); + $hashcode = md5($modulname.$devInfo['dev_id']); $moduleFilename = $mdir.'/'.$hashcode.'.xml'; $menustring = base64_encode($menustring); $indexurl = str_replace('=', '**', $indexurl); @@ -101,17 +136,16 @@ else if($action=='make') $modulinfo = " name={$modulname} -team={$team} +dev_id={$devInfo['dev_id']} +info={$moduleInfo} time={$mtime} -email={$email} -url={$url} hash={$hashcode} indexname={$indexname} indexurl={$indexurl} ismember={$ismember} autosetup={$autosetup} autodel={$autodel} -lang={$lang} +lang=utf-8 moduletype={$moduletype} @@ -173,6 +207,48 @@ else if($action=='edit') ShowMsg("对不起,你没有指定模块的文件列表,因此不能创建项目!","-1"); exit(); } + if (empty($dev_id)) { + ShowMsg("开发者ID不能为空!","-1"); + exit(); + } + if (empty($priv)) { + ShowMsg("请填写开发者私钥信息","-1"); + exit(); + } + + // 校验私钥,确定开发者身份 + $devURL = DEDECDNURL."/developers/$dev_id.json"; + $dhd = new DedeHttpDown(); + $dhd->OpenUrl($devURL); + $devContent = $dhd->GetHtml(); + $devInfo = (array)json_decode($devContent); + if (($devInfo['auth_at']+60*60*24*365) < time()) { + ShowMsg("您的开发者账号已经过期,请登录www.dedebiz.com重新申请!","-1"); + exit(); + } + if (strlen($modulname) > 150) { + ShowMsg("模块名称过长","-1"); + exit(); + } + + // 校验私钥合法性 + $enstr = json_encode(array( + "module_name" => $modulname, + "dev_id" => $devInfo['dev_id'], + )); + // 私钥加密模块信息 + openssl_private_encrypt($enstr,$encotent,$priv); + + $moduleInfo = base64url_encode($encotent); + + openssl_public_decrypt($encotent,$decontent,$devInfo['pub_key']); + + $minfo = (array)json_decode($decontent); + + if ($minfo['module_name'] != $modulname || $minfo['dev_id'] != $devInfo['dev_id']) { + ShowMsg("开发者私钥校验失败,请确保填写正确的开发者私钥","-1"); + exit(); + } //已经去除转义 foreach($_POST as $k=>$v) $$k = stripslashes($v); @@ -182,8 +258,6 @@ else if($action=='edit') $hashcode = $hash; $moduleFilename = $mdir.'/'.$hashcode.'.xml'; $modulname = str_replace('=', '', $modulname); - $email = str_replace('=', '', $email); - $team = str_replace('=', '', $team); $indexurl = str_replace('=', '**', $indexurl); $menustring = base64_encode($menustring); $dm = new DedeModule($mdir); @@ -219,17 +293,16 @@ else if($action=='edit') $modulinfo = " name={$modulname} -team={$team} +dev_id={$devInfo['dev_id']} +info={$moduleInfo} time={$mtime} -email={$email} -url={$url} hash={$hashcode} indexname={$indexname} indexurl={$indexurl} ismember={$ismember} autosetup={$autosetup} autodel={$autodel} -lang={$lang} +lang=utf-8 moduletype={$moduletype} diff --git a/src/dede/module_upload.php b/src/dede/module_upload.php index a4710c71..15135366 100755 --- a/src/dede/module_upload.php +++ b/src/dede/module_upload.php @@ -97,15 +97,15 @@ else 文件格式: - - 正常的模块包 - - 经过 zip 压缩的模块包 + + 已有模块: - 强制删除同名模块(这可能导致已经安装的模块无法卸载) + diff --git a/src/dede/templets/module_edit.htm b/src/dede/templets/module_edit.htm index faa574c9..dc059b64 100755 --- a/src/dede/templets/module_edit.htm +++ b/src/dede/templets/module_edit.htm @@ -2,31 +2,10 @@ + + -
+
模块管理
- +
@@ -39,7 +41,6 @@ function getmodule(action,hash) - @@ -53,7 +54,6 @@ foreach($modules as $k=>$v) - diff --git a/src/dede/templets/module_make.htm b/src/dede/templets/module_make.htm index 73d96d8e..5dd624d2 100755 --- a/src/dede/templets/module_make.htm +++ b/src/dede/templets/module_make.htm @@ -1,262 +1,253 @@ - + - - - - - - -模块打包 - - + + + + + + + 模块打包 + + + -
-
-
模块管理
-
-
模块名称 发布时间开发团队 编码 类型 模块状态
".$v['lang'].""; @@ -80,13 +80,11 @@ foreach($modules as $k=>$v)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + +
模块管理 - > 模块打包:
模块名称: -
语言编码: - - (不同编码模块可以使用,但不能在此打包) - -
封装类型: - - - - -
开发者ID: - 如何获取开发者ID? -
发布时间: -
是否涉及会员系统: - - - +
+
+
模块管理
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - + + + + + + + + + + + + - - - - + + + + - + + - - - - + + + + - - - - + + + + - - - - -
模块管理 + > 模块打包:
模块名称: +
语言编码: + + (不同编码模块可以使用,但不能在此打包) + +
封装类型: + + + + +
开发者ID: + 如何获取开发者ID? +
发布时间: +
是否涉及会员系统: + + + -
后台管理菜单: - -
- (普通插件或模板、补丁类不要填写,模块菜单格式请参考inc/inc_menu_module.php) -
使用说明文件: - -
-
- -
- -
安装程序: - -
-
- -
- +
后台管理菜单: + +
+ (普通插件或模板、补丁类不要填写,模块菜单格式请参考inc/inc_menu_module.php) +
使用说明文件: + +
+
+ +
+ +
安装程序: + +
+
+ +
+ -
删除程序: - -
-
- -
- +
删除程序: + +
+
+ +
+ -
文件列表: -

- 每行指定一个文件或目录,路径为相对于本目录,本目录的文件则直接用文件名即可,对于整个打包的目录,不需要指定子目录里的文件。
- 如:如果已经指定了: ../book 则不需要再指定目录里的 ../book/index.php 等文件或目录,系统会自动索引整个目录,
- 对于不需要索引整个目录的,请不要指定这个目录,否则可能会把不必要的文件也放进模块中。
- -

-
文件列表: +

+ 每行指定一个文件或目录,路径为相对于本目录,本目录的文件则直接用文件名即可,对于整个打包的目录,不需要指定子目录里的文件。
+ 如:如果已经指定了: ../book 则不需要再指定目录里的 ../book/index.php 等文件或目录,系统会自动索引整个目录,
+ 对于不需要索引整个目录的,请不要指定这个目录,否则可能会把不必要的文件也放进模块中。
+ +

+
开发者私钥: -

- 开发者认证后获取的私钥 -
- -

-
开发者私钥: +

+ 开发者认证后获取的私钥 +
+ +

+
- - - - - - -
  - - - -
-
+
+ + + + + + + +
  + + + +
+
+ \ No newline at end of file diff --git a/src/include/common.inc.php b/src/include/common.inc.php index bd08b412..f693fa3d 100755 --- a/src/include/common.inc.php +++ b/src/include/common.inc.php @@ -44,7 +44,7 @@ NQabUzX9JoYtXqPcpZRT7ymHrppU0KFdUSEJiW0utTWJo0HrDOBIT5qWlM0MP9p/ PwIDAQAB -----END PUBLIC KEY----- EOT); // DedeBIZ系统公钥 - +define('DEDECDNURL', 'https://cdn.dedebiz.com'); // 默认静态资源地址 if (version_compare(PHP_VERSION, '5.3.0', '<') && function_exists("get_magic_quotes_gpc")) { diff --git a/src/include/dedemodule.class.php b/src/include/dedemodule.class.php index e127e0ed..30687ce5 100755 --- a/src/include/dedemodule.class.php +++ b/src/include/dedemodule.class.php @@ -12,6 +12,16 @@ require_once(DEDEINC . '/charset.func.php'); require_once(DEDEINC . '/dedeatt.class.php'); require_once(DEDEINC . '/dedehttpdown.class.php'); +function base64url_encode($data) +{ + return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); +} + +function base64url_decode($data) +{ + return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); +} + class DedeModule { var $modulesPath; @@ -160,7 +170,7 @@ class DedeModule } else $filename = $this->modulesPath . '/' . $this->GetHashFile($hash); $start = 0; $minfos = array(); - $minfos['name'] = $minfos['team'] = $minfos['time'] = $minfos['email'] = $minfos['url'] = ''; + $minfos['name'] = $minfos['info'] = $minfos['time'] = ''; $minfos['hash'] = $minfos['indexname'] = $minfos['indexurl'] = ''; $minfos['ismember'] = $minfos['autosetup'] = $minfos['autodel'] = 0; //$minfos['filename'] = $filename; @@ -173,19 +183,23 @@ class DedeModule while (!feof($fp)) { $n++; if ($n > 30) break; - $line = fgets($fp, 256); + $line = fgets($fp, 1024); if ($start == 0) { if (preg_match("/moduleLang = trim($minfos['lang']); else $this->moduleLang = 'gbk';