1 year ago · 848ad8b1b0
--- a/src/admin/login.php
+++ b/src/admin/login.php
@@ -40,7 +40,7 @@ $admindir = $admindirs[count($admindirs) - 1];
 if ($dopost == 'login') {
    $validate = empty($validate) ? '' : strtolower(trim($validate));
    $svali = strtolower(GetCkVdValue());
    if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) {
    if ($validate == '' || $validate != $svali) {
        ResetVdValue();
        ShowMsg('验证码不正确', 'login.php', 0, 1000);
        exit;
--- a/src/admin/templets/login.htm
+++ b/src/admin/templets/login.htm
@@ -95,10 +95,6 @@
 						<label for="iptPassword">密码</label>
 						<input type="password" name="pwd" class="form-control" id="iptPassword">
 					</div>
 					<?php
 	        		if(preg_match("/6/",$safe_gdopen))
 	        		{
 	        		?>
 					<div class="form-group">
 						<label for="iptValidate">验证码</label>
 						<div class="input-group">
@@ -106,9 +102,6 @@
 							<img src="../apps/vdimgck.php" onclick="this.src='../apps/vdimgck.php?'+new Date().getTime()+Math.round(Math.random() * 10000)" title="验证码" id="validateimg" style="cursor:pointer">
 						</div>
 					</div>
 					<?php
 					}
 					?>
 					<button type="submit" class="btn btn-success btnLogin btn-sm">登录</button>
 					<div class="login-power"><?php echo $cfg_powerby; ?></div>
 				</form>
--- a/src/apps/vdimgck.php
+++ b/src/apps/vdimgck.php
@@ -10,11 +10,12 @@
 */
 require_once(dirname(__FILE__).'/../system/common.inc.php');
 require_once(DEDEDATA.'/config.cache.inc.php');
 //安全提示
 $config = array(
    'font_size'   => 20,
    'img_height'  => $safe_wheight,
    'word_type'  => (int)$safe_codetype,
    'img_width'   => $safe_wwidth,
    'img_height'  => '36',
    'word_type'  => 3,
    'img_width'   => '80',
    'use_boder'   => TRUE,
    'font_file'   => DEDEINC.'/data/fonts/'.mt_rand(1, 6).'.ttf',
    'wordlist_file'   => DEDEINC.'/data/words/words.txt',
--- a/src/install/sql-dfdata.txt
+++ b/src/install/sql-dfdata.txt
@@ -4020,7 +4020,6 @@ INSERT INTO `#@__sysconfig` VALUES
 ('77','cfg_mb_spacesta','会员使用权限开通状态（-10邮件验证、-1手工审核、0没限制）','4','number','-10'),
 ('78','cfg_mb_allowreg','是否允许新会员注册','4','bool','Y'),
 ('79','cfg_mb_adminlock','是否禁止访问管理员帐号的空间','4','bool','N'),
 ('80','cfg_vdcode_member','是否会员投稿验证码','5','bool','Y'),
 ('81','cfg_mb_cktitle','是否检测会员投稿重复标题','5','bool','Y'),
 ('82','cfg_mb_editday','投稿多少天后不能再修改','5','number','1'),
 ('83','cfg_sendarc_scores','投稿可获取积分','5','number','10'),
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -226,11 +226,6 @@ if (!isset($cfg_NotPrintHead)) {
        header("Content-Type: text/html; charset={$cfg_soft_lang}");
    }
 }
 //安全提示
 $safe_gdopen = '1,2,3,4,5,6,7';
 $safe_codetype = '3';
 $safe_wwidth = '80';
 $safe_wheight = '36';
 //自动加载类库处理
 if (version_compare(PHP_VERSION, '7.2.0', '>=')) {
    require_once(DEDEINC.'/autoload7.inc.php');
--- a/src/user/album_add.php
+++ b/src/user/album_add.php
@@ -56,15 +56,6 @@ function _SaveArticle(){  }
 ------------------------------*/
 else if ($dopost == 'save') {
    include(DEDEMEMBER.'/inc/archives_check.php');

    $svali = GetCkVdValue();
    if (preg_match("/1/", $safe_gdopen)) {
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', '-1');
            exit();
        }
    }
    $cInfos = $dsql->GetOne("Select * From `#@__channeltype`  where id='$channelid'; ");
    $maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
    $pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
--- a/src/user/album_edit.php
+++ b/src/user/album_edit.php
@@ -59,14 +59,6 @@ if (empty($dopost)) {
 function _Save(){  }
 ------------------------------*/
 else if ($dopost == 'save') {
    $svali = GetCkVdValue();
    if (preg_match("/1/", $safe_gdopen)) {
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', '-1');
            exit();
        }
    }
    $cInfos = $dsql->GetOne("Select * From `#@__channeltype`  where id='$channelid'; ");
    $maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
    $pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
--- a/src/user/archives_sg_add.php
+++ b/src/user/archives_sg_add.php
@@ -50,8 +50,9 @@ function _SaveArticle(){  }
 else if ($dopost == 'save') {
    include_once(DEDEINC."/image.func.php");
    include_once(DEDEINC."/libraries/oxwindow.class.php");
    $svali = GetCkVdValue();
    if (preg_match("/3/", $safe_gdopen)) {
    // 游客需要校验验证码
    if ($cfg_ml->M_ID === 0) {
        $svali = GetCkVdValue();
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', '-1');
--- a/src/user/archives_sg_edit.php
+++ b/src/user/archives_sg_edit.php
@@ -48,15 +48,6 @@ else if ($dopost == 'save') {
    $flag = '';
    $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
    $userip = GetIP();

    $svali = GetCkVdValue();
    if (preg_match("/3/", $safe_gdopen)) {
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', '-1');
            exit();
        }
    }
    if ($typeid == 0) {
        ShowMsg('请指定文档隶属的栏目', '-1');
        exit();
--- a/src/user/inc/archives_check.php
+++ b/src/user/inc/archives_check.php
@@ -11,18 +11,21 @@
 if (!defined('DEDEMEMBER'))    exit('dedebiz');
 include_once(DEDEINC.'/image.func.php');
 include_once(DEDEINC.'/libraries/oxwindow.class.php');
 $svali = GetCkVdValue();
 if (strtolower($vdcode) != $svali || $svali == '') {
    ResetVdValue();
    ShowMsg('验证码错误', '-1');
    exit();
 // 游客需要校验验证码
 if ($cfg_ml->M_ID === 0) {
    $svali = GetCkVdValue();
    if (strtolower($vdcode) != $svali || $svali == '') {
        ResetVdValue();
        ShowMsg('验证码错误', '-1');
        exit();
    }
 }

 //校验CSRF
 CheckCSRF();
 $flag = '';
 $autokey = $remote = $dellink = $autolitpic = 0;
 $userip = GetIP();

 if ($typeid == 0) {
    ShowMsg('请指定文档隶属的栏目', '-1');
    exit();
--- a/src/user/inc/archives_check_edit.php
+++ b/src/user/inc/archives_check_edit.php
@@ -14,12 +14,6 @@ require_once(DEDEINC."/libraries/oxwindow.class.php");
 $flag = '';
 $typeid = isset($typeid) && is_numeric($typeid) ? $typeid : 0;
 $userip = GetIP();
 $svali = GetCkVdValue();
 if (strtolower($vdcode) != $svali || $svali == '') {
    ResetVdValue();
    ShowMsg('验证码错误', '-1');
    exit();
 }
 if ($typeid == 0) {
    ShowMsg('请指定文档隶属的栏目', '-1');
    exit();
--- a/src/user/index_do.php
+++ b/src/user/index_do.php
@@ -173,12 +173,10 @@ else if ($fmdo == 'login') {
            $vdcode = '';
        }
        $svali = GetCkVdValue();
        if (preg_match("/2/", $safe_gdopen)) {
            if (strtolower($vdcode) != $svali || $svali == '') {
                ResetVdValue();
                ShowMsg('验证码错误', 'index.php');
                exit();
            }
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', 'index.php');
            exit();
        }
        if (CheckUserID($userid, '', false) != 'ok') {
            ResetVdValue();
--- a/src/user/reg_new.php
+++ b/src/user/reg_new.php
@@ -20,12 +20,10 @@ if ($step == 1) {
    }
    if ($dopost == 'regbase') {
        $svali = GetCkVdValue();
        if (preg_match("/1/", $safe_gdopen)) {
            if (strtolower($vdcode) != $svali || $svali == '') {
                ResetVdValue();
                ShowMsg('验证码错误', '-1');
                exit();
            }
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误', '-1');
            exit();
        }
        $userid = $uname = trim($userid);
        $pwd = trim($userpwd);
--- a/src/user/templets/album_add.htm
+++ b/src/user/templets/album_add.htm
@@ -99,10 +99,10 @@
 											</script>
 											</p>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if (preg_match("/3/",$safe_gdopen)){
 											//游客强制加验证码
 											if($cfg_ml->M_ID === 0){
 											?>
 											<div class="form-group row">
 											<div class="form-group row mt-3">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
@@ -112,7 +112,7 @@
 											<?php
 											}
 											?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/album_edit.htm
+++ b/src/user/templets/album_edit.htm
@@ -136,19 +136,7 @@
 											<script>
 												startNum = "<? php echo $j; ?>";
 											</script>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											?>
 											<div class="form-group row">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
 													<img src="../apps/vdimgck.php" alt="验证码" title="验证码" onclick="this.src=this.src+'?'" style="cursor:pointer">
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/archives_add.htm
+++ b/src/user/templets/archives_add.htm
@@ -74,10 +74,10 @@
 										?>
 										<div class="contentShow postForm">
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											//游客强制加验证码
 											if($cfg_ml->M_ID === 0){
 											?>
 											<div class="form-group row">
 											<div class="form-group row mt-3">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
@@ -87,7 +87,7 @@
 											<?php 
 											}
 											?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/archives_edit.htm
+++ b/src/user/templets/archives_edit.htm
@@ -72,19 +72,7 @@
 										PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']), $addRow, 'autofield');
 										?>
 										<div class="contentShow postForm">
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											?>
 											<div class="form-group row">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
 													<img src="../apps/vdimgck.php" alt="验证码" title="验证码" onclick="this.src=this.src+'?'" style="cursor:pointer">
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/archives_sg_add.htm
+++ b/src/user/templets/archives_sg_add.htm
@@ -74,10 +74,10 @@
 										?>
 										<div class="contentShow postForm">
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											//游客强制加验证码
 											if($cfg_ml->M_ID === 0){
 											?>
 											<div class="form-group row">
 											<div class="form-group row mt-3">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
@@ -87,7 +87,7 @@
 											<?php
 											}
 											?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/archives_sg_edit.htm
+++ b/src/user/templets/archives_sg_edit.htm
@@ -66,21 +66,7 @@
 										PrintAutoFieldsEdit(stripslashes($cInfos['fieldset']), $addRow, 'autofield');
 										?>
 										<div class="contentShow postForm">
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											?>
 											<div class="form-group row">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
 													<img src="../apps/vdimgck.php" alt="验证码" title="验证码" onclick="this.src=this.src+'?'" style="cursor:pointer">
 												</div>
 											</div>
 											<?php
 											}
 											?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/article_add.htm
+++ b/src/user/templets/article_add.htm
@@ -77,10 +77,10 @@
 										<div class="contentShow postForm">
 											<div><?php GetEditor("body","",360,"Member"); ?></div>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											//游客强制加验证码
 											if($cfg_ml->M_ID === 0){
 											?>
 											<div class="form-group row">
 											<div class="form-group row mt-3">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
@@ -88,7 +88,7 @@
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/article_edit.htm
+++ b/src/user/templets/article_edit.htm
@@ -78,19 +78,7 @@
 										<label>正文</label>
 										<div class="contentShow postForm">
 											<div><?php GetEditor("body",$addRow['body'],360,"Member"); ?></div>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											?>
 											<div class="form-group row">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
 													<img src="../apps/vdimgck.php" alt="验证码" title="验证码" onclick="this.src=this.src+'?'" style="cursor:pointer">
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/soft_add.htm
+++ b/src/user/templets/soft_add.htm
@@ -197,10 +197,10 @@
 												</p>
 											</div>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											//游客强制加验证码
 											if($cfg_ml->M_ID === 0){
 											?>
 											<div class="form-group row">
 											<div class="form-group row mt-3">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
@@ -208,7 +208,7 @@
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>
--- a/src/user/templets/soft_edit.htm
+++ b/src/user/templets/soft_edit.htm
@@ -213,19 +213,7 @@
 												echo "<span id='uploadfield'></span>";
 												?>
 											</div>
 											<?php
 											//游客强制加验证码，会员则判断后台开关
 											if(preg_match("/3/",$safe_gdopen)){
 											?>
 											<div class="form-group row">
 												<label class="col-sm-2 col-form-label">验证码</label>
 												<div class="col-sm-10">
 													<input name="vdcode" type="text" id="vdcode" class="form-control" style="display:inline-block;width:260px;text-transform:uppercase">
 													<img src="../apps/vdimgck.php" alt="验证码" title="验证码" onclick="this.src=this.src+'?'" style="cursor:pointer">
 												</div>
 											</div>
 											<?php } ?>
 											<p>
 											<p class="mt-3">
 												<button type="submit" class="btn btn-success btn-sm">提交</button>
 												<button type="reset" class="btn btn-secondary btn-sm" onclick="location.reload();">重置</button>
 											</p>