优化用户名密码长度检测

优化CRUD文件类型
移除cdnurl后台系统配置中配置
修复附件选择列表无法上传文件的BUG

application/admin/command/Crud.php

@@ -179,6 +179,8 @@ class Crud extends Command
         'url'    => 'url',
         'image'  => 'image',
         'images' => 'images',
+        'file'   => 'file',
+        'files'  => 'files',
         'avatar' => 'image',
         'switch' => 'toggle',
         'tag'    => 'flag',
@@ -910,6 +912,7 @@ class Crud extends Command
                                 $attrArr['data-source'] = 'auth/admin/selectpage';
                             } elseif ($selectpageController == 'user') {
                                 $attrArr['data-source'] = 'user/user/index';
+                                $attrArr['data-field'] = 'nickname';
                             }
                             if ($this->isMatchSuffix($field, $this->selectpagesSuffix)) {
                                 $attrArr['data-multiple'] = 'true';

application/admin/command/Install/fastadmin.sql

@@ -392,6 +392,7 @@ CREATE TABLE `fa_sms` (
 DROP TABLE IF EXISTS `fa_test`;
 CREATE TABLE `fa_test` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID',
+  `user_id` int(10) DEFAULT '0' COMMENT '会员ID',
   `admin_id` int(10) DEFAULT '0' COMMENT '管理员ID',
   `category_id` int(10) unsigned DEFAULT '0' COMMENT '分类ID(单选)',
   `category_ids` varchar(100) COMMENT '分类ID(多选)',

application/admin/command/Install/zh-cn.php

@@ -22,8 +22,8 @@ return [
     'Install Successed'                                                                                     => '安装成功！',
     'Security tips'                                                                                         => '温馨提示：请将以下后台登录入口添加到你的收藏夹，为了你的安全，不要泄漏或发送给他人！如有泄漏请及时修改！',
     'Please input correct database'                                                                         => '请输入正确的数据库名',
-    'Please input correct username'                                                                         => '用户名只能由3-12位数字、字母、下划线组合',
-    'Please input correct password'                                                                         => '密码长度必须在6-16位之间，不能包含空格',
+    'Please input correct username'                                                                         => '用户名只能由3-30位数字、字母、下划线组合',
+    'Please input correct password'                                                                         => '密码长度必须在6-30位之间，不能包含空格',
     'Password is too weak'                                                                                  => '密码太简单，请重新输入',
     'The two passwords you entered did not match'                                                           => '两次输入的密码不一致',
     'Please input correct website'                                                                          => '网站名称输入不正确',

application/admin/controller/general/Attachment.php

@@ -85,6 +85,9 @@ class Attachment extends Backend
         if ($this->request->isAjax()) {
             return $this->index();
         }
+        $mimetype = $this->request->get('mimetype', '');
+        $mimetype = substr($mimetype, -1) === '/' ? $mimetype . '*' : $mimetype;
+        $this->view->assign('mimetype', $mimetype);
         return $this->view->fetch();
     }
 

application/admin/controller/general/Config.php

@@ -69,6 +69,10 @@ class Config extends Backend
                 $value['value'] = json_encode($dictValue, JSON_UNESCAPED_UNICODE);
             }
             $value['tip'] = htmlspecialchars($value['tip']);
+            if ($value['name'] == 'cdnurl') {
+                //cdnurl不支持在线修改
+                continue;
+            }
             $siteList[$v['group']]['list'][] = $value;
         }
         $index = 0;

application/admin/lang/zh-cn/auth/admin.php

@@ -5,6 +5,6 @@ return [
     'Loginfailure'                              => '登录失败次数',
     'Login time'                                => '最后登录',
     'The parent group exceeds permission limit' => '父组别超出权限范围',
-    'Please input correct username'             => '用户名只能由3-12位数字、字母、下划线组合',
-    'Please input correct password'             => '密码长度必须在6-16位之间，不能包含空格',
+    'Please input correct username'             => '用户名只能由3-30位数字、字母、下划线组合',
+    'Please input correct password'             => '密码长度必须在6-30位之间，不能包含空格',
 ];

application/admin/validate/Admin.php

@@ -11,9 +11,9 @@ class Admin extends Validate
      * 验证规则
      */
     protected $rule = [
-        'username' => 'require|regex:\w{3,12}|unique:admin',
+        'username' => 'require|regex:\w{3,30}|unique:admin',
         'nickname' => 'require',
-        'password' => 'require|regex:\S{32}',
+        'password' => 'require|regex:\S{6,30}',
         'email'    => 'require|email|unique:admin,email',
     ];
 

application/admin/validate/User.php

@@ -10,9 +10,9 @@ class User extends Validate
      * 验证规则
      */
     protected $rule = [
-        'username' => 'require|regex:\w{3,32}|unique:user',
+        'username' => 'require|regex:\w{3,30}|unique:user',
         'nickname' => 'require|unique:user',
-        'password' => 'regex:\S{6,32}',
+        'password' => 'regex:\S{6,30}',
         'email'    => 'require|email|unique:user',
         'mobile'   => 'unique:user'
     ];

application/admin/view/general/attachment/select.html

@@ -31,7 +31,7 @@
                 <div class="widget-body no-padding">
                     <div id="toolbar" class="toolbar">
                         {:build_toolbar('refresh')}
-                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$Think.get.mimetype|default=''|htmlentities}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
+                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$mimetype|default=''|htmlentities}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
                         {if request()->get('multiple') == 'true'}
                         <a class="btn btn-danger btn-choose-multi"><i class="fa fa-check"></i> {:__('Choose')}</a>
                         {/if}

application/admin/view/user/user/edit.html

@@ -22,7 +22,7 @@
     <div class="form-group">
         <label for="c-password" class="control-label col-xs-12 col-sm-2">{:__('Password')}:</label>
         <div class="col-xs-12 col-sm-4">
-            <input id="c-password" data-rule="password" class="form-control" name="row[password]" type="text" value="" placeholder="{:__('Leave password blank if dont want to change')}" autocomplete="new-password" />
+            <input id="c-password" data-rule="password" class="form-control" name="row[password]" type="password" value="" placeholder="{:__('Leave password blank if dont want to change')}" autocomplete="new-password" />
         </div>
     </div>
     <div class="form-group">

application/api/controller/User.php

@@ -305,6 +305,10 @@ class User extends Api
         if (!$newpassword || !$captcha) {
             $this->error(__('Invalid parameters'));
         }
+        //验证Token
+        if (!Validate::make()->check(['newpassword' => $newpassword], ['newpassword' => 'require|regex:\S{6,30}'])) {
+            $this->error(__('Password must be 6 to 30 characters'));
+        }
         if ($type == 'mobile') {
             if (!Validate::regex($mobile, "^1\d{10}$")) {
                 $this->error(__('Mobile is incorrect'));

application/api/lang/zh-cn/user.php

@@ -6,7 +6,8 @@ return [
     'Login'                                 => '登录',
     'Sign up successful'                    => '注册成功',
     'Username can not be empty'             => '用户名不能为空',
-    'Username must be 6 to 30 characters'   => '用户名必须6-30个字符',
+    'Username must be 3 to 30 characters'   => '用户名必须3-30个字符',
+    'Username must be 6 to 30 characters'   => '用户名必须3-30个字符',
     'Password can not be empty'             => '密码不能为空',
     'Password must be 6 to 30 characters'   => '密码必须6-30个字符',
     'Mobile is incorrect'                   => '手机格式不正确',

application/index/controller/User.php

@@ -230,9 +230,9 @@ class User extends Frontend
             $renewpassword = $this->request->post("renewpassword");
             $token = $this->request->post('__token__');
             $rule = [
-                'oldpassword'   => 'require|length:6,30',
-                'newpassword'   => 'require|length:6,30',
-                'renewpassword' => 'require|length:6,30|confirm:newpassword',
+                'oldpassword'   => 'require|regex:\S{6,30}',
+                'newpassword'   => 'require|regex:\S{6,30}',
+                'renewpassword' => 'require|regex:\S{6,30}|confirm:newpassword',
                 '__token__'     => 'token',
             ];
 
@@ -328,6 +328,9 @@ class User extends Frontend
 
             return json($result);
         }
+        $mimetype = $this->request->get('mimetype', '');
+        $mimetype = substr($mimetype, -1) === '/' ? $mimetype . '*' : $mimetype;
+        $this->view->assign('mimetype', $mimetype);
         $this->view->assign("mimetypeList", \app\common\model\Attachment::getMimetypeList());
         return $this->view->fetch();
     }

application/index/lang/zh-cn/user.php

@@ -23,6 +23,7 @@ return [
     'Email active successful'                    => '邮箱激活成功',
     'Username can not be empty'                  => '用户名不能为空',
     'Username must be 3 to 30 characters'        => '用户名必须3-30个字符',
+    'Username must be 6 to 30 characters'        => '用户名必须3-30个字符',
     'Account must be 3 to 50 characters'         => '账户必须3-50个字符',
     'Password can not be empty'                  => '密码不能为空',
     'Password must be 6 to 30 characters'        => '密码必须6-30个字符',

application/index/view/user/attachment.html

@@ -45,7 +45,7 @@
                 <div class="widget-body no-padding">
                     <div id="toolbar" class="toolbar">
                         <a href="javascript:;" class="btn btn-primary btn-refresh" title="刷新"><i class="fa fa-refresh"></i> </a>
-                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$Think.get.mimetype|default=''|htmlentities}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
+                        <span><button type="button" id="faupload-image" class="btn btn-success faupload" data-mimetype="{$mimetype|default=''|htmlentities}" data-multiple="true"><i class="fa fa-upload"></i> {:__('Upload')}</button></span>
                         {if request()->get('multiple') == 'true'}
                         <a class="btn btn-danger btn-choose-multi"><i class="fa fa-check"></i> {:__('Choose')}</a>
                         {/if}

application/index/view/user/changepwd.html

@@ -12,19 +12,19 @@
                         <div class="form-group">
                             <label for="oldpassword" class="control-label col-xs-12 col-sm-2">{:__('Old password')}:</label>
                             <div class="col-xs-12 col-sm-4">
-                                <input type="password" class="form-control" id="oldpassword" name="oldpassword" value="" data-rule="required" placeholder="{:__('Old password')}">
+                                <input type="password" class="form-control" id="oldpassword" name="oldpassword" value="" data-rule="required;password" placeholder="{:__('Old password')}">
                             </div>
                         </div>
                         <div class="form-group">
                             <label for="newpassword" class="control-label col-xs-12 col-sm-2">{:__('New password')}:</label>
                             <div class="col-xs-12 col-sm-4">
-                                <input type="password" class="form-control" id="newpassword" name="newpassword" value="" data-rule="required" placeholder="{:__('New password')}" />
+                                <input type="password" class="form-control" id="newpassword" name="newpassword" value="" data-rule="required;password" placeholder="{:__('New password')}" />
                             </div>
                         </div>
                         <div class="form-group">
                             <label for="renewpassword" class="control-label col-xs-12 col-sm-2">{:__('Renew password')}:</label>
                             <div class="col-xs-12 col-sm-4">
-                                <input type="password" class="form-control" id="renewpassword" name="renewpassword" value="" data-rule="required" placeholder="{:__('Renew password')}" />
+                                <input type="password" class="form-control" id="renewpassword" name="renewpassword" value="" data-rule="required;password" placeholder="{:__('Renew password')}" />
                             </div>
                         </div>
 

public/assets/js/require-form.js

@@ -9,6 +9,10 @@ define(['jquery', 'bootstrap', 'upload', 'validator', 'validator-lang'], functio
                     return;
                 //绑定表单事件
                 form.validator($.extend({
+                    rules: {
+                        username: [/^\w{3,30}$/, __('Username must be 3 to 30 characters')],
+                        password: [/^[\S]{6,30}$/, __('Password must be 6 to 30 characters')]
+                    },
                     validClass: 'has-success',
                     invalidClass: 'has-error',
                     bindClassTo: '.form-group',

public/assets/js/require-table.js

@@ -616,7 +616,7 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
                             url = Fast.api.cdnurl(value);
                             data.push({
                                 src: url,
-                                thumb: url + Config.upload.thumbstyle
+                                thumb: url.match(/^(\/|data:image\\)/) ? url : url + Config.upload.thumbstyle
                             });
                         });
                         Layer.photos({
@@ -641,16 +641,45 @@ define(['jquery', 'bootstrap', 'moment', 'moment/locale/zh-cn', 'bootstrap-table
                     value = value == null || value.length === 0 ? '' : value.toString();
                     value = value ? value : '/assets/img/blank.gif';
                     var classname = typeof this.classname !== 'undefined' ? this.classname : 'img-sm img-center';
-                    return '<a href="javascript:"><img class="' + classname + '" src="' + Fast.api.cdnurl(value, true) + Config.upload.thumbstyle + '" /></a>';
+                    var url = Fast.api.cdnurl(value, true);
+                    url = url.match(/^(\/|data:image\\)/) ? url : url + Config.upload.thumbstyle;
+                    return '<a href="javascript:"><img class="' + classname + '" src="' + url + '" /></a>';
                 },
                 images: function (value, row, index) {
                     value = value == null || value.length === 0 ? '' : value.toString();
                     var classname = typeof this.classname !== 'undefined' ? this.classname : 'img-sm img-center';
                     var arr = value != '' ? value.split(',') : [];
                     var html = [];
+                    var url;
                     $.each(arr, function (i, value) {
                         value = value ? value : '/assets/img/blank.gif';
-                        html.push('<a href="javascript:"><img class="' + classname + '" src="' + Fast.api.cdnurl(value, true) + Config.upload.thumbstyle + '" /></a>');
+                        url = Fast.api.cdnurl(value, true);
+                        url = url.match(/^(\/|data:image\\)/) ? url : url + Config.upload.thumbstyle;
+                        html.push('<a href="javascript:"><img class="' + classname + '" src="' + url + '" /></a>');
+                    });
+                    return html.join(' ');
+                },
+                file: function (value, row, index) {
+                    value = value == null || value.length === 0 ? '' : value.toString();
+                    value = Fast.api.cdnurl(value, true);
+                    var classname = typeof this.classname !== 'undefined' ? this.classname : 'img-sm img-center';
+                    var suffix = /[\.]?([a-zA-Z0-9]+)$/.exec(value);
+                    suffix = suffix ? suffix[1] : 'file';
+                    var url = Fast.api.fixurl("ajax/icon?suffix=" + suffix);
+                    return '<a href="' + value + '" target="_blank"><img src="' + url + '" class="' + classname + '"></a>';
+                },
+                files: function (value, row, index) {
+                    value = value == null || value.length === 0 ? '' : value.toString();
+                    var classname = typeof this.classname !== 'undefined' ? this.classname : 'img-sm img-center';
+                    var arr = value != '' ? value.split(',') : [];
+                    var html = [];
+                    var suffix, url;
+                    $.each(arr, function (i, value) {
+                        value = Fast.api.cdnurl(value, true);
+                        suffix = /[\.]?([a-zA-Z0-9]+)$/.exec(value);
+                        suffix = suffix ? suffix[1] : 'file';
+                        url = Fast.api.fixurl("ajax/icon?suffix=" + suffix);
+                        html.push('<a href="' + value + '" target="_blank"><img src="' + url + '" class="' + classname + '"></a>');
                     });
                     return html.join(' ');
                 },