Bez popisu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.htm 23KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483
  1. {include file="public/layout"/}
  2. <body class="bodystyle" style=" overflow-y: scroll;min-width:auto;">
  3. <div id="toolTipLayer" style="position: absolute; z-index: 9999; display: none; visibility: visible; left: 95px; top: 573px;"></div>
  4. <div id="append_parent"></div>
  5. <div id="ajaxwaitid"></div>
  6. <style type="text/css">
  7. #layerid_1645756024 textarea
  8. {
  9. height: 220px;
  10. }
  11. </style>
  12. <div class="page" style="min-width:auto; ">
  13. <div class="fixed-bar">
  14. <div class="item-title">
  15. <a class="back_xin" href="{:url('Index/switch_map')}" title="返回"><i class="iconfont e-fanhui"></i></a>
  16. <div class="subject">
  17. <h3>安全中心</h3>
  18. <h5></h5>
  19. </div>
  20. </div>
  21. </div>
  22. <!-- 操作说明 -->
  23. <div id="explanation" class="explanation" style="color: rgb(44, 188, 163); background-color: rgb(237, 251, 248); margin-bottom: 15px;">
  24. <div id="checkZoom" class="title"><i class="fa fa-lightbulb-o"></i>
  25. <h4 title="提示相关设置操作时应注意的要点">提示</h4>
  26. <span title="收起提示" id="explanationZoom" style="display: block;"></span>
  27. </div>
  28. <ul>
  29. <li>1、网站及时升级到最新版本,定时备份网站习惯。</li>
  30. <li>2、不要使用系统破解版或盗版插件,大概率有预留后门,已有不少用户中招。</li>
  31. <li>3、网站目录权限设置建议<a href="JavaScript:void(0);" class="red" data-href="https://www.eyoucms.com/plus/view.php?aid=28298&origin_eycms=1" onclick="openFullframe(this,'易优CMS目录权限设置教程,仅供参考');">【查看】</a></li>
  32. </ul>
  33. </div>
  34. <div class="flexigrid htitx">
  35. <form class="form-horizontal" id="handlepost1" method="post" enctype="multipart/form-data" action="{:url('Security/handleSave1')}">
  36. <div class="hDiv">
  37. <div class="hDivBox">
  38. <table cellspacing="0" cellpadding="0" style="width: 100%">
  39. <thead>
  40. <tr>
  41. <th class="sign w10" axis="col0">
  42. <div class="tc"></div>
  43. </th>
  44. <th abbr="article_title" axis="col3" class="w10">
  45. <div class="tc">后台安全中心</div>
  46. </th>
  47. <th abbr="ac_id" axis="col4">
  48. <div class=""></div>
  49. </th>
  50. </tr>
  51. </thead>
  52. </table>
  53. </div>
  54. </div>
  55. <div class="ncap-form-default">
  56. <dl class="row">
  57. <dt class="tit">
  58. <label for="web_sqldatapath">数据备份路径</label>
  59. </dt>
  60. <dd class="opt">
  61. __ROOT_DIR__<input id="web_sqldatapath" name="web_sqldatapath" value="{$global.web_sqldatapath|default=config('DATA_BACKUP_PATH')}" class="input-txt" type="text" autocomplete="off" />
  62. <p class="notic"></p>
  63. </dd>
  64. </dl>
  65. <dl class="row">
  66. <dt class="tit">
  67. <label for="adminbasefile">后台登录路径</label>
  68. </dt>
  69. <dd class="opt">
  70. __SITE_URL____ROOT_DIR__/<input type="hidden" name="adminbasefile_old" value="{$adminbasefile|default='login'}"><input id="adminbasefile" name="adminbasefile" value="{$adminbasefile|default='login'}" type="text" data-site_url="__SITE_URL__" onKeyUp="this.value=this.value.replace(/[^\w\_\-]/g,'');" onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^\w\_\-]/g,''));" style="width: 120px;" autocomplete="off" />.php
  71. <p class="notic">为了提高后台的安全性,请及时更改后台入口文件。</p>
  72. </dd>
  73. </dl>
  74. <dl class="row">
  75. <dt class="tit">
  76. <label for="web_login_expiretime">后台登录超时</label>
  77. </dt>
  78. <dd class="opt">
  79. <input id="web_login_expiretime" name="web_login_expiretime" value="{$global.web_login_expiretime|default=config('login_expire')}" autocomplete="off" type="text" class="input-txt" />&nbsp;秒
  80. <input type="hidden" name="login_expiretime_old" value="{$global.web_login_expiretime|default=0}">
  81. <p class="notic">默认3600秒等于1小时,最多不超过1个月(2592000秒)</p>
  82. <p class="notic2 none red" id="tips_web_login_expiretime"></p>
  83. </dd>
  84. </dl>
  85. <dl class="row">
  86. <dt class="tit">
  87. <label for="web_login_lockopen">登录失败锁定</label>
  88. </dt>
  89. <dd class="opt">
  90. <label class="curpoin"><input id="web_login_lockopen1" name="web_login_lockopen" onclick="login_lockopen(this);" value="1" type="radio" {if condition="!isset($global.web_login_lockopen) || $global.web_login_lockopen == 1"} checked="checked"{/if}>开启</label>
  91. &nbsp;
  92. <label class="curpoin"><input id="web_login_lockopen0" name="web_login_lockopen" onclick="login_lockopen(this);" value="0" type="radio" {if condition="isset($global.web_login_lockopen) && $global.web_login_lockopen == 0"} checked="checked"{/if}>关闭</label>
  93. <span class="err"></span>
  94. <p class="notic">登录多次失败后,账号将被锁定一定时长</p>
  95. </dd>
  96. </dl>
  97. <div id="div_login_lock" class="{if condition='isset($global.web_login_lockopen) && $global.web_login_lockopen == 0'}none{/if}">
  98. <dl class="row">
  99. <dt class="tit">
  100. <label for="web_login_errtotal">登录错误次数</label>
  101. </dt>
  102. <dd class="opt">
  103. <input id="web_login_errtotal" name="web_login_errtotal" value="{$global.web_login_errtotal|default=config('login_errtotal')}" class="input-txt" type="text" placeholder="不启用默认留空" autocomplete="off" onkeyup="this.value=this.value.replace(/[^\d]/g,'');" onpaste="this.value=this.value.replace(/[^\d]/g,'')" />&nbsp;次
  104. <p class="notic"></p>
  105. </dd>
  106. </dl>
  107. <dl class="row">
  108. <dt class="tit">
  109. <label for="web_login_errexpire">登录锁定时间</label>
  110. </dt>
  111. <dd class="opt">
  112. <input id="web_login_errexpire" name="web_login_errexpire" value="{$global.web_login_errexpire|default=config('login_errexpire')}" class="input-txt" type="text" autocomplete="off" onkeyup="this.value=this.value.replace(/[^\d]/g,'');" onpaste="this.value=this.value.replace(/[^\d]/g,'')" />&nbsp;秒
  113. <p class="notic">默认600秒等于10分钟</p>
  114. </dd>
  115. </dl>
  116. </div>
  117. <dl class="row">
  118. <dt class="tit">
  119. <label for="web_xss_filter">编辑器防注入</label>
  120. </dt>
  121. <dd class="opt">
  122. <label class="curpoin"><input id="web_xss_filter1" name="web_xss_filter" value="1" type="radio" {if condition="!empty($global.web_xss_filter)"} checked="checked"{/if}>开启</label>
  123. &nbsp;
  124. <label class="curpoin"><input id="web_xss_filter0" name="web_xss_filter" value="0" type="radio" {if condition="empty($global.web_xss_filter)"} checked="checked"{/if}>关闭</label>
  125. <span class="err"></span>
  126. <p class="notic">XSS过滤,防止黑客利用编辑器注入恶意代码(如:inserthtml等操作)</p>
  127. </dd>
  128. </dl>
  129. <dl class="row">
  130. <dt class="tit">
  131. <label for="web_anti_brushing">网站防止被刷</label>
  132. </dt>
  133. <dd class="opt">
  134. <label class="curpoin"><input id="web_anti_brushing1" name="web_anti_brushing" value="1" type="radio" {if condition="!empty($global.web_anti_brushing)"} checked="checked"{/if}>开启</label>
  135. &nbsp;
  136. <label class="curpoin"><input id="web_anti_brushing0" name="web_anti_brushing" value="0" type="radio" {if condition="empty($global.web_anti_brushing)"} checked="checked"{/if}>关闭</label>
  137. <span class="err"></span>
  138. <p class="notic">开启后可以防止域名后缀加?wb=违禁词也能访问并被收录等情况</p>
  139. <p class="notic2">注意:静态模式下,首页生成应该改为“动态预览”才有效果</p>
  140. </dd>
  141. </dl>
  142. <dl class="row">
  143. <div class="bot" style="padding-bottom:0px;">
  144. <a href="JavaScript:void(0);" onclick="checkForm1();" class="ncap-btn-big ncap-btn-green">确认提交</a>
  145. </div>
  146. </dl>
  147. </div>
  148. </form>
  149. <form class="form-horizontal" id="handlepost2" method="post" action="{:url('Security/handleSave2')}">
  150. <div class="hDiv">
  151. <div class="hDivBox">
  152. <table cellspacing="0" cellpadding="0" style="width: 100%">
  153. <thead>
  154. <tr>
  155. <th class="sign w10" axis="col0">
  156. <div class="tc"></div>
  157. </th>
  158. <th abbr="article_title" axis="col3" class="w10">
  159. <div class="tc">密保问题设置</div>
  160. </th>
  161. <th abbr="ac_id" axis="col4">
  162. <div style=""></div>
  163. </th>
  164. </tr>
  165. </thead>
  166. </table>
  167. </div>
  168. </div>
  169. <div class="ncap-form-default">
  170. {include file="security/second_ask_html" /}
  171. <dl class="row">
  172. <div class="bot" style="padding-bottom:0px;">
  173. <a href="JavaScript:void(0);" onclick="checkForm2();" class="ncap-btn-big ncap-btn-green">确认提交</a>
  174. </div>
  175. </dl>
  176. </div>
  177. </form>
  178. <div class="hDiv">
  179. <div class="hDivBox">
  180. <table cellspacing="0" cellpadding="0" style="width: 100%">
  181. <thead>
  182. <tr>
  183. <th class="sign w10" axis="col0">
  184. <div class="tc"></div>
  185. </th>
  186. <th abbr="article_title" axis="col3" class="w10">
  187. <div class="tc">病毒查杀中心</div>
  188. </th>
  189. <th abbr="ac_id" axis="col4">
  190. <div style=""></div>
  191. </th>
  192. </tr>
  193. </thead>
  194. </table>
  195. </div>
  196. </div>
  197. <div class="ncap-form-default">
  198. <dl class="row">
  199. <dt class="tit">
  200. <label>病毒木马查杀</label>
  201. </dt>
  202. <dd class="opt">
  203. <a href="javascript:void(0);" data-href="https://www.eyoucms.com/plus/view.php?aid=5946&origin_eycms=1" onclick="openFullframe(this, '快速彻底根治网站源码里的木马代码与多余可疑文件');" class="ncap-btn ncap-btn-green">查看教程</a>
  204. <span class="err"></span>
  205. <p class="notic"></p>
  206. </dd>
  207. </dl>
  208. <dl class="row">
  209. <dt class="tit">
  210. <label>可疑恶意文件</label>
  211. </dt>
  212. <dd class="opt">
  213. <a href="javascript:void(0);" data-href="{:url('Security/ddos_kill')}" onclick="openFullframe(this, '可疑恶意文件');" class="ncap-btn ncap-btn-green">在线扫描</a>
  214. <span class="err"></span>
  215. <p class="notic"></p>
  216. </dd>
  217. </dl>
  218. </div>
  219. </div>
  220. </div>
  221. <script type="text/javascript">
  222. $(document).ready(function(){
  223. $('#web_login_expiretime').keyup(function(){
  224. var web_login_expiretime = $(this).val();
  225. if (web_login_expiretime > 2592000) {
  226. $(this).val(2592000);
  227. $('#tips_web_login_expiretime').html('最多不能设置超过一个月(2592000秒)').show();
  228. } else if (web_login_expiretime < 60) {
  229. $('#tips_web_login_expiretime').html('最少不能设置低于60秒').show();
  230. } else {
  231. $('#tips_web_login_expiretime').hide();
  232. }
  233. });
  234. });
  235. function login_lockopen(obj)
  236. {
  237. var is_open = $(obj).val();
  238. if (1 == is_open) {
  239. $('#div_login_lock').show();
  240. } else {
  241. $('#div_login_lock').hide();
  242. }
  243. }
  244. function checkForm1(){
  245. // 后台登录超时
  246. var web_login_expiretime_obj = $('input[name=web_login_expiretime]');
  247. if (web_login_expiretime_obj.val() < 60) {
  248. showErrorMsg('后台登录超时不能少于60秒!');
  249. web_login_expiretime_obj.focus();
  250. return false;
  251. }
  252. var adminbasefileObj = $('input[name=adminbasefile]');
  253. var adminbasefile_oldObj = $('input[name=adminbasefile_old]');
  254. if($.trim(adminbasefileObj.val()) == ''){
  255. showErrorMsg('后台路径不能为空!');
  256. adminbasefileObj.focus();
  257. return false;
  258. }
  259. if (1 == $('input[name=web_login_lockopen]:checked').val()) {
  260. var web_login_errtotal_obj = $('input[name=web_login_errtotal]');
  261. if (web_login_errtotal_obj.val() < 2) {
  262. showErrorMsg('登录错误次数不能少于2次!');
  263. web_login_errtotal_obj.focus();
  264. return false;
  265. }
  266. var web_login_errexpire_obj = $('input[name=web_login_errexpire]');
  267. if (web_login_errexpire_obj.val() < 60) {
  268. showErrorMsg('登录错误次数不能少于60秒!');
  269. web_login_errexpire_obj.focus();
  270. return false;
  271. }
  272. }
  273. var adminbasefileObj = $('input[name=adminbasefile]');
  274. var adminbasefile_oldObj = $('input[name=adminbasefile_old]');
  275. if(adminbasefile_oldObj.val() != adminbasefileObj.val()){
  276. var flag = false;
  277. var site_url = adminbasefileObj.data('site_url');
  278. layer.confirm('后台路径:<font color="red">'+site_url+'__ROOT_DIR__/'+adminbasefileObj.val()+'.php</font>,确认更改?', {
  279. title: false,
  280. btn: ['继续更改','取消'] //按钮
  281. }, function(){
  282. layer_loading('正在处理');
  283. setTimeout(function (){
  284. $.ajax({
  285. type : 'post',
  286. url : "{:url('Security/handleSave1', ['_ajax'=>1])}",
  287. data : $('#handlepost1').serialize(),
  288. dataType : 'json',
  289. success : function(res){
  290. layer.closeAll();
  291. if(res.code == 1){
  292. showSuccessMsg(res.msg, 500, function(){
  293. top.window.location.href = res.url;
  294. });
  295. }else{
  296. showErrorMsg(res.msg);
  297. }
  298. },
  299. error: function(e){
  300. layer.closeAll();
  301. showErrorAlert(e.responseText);
  302. }
  303. });
  304. }, 1);
  305. }, function(index){
  306. flag = false;
  307. }
  308. );
  309. return flag;
  310. }
  311. layer_loading('正在处理');
  312. setTimeout(function (){
  313. $.ajax({
  314. type : 'post',
  315. url : "{:url('Security/handleSave1', ['_ajax'=>1])}",
  316. data : $('#handlepost1').serialize(),
  317. dataType : 'json',
  318. success : function(res){
  319. layer.closeAll();
  320. if(res.code == 1){
  321. showSuccessMsg(res.msg, 500, function(){
  322. window.location.reload();
  323. });
  324. }else{
  325. showErrorMsg(res.msg);
  326. }
  327. },
  328. error: function(e){
  329. layer.closeAll();
  330. showErrorAlert(e.responseText);
  331. }
  332. });
  333. }, 1);
  334. }
  335. </script>
  336. <script type="text/javascript">
  337. function checkForm2(){
  338. var is_founder = {$admin_info['is_founder']|default=0};
  339. if ($('input[name=security_ask_open]:checked').val() == 1) {
  340. var security_ask = $('select[name=security_ask]').val();
  341. var security_answer = $.trim($('input[name=security_answer]').val());
  342. if ('add' == $('#is_ask_add_edit').val()) {
  343. if (0 > security_ask) {
  344. showErrorMsg('请选择密保问题!');
  345. return false;
  346. }
  347. if (security_answer === '') {
  348. showErrorMsg('请设置密保答案!');
  349. $('input[name=security_answer]').focus();
  350. return false;
  351. }
  352. } else {
  353. if (security_answer !== '' || 0 <= security_ask) {
  354. var security_answer_old = $.trim($('input[name=security_answer_old]').val());
  355. if (security_answer_old === '') {
  356. showErrorMsg('密保答案不能为空!');
  357. $('input[name=security_answer_old]').focus();
  358. return false;
  359. } else {
  360. if (0 <= security_ask) {
  361. if (security_answer === '') {
  362. showErrorMsg('请重置密保答案!');
  363. $('input[name=security_answer]').focus();
  364. return false;
  365. } else if (security_answer === security_answer_old) {
  366. showErrorMsg('重置密保答案不能与原来的一致!');
  367. $('input[name=security_answer]').focus();
  368. return false;
  369. }
  370. }
  371. }
  372. }
  373. }
  374. } else {
  375. var security_ask_open = {$security['security_ask_open']|default=0};
  376. if (0 == is_founder && 1 == security_ask_open) {
  377. showErrorAlert('创始人才能关闭安全验证功能!');
  378. return false;
  379. }
  380. if ('edit' == $('#is_ask_add_edit').val()) {
  381. var security_answer_old = $.trim($('input[name=security_answer_old]').val());
  382. if (security_answer_old === '') {
  383. showErrorMsg('密保答案不能为空!');
  384. $('input[name=security_answer_old]').focus();
  385. return false;
  386. }
  387. }
  388. }
  389. var falg = security_answer_submit();
  390. if (true !== falg) {
  391. showErrorMsg(falg);
  392. $('input[name=security_answer_old]').focus();
  393. // autoload_security();
  394. return false;
  395. }
  396. layer_loading('正在处理');
  397. setTimeout(function (){
  398. $.ajax({
  399. type : 'post',
  400. url : "{:url('Security/handleSave2', ['_ajax'=>1])}",
  401. data : $('#handlepost2').serialize(),
  402. dataType : 'json',
  403. success : function(res){
  404. layer.closeAll();
  405. if(res.code == 1){
  406. if (0 == res.data.security_ask_open || 0 == res.data.is_show_answer) {
  407. showSuccessMsg(res.msg, 500, function(){
  408. window.location.reload();
  409. });
  410. } else {
  411. layer.alert(res.msg, {
  412. shade: layer_shade,
  413. area: ['480px', '190px'],
  414. move: false,
  415. title: '提示',
  416. btnAlign:'r',
  417. closeBtn: 3,
  418. btn: ['记住了'] ,//按钮
  419. success: function () {
  420. $(".layui-layer-content").css('text-align', 'left');
  421. }
  422. }, function (index) {
  423. window.location.reload();
  424. });
  425. }
  426. }else{
  427. showErrorMsg(res.msg);
  428. }
  429. },
  430. error: function(e){
  431. layer.closeAll();
  432. showErrorAlert(e.responseText);
  433. }
  434. });
  435. }, 1);
  436. }
  437. function security_answer_submit()
  438. {
  439. var flag = false;
  440. var ask_open_old = 0;
  441. if (typeof __security_ask_open__ !== 'undefined' && __security_ask_open__ > 0) {
  442. ask_open_old = __security_ask_open__;
  443. }
  444. var ask_open = $('input[name=security_ask_open]:checked').val();
  445. if (1 == ask_open_old && ask_open_old != ask_open) { // 关闭验证密保答案
  446. } else { // 开启不做验证
  447. return true;
  448. }
  449. var answer = $.trim($('input[name=security_answer_old]').val());
  450. $.ajax({
  451. type : 'post',
  452. url : eyou_basefile + "?m="+module_name+"&c=Security&a=ajax_answer_verify&_ajax=1&lang=" + __lang__,
  453. data : {answer:answer},
  454. dataType : 'json',
  455. async: false,
  456. success : function(res){
  457. if(res.code == 1){
  458. flag = true;
  459. } else {
  460. flag = res.msg;
  461. }
  462. },
  463. error: function(e) {
  464. showErrorAlert(e.responseText);
  465. }
  466. });
  467. return flag;
  468. }
  469. </script>
  470. {include file="public/footer" /}