From 80cb5d80fd5c9bab67fac646f7960f8361d6ca2d Mon Sep 17 00:00:00 2001
From: gongfuxiang <fuxiang.gong@qq.com>
Date: Mon, 16 May 2022 16:35:50 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E9=87=87=E7=94=A8cookie?=
 =?UTF-8?q?=E3=80=81=E7=BB=86=E8=8A=82=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/controller/Admin.php                |  2 +-
 app/admin/controller/Common.php               |  6 ++--
 app/common.php                                | 34 +++++++++++++------
 app/index/controller/Common.php               |  3 +-
 app/index/controller/Index.php                |  3 +-
 app/service/AdminPowerService.php             | 18 ++++++----
 app/service/AdminService.php                  | 16 ++++-----
 app/service/AnswerService.php                 |  3 +-
 app/service/PluginsAdminService.php           |  2 +-
 app/service/SystemService.php                 |  6 ++--
 app/service/UserService.php                   | 13 ++++---
 config/cookie.php                             |  2 +-
 public/core.php                               |  7 ++--
 public/static/common/js/common.js             | 23 +++++++++++++
 .../common/lib/ueditor/dialogs/map/map.html   |  2 +-
 .../common/lib/ueditor/dialogs/map/show.html  |  2 +-
 public/static/index/default/css/index.css     |  2 +-
 17 files changed, 94 insertions(+), 50 deletions(-)

diff --git a/app/admin/controller/Admin.php b/app/admin/controller/Admin.php
index 02dba223c..f33dcd203 100755
--- a/app/admin/controller/Admin.php
+++ b/app/admin/controller/Admin.php
@@ -254,7 +254,7 @@ class Admin extends Common
 	public function LoginInfo()
 	{
 		// 是否已登录
-		if(AdminService::LoginInfo() !== null)
+		if(!empty($this->admin))
 		{
 			return MyRedirect(MyUrl('admin/index/index'));
 		}
diff --git a/app/admin/controller/Common.php b/app/admin/controller/Common.php
index f01c89b68..431da7871 100755
--- a/app/admin/controller/Common.php
+++ b/app/admin/controller/Common.php
@@ -91,8 +91,8 @@ class Common extends BaseController
 		$this->admin = AdminService::LoginInfo();
 
 		// 权限菜单
-		AdminPowerService::PowerMenuInit();
-		$this->left_menu = AdminPowerService::MenuData();
+		AdminPowerService::PowerMenuInit($this->admin);
+		$this->left_menu = AdminPowerService::MenuData($this->admin);
 
 		// 视图初始化
 		$this->ViewInit();
@@ -127,7 +127,7 @@ class Common extends BaseController
 	 */
 	protected function IsLogin()
 	{
-		if($this->admin === null)
+		if(empty($this->admin))
 		{
 			if(IS_AJAX)
 			{
diff --git a/app/common.php b/app/common.php
index 2227d56a8..44e2c5f12 100755
--- a/app/common.php
+++ b/app/common.php
@@ -67,12 +67,19 @@ function MySession($name = '', $value = '')
  * @version 1.0.0
  * @date    2021-07-17
  * @desc    description
- * @param   [string]         $name    [cookie名称]
- * @param   [mixed]          $value   [cookie值]
+ * @param   [string]         $name              [cookie名称]
+ * @param   [mixed]          $value             [cookie值]
+ * @param   [boolean]        $is_encryption     [是否需要加密存储]
  */
-function MyCookie($name = '', $value = '')
+function MyCookie($name = '', $value = '', $is_encryption = true)
 {
-    return cookie($name, $value);
+    // 非空则转换数据
+    if($value !== null && $value !== '' && $is_encryption)
+    {
+        $value = urlencode(Authcode(base64_encode(json_encode($value)), 'ENCODE'));
+    }
+    $res = cookie($name, $value);
+    return ($res === '' || !$is_encryption) ? $res : json_decode(base64_decode(Authcode(urldecode($res), 'DECODE')), true);
 }
 
 /**
@@ -2532,7 +2539,7 @@ function ReturnSquarePoint($lng, $lat, $Distance = 1.2)
 }
 
 /**
- * [Authcode 明文或密文]
+ * 明文或密文
  * @author   Devil
  * @blog     http://gong.gg/
  * @version  0.0.1
@@ -2543,7 +2550,8 @@ function ReturnSquarePoint($lng, $lat, $Distance = 1.2)
  * @param    [integer] $expiry    [密钥有效期]
  * @return   [string]             [加密或解密后的数据]
  */
-function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
+function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0)
+{
     // 动态密匙长度，相同的明文会生成不同密文就是依靠动态密匙
     // 加入随机密钥，可以令密文无任何规律，即便是原文和密钥完全相同，加密结果也会每次不同，增大破解难度。
     // 取值越大，密文变动规律越大，密文变化 = 16 的 $ckey_length 次方
@@ -2552,7 +2560,7 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
   
     // 密匙
     // $GLOBALS['discuz_auth_key'] 这里可以根据自己的需要修改
-    $key = md5($key ? $key : 'devil'); 
+    $key = md5($key ? $key : 'shopxo'); 
   
     // 密匙a会参与加解密
     $keya = md5(substr($key, 0, 16));
@@ -2571,18 +2579,21 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
     $box = range(0, 255);
     $rndkey = array();
     // 产生密匙簿
-    for($i = 0; $i <= 255; $i++) {
+    for($i = 0; $i <= 255; $i++)
+    {
         $rndkey[$i] = ord($cryptkey[$i % $key_length]);
     }
     // 用固定的算法，打乱密匙簿，增加随机性，好像很复杂，实际上并不会增加密文的强度
-    for($j = $i = 0; $i < 256; $i++) {
+    for($j = $i = 0; $i < 256; $i++)
+    {
         $j = ($j + $box[$i] + $rndkey[$i]) % 256;
         $tmp = $box[$i];
         $box[$i] = $box[$j];
         $box[$j] = $tmp;
     }
     // 核心加解密部分
-    for($a = $j = $i = 0; $i < $string_length; $i++) {
+    for($a = $j = $i = 0; $i < $string_length; $i++)
+    {
         $a = ($a + 1) % 256;
         $j = ($j + $box[$a]) % 256;
         $tmp = $box[$a];
@@ -2591,7 +2602,8 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
         // 从密匙簿得出密匙进行异或，再转成字符
         $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
     }
-    if($operation == 'DECODE') {
+    if($operation == 'DECODE')
+    {
         // substr($result, 0, 10) == 0 验证数据有效性
         // substr($result, 0, 10) - time() > 0 验证数据有效性
         // substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) 验证数据完整性
diff --git a/app/index/controller/Common.php b/app/index/controller/Common.php
index 41400e0ca..35e696b59 100755
--- a/app/index/controller/Common.php
+++ b/app/index/controller/Common.php
@@ -352,7 +352,8 @@ class Common extends BaseController
         MyViewAssign('is_load_baidu_map_api', 0);
 
         // 是否加载附件组件
-        MyViewAssign('is_load_upload_editor', (!empty($this->user) || AdminService::LoginInfo()) ? 1 : 0);
+        $admin = AdminService::LoginInfo();
+        MyViewAssign('is_load_upload_editor', (!empty($this->user) || !empty($admin)) ? 1 : 0);
 
         // 存在地图事件则载入
         if(in_array(3, array_column($this->nav_quick, 'event_type')))
diff --git a/app/index/controller/Index.php b/app/index/controller/Index.php
index 24610b4e8..d0a543495 100755
--- a/app/index/controller/Index.php
+++ b/app/index/controller/Index.php
@@ -77,7 +77,8 @@ class Index extends Common
         MyViewAssign('floor_data_type', $floor_data_type);
 
         // 是否设计模式
-        $is_design = (!empty($this->data_request['save_url']) && isset($this->data_request['is_design']) && $this->data_request['is_design'] == 1 && $floor_data_type == 2 && AdminService::LoginInfo()) ? 1 : 0;
+        $admin = AdminService::LoginInfo();
+        $is_design = (!empty($this->data_request['save_url']) && isset($this->data_request['is_design']) && $this->data_request['is_design'] == 1 && $floor_data_type == 2 && !empty($admin)) ? 1 : 0;
         MyViewAssign('is_design', $is_design);
         if($is_design == 1)
         {
diff --git a/app/service/AdminPowerService.php b/app/service/AdminPowerService.php
index a9dfa0d15..13388e951 100755
--- a/app/service/AdminPowerService.php
+++ b/app/service/AdminPowerService.php
@@ -204,12 +204,18 @@ class AdminPowerService
      * @version 1.0.0
      * @date    2022-01-23
      * @desc    description
-     * @param   [boolean]         $is_refresh [是否强制刷新]
+     * @param   [array]         $admin      [管理员信息]
+     * @param   [boolean]       $is_refresh [是否强制刷新]
      */
-    public static function PowerMenuInit($is_refresh = false)
+    public static function PowerMenuInit($admin, $is_refresh = false)
     {
+        // 不存在管理员信息则读取登录信息
+        if(empty($admin))
+        {
+            $admin = AdminService::LoginInfo();
+        }
+
         // 基础参数
-        $admin = AdminService::LoginInfo();
         $admin_id = isset($admin['id']) ? intval($admin['id']) : 0;
         $role_id = isset($admin['role_id']) ? intval($admin['role_id']) : 0;
 
@@ -322,12 +328,12 @@ class AdminPowerService
      * @author  Devil
      * @blog    http://gong.gg/
      * @version 1.0.0
-     * @date    2020-09-24
+     * @date    2022-05-16
      * @desc    description
+     * @param   [array]          $admin [管理员信息]
      */
-    public static function MenuData()
+    public static function MenuData($admin)
     {
-        $admin = AdminService::LoginInfo();
         if(!empty($admin['id']))
         {
             $data = MyCache(SystemService::CacheKey('shopxo.cache_admin_left_menu_key').$admin['id']);
diff --git a/app/service/AdminService.php b/app/service/AdminService.php
index ca8c727d3..20683999b 100755
--- a/app/service/AdminService.php
+++ b/app/service/AdminService.php
@@ -488,11 +488,8 @@ class AdminService
             }
         }
 
-        // 种session
-        self::LoginSession($admin);
-
-        // 返回数据,更新数据库
-        if(self::LoginInfo())
+        // 种session,更新数据库
+        if(self::LoginSession($admin))
         {
             $data = [
                     'login_total'   =>  $admin['login_total']+1,
@@ -512,7 +509,7 @@ class AdminService
                 MyCache(SystemService::CacheKey('shopxo.cache_admin_power_plugins_key').$admin['id'], null);
 
                 // 权限菜单初始化
-                AdminPowerService::PowerMenuInit();
+                AdminPowerService::PowerMenuInit($admin);
 
                 return DataReturn('登录成功');
             }
@@ -533,7 +530,7 @@ class AdminService
      */
     public static function LoginInfo()
     {
-        return MySession(self::$admin_login_key);
+        return MyCookie(self::$admin_login_key);
     }
 
     /**
@@ -548,7 +545,8 @@ class AdminService
     public static function LoginSession($admin)
     {
         unset($admin['login_pwd'], $admin['login_salt']);
-        return MySession(self::$admin_login_key, $admin);
+        MyCookie(self::$admin_login_key, $admin);
+        return true;
     }
 
     /**
@@ -561,7 +559,7 @@ class AdminService
      */
     public static function LoginLogout()
     {
-        return MySession(self::$admin_login_key, null);
+        return MyCookie(self::$admin_login_key, null);
     }
 
     /**
diff --git a/app/service/AnswerService.php b/app/service/AnswerService.php
index 23e2f94df..e609cceec 100755
--- a/app/service/AnswerService.php
+++ b/app/service/AnswerService.php
@@ -185,7 +185,8 @@ class AnswerService
     public static function AnswerSave($params = [])
     {
         // 是否开启登录留言,管理员登录状态可继续操作
-        if(MyC('common_is_login_answer') == 1 && AdminService::LoginInfo() === null)
+        $admin = AdminService::LoginInfo();
+        if(MyC('common_is_login_answer') == 1 && empty($admin))
         {
             $user = UserService::LoginUserInfo();
             if(empty($user))
diff --git a/app/service/PluginsAdminService.php b/app/service/PluginsAdminService.php
index 22800b270..c43605f57 100755
--- a/app/service/PluginsAdminService.php
+++ b/app/service/PluginsAdminService.php
@@ -1060,7 +1060,7 @@ php;
         $plugins = $ret['data'];
 
         // 强制刷新用户权限缓存
-        AdminPowerService::PowerMenuInit(true);
+        AdminPowerService::PowerMenuInit(null, true);
 
         // 附件同步到数据库
         ResourcesService::AttachmentDiskFilesToDb('plugins_'.$plugins);
diff --git a/app/service/SystemService.php b/app/service/SystemService.php
index 552e3ca51..8a733adf6 100644
--- a/app/service/SystemService.php
+++ b/app/service/SystemService.php
@@ -80,7 +80,7 @@ class SystemService
         {
             $uuid = empty($params['uuid']) ? UUId() : $params['uuid'];
             MySession('uuid', $uuid);
-            cookie('uuid', $uuid);
+            MyCookie('uuid', $uuid, false);
         }
 
         // token
@@ -88,14 +88,14 @@ class SystemService
         {
             $key = UserService::$user_token_key;
             MySession($key, $params['token']);
-            cookie($key, $params['token']);
+            MyCookie($key, $params['token'], false);
         }
 
         // 邀请人id
         if(!empty($params['referrer']))
         {
             MySession('share_referrer_id', $params['referrer']);
-            cookie('share_referrer_id', $params['referrer']);
+            MyCookie('share_referrer_id', $params['referrer'], false);
         }
     }
 
diff --git a/app/service/UserService.php b/app/service/UserService.php
index 4a7eb1f53..f05a8af0b 100755
--- a/app/service/UserService.php
+++ b/app/service/UserService.php
@@ -61,16 +61,16 @@ class UserService
             if(APPLICATION == 'web')
             {
                 // web用户session
-                $user_login_info = MySession(self::$user_login_key);
+                $user_login_info = MyCookie(self::$user_login_key);
 
                 // 用户信息为空，指定了token则设置登录信息
                 if(empty($user_login_info))
                 {
-                    $token = empty($params['token']) ? MySession(self::$user_token_key) : $params['token'];
+                    $token = empty($params['token']) ? MyCookie(self::$user_token_key) : $params['token'];
                     if(!empty($token))
                     {
                         $user_login_info = self::UserTokenData($token);
-                        if($user_login_info !== null && isset($user_login_info['id']))
+                        if(!empty($user_login_info) && isset($user_login_info['id']))
                         {
                             self::UserLoginRecord($user_login_info['id']);
                         }
@@ -115,7 +115,7 @@ class UserService
     public static function UserTokenData($token)
     {
         $user = MyCache(SystemService::CacheKey('shopxo.cache_user_info').$token);
-        if($user !== null && isset($user['id']))
+        if(!empty($user) && isset($user['id']))
         {
             return $user;
         }
@@ -552,8 +552,7 @@ class UserService
                 if(APPLICATION == 'web')
                 {
                     // 存储session
-                    MySession(self::$user_login_key, $user);
-                    return (MySession(self::$user_login_key) !== null);
+                    MyCookie(self::$user_login_key, $user);
                 }
                 return true;
             }
@@ -2610,7 +2609,7 @@ class UserService
         $user = self::LoginUserInfo();
 
         // 清除session
-        MySession(self::$user_login_key, null);
+        MyCookie(self::$user_login_key, null);
 
         // html代码
         $body_html = [];
diff --git a/config/cookie.php b/config/cookie.php
index 63da24746..b97a3cc1d 100644
--- a/config/cookie.php
+++ b/config/cookie.php
@@ -18,7 +18,7 @@ return [
     // cookie 保存路径
     'path'      => '/',
     // cookie 有效域名
-    'domain'    => '',
+    'domain'    => __MY_MAIN_DOMAIN__,
     //  cookie 启用安全传输
     'secure'    => false,
     // httponly设置
diff --git a/public/core.php b/public/core.php
index e502f28e1..f67cf0b94 100755
--- a/public/core.php
+++ b/public/core.php
@@ -52,6 +52,9 @@ define('__MY_ROOT_PUBLIC__', defined('IS_ROOT_ACCESS') ? DS.$my_root.'public'.DS
 // 当前服务器ip
 define('__MY_ADDR__', empty($_SERVER['SERVER_ADDR']) ? '' : $_SERVER['SERVER_ADDR']);
 
+// 主域名
+define('__MY_MAIN_DOMAIN__', empty($_SERVER['HTTP_HOST']) ? '' : ((substr_count($_SERVER['HTTP_HOST'], '.') > 1 && !is_numeric(str_replace('.', '', $_SERVER['HTTP_HOST']))) ? substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.')+1) : $_SERVER['HTTP_HOST']));
+
 // 项目HOST
 define('__MY_HOST__', empty($_SERVER['HTTP_HOST']) ? '' : $_SERVER['HTTP_HOST']);
 
@@ -104,11 +107,11 @@ define('IS_POST', isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'
 define('IS_AJAX', ((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && 'xmlhttprequest' == strtolower($_SERVER['HTTP_X_REQUESTED_WITH'])) || isset($_REQUEST['ajax']) && $_REQUEST['ajax'] == 'ajax'));
 
 // 二级域名页面绑定
-if(substr_count(__MY_HOST__, '.') > 1 && !is_numeric(str_replace('.', '', __MY_HOST__)))
+if(!IS_AJAX && substr_count(__MY_HOST__, '.') > 1 && !is_numeric(str_replace('.', '', __MY_HOST__)))
 {
     $domain_file = ROOT.'config'.DS.'domain.php';
     $second_domain = substr(__MY_HOST__, 0, strpos(__MY_HOST__, '.'));
-    if(file_exists($domain_file) && $second_domain != 'www')
+    if(!empty($second_domain) && file_exists($domain_file) && $second_domain != 'www')
     {
         $data = include($domain_file);
         if(!empty($data) && (!empty($data[$second_domain]) || !empty($data['s'])))
diff --git a/public/static/common/js/common.js b/public/static/common/js/common.js
index 5cf719569..9994f73e1 100755
--- a/public/static/common/js/common.js
+++ b/public/static/common/js/common.js
@@ -2228,6 +2228,29 @@ function RequestUrlHandle(url)
 	return url;
 }
 
+/**
+ * url使用当前host地址
+ * @author  Devil
+ * @blog    http://gong.gg/
+ * @version 1.0.0
+ * @date    2022-05-16
+ * @desc    description
+ * @param   {string}        url [url地址]
+ */
+function UrlUseCurrentHostHandle(url)
+{
+    var location = url.replace('://', '').indexOf('/');
+    if(location != -1)
+    {
+        var first = url.substr(0, location+4);
+        if(__my_url__ != first)
+        {
+            url = __my_url__+url.substr(location+4);
+        }
+    }
+    return url;
+}
+
 
 // 公共数据操作
 $(function()
diff --git a/public/static/common/lib/ueditor/dialogs/map/map.html b/public/static/common/lib/ueditor/dialogs/map/map.html
index 58f416bac..8a6259b1c 100755
--- a/public/static/common/lib/ueditor/dialogs/map/map.html
+++ b/public/static/common/lib/ueditor/dialogs/map/map.html
@@ -4,7 +4,7 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <title></title>
     <script type="text/javascript" src="../internal.js"></script>
-    <script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak={{common_baidu_map_ak}}"></script>
+    <script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak=XSdiGjfg3wOHiKjpYEMG6CYA"></script>
     <style type="text/css">
         .content{width:530px; height: 350px;margin: 10px auto;}
         .content table{width: 100%}
diff --git a/public/static/common/lib/ueditor/dialogs/map/show.html b/public/static/common/lib/ueditor/dialogs/map/show.html
index 1d5873e79..356804e0c 100755
--- a/public/static/common/lib/ueditor/dialogs/map/show.html
+++ b/public/static/common/lib/ueditor/dialogs/map/show.html
@@ -14,7 +14,7 @@
             overflow: hidden;
         }
     </style>
-    <script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak={{common_baidu_map_ak}}"></script>
+    <script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak=XSdiGjfg3wOHiKjpYEMG6CYA"></script>
 <meta http-equiv='Content-Security-Policy' content='upgrade-insecure-requests'/></head>
 
 <body onload="initMap();">
diff --git a/public/static/index/default/css/index.css b/public/static/index/default/css/index.css
index fa024aa03..9c6a2fa55 100755
--- a/public/static/index/default/css/index.css
+++ b/public/static/index/default/css/index.css
@@ -109,7 +109,7 @@ text-align: center;float:none}
 
     /*标题*/
     .items-nav-title{text-align: left;position: relative;margin-top:10px ;}
-    .items-nav-title .floor-title {float:left;border: none;margin:8px 0 0 0; font-size:16px;font-weight: 600;}
+    .items-nav-title .floor-title {float:left;border: none;margin-top:8px; font-size:16px;font-weight: 600;}
     .items-nav-title .floor-desc {display:block;font-size: 12px;color: #999;float: left;margin-left: 10px;margin-top:12px;}
     .items-nav-title .more {display: block;position: absolute;right: 0px;top:12px;font-size: 12px;overflow: hidden;}
     .items-nav-title .more .more-link{color: #FFF;background: #F72862 none repeat scroll 0% 0%;display: block;line-height: 20px;padding: 0px 10px; border-radius: 10px;font-size: 14px;}