/* ---------- 登录检测 ---------- */ session_start([ 'cookie_httponly' => true, 'cookie_secure' => isset($_SERVER['HTTPS']), 'use_strict_mode' => true ]); if (!isset($_SESSION['uid'])) { header('Location: login.php'); exit; } $uid = (int)$_SESSION['uid']; /* ---------- CSRF 保护 ---------- */ if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } $csrf_token = $_SESSION['csrf_token']; /* ---------- PDO ---------- */ require_once __DIR__ . '/../includes/hu.php'; // 调试模式 - 显示详细错误 error_reporting(E_ALL); ini_set('display_errors', 1); /* ---------- 文件上传接口 ---------- */ if (isset($_GET['upload'])) { header('Content-Type: application/json; charset=utf-8'); try { // 验证CSRF令牌 if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) { throw new RuntimeException('CSRF验证失败'); } if (!isset($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) throw new RuntimeException('上传失败'); $ext = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); // 允许扩展名 $allowed_ext = ['so','zip']; if (!in_array($ext, $allowed_ext)) throw new RuntimeException('不允许的扩展名'); // 创建按年月组织的目录 $dir = __DIR__.'/uploads/'.date('Ym'); if (!is_dir($dir)) mkdir($dir, 0755, true); $urlName = bin2hex(random_bytes(8)).'.'.$ext; $savePath = $dir.'/'.$urlName; if (!move_uploaded_file($_FILES['file']['tmp_name'], $savePath)) throw new RuntimeException('移动文件失败'); // 返回可访问 URL $url = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . '/uploads/' . date('Ym') . '/' . $urlName; echo json_encode(['code'=>0, 'url'=>$url]); } catch (Throwable $e) { http_response_code(400); echo json_encode(['code'=>1, 'msg'=>$e->getMessage()]); } exit; } /* ---------- 保证每个用户只有 1 条应用记录 ---------- */ try { // 首先检查表是否存在 $tableCheck = $pdo->query("SHOW TABLES LIKE 'applications'")->fetch(); if (!$tableCheck) { throw new Exception('applications 表不存在'); } // 检查用户是否已有应用记录 $stmt = $pdo->prepare('SELECT id FROM applications WHERE user_id = ?'); $stmt->execute([$uid]); if (!$stmt->fetch()) { // 获取表结构信息 $columns = $pdo->query("DESCRIBE applications")->fetchAll(PDO::FETCH_ASSOC); $columnNames = array_column($columns, 'Field'); error_log("applications表字段: " . implode(', ', $columnNames)); // 构建插入语句,只插入必需的字段 $insertFields = [ 'user_id' => $uid, 'name' => '我的应用', 'api_key' => bin2hex(random_bytes(16)), 'created_at' => date('Y-m-d H:i:s'), 'CloudUpdate' => 1, // 默认开启主应用更新 'DownloadURL' => 'https://example.com/app.so', 'announcement' => '欢迎使用 勿忘 云更新系统!', 'status' => 1, 'CloudUpdateSO2' => 0, 'DownloadURLSO2' => '', 'rc4_key' => bin2hex(random_bytes(16)), 'aes_key' => bin2hex(random_bytes(16)), 'hmac_key' => bin2hex(random_bytes(16)) ]; // 过滤掉表中不存在的字段 $filteredFields = []; foreach ($insertFields as $field => $value) { if (in_array($field, $columnNames)) { $filteredFields[$field] = $value; } } $fieldNames = implode(', ', array_keys($filteredFields)); $placeholders = ':' . implode(', :', array_keys($filteredFields)); $sql = "INSERT INTO applications ($fieldNames) VALUES ($placeholders)"; $stmt = $pdo->prepare($sql); foreach ($filteredFields as $field => $value) { $stmt->bindValue(":$field", $value); } $stmt->execute(); error_log("成功创建应用记录,用户ID: $uid"); } } catch (Throwable $e) { error_log('系统错误:' . $e->getMessage()); error_log('错误位置:' . $e->getFile() . ':' . $e->getLine()); exit('系统错误:' . $e->getMessage()); } /* ---------- AJAX 接口 ---------- */ if (isset($_GET['ajax'])) { header('Content-Type: application/json; charset=utf-8'); $act = $_POST['act'] ?? ''; try { // 修复的CSRF验证部分 if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) { throw new Exception('CSRF验证失败'); } if ($act === 'rename') { $new = trim($_POST['username'] ?? ''); if ($new === '') throw new Exception('用户名不能为空'); if (strlen($new) > 32) throw new Exception('用户名过长(最多32字符)'); $stmt = $pdo->prepare('SELECT id FROM user WHERE username=? AND id!=? LIMIT 1'); $stmt->execute([$new, $uid]); if ($stmt->fetch()) throw new Exception('用户名已存在'); $pdo->prepare('UPDATE user SET username=?, updated_at=NOW() WHERE id=?')->execute([$new, $uid]); $_SESSION['username'] = $new; echo json_encode(['code'=>0, 'msg'=>'用户名已更新']); } elseif ($act === 'repass') { $old = $_POST['oldpass'] ?? ''; $new = $_POST['newpass'] ?? ''; if (strlen($new) < 6) throw new Exception('新密码至少6位'); $stmt = $pdo->prepare('SELECT password FROM user WHERE id=?'); $stmt->execute([$uid]); $row = $stmt->fetch(); if (!$row || !password_verify($old, $row['password'])) throw new Exception('旧密码错误'); $newHash = password_hash($new, PASSWORD_DEFAULT); $pdo->prepare('UPDATE user SET password=?, updated_at=NOW() WHERE id=?')->execute([$newHash, $uid]); echo json_encode(['code'=>0, 'msg'=>'密码已更新']); } elseif ($act === 'logout') { session_destroy(); echo json_encode(['code'=>0, 'msg'=>'已退出']); } elseif ($act === 'saveapp') { $name = trim($_POST['name'] ?? ''); $anno = trim($_POST['announcement'] ?? ''); $link = trim($_POST['DownloadURL'] ?? ''); $so2Link = trim($_POST['DownloadURLSO2'] ?? ''); if ($name === '') throw new Exception('应用名称不能为空'); $pdo->prepare('UPDATE applications SET name=?, announcement=?, DownloadURL=?, DownloadURLSO2=?, updated_at=NOW() WHERE user_id=?') ->execute([$name, $anno, $link, $so2Link, $uid]); echo json_encode(['code'=>0, 'msg'=>'应用信息已保存']); } elseif ($act === 'newapikey') { $new = bin2hex(random_bytes(16)); $pdo->prepare('UPDATE applications SET api_key=?, updated_at=NOW() WHERE user_id=?')->execute([$new, $uid]); echo json_encode(['code'=>0, 'msg'=>'API KEY 已更新', 'data'=>$new]); } elseif ($act === 'newallkeys') { $apiKey = bin2hex(random_bytes(16)); $aesKey = bin2hex(random_bytes(16)); $rc4Key = bin2hex(random_bytes(16)); $hmacKey = bin2hex(random_bytes(16)); $pdo->prepare('UPDATE applications SET api_key=?, aes_key=?, rc4_key=?, hmac_key=?, updated_at=NOW() WHERE user_id=?') ->execute([$apiKey, $aesKey, $rc4Key, $hmacKey, $uid]); echo json_encode([ 'code'=>0, 'msg'=>'所有密钥已更新', 'data' => [ 'apiKey' => $apiKey, 'aesKey' => $aesKey, 'rc4Key' => $rc4Key, 'hmacKey' => $hmacKey ] ]); } elseif ($act === 'toggleupdate') { $type = $_POST['type'] ?? ''; $validTypes = ['CloudUpdate', 'CloudUpdateSO2']; if (!in_array($type, $validTypes)) throw new Exception('无效的更新类型'); $stmt = $pdo->prepare("SELECT $type FROM applications WHERE user_id=?"); $stmt->execute([$uid]); $current = $stmt->fetchColumn(); $newValue = $current ? 0 : 1; $pdo->prepare("UPDATE applications SET $type=?, updated_at=NOW() WHERE user_id=?") ->execute([$newValue, $uid]); echo json_encode(['code'=>0, 'msg'=>'更新状态已切换', 'data'=>$newValue]); } else { throw new Exception('未知操作'); } } catch (Exception $e) { http_response_code(400); echo json_encode(['code'=>1, 'msg'=>$e->getMessage()]); } exit; } /* ---------- 页面数据 ---------- */ $mode = $_GET['mode'] ?? 'home'; if ($mode === 'home') { try { $app = $pdo->prepare('SELECT * FROM applications WHERE user_id=?'); $app->execute([$uid]); $app = $app->fetch(); if (!$app) { throw new Exception('未找到应用记录'); } } catch (Exception $e) { error_log('查询应用记录错误: ' . $e->getMessage()); $app = [ 'name' => '我的应用', 'announcement' => '欢迎使用 勿忘 云更新系统!', 'DownloadURL' => 'https://example.com/app.so', 'DownloadURLSO2' => '', 'api_key' => '未生成', 'aes_key' => '未生成', 'rc4_key' => '未生成', 'hmac_key' => '未生成', 'CloudUpdate' => 1, // 默认开启 'CloudUpdateSO2' => 0 ]; } } else { try { $user = $pdo->prepare('SELECT username, qq, identity FROM user WHERE id=?'); $user->execute([$uid]); $user = $user->fetch(); if (!$user) { throw new Exception('未找到用户信息'); } $avatar = "https://q1.qlogo.cn/g?b=qq&nk={$user['qq']}&s=100"; $isAdmin = ($user['identity'] == 0); } catch (Exception $e) { error_log('查询用户信息错误: ' . $e->getMessage()); $user = ['username' => '用户', 'qq' => '0']; $avatar = "https://q1.qlogo.cn/g?b=qq&nk=0&s=100"; $isAdmin = false; } } ?> 勿忘 云 - <br /> <b>Warning</b>: Undefined variable $mode in <b>/www/wwwroot/685zz.lygg.shop/user/index.php</b> on line <b>292</b><br /> 我的

勿忘 云更新系统


Warning: Undefined variable $mode in /www/wwwroot/685zz.lygg.shop/user/index.php on line 738
头像

Warning: Undefined variable $user in /www/wwwroot/685zz.lygg.shop/user/index.php on line 871

Warning: Trying to access array offset on value of type null in /www/wwwroot/685zz.lygg.shop/user/index.php on line 871

Warning: Undefined variable $isAdmin in /www/wwwroot/685zz.lygg.shop/user/index.php on line 881
主页 我的

修改用户名

修改密码
处理中,请稍候...
已自动保存
已复制到剪贴板