Skip to content

Commit

Permalink
fix bug: 任何Key均可获取用户信息 by Gtary
Browse files Browse the repository at this point in the history
  • Loading branch information
Malio committed Feb 27, 2020
1 parent e350d32 commit 69e4d22
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
7 changes: 7 additions & 0 deletions app/Middleware/Mod_Mu.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ public function __invoke($request, $response, $next)
$keys = Config::getMuKey();
$auth = in_array($key, $keys);

if ($auth == false) {
$res['ret'] = 0;
$res['data'] = 'token is invalid';
$response->getBody()->write(json_encode($res));
return $response;
}

if (Config::get('checkNodeIp') === true){
$node = Node::where('node_ip', 'LIKE', $_SERVER['REMOTE_ADDR'] . '%')->first();
if ($auth === false || ($node === null && $_SERVER['REMOTE_ADDR'] != '127.0.0.1')) {
Expand Down
4 changes: 2 additions & 2 deletions resources/views/malio/auth/register.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
{$i18n->get('please-fill-in-your-nickname')}
</div>
</div>
{if $enable_email_verify == 'false'}
{if $enable_email_verify == false}
{if $malio_config['enable_register_email_restrict'] == true}
<div class="form-group col-lg-6 col-sm-12 col-xs-12">
<label for="email">{$i18n->get('email')}</label>
Expand Down Expand Up @@ -202,7 +202,7 @@
</div>
{/if}

{if $config['register_mode'] == 'invite' && $enable_email_verify == 'false'}
{if $config['register_mode'] == 'invite' && $enable_email_verify == false}
<div class="row">
<div class="form-group col-lg-6 col-sm-12 col-xs-12">
<label for="code" class="d-block">{$i18n->get('invitation-code')} {if $malio_config['code_required'] == false}({$i18n->get('optional')}){/if}</label>
Expand Down

0 comments on commit 69e4d22

Please sign in to comment.