false, "message" => "reCAPTCHA 验证失败，请刷新重试"); $pages->loadPage("login", $data); exit; } } $data = $um->doLogin($_POST); if(isset($data['status']) && $data['status'] === true) { $_SESSION['user'] = $data['username']; $_SESSION['mail'] = $data['email']; $_SESSION['token'] = md5(mt_rand(0, 999999) . time() . $data['username']); exit(""); } $pages->loadPage("login", $data); break; case "register": $um = new SakuraPanel\UserManager(); $pages = new SakuraPanel\Pages(); if($_config['recaptcha']['enable']) { if(!isset($_POST["g-recaptcha-response"]) || !Utils::reCAPTCHA($_POST["g-recaptcha-response"])) { $data = Array("status" => false, "message" => "reCAPTCHA 验证失败，请刷新重试"); $pages->loadPage("register", $data); exit; } } $data = $um->doRegister($_POST); $pages->loadPage("register", $data); break; case "sendmail": $um = new SakuraPanel\UserManager(); if(!$_config['smtp']['enable']) { exit("本站未开启 SMTP 服务！"); } if(isset($_SESSION['reg_wait'])) { if(time() - $_SESSION['reg_wait'] < 60) { exit("您的操作过于频繁，请稍后再试。"); } } if(!isset($_POST['mail']) || $_POST['mail'] == "") { exit("请填写邮箱！"); } if(!$um->checkEmail($_POST['mail'])) { exit("不正确的邮箱格式！"); } $rand = mt_rand(100000, 999999); $_SESSION['reg_verifycode'] = $rand; $_SESSION['reg_wait'] = time(); $_SESSION['reg_email'] = $_POST['mail']; $um->sendRegisterEmail($_POST['mail'], $rand); exit("系统已发送一封邮件至您的邮箱，请查收。"); break; case "findpass": $um = new SakuraPanel\UserManager(); $pages = new SakuraPanel\Pages(); if($_config['recaptcha']['enable']) { if(!isset($_POST["g-recaptcha-response"]) || !Utils::reCAPTCHA($_POST["g-recaptcha-response"])) { $data = Array("status" => false, "message" => "reCAPTCHA 验证失败，请刷新重试"); $pages->loadPage("findpass", $data); exit; } } $data = $um->doFindpass($_POST); $pages->loadPage("findpass", $data); break; case "addproxy": $um = new SakuraPanel\UserManager(); $pm = new SakuraPanel\ProxyManager(); if($um->isLogged()) { $result = $pm->checkRules($_POST); if(is_array($result) && isset($result[0])) { if($result[0]) { if($pm->addProxy($_POST)) { exit("隧道创建成功"); } else { exit("隧道创建失败，请联系管理员：" . Database::fetchError()); } } else { $msg = $result[1] ?? "未知错误"; exit(htmlspecialchars($msg)); } } } else { exit("登录会话已超时，请重新登录"); } break; case "updatepass": $um = new SakuraPanel\UserManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); if(!isset($_POST['oldpass']) || !isset($_POST['newpass']) || !isset($_POST['newpass1']) || $_POST['oldpass'] == "" || $_POST['newpass'] == "" || $_POST['newpass1'] == "") { exit(""); } $us = $um->getInfoByUser($_SESSION['user']); if($um->checkPassword($_POST['oldpass'], $us['password'])) { if(strlen($_POST['newpass']) < 5) exit(""); if($_POST['newpass'] !== $_POST['newpass1']) exit(""); $password = $um->generatePassword($_POST['newpass']); $token = substr(md5(sha1(md5($_SESSION['user']) . md5($password) . time() . mt_rand(0, 9999999))), 0, 16); // 更新数据库 Database::update("users", Array("password" => $password), Array("username" => $_SESSION['user'])); Database::update("tokens", Array("token" => $token), Array("username" => $_SESSION['user'])); unset($_SESSION['user']); unset($_SESSION['mail']); unset($_SESSION['token']); exit(""); } else { exit(""); } } else { exit(""); } break; case "updateuser": $um = new SakuraPanel\UserManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { $valid = SakuraPanel\Regex::isValid($_POST, [ 'id' => SakuraPanel\Regex::TYPE_NUMBER, 'traffic' => SakuraPanel\Regex::TYPE_NUMBER, 'proxies' => SakuraPanel\Regex::TYPE_NUMBER, 'group' => SakuraPanel\Regex::TYPE_LETTER, 'status' => SakuraPanel\Regex::TYPE_NUMBER, ]); if($valid === true) { $update = $um->updateUser($_POST['id'], [ 'traffic' => $_POST['traffic'], 'proxies' => $_POST['proxies'], 'inbound' => $_POST['inbound'] ?? "", 'outbound' => $_POST['outbound'] ?? "", 'group' => $_POST['group'], 'status' => $_POST['status'], ]); if($update === true) { exit("用户资料更新成功！"); } else { Header("HTTP/1.1 404 Not Found"); exit("该用户不存在！{$update}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！{$valid}"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "updatenode": $um = new SakuraPanel\UserManager(); $nm = new SakuraPanel\NodeManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { $valid = SakuraPanel\Regex::isValid($_POST, [ 'id' => SakuraPanel\Regex::TYPE_NUMBER, 'name' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'description' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'hostname' => SakuraPanel\Regex::TYPE_HOSTNAME, 'ip' => SakuraPanel\Regex::TYPE_IPV4_V6, 'port' => SakuraPanel\Regex::TYPE_NUMBER, 'admin_port' => SakuraPanel\Regex::TYPE_NUMBER, 'admin_pass' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'token' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'group' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'status' => SakuraPanel\Regex::TYPE_NUMBER, ]); if($valid === true) { $update = $nm->updateNode($_POST['id'], [ 'id' => $_POST['id'], 'name' => $_POST['name'], 'description' => $_POST['description'], 'hostname' => $_POST['hostname'], 'ip' => $_POST['ip'], 'port' => $_POST['port'], 'admin_port' => $_POST['admin_port'], 'admin_pass' => $_POST['admin_pass'], 'token' => $_POST['token'], 'group' => $_POST['group'], 'status' => $_POST['status'], ]); if($update === true) { exit("节点信息更新成功！"); } else { Header("HTTP/1.1 404 Not Found"); exit("该节点不存在！{$update}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！{$valid}"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "addnode": $um = new SakuraPanel\UserManager(); $nm = new SakuraPanel\NodeManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { $valid = SakuraPanel\Regex::isValid($_POST, [ 'name' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'description' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'hostname' => SakuraPanel\Regex::TYPE_HOSTNAME, 'ip' => SakuraPanel\Regex::TYPE_IPV4_V6, 'port' => SakuraPanel\Regex::TYPE_NUMBER, 'admin_port' => SakuraPanel\Regex::TYPE_NUMBER, 'admin_pass' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'token' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'group' => SakuraPanel\Regex::TYPE_NOTEMPTY, 'status' => SakuraPanel\Regex::TYPE_NUMBER, ]); if($valid === true) { $update = $nm->addNode([ 'name' => $_POST['name'], 'description' => $_POST['description'], 'hostname' => $_POST['hostname'], 'ip' => $_POST['ip'], 'port' => $_POST['port'], 'admin_port' => $_POST['admin_port'], 'admin_pass' => $_POST['admin_pass'], 'token' => $_POST['token'], 'group' => $_POST['group'], 'status' => $_POST['status'], ]); if($update === true) { exit("节点添加成功！"); } else { Header("HTTP/1.1 404 Not Found"); exit("节点添加失败！{$update}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！{$valid}"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "deletenode": $um = new SakuraPanel\UserManager(); $nm = new SakuraPanel\NodeManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { if(SakuraPanel\Regex::isValid($_POST, [ "id" => SakuraPanel\Regex::TYPE_NUMBER ]) === true) { $result = $nm->deleteNode($_POST['id']); if($result === true) { exit("节点删除成功！"); } else { Header("HTTP/1.1 404 Not Found"); exit("节点删除失败！{$result}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！{$valid}"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "updatebroadcast": $um = new SakuraPanel\UserManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { if(isset($_POST['data'])) { $result = SakuraPanel\Settings::set("broadcast", $_POST['data']); if($result === true) { exit("公告更新成功！"); } else { exit("数据更新失败！{$result}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "updatehelpinfo": $um = new SakuraPanel\UserManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); $us = $um->getInfoByUser($_SESSION['user']); if($us['group'] == "admin") { if(isset($_POST['data'])) { $result = SakuraPanel\Settings::set("helpinfo", $_POST['data']); if($result === true) { exit("帮助更新成功！"); } else { exit("数据更新失败！{$result}"); } } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！"); } } else { exit("你没有足够的权限这么做"); } } else { exit("登录会话已超时，请重新登录"); } break; case "preview": $um = new SakuraPanel\UserManager(); if($um->isLogged()) { SakuraPanel\Utils::checkCsrf(); include(ROOT . "/core/Parsedown.php"); $markdown = new Parsedown(); $markdown->setSafeMode(true); $markdown->setBreaksEnabled(true); $markdown->setUrlsLinked(true); if(isset($_POST['data'])) { exit($markdown->text($_POST['data'])); } else { Header("HTTP/1.1 404 Not Found"); exit("提交的数据不合法！"); } } else { exit("登录会话已超时，请重新登录"); } break; default: Header("HTTP/1.1 404 Not Found"); exit("Undefined action {$params['action']}"); } } } }