/** * FinalCutPro AI Captions - 统一配置文件 * * 包含: * 1. 系统配置 * 2. Session 管理 * 3. 安全函数 * 4. 数据库连接 */ // ==================== 系统配置 ==================== define('DEBUG_MODE', true); define('APP_NAME', 'FinalCutPro AI Captions'); define('APP_VERSION', '1.0.0'); // 数据库配置 define('DB_HOST', '127.0.0.1'); define('DB_PORT', '31587'); define('DB_NAME', 'key-api'); define('DB_USER', 'rongyan'); define('DB_PASS', 'Pj5FZrCrA^J2b#@Y3An'); // 后台配置 define('ADMIN_URL', '/admin-system'); define('ADMIN_TITLE', 'FinalCutPro AI Captions - 管理后台'); // 时区设置 date_default_timezone_set('Asia/Shanghai'); // ==================== Session 配置 ==================== ini_set('session.use_strict_mode', 0); ini_set('session.use_cookies', 1); ini_set('session.cookie_httponly', 1); ini_set('session.cookie_secure', 0); if (session_status() === PHP_SESSION_NONE) { session_start(); } // ==================== 辅助函数 ==================== /** * 清理输入 */ function clean($data) { return htmlspecialchars(trim(strip_tags($data)), ENT_QUOTES, 'UTF-8'); } /** * 安全地获取 POST 数据 */ function post($key, $default = null) { $value = $_POST[$key] ?? $default; return is_array($value) || is_object($value) ? json_encode($value) : $value; } /** * 安全地获取 GET 数据 */ function get($key, $default = null) { $value = $_GET[$key] ?? $default; return is_array($value) || is_object($value) ? json_encode($value) : $value; } /** * 安全地获取 POST 数据 (后台专用) */ function admin_post($key, $default = null) { return $_POST[$key] ?? $default; } /** * 安全地获取 GET 数据 (后台专用) */ function admin_get($key, $default = null) { return $_GET[$key] ?? $default; } /** * 转义 HTML 输出 */ function h($string) { return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); } // ==================== Session 管理函数 ==================== /** * 检查登录状态 */ function isLoggedIn() { if (!isset($_SESSION)) { session_start(); } return isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true; } /** * 检查管理员权限 */ function isAdmin() { return isset($_SESSION['admin_role']) && $_SESSION['admin_role'] === 'admin'; } /** * 要求登录 */ function requireLogin() { if (!isset($_SESSION)) { @session_start(); } if (!isLoggedIn()) { $logMsg = "未授权访问检测 | URL:" . $_SERVER['REQUEST_URI'] . " | IP:" . $_SERVER['REMOTE_ADDR'] . " | User-Agent:" . substr($_SERVER['HTTP_USER_AGENT'], 0, 50); error_log($logMsg); if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { http_response_code(401); die(json_encode([ 'success' => false, 'error' => 'unauthorized', 'message' => '请先登录' ])); } header('Location: login.php'); exit(); } } /** * 生成 CSRF token */ function generateCSRFToken() { if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } return $_SESSION['csrf_token']; } /** * 验证 CSRF token */ function verifyCSRFToken() { if (!isset($_SESSION['csrf_token'])) { return false; } return hash_equals($_SESSION['csrf_token'], admin_post('csrf_token', '')); } // ==================== 数据库函数 ==================== /** * 获取数据库连接 */ function getDbConnection() { static $pdo = null; if ($pdo === null) { try { $dsn = "mysql:host=" . DB_HOST . ";port=" . DB_PORT . ";dbname=" . DB_NAME . ";charset=utf8mb4"; $pdo = new PDO($dsn, DB_USER, DB_PASS); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } catch (PDOException $e) { if (DEBUG_MODE) { $errorMsg = "Database connection failed!\n\n"; $errorMsg .= "Error: " . htmlspecialchars($e->getMessage()) . "\n\n"; $errorMsg .= "Please check:\n"; $errorMsg .= "1. Database host: " . DB_HOST . ":" . DB_PORT . "\n"; $errorMsg .= "2. Database name: " . DB_NAME . "\n"; $errorMsg .= "3. Username/password correct?\n"; $errorMsg .= "4. Database created?\n"; $errorMsg .= "5. SQL imported?\n"; die("
" . htmlspecialchars($errorMsg) . "
"); } else { throw new Exception('Database connection failed'); } } } return $pdo; } /** * 初始化数据库表 */ function initDatabase() { try { $pdo = getDbConnection(); $pdo->exec("CREATE TABLE IF NOT EXISTS admin_users ( id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, role VARCHAR(20) DEFAULT 'admin', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); $stmt = $pdo->query("SELECT COUNT(*) as count FROM admin_users"); $result = $stmt->fetch(); if ($result['count'] === 0) { $passwordHash = password_hash('admin123', PASSWORD_DEFAULT); $pdo->exec("INSERT INTO admin_users (username, password, role) VALUES ('admin', '$passwordHash', 'admin')"); error_log("Default admin created: admin / admin123"); } } catch (Exception $e) { error_log('Database initialization failed: ' . $e->getMessage()); } } // Auto initialize database initDatabase(); ?>
Warning: Cannot modify header information - headers already sent by (output started at /www/wwwroot/api.rongyan.cc/config.php:7) in /www/wwwroot/api.rongyan.cc/index.php on line 159
{"error":"API only accepts POST requests for verification"}