Browse Source

20220304

pull/47/head
xiaoz 3 years ago
parent
commit
09d8a6e804
  1. 4
      README.md
  2. 93
      class/Api.php
  3. 26
      controller/api.php
  4. 3
      controller/login.php
  5. 5
      data/update.log
  6. 1
      templates/default/index.php

4
README.md

@ -7,8 +7,6 @@ @@ -7,8 +7,6 @@
![](https://i.bmp.ovh/imgs/2020/12/7a1eee25c16d2d81.png)
![](https://i.bmp.ovh/imgs/2020/12/abba0af566f3c16a.png)
@ -46,7 +44,7 @@ docker run -itd --name="onenav" -p 80:80 \ @@ -46,7 +44,7 @@ docker run -itd --name="onenav" -p 80:80 \
* `PASSWORD`:设置密码,上述设置为`xiaoz.me`
* `/data/onenav`:本机挂载目录,用于持久存储Onenav数据
> 更多说明,请参考帮助文档:https://www.yuque.com/helloz/onenav
> 更多说明,请参考帮助文档:https://dwz.ovh/onenav
## Demo

93
class/Api.php

@ -417,28 +417,60 @@ class Api { @@ -417,28 +417,60 @@ class Api {
}
/**
* 查询链接
* 接收一个数组作为参数
*/
public function link_list($page,$limit,$token = ''){
$offset = ($page - 1) * $limit;
public function link_list($data){
$limit = $data['limit'];
$token = $data['token'];
$offset = ($data['page'] - 1) * $data['limit'];
$fid = @$data['category_id'];
//如果存在分类ID,则根据分类ID进行查询
if ($data['category_id'] != null) {
$cid_sql = "WHERE fid = $fid";
//统计链接总数
$count = $this->db->count('on_links','*',[
'fid' => $fid
]);
}
else{
//统计链接总数,没有分类ID的情况
$count = $this->db->count('on_links','*');
}
//如果成功登录,但token为空
if( ($this->is_login()) && (empty($token)) ){
//统计总数
$count = $this->db->count('on_links','*');
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
}
//如果token验证通过
elseif( (!empty($token)) && ($this->auth($token)) ) {
//统计总数
$count = $this->db->count('on_links','*');
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
}
//如果即没有登录成功,又没有token,则默认为游客
else{
//统计总数
$cid_sql = empty($fid) ? null : "AND fid = $fid";
if($cid_sql == null) {
//统计链接总数,不存在分类ID的情况
$count = $this->db->count('on_links','*',[ 'property' => 0 ]);
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
}
else{
//统计链接总数,存在分类ID的情况
$count = $this->db->count('on_links','*',[
'property' => 0,
'fid' => $fid
]);
}
$sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}";
}
//打印SQL
//echo $sql;
//如果查询的总数大于limit,则以limit为准
$count = ( $count > $limit) ? $limit : $count;
//原生查询
$datas = $this->db->query($sql)->fetchAll();
$datas = [
@ -449,6 +481,47 @@ class Api { @@ -449,6 +481,47 @@ class Api {
];
exit(json_encode($datas));
}
/**
* 查询单个链接
* 此函数接收一个数组
*/
public function get_a_link($data) {
$id = $data['id'];
$token = $data['token'];
$link_info = $this->db->get("on_links","*",[
"id" => $id
]);
//打印链接信息
//var_dump($link_info);
//如果是公开链接,则直接返回
if ( $link_info['property'] == "0" ) {
$datas = [
'code' => 0,
'data' => $link_info
];
}
//如果是私有链接,并且认证通过
elseif( $link_info['property'] == "1" ) {
if ( $this->auth($token) ) {
$datas = [
'code' => 0,
'data' => $link_info
];
}
//exit(json_encode($datas));
}
//如果是其它情况,则显示为空
else{
$datas = [
'code' => 0,
'data' => []
];
//exit(json_encode($datas));
}
exit(json_encode($datas));
}
/**
* 验证是否登录
*/

26
controller/api.php

@ -54,6 +54,9 @@ switch ($method) { @@ -54,6 +54,9 @@ switch ($method) {
case 'check_weak_password':
check_weak_password($api);
break;
case 'get_a_link':
get_a_link($api);
break;
default:
# code...
break;
@ -173,11 +176,19 @@ function link_list($api){ @@ -173,11 +176,19 @@ function link_list($api){
$limit = empty(intval($_GET['limit'])) ? 10 : intval($_GET['limit']);
//获取token
$token = $_POST['token'];
$api->link_list($page,$limit,$token);
//获取分类ID
$category_id = empty($_POST['category_id']) ? null : intval($_POST['category_id']);
$data = [
'page' => $page,
'limit' => $limit,
'token' => $token,
'category_id' => $category_id
];
$api->link_list($data);
}
/**
* 获取链接信息
* 获取链接标题、描述等信息
*/
function get_link_info($api) {
//获取token
@ -187,6 +198,17 @@ function get_link_info($api) { @@ -187,6 +198,17 @@ function get_link_info($api) {
$api->get_link_info($token,$url);
}
/**
* 获取一个链接的信息,指存储在数据库的信息
*/
function get_a_link($api) {
//获取token
$data['token'] = htmlspecialchars($_POST['token']);
//获取链接的ID
$data['id'] = intval(htmlspecialchars($_GET['id']));
$api->get_a_link($data);
}
/**
* 添加自定义js
*/

3
controller/login.php

@ -23,7 +23,8 @@ if( $_GET['check'] == 'login' ) { @@ -23,7 +23,8 @@ if( $_GET['check'] == 'login' ) {
header('Content-Type:application/json; charset=utf-8');
if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav');
setcookie("key", $key, time()+30 * 24 * 60 * 60,"/");
//开启httponly支持
setcookie("key", $key, time()+30 * 24 * 60 * 60,"/",NULL,false,TRUE);
$data = [
'code' => 0,
'msg' => 'successful'

5
data/update.log

@ -38,3 +38,8 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -38,3 +38,8 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20220225
1. 修复一处安全漏洞
20220304
1. 新增HttpOnly支持
2. API新增查询单个链接信息get_a_link
3. API支持查询指定分类下的链接link_list,传递参数category_id

1
templates/default/index.php

@ -194,6 +194,7 @@ @@ -194,6 +194,7 @@
<div class="mdui-divider" style = "margin-top:2em;"></div>
<!--正文内容部分END-->
<!-- footer部分 -->
<!-- 未经作者授权,请勿去掉版权,否则可能影响作者更新代码的积极性或直接放弃维护此项目。 -->
<footer>
© 2022 Powered by <a target = "_blank" href="https://github.com/helloxz/onenav" title = "简约导航/书签管理器" rel = "nofollow">OneNav</a>.The author is <a href="https://www.xiaoz.me/" target="_blank" title = "小z博客">xiaoz.me</a>
</footer>

Loading…
Cancel
Save