diff --git a/.htaccess b/.htaccess
old mode 100644
new mode 100755
diff --git a/LICENSE b/LICENSE
old mode 100644
new mode 100755
diff --git a/README.md b/README.md
old mode 100644
new mode 100755
diff --git a/class/.htaccess b/class/.htaccess
old mode 100644
new mode 100755
diff --git a/class/Api.php b/class/Api.php
old mode 100644
new mode 100755
index 2569121..df1a17e
--- a/class/Api.php
+++ b/class/Api.php
@@ -18,11 +18,11 @@ class Api {
public function add_category($token,$name,$property = 0,$weight = 0,$description = ''){
$this->auth($token);
$data = [
- 'name' => $name,
+ 'name' => htmlspecialchars($name,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
'property' => $property,
- 'description' => $description
+ 'description' => htmlspecialchars($description,ENT_QUOTES)
];
//插入分类目录
$this->db->insert("on_categorys",$data);
@@ -59,11 +59,11 @@ class Api {
//更新数据库
else{
$data = [
- 'name' => $name,
+ 'name' => htmlspecialchars($name,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
'property' => $property,
- 'description' => $description
+ 'description' => htmlspecialchars($description,ENT_QUOTES)
];
$re = $this->db->update('on_categorys',$data,[ 'id' => $id]);
//var_dump( $this->db->log() );
@@ -159,9 +159,9 @@ class Api {
//合并数据
$data = [
'fid' => $fid,
- 'title' => $title,
+ 'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
- 'description' => $description,
+ 'description' => htmlspecialchars($description,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
'property' => $property
@@ -309,9 +309,9 @@ class Api {
//合并数据
$data = [
'fid' => $fid,
- 'title' => $title,
+ 'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
- 'description' => $description,
+ 'description' => htmlspecialchars($description,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
'property' => $property
@@ -548,6 +548,16 @@ class Api {
return $ip;
}
- //
+ /**
+ * name:检查弱密码
+ */
+ public function check_weak_password($token){
+ $this->auth($token);
+ //如果用户名、密码为初始密码,则提示修改
+ if ( ( USER == 'xiaoz' ) && ( PASSWORD == 'xiaoz.me' ) ) {
+ $this->err_msg(-1,'Weak password!');
+ }
+ }
+
}
diff --git a/class/Medoo.php b/class/Medoo.php
old mode 100644
new mode 100755
diff --git a/class/index.html b/class/index.html
old mode 100644
new mode 100755
diff --git a/config.simple.php b/config.simple.php
old mode 100644
new mode 100755
diff --git a/controller/.htaccess b/controller/.htaccess
old mode 100644
new mode 100755
diff --git a/controller/admin.php b/controller/admin.php
old mode 100644
new mode 100755
diff --git a/controller/api.php b/controller/api.php
old mode 100644
new mode 100755
index 1fbe242..ed01b77
--- a/controller/api.php
+++ b/controller/api.php
@@ -14,7 +14,7 @@ $api = new Api($db);
//获取请求方法
$method = $_GET['method'];
-//对方法进行判断
+//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx
switch ($method) {
case 'add_category':
add_category($api);
@@ -51,6 +51,8 @@ switch ($method) {
break;
case 'imp_link':
imp_link($api);
+ case 'check_weak_password':
+ check_weak_password($api);
break;
default:
# code...
@@ -211,4 +213,10 @@ function imp_link($api) {
$fid = intval($_POST['fid']);
$property = intval(@$_POST['property']);
$api->imp_link($token,$filename,$fid,$property);
+}
+//检查弱密码
+function check_weak_password($api) {
+ //获取token
+ $token = $_POST['token'];
+ $api->check_weak_password($token);
}
\ No newline at end of file
diff --git a/controller/click.php b/controller/click.php
old mode 100644
new mode 100755
diff --git a/controller/index.html b/controller/index.html
old mode 100644
new mode 100755
diff --git a/controller/index.php b/controller/index.php
old mode 100644
new mode 100755
diff --git a/controller/login.php b/controller/login.php
old mode 100644
new mode 100755
diff --git a/data/index.html b/data/index.html
old mode 100644
new mode 100755
diff --git a/data/update.log b/data/update.log
old mode 100644
new mode 100755
index 283fe1a..90e8db5
--- a/data/update.log
+++ b/data/update.log
@@ -22,4 +22,10 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20210726
1. 修复后台QQ群2
2. 后台添加社区支持链接
-3. 修复默认主题顶部遮挡问题
\ No newline at end of file
+3. 修复默认主题顶部遮挡问题
+
+20220211
+1. 简化安装过程,无需再手动修改配置安装
+2. 新增默认密码安全检测
+3. 默认模板增加手机登录按钮
+4. 修复一处XSS漏洞
\ No newline at end of file
diff --git a/db/onenav.simple.db3 b/db/onenav.simple.db3
old mode 100644
new mode 100755
diff --git a/favicon.ico b/favicon.ico
old mode 100644
new mode 100755
diff --git a/functions/.htaccess b/functions/.htaccess
old mode 100644
new mode 100755
diff --git a/functions/helper.php b/functions/helper.php
old mode 100644
new mode 100755
diff --git a/index.php b/index.php
old mode 100644
new mode 100755
index 3384187..531be54
--- a/index.php
+++ b/index.php
@@ -12,7 +12,18 @@ $c = strip_tags($c);
//$version = @file_get_contents("./functions/version.txt");
//载入配置文件
if( !file_exists('./data/config.php') ) {
- exit('配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php ');
+ echo "正在准备安装,请稍等...
";
+ //复制配置文件
+ if ( copy('config.simple.php','data/config.php') ) {
+ echo "安装完毕,默认用户名:xiaoz,密码:xiaoz.me,5s后跳转到登录页面。";
+ //跳转到登录页面
+ header("Refresh:5;url=/index.php?c=login");
+ exit();
+ } else{
+ exit("复制配置文件失败,请检查权限是否正常,或手动将站点目录下的config.simple.php复制为data/config.php
");
+ }
+
+ //exit('配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php ');
}
//检查数据库是否存在,不存在则复制数据库
if( !file_exists('./data/onenav.db3') ) {
diff --git a/static/layer/layer.js b/static/layer/layer.js
old mode 100644
new mode 100755
diff --git a/static/layer/mobile/layer.js b/static/layer/mobile/layer.js
old mode 100644
new mode 100755
diff --git a/static/layer/mobile/need/layer.css b/static/layer/mobile/need/layer.css
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/icon-ext.png b/static/layer/theme/default/icon-ext.png
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/icon.png b/static/layer/theme/default/icon.png
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/layer.css b/static/layer/theme/default/layer.css
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/loading-0.gif b/static/layer/theme/default/loading-0.gif
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/loading-1.gif b/static/layer/theme/default/loading-1.gif
old mode 100644
new mode 100755
diff --git a/static/layer/theme/default/loading-2.gif b/static/layer/theme/default/loading-2.gif
old mode 100644
new mode 100755
diff --git a/templates/admin/403.php b/templates/admin/403.php
old mode 100644
new mode 100755
diff --git a/templates/admin/add_category.php b/templates/admin/add_category.php
old mode 100644
new mode 100755
diff --git a/templates/admin/add_link.php b/templates/admin/add_link.php
old mode 100644
new mode 100755
diff --git a/templates/admin/add_link_tpl.php b/templates/admin/add_link_tpl.php
old mode 100644
new mode 100755
diff --git a/templates/admin/add_quick_tpl.php b/templates/admin/add_quick_tpl.php
old mode 100644
new mode 100755
diff --git a/templates/admin/category_list.php b/templates/admin/category_list.php
old mode 100644
new mode 100755
diff --git a/templates/admin/edit_category.php b/templates/admin/edit_category.php
old mode 100644
new mode 100755
diff --git a/templates/admin/edit_link.php b/templates/admin/edit_link.php
old mode 100644
new mode 100755
diff --git a/templates/admin/ext_js.php b/templates/admin/ext_js.php
old mode 100644
new mode 100755
diff --git a/templates/admin/footer.php b/templates/admin/footer.php
old mode 100644
new mode 100755
index 23b55c2..583f600
--- a/templates/admin/footer.php
+++ b/templates/admin/footer.php
@@ -1,6 +1,6 @@
diff --git a/templates/admin/header.php b/templates/admin/header.php
old mode 100644
new mode 100755
diff --git a/templates/admin/imp_link.php b/templates/admin/imp_link.php
old mode 100644
new mode 100755
diff --git a/templates/admin/index.html b/templates/admin/index.html
old mode 100644
new mode 100755
diff --git a/templates/admin/index.php b/templates/admin/index.php
old mode 100644
new mode 100755
index dc3a18a..9b3bbd0
--- a/templates/admin/index.php
+++ b/templates/admin/index.php
@@ -40,3 +40,6 @@
+
diff --git a/templates/admin/left.php b/templates/admin/left.php
old mode 100644
new mode 100755
diff --git a/templates/admin/link_list.php b/templates/admin/link_list.php
old mode 100644
new mode 100755
diff --git a/templates/admin/login.php b/templates/admin/login.php
old mode 100644
new mode 100755
index 37d9a32..ab60719
--- a/templates/admin/login.php
+++ b/templates/admin/login.php
@@ -44,6 +44,10 @@
登录
+
+
+ 手机登录
+
diff --git a/templates/admin/static/add_quick_tpl.css b/templates/admin/static/add_quick_tpl.css
old mode 100644
new mode 100755
diff --git a/templates/admin/static/bg.jpg b/templates/admin/static/bg.jpg
old mode 100644
new mode 100755
diff --git a/templates/admin/static/embed.js b/templates/admin/static/embed.js
old mode 100644
new mode 100755
index d562d2f..29ece02
--- a/templates/admin/static/embed.js
+++ b/templates/admin/static/embed.js
@@ -191,7 +191,6 @@ layui.use(['element','table','layer','form','upload'], function(){
});
//登录
- //添加链接
form.on('submit(login)', function(data){
$.post('/index.php?c=login&check=login',data.field,function(data,status){
//如果添加成功
@@ -205,6 +204,20 @@ layui.use(['element','table','layer','form','upload'], function(){
console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value}
return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。
});
+ //手机登录
+ form.on('submit(mobile_login)', function(data){
+ $.post('/index.php?c=login&check=login',data.field,function(data,status){
+ //如果登录成功
+ if(data.code == 0) {
+ window.location.href = '/';
+ }
+ else{
+ layer.msg(data.err_msg, {icon: 5});
+ }
+ });
+ console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value}
+ return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。
+ });
//添加分类目录
form.on('submit(add_category)', function(data){
@@ -400,4 +413,20 @@ function del_category(id){
layer.close(index);
});
-}
\ No newline at end of file
+}
+
+//弱密码检查
+function check_weak_password(){
+ $.get("/index.php?c=api&method=check_weak_password",function(data,status){
+ if (data.err_msg === 'Weak password!') {
+ layui.use('layer', function(){
+ var layer = layui.layer;
+
+ layer.open({
+ title:'风险提示!',
+ content: '系统检测到您使用的默认密码,请参考帮助文档 尽快修改!' //这里content是一个普通的String
+ });
+ });
+ }
+ });
+}
diff --git a/templates/admin/static/style.css b/templates/admin/static/style.css
old mode 100644
new mode 100755
diff --git a/templates/default/index.php b/templates/default/index.php
old mode 100644
new mode 100755
index 36a29ab..00f4ebc
--- a/templates/default/index.php
+++ b/templates/default/index.php
@@ -100,6 +100,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -179,7 +195,7 @@
diff --git a/templates/default/static/embed.js b/templates/default/static/embed.js
old mode 100644
new mode 100755
diff --git a/templates/default/static/holmes.js b/templates/default/static/holmes.js
old mode 100644
new mode 100755
diff --git a/templates/default/static/style.css b/templates/default/static/style.css
old mode 100644
new mode 100755
diff --git a/templates/index.html b/templates/index.html
old mode 100644
new mode 100755
diff --git a/version.txt b/version.txt
old mode 100644
new mode 100755
index 4019413..5f1a3e1
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-v0.9.12-20210726
\ No newline at end of file
+v0.9.13-20220214
\ No newline at end of file