Browse Source

Merge pull request #40 from helloxz/dev

v0.9.13
pull/90/head 0.9.13
xiaoz 3 years ago committed by GitHub
parent
commit
17a3e204e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 0
      .htaccess
  2. 0
      LICENSE
  3. 0
      README.md
  4. 0
      class/.htaccess
  5. 28
      class/Api.php
  6. 0
      class/Medoo.php
  7. 0
      class/index.html
  8. 0
      config.simple.php
  9. 0
      controller/.htaccess
  10. 0
      controller/admin.php
  11. 10
      controller/api.php
  12. 0
      controller/click.php
  13. 0
      controller/index.html
  14. 0
      controller/index.php
  15. 0
      controller/login.php
  16. 0
      data/index.html
  17. 6
      data/update.log
  18. 0
      db/onenav.simple.db3
  19. 0
      favicon.ico
  20. 0
      functions/.htaccess
  21. 0
      functions/helper.php
  22. 13
      index.php
  23. 0
      static/layer/layer.js
  24. 0
      static/layer/mobile/layer.js
  25. 0
      static/layer/mobile/need/layer.css
  26. 0
      static/layer/theme/default/icon-ext.png
  27. 0
      static/layer/theme/default/icon.png
  28. 0
      static/layer/theme/default/layer.css
  29. 0
      static/layer/theme/default/loading-0.gif
  30. 0
      static/layer/theme/default/loading-1.gif
  31. 0
      static/layer/theme/default/loading-2.gif
  32. 0
      templates/admin/403.php
  33. 0
      templates/admin/add_category.php
  34. 0
      templates/admin/add_link.php
  35. 0
      templates/admin/add_link_tpl.php
  36. 0
      templates/admin/add_quick_tpl.php
  37. 0
      templates/admin/category_list.php
  38. 0
      templates/admin/edit_category.php
  39. 0
      templates/admin/edit_link.php
  40. 0
      templates/admin/ext_js.php
  41. 2
      templates/admin/footer.php
  42. 0
      templates/admin/header.php
  43. 0
      templates/admin/imp_link.php
  44. 0
      templates/admin/index.html
  45. 3
      templates/admin/index.php
  46. 0
      templates/admin/left.php
  47. 0
      templates/admin/link_list.php
  48. 4
      templates/admin/login.php
  49. 0
      templates/admin/static/add_quick_tpl.css
  50. 0
      templates/admin/static/bg.jpg
  51. 31
      templates/admin/static/embed.js
  52. 0
      templates/admin/static/style.css
  53. 18
      templates/default/index.php
  54. 0
      templates/default/static/embed.js
  55. 0
      templates/default/static/holmes.js
  56. 0
      templates/default/static/style.css
  57. 0
      templates/index.html
  58. 2
      version.txt

0
class/.htaccess

28
class/Api.php

@ -18,11 +18,11 @@ class Api { @@ -18,11 +18,11 @@ class Api {
public function add_category($token,$name,$property = 0,$weight = 0,$description = ''){
$this->auth($token);
$data = [
'name' => $name,
'name' => htmlspecialchars($name,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
'property' => $property,
'description' => $description
'description' => htmlspecialchars($description,ENT_QUOTES)
];
//插入分类目录
$this->db->insert("on_categorys",$data);
@ -59,11 +59,11 @@ class Api { @@ -59,11 +59,11 @@ class Api {
//更新数据库
else{
$data = [
'name' => $name,
'name' => htmlspecialchars($name,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
'property' => $property,
'description' => $description
'description' => htmlspecialchars($description,ENT_QUOTES)
];
$re = $this->db->update('on_categorys',$data,[ 'id' => $id]);
//var_dump( $this->db->log() );
@ -159,9 +159,9 @@ class Api { @@ -159,9 +159,9 @@ class Api {
//合并数据
$data = [
'fid' => $fid,
'title' => $title,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'description' => $description,
'description' => htmlspecialchars($description,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
'property' => $property
@ -309,9 +309,9 @@ class Api { @@ -309,9 +309,9 @@ class Api {
//合并数据
$data = [
'fid' => $fid,
'title' => $title,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'description' => $description,
'description' => htmlspecialchars($description,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
'property' => $property
@ -548,6 +548,16 @@ class Api { @@ -548,6 +548,16 @@ class Api {
return $ip;
}
//
/**
* name:检查弱密码
*/
public function check_weak_password($token){
$this->auth($token);
//如果用户名、密码为初始密码,则提示修改
if ( ( USER == 'xiaoz' ) && ( PASSWORD == 'xiaoz.me' ) ) {
$this->err_msg(-1,'Weak password!');
}
}
}

0
class/Medoo.php

0
class/index.html

0
config.simple.php

0
controller/.htaccess

0
controller/admin.php

10
controller/api.php

@ -14,7 +14,7 @@ $api = new Api($db); @@ -14,7 +14,7 @@ $api = new Api($db);
//获取请求方法
$method = $_GET['method'];
//对方法进行判断
//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx
switch ($method) {
case 'add_category':
add_category($api);
@ -51,6 +51,8 @@ switch ($method) { @@ -51,6 +51,8 @@ switch ($method) {
break;
case 'imp_link':
imp_link($api);
case 'check_weak_password':
check_weak_password($api);
break;
default:
# code...
@ -212,3 +214,9 @@ function imp_link($api) { @@ -212,3 +214,9 @@ function imp_link($api) {
$property = intval(@$_POST['property']);
$api->imp_link($token,$filename,$fid,$property);
}
//检查弱密码
function check_weak_password($api) {
//获取token
$token = $_POST['token'];
$api->check_weak_password($token);
}

0
controller/click.php

0
controller/index.html

0
controller/index.php

0
controller/login.php

0
data/index.html

6
data/update.log

@ -23,3 +23,9 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -23,3 +23,9 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
1. 修复后台QQ群2
2. 后台添加社区支持链接
3. 修复默认主题顶部遮挡问题
20220211
1. 简化安装过程,无需再手动修改配置安装
2. 新增默认密码安全检测
3. 默认模板增加手机登录按钮
4. 修复一处XSS漏洞

0
db/onenav.simple.db3

0
favicon.ico

Before

Width:  |  Height:  |  Size: 3.2 KiB

After

Width:  |  Height:  |  Size: 3.2 KiB

0
functions/.htaccess

0
functions/helper.php

13
index.php

@ -12,7 +12,18 @@ $c = strip_tags($c); @@ -12,7 +12,18 @@ $c = strip_tags($c);
//$version = @file_get_contents("./functions/version.txt");
//载入配置文件
if( !file_exists('./data/config.php') ) {
exit('<h3>配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php</h3>');
echo "<p>正在准备安装,请稍等...</p>";
//复制配置文件
if ( copy('config.simple.php','data/config.php') ) {
echo "安装完毕,默认用户名:xiaoz,密码:xiaoz.me,5s后跳转到登录页面。";
//跳转到登录页面
header("Refresh:5;url=/index.php?c=login");
exit();
} else{
exit("<p>复制配置文件失败,请检查权限是否正常,或手动将站点目录下的config.simple.php复制为data/config.php</p>");
}
//exit('<h3>配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php</h3>');
}
//检查数据库是否存在,不存在则复制数据库
if( !file_exists('./data/onenav.db3') ) {

0
static/layer/layer.js

0
static/layer/mobile/layer.js

0
static/layer/mobile/need/layer.css

0
static/layer/theme/default/icon-ext.png

Before

Width:  |  Height:  |  Size: 5.8 KiB

After

Width:  |  Height:  |  Size: 5.8 KiB

0
static/layer/theme/default/icon.png

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
static/layer/theme/default/layer.css

0
static/layer/theme/default/loading-0.gif

Before

Width:  |  Height:  |  Size: 5.7 KiB

After

Width:  |  Height:  |  Size: 5.7 KiB

0
static/layer/theme/default/loading-1.gif

Before

Width:  |  Height:  |  Size: 701 B

After

Width:  |  Height:  |  Size: 701 B

0
static/layer/theme/default/loading-2.gif

Before

Width:  |  Height:  |  Size: 1.7 KiB

After

Width:  |  Height:  |  Size: 1.7 KiB

0
templates/admin/403.php

0
templates/admin/add_category.php

0
templates/admin/add_link.php

0
templates/admin/add_link_tpl.php

0
templates/admin/add_quick_tpl.php

0
templates/admin/category_list.php

0
templates/admin/edit_category.php

0
templates/admin/edit_link.php

0
templates/admin/ext_js.php

2
templates/admin/footer.php

@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
<div class="layui-footer">
<!-- 底部固定区域 -->
© Copyright 2021.Powered by <a href="https://github.com/helloxz/onenav" rel = "nofollow" target="_blank">OneNav</a>.
© Copyright 2022.Powered by <a href="https://github.com/helloxz/onenav" rel = "nofollow" target="_blank">OneNav</a>.
</div>
</div>
<script src = 'https://libs.xiaoz.top/jquery/2.2.4/jquery.min.js'></script>

0
templates/admin/header.php

0
templates/admin/imp_link.php

0
templates/admin/index.html

3
templates/admin/index.php

@ -40,3 +40,6 @@ @@ -40,3 +40,6 @@
</div>
<?php include_once('footer.php'); ?>
<script>
check_weak_password();
</script>

0
templates/admin/left.php

0
templates/admin/link_list.php

4
templates/admin/login.php

@ -45,6 +45,10 @@ @@ -45,6 +45,10 @@
<button class="layui-btn" lay-submit lay-filter="login" style = "width:100%;">登录</button>
</div>
<div class="layui-form-item layui-hide-sm layui-hide-md layui-hide-lg">
<button class="layui-btn" lay-submit lay-filter="mobile_login" style = "width:100%;">手机登录</button>
</div>
</form>
</div>

0
templates/admin/static/add_quick_tpl.css

0
templates/admin/static/bg.jpg

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 43 KiB

31
templates/admin/static/embed.js

@ -191,7 +191,6 @@ layui.use(['element','table','layer','form','upload'], function(){ @@ -191,7 +191,6 @@ layui.use(['element','table','layer','form','upload'], function(){
});
//登录
//添加链接
form.on('submit(login)', function(data){
$.post('/index.php?c=login&check=login',data.field,function(data,status){
//如果添加成功
@ -205,6 +204,20 @@ layui.use(['element','table','layer','form','upload'], function(){ @@ -205,6 +204,20 @@ layui.use(['element','table','layer','form','upload'], function(){
console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value}
return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。
});
//手机登录
form.on('submit(mobile_login)', function(data){
$.post('/index.php?c=login&check=login',data.field,function(data,status){
//如果登录成功
if(data.code == 0) {
window.location.href = '/';
}
else{
layer.msg(data.err_msg, {icon: 5});
}
});
console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value}
return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。
});
//添加分类目录
form.on('submit(add_category)', function(data){
@ -401,3 +414,19 @@ function del_category(id){ @@ -401,3 +414,19 @@ function del_category(id){
layer.close(index);
});
}
//弱密码检查
function check_weak_password(){
$.get("/index.php?c=api&method=check_weak_password",function(data,status){
if (data.err_msg === 'Weak password!') {
layui.use('layer', function(){
var layer = layui.layer;
layer.open({
title:'风险提示!',
content: '系统检测到您使用的默认密码,请参考<a href = "https://dwz.ovh/ze1ts" target = "_blank" style = "color:#01AAED;">帮助文档</a>尽快修改!' //这里content是一个普通的String
});
});
}
});
}

0
templates/admin/static/style.css

18
templates/default/index.php

@ -100,6 +100,22 @@ @@ -100,6 +100,22 @@
<div class="mdui-list-item-content category-name"><i class="fa fa-user-circle"></i> About</div>
</li>
</a>
<?php
if ( !is_login() ) {
?>
<a href="/index.php?c=login" title="手机登录" class="mdui-hidden-sm-up">
<li class="mdui-list-item mdui-ripple">
<div class="mdui-list-item-content category-name"><i class="fa fa-dashboard"></i> 登录</div>
</li>
</a>
<?php } else { ?>
<a href="/index.php?c=admin&page=logout" title="退出" class="mdui-hidden-sm-up">
<li class="mdui-list-item mdui-ripple">
<div class="mdui-list-item-content category-name"><i class="fa fa-dashboard"></i> 退出</div>
</li>
</a>
<?php } ?>
</ul>
</div>
<!--左侧抽屉导航END-->
@ -179,7 +195,7 @@ @@ -179,7 +195,7 @@
<!--正文内容部分END-->
<!-- footer部分 -->
<footer>
© 2021 Powered by <a target = "_blank" href="https://github.com/helloxz/onenav" title = "简约导航/书签管理器" rel = "nofollow">OneNav</a>.The author is <a href="https://www.xiaoz.me/" target="_blank" title = "小z博客">xiaoz.me</a>
© 2022 Powered by <a target = "_blank" href="https://github.com/helloxz/onenav" title = "简约导航/书签管理器" rel = "nofollow">OneNav</a>.The author is <a href="https://www.xiaoz.me/" target="_blank" title = "小z博客">xiaoz.me</a>
</footer>
<!-- footerend -->
</body>

0
templates/default/static/embed.js

0
templates/default/static/holmes.js

0
templates/default/static/style.css

0
templates/index.html

2
version.txt

@ -1 +1 @@ @@ -1 +1 @@
v0.9.12-20210726
v0.9.13-20220214
Loading…
Cancel
Save