diff --git a/.htaccess b/.htaccess index 938af1c..39f777c 100644 --- a/.htaccess +++ b/.htaccess @@ -1,4 +1,5 @@ RewriteEngine On RewriteRule '^click\/(.*)$' /index.php?c=click&id=$1 [L] RewriteRule '^api\/(.*)?(.*)$' /index.php?c=api&method=$1&$2 [L] -RewriteRule login /index.php?c=login [NC,L] \ No newline at end of file +RewriteRule login /index.php?c=login [NC,L] +RewriteRule .*.(db3|rar|gz|json)$ - [F] \ No newline at end of file diff --git a/class/Api.php b/class/Api.php index 9859d46..f6824f3 100644 --- a/class/Api.php +++ b/class/Api.php @@ -344,7 +344,7 @@ class Api { * 验证是否登录 */ protected function is_login(){ - $key = md5(USER.PASSWORD.$this->getIP().'onenav'); + $key = md5(USER.PASSWORD.'onenav'); //获取session $session = $_COOKIE['key']; //如果已经成功登录 diff --git a/controller/admin.php b/controller/admin.php index df1bde4..30fd3ba 100644 --- a/controller/admin.php +++ b/controller/admin.php @@ -46,7 +46,7 @@ if ($page == 'edit_link') { } //如果页面是添加链接页面 -if ($page == 'add_link') { +if ( ($page == 'add_link') || ($page == 'add_link_tpl') ) { //查询所有分类信息 $categorys = $db->select('on_categorys','*',[ 'ORDER' => ['weigth' => 'DESC'] ]); //checked按钮 @@ -99,12 +99,14 @@ function getIP() { function check_auth($user,$password){ $ip = getIP(); - $key = md5($user.$password.$ip.'onenav'); + $key = md5($user.$password.'onenav'); //获取cookie $cookie = $_COOKIE['key']; //如果cookie的值和计算的key不一致,则没有权限 if( $cookie != $key ){ - exit("
无效ID!
'; + require('templates/admin/403.php'); + exit(); } //查询链接信息 @@ -17,7 +19,9 @@ $link = $db->get('on_links',['id','fid','url','property','click'],[ //如果查询失败 if( !$link ){ - exit('无效ID!'); + $msg = '无效ID!
'; + require('templates/admin/403.php'); + exit(); } //查询该ID的父及ID信息 @@ -61,5 +65,8 @@ elseif( is_login() ) { } //其它情况则没有权限 else{ - exit('无权限!'); + $msg = '很抱歉,该页面是私有的,您无权限访问此页面。
+如果您是管理员,请尝试登录OneNav后台并重新访问。
'; + require('templates/admin/403.php'); + exit(); } \ No newline at end of file diff --git a/controller/index.php b/controller/index.php index cea2a62..836b9d9 100644 --- a/controller/index.php +++ b/controller/index.php @@ -80,7 +80,7 @@ function get_version(){ } //判断用户是否已经登录 function is_login(){ - $key = md5(USER.PASSWORD.getIP().'onenav'); + $key = md5(USER.PASSWORD.'onenav'); //获取session $session = $_COOKIE['key']; //如果已经成功登录 diff --git a/controller/login.php b/controller/login.php index ac1b882..58a9caf 100644 --- a/controller/login.php +++ b/controller/login.php @@ -6,7 +6,7 @@ $username = $site_setting['user']; $password = $site_setting['password']; $ip = getIP(); //如果认证通过,直接跳转到后台管理 -$key = md5($username.$password.$ip.'onenav'); +$key = md5($username.$password.'onenav'); //获取cookie $cookie = $_COOKIE['key']; @@ -22,7 +22,7 @@ if( $_GET['check'] == 'login' ) { $pass = $_POST['password']; header('Content-Type:application/json; charset=utf-8'); if( ($user == $username) && ($pass == $password) ) { - $key = md5($username.$password.$ip.'onenav'); + $key = md5($username.$password.'onenav'); setcookie("key", $key, time()+30 * 24 * 60 * 60,"/"); $data = [ 'code' => 0, diff --git a/functions/helper.php b/functions/helper.php index 6f10d92..e2ba803 100644 --- a/functions/helper.php +++ b/functions/helper.php @@ -24,7 +24,7 @@ function getIP() { function is_login(){ - $key = md5(USER.PASSWORD.getIP().'onenav'); + $key = md5(USER.PASSWORD.'onenav'); //获取session $session = $_COOKIE['key']; //如果已经成功登录 diff --git a/static/layer/layer.js b/static/layer/layer.js new file mode 100644 index 0000000..a0b24f8 --- /dev/null +++ b/static/layer/layer.js @@ -0,0 +1,2 @@ +/** layer-v3.3.0 Web 通用弹出层组件 MIT License */ + ;!function(e,t){"use strict";var i,n,a=e.layui&&layui.define,o={getPath:function(){var e=document.currentScript?document.currentScript.src:function(){for(var e,t=document.scripts,i=t.length-1,n=i;n>0;n--)if("interactive"===t[n].readyState){e=t[n].src;break}return e||t[i].src}();return e.substring(0,e.lastIndexOf("/")+1)}(),config:{},end:{},minIndex:0,minLeft:[],btn:["确定","取消"],type:["dialog","page","iframe","loading","tips"],getStyle:function(t,i){var n=t.currentStyle?t.currentStyle:e.getComputedStyle(t,null);return n[n.getPropertyValue?"getPropertyValue":"getAttribute"](i)},link:function(t,i,n){if(r.path){var a=document.getElementsByTagName("head")[0],s=document.createElement("link");"string"==typeof i&&(n=i);var l=(n||t).replace(/\.|\//g,""),f="layuicss-"+l,c=0;s.rel="stylesheet",s.href=r.path+t,s.id=f,document.getElementById(f)||a.appendChild(s),"function"==typeof i&&!function u(){return++c>80?e.console&&console.error("layer.css: Invalid"):void(1989===parseInt(o.getStyle(document.getElementById(f),"width"))?i():setTimeout(u,100))}()}}},r={v:"3.3.0",ie:function(){var t=navigator.userAgent.toLowerCase();return!!(e.ActiveXObject||"ActiveXObject"in e)&&((t.match(/msie\s(\d+)/)||[])[1]||"11")}(),index:e.layer&&e.layer.v?1e5:0,path:o.getPath,config:function(e,t){return e=e||{},r.cache=o.config=i.extend({},o.config,e),r.path=o.config.path||r.path,"string"==typeof e.extend&&(e.extend=[e.extend]),o.config.path&&r.ready(),e.extend?(a?layui.addcss("modules/layer/"+e.extend):o.link("theme/"+e.extend),this):this},ready:function(e){var t="layer",i="",n=(a?"modules/layer/":"theme/")+"default/layer.css?v="+r.v+i;return a?layui.addcss(n,e,t):o.link(n,e,t),this},alert:function(e,t,n){var a="function"==typeof t;return a&&(n=t),r.open(i.extend({content:e,yes:n},a?{}:t))},confirm:function(e,t,n,a){var s="function"==typeof t;return s&&(a=n,n=t),r.open(i.extend({content:e,btn:o.btn,yes:n,btn2:a},s?{}:t))},msg:function(e,n,a){var s="function"==typeof n,f=o.config.skin,c=(f?f+" "+f+"-msg":"")||"layui-layer-msg",u=l.anim.length-1;return s&&(a=n),r.open(i.extend({content:e,time:3e3,shade:!1,skin:c,title:!1,closeBtn:!1,btn:!1,resize:!1,end:a},s&&!o.config.skin?{skin:c+" layui-layer-hui",anim:u}:function(){return n=n||{},(n.icon===-1||n.icon===t&&!o.config.skin)&&(n.skin=c+" "+(n.skin||"layui-layer-hui")),n}()))},load:function(e,t){return r.open(i.extend({type:3,icon:e||0,resize:!1,shade:.01},t))},tips:function(e,t,n){return r.open(i.extend({type:4,content:[e,t],closeBtn:!1,time:3e3,shade:!1,resize:!1,fixed:!1,maxWidth:260},n))}},s=function(e){var t=this,a=function(){r.ready(function(){t.creat()})};t.index=++r.index,t.config.maxWidth=i(n).width()-30,t.config=i.extend({},t.config,o.config,e),document.body?a():setTimeout(function(){a()},30)};s.pt=s.prototype;var l=["layui-layer",".layui-layer-title",".layui-layer-main",".layui-layer-dialog","layui-layer-iframe","layui-layer-content","layui-layer-btn","layui-layer-close"];l.anim=["layer-anim-00","layer-anim-01","layer-anim-02","layer-anim-03","layer-anim-04","layer-anim-05","layer-anim-06"],s.pt.config={type:0,shade:.3,fixed:!0,move:l[1],title:"信息",offset:"auto",area:"auto",closeBtn:1,time:0,zIndex:19891014,maxWidth:360,anim:0,isOutAnim:!0,icon:-1,moveType:1,resize:!0,scrollbar:!0,tips:2},s.pt.vessel=function(e,t){var n=this,a=n.index,r=n.config,s=r.zIndex+a,f="object"==typeof r.title,c=r.maxmin&&(1===r.type||2===r.type),u=r.title?''+(n.content||"")+"
"),n.skin&&(n.anim="up"),"msg"===n.skin&&(n.shade=!1),s.innerHTML=(n.shade?"':"")+'