Browse Source

Merge pull request #53 from helloxz/dev

20220314
pull/90/head
xiaoz 3 years ago committed by GitHub
parent
commit
7f4822f35e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 115
      class/Api.php
  2. 84
      controller/api.php
  3. 16
      controller/click.php
  4. 14
      data/update.log
  5. BIN
      db/onenav.simple.db3
  6. 1
      db/sql/20220308.sql
  7. 5
      db/sql/20220311.sql
  8. 11
      functions/helper.php
  9. 11
      templates/admin/add_link.php
  10. 101
      templates/admin/click.php
  11. 14
      templates/admin/edit_link.php
  12. 1
      templates/admin/index.php
  13. 33
      templates/admin/static/embed.js
  14. 2
      version.txt

115
class/Api.php

@ -153,16 +153,24 @@ class Api { @@ -153,16 +153,24 @@ class Api {
/**
* name:添加链接
*/
public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0){
public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token);
$fid = intval($fid);
//检测链接是否合法
$this->check_link($fid,$title,$url);
//$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//合并数据
$data = [
'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
@ -190,6 +198,9 @@ class Api { @@ -190,6 +198,9 @@ class Api {
* 批量导入链接
*/
public function imp_link($token,$filename,$fid,$property = 0){
//过滤$filename
$filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename);
$this->auth($token);
//检查文件是否存在
if ( !file_exists($filename) ) {
@ -297,11 +308,17 @@ class Api { @@ -297,11 +308,17 @@ class Api {
/**
* name:修改链接
*/
public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0){
public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token);
$fid = intval($fid);
//检测链接是否合法
$this->check_link($fid,$title,$url);
//$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//查询ID是否存在
$count = $this->db->count('on_links',[ 'id' => $id]);
//如果id不存在
@ -313,6 +330,7 @@ class Api { @@ -313,6 +330,7 @@ class Api {
'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
@ -365,8 +383,14 @@ class Api { @@ -365,8 +383,14 @@ class Api {
}
/**
* 验证链接合法性
* 接收一个数组作为参数
*/
protected function check_link($fid,$title,$url){
protected function check_link($data){
$fid = $data['fid'];
$title = $data['title'];
$url = $data['url'];
$url_standby = @$data['url_standby'];
//如果父及(分类)ID不存在
if( empty($fid )) {
$this->err_msg(-1007,'The category id(fid) not exist!');
@ -391,6 +415,10 @@ class Api { @@ -391,6 +415,10 @@ class Api {
if( !filter_var($url, FILTER_VALIDATE_URL) ) {
$this->err_msg(-1010,'URL is not valid!');
}
//备用链接不合法
if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) {
$this->err_msg(-1010,'URL is not valid!');
}
return true;
}
/**
@ -471,7 +499,7 @@ class Api { @@ -471,7 +499,7 @@ class Api {
//echo $sql;
//如果查询的总数大于limit,则以limit为准
$count = ( $count > $limit) ? $limit : $count;
//$count = ( $count > $limit) ? $limit : $count;
//原生查询
$datas = $this->db->query($sql)->fetchAll();
@ -505,7 +533,7 @@ class Api { @@ -505,7 +533,7 @@ class Api {
}
//如果是私有链接,并且认证通过
elseif( $link_info['property'] == "1" ) {
if ( $this->auth($token) ) {
if ( ( $this->auth($token) ) || ( $this->is_login() ) ) {
$datas = [
'code' => 0,
'data' => $link_info
@ -524,6 +552,49 @@ class Api { @@ -524,6 +552,49 @@ class Api {
}
exit(json_encode($datas));
}
/**
* 查询单个分类信息
* 此函数接收一个数组
*/
public function get_a_category($data) {
$id = $data['id'];
$token = $data['token'];
$category_info = $this->db->get("on_categorys","*",[
"id" => $id
]);
//var_dump($category_info);
//如果是公开分类,则直接返回
if ( $category_info['property'] == "0" ) {
$datas = [
'code' => 0,
'data' => $category_info
];
}
//如果是私有链接,并且认证通过
elseif( $category_info['property'] == "1" ) {
if ( ( $this->auth($token) ) || ( $this->is_login() ) ) {
$datas = [
'code' => 0,
'data' => $category_info
];
}
//exit(json_encode($datas));
}
//如果是其它情况,则显示为空
else{
$datas = [
'code' => 0,
'data' => []
];
//exit(json_encode($datas));
}
exit(json_encode($datas));
}
/**
* 验证是否登录
*/
@ -717,11 +788,26 @@ class Api { @@ -717,11 +788,26 @@ class Api {
}
//读取需要更新的SQL内容
try {
$sql_content = file_get_contents($sql_name);
$result = $this->db->query($sql_content);
//如果SQL执行成功,则返回
//读取一个SQL温江,并将单个SQL文件拆分成单条SQL语句循环执行
$sql_content = explode(';',file_get_contents($sql_name));
//计算SQL总数
$num = count($sql_content) - 1;
//初始数量设置为0
$init_num = 0;
//遍历执行SQL语句
foreach ($sql_content as $sql) {
//如果SQL为空,则跳过此次循环不执行
if( empty($sql) ) {
continue;
}
$result = $this->db->query($sql);
//只要单条SQL执行成功了就增加初始数量
if( $result ) {
//将更新信息写入数据库
$init_num++;
}
}
//无论最后结果如何,都将更新信息写入数据库
$insert_re = $this->db->insert("on_db_logs",[
"sql_name" => $name,
"update_time" => time(),
@ -730,7 +816,7 @@ class Api { @@ -730,7 +816,7 @@ class Api {
if( $insert_re ) {
$data = [
"code" => 0,
"data" => $name."更新完成!"
"data" => $name."更新完成!总数${num},成功:${init_num}"
];
exit(json_encode($data));
}
@ -738,11 +824,6 @@ class Api { @@ -738,11 +824,6 @@ class Api {
$this->err_msg(-2000,$name."更新失败,请人工检查!");
}
}
else{
//如果执行失败
$this->err_msg(-2000,$name."更新失败,请人工检查!");
}
} catch(Exception $e){
$this->err_msg(-2000,$e->getMessage());
}

84
controller/api.php

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
<?php
/**
* name:API入口文件
* update:2020/12
* name:API入口文件,也可以称之为中间件
* update:2022/03
* author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me
*/
@ -14,60 +14,18 @@ $api = new Api($db); @@ -14,60 +14,18 @@ $api = new Api($db);
//获取请求方法
$method = $_GET['method'];
//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx
switch ($method) {
case 'add_category':
add_category($api);
break;
case 'edit_category':
edit_category($api);
break;
case 'del_category':
del_category($api);
break;
case 'add_link':
add_link($api);
break;
case 'edit_link':
edit_link($api);
break;
case 'del_link':
del_link($api);
break;
case 'category_list':
category_list($api);
break;
case 'link_list':
link_list($api);
break;
case 'get_link_info':
get_link_info($api);
break;
case 'add_js':
add_js($api);
break;
case 'upload':
upload($api);
break;
case 'imp_link':
imp_link($api);
case 'check_weak_password':
check_weak_password($api);
break;
case 'get_a_link':
get_a_link($api);
break;
case 'get_sql_update_list':
get_sql_update_list($api);
break;
case 'exe_sql':
exe_sql($api);
break;
default:
# code...
break;
//可变函数变量
$var_func = htmlspecialchars(trim($method),ENT_QUOTES);
//判断函数是否存在,存在则条用可变函数,否则抛出错误
if ( function_exists($var_func) ) {
//调用可变函数
$var_func($api);
}else{
exit('method not found!');
}
/**
* 添加分类目录入口
*/
@ -133,11 +91,12 @@ function add_link($api){ @@ -133,11 +91,12 @@ function add_link($api){
$fid = intval(@$_POST['fid']);
$title = $_POST['title'];
$url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1;
$api->add_link($token,$fid,$title,$url,$description,$weight,$property);
$api->add_link($token,$fid,$title,$url,$description,$weight,$property,$url_standby);
}
/**
@ -153,11 +112,12 @@ function edit_link($api){ @@ -153,11 +112,12 @@ function edit_link($api){
$fid = intval(@$_POST['fid']);
$title = $_POST['title'];
$url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1;
$api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property);
$api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property,$url_standby);
}
@ -208,6 +168,18 @@ function get_link_info($api) { @@ -208,6 +168,18 @@ function get_link_info($api) {
$api->get_link_info($token,$url);
}
/**
* 根据ID获取单个分类信息
*/
function get_a_category($api) {
//获取token
$data['token'] = @$_POST['token'];
//获取分类ID
$data['id'] = intval(trim($_POST['id']));
//var_dump($data);
$api->get_a_category($data);
}
/**
* 获取一个链接的信息,指存储在数据库的信息
*/

16
controller/click.php

@ -13,7 +13,7 @@ if(empty($id)) { @@ -13,7 +13,7 @@ if(empty($id)) {
}
//查询链接信息
$link = $db->get('on_links',['id','fid','url','property','click'],[
$link = $db->get('on_links',['id','fid','url','url_standby','property','click','title','description'],[
'id' => $id
]);
@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[ @@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[
'id' => $link['fid']
]);
//判断用户是否登录
if( is_login() ) {
$is_login = TRUE;
}
//link.id为公有,且category.id为公有
if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//增加link.id的点击次数
@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ @@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//如果更新成功
if($update) {
//进行header跳转
header('location:'.$link['url']);
//header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit;
}
}
@ -56,10 +63,13 @@ elseif( is_login() ) { @@ -56,10 +63,13 @@ elseif( is_login() ) {
],[
'id' => $id
]);
//如果更新成功
if($update) {
//进行header跳转
header('location:'.$link['url']);
//header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit;
}
}

14
data/update.log

@ -49,3 +49,17 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -49,3 +49,17 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
2. 初始数据库更新
3. 分离分类图标字体设置
4. 集成baisuTwo主题
20220311
1. 简化API入口代码
2. 修复get_a_link查询私有链接返回空值问题
3. 改进SQL更新功能
4. 新增数据库安全检查
5. 新增备用链接功能
6. 新增过渡跳转页面
7. 修复后台链接无法分页问题
20220312
1. 新增API:根据ID查询单个分类信息
2. 修复后台编辑链接,分类信息显示不正确
3. 书签导入时文件名过滤

BIN
db/onenav.simple.db3

Binary file not shown.

1
db/sql/20220308.sql

@ -4,4 +4,3 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32); @@ -4,4 +4,3 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32);
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256);

5
db/sql/20220311.sql

@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
CREATE UNIQUE INDEX on_db_logs_sql_name_IDX ON on_db_logs (sql_name);
-- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256);

11
functions/helper.php

@ -35,3 +35,14 @@ function is_login(){ @@ -35,3 +35,14 @@ function is_login(){
return false;
}
}
//后续全局函数全部以g_命名开头
function g_extend_js() {
//载入js扩展
if( file_exists('data/extend.js') ) {
echo '<script src = "data/extend.js"></script>';
}
else{
echo '';
}
}

11
templates/admin/add_link.php

@ -12,6 +12,17 @@ @@ -12,6 +12,17 @@
<input type="url" id = "url" name="url" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item">
<label class="layui-form-label">链接名称</label>
<div class="layui-input-block">

101
templates/admin/click.php

@ -0,0 +1,101 @@ @@ -0,0 +1,101 @@
<!DOCTYPE html>
<html lang="zh-cn" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title><?php echo $link['title']; ?> - OneNav</title>
<meta name="keywords" content="<?php echo $link['title']; ?>" />
<meta name="description" content="<?php echo $link['description']; ?>" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://lib.sinaapp.com/js/bootstrap/4.3.1/css/bootstrap.min.css" type="" media=""/>
<style>
.prevent-overflow{
width:260px;
overflow: hidden;/*超出部分隐藏*/
white-space: nowrap;/*不换行*/
text-overflow:ellipsis;/*超出部分文字以...显示dsds*/
}
</style>
<?php
//不存在多个链接的情况,如果用户已经登录,则1s后跳转,不然等5s
if( empty($link['url_standby']) ) {
if ($is_login) {
header("Refresh:1;url=".$link['url']);
}
else{
header("Refresh:5;url=".$link['url']);
}
}
?>
</head>
<body>
<div class="container" style = "margin-top:2em;">
<div class="row">
<div class="col-sm-8 offset-sm-2">
<!-- 新建一个表格 -->
<h2>链接信息:</h2>
<table class="table">
<tbody>
<tr class="table-info">
<td>标题</td>
<td><?php echo $link['title']; ?></td>
</tr>
<tr class="table-info">
<td>描述</td>
<td><?php echo $link['description']; ?></td>
</tr>
<tr class="table-info">
<td>链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url']; ?></a>
</div>
</td>
</tr>
<tr class="table-info">
<td>备用链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url_standby']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url_standby']; ?></a>
</div>
</td>
</tr>
</tbody>
</table>
<!-- 如果备用链接是空的,则显示加载中... -->
<?php if( empty($link['url_standby']) ) { ?>
<!-- 加载中 -->
<div class="spinner-border"></div>
即将打开,请稍等...
<!-- 加载中END -->
<?php }else{ ?>
<!-- 备用链接不为空 -->
<!-- 备用链接提示框 -->
<div class="alert alert-primary">
<strong>存在备用链接,请手动点击您要打开的链接!</strong>
</div>
<!-- 提示框END -->
<?php } ?>
<!-- 表格END -->
<div class="xcdn-content">
<?php echo $msg; ?>
</div>
<hr>
<div class="xcdn-footer">&copy;2022 Powered by <a href="https://www.xiaoz.me/" title = "小z博客" rel = "nofollow" target = "_blank">xiaoz</a></div>
</div>
</div>
</div>
<?php g_extend_js(); ?>
</body>
</html>

14
templates/admin/edit_link.php

@ -18,6 +18,18 @@ @@ -18,6 +18,18 @@
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" value = "<?php echo $link['url_standby']; ?>" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item">
<label class="layui-form-label">链接名称</label>
<div class="layui-input-block">
@ -25,7 +37,7 @@ @@ -25,7 +37,7 @@
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">选择框</label>
<label class="layui-form-label">所属分类</label>
<div class="layui-input-block">
<select name="fid" lay-verify="required" lay-search>
<option value="<?php echo $link['fid'] ?>"><?php echo $cat_name; ?></option>

1
templates/admin/index.php

@ -49,6 +49,7 @@ @@ -49,6 +49,7 @@
<?php include_once('footer.php'); ?>
<script>
check_db_down();
check_weak_password();
get_sql_update_list();
</script>

33
templates/admin/static/embed.js

@ -1,3 +1,4 @@ @@ -1,3 +1,4 @@
// 2022014
layui.use(['element','table','layer','form','upload'], function(){
var element = layui.element;
var table = layui.table;
@ -345,6 +346,7 @@ layui.use(['element','table','layer','form','upload'], function(){ @@ -345,6 +346,7 @@ layui.use(['element','table','layer','form','upload'], function(){
upload.render({
elem: '#up_html' //绑定元素
,url: 'index.php?c=api&method=upload' //上传接口
,accept:'file'
,exts: 'html|HTML'
,done: function(res){
//console.log(res);
@ -430,6 +432,24 @@ function check_weak_password(){ @@ -430,6 +432,24 @@ function check_weak_password(){
}
});
}
//检测数据库是否可能被下载
function check_db_down(){
$("#console_log").append("检查数据库是否可被下载...\n");
$.ajax({
type:"HEAD",
async:false,
url:"/data/onenav.db3",
statusCode: {
200: function() {
$("#console_log").append("危险!!!危险!!!危险!!!数据库可被下载,请尽快参考帮助文档:https://dwz.ovh/jvr2t 加固安全设置!\n\n");
},
403:function() {
$("#console_log").append("您的数据库看起来是安全的!\n\n");
}
}
});
}
//获取待更新数据库列表,http://onenav.com/index.php?c=api&method=exe_sql&name=on_db_logs.sql
function get_sql_update_list() {
@ -459,7 +479,7 @@ function get_sql_update_list() { @@ -459,7 +479,7 @@ function get_sql_update_list() {
function exe_sql(sqlname) {
$.ajax({ url: "index.php?c=api&method=exe_sql&name=" + sqlname, async:false, success: function(data,status){
if( data.code == 0 ){
$("#console_log").append(sqlname + "更新完毕!\n");
$("#console_log").append(data.data);
}
else {
$("#console_log").append(sqlname + "更新失败!\n");
@ -467,3 +487,14 @@ function exe_sql(sqlname) { @@ -467,3 +487,14 @@ function exe_sql(sqlname) {
}});
}
//获取GET参数,参考:https://www.runoob.com/w3cnote/js-get-url-param.html
function getQueryVariable(variable)
{
var query = window.location.search.substring(1);
var vars = query.split("&");
for (var i=0;i<vars.length;i++) {
var pair = vars[i].split("=");
if(pair[0] == variable){return pair[1];}
}
return(false);
}

2
version.txt

@ -1 +1 @@ @@ -1 +1 @@
v0.9.16-20220308
v0.9.17-20220314
Loading…
Cancel
Save