xiaoz
/
onenav
mirror of https://github.com/helloxz/onenav.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #53 from helloxz/dev 

20220314
pull/90/head
xiaoz 4 years ago committed by GitHub
parent
86924ae2f6 c755c37ea5
commit
7f4822f35e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 341 additions and 93 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 135
      class/Api.php
  2. 84
      controller/api.php
  3. 16
      controller/click.php
  4. 14
      data/update.log
  5. BIN
      db/onenav.simple.db3
  6. 1
      db/sql/20220308.sql
  7. 5
      db/sql/20220311.sql
  8. 11
      functions/helper.php
  9. 11
      templates/admin/add_link.php
  10. 101
      templates/admin/click.php
  11. 14
      templates/admin/edit_link.php
  12. 1
      templates/admin/index.php
  13. 33
      templates/admin/static/embed.js
  14. 2
      version.txt

135
class/Api.php
Unescape View File

@ -153,16 +153,24 @@ class Api { @@ -153,16 +153,24 @@ class Api {
/**
* name:添加链接
*/
public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0){
public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token);
$fid = intval($fid);
//检测链接是否合法
$this->check_link($fid,$title,$url);
//$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//合并数据
$data = [
'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES),
'add_time' => time(),
'weight' => $weight,
@ -190,6 +198,9 @@ class Api { @@ -190,6 +198,9 @@ class Api {
* 批量导入链接
*/
public function imp_link($token,$filename,$fid,$property = 0){
//过滤$filename
$filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename);
$this->auth($token);
//检查文件是否存在
if ( !file_exists($filename) ) {
@ -297,11 +308,17 @@ class Api { @@ -297,11 +308,17 @@ class Api {
/**
* name:修改链接
*/
public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0){
public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token);
$fid = intval($fid);
//检测链接是否合法
$this->check_link($fid,$title,$url);
//$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//查询ID是否存在
$count = $this->db->count('on_links',[ 'id' => $id]);
//如果id不存在
@ -313,6 +330,7 @@ class Api { @@ -313,6 +330,7 @@ class Api {
'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES),
'up_time' => time(),
'weight' => $weight,
@ -365,8 +383,14 @@ class Api { @@ -365,8 +383,14 @@ class Api {
}
/**
* 验证链接合法性
* 接收一个数组作为参数
*/
protected function check_link($fid,$title,$url){
protected function check_link($data){
$fid = $data['fid'];
$title = $data['title'];
$url = $data['url'];
$url_standby = @$data['url_standby'];
//如果父及(分类)ID不存在
if( empty($fid )) {
$this->err_msg(-1007,'The category id(fid) not exist!');
@ -391,6 +415,10 @@ class Api { @@ -391,6 +415,10 @@ class Api {
if( !filter_var($url, FILTER_VALIDATE_URL) ) {
$this->err_msg(-1010,'URL is not valid!');
}
//备用链接不合法
if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) {
$this->err_msg(-1010,'URL is not valid!');
}
return true;
}
/**
@ -471,7 +499,7 @@ class Api { @@ -471,7 +499,7 @@ class Api {
//echo $sql;
//如果查询的总数大于limit,则以limit为准
$count = ( $count > $limit) ? $limit : $count;
//$count = ( $count > $limit) ? $limit : $count;
//原生查询
$datas = $this->db->query($sql)->fetchAll();
@ -505,7 +533,7 @@ class Api { @@ -505,7 +533,7 @@ class Api {
}
//如果是私有链接,并且认证通过
elseif( $link_info['property'] == "1" ) {
if ( $this->auth($token) ) {
if ( ( $this->auth($token) ) || ( $this->is_login() ) ) {
$datas = [
'code' => 0,
'data' => $link_info
@ -524,6 +552,49 @@ class Api { @@ -524,6 +552,49 @@ class Api {
}
exit(json_encode($datas));
}
/**
* 查询单个分类信息
* 此函数接收一个数组
*/
public function get_a_category($data) {
$id = $data['id'];
$token = $data['token'];
$category_info = $this->db->get("on_categorys","*",[
"id" => $id
]);
//var_dump($category_info);
//如果是公开分类,则直接返回
if ( $category_info['property'] == "0" ) {
$datas = [
'code' => 0,
'data' => $category_info
];
}
//如果是私有链接,并且认证通过
elseif( $category_info['property'] == "1" ) {
if ( ( $this->auth($token) ) || ( $this->is_login() ) ) {
$datas = [
'code' => 0,
'data' => $category_info
];
}
//exit(json_encode($datas));
}
//如果是其它情况,则显示为空
else{
$datas = [
'code' => 0,
'data' => []
];
//exit(json_encode($datas));
}
exit(json_encode($datas));
}
/**
* 验证是否登录
*/
@ -717,32 +788,42 @@ class Api { @@ -717,32 +788,42 @@ class Api {
}
//读取需要更新的SQL内容
try {
$sql_content = file_get_contents($sql_name);
$result = $this->db->query($sql_content);
//如果SQL执行成功,则返回
if( $result ) {
//将更新信息写入数据库
$insert_re = $this->db->insert("on_db_logs",[
"sql_name" => $name,
"update_time" => time(),
"status" => "TRUE"
]);
if( $insert_re ) {
$data = [
"code" => 0,
"data" => $name."更新完成!"
];
exit(json_encode($data));
//读取一个SQL温江,并将单个SQL文件拆分成单条SQL语句循环执行
$sql_content = explode(';',file_get_contents($sql_name));
//计算SQL总数
$num = count($sql_content) - 1;
//初始数量设置为0
$init_num = 0;
//遍历执行SQL语句
foreach ($sql_content as $sql) {
//如果SQL为空,则跳过此次循环不执行
if( empty($sql) ) {
continue;
}
else {
$this->err_msg(-2000,$name."更新失败,请人工检查!");
$result = $this->db->query($sql);
//只要单条SQL执行成功了就增加初始数量
if( $result ) {
$init_num++;
}
}
//无论最后结果如何,都将更新信息写入数据库
$insert_re = $this->db->insert("on_db_logs",[
"sql_name" => $name,
"update_time" => time(),
"status" => "TRUE"
]);
if( $insert_re ) {
$data = [
"code" => 0,
"data" => $name."更新完成!总数${num},成功:${init_num}"
];
exit(json_encode($data));
}
else{
//如果执行失败
else {
$this->err_msg(-2000,$name."更新失败,请人工检查!");
}
} catch(Exception $e){
$this->err_msg(-2000,$e->getMessage());
}

84
controller/api.php
Unescape View File

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
<?php
/**
* name:API入口文件
* update:2020/12
* name:API入口文件,也可以称之为中间件
* update:2022/03
* author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me
*/
@ -14,60 +14,18 @@ $api = new Api($db); @@ -14,60 +14,18 @@ $api = new Api($db);
//获取请求方法
$method = $_GET['method'];
//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx
switch ($method) {
case 'add_category':
add_category($api);
break;
case 'edit_category':
edit_category($api);
break;
case 'del_category':
del_category($api);
break;
case 'add_link':
add_link($api);
break;
case 'edit_link':
edit_link($api);
break;
case 'del_link':
del_link($api);
break;
case 'category_list':
category_list($api);
break;
case 'link_list':
link_list($api);
break;
case 'get_link_info':
get_link_info($api);
break;
case 'add_js':
add_js($api);
break;
case 'upload':
upload($api);
break;
case 'imp_link':
imp_link($api);
case 'check_weak_password':
check_weak_password($api);
break;
case 'get_a_link':
get_a_link($api);
break;
case 'get_sql_update_list':
get_sql_update_list($api);
break;
case 'exe_sql':
exe_sql($api);
break;
default:
# code...
break;
//可变函数变量
$var_func = htmlspecialchars(trim($method),ENT_QUOTES);
//判断函数是否存在,存在则条用可变函数,否则抛出错误
if ( function_exists($var_func) ) {
//调用可变函数
$var_func($api);
}else{
exit('method not found!');
}
/**
* 添加分类目录入口
*/
@ -133,11 +91,12 @@ function add_link($api){ @@ -133,11 +91,12 @@ function add_link($api){
$fid = intval(@$_POST['fid']);
$title = $_POST['title'];
$url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1;
$api->add_link($token,$fid,$title,$url,$description,$weight,$property);
$api->add_link($token,$fid,$title,$url,$description,$weight,$property,$url_standby);
}
/**
@ -153,11 +112,12 @@ function edit_link($api){ @@ -153,11 +112,12 @@ function edit_link($api){
$fid = intval(@$_POST['fid']);
$title = $_POST['title'];
$url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1;
$api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property);
$api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property,$url_standby);
}
@ -208,6 +168,18 @@ function get_link_info($api) { @@ -208,6 +168,18 @@ function get_link_info($api) {
$api->get_link_info($token,$url);
}
/**
* 根据ID获取单个分类信息
*/
function get_a_category($api) {
//获取token
$data['token'] = @$_POST['token'];
//获取分类ID
$data['id'] = intval(trim($_POST['id']));
//var_dump($data);
$api->get_a_category($data);
}
/**
* 获取一个链接的信息,指存储在数据库的信息
*/

16
controller/click.php
Unescape View File

@ -13,7 +13,7 @@ if(empty($id)) { @@ -13,7 +13,7 @@ if(empty($id)) {
}
//查询链接信息
$link = $db->get('on_links',['id','fid','url','property','click'],[
$link = $db->get('on_links',['id','fid','url','url_standby','property','click','title','description'],[
'id' => $id
]);
@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[ @@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[
'id' => $link['fid']
]);
//判断用户是否登录
if( is_login() ) {
$is_login = TRUE;
}
//link.id为公有,且category.id为公有
if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//增加link.id的点击次数
@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ @@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//如果更新成功
if($update) {
//进行header跳转
header('location:'.$link['url']);
//header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit;
}
}
@ -56,10 +63,13 @@ elseif( is_login() ) { @@ -56,10 +63,13 @@ elseif( is_login() ) {
],[
'id' => $id
]);
//如果更新成功
if($update) {
//进行header跳转
header('location:'.$link['url']);
//header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit;
}
}

14
data/update.log
Unescape View File

@ -49,3 +49,17 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -49,3 +49,17 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
2. 初始数据库更新
3. 分离分类图标字体设置
4. 集成baisuTwo主题
20220311
1. 简化API入口代码
2. 修复get_a_link查询私有链接返回空值问题
3. 改进SQL更新功能
4. 新增数据库安全检查
5. 新增备用链接功能
6. 新增过渡跳转页面
7. 修复后台链接无法分页问题
20220312
1. 新增API:根据ID查询单个分类信息
2. 修复后台编辑链接,分类信息显示不正确
3. 书签导入时文件名过滤

BIN
db/onenav.simple.db3
View File

Binary file not shown.

1
db/sql/20220308.sql
Unescape View File

@ -4,4 +4,3 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32); @@ -4,4 +4,3 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32);
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256);

5
db/sql/20220311.sql
Unescape View File

@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
CREATE UNIQUE INDEX on_db_logs_sql_name_IDX ON on_db_logs (sql_name);
-- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256);

11
functions/helper.php
Unescape View File

@ -35,3 +35,14 @@ function is_login(){ @@ -35,3 +35,14 @@ function is_login(){
return false;
}
}
//后续全局函数全部以g_命名开头
function g_extend_js() {
//载入js扩展
if( file_exists('data/extend.js') ) {
echo '<script src = "data/extend.js"></script>';
}
else{
echo '';
}
}

11
templates/admin/add_link.php
Unescape View File

@ -12,6 +12,17 @@ @@ -12,6 +12,17 @@
<input type="url" id = "url" name="url" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item">
<label class="layui-form-label">链接名称</label>
<div class="layui-input-block">

101
templates/admin/click.php
Unescape View File

@ -0,0 +1,101 @@ @@ -0,0 +1,101 @@
<!DOCTYPE html>
<html lang="zh-cn" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title><?php echo $link['title']; ?> - OneNav</title>
<meta name="keywords" content="<?php echo $link['title']; ?>" />
<meta name="description" content="<?php echo $link['description']; ?>" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://lib.sinaapp.com/js/bootstrap/4.3.1/css/bootstrap.min.css" type="" media=""/>
<style>
.prevent-overflow{
width:260px;
overflow: hidden;/*超出部分隐藏*/
white-space: nowrap;/*不换行*/
text-overflow:ellipsis;/*超出部分文字以...显示dsds*/
}
</style>
<?php
//不存在多个链接的情况,如果用户已经登录,则1s后跳转,不然等5s
if( empty($link['url_standby']) ) {
if ($is_login) {
header("Refresh:1;url=".$link['url']);
}
else{
header("Refresh:5;url=".$link['url']);
}
}
?>
</head>
<body>
<div class="container" style = "margin-top:2em;">
<div class="row">
<div class="col-sm-8 offset-sm-2">
<!-- 新建一个表格 -->
<h2>链接信息:</h2>
<table class="table">
<tbody>
<tr class="table-info">
<td>标题</td>
<td><?php echo $link['title']; ?></td>
</tr>
<tr class="table-info">
<td>描述</td>
<td><?php echo $link['description']; ?></td>
</tr>
<tr class="table-info">
<td>链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url']; ?></a>
</div>
</td>
</tr>
<tr class="table-info">
<td>备用链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url_standby']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url_standby']; ?></a>
</div>
</td>
</tr>
</tbody>
</table>
<!-- 如果备用链接是空的,则显示加载中... -->
<?php if( empty($link['url_standby']) ) { ?>
<!-- 加载中 -->
<div class="spinner-border"></div>
即将打开,请稍等...
<!-- 加载中END -->
<?php }else{ ?>
<!-- 备用链接不为空 -->
<!-- 备用链接提示框 -->
<div class="alert alert-primary">
<strong>存在备用链接,请手动点击您要打开的链接!</strong>
</div>
<!-- 提示框END -->
<?php } ?>
<!-- 表格END -->
<div class="xcdn-content">
<?php echo $msg; ?>
</div>
<hr>
<div class="xcdn-footer">&copy;2022 Powered by <a href="https://www.xiaoz.me/" title = "小z博客" rel = "nofollow" target = "_blank">xiaoz</a></div>
</div>
</div>
</div>
<?php g_extend_js(); ?>
</body>
</html>

14
templates/admin/edit_link.php
Unescape View File

@ -18,6 +18,18 @@ @@ -18,6 +18,18 @@
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" value = "<?php echo $link['url_standby']; ?>" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item">
<label class="layui-form-label">链接名称</label>
<div class="layui-input-block">
@ -25,7 +37,7 @@ @@ -25,7 +37,7 @@
</div>
</div>
<div class="layui-form-item">
<label class="layui-form-label">选择框</label>
<label class="layui-form-label">所属分类</label>
<div class="layui-input-block">
<select name="fid" lay-verify="required" lay-search>
<option value="<?php echo $link['fid'] ?>"><?php echo $cat_name; ?></option>

1
templates/admin/index.php
Unescape View File

@ -49,6 +49,7 @@ @@ -49,6 +49,7 @@
<?php include_once('footer.php'); ?>
<script>
check_db_down();
check_weak_password();
get_sql_update_list();
</script>

33
templates/admin/static/embed.js
Unescape View File

@ -1,3 +1,4 @@ @@ -1,3 +1,4 @@
// 2022014
layui.use(['element','table','layer','form','upload'], function(){
var element = layui.element;
var table = layui.table;
@ -345,6 +346,7 @@ layui.use(['element','table','layer','form','upload'], function(){ @@ -345,6 +346,7 @@ layui.use(['element','table','layer','form','upload'], function(){
upload.render({
elem: '#up_html' //绑定元素
,url: 'index.php?c=api&method=upload' //上传接口
,accept:'file'
,exts: 'html|HTML'
,done: function(res){
//console.log(res);
@ -430,6 +432,24 @@ function check_weak_password(){ @@ -430,6 +432,24 @@ function check_weak_password(){
}
});
}
//检测数据库是否可能被下载
function check_db_down(){
$("#console_log").append("检查数据库是否可被下载...\n");
$.ajax({
type:"HEAD",
async:false,
url:"/data/onenav.db3",
statusCode: {
200: function() {
$("#console_log").append("危险!!!危险!!!危险!!!数据库可被下载,请尽快参考帮助文档:https://dwz.ovh/jvr2t 加固安全设置!\n\n");
},
403:function() {
$("#console_log").append("您的数据库看起来是安全的!\n\n");
}
}
});
}
//获取待更新数据库列表,http://onenav.com/index.php?c=api&method=exe_sql&name=on_db_logs.sql
function get_sql_update_list() {
@ -459,7 +479,7 @@ function get_sql_update_list() { @@ -459,7 +479,7 @@ function get_sql_update_list() {
function exe_sql(sqlname) {
$.ajax({ url: "index.php?c=api&method=exe_sql&name=" + sqlname, async:false, success: function(data,status){
if( data.code == 0 ){
$("#console_log").append(sqlname + "更新完毕!\n");
$("#console_log").append(data.data);
}
else {
$("#console_log").append(sqlname + "更新失败!\n");
@ -467,3 +487,14 @@ function exe_sql(sqlname) { @@ -467,3 +487,14 @@ function exe_sql(sqlname) {
}});
}
//获取GET参数,参考:https://www.runoob.com/w3cnote/js-get-url-param.html
function getQueryVariable(variable)
{
var query = window.location.search.substring(1);
var vars = query.split("&");
for (var i=0;i<vars.length;i++) {
var pair = vars[i].split("=");
if(pair[0] == variable){return pair[1];}
}
return(false);
}

2
version.txt
Unescape View File

@ -1 +1 @@ @@ -1 +1 @@
v0.9.16-20220308
v0.9.17-20220314
Write Preview
Loading…
Cancel
Save