From c60ae05ff199a868b9b93a083b0226a1ec24acc8 Mon Sep 17 00:00:00 2001 From: xiaoz Date: Fri, 22 Apr 2022 16:46:58 +0800 Subject: [PATCH] 20220422 --- class/Api.php | 129 +++++++++++++++++++++++++++++++++++++------ controller/admin.php | 33 +++++++++-- controller/api.php | 11 +++- controller/index.php | 21 ++++++- 4 files changed, 170 insertions(+), 24 deletions(-) diff --git a/class/Api.php b/class/Api.php index 02c325a..7392a2d 100755 --- a/class/Api.php +++ b/class/Api.php @@ -15,15 +15,20 @@ class Api { /** * name:创建分类目录 */ - public function add_category($token,$name,$property = 0,$weight = 0,$description = '',$font_icon = ''){ + public function add_category($token,$name,$property = 0,$weight = 0,$description = '',$font_icon = '',$fid = 0){ $this->auth($token); + //分类名称不允许为空 + if( empty($name) ) { + $this->err_msg(-2000,'分类名称不能为空!'); + } $data = [ 'name' => htmlspecialchars($name,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, 'property' => $property, 'description' => htmlspecialchars($description,ENT_QUOTES), - 'font_icon' => $font_icon + 'font_icon' => $font_icon, + 'fid' => $fid ]; //插入分类目录 $this->db->insert("on_categorys",$data); @@ -136,13 +141,17 @@ class Api { */ protected function auth($token){ //计算正确的token:用户名 + TOKEN - $token_yes = md5(USER.TOKEN); + $SecretKey = @$this->db->get('on_options','*',[ 'key' => 'SecretKey' ])['value']; + $token_yes = md5(USER.$SecretKey); //如果token为空,则验证cookie if(empty($token)) { if( !$this->is_login() ) { $this->err_msg(-1002,'Authorization failure!'); } } + else if ( empty($SecretKey) ) { + $this->err_msg(-2000,'请先生成SecretKey!'); + } else if($token != $token_yes){ $this->err_msg(-1002,'Authorization failure!'); } @@ -169,8 +178,8 @@ class Api { $data = [ 'fid' => $fid, 'title' => htmlspecialchars($title,ENT_QUOTES), - 'url' => $url, - 'url_standby' => $url_standby, + 'url' => htmlspecialchars($url,ENT_QUOTES), + 'url_standby' => htmlspecialchars($url_standby,ENT_QUOTES), 'description' => htmlspecialchars($description,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, @@ -315,9 +324,9 @@ class Api { //$this->check_link($fid,$title,$url); $this->check_link([ 'fid' => $fid, - 'title' => $title, - 'url' => $url, - 'url_standby' => $url_standby + 'title' => htmlspecialchars($title,ENT_QUOTES), + 'url' => htmlspecialchars($url,ENT_QUOTES), + 'url_standby' => htmlspecialchars($url_standby,ENT_QUOTES) ]); //查询ID是否存在 $count = $this->db->count('on_links',[ 'id' => $id]); @@ -411,12 +420,16 @@ class Api { if( empty($url) ){ $this->err_msg(-1009,'URL cannot be empty!'); } - //链接不合法 - if( !filter_var($url, FILTER_VALIDATE_URL) ) { + //通过正则匹配链接是否合法,支持http/https/ftp/magnet:?|ed2k|tcp/udp/thunder/rtsp/rtmp/sftp + $pattern = "/^(http:\/\/|https:\/\/|ftp:\/\/|ftps:\/\/|magnet:?|ed2k:\/\/|tcp:\/\/|udp:\/\/|thunder:\/\/|rtsp:\/\/|rtmp:\/\/|sftp:\/\/).+/"; + // if( !filter_var($url, FILTER_VALIDATE_URL) ) { + // $this->err_msg(-1010,'URL is not valid!'); + // } + if ( !preg_match($pattern,$url) ) { $this->err_msg(-1010,'URL is not valid!'); } //备用链接不合法 - if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) { + if ( ( !empty($url_standby) ) && ( !preg_match($pattern, $url_standby) ) ) { $this->err_msg(-1010,'URL is not valid!'); } return true; @@ -425,16 +438,30 @@ class Api { * 查询分类目录 */ public function category_list($page,$limit){ + $token = @$_POST['token']; $offset = ($page - 1) * $limit; //如果成功登录,则查询所有 if( $this->is_login() ){ - $sql = "SELECT * FROM on_categorys ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = a.fid LIMIT 1) AS fname FROM on_categorys as a ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + //统计总数 + $count = $this->db->count('on_categorys','*'); + } + //如果存在token,则验证 + else if( !empty($token) ) { + $this->auth($token); + //查询所有分类 + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = a.fid LIMIT 1) AS fname FROM on_categorys as a ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + //统计总数 + $count = $this->db->count('on_categorys','*'); } else{ - $sql = "SELECT * FROM on_categorys WHERE property = 0 ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = a.fid LIMIT 1) AS fname FROM on_categorys as a WHERE property = 0 ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + //统计总数 + $count = $this->db->count('on_categorys','*',[ + "property" => 0 + ]); } - //统计总数 - $count = $this->db->count('on_categorys','*'); + //原生查询 $datas = $this->db->query($sql)->fetchAll(); $datas = [ @@ -445,6 +472,27 @@ class Api { ]; exit(json_encode($datas)); } + /** + * 生成 + */ + public function create_sk() { + //验证是否登录 + $this->auth(''); + $sk = md5(USER.USER.time()); + + $result = $this->set_option_bool('SecretKey',$sk); + if( $result ){ + $datas = [ + 'code' => 0, + 'data' => $sk + ]; + exit(json_encode($datas)); + } + else{ + $this->err_msg(-2000,'SecretKey生成失败!'); + } + + } /** * 查询链接 * 接收一个数组作为参数 @@ -618,7 +666,7 @@ class Api { //检查链接是否合法 //链接不合法 if( !filter_var($url, FILTER_VALIDATE_URL) ) { - $this->err_msg(-1010,'URL is not valid!'); + $this->err_msg(-1010,'只支持识别http/https协议的链接!'); } //获取网站标题 $c = curl_init(); @@ -896,6 +944,55 @@ class Api { } } + /** + * 更新option,返回BOOL值 + */ + protected function set_option_bool($key,$value = '') { + $key = htmlspecialchars(trim($key)); + //如果key是空的 + if( empty($key) ) { + return FALSE; + } + + $count = $this->db->count("on_options", [ + "key" => $key + ]); + + //如果数量是0,则插入,否则就是更新 + if( $count === 0 ) { + try { + $this->db->insert("on_options",[ + "key" => $key, + "value" => $value + ]); + $data = [ + "code" => 0, + "data" => "设置成功!" + ]; + return TRUE; + } catch (\Throwable $th) { + return FALSE; + } + } + //更新数据 + else if( $count === 1 ) { + try { + $this->db->update("on_options",[ + "value" => $value + ],[ + "key" => $key + ]); + $data = [ + "code" => 0, + "data" => "设置已更新!" + ]; + return TRUE; + } catch (\Throwable $th) { + return FALSE; + } + } + + } } diff --git a/controller/admin.php b/controller/admin.php index 1bf42f8..819af4e 100755 --- a/controller/admin.php +++ b/controller/admin.php @@ -22,20 +22,43 @@ $version = get_version(); $page = empty($_GET['page']) ? 'index' : $_GET['page']; //如果页面是修改edit_category -if ($page == 'edit_category') { +if ( $page == 'edit_category' ) { //获取id $id = intval($_GET['id']); //查询单条分类信息 - $category = $db->get('on_categorys','*',[ 'id' => $id ]); + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = a.fid LIMIT 1) AS fname FROM on_categorys AS a WHERE id = $id"; + $category_one = $db->query($sql)->fetchAll()[0]; + //$category_one = $db->get('on_categorys','*',[ 'id' => $id ]); + //查询父级分类 + $categorys = $db->select('on_categorys','*',[ + 'fid' => 0, + 'ORDER' => ['weight' => 'DESC'] + ]); //checked按钮 - if( $category['property'] == 1 ) { - $category['checked'] = 'checked'; + if( $category_one['property'] == 1 ) { + $category_one['checked'] = 'checked'; } else{ - $category['checked'] = ''; + $category_one['checked'] = ''; } } +//添加分类页面 +if ( $page == 'add_category' ) { + //查询父级分类 + $categorys = $db->select('on_categorys','*',[ + 'fid' => 0, + 'ORDER' => ['weight' => 'DESC'] + ]); +} + +//API设置页面 +if( $page == 'setting/api' ) { + //查询SecretKey + $SecretKey = $db->get('on_options','*',[ 'key' => 'SecretKey' ])['value']; + +} + //如果页面是修改link if ($page == 'edit_link') { //查询所有分类信息,用于分类框选择 diff --git a/controller/api.php b/controller/api.php index 11cf2bc..0fce56a 100755 --- a/controller/api.php +++ b/controller/api.php @@ -36,6 +36,8 @@ function add_category($api){ $name = $_POST['name']; //获取私有属性 $property = empty($_POST['property']) ? 0 : 1; + //获取分级ID + $fid = intval($_POST['fid']); //获取权重 $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); //获取描述 @@ -44,7 +46,7 @@ function add_category($api){ $description = htmlspecialchars($description); //获取字体图标 $font_icon = htmlspecialchars($_POST['font_icon'],ENT_QUOTES); - $api->add_category($token,$name,$property,$weight,$description,$font_icon); + $api->add_category($token,$name,$property,$weight,$description,$font_icon,$fid); } /** * 修改分类目录入口 @@ -259,6 +261,8 @@ function set_site($api) { $data['description'] = htmlspecialchars($_POST['description']); //获取自定义header $data['custom_header'] = $_POST['custom_header']; + //获取自定义footer + $data['custom_footer'] = $_POST['custom_footer']; //序列化存储 $value = serialize($data); @@ -283,4 +287,9 @@ function set_transition_page($api) { $api->set_option('s_transition_page',$value); +} + +//生成create_sk +function create_sk($api) { + $api->create_sk(); } \ No newline at end of file diff --git a/controller/index.php b/controller/index.php index e9fc113..2decb9c 100755 --- a/controller/index.php +++ b/controller/index.php @@ -2,13 +2,30 @@ /** * 首页模板入口 */ - //如果已经登录,获取所有分类和链接 if( is_login() ){ - //查询分类目录 + //查询所有分类目录 $categorys = $db->select('on_categorys','*',[ "ORDER" => ["weight" => "DESC"] ]); + //查询一级分类目录,分类fid为0的都是一级分类 + $category_parent = $db->select('on_categorys','*',[ + "fid" => 0, + "ORDER" => ["weight" => "DESC"] + ]); + //根据分类ID查询二级分类,分类fid大于0的都是二级分类 + function get_category_sub($id) { + global $db; + $id = intval($id); + + $category_sub = $db->select('on_categorys','*',[ + "fid" => $id, + "ORDER" => ["weight" => "DESC"] + ]); + + return $category_sub; + } + //根据category id查询链接 function get_links($fid) { global $db;