Browse Source

20220311

pull/53/head
xiaoz 3 years ago
parent
commit
f7c5d19b05
  1. 87
      class/Api.php
  2. 6
      controller/api.php
  3. 16
      controller/click.php
  4. 12
      data/update.log
  5. 1
      db/sql/20220308.sql
  6. 5
      db/sql/20220311.sql
  7. 11
      templates/admin/add_link.php
  8. 100
      templates/admin/click.php
  9. 12
      templates/admin/edit_link.php
  10. 1
      templates/admin/index.php
  11. 20
      templates/admin/static/embed.js

87
class/Api.php

@ -153,16 +153,24 @@ class Api {
/** /**
* name:添加链接 * name:添加链接
*/ */
public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token); $this->auth($token);
$fid = intval($fid); $fid = intval($fid);
//检测链接是否合法 //检测链接是否合法
$this->check_link($fid,$title,$url); //$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//合并数据 //合并数据
$data = [ $data = [
'fid' => $fid, 'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES), 'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url, 'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES), 'description' => htmlspecialchars($description,ENT_QUOTES),
'add_time' => time(), 'add_time' => time(),
'weight' => $weight, 'weight' => $weight,
@ -297,11 +305,17 @@ class Api {
/** /**
* name:修改链接 * name:修改链接
*/ */
public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){
$this->auth($token); $this->auth($token);
$fid = intval($fid); $fid = intval($fid);
//检测链接是否合法 //检测链接是否合法
$this->check_link($fid,$title,$url); //$this->check_link($fid,$title,$url);
$this->check_link([
'fid' => $fid,
'title' => $title,
'url' => $url,
'url_standby' => $url_standby
]);
//查询ID是否存在 //查询ID是否存在
$count = $this->db->count('on_links',[ 'id' => $id]); $count = $this->db->count('on_links',[ 'id' => $id]);
//如果id不存在 //如果id不存在
@ -313,6 +327,7 @@ class Api {
'fid' => $fid, 'fid' => $fid,
'title' => htmlspecialchars($title,ENT_QUOTES), 'title' => htmlspecialchars($title,ENT_QUOTES),
'url' => $url, 'url' => $url,
'url_standby' => $url_standby,
'description' => htmlspecialchars($description,ENT_QUOTES), 'description' => htmlspecialchars($description,ENT_QUOTES),
'up_time' => time(), 'up_time' => time(),
'weight' => $weight, 'weight' => $weight,
@ -365,8 +380,14 @@ class Api {
} }
/** /**
* 验证链接合法性 * 验证链接合法性
* 接收一个数组作为参数
*/ */
protected function check_link($fid,$title,$url){ protected function check_link($data){
$fid = $data['fid'];
$title = $data['title'];
$url = $data['url'];
$url_standby = @$data['url_standby'];
//如果父及(分类)ID不存在 //如果父及(分类)ID不存在
if( empty($fid )) { if( empty($fid )) {
$this->err_msg(-1007,'The category id(fid) not exist!'); $this->err_msg(-1007,'The category id(fid) not exist!');
@ -391,6 +412,10 @@ class Api {
if( !filter_var($url, FILTER_VALIDATE_URL) ) { if( !filter_var($url, FILTER_VALIDATE_URL) ) {
$this->err_msg(-1010,'URL is not valid!'); $this->err_msg(-1010,'URL is not valid!');
} }
//备用链接不合法
if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) {
$this->err_msg(-1010,'URL is not valid!');
}
return true; return true;
} }
/** /**
@ -505,7 +530,7 @@ class Api {
} }
//如果是私有链接,并且认证通过 //如果是私有链接,并且认证通过
elseif( $link_info['property'] == "1" ) { elseif( $link_info['property'] == "1" ) {
if ( $this->auth($token) ) { if ( ( $this->auth($token) ) || ( $this->is_login() ) ) {
$datas = [ $datas = [
'code' => 0, 'code' => 0,
'data' => $link_info 'data' => $link_info
@ -717,32 +742,42 @@ class Api {
} }
//读取需要更新的SQL内容 //读取需要更新的SQL内容
try { try {
$sql_content = file_get_contents($sql_name); //读取一个SQL温江,并将单个SQL文件拆分成单条SQL语句循环执行
$result = $this->db->query($sql_content); $sql_content = explode(';',file_get_contents($sql_name));
//如果SQL执行成功,则返回 //计算SQL总数
if( $result ) { $num = count($sql_content) - 1;
//将更新信息写入数据库 //初始数量设置为0
$insert_re = $this->db->insert("on_db_logs",[ $init_num = 0;
"sql_name" => $name, //遍历执行SQL语句
"update_time" => time(), foreach ($sql_content as $sql) {
"status" => "TRUE" //如果SQL为空,则跳过此次循环不执行
]); if( empty($sql) ) {
if( $insert_re ) { continue;
$data = [
"code" => 0,
"data" => $name."更新完成!"
];
exit(json_encode($data));
} }
else { $result = $this->db->query($sql);
$this->err_msg(-2000,$name."更新失败,请人工检查!"); //只要单条SQL执行成功了就增加初始数量
if( $result ) {
$init_num++;
} }
}
//无论最后结果如何,都将更新信息写入数据库
$insert_re = $this->db->insert("on_db_logs",[
"sql_name" => $name,
"update_time" => time(),
"status" => "TRUE"
]);
if( $insert_re ) {
$data = [
"code" => 0,
"data" => $name."更新完成!总数${num},成功:${init_num}"
];
exit(json_encode($data));
} }
else{ else {
//如果执行失败
$this->err_msg(-2000,$name."更新失败,请人工检查!"); $this->err_msg(-2000,$name."更新失败,请人工检查!");
} }
} catch(Exception $e){ } catch(Exception $e){
$this->err_msg(-2000,$e->getMessage()); $this->err_msg(-2000,$e->getMessage());
} }

6
controller/api.php

@ -91,11 +91,12 @@ function add_link($api){
$fid = intval(@$_POST['fid']); $fid = intval(@$_POST['fid']);
$title = $_POST['title']; $title = $_POST['title'];
$url = $_POST['url']; $url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description']; $description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1; $property = empty($_POST['property']) ? 0 : 1;
$api->add_link($token,$fid,$title,$url,$description,$weight,$property); $api->add_link($token,$fid,$title,$url,$description,$weight,$property,$url_standby);
} }
/** /**
@ -111,11 +112,12 @@ function edit_link($api){
$fid = intval(@$_POST['fid']); $fid = intval(@$_POST['fid']);
$title = $_POST['title']; $title = $_POST['title'];
$url = $_POST['url']; $url = $_POST['url'];
$url_standby = $_POST['url_standby'];
$description = empty($_POST['description']) ? '' : $_POST['description']; $description = empty($_POST['description']) ? '' : $_POST['description'];
$weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']);
$property = empty($_POST['property']) ? 0 : 1; $property = empty($_POST['property']) ? 0 : 1;
$api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property); $api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property,$url_standby);
} }

16
controller/click.php

@ -13,7 +13,7 @@ if(empty($id)) {
} }
//查询链接信息 //查询链接信息
$link = $db->get('on_links',['id','fid','url','property','click'],[ $link = $db->get('on_links',['id','fid','url','url_standby','property','click','title','description'],[
'id' => $id 'id' => $id
]); ]);
@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[
'id' => $link['fid'] 'id' => $link['fid']
]); ]);
//判断用户是否登录
if( is_login() ) {
$is_login = TRUE;
}
//link.id为公有,且category.id为公有 //link.id为公有,且category.id为公有
if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//增加link.id的点击次数 //增加link.id的点击次数
@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){
//如果更新成功 //如果更新成功
if($update) { if($update) {
//进行header跳转 //进行header跳转
header('location:'.$link['url']); //header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit; exit;
} }
} }
@ -56,10 +63,13 @@ elseif( is_login() ) {
],[ ],[
'id' => $id 'id' => $id
]); ]);
//如果更新成功 //如果更新成功
if($update) { if($update) {
//进行header跳转 //进行header跳转
header('location:'.$link['url']); //header('location:'.$link['url']);
#加载跳转模板
require('templates/admin/click.php');
exit; exit;
} }
} }

12
data/update.log

@ -49,3 +49,15 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
2. 初始数据库更新 2. 初始数据库更新
3. 分离分类图标字体设置 3. 分离分类图标字体设置
4. 集成baisuTwo主题 4. 集成baisuTwo主题
20220311
1. 简化API入口代码
2. 修复get_a_link查询私有链接返回空值问题
3. 改进SQL更新功能
4. 新增数据库安全检查
5. 新增备用链接功能
6. 新增过渡跳转页面
1. 还没添加自定义js
2. 考虑描述过长要不要隐藏
7. 修复后台链接无法分页问题
1. 还没仔细测试是否有问题

1
db/sql/20220308.sql

@ -4,4 +4,3 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32);
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL; ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段 -- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256); ALTER TABLE on_links ADD url_standby TEXT(256);

5
db/sql/20220311.sql

@ -0,0 +1,5 @@
CREATE UNIQUE INDEX on_db_logs_sql_name_IDX ON on_db_logs (sql_name);
-- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用
ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL;
-- 增加一个备用链接字段
ALTER TABLE on_links ADD url_standby TEXT(256);

11
templates/admin/add_link.php

@ -12,6 +12,17 @@
<input type="url" id = "url" name="url" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input"> <input type="url" id = "url" name="url" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div> </div>
</div> </div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item"> <div class="layui-form-item">
<label class="layui-form-label">链接名称</label> <label class="layui-form-label">链接名称</label>
<div class="layui-input-block"> <div class="layui-input-block">

100
templates/admin/click.php

@ -0,0 +1,100 @@
<!DOCTYPE html>
<html lang="zh-cn" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title><?php echo $link['title']; ?> - OneNav</title>
<meta name="keywords" content="<?php echo $link['title']; ?>" />
<meta name="description" content="<?php echo $link['description']; ?>" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://lib.sinaapp.com/js/bootstrap/4.3.1/css/bootstrap.min.css" type="" media=""/>
<style>
.prevent-overflow{
width:280px;
overflow: hidden;/*超出部分隐藏*/
white-space: nowrap;/*不换行*/
text-overflow:ellipsis;/*超出部分文字以...显示dsds*/
}
</style>
<?php
//不存在多个链接的情况,如果用户已经登录,则1s后跳转,不然等5s
if( empty($link['url_standby']) ) {
if ($is_login) {
header("Refresh:1;url=".$link['url']);
}
else{
header("Refresh:5;url=".$link['url']);
}
}
?>
</head>
<body>
<div class="container" style = "margin-top:2em;">
<div class="row">
<div class="col-sm-6 offset-sm-3">
<!-- 新建一个表格 -->
<h2>链接信息:</h2>
<table class="table">
<tbody>
<tr class="table-info">
<td>标题</td>
<td><?php echo $link['title']; ?></td>
</tr>
<tr class="table-info">
<td>描述</td>
<td><?php echo $link['description']; ?></td>
</tr>
<tr class="table-info">
<td>链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url']; ?></a>
</div>
</td>
</tr>
<tr class="table-info">
<td>备用链接</td>
<td>
<div class = "prevent-overflow">
<a href="<?php echo $link['url_standby']; ?>" rel = "nofollow" title = "<?php echo $link['title']; ?>"><?php echo $link['url_standby']; ?></a>
</div>
</td>
</tr>
</tbody>
</table>
<!-- 如果备用链接是空的,则显示加载中... -->
<?php if( empty($link['url_standby']) ) { ?>
<!-- 加载中 -->
<div class="spinner-border"></div>
即将打开,请稍等...
<!-- 加载中END -->
<?php }else{ ?>
<!-- 备用链接不为空 -->
<!-- 备用链接提示框 -->
<div class="alert alert-primary">
<strong>存在备用链接,请手动点击您要打开的链接!</strong>
</div>
<!-- 提示框END -->
<?php } ?>
<!-- 表格END -->
<div class="xcdn-content">
<?php echo $msg; ?>
</div>
<hr>
<div class="xcdn-footer">Powered by <a href="https://www.xiaoz.me/" title = "小z博客" rel = "nofollow" target = "_blank">xiaoz</a></div>
</div>
</div>
</div>
</body>
</html>

12
templates/admin/edit_link.php

@ -18,6 +18,18 @@
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input"> <input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div> </div>
</div> </div>
<!-- 添加备用链接 -->
<div class="layui-col-lg12">
<form class="layui-form">
<div class="layui-form-item">
<label class="layui-form-label">备用URL</label>
<div class="layui-input-block">
<input type="url" id = "url_standby" value = "<?php echo $link['url_standby']; ?>" name="url_standby" placeholder="请输入备用链接,如果没有,请留空" autocomplete="off" class="layui-input">
</div>
</div>
<!-- 备用链接END -->
<div class="layui-form-item"> <div class="layui-form-item">
<label class="layui-form-label">链接名称</label> <label class="layui-form-label">链接名称</label>
<div class="layui-input-block"> <div class="layui-input-block">

1
templates/admin/index.php

@ -49,6 +49,7 @@
<?php include_once('footer.php'); ?> <?php include_once('footer.php'); ?>
<script> <script>
check_db_down();
check_weak_password(); check_weak_password();
get_sql_update_list(); get_sql_update_list();
</script> </script>

20
templates/admin/static/embed.js

@ -430,6 +430,24 @@ function check_weak_password(){
} }
}); });
} }
//检测数据库是否可能被下载
function check_db_down(){
$("#console_log").append("正则检查数据库是否可被下载...\n");
$.ajax({
type:"HEAD",
async:false,
url:"/data/onenav.db3",
statusCode: {
200: function() {
$("#console_log").append("危险!!!危险!!!危险!!!数据库可被下载,请尽快参考帮助文档:https://dwz.ovh/jvr2t 加固安全设置!\n\n");
},
403:function() {
$("#console_log").append("您的数据库看起来是安全的!\n\n");
}
}
});
}
//获取待更新数据库列表,http://onenav.com/index.php?c=api&method=exe_sql&name=on_db_logs.sql //获取待更新数据库列表,http://onenav.com/index.php?c=api&method=exe_sql&name=on_db_logs.sql
function get_sql_update_list() { function get_sql_update_list() {
@ -459,7 +477,7 @@ function get_sql_update_list() {
function exe_sql(sqlname) { function exe_sql(sqlname) {
$.ajax({ url: "index.php?c=api&method=exe_sql&name=" + sqlname, async:false, success: function(data,status){ $.ajax({ url: "index.php?c=api&method=exe_sql&name=" + sqlname, async:false, success: function(data,status){
if( data.code == 0 ){ if( data.code == 0 ){
$("#console_log").append(sqlname + "更新完毕!\n"); $("#console_log").append(data.data);
} }
else { else {
$("#console_log").append(sqlname + "更新失败!\n"); $("#console_log").append(sqlname + "更新失败!\n");

Loading…
Cancel
Save