Compare commits

..

6 Commits

Author SHA1 Message Date
xiaoz ebfba6c9e0
Merge pull request #180 from helloxz/dev 10 months ago
xiaoz 91d3fc9772 0.9.34 10 months ago
xiaoz 998c10d727 0.9.34 10 months ago
xiaoz 7c95405e86 0.9.34 10 months ago
xiaoz cfc01ae62a 0.9.34 10 months ago
xiaoz 17644ac77a 0.9.34 10 months ago
  1. 4
      README.md
  2. 14
      class/Api.php
  3. 11
      controller/admin.php
  4. 4
      controller/index.php
  5. 10
      controller/init.php
  6. 15
      data/update.log
  7. 23
      functions/helper.php
  8. 2
      static/layui/css/layui.css
  9. BIN
      static/layui/font/iconfont.eot
  10. 4
      static/layui/font/iconfont.svg
  11. BIN
      static/layui/font/iconfont.ttf
  12. BIN
      static/layui/font/iconfont.woff
  13. BIN
      static/layui/font/iconfont.woff2
  14. 2
      static/layui/layui.js
  15. 1
      templates/admin/add_link.php
  16. 41
      templates/admin/index.php
  17. 13
      templates/admin/link_list.php
  18. 4
      templates/admin/setting/subscribe.php
  19. 23
      templates/admin/setting/theme.php
  20. 14
      templates/admin/static/style.css
  21. 2
      templates/default/info.json
  22. 2
      version.txt

4
README.md

@ -53,11 +53,11 @@ OneNav是一款开源免费的书签(导航)管理程序,使用使用PHP + @@ -53,11 +53,11 @@ OneNav是一款开源免费的书签(导航)管理程序,使用使用PHP +
```bash
docker run -itd --name="onenav" -p 80:80 \
-v /data/onenav:/data/wwwroot/default/data \
helloz/onenav:0.9.33
helloz/onenav:0.9.34
```
* 第一个`80`是自定义访问端口,可以自行修改,第二个`80`是容器端口,请勿修改
* `/data/onenav`:本机挂载目录,用于持久存储Onenav数据
* `0.9.33`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号
* `0.9.34`:改成OneNav最新版本号,可以通过[releases](https://github.com/helloxz/onenav/releases)查看最新版本号
> 更多说明,请参考帮助文档:https://dwz.ovh/onenav

14
class/Api.php

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
<?php
/**
* name:API核心类
* update:2020/12
* update:2024/01
* author:xiaoz<xiaoz93@outlook.com>
* blog:xiaoz.me
*/
@ -339,6 +339,18 @@ class Api { @@ -339,6 +339,18 @@ class Api {
//过滤$filename
$filename = str_replace('../','',$filename);
$filename = str_replace('./','',$filename);
// 获取文件名称的后缀
$suffix = explode('.',$filename);
// 如果没有后缀,则不合法,通过数组长度判断后缀
if( count($suffix) < 2 ) {
$this->err_msg(-2000,'文件不合法!');
}
// 获取文件后缀
$suffix = strtolower(end($suffix));
if( ( $suffix != 'html' ) && ( $suffix != 'htm' ) ) {
$this->err_msg(-2000,'文件不合法!');
}
$this->auth($token);
//检查文件是否存在
if ( !file_exists($filename) ) {

11
controller/admin.php

@ -23,6 +23,12 @@ check_auth($site_setting['user'],$site_setting['password']); @@ -23,6 +23,12 @@ check_auth($site_setting['user'],$site_setting['password']);
$version = new_get_version();
$page = empty($_GET['page']) ? 'index' : $_GET['page'];
// 正则判断page,只能允许字符+数字和下划线组合
$pattern = "/^[a-zA-Z0-9_\/]+$/";
if ( !preg_match($pattern,$page) ) {
exit('非法请求!');
}
//如果是后台首页,则判断是否是手机访问,并决定是否跳转到手机版页面
if( $page == 'index' ) {
@ -323,6 +329,11 @@ function check_auth($user,$password){ @@ -323,6 +329,11 @@ function check_auth($user,$password){
}
}
// 判断$page文件是否存在,不存在,则终止执行
$full_page_path = 'templates/admin/'.$page;
if( !file_exists($full_page_path) ) {
exit("file does not exist!");
}
// 载入前台首页模板
require('templates/admin/'.$page);

4
controller/index.php

@ -9,6 +9,8 @@ $site = unserialize($site); @@ -9,6 +9,8 @@ $site = unserialize($site);
// 获取链接数量,默认为30
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接
// 载入辅助函数
require('functions/helper.php');
@ -77,6 +79,8 @@ if( is_login() ){ @@ -77,6 +79,8 @@ if( is_login() ){
}
//如果没有登录,只获取公有链接
else{
// 检查分类是否全私有,如果是,则跳转到登录界面
check_all_cat();
//查询分类目录
$categorys = [];
//查询一级分类目录,分类fid为0的都是一级分类

10
controller/init.php

@ -66,6 +66,16 @@ function init($data){ @@ -66,6 +66,16 @@ function init($data){
if( empty($data['username']) || empty($data['password']) ) {
err_msg(-2000,'用户名或密码不能为空!');
}
// 正则验证用户名
$u_patt = '/^[0-9a-z]{3,32}$/';
if( !preg_match($u_patt,$data['username']) ) {
err_msg(-2000,'用户名格式不正确!');
}
// 正则验证密码
$p_patt = '/^[0-9a-zA-Z!@#%^*.()]{6,16}$/';
if( !preg_match($p_patt,$data['password']) ) {
err_msg(-2000,'密码格式不正确!');
}
$config_file = "data/config.php";
//检查配置文件是否存在,存在则不允许设置
if( file_exists($config_file) ) {

15
data/update.log

@ -258,3 +258,18 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); @@ -258,3 +258,18 @@ CREATE INDEX on_options_key_IDX ON on_options ("key");
20231207
1. 新增技术支持按钮
2. 数据备份页面新增上传备份功能
20240109
1. 修复page参数注入问题
2. init控制器后端过滤username和password
3. imp_link方法只允许删除 .htm 或 .html 文件,避免任意文件删除
20240110
1. 新增辅助函数:check_all_cat() 用于判断分类是否全为私有,全私有则跳转到登录页
2. 升级LayUI版本至 v2.9.3
3. 修复主题有可用更新时,不显示更新提示的BUG
4. 修复baisuTwo主题右键复制无效的问题
5. 默认主题修改为默认隐藏链接描述
20240115
1. PC后台新增:分类数量/链接数量/PHP版本显示

23
functions/helper.php

@ -203,3 +203,26 @@ function getCurrentUrlDomain() { @@ -203,3 +203,26 @@ function getCurrentUrlDomain() {
return $domain;
}
/**
* name:检查分类是否全私有,如果是,则跳转到登录界面
*/
function check_all_cat(){
global $db;
// 统计所有分类的数量
$count = $db->count("on_categorys","*");
// 统计私有分类的数量
$count_private = $db->count("on_categorys","*",[
"property" => 1
]);
// 判断数量是否一致,一致则说明全部是私有
if( $count == $count_private ) {
// 判断用户是否登录,未登录则跳转
if( !is_login() ) {
header("Location:/index.php?c=login");
exit;
}
}
}

2
static/layui/css/layui.css

File diff suppressed because one or more lines are too long

BIN
static/layui/font/iconfont.eot

Binary file not shown.

4
static/layui/font/iconfont.svg

@ -14,6 +14,8 @@ @@ -14,6 +14,8 @@
/>
<missing-glyph />
<glyph glyph-name="edge" unicode="&#59019;" d="M240.185509 821.062741C322.180562 871.479699 415.37494 897.48813 509.969233 895.934224 845.948962 895.934224 1023.938224 648.353161 1023.938224 456.964708c-0.199988-65.396055-25.998431-127.79229-71.795669-174.389479-45.797237-46.397201-107.993485-72.995596-173.389539-73.995536-150.390927 0-182.98896 46.197213-182.98896 63.996139 0 7.599542 2.399855 12.399252 9.599421 18.798866l1.99988 2.399855 0.799951 3.199807c20.998733 22.998612 31.798082 52.396839 31.798082 83.194981 0 157.390504-164.390082 285.382782-367.977799 285.382782-75.075471 0.599964-149.071006-17.798926-215.027027-53.796754 53.996742 115.03306 165.430019 195.188224 182.628981 207.627473 1.599903 1.099934 0.599964 1.679899 0.599964 1.679899z m31.198118-636.081624c-2.799831-59.99638 9.199445-119.992761 32.798021-174.389479 27.198359-52.796815 65.396055-101.993847 112.993183-138.591638-118.992821 22.998612-222.966548 87.794703-298.781974 178.589225C42.237452 143.383627 0 259.176641 0 380.169341c0 102.393822 124.792471 188.78861 271.983591 188.78861 73.195584 1.199928 144.791264-21.798685 203.587717-65.396054l-7.199566-2.399856c-102.993786-35.197876-196.988115-181.389056-196.988115-316.180924zM939.543315 95.986486l-1.399915-0.199987c-23.598576-37.597732-51.796875-70.195765-84.394908-98.994028-61.596284-55.996622-136.191783-90.99451-217.586873-99.793979-37.197756-0.599964-73.59556 6.399614-107.593509 22.798624-51.196911 20.598757-94.194317 59.99638-123.192567 105.993605-28.798263 47.797116-42.197454 103.393762-37.997708 159.190396-1.199928 40.197575 10.799348 80.595138 29.99819 116.392978 27.798323-66.196006 74.995475-122.592604 135.191844-161.590251 60.196368-38.997647 130.992097-58.996441 202.787766-57.196549 61.99626-0.599964 124.192507 13.399192 180.389116 40.997526l3.799771 1.799892c7.799529 4.599722 15.399071 7.799529 23.1986 0 8.999457-9.799409 3.599783-18.39889-2.399855-27.998311-0.399976-0.399976-0.599964-0.99994-0.799952-1.399916z" horiz-adv-x="1024" />
<glyph glyph-name="leaf" unicode="&#59137;" d="M1017.948269 886.876437c-4.863707 5.785251-12.031275 9.113051-19.557222 9.113051l-26.110427 0c-258.032454 0.102394-461.847374 0.153591-611.905533-35.735447-80.635142-19.301237-142.992985-48.432282-190.606116-89.031436-51.401703-43.82456-86.420393-101.216302-107.155144-175.554223-13.77197-49.353826-20.222782-138.487656 6.96278-227.160714 10.034595-32.766026 25.700852-63.688963 46.589193-92.103251-62.255449-97.530124-116.063407-225.983185-116.063407-378.805977 0-14.130349 11.468109-25.598458 25.598458-25.598458s25.598458 11.468109 25.598458 25.598458c0 235.761795 139.665185 410.650458 222.91137 493.845446 59.7468 59.7468 127.275532 110.175762 195.367429 145.808815 63.381781 33.175601 123.947732 51.4529 170.536925 51.4529 14.130349 0 25.598458 11.468109 25.598458 25.598458s-11.468109 25.598458-25.598458 25.598458c-55.497456 0-122.667809-19.813206-194.241097-57.340545-72.597226-38.039308-144.477695-91.591282-207.80828-154.973063-26.72479-26.72479-58.876453-62.357843-90.823328-105.977615-12.389654 19.506025-22.014674 40.189579-28.619076 61.794677-25.598458 83.553366-16.178225 164.034917-6.604402 198.388047 73.211589 262.384191 351.313233 263.049751 855.858835 262.896161-60.156376-321.926204-172.328817-530.29765-333.599101-619.533873-149.597387-82.785412-297.966048-37.629733-354.845821-14.335136-11.980078 4.914904-24.06255 10.95614-35.786644 17.91892-12.133669 7.218765-27.851122 3.225406-35.069887-8.908263s-3.225406-27.851122 8.908263-35.069887c13.925561-8.2939 28.260697-15.461468 42.595834-21.349114 31.844481-13.004017 83.143791-29.694211 146.679163-35.172281 14.027955-1.228726 27.902319-1.791892 41.674289-1.791892 75.208269 0 145.860012 18.072511 210.675307 53.910352 82.375837 45.565255 153.641943 119.749585 211.904033 220.351524 68.296685 118.00889 119.698388 274.51786 152.720399 465.175173 1.279923 7.423553-0.767954 15.051893-5.631661 20.837145z" horiz-adv-x="1025" />
<glyph glyph-name="folder" unicode="&#60094;" d="M970.666667 682.666667H542.173333L429.793333 795.046667A52.986667 52.986667 0 0 1 392.08 810.666667H96a53.393333 53.393333 0 0 1-53.333333-53.333334v-704a53.393333 53.393333 0 0 1 53.333333-53.333333h874.666667a53.393333 53.393333 0 0 1 53.333333 53.333333V629.333333a53.393333 53.393333 0 0 1-53.333333 53.333334zM96 768h296.08a10.573333 10.573333 0 0 0 7.54-3.126667L481.826667 682.666667H96a53.546667 53.546667 0 0 1-10.666667-1.073334V757.333333a10.666667 10.666667 0 0 0 10.666667 10.666667z m885.333333-714.666667a10.666667 10.666667 0 0 0-10.666666-10.666666H96a10.666667 10.666667 0 0 0-10.666667 10.666666V629.333333a10.666667 10.666667 0 0 0 10.666667 10.666667h874.666667a10.666667 10.666667 0 0 0 10.666666-10.666667z" horiz-adv-x="1024" />
@ -66,8 +68,6 @@ @@ -66,8 +68,6 @@
<glyph glyph-name="chrome" unicode="&#59018;" d="M515.436 583.685H914.285C840.842 730.955 688.748 832.132 513 832.132c-141.284 0-267.274-65.395-349.42-167.546l151.66-262.682c8.535 102.325 95.704 181.781 200.196 181.781zM514.218 550.803c-91.476 0-165.631-74.155-165.631-165.631s74.155-165.631 165.631-165.631c52.7 0 99.615 24.642 129.95 62.999l1.428 2.474 0.355-0.205c21.252 27.852 33.898 62.624 33.898 100.363 0 84.774-63.702 154.626-145.841 164.413l-6.393 0.632c-4.424 0.354-8.882 0.586-13.397 0.586zM929.561 549.585H627.443c52.209-36.066 86.506-96.297 86.506-164.413 0-45.547-18.268-81.598-41.12-121.192L483.898-63.257c9.624-0.617 19.322-0.966 29.102-0.966 247.521 0 448.177 200.656 448.177 448.177 0 58.508-11.225 114.391-31.616 165.631zM514.218 185.441c-83.583 0-144.927 54.804-185.034 124.651l-0.235-0.136-187.482 324.727C93.081 563.124 64.823 476.84 64.823 383.954c0-225.02 165.839-411.288 381.958-443.298l152.278 263.752c-25.769-12.143-54.518-18.967-84.841-18.967z" horiz-adv-x="1024" />
<glyph glyph-name="edge" unicode="&#59019;" d="M854.794 669.297C797.923 743.783 683.626 823.59 548.62 830.822 136.707 852.889 85.742 435.448 85.742 435.448c55.449 53.038 58.01 97.116 163.936 154.293C673.983 818.768 676.394 476.432 676.394 476.432H346.111c-7.232 65.092 62.681 137.417 62.681 137.417-202.509-98.844-216.974-284.477-216.974-284.477s-28.93-279.655 219.385-364.034 452.029 42.189 452.029 42.189V193.16c-59.065-32.546-102.292-54.405-153.087-63.887-361.623-67.503-364.034 188.044-364.034 188.044h585.83c0 0.001 39.075 199.761-77.147 351.98z" horiz-adv-x="1024" />
<glyph glyph-name="heart" unicode="&#59020;" d="M512 4.100000000000023c-108.9 0-447.3 277.5-447.3 522.2 0 131 106.6 237.6 237.6 237.6 94.9 0 174.8-50.2 209.7-76.1 34.9 25.9 114.8 76.1 209.7 76.1 131 0 237.6-106.6 237.6-237.6 0-244.7-338.4-522.2-447.3-522.2zM302.3 708c-100.2 0-181.7-81.5-181.7-181.7 0-221 326.8-466.3 391.4-466.3s391.4 245.3 391.4 466.3c0 100.2-81.5 181.7-181.7 181.7-103.9 0-190.2-76-191.1-76.8-10.6-9.5-26.7-9.5-37.3 0-0.8 0.8-87.7 76.8-191 76.8z" horiz-adv-x="1024" />
<glyph glyph-name="key" unicode="&#59011;" d="M819.2 588.8c0-172.8-140.8-307.2-307.2-307.2-172.8 0-307.2 140.8-307.2 307.2C204.8 755.2 339.2 896 512 896S819.2 755.2 819.2 588.8L819.2 588.8zM512 838.4c-140.8 0-249.6-115.2-249.6-249.6 0-134.4 108.8-256 249.6-256s256 115.2 256 249.6S652.8 838.4 512 838.4L512 838.4zM480 300.79999999999995l64 0L544-128l-64 0L480 300.79999999999995 480 300.79999999999995zM512 192l192 0 0-64L512 128 512 192 512 192zM512 64l192 0 0-64L512 0 512 64 512 64z" horiz-adv-x="1024" />

Before

Width:  |  Height:  |  Size: 321 KiB

After

Width:  |  Height:  |  Size: 323 KiB

BIN
static/layui/font/iconfont.ttf

Binary file not shown.

BIN
static/layui/font/iconfont.woff

Binary file not shown.

BIN
static/layui/font/iconfont.woff2

Binary file not shown.

2
static/layui/layui.js vendored

File diff suppressed because one or more lines are too long

1
templates/admin/add_link.php

@ -9,6 +9,7 @@ @@ -9,6 +9,7 @@
<div class="setting-msg">
<p>1. 权重越大,排序越靠前</p>
<p>2. 识别功能可以自动获取链接标题和描述信息,但不确保一定成功</p>
<p>3. 仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</p>
</div>
</div>
<!-- 说明提示框END -->

41
templates/admin/index.php

@ -28,6 +28,33 @@ @@ -28,6 +28,33 @@
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>分类数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=category_list"><span id="cat_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>链接数量</h2>
<p class="text">
<a href="/index.php?c=admin&page=link_list"><span id="link_num"></span></a>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>PHP版本</h2>
<p class="text">
<span id="php_version"></span>
</p>
</div>
</div>
<div class="layui-col-lg3">
<div class = "admin-msg">
<h2>交流群</h2>
@ -108,4 +135,18 @@ @@ -108,4 +135,18 @@
check_weak_password();
get_sql_update_list();
get_latest_version();
app_info();
// 获取app_info
function app_info(){
//alert("dsdfd");
let api_url = "/index.php?c=api&method=app_info";
console.log(api_url);
$.get(api_url,function(data,status){
data = data.data;
$("#php_version").html(data.php_version);
$("#cat_num").html(data.cat_num);
$("#link_num").html(data.link_num);
});
}
</script>

13
templates/admin/link_list.php

@ -4,6 +4,19 @@ @@ -4,6 +4,19 @@
<div class="layui-body">
<!-- 内容主体区域 -->
<div class="layui-row content-body place-holder">
<!-- 说明提示框 -->
<div class="layui-col-lg12">
<div class="page-msg">
<ol>
<li>仅 5iux/heimdall/tushan2/webstack 支持自定义图标,其余主题均自动获取链接图标。</li>
<li>分类的私有属性优先级高于链接的私有属性</li>
<li>权重数字越大,排序越靠前</li>
</ol>
</div>
</div>
<!-- 说明提示框END -->
<!-- 表单上面的按钮 -->
<div class="lay-col-lg12">
<form class="layui-form layui-form-pane" action="">

4
templates/admin/setting/subscribe.php

@ -12,7 +12,7 @@ @@ -12,7 +12,7 @@
<li>您可以前往:<a href="https://dwz.ovh/69h9q" rel = "nofollow" target = "_blank" title = "购买订阅服务">https://dwz.ovh/69h9q</a> 购买订阅服务,订阅后可以:</li>
<li>1. 享受一键更新OneNav</li>
<li>2. 可在线下载和更新主题</li>
<li>3. 可享受一对一售后服务(仅限高级版和商业版)</li>
<li>3. 可享受一对一售后服务</li>
<li>4. 可帮助OneNav持续发展,让OneNav变得更加美好</li>
<li>5. 更多高级功能(自定义版权、广告管理等)</li>
<li>6. 数据库备份</li>
@ -20,7 +20,7 @@ @@ -20,7 +20,7 @@
</div>
<div class="setting-msg">
<p>1. 系统检测到您的域名为<strong style="color:#31BDEC;"><code><?php echo get_host(); ?></code></strong>,购买订阅时请填写此域名!</p>
<p>2. 若域名填写错误或更换域名,请前往<a title = "修改OneNav订阅域名" href="https://www.onenav.top/msub.html" target="_blank">https://www.onenav.top/msub.html</a>修改订阅!</p>
<p>2. 若域名填写错误或更换域名,请前往 <a title = "修改OneNav订阅域名" href="https://dwz.ovh/p6u2w" target="_blank">https://dwz.ovh/p6u2w</a> 修改订阅!</p>
<!-- <p>3. Docker用户或IP访问的用户,请参考<a href="https://dwz.ovh/cve3d" target="_blank">没有域名购买订阅</a></p> -->
</div>
</div>

23
templates/admin/setting/theme.php

@ -24,11 +24,20 @@ @@ -24,11 +24,20 @@
?>
<div class="layui-col-md3">
<div class="layui-card custom-card">
<div class="layui-card-header">
<?php echo $key; ?> - <?php echo $theme['info']->version ?>
<div class="layui-card-header" id="<?php echo $key; ?>">
<div class="them-header">
<div class="left">
<span class = "name"><?php echo $key; ?> - <?php echo $theme['info']->version ?></span>
<?php if( $current_them == $key ) { ?>
<span style = "color:#ff5722;">(使用中)</span>
<?php } ?>
</div>
<div class="right">
<span class="renewable" style="color:#FF5722;font-size:14px;"></span>
</div>
</div>
</div>
<div class="layui-card-body">
<!-- 主题图片 -->
@ -214,25 +223,29 @@ function update_theme(name,version){ @@ -214,25 +223,29 @@ function update_theme(name,version){
//遍历所有主题,检查是否有更新
function check_update(){
console.log('fdsfsdf');
//请求远程主题列表
$.get("https://onenav.xiaoz.top/v1/theme_list.php",function(data,status){
let result = data.data;
console.log(result);
//console.log(result.5iux);
for (const obj in result) {
//获取主题名称
let value = $("#" + obj).text();
let select = `#${obj} .name`;
let value = $(select).text();
//如果获取到的数据为空
if( value == '' ) {
continue;
}
//console.log(obj);
//获取最新版本
let latest_version = result[obj].version;
//获取当前版本
let current_version = value.split(' - ')[1];
//如果存在最新版本
if( latest_version > current_version ) {
console.log("#" + obj + ".renewable");
console.log("#" + obj + " .renewable");
$("#" + obj + " .renewable").append(`(可更新至${latest_version})`);
}
}

14
templates/admin/static/style.css

@ -208,3 +208,17 @@ @@ -208,3 +208,17 @@
.upload-backup{
margin-top: 16px;
}
.them-header{
}
.them-header .left{
width: 50%;
float:left;
text-align: left;
}
.them-header .right{
width: 50%;
text-align: right;
float:right;
}

2
templates/default/info.json

@ -14,7 +14,7 @@ @@ -14,7 +14,7 @@
},
"config": {
"full_width_mode":"off",
"link_description":"show",
"link_description":"hide",
"favicon": "online"
}
}

2
version.txt

@ -1 +1 @@ @@ -1 +1 @@
v0.9.33-20231207
v0.9.34-20240115
Loading…
Cancel
Save