From 668a464bf818d90c4100733daf7672d4bff6a42d Mon Sep 17 00:00:00 2001 From: xiaoz Date: Mon, 14 Feb 2022 10:39:45 +0800 Subject: [PATCH 1/3] v0.9.13 --- .htaccess | 0 LICENSE | 0 README.md | 0 class/.htaccess | 0 class/Api.php | 28 ++++++++++++------- class/Medoo.php | 0 class/index.html | 0 config.simple.php | 0 controller/.htaccess | 0 controller/admin.php | 0 controller/api.php | 10 ++++++- controller/click.php | 0 controller/index.html | 0 controller/index.php | 0 controller/login.php | 0 data/index.html | 0 data/update.log | 8 +++++- db/onenav.simple.db3 | Bin favicon.ico | Bin functions/.htaccess | 0 functions/helper.php | 0 index.php | 12 ++++++++- static/layer/layer.js | 0 static/layer/mobile/layer.js | 0 static/layer/mobile/need/layer.css | 0 static/layer/theme/default/icon-ext.png | Bin static/layer/theme/default/icon.png | Bin static/layer/theme/default/layer.css | 0 static/layer/theme/default/loading-0.gif | Bin static/layer/theme/default/loading-1.gif | Bin static/layer/theme/default/loading-2.gif | Bin templates/admin/403.php | 0 templates/admin/add_category.php | 0 templates/admin/add_link.php | 0 templates/admin/add_link_tpl.php | 0 templates/admin/add_quick_tpl.php | 0 templates/admin/category_list.php | 0 templates/admin/edit_category.php | 0 templates/admin/edit_link.php | 0 templates/admin/ext_js.php | 0 templates/admin/footer.php | 2 +- templates/admin/header.php | 0 templates/admin/imp_link.php | 0 templates/admin/index.html | 0 templates/admin/index.php | 3 +++ templates/admin/left.php | 0 templates/admin/link_list.php | 0 templates/admin/login.php | 4 +++ templates/admin/static/add_quick_tpl.css | 0 templates/admin/static/bg.jpg | Bin templates/admin/static/embed.js | 33 +++++++++++++++++++++-- templates/admin/static/style.css | 0 templates/default/index.php | 18 ++++++++++++- templates/default/static/embed.js | 0 templates/default/static/holmes.js | 0 templates/default/static/style.css | 0 templates/index.html | 0 version.txt | 2 +- 58 files changed, 103 insertions(+), 17 deletions(-) mode change 100644 => 100755 .htaccess mode change 100644 => 100755 LICENSE mode change 100644 => 100755 README.md mode change 100644 => 100755 class/.htaccess mode change 100644 => 100755 class/Api.php mode change 100644 => 100755 class/Medoo.php mode change 100644 => 100755 class/index.html mode change 100644 => 100755 config.simple.php mode change 100644 => 100755 controller/.htaccess mode change 100644 => 100755 controller/admin.php mode change 100644 => 100755 controller/api.php mode change 100644 => 100755 controller/click.php mode change 100644 => 100755 controller/index.html mode change 100644 => 100755 controller/index.php mode change 100644 => 100755 controller/login.php mode change 100644 => 100755 data/index.html mode change 100644 => 100755 data/update.log mode change 100644 => 100755 db/onenav.simple.db3 mode change 100644 => 100755 favicon.ico mode change 100644 => 100755 functions/.htaccess mode change 100644 => 100755 functions/helper.php mode change 100644 => 100755 index.php mode change 100644 => 100755 static/layer/layer.js mode change 100644 => 100755 static/layer/mobile/layer.js mode change 100644 => 100755 static/layer/mobile/need/layer.css mode change 100644 => 100755 static/layer/theme/default/icon-ext.png mode change 100644 => 100755 static/layer/theme/default/icon.png mode change 100644 => 100755 static/layer/theme/default/layer.css mode change 100644 => 100755 static/layer/theme/default/loading-0.gif mode change 100644 => 100755 static/layer/theme/default/loading-1.gif mode change 100644 => 100755 static/layer/theme/default/loading-2.gif mode change 100644 => 100755 templates/admin/403.php mode change 100644 => 100755 templates/admin/add_category.php mode change 100644 => 100755 templates/admin/add_link.php mode change 100644 => 100755 templates/admin/add_link_tpl.php mode change 100644 => 100755 templates/admin/add_quick_tpl.php mode change 100644 => 100755 templates/admin/category_list.php mode change 100644 => 100755 templates/admin/edit_category.php mode change 100644 => 100755 templates/admin/edit_link.php mode change 100644 => 100755 templates/admin/ext_js.php mode change 100644 => 100755 templates/admin/footer.php mode change 100644 => 100755 templates/admin/header.php mode change 100644 => 100755 templates/admin/imp_link.php mode change 100644 => 100755 templates/admin/index.html mode change 100644 => 100755 templates/admin/index.php mode change 100644 => 100755 templates/admin/left.php mode change 100644 => 100755 templates/admin/link_list.php mode change 100644 => 100755 templates/admin/login.php mode change 100644 => 100755 templates/admin/static/add_quick_tpl.css mode change 100644 => 100755 templates/admin/static/bg.jpg mode change 100644 => 100755 templates/admin/static/embed.js mode change 100644 => 100755 templates/admin/static/style.css mode change 100644 => 100755 templates/default/index.php mode change 100644 => 100755 templates/default/static/embed.js mode change 100644 => 100755 templates/default/static/holmes.js mode change 100644 => 100755 templates/default/static/style.css mode change 100644 => 100755 templates/index.html mode change 100644 => 100755 version.txt diff --git a/.htaccess b/.htaccess old mode 100644 new mode 100755 diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/class/.htaccess b/class/.htaccess old mode 100644 new mode 100755 diff --git a/class/Api.php b/class/Api.php old mode 100644 new mode 100755 index 2569121..df1a17e --- a/class/Api.php +++ b/class/Api.php @@ -18,11 +18,11 @@ class Api { public function add_category($token,$name,$property = 0,$weight = 0,$description = ''){ $this->auth($token); $data = [ - 'name' => $name, + 'name' => htmlspecialchars($name,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, 'property' => $property, - 'description' => $description + 'description' => htmlspecialchars($description,ENT_QUOTES) ]; //插入分类目录 $this->db->insert("on_categorys",$data); @@ -59,11 +59,11 @@ class Api { //更新数据库 else{ $data = [ - 'name' => $name, + 'name' => htmlspecialchars($name,ENT_QUOTES), 'up_time' => time(), 'weight' => $weight, 'property' => $property, - 'description' => $description + 'description' => htmlspecialchars($description,ENT_QUOTES) ]; $re = $this->db->update('on_categorys',$data,[ 'id' => $id]); //var_dump( $this->db->log() ); @@ -159,9 +159,9 @@ class Api { //合并数据 $data = [ 'fid' => $fid, - 'title' => $title, + 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, - 'description' => $description, + 'description' => htmlspecialchars($description,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, 'property' => $property @@ -309,9 +309,9 @@ class Api { //合并数据 $data = [ 'fid' => $fid, - 'title' => $title, + 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, - 'description' => $description, + 'description' => htmlspecialchars($description,ENT_QUOTES), 'up_time' => time(), 'weight' => $weight, 'property' => $property @@ -548,6 +548,16 @@ class Api { return $ip; } - // + /** + * name:检查弱密码 + */ + public function check_weak_password($token){ + $this->auth($token); + //如果用户名、密码为初始密码,则提示修改 + if ( ( USER == 'xiaoz' ) && ( PASSWORD == 'xiaoz.me' ) ) { + $this->err_msg(-1,'Weak password!'); + } + } + } diff --git a/class/Medoo.php b/class/Medoo.php old mode 100644 new mode 100755 diff --git a/class/index.html b/class/index.html old mode 100644 new mode 100755 diff --git a/config.simple.php b/config.simple.php old mode 100644 new mode 100755 diff --git a/controller/.htaccess b/controller/.htaccess old mode 100644 new mode 100755 diff --git a/controller/admin.php b/controller/admin.php old mode 100644 new mode 100755 diff --git a/controller/api.php b/controller/api.php old mode 100644 new mode 100755 index 1fbe242..ed01b77 --- a/controller/api.php +++ b/controller/api.php @@ -14,7 +14,7 @@ $api = new Api($db); //获取请求方法 $method = $_GET['method']; -//对方法进行判断 +//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx switch ($method) { case 'add_category': add_category($api); @@ -51,6 +51,8 @@ switch ($method) { break; case 'imp_link': imp_link($api); + case 'check_weak_password': + check_weak_password($api); break; default: # code... @@ -211,4 +213,10 @@ function imp_link($api) { $fid = intval($_POST['fid']); $property = intval(@$_POST['property']); $api->imp_link($token,$filename,$fid,$property); +} +//检查弱密码 +function check_weak_password($api) { + //获取token + $token = $_POST['token']; + $api->check_weak_password($token); } \ No newline at end of file diff --git a/controller/click.php b/controller/click.php old mode 100644 new mode 100755 diff --git a/controller/index.html b/controller/index.html old mode 100644 new mode 100755 diff --git a/controller/index.php b/controller/index.php old mode 100644 new mode 100755 diff --git a/controller/login.php b/controller/login.php old mode 100644 new mode 100755 diff --git a/data/index.html b/data/index.html old mode 100644 new mode 100755 diff --git a/data/update.log b/data/update.log old mode 100644 new mode 100755 index 283fe1a..90e8db5 --- a/data/update.log +++ b/data/update.log @@ -22,4 +22,10 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); 20210726 1. 修复后台QQ群2 2. 后台添加社区支持链接 -3. 修复默认主题顶部遮挡问题 \ No newline at end of file +3. 修复默认主题顶部遮挡问题 + +20220211 +1. 简化安装过程,无需再手动修改配置安装 +2. 新增默认密码安全检测 +3. 默认模板增加手机登录按钮 +4. 修复一处XSS漏洞 \ No newline at end of file diff --git a/db/onenav.simple.db3 b/db/onenav.simple.db3 old mode 100644 new mode 100755 diff --git a/favicon.ico b/favicon.ico old mode 100644 new mode 100755 diff --git a/functions/.htaccess b/functions/.htaccess old mode 100644 new mode 100755 diff --git a/functions/helper.php b/functions/helper.php old mode 100644 new mode 100755 diff --git a/index.php b/index.php old mode 100644 new mode 100755 index 3384187..9f78b19 --- a/index.php +++ b/index.php @@ -12,7 +12,17 @@ $c = strip_tags($c); //$version = @file_get_contents("./functions/version.txt"); //载入配置文件 if( !file_exists('./data/config.php') ) { - exit('

配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php

'); + echo "

正在准备安装,请稍等...

"; + //复制配置文件 + if ( copy('config.simple.php','data/config.php') ) { + //跳转到登录页面 + header("Refresh:3;url=/index.php?c=login"); + exit(); + } else{ + exit("

复制配置文件失败,请检查权限是否正常,或手动将站点目录下的config.simple.php复制为data/config.php

"); + } + + //exit('

配置文件不存在,请将站点目录下的config.simple.php复制为data/config.php

'); } //检查数据库是否存在,不存在则复制数据库 if( !file_exists('./data/onenav.db3') ) { diff --git a/static/layer/layer.js b/static/layer/layer.js old mode 100644 new mode 100755 diff --git a/static/layer/mobile/layer.js b/static/layer/mobile/layer.js old mode 100644 new mode 100755 diff --git a/static/layer/mobile/need/layer.css b/static/layer/mobile/need/layer.css old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/icon-ext.png b/static/layer/theme/default/icon-ext.png old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/icon.png b/static/layer/theme/default/icon.png old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/layer.css b/static/layer/theme/default/layer.css old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/loading-0.gif b/static/layer/theme/default/loading-0.gif old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/loading-1.gif b/static/layer/theme/default/loading-1.gif old mode 100644 new mode 100755 diff --git a/static/layer/theme/default/loading-2.gif b/static/layer/theme/default/loading-2.gif old mode 100644 new mode 100755 diff --git a/templates/admin/403.php b/templates/admin/403.php old mode 100644 new mode 100755 diff --git a/templates/admin/add_category.php b/templates/admin/add_category.php old mode 100644 new mode 100755 diff --git a/templates/admin/add_link.php b/templates/admin/add_link.php old mode 100644 new mode 100755 diff --git a/templates/admin/add_link_tpl.php b/templates/admin/add_link_tpl.php old mode 100644 new mode 100755 diff --git a/templates/admin/add_quick_tpl.php b/templates/admin/add_quick_tpl.php old mode 100644 new mode 100755 diff --git a/templates/admin/category_list.php b/templates/admin/category_list.php old mode 100644 new mode 100755 diff --git a/templates/admin/edit_category.php b/templates/admin/edit_category.php old mode 100644 new mode 100755 diff --git a/templates/admin/edit_link.php b/templates/admin/edit_link.php old mode 100644 new mode 100755 diff --git a/templates/admin/ext_js.php b/templates/admin/ext_js.php old mode 100644 new mode 100755 diff --git a/templates/admin/footer.php b/templates/admin/footer.php old mode 100644 new mode 100755 index 23b55c2..583f600 --- a/templates/admin/footer.php +++ b/templates/admin/footer.php @@ -1,6 +1,6 @@ diff --git a/templates/admin/header.php b/templates/admin/header.php old mode 100644 new mode 100755 diff --git a/templates/admin/imp_link.php b/templates/admin/imp_link.php old mode 100644 new mode 100755 diff --git a/templates/admin/index.html b/templates/admin/index.html old mode 100644 new mode 100755 diff --git a/templates/admin/index.php b/templates/admin/index.php old mode 100644 new mode 100755 index dc3a18a..9b3bbd0 --- a/templates/admin/index.php +++ b/templates/admin/index.php @@ -40,3 +40,6 @@ + diff --git a/templates/admin/left.php b/templates/admin/left.php old mode 100644 new mode 100755 diff --git a/templates/admin/link_list.php b/templates/admin/link_list.php old mode 100644 new mode 100755 diff --git a/templates/admin/login.php b/templates/admin/login.php old mode 100644 new mode 100755 index 37d9a32..ab60719 --- a/templates/admin/login.php +++ b/templates/admin/login.php @@ -44,6 +44,10 @@
+ +
+ +
diff --git a/templates/admin/static/add_quick_tpl.css b/templates/admin/static/add_quick_tpl.css old mode 100644 new mode 100755 diff --git a/templates/admin/static/bg.jpg b/templates/admin/static/bg.jpg old mode 100644 new mode 100755 diff --git a/templates/admin/static/embed.js b/templates/admin/static/embed.js old mode 100644 new mode 100755 index d562d2f..29ece02 --- a/templates/admin/static/embed.js +++ b/templates/admin/static/embed.js @@ -191,7 +191,6 @@ layui.use(['element','table','layer','form','upload'], function(){ }); //登录 - //添加链接 form.on('submit(login)', function(data){ $.post('/index.php?c=login&check=login',data.field,function(data,status){ //如果添加成功 @@ -205,6 +204,20 @@ layui.use(['element','table','layer','form','upload'], function(){ console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value} return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。 }); + //手机登录 + form.on('submit(mobile_login)', function(data){ + $.post('/index.php?c=login&check=login',data.field,function(data,status){ + //如果登录成功 + if(data.code == 0) { + window.location.href = '/'; + } + else{ + layer.msg(data.err_msg, {icon: 5}); + } + }); + console.log(data.field) //当前容器的全部表单字段,名值对形式:{name: value} + return false; //阻止表单跳转。如果需要表单跳转,去掉这段即可。 + }); //添加分类目录 form.on('submit(add_category)', function(data){ @@ -400,4 +413,20 @@ function del_category(id){ layer.close(index); }); -} \ No newline at end of file +} + +//弱密码检查 +function check_weak_password(){ + $.get("/index.php?c=api&method=check_weak_password",function(data,status){ + if (data.err_msg === 'Weak password!') { + layui.use('layer', function(){ + var layer = layui.layer; + + layer.open({ + title:'风险提示!', + content: '系统检测到您使用的默认密码,请参考帮助文档尽快修改!' //这里content是一个普通的String + }); + }); + } + }); +} diff --git a/templates/admin/static/style.css b/templates/admin/static/style.css old mode 100644 new mode 100755 diff --git a/templates/default/index.php b/templates/default/index.php old mode 100644 new mode 100755 index 36a29ab..00f4ebc --- a/templates/default/index.php +++ b/templates/default/index.php @@ -100,6 +100,22 @@
About
+ + + +
  • +
    登录
    +
  • +
    + + +
  • +
    退出
    +
  • +
    + @@ -179,7 +195,7 @@ diff --git a/templates/default/static/embed.js b/templates/default/static/embed.js old mode 100644 new mode 100755 diff --git a/templates/default/static/holmes.js b/templates/default/static/holmes.js old mode 100644 new mode 100755 diff --git a/templates/default/static/style.css b/templates/default/static/style.css old mode 100644 new mode 100755 diff --git a/templates/index.html b/templates/index.html old mode 100644 new mode 100755 diff --git a/version.txt b/version.txt old mode 100644 new mode 100755 index 4019413..fa26666 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v0.9.12-20210726 \ No newline at end of file +v0.9.13-20220211 \ No newline at end of file From 4a943bc392453c5698a366f6e802f292f4e14ffa Mon Sep 17 00:00:00 2001 From: xiaoz Date: Mon, 14 Feb 2022 15:18:55 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index 9f78b19..531be54 100755 --- a/index.php +++ b/index.php @@ -15,8 +15,9 @@ if( !file_exists('./data/config.php') ) { echo "

    正在准备安装,请稍等...

    "; //复制配置文件 if ( copy('config.simple.php','data/config.php') ) { + echo "安装完毕,默认用户名:xiaoz,密码:xiaoz.me,5s后跳转到登录页面。"; //跳转到登录页面 - header("Refresh:3;url=/index.php?c=login"); + header("Refresh:5;url=/index.php?c=login"); exit(); } else{ exit("

    复制配置文件失败,请检查权限是否正常,或手动将站点目录下的config.simple.php复制为data/config.php

    "); From 6d886fb7a579b5400f56ac304a4e5e243badb90d Mon Sep 17 00:00:00 2001 From: xiaoz Date: Mon, 14 Feb 2022 15:26:58 +0800 Subject: [PATCH 3/3] update date --- version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.txt b/version.txt index fa26666..5f1a3e1 100755 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v0.9.13-20220211 \ No newline at end of file +v0.9.13-20220214 \ No newline at end of file