diff --git a/class/Api.php b/class/Api.php index 0e5f60a..c30d39b 100755 --- a/class/Api.php +++ b/class/Api.php @@ -153,16 +153,24 @@ class Api { /** * name:添加链接 */ - public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ + public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){ $this->auth($token); $fid = intval($fid); //检测链接是否合法 - $this->check_link($fid,$title,$url); + //$this->check_link($fid,$title,$url); + $this->check_link([ + 'fid' => $fid, + 'title' => $title, + 'url' => $url, + 'url_standby' => $url_standby + ]); + //合并数据 $data = [ 'fid' => $fid, 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, + 'url_standby' => $url_standby, 'description' => htmlspecialchars($description,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, @@ -190,6 +198,9 @@ class Api { * 批量导入链接 */ public function imp_link($token,$filename,$fid,$property = 0){ + //过滤$filename + $filename = str_replace('../','',$filename); + $filename = str_replace('./','',$filename); $this->auth($token); //检查文件是否存在 if ( !file_exists($filename) ) { @@ -297,11 +308,17 @@ class Api { /** * name:修改链接 */ - public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ + public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){ $this->auth($token); $fid = intval($fid); //检测链接是否合法 - $this->check_link($fid,$title,$url); + //$this->check_link($fid,$title,$url); + $this->check_link([ + 'fid' => $fid, + 'title' => $title, + 'url' => $url, + 'url_standby' => $url_standby + ]); //查询ID是否存在 $count = $this->db->count('on_links',[ 'id' => $id]); //如果id不存在 @@ -313,6 +330,7 @@ class Api { 'fid' => $fid, 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, + 'url_standby' => $url_standby, 'description' => htmlspecialchars($description,ENT_QUOTES), 'up_time' => time(), 'weight' => $weight, @@ -365,8 +383,14 @@ class Api { } /** * 验证链接合法性 + * 接收一个数组作为参数 */ - protected function check_link($fid,$title,$url){ + protected function check_link($data){ + $fid = $data['fid']; + $title = $data['title']; + $url = $data['url']; + $url_standby = @$data['url_standby']; + //如果父及(分类)ID不存在 if( empty($fid )) { $this->err_msg(-1007,'The category id(fid) not exist!'); @@ -391,6 +415,10 @@ class Api { if( !filter_var($url, FILTER_VALIDATE_URL) ) { $this->err_msg(-1010,'URL is not valid!'); } + //备用链接不合法 + if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) { + $this->err_msg(-1010,'URL is not valid!'); + } return true; } /** @@ -471,7 +499,7 @@ class Api { //echo $sql; //如果查询的总数大于limit,则以limit为准 - $count = ( $count > $limit) ? $limit : $count; + //$count = ( $count > $limit) ? $limit : $count; //原生查询 $datas = $this->db->query($sql)->fetchAll(); @@ -505,7 +533,7 @@ class Api { } //如果是私有链接,并且认证通过 elseif( $link_info['property'] == "1" ) { - if ( $this->auth($token) ) { + if ( ( $this->auth($token) ) || ( $this->is_login() ) ) { $datas = [ 'code' => 0, 'data' => $link_info @@ -524,6 +552,49 @@ class Api { } exit(json_encode($datas)); } + /** + * 查询单个分类信息 + * 此函数接收一个数组 + */ + public function get_a_category($data) { + $id = $data['id']; + $token = $data['token']; + + $category_info = $this->db->get("on_categorys","*",[ + "id" => $id + ]); + + //var_dump($category_info); + + //如果是公开分类,则直接返回 + if ( $category_info['property'] == "0" ) { + $datas = [ + 'code' => 0, + 'data' => $category_info + ]; + + } + //如果是私有链接,并且认证通过 + elseif( $category_info['property'] == "1" ) { + if ( ( $this->auth($token) ) || ( $this->is_login() ) ) { + $datas = [ + 'code' => 0, + 'data' => $category_info + ]; + } + + //exit(json_encode($datas)); + } + //如果是其它情况,则显示为空 + else{ + $datas = [ + 'code' => 0, + 'data' => [] + ]; + //exit(json_encode($datas)); + } + exit(json_encode($datas)); + } /** * 验证是否登录 */ @@ -717,32 +788,42 @@ class Api { } //读取需要更新的SQL内容 try { - $sql_content = file_get_contents($sql_name); - $result = $this->db->query($sql_content); - //如果SQL执行成功,则返回 - if( $result ) { - //将更新信息写入数据库 - $insert_re = $this->db->insert("on_db_logs",[ - "sql_name" => $name, - "update_time" => time(), - "status" => "TRUE" - ]); - if( $insert_re ) { - $data = [ - "code" => 0, - "data" => $name."更新完成!" - ]; - exit(json_encode($data)); + //读取一个SQL温江,并将单个SQL文件拆分成单条SQL语句循环执行 + $sql_content = explode(';',file_get_contents($sql_name)); + //计算SQL总数 + $num = count($sql_content) - 1; + //初始数量设置为0 + $init_num = 0; + //遍历执行SQL语句 + foreach ($sql_content as $sql) { + //如果SQL为空,则跳过此次循环不执行 + if( empty($sql) ) { + continue; } - else { - $this->err_msg(-2000,$name."更新失败,请人工检查!"); + $result = $this->db->query($sql); + //只要单条SQL执行成功了就增加初始数量 + if( $result ) { + $init_num++; } - } - else{ - //如果执行失败 + + //无论最后结果如何,都将更新信息写入数据库 + $insert_re = $this->db->insert("on_db_logs",[ + "sql_name" => $name, + "update_time" => time(), + "status" => "TRUE" + ]); + if( $insert_re ) { + $data = [ + "code" => 0, + "data" => $name."更新完成!总数${num},成功:${init_num}" + ]; + exit(json_encode($data)); + } + else { $this->err_msg(-2000,$name."更新失败,请人工检查!"); } + } catch(Exception $e){ $this->err_msg(-2000,$e->getMessage()); } diff --git a/controller/api.php b/controller/api.php index c9745a1..d8c017a 100755 --- a/controller/api.php +++ b/controller/api.php @@ -1,7 +1,7 @@ * blog:xiaoz.me */ @@ -14,60 +14,18 @@ $api = new Api($db); //获取请求方法 $method = $_GET['method']; -//对方法进行判断,对应URL路由:/index.php?c=api&method=xxx -switch ($method) { - case 'add_category': - add_category($api); - break; - case 'edit_category': - edit_category($api); - break; - case 'del_category': - del_category($api); - break; - case 'add_link': - add_link($api); - break; - case 'edit_link': - edit_link($api); - break; - case 'del_link': - del_link($api); - break; - case 'category_list': - category_list($api); - break; - case 'link_list': - link_list($api); - break; - case 'get_link_info': - get_link_info($api); - break; - case 'add_js': - add_js($api); - break; - case 'upload': - upload($api); - break; - case 'imp_link': - imp_link($api); - case 'check_weak_password': - check_weak_password($api); - break; - case 'get_a_link': - get_a_link($api); - break; - case 'get_sql_update_list': - get_sql_update_list($api); - break; - case 'exe_sql': - exe_sql($api); - break; - default: - # code... - break; +//可变函数变量 +$var_func = htmlspecialchars(trim($method),ENT_QUOTES); +//判断函数是否存在,存在则条用可变函数,否则抛出错误 +if ( function_exists($var_func) ) { + //调用可变函数 + $var_func($api); +}else{ + exit('method not found!'); } + + /** * 添加分类目录入口 */ @@ -133,11 +91,12 @@ function add_link($api){ $fid = intval(@$_POST['fid']); $title = $_POST['title']; $url = $_POST['url']; + $url_standby = $_POST['url_standby']; $description = empty($_POST['description']) ? '' : $_POST['description']; $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $property = empty($_POST['property']) ? 0 : 1; - $api->add_link($token,$fid,$title,$url,$description,$weight,$property); + $api->add_link($token,$fid,$title,$url,$description,$weight,$property,$url_standby); } /** @@ -153,11 +112,12 @@ function edit_link($api){ $fid = intval(@$_POST['fid']); $title = $_POST['title']; $url = $_POST['url']; + $url_standby = $_POST['url_standby']; $description = empty($_POST['description']) ? '' : $_POST['description']; $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $property = empty($_POST['property']) ? 0 : 1; - $api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property); + $api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property,$url_standby); } @@ -208,6 +168,18 @@ function get_link_info($api) { $api->get_link_info($token,$url); } +/** + * 根据ID获取单个分类信息 + */ +function get_a_category($api) { + //获取token + $data['token'] = @$_POST['token']; + //获取分类ID + $data['id'] = intval(trim($_POST['id'])); + //var_dump($data); + $api->get_a_category($data); +} + /** * 获取一个链接的信息,指存储在数据库的信息 */ diff --git a/controller/click.php b/controller/click.php index 2809e42..145f784 100755 --- a/controller/click.php +++ b/controller/click.php @@ -13,7 +13,7 @@ if(empty($id)) { } //查询链接信息 -$link = $db->get('on_links',['id','fid','url','property','click'],[ +$link = $db->get('on_links',['id','fid','url','url_standby','property','click','title','description'],[ 'id' => $id ]); @@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[ 'id' => $link['fid'] ]); +//判断用户是否登录 +if( is_login() ) { + $is_login = TRUE; +} + //link.id为公有,且category.id为公有 if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ //增加link.id的点击次数 @@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ //如果更新成功 if($update) { //进行header跳转 - header('location:'.$link['url']); + //header('location:'.$link['url']); + #加载跳转模板 + require('templates/admin/click.php'); exit; } } @@ -56,10 +63,13 @@ elseif( is_login() ) { ],[ 'id' => $id ]); + //如果更新成功 if($update) { //进行header跳转 - header('location:'.$link['url']); + //header('location:'.$link['url']); + #加载跳转模板 + require('templates/admin/click.php'); exit; } } diff --git a/data/update.log b/data/update.log index d1f0f28..412b1c1 100755 --- a/data/update.log +++ b/data/update.log @@ -48,4 +48,18 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); 1. 新增数据库更新功能 2. 初始数据库更新 3. 分离分类图标字体设置 -4. 集成baisuTwo主题 \ No newline at end of file +4. 集成baisuTwo主题 + +20220311 +1. 简化API入口代码 +2. 修复get_a_link查询私有链接返回空值问题 +3. 改进SQL更新功能 +4. 新增数据库安全检查 +5. 新增备用链接功能 +6. 新增过渡跳转页面 +7. 修复后台链接无法分页问题 + +20220312 +1. 新增API:根据ID查询单个分类信息 +2. 修复后台编辑链接,分类信息显示不正确 +3. 书签导入时文件名过滤 \ No newline at end of file diff --git a/db/onenav.simple.db3 b/db/onenav.simple.db3 index dfb5cae..1727d3f 100644 Binary files a/db/onenav.simple.db3 and b/db/onenav.simple.db3 differ diff --git a/db/sql/20220308.sql b/db/sql/20220308.sql index c1d8dab..a7276ce 100644 --- a/db/sql/20220308.sql +++ b/db/sql/20220308.sql @@ -3,5 +3,4 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32); -- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用 ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL; -- 增加一个备用链接字段 -ALTER TABLE on_links ADD url_standby TEXT(256); - +ALTER TABLE on_links ADD url_standby TEXT(256); \ No newline at end of file diff --git a/db/sql/20220311.sql b/db/sql/20220311.sql new file mode 100644 index 0000000..895b214 --- /dev/null +++ b/db/sql/20220311.sql @@ -0,0 +1,5 @@ +CREATE UNIQUE INDEX on_db_logs_sql_name_IDX ON on_db_logs (sql_name); +-- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用 +ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL; +-- 增加一个备用链接字段 +ALTER TABLE on_links ADD url_standby TEXT(256); \ No newline at end of file diff --git a/functions/helper.php b/functions/helper.php index 8f571e3..106a6db 100755 --- a/functions/helper.php +++ b/functions/helper.php @@ -34,4 +34,15 @@ function is_login(){ else{ return false; } +} + +//后续全局函数全部以g_命名开头 +function g_extend_js() { + //载入js扩展 + if( file_exists('data/extend.js') ) { + echo ''; + } + else{ + echo ''; + } } \ No newline at end of file diff --git a/templates/admin/add_link.php b/templates/admin/add_link.php index 7737d86..7f9bcaf 100755 --- a/templates/admin/add_link.php +++ b/templates/admin/add_link.php @@ -12,6 +12,17 @@ + +
+
+
+ +
+ +
+
+ +
diff --git a/templates/admin/click.php b/templates/admin/click.php new file mode 100755 index 0000000..1c7c719 --- /dev/null +++ b/templates/admin/click.php @@ -0,0 +1,101 @@ + + + + + <?php echo $link['title']; ?> - OneNav + + + + + + + + +
+
+
+ +

链接信息:

+ + + + + + + + + + + + + + + + + + + + + + + + +
标题
描述
链接 +
+ +
+
备用链接 +
+ +
+
+ + + + + + + 即将打开,请稍等... + + + + + +
+ 存在备用链接,请手动点击您要打开的链接! +
+ + + + + +
+ +
+
+
©2022 Powered by xiaoz
+
+
+
+ + + diff --git a/templates/admin/edit_link.php b/templates/admin/edit_link.php index 324ef94..d1865c7 100755 --- a/templates/admin/edit_link.php +++ b/templates/admin/edit_link.php @@ -18,6 +18,18 @@
+ + +
+ +
+ +
+ +
+
+ +
@@ -25,7 +37,7 @@
- +