diff --git a/class/Api.php b/class/Api.php index b907ddd..ed5e9f4 100755 --- a/class/Api.php +++ b/class/Api.php @@ -153,16 +153,24 @@ class Api { /** * name:添加链接 */ - public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ + public function add_link($token,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){ $this->auth($token); $fid = intval($fid); //检测链接是否合法 - $this->check_link($fid,$title,$url); + //$this->check_link($fid,$title,$url); + $this->check_link([ + 'fid' => $fid, + 'title' => $title, + 'url' => $url, + 'url_standby' => $url_standby + ]); + //合并数据 $data = [ 'fid' => $fid, 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, + 'url_standby' => $url_standby, 'description' => htmlspecialchars($description,ENT_QUOTES), 'add_time' => time(), 'weight' => $weight, @@ -297,11 +305,17 @@ class Api { /** * name:修改链接 */ - public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0){ + public function edit_link($token,$id,$fid,$title,$url,$description = '',$weight = 0,$property = 0,$url_standby = ''){ $this->auth($token); $fid = intval($fid); //检测链接是否合法 - $this->check_link($fid,$title,$url); + //$this->check_link($fid,$title,$url); + $this->check_link([ + 'fid' => $fid, + 'title' => $title, + 'url' => $url, + 'url_standby' => $url_standby + ]); //查询ID是否存在 $count = $this->db->count('on_links',[ 'id' => $id]); //如果id不存在 @@ -313,6 +327,7 @@ class Api { 'fid' => $fid, 'title' => htmlspecialchars($title,ENT_QUOTES), 'url' => $url, + 'url_standby' => $url_standby, 'description' => htmlspecialchars($description,ENT_QUOTES), 'up_time' => time(), 'weight' => $weight, @@ -365,8 +380,14 @@ class Api { } /** * 验证链接合法性 + * 接收一个数组作为参数 */ - protected function check_link($fid,$title,$url){ + protected function check_link($data){ + $fid = $data['fid']; + $title = $data['title']; + $url = $data['url']; + $url_standby = @$data['url_standby']; + //如果父及(分类)ID不存在 if( empty($fid )) { $this->err_msg(-1007,'The category id(fid) not exist!'); @@ -391,6 +412,10 @@ class Api { if( !filter_var($url, FILTER_VALIDATE_URL) ) { $this->err_msg(-1010,'URL is not valid!'); } + //备用链接不合法 + if ( ( !empty($url_standby) ) && ( !filter_var($url_standby, FILTER_VALIDATE_URL) ) ) { + $this->err_msg(-1010,'URL is not valid!'); + } return true; } /** @@ -505,7 +530,7 @@ class Api { } //如果是私有链接,并且认证通过 elseif( $link_info['property'] == "1" ) { - if ( $this->auth($token) ) { + if ( ( $this->auth($token) ) || ( $this->is_login() ) ) { $datas = [ 'code' => 0, 'data' => $link_info @@ -717,32 +742,42 @@ class Api { } //读取需要更新的SQL内容 try { - $sql_content = file_get_contents($sql_name); - $result = $this->db->query($sql_content); - //如果SQL执行成功,则返回 - if( $result ) { - //将更新信息写入数据库 - $insert_re = $this->db->insert("on_db_logs",[ - "sql_name" => $name, - "update_time" => time(), - "status" => "TRUE" - ]); - if( $insert_re ) { - $data = [ - "code" => 0, - "data" => $name."更新完成!" - ]; - exit(json_encode($data)); + //读取一个SQL温江,并将单个SQL文件拆分成单条SQL语句循环执行 + $sql_content = explode(';',file_get_contents($sql_name)); + //计算SQL总数 + $num = count($sql_content) - 1; + //初始数量设置为0 + $init_num = 0; + //遍历执行SQL语句 + foreach ($sql_content as $sql) { + //如果SQL为空,则跳过此次循环不执行 + if( empty($sql) ) { + continue; } - else { - $this->err_msg(-2000,$name."更新失败,请人工检查!"); + $result = $this->db->query($sql); + //只要单条SQL执行成功了就增加初始数量 + if( $result ) { + $init_num++; } - } - else{ - //如果执行失败 + + //无论最后结果如何,都将更新信息写入数据库 + $insert_re = $this->db->insert("on_db_logs",[ + "sql_name" => $name, + "update_time" => time(), + "status" => "TRUE" + ]); + if( $insert_re ) { + $data = [ + "code" => 0, + "data" => $name."更新完成!总数${num},成功:${init_num}" + ]; + exit(json_encode($data)); + } + else { $this->err_msg(-2000,$name."更新失败,请人工检查!"); } + } catch(Exception $e){ $this->err_msg(-2000,$e->getMessage()); } diff --git a/controller/api.php b/controller/api.php index 5971603..fbf9946 100755 --- a/controller/api.php +++ b/controller/api.php @@ -91,11 +91,12 @@ function add_link($api){ $fid = intval(@$_POST['fid']); $title = $_POST['title']; $url = $_POST['url']; + $url_standby = $_POST['url_standby']; $description = empty($_POST['description']) ? '' : $_POST['description']; $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $property = empty($_POST['property']) ? 0 : 1; - $api->add_link($token,$fid,$title,$url,$description,$weight,$property); + $api->add_link($token,$fid,$title,$url,$description,$weight,$property,$url_standby); } /** @@ -111,11 +112,12 @@ function edit_link($api){ $fid = intval(@$_POST['fid']); $title = $_POST['title']; $url = $_POST['url']; + $url_standby = $_POST['url_standby']; $description = empty($_POST['description']) ? '' : $_POST['description']; $weight = empty($_POST['weight']) ? 0 : intval($_POST['weight']); $property = empty($_POST['property']) ? 0 : 1; - $api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property); + $api->edit_link($token,$id,$fid,$title,$url,$description,$weight,$property,$url_standby); } diff --git a/controller/click.php b/controller/click.php index 2809e42..145f784 100755 --- a/controller/click.php +++ b/controller/click.php @@ -13,7 +13,7 @@ if(empty($id)) { } //查询链接信息 -$link = $db->get('on_links',['id','fid','url','property','click'],[ +$link = $db->get('on_links',['id','fid','url','url_standby','property','click','title','description'],[ 'id' => $id ]); @@ -29,6 +29,11 @@ $category = $db->get('on_categorys',['id','property'],[ 'id' => $link['fid'] ]); +//判断用户是否登录 +if( is_login() ) { + $is_login = TRUE; +} + //link.id为公有,且category.id为公有 if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ //增加link.id的点击次数 @@ -42,7 +47,9 @@ if( ( $link['property'] == 0 ) && ($category['property'] == 0) ){ //如果更新成功 if($update) { //进行header跳转 - header('location:'.$link['url']); + //header('location:'.$link['url']); + #加载跳转模板 + require('templates/admin/click.php'); exit; } } @@ -56,10 +63,13 @@ elseif( is_login() ) { ],[ 'id' => $id ]); + //如果更新成功 if($update) { //进行header跳转 - header('location:'.$link['url']); + //header('location:'.$link['url']); + #加载跳转模板 + require('templates/admin/click.php'); exit; } } diff --git a/data/update.log b/data/update.log index d1f0f28..5d0aa01 100755 --- a/data/update.log +++ b/data/update.log @@ -48,4 +48,16 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); 1. 新增数据库更新功能 2. 初始数据库更新 3. 分离分类图标字体设置 -4. 集成baisuTwo主题 \ No newline at end of file +4. 集成baisuTwo主题 + +20220311 +1. 简化API入口代码 +2. 修复get_a_link查询私有链接返回空值问题 +3. 改进SQL更新功能 +4. 新增数据库安全检查 +5. 新增备用链接功能 +6. 新增过渡跳转页面 + 1. 还没添加自定义js + 2. 考虑描述过长要不要隐藏 +7. 修复后台链接无法分页问题 + 1. 还没仔细测试是否有问题 \ No newline at end of file diff --git a/db/sql/20220308.sql b/db/sql/20220308.sql index c1d8dab..a7276ce 100644 --- a/db/sql/20220308.sql +++ b/db/sql/20220308.sql @@ -3,5 +3,4 @@ ALTER TABLE on_categorys ADD font_icon TEXT(32); -- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用 ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL; -- 增加一个备用链接字段 -ALTER TABLE on_links ADD url_standby TEXT(256); - +ALTER TABLE on_links ADD url_standby TEXT(256); \ No newline at end of file diff --git a/db/sql/20220311.sql b/db/sql/20220311.sql new file mode 100644 index 0000000..895b214 --- /dev/null +++ b/db/sql/20220311.sql @@ -0,0 +1,5 @@ +CREATE UNIQUE INDEX on_db_logs_sql_name_IDX ON on_db_logs (sql_name); +-- 链接表新增字段topping,默认值0(不置顶),1为置顶,先保留后续使用 +ALTER TABLE on_links ADD topping INTEGER DEFAULT 0 NOT NULL; +-- 增加一个备用链接字段 +ALTER TABLE on_links ADD url_standby TEXT(256); \ No newline at end of file diff --git a/templates/admin/add_link.php b/templates/admin/add_link.php index 7737d86..7f9bcaf 100755 --- a/templates/admin/add_link.php +++ b/templates/admin/add_link.php @@ -12,6 +12,17 @@ + +
+
+
+ +
+ +
+
+ +
diff --git a/templates/admin/click.php b/templates/admin/click.php new file mode 100755 index 0000000..01de2dd --- /dev/null +++ b/templates/admin/click.php @@ -0,0 +1,100 @@ + + + + + <?php echo $link['title']; ?> - OneNav + + + + + + + + +
+
+
+ +

链接信息:

+ + + + + + + + + + + + + + + + + + + + + + + + +
标题
描述
链接 +
+ +
+
备用链接 +
+ +
+
+ + + + + + + 即将打开,请稍等... + + + + + +
+ 存在备用链接,请手动点击您要打开的链接! +
+ + + + + +
+ +
+
+
Powered by xiaoz
+
+
+
+ + diff --git a/templates/admin/edit_link.php b/templates/admin/edit_link.php index 324ef94..55beabf 100755 --- a/templates/admin/edit_link.php +++ b/templates/admin/edit_link.php @@ -18,6 +18,18 @@
+ + +
+ +
+ +
+ +
+
+ +
diff --git a/templates/admin/index.php b/templates/admin/index.php index 3bdc2a5..f7e731a 100755 --- a/templates/admin/index.php +++ b/templates/admin/index.php @@ -49,6 +49,7 @@ diff --git a/templates/admin/static/embed.js b/templates/admin/static/embed.js index 94c6d88..3a44e2d 100755 --- a/templates/admin/static/embed.js +++ b/templates/admin/static/embed.js @@ -430,6 +430,24 @@ function check_weak_password(){ } }); } +//检测数据库是否可能被下载 +function check_db_down(){ + $("#console_log").append("正则检查数据库是否可被下载...\n"); + $.ajax({ + type:"HEAD", + async:false, + url:"/data/onenav.db3", + statusCode: { + 200: function() { + $("#console_log").append("危险!!!危险!!!危险!!!数据库可被下载,请尽快参考帮助文档:https://dwz.ovh/jvr2t 加固安全设置!\n\n"); + }, + 403:function() { + $("#console_log").append("您的数据库看起来是安全的!\n\n"); + } + } + }); +} + //获取待更新数据库列表,http://onenav.com/index.php?c=api&method=exe_sql&name=on_db_logs.sql function get_sql_update_list() { @@ -459,7 +477,7 @@ function get_sql_update_list() { function exe_sql(sqlname) { $.ajax({ url: "index.php?c=api&method=exe_sql&name=" + sqlname, async:false, success: function(data,status){ if( data.code == 0 ){ - $("#console_log").append(sqlname + "更新完毕!\n"); + $("#console_log").append(data.data); } else { $("#console_log").append(sqlname + "更新失败!\n");