xiaoz
/
onenav
mirror of https://github.com/helloxz/onenav.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: xiaoz:31bb517885113b089fb30b770aca3b19289039ab
...
compare: xiaoz:c6382a67a94187296c7a050dbd62a7e1f62274dc

4 Commits
31bb517885 ... c6382a67a9

Author SHA1 Message Date
xiaoz c6382a67a9 fix bug
3 months ago
xiaoz f8a10616ae 20241210
3 months ago
xiaoz d0f14597cc 20241210
3 months ago
xiaoz bc8b2638e9 配置优化
3 months ago
8 changed files with 37 additions and 16 deletions
Unified View
  1. 2
      class/Api.php
  2. 8
      config.simple.php
  3. 1
      controller/admin.php
  4. 4
      controller/index.php
  5. 25
      controller/init.php
  6. 9
      controller/login.php
  7. 2
      templates/admin/edit_link_new.php
  8. 2
      templates/admin/footer.php

2
class/Api.php
Unescape View File

@ -1200,7 +1200,7 @@ class Api {
* 验证是否登录 * 验证是否登录
*/ */
protected function is_login(){ protected function is_login(){
$key = md5(USER.PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']); $key = md5(USER.ENCRYPTED_PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']);
//获取session //获取session
$session = $_COOKIE['key']; $session = $_COOKIE['key'];
//如果已经成功登录 //如果已经成功登录

8
config.simple.php
Unescape View File

@ -9,12 +9,10 @@ $db = new medoo([
//用户名 //用户名
define('USER','{username}'); define('USER','{username}');
//密码 // 加密后的密码
define('PASSWORD','{password}'); define('ENCRYPTED_PASSWORD','{encrypted_password}');
//邮箱,用于后台Gravatar头像显示 //邮箱,用于后台Gravatar头像显示
define('EMAIL','{email}'); define('EMAIL','{email}');
//token参数,API需要使用,0.9.19版本这个废弃了,请通过后台设置
define('TOKEN','xiaoz.me');
//主题风格,0.9.18废弃了,请通过后台设置 //主题风格,0.9.18废弃了,请通过后台设置
define('TEMPLATE','default'); define('TEMPLATE','default');
@ -31,4 +29,4 @@ $site_setting['description'] = 'OneNav是一款使用PHP + SQLite3开发的
//这两项不要修改 //这两项不要修改
$site_setting['user'] = USER; $site_setting['user'] = USER;
$site_setting['password'] = PASSWORD; $site_setting['password'] = ENCRYPTED_PASSWORD;

1
controller/admin.php
Unescape View File

@ -323,6 +323,7 @@ $page = $page.'.php';
function check_auth($user,$password){ function check_auth($user,$password){
if ( !is_login() ) { if ( !is_login() ) {
// exit("dsdfd");
$msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>"; $msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>";
require('templates/admin/403.php'); require('templates/admin/403.php');
exit; exit;

4
controller/index.php
Unescape View File

@ -10,10 +10,12 @@ $site = unserialize($site);
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']); $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接 //如果已经登录,获取所有分类和链接
// 载入辅助函数 // 载入辅助函数
require('functions/helper.php'); require('functions/helper.php');
// 明文密码检查
unSafe();
if( is_login() ){ if( is_login() ){
//查询所有分类目录 //查询所有分类目录
$categorys = []; $categorys = [];

25
controller/init.php
Unescape View File

@ -10,18 +10,33 @@
function check_env() { function check_env() {
//获取组件信息 //获取组件信息
$ext = get_loaded_extensions(); $ext = get_loaded_extensions();
//检查PHP版本,需要大于5.6小于8.0 //检查PHP版本,需要大于7.0小于8.0
$php_version = floatval(PHP_VERSION); $php_version = floatval(PHP_VERSION);
$uri = $_SERVER["REQUEST_URI"]; $uri = $_SERVER["REQUEST_URI"];
if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) { if( ( $php_version < 7 ) || ( $php_version > 8 ) ) {
exit("当前PHP版本{$php_version}不满足要求,需要5.6 <= PHP <= 7.4"); exit("当前PHP版本{$php_version}不满足要求,需要7.0 <= PHP <= 7.4");
} }
//检查是否支持pdo_sqlite //检查是否支持pdo_sqlite
if ( !array_search('pdo_sqlite',$ext) ) { if ( !array_search('pdo_sqlite',$ext) ) {
exit("不支持PDO_SQLITE组件,请先开启!"); exit("不支持PDO_SQLITE组件,请先开启!");
} }
if ( !array_search('openssl', $ext) ) {
exit("不支持OPENSSL组件,请先开启!");
}
//检查是否支持zlib
if ( !array_search('zlib', $ext) ) {
exit("不支持ZLIB组件,请先开启!");
}
//检查是否支持curl
if ( !array_search('curl', $ext) ) {
exit("不支持CURL组件,请先开启!");
}
//如果配置文件存在 //如果配置文件存在
if( file_exists("data/config.php") ) { if( file_exists("data/config.php") ) {
exit("配置文件已存在,无需再次初始化!"); exit("配置文件已存在,无需再次初始化!");
@ -88,7 +103,9 @@ function init($data){
//替换内容 //替换内容
$content = str_replace('{email}',$data['email'],$content); $content = str_replace('{email}',$data['email'],$content);
$content = str_replace('{username}',$data['username'],$content); $content = str_replace('{username}',$data['username'],$content);
$content = str_replace('{password}',$data['password'],$content); // $content = str_replace('{password}',$data['password'],$content);
// 存入加密后的密码,用户名 + 密码,再进行MD5加密
$content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content);
//写入配置文件 //写入配置文件
if( !file_put_contents($config_file,$content) ) { if( !file_put_contents($config_file,$content) ) {

9
controller/login.php
Unescape View File

@ -7,7 +7,8 @@
require('functions/helper.php'); require('functions/helper.php');
$username = $site_setting['user']; $username = $site_setting['user'];
$password = $site_setting['password']; // 加密后的密码
$password = ENCRYPTED_PASSWORD;
$ip = getIP(); $ip = getIP();
//如果认证通过,直接跳转到后台管理 //如果认证通过,直接跳转到后台管理
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']); $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
@ -25,8 +26,10 @@ if( is_login() ){
//登录检查 //登录检查
if( $_GET['check'] == 'login' ) { if( $_GET['check'] == 'login' ) {
$user = $_POST['user']; $user = trim($_POST['user']);
$pass = $_POST['password']; $pass = trim($_POST['password']);
// 用户密码进行加密处理,加密算法为用户名 + 密码,再进行MD5加密
$pass = md5($user.$pass);
header('Content-Type:application/json; charset=utf-8'); header('Content-Type:application/json; charset=utf-8');
if( ($user === $username) && ($pass === $password) ) { if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']); $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);

2
templates/admin/edit_link_new.php
Unescape View File

@ -22,7 +22,7 @@
<div class="layui-form-item"> <div class="layui-form-item">
<label class="layui-form-label">URL</label> <label class="layui-form-label">URL</label>
<div class="layui-input-block"> <div class="layui-input-block">
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input"> <input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div> </div>
</div> </div>

2
templates/admin/footer.php
Unescape View File

@ -1,6 +1,6 @@
<div class="layui-footer"> <div class="layui-footer">
<!-- 底部固定区域 --> <!-- 底部固定区域 -->
© Copyright 2024.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>. © Copyright <?php echo date("Y"); ?>.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>.
</div> </div>
</div> </div>
</body> </body>

Write Preview
Loading…
Cancel
Save