8 changed files with 16 additions and 37 deletions
--- a/class/Api.php
+++ b/class/Api.php
@ -1200,7 +1200,7 @@ class Api {
				@@ -1200,7 +1200,7 @@ class Api {
     * 验证是否登录
     */
    protected function is_login(){
-        $key = md5(USER.ENCRYPTED_PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']);
+        $key = md5(USER.PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']);
        //获取session
        $session = $_COOKIE['key'];
        //如果已经成功登录
--- a/config.simple.php
+++ b/config.simple.php
@ -9,10 +9,12 @@ $db = new medoo([
				@@ -9,10 +9,12 @@ $db = new medoo([

 //用户名
 define('USER','{username}');
-// 加密后的密码
-define('ENCRYPTED_PASSWORD','{encrypted_password}');
+//密码
+define('PASSWORD','{password}');
 //邮箱，用于后台Gravatar头像显示
 define('EMAIL','{email}');
+//token参数，API需要使用，0.9.19版本这个废弃了，请通过后台设置
+define('TOKEN','xiaoz.me');
 //主题风格,0.9.18废弃了，请通过后台设置
 define('TEMPLATE','default');

@ -29,4 +31,4 @@ $site_setting['description']    =   'OneNav是一款使用PHP + SQLite3开发的
				@@ -29,4 +31,4 @@ $site_setting['description']    =   'OneNav是一款使用PHP + SQLite3开发的

 //这两项不要修改
 $site_setting['user']           =   USER;
-$site_setting['password']       =   ENCRYPTED_PASSWORD;
+$site_setting['password']       =   PASSWORD;
--- a/controller/admin.php
+++ b/controller/admin.php
@ -323,7 +323,6 @@ $page = $page.'.php';
				@@ -323,7 +323,6 @@ $page = $page.'.php';

 function check_auth($user,$password){
    if ( !is_login() ) {
-        // exit("dsdfd");
        $msg = "<h3>认证失败，请<a href = 'index.php?c=login'>重新登录</a>！</h3>";
        require('templates/admin/403.php');
        exit;
--- a/controller/index.php
+++ b/controller/index.php
@ -10,12 +10,10 @@ $site = unserialize($site);
				@@ -10,12 +10,10 @@ $site = unserialize($site);
 $link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);


+
 //如果已经登录，获取所有分类和链接
 // 载入辅助函数
 require('functions/helper.php');
-// 明文密码检查
-unSafe();
-
 if( is_login() ){
    //查询所有分类目录
    $categorys = [];
--- a/controller/init.php
+++ b/controller/init.php
@ -10,33 +10,18 @@
				@@ -10,33 +10,18 @@
 function check_env() {
    //获取组件信息
    $ext = get_loaded_extensions();
-    //检查PHP版本，需要大于7.0小于8.0
+    //检查PHP版本，需要大于5.6小于8.0
    $php_version = floatval(PHP_VERSION);
    $uri = $_SERVER["REQUEST_URI"];
    
-    if( ( $php_version < 7 ) || ( $php_version > 8 ) ) {
-        exit("当前PHP版本{$php_version}不满足要求，需要7.0 <= PHP <= 7.4");
+    if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) {
+        exit("当前PHP版本{$php_version}不满足要求，需要5.6 <= PHP <= 7.4");
    }
    
    //检查是否支持pdo_sqlite
    if ( !array_search('pdo_sqlite',$ext) ) {
        exit("不支持PDO_SQLITE组件，请先开启!");
    }
-
-    if ( !array_search('openssl', $ext) ) {
-        exit("不支持OPENSSL组件，请先开启!");
-    }
-    
-    //检查是否支持zlib
-    if ( !array_search('zlib', $ext) ) {
-        exit("不支持ZLIB组件，请先开启!");
-    }
-    
-    //检查是否支持curl
-    if ( !array_search('curl', $ext) ) {
-        exit("不支持CURL组件，请先开启!");
-    }
-
    //如果配置文件存在
    if( file_exists("data/config.php") ) {
        exit("配置文件已存在，无需再次初始化!");
@ -103,9 +88,7 @@ function init($data){
				@@ -103,9 +88,7 @@ function init($data){
    //替换内容
    $content = str_replace('{email}',$data['email'],$content);
    $content = str_replace('{username}',$data['username'],$content);
-    // $content = str_replace('{password}',$data['password'],$content);
-    // 存入加密后的密码，用户名 + 密码，再进行MD5加密
-    $content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content);
+    $content = str_replace('{password}',$data['password'],$content);

    //写入配置文件
    if( !file_put_contents($config_file,$content) ) {
--- a/controller/login.php
+++ b/controller/login.php
@ -7,8 +7,7 @@
				@@ -7,8 +7,7 @@
 require('functions/helper.php');

 $username = $site_setting['user'];
-// 加密后的密码
-$password = ENCRYPTED_PASSWORD;
+$password = $site_setting['password'];
 $ip = getIP();
 //如果认证通过，直接跳转到后台管理
 $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
@ -26,10 +25,8 @@ if( is_login() ){
				@@ -26,10 +25,8 @@ if( is_login() ){

 //登录检查
 if( $_GET['check'] == 'login' ) {
-    $user = trim($_POST['user']);
-    $pass = trim($_POST['password']);
-    // 用户密码进行加密处理，加密算法为用户名 + 密码，再进行MD5加密
-    $pass = md5($user.$pass);
+    $user = $_POST['user'];
+    $pass = $_POST['password'];
    header('Content-Type:application/json; charset=utf-8');
    if( ($user === $username) && ($pass === $password) ) {
        $key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
--- a/templates/admin/edit_link_new.php
+++ b/templates/admin/edit_link_new.php
@ -22,7 +22,7 @@
				@@ -22,7 +22,7 @@
    <div class="layui-form-item">
    <label class="layui-form-label">URL</label>
    <div class="layui-input-block">
-      <input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required  lay-verify="required" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
+      <input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required  lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
    </div>
  </div>

--- a/templates/admin/footer.php
+++ b/templates/admin/footer.php
@ -1,6 +1,6 @@
				@@ -1,6 +1,6 @@
 <div class="layui-footer">
    <!-- 底部固定区域 -->
-    © Copyright <?php echo date("Y"); ?>.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>.
+    © Copyright 2024.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>.
  </div>
 </div>
 </body>