Compare commits

..

No commits in common. 'c6382a67a94187296c7a050dbd62a7e1f62274dc' and '31bb517885113b089fb30b770aca3b19289039ab' have entirely different histories.

  1. 2
      class/Api.php
  2. 8
      config.simple.php
  3. 1
      controller/admin.php
  4. 4
      controller/index.php
  5. 25
      controller/init.php
  6. 9
      controller/login.php
  7. 2
      templates/admin/edit_link_new.php
  8. 2
      templates/admin/footer.php

2
class/Api.php

@ -1200,7 +1200,7 @@ class Api { @@ -1200,7 +1200,7 @@ class Api {
* 验证是否登录
*/
protected function is_login(){
$key = md5(USER.ENCRYPTED_PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']);
$key = md5(USER.PASSWORD.'onenav'.$_SERVER['HTTP_USER_AGENT']);
//获取session
$session = $_COOKIE['key'];
//如果已经成功登录

8
config.simple.php

@ -9,10 +9,12 @@ $db = new medoo([ @@ -9,10 +9,12 @@ $db = new medoo([
//用户名
define('USER','{username}');
// 加密后的密码
define('ENCRYPTED_PASSWORD','{encrypted_password}');
//密码
define('PASSWORD','{password}');
//邮箱,用于后台Gravatar头像显示
define('EMAIL','{email}');
//token参数,API需要使用,0.9.19版本这个废弃了,请通过后台设置
define('TOKEN','xiaoz.me');
//主题风格,0.9.18废弃了,请通过后台设置
define('TEMPLATE','default');
@ -29,4 +31,4 @@ $site_setting['description'] = 'OneNav是一款使用PHP + SQLite3开发的 @@ -29,4 +31,4 @@ $site_setting['description'] = 'OneNav是一款使用PHP + SQLite3开发的
//这两项不要修改
$site_setting['user'] = USER;
$site_setting['password'] = ENCRYPTED_PASSWORD;
$site_setting['password'] = PASSWORD;

1
controller/admin.php

@ -323,7 +323,6 @@ $page = $page.'.php'; @@ -323,7 +323,6 @@ $page = $page.'.php';
function check_auth($user,$password){
if ( !is_login() ) {
// exit("dsdfd");
$msg = "<h3>认证失败,请<a href = 'index.php?c=login'>重新登录</a></h3>";
require('templates/admin/403.php');
exit;

4
controller/index.php

@ -10,12 +10,10 @@ $site = unserialize($site); @@ -10,12 +10,10 @@ $site = unserialize($site);
$link_num = empty( $site['link_num'] ) ? 30 : intval($site['link_num']);
//如果已经登录,获取所有分类和链接
// 载入辅助函数
require('functions/helper.php');
// 明文密码检查
unSafe();
if( is_login() ){
//查询所有分类目录
$categorys = [];

25
controller/init.php

@ -10,33 +10,18 @@ @@ -10,33 +10,18 @@
function check_env() {
//获取组件信息
$ext = get_loaded_extensions();
//检查PHP版本,需要大于7.0小于8.0
//检查PHP版本,需要大于5.6小于8.0
$php_version = floatval(PHP_VERSION);
$uri = $_SERVER["REQUEST_URI"];
if( ( $php_version < 7 ) || ( $php_version > 8 ) ) {
exit("当前PHP版本{$php_version}不满足要求,需要7.0 <= PHP <= 7.4");
if( ( $php_version < 5.6 ) || ( $php_version > 8 ) ) {
exit("当前PHP版本{$php_version}不满足要求,需要5.6 <= PHP <= 7.4");
}
//检查是否支持pdo_sqlite
if ( !array_search('pdo_sqlite',$ext) ) {
exit("不支持PDO_SQLITE组件,请先开启!");
}
if ( !array_search('openssl', $ext) ) {
exit("不支持OPENSSL组件,请先开启!");
}
//检查是否支持zlib
if ( !array_search('zlib', $ext) ) {
exit("不支持ZLIB组件,请先开启!");
}
//检查是否支持curl
if ( !array_search('curl', $ext) ) {
exit("不支持CURL组件,请先开启!");
}
//如果配置文件存在
if( file_exists("data/config.php") ) {
exit("配置文件已存在,无需再次初始化!");
@ -103,9 +88,7 @@ function init($data){ @@ -103,9 +88,7 @@ function init($data){
//替换内容
$content = str_replace('{email}',$data['email'],$content);
$content = str_replace('{username}',$data['username'],$content);
// $content = str_replace('{password}',$data['password'],$content);
// 存入加密后的密码,用户名 + 密码,再进行MD5加密
$content = str_replace('{encrypted_password}',md5($data['username'].$data['password']),$content);
$content = str_replace('{password}',$data['password'],$content);
//写入配置文件
if( !file_put_contents($config_file,$content) ) {

9
controller/login.php

@ -7,8 +7,7 @@ @@ -7,8 +7,7 @@
require('functions/helper.php');
$username = $site_setting['user'];
// 加密后的密码
$password = ENCRYPTED_PASSWORD;
$password = $site_setting['password'];
$ip = getIP();
//如果认证通过,直接跳转到后台管理
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);
@ -26,10 +25,8 @@ if( is_login() ){ @@ -26,10 +25,8 @@ if( is_login() ){
//登录检查
if( $_GET['check'] == 'login' ) {
$user = trim($_POST['user']);
$pass = trim($_POST['password']);
// 用户密码进行加密处理,加密算法为用户名 + 密码,再进行MD5加密
$pass = md5($user.$pass);
$user = $_POST['user'];
$pass = $_POST['password'];
header('Content-Type:application/json; charset=utf-8');
if( ($user === $username) && ($pass === $password) ) {
$key = md5($username.$password.'onenav'.$_SERVER['HTTP_USER_AGENT']);

2
templates/admin/edit_link_new.php

@ -22,7 +22,7 @@ @@ -22,7 +22,7 @@
<div class="layui-form-item">
<label class="layui-form-label">URL</label>
<div class="layui-input-block">
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
<input type="url" id = "url" name="url" value = "<?php echo $link['url']; ?>" required lay-verify="required|url" placeholder="请输入有效链接" autocomplete="off" class="layui-input">
</div>
</div>

2
templates/admin/footer.php

@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
<div class="layui-footer">
<!-- 底部固定区域 -->
© Copyright <?php echo date("Y"); ?>.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>.
© Copyright 2024.Powered by <a href="https://www.onenav.top/" rel = "nofollow" target="_blank">OneNav</a>.
</div>
</div>
</body>

Loading…
Cancel
Save