renun/TwoNav
1
0
Fork 0
mirror of https://github.com/tznb1/TwoNav.git synced 2025-08-10 08:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

v2.0.40-20230916

Browse Source
This commit is contained in:
MI15\Win
2023-09-16 23:26:09 +08:00
parent cdeea3ff36
commit 06eb605e9a
37 changed files with 162 additions and 2783 deletions
Download Patch File Download Diff File Expand all files Collapse all files

349
system/UseFew/local_backup.php
View File

@@ -7,352 +7,5 @@ if(!defined('DIR')){
if(!is_subscribe('bool')){
msg(-1,"未检测到有效授权,无法使用该功能!");
}
if($_GET['type'] == 'list'){
$backup_dir = DIR."/data/backup/".U."/"; //备份目录
$file_list = glob("{$backup_dir}*.info"); //扫描文件
$num = count($file_list); //取列表数
rsort($file_list,2); //按时间从大到小重排序
//备份文件数大于20个时删除旧数据
if( $num > 20 ) {
for ($i=$num; $i > 20; $i--) {
$path = pathinfo($file_list[$i-1]);
$path = $path['dirname'] .'/'. $path['filename'];
unlink($path.'.info');
unlink($path.'.db3');
unlink($path.'.tar');
array_pop($file_list);
}
$count = 20;
}else{
$count = $num;
}
$data = [];
//遍历读入备份信息
foreach ($file_list as $key => $filePath) {
$file = pathinfo($filePath);
$info_file = @file_get_contents("{$file['dirname']}/{$file['filename']}.info");
$info = json_decode($info_file,true);
if($info != false){
array_push($data,$info);
}
}
msgA( ['code' => 1,'msg' => '','count' => $count,'data' => $data] );
}elseif($_GET['type'] == 'backup'){
//初始信息
$info['user_dir'] = DIR."/data/user/".U;
$info['backup_dir'] = DIR."/data/backup/".U; //备份目录
$info['file'] = SysVer . "_".date("ymdHis",time())."_".Get_Rand_Str(5);
$info['file_db'] = $info['backup_dir'] .'/'. $info['file'].'.db3';
$info['file_info'] = $info['backup_dir'] .'/'. $info['file'].'.info';
$info['file_gz'] = $info['backup_dir'] .'/'. $info['file'].'.tar';
$info['table_arr'] = ['user_config','user_categorys','user_links','user_pwd_group','user_apply','user_share','user_article_list'];
$info['lock'] = DIR.'/data/user/'.U.'/lock.'.UID;
if (!extension_loaded('phar')) {
msg(-1,'不支持phar扩展');
}elseif(!is_dir($info['backup_dir']) && !mkdir($info['backup_dir'],0755,true) ){
msg(-1,'创建backup目录失败');
}elseif(!is_file($info['lock']) && !file_put_contents($info['lock'],'TwoNav')){
msg(-1,'创建lock文件失败');
}
//打包用户文件
try {
$phar = new PharData($info['file_gz']);
$phar->buildFromDirectory($info['user_dir']);
} catch (Exception $e) {
msg(-1,'打包用户数据发生异常>'.$e->getMessage());
}
//创建数据
try {
$MyDB = new Medoo\Medoo(['type'=>'sqlite','database'=>$info['file_db']]);
$MyDB->query('CREATE TABLE IF NOT EXISTS "backup" ("id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,"name" TEXT,"data" TEXT,CONSTRAINT "id" UNIQUE ("id" ASC));')->fetchAll();
$MyDB->insert('backup',['name'=>'ver','data'=>SysVer]); //记系统版本
$MyDB->insert('backup',['name'=>'backup_time','data'=>time()]); //记备份时间
$MyDB->insert('backup',['name'=>'database_type','data'=>$GLOBALS['db_config']['type']]); //数据库类型
}catch (Exception $e) {
Amsg(-1,'创建备份数据库失败');
}
//开始备份数据
$table_info = [];
foreach($info['table_arr'] as $table_name){
$count = count_db($table_name,['uid'=>UID]); //总条数
$limit = 100; //每页数量
$pages= ceil($count/$limit); //总页数
//分页逐条处理
for ($page=1; $page<=$pages; $page++) {
$where['uid'] = UID;
$where['LIMIT'] = [($page - 1) * $limit,$limit];
$datas = select_db($table_name,'*',$where);
foreach($datas as $data){
try {
if(isset($data['id'])){
unset($data['id']);
}
$MyDB->insert('backup',['name'=>$table_name,'data'=>$data]);
}catch (Exception $e) {
Amsg(-1,'插入数据时发生异常');
}
}
}
$table_info[$table_name] = ['count'=>$count,'pages'=>$pages];
}
//备份信息
$info['info'] = [
"name" => $info['file'],
"db_size" => filesize($info['file_db']),
"db_md5" => md5_file($info['file_db']),
"tar_size" => filesize($info['file_gz']),
"tar_md5" => md5_file($info['file_gz']),
"backup_time" => time(),
"version" => SysVer,
"desc" => "{$_POST['desc']}"
];
$info['info'] = array_merge($table_info,$info['info']);
$info['info'] = json_encode($info['info']);
//写到文件
if(file_put_contents($info['file_info'], $info['info']) === false){
msg(-1,'写备份信息失败');
}
msg(1,'备份成功');
//删除备份
}elseif($_GET['type'] == 'del'){
$path = DIR."/data/backup/".U."/".$_POST['name'];
if( !preg_match_all('/^v\d+\.\d+\.\d+-\d{8}_\d{12}_[A-Za-z0-9]{5}$/',$_POST['name']) ) {
msg(-1,'数据库名称不合法');
}elseif(!is_file($path.'.info')){
msg(-1,'备份不存在');
}elseif(!extension_loaded('phar')) {
msg(-1,'不支持phar扩展');
}
try {
unlink($path.'.info');
unlink($path.'.db3');
unlink($path.'.tar');
msg(1,'备份数据库已被删除');
} catch (\Throwable $th) {
msg(-1,"删除失败,请检查目录权限");
}
//回滚备份
}elseif($_GET['type'] == 'restore'){
try {
global $db;
header('Content-Type:application/json; charset=utf-8');
//使用事务来处理
$db->action(function($db) {
//检测是否符合回滚要求
$path = DIR."/data/backup/".U."/".$_POST['name'];
if( !preg_match_all('/^v\d+\.\d+\.\d+-\d{8}_\d{12}_[A-Za-z0-9]{5}$/',$_POST['name']) ) {
msg(-1,'数据库名称不合法');
}
$info_file = @file_get_contents($path.'.info');
$info = json_decode($info_file,true);
if($info == false){
msg(-1,'读取备份信息失败');
}elseif($info['db_md5'] != md5_file($path.'.db3')){
msg(-1,'db3文件效验失败');
}elseif($info['tar_md5'] != md5_file($path.'.tar')){
msg(-1,'tar文件效验失败');
}
//载入数据库
try {
$MyDB = new Medoo\Medoo(['type'=>'sqlite','database'=>$path.'.db3']);
}catch (Exception $e) {
msg(-1,'载入备份数据库失败');
return false;
}
//遍历删除用户数据
$info['table_arr'] = ['user_config','user_categorys','user_links','user_pwd_group','user_apply','user_share','user_article_list'];
foreach($info['table_arr'] as $table_name){
//删除数据
delete_db($table_name,['uid'=>UID]);
//确保数据已删除
if($db->has($table_name,['uid'=>UID])){
msg(-1,'del ' . $table_name . ' fail');
}
//读取条数,分页逐条导入
$count = $MyDB->count('backup',['name'=>$table_name]); //总条数
$limit = 100; //每页数量
$pages= ceil($count/$limit); //总页数
for ($page=1; $page<=$pages; $page++) {
$where['name'] = $table_name;
$where['LIMIT'] = [($page - 1) * $limit,$limit];
$datas = $MyDB->select('backup','data',$where);
foreach($datas as $key => $data){
$data = unserialize($data);
//处理null
foreach ($data as $key => $value) {
if ($value === null) {
$data[$key] = '';
}
}
if(isset($data['id'])){
unset($data['id']);
}
$data['uid'] = UID;
insert_db($table_name,$data);
}
}
//确保数据已导入
if($count != count_db($table_name,['uid'=>UID])){
msg(-1,'restore ' . $table_name . ' fail');
}
}
//删除用户目录
$user_dir = DIR."/data/user/".U;
if(is_dir($user_dir) && !deldir($user_dir)){
msg(-1,'删除用户目录失败');
}
//创建用户目录
if(!is_dir($user_dir) && !mkdir($user_dir,0755,true)){
msg(-1,'创建用户目录失败');
}
//回滚用户目录
try {
$phar = new PharData($path.'.tar');
$phar->extractTo($user_dir, null, true);
} catch (Exception $e) {
msg(-1,'回滚用户数据失败');
}
//返回信息,直接msg会导致回滚
header('Content-Type:application/json; charset=utf-8');
echo(json_encode(['code'=>1,'msg'=>'回滚成功']));
});
} catch (\Throwable $th) {
msg(-1,"回滚失败");
}
//导出密码验证
}elseif($_GET['type'] == 'create'){
global $USER_DB;
$pwd = Get_MD5_Password($_POST['pwd'],$USER_DB["RegTime"]) === $USER_DB["Password"];
if(!$pwd){
msg(-1,'密码错误');
}elseif(empty($_POST['name'])){
msg(-1,'文件名不能为空');
}elseif(!extension_loaded('phar')) {
msg(-1,'不支持phar扩展');
}
$path = DIR."/data/backup/".U."/".$_POST['name'];
if(!is_file($path.'.info')){
msg(-1,'info文件不存在');
}elseif(!is_file($path.'.db3')){
msg(-1,'db3文件不存在');
}elseif(!is_file($path.'.tar')){
msg(-1,'tar文件不存在');
}
session_start();
$key = md5(uniqid().Get_Rand_Str(8));
try {
$temp_dir = DIR."/data/temp/{$key}";
if(!is_dir($temp_dir) && !mkdir($temp_dir,0755,true)){
msg(-1,'创建临时目录失败');
}
copy($path.'.info',"{$temp_dir}/{$_POST['name']}.info");
copy($path.'.db3',"{$temp_dir}/{$_POST['name']}.db3");
copy($path.'.tar',"{$temp_dir}/{$_POST['name']}.tar");
$backup_path = "{$temp_dir}/TwoNav_{$_POST['name']}.tar";
$phar = new PharData($backup_path);
$phar->buildFromDirectory($temp_dir);
$phar->compress(Phar::GZ);
$backup_path .= ".gz";
if(!is_file($backup_path)){
msg(-1,'打包数据失败');
}
} catch (Exception $e) {
msg(-1,'压缩数据异常');
}
$_SESSION['download'][$key] = $backup_path;
msgA(['code'=>1,'msg'=>'success','key'=>$key]);
//下载备份数据
}elseif($_GET['type'] == 'download'){
session_start();
if(empty($_GET['key']) || !isset($_SESSION['download'][$_GET['key']])){
msg(-1,'Key不存在,请重新导出');
}
$path = $_SESSION['download'][$_GET['key']];
if(!is_file($path)){
msg(-1,'文件不存在,请重新导出');
}
$filename = pathinfo($path,PATHINFO_BASENAME);
header("Cache-Control: public");
header("Content-Description: File Transfer");
header('Content-disposition: attachment; filename='.$filename); //文件名
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary"); //告诉浏览器,这是二进制文件
header('Content-Length: '. filesize($path)); //告诉浏览器,文件大小
readfile($path); //返回文件
unlink ($path);//删除临时文件
unset($_SESSION['download'][$_GET['key']]); //删除Key
deldir(DIR."/data/temp/{$_GET['key']}"); //删除临时目录
//导入
}elseif($_GET['type'] == 'local_import'){
if (!extension_loaded('phar')) {
msg(-1,'不支持phar扩展');
}
$key = md5(uniqid().Get_Rand_Str(8));
$temp_dir = DIR."/data/temp/{$key}";
if(!is_dir($temp_dir) && !mkdir($temp_dir,0755,true)){
msg(-1,'创建临时目录失败');
}
//解压数据
try {
copy($_FILES['file']['tmp_name'],"{$temp_dir}/{$_FILES['file']['name']}");
$phar = new PharData("{$temp_dir}/{$_FILES['file']['name']}");
$phar->extractTo($temp_dir, null, true);
unlink("{$temp_dir}/{$_FILES['file']['name']}");
} catch (Exception $e) {
deldir($temp_dir);
msg(-1,'解压数据失败');
}
//获取备份信息
$file = glob("{$temp_dir}/*.info");
if(count($file) != 1){
deldir($temp_dir);
msg(-1,'读取备份信息失败');
}
$file = pathinfo($file[0]);
$info = @file_get_contents("{$temp_dir}/{$file['basename']}");
$info = json_decode($info,true);
if($info == false){
deldir($temp_dir);
msg(-1,'解析备份信息失败');
}elseif($info['db_md5'] != md5_file("{$temp_dir}/{$info['name']}.db3")){
deldir($temp_dir);
msg(-1,'db3文件效验失败'.$info['db_md5']);
}elseif($info['tar_md5'] != md5_file("{$temp_dir}/{$info['name']}.tar")){
deldir($temp_dir);
msg(-1,'tar文件效验失败');
}
//检查目录
if(!Check_Path(DIR."/data/backup/".U)){
msg(-1,'创建backup目录失败,请检查权限');
}
//复制到用户数据
try {
$backup_dir = DIR."/data/backup/".U."/";
copy("{$temp_dir}/{$info['name']}.info","{$backup_dir}{$info['name']}.info");
copy("{$temp_dir}/{$info['name']}.db3", "{$backup_dir}{$info['name']}.db3");
copy("{$temp_dir}/{$info['name']}.tar", "{$backup_dir}{$info['name']}.tar");
deldir($temp_dir);
msg(1,'导入成功');
} catch (Exception $e) {
deldir($temp_dir);
msg(-1,'复制数据失败,请检查目录权限');
}
//结束
}
msg(1,'请更新系统后再试');
}

96
system/admin.php
View File

@@ -88,102 +88,6 @@ if($page == 'config_home'){
exit;
}
//主题设置页面
if( $page == 'theme_home' || $page == 'theme_login' || $page == 'theme_transit' || $page == 'theme_register' || $page == 'theme_guide' || $page == 'theme_article') {
if(!check_purview('theme_in',1)){
require(DIR.'/templates/admin/page/404.php');
exit;
}
$fn = str_replace('theme_','',$page);
$dirs = get_dir_list(DIR.'/templates/'.$fn);
foreach ($dirs as $dir) {
$path = DIR.'/templates/'.$fn.'/'.$dir; //目录完整路径
//没有信息文件则跳过
if(!is_file($path.'/info.json') ) {continue;}
//读取主题信息
$themes[$dir]['info'] = json_decode(@file_get_contents($path.'/info.json'),true);
//是否支持配置
$themes[$dir]['info']['config'] = is_file($path.'/config.php') ? '1':'0';
//预览图优先顺序:png>jpg>info>default
if(is_file($path.'/screenshot.jpg')){
$themes[$dir]['info']['screenshot'] = "./templates/$fn/$dir/screenshot.jpg";
}elseif(is_file($path.'/screenshot.png')){
$themes[$dir]['info']['screenshot'] = "./templates/$fn/$dir/screenshot.png";
}elseif(empty($themes[$dir]['info']['screenshot'])){
$themes[$dir]['info']['screenshot'] = "./templates/admin/static/42ed3ef2c4a50f6d.png";
}
}
//获取当前主题
require "./system/templates.php";
//在线主题处理
if ( !$global_config['offline'] && $USER_DB['UserGroup'] === 'root'){
if(preg_match('/^v.+-(\d{8})$/i',SysVer,$matches)){
$sysver = intval( $matches[1] );//取版本中的日期
}else{
exit("获取程序版本异常");
}
//读取缓存
$template = get_db('global_config','v',['k'=>$page.'_cache']);
if(!empty($template)){
$data = json_decode($template, true);
}
//没有缓存 或 禁止缓存 或 缓存过时
if(empty($template) || $_GET['cache'] === 'no' || time() - $data["time"] > 1800 ){
$urls = [
"lm21" => "https://update.lm21.top/TwoNav/{$fn}_template.json",
"gitee" => "https://gitee.com/tznb/twonav_updata/raw/master/{$fn}_template.json"
];
$Source = $global_config['Update_Source'] ?? '';
if (!empty($Source) && isset($urls[$Source])) {
$urls = [$Source => $urls[$Source]];
}
}else{
$cache = true;
}
//读取超时参数
$overtime = !isset($global_config['Update_Overtime']) ? 3 : ($global_config['Update_Overtime'] < 3 || $global_config['Update_Overtime'] > 60 ? 3 : $global_config['Update_Overtime']);
//远程获取
foreach($urls as $key => $url){
$Res = ccurl($url,$overtime);
$data = json_decode($Res["content"], true);
if($data["code"] == 200 ){ //如果获取成功
$data["time"] = time(); //记录当前时间
write_global_config($page.'_cache',json_encode($data),$fn.'_模板缓存');
break; //跳出循环.
}
}
//解析
foreach($data["data"] as $key){
$path = DIR.'/templates/'.$fn.'/'.$key["dir"];
if( is_dir($path) ) { //本地存在
$value = $key["dir"];
//检查是否可以更新
$update = str_replace('/','',$themes[$value]['info']['update']); //本地主题版本
$update_new = str_replace('/','',$key["update"]); //远程主题版本
if( $sysver >= intval($key["low"]) && $sysver <= intval($key["high"]) && $update < $update_new ){
$themes[$value]['info']['up'] = '1';
}
}else{
//判断是否适配当前系统版本
if( $sysver >= intval($key["low"]) && $sysver <= intval($key["high"]) ){
$value = $key["dir"];
$themes[$value]['info'] = json_decode(json_encode($key),true);
}
}
}
//来源策略 (用于Gitee作为图床反防盗链)
if(!empty($data['referrer'])){
define('referrer',$data['referrer']);
}
}
}
//不带参数是载入框架
if(empty($page)){
$site = unserialize(get_db('user_config','v',['uid'=>UID,'k'=>'s_site']));

300
system/api.php
View File

@@ -750,23 +750,7 @@ function write_link(){
if(!is_subscribe('bool')){
msg(-1,"未检测到有效授权,无法使用该功能!");
}
if(intval($_POST['icon']) > 0){
if(!check_purview('icon_pull',1)){
msg(-1,'您所在的用户组,无法使用网站图标获取功能');
}
$path = DIR ."/data/user/".U."/favicon";
if(!Check_Path($path)){
msg(-1,'创建目录失败,请检查目录权限');
}
$config = unserialize( get_db("global_config", "v", ["k" => "icon_config"])) ?? [];
if($config['o_switch'] == '0'){
msg(-1,'相关服务处于关闭状态,请联系站长开启');
}
}
session_start();
$key = md5(uniqid().Get_Rand_Str(8));
$_SESSION['msg_pull']["$key"] = true;
msgA(['code'=>1,'msg'=>'success','key'=>$key]);
msg(1,'请更新系统后再试');
}elseif($_GET['type'] === 'msg_pull'){
session_start();
$key = $_POST['key'];
@@ -860,39 +844,7 @@ function write_link(){
if(!is_subscribe('bool')){
msg(-1,"未检测到有效授权,无法使用该功能!");
}
if(!check_purview('icon_pull',1)){
msg(-1,'无权限');
}
$link = get_db('user_links','*',['uid'=>UID,'lid'=>$_POST['id']]);
if(empty($link)){
msg(-1,'请求的链接id不存在');
}
$path = DIR ."/data/user/".U."/favicon";
if(!Check_Path($path)){
msg(-1,'创建目录失败,请检查权限');
}
//检查配置
$config = unserialize( get_db("global_config", "v", ["k" => "icon_config"])) ?? [];
if($config['o_switch'] == '0'){
msg(-1,'相关服务处于关闭状态,请联系站长开启');
}
//跳过存在图标的链接
if(empty($_POST['cover']) && !empty($link['icon'])){
msg(1,'skip');
}
$api = Get_Index_URL().'?c=icon&url='.base64_encode($link['url']);
$res = ccurl($api,30,true);
$data = get_db('global_icon','*',['url_md5'=>md5($link['url'])]);
if(empty($data)){
msg(1,'fail');
}
$new_path = "./data/user/".U.'/favicon/'.$data['file_name'];
if(copy("./data/icon/{$data['file_name']}",$new_path)){
update_db('user_links',['icon'=>$new_path],['uid'=>UID ,"lid" => $_POST['id'] ],[1,'success']);
}
msg(1,'fail');
msg(1,'请更新系统后再试');
}elseif($_GET['type'] == 'extend_list'){
if($GLOBALS['global_config']['link_extend'] != 1 ||!check_purview('link_extend',1)){
@@ -991,109 +943,11 @@ function write_security_setting(){
//写收录配置
function write_apply(){
global $global_config;
if($global_config['apply'] != 1){
msg(-1,'管理员禁止了此功能!');
}
if($_GET['type'] == 'set'){
$s['apply'] = intval($_POST['apply']); // 功能选项0.关闭 1.需要审核 2.无需审核
$s['Notice'] = $_POST['Notice']??''; // 公告
$s['submit_limit'] = intval($_POST['submit_limit']); //提交限制
$s['iconurl'] = $_POST['iconurl'];
$s['description'] = $_POST['description'];
$s['email'] = $_POST['email'];
if($s['apply'] < 0 || $s['apply'] > 2 ){
msg(-1,'参数错误!');
}elseif(strlen($s['Notice']) > 512){
msg(-1,'公告长度超限!');
}if(empty($_POST['submit_limit']) || !preg_match("/^\d*$/",$_POST['submit_limit'])){
msg(-1,'提交限制必须为正整数!');
}
write_user_config('apply',$s,'config','收录配置');
msg(1,'保存成功');
}elseif($_GET['type'] == '2'){ //通过
$id = intval($_POST['id']);
$link = get_db("user_apply","*",["uid"=>UID,"id"=> $id ]);
if(empty($id)){
msg(-1,'id错误');
}elseif(empty($link['category_id'])){
msg(-1,'分类id错误');
}elseif(empty($link['title'])){
msg(-1,'标题不能为空');
}elseif(empty($link['url'])){
msg(-1,'链接不能为空');
}elseif($link['state'] != 0){
msg(-1,'此申请信息不是待审核状态!');
}elseif(!empty(get_db('user_links','*',['uid'=>UID,'url'=>$link['url']]))){
msg(-1,'链接已存在');
}
check_link($link['category_id'],$link['title'],$link['url'],''); //检测链接是否合法
$lid = get_maxid('link_id');
$data = [
'lid' => $lid,
'uid' => UID,
'fid' => $link['category_id'],
'title' => $link['title'],
'url' => $link['url'],
'description' => $link['description'],
'add_time' => time(),
'up_time' => time(),
'icon' => $link['iconurl']
];
insert_db('user_links',$data);//插入链接
update_db('user_apply',['state'=>1],['uid'=>UID,'id'=>$id]);//更新状态
msg(1,'操作成功');
}elseif($_GET['type'] == '3'){ //拒绝
update_db('user_apply',['state'=>2],['uid'=>UID,'id'=>intval($_POST['id'])],[1,'操作成功']);//更新状态
}elseif($_GET['type'] == '4'){ //删除
delete_db('user_apply',['uid'=>UID,'id'=>intval($_POST['id'])],[1,'操作成功']);
}elseif($_GET['type'] == 'empty'){ //清空
delete_db('user_apply',['uid'=>UID],[1,'操作成功']); //删除
}elseif($_GET['type'] == 'edit'){ //编辑
$id = intval($_POST['id']);
$link = get_db("user_apply","*",["uid"=>UID,"id"=> $id]);
if(empty($id)){
msg(-1,'id错误');
}elseif(empty($link)){
msg(-1,'未找到数据');
}
$category_id = intval($_POST['edit_category']);
$category_name = get_db("user_categorys","name",["uid"=>UID,"cid"=> $category_id ]);
if(empty($category_name)){
msg(-1,'未找到分类');
}
$data = [
'category_id' => $category_id,
'category_name' => $category_name,
'title' => htmlspecialchars($_POST['title'],ENT_QUOTES),
'url' => $_POST['url'],
'description' => htmlspecialchars($_POST['description'],ENT_QUOTES),
'iconurl' => $_POST['iconurl']
];
update_db('user_apply',$data,['uid'=>UID,'id'=>intval($_POST['id'])]);
msg(1,'修改成功');
}
msg(-1,'不支持的操作类型');
msg(-1,'免费版不支持此功能,请购买授权版');
}
//读收录列表
function read_apply_list(){
$page = empty(intval($_REQUEST['page'])) ? 1 : intval($_REQUEST['page']);
$limit = empty(intval($_REQUEST['limit'])) ? 50 : intval($_REQUEST['limit']);
$offset = ($page - 1) * $limit; //起始行号
$where["uid"] = UID;
//统计条数
$count = count_db('user_apply',$where);
//权重排序(数字小的排前面)
$where['ORDER']['id'] = 'DESC';
//分页
$where['LIMIT'] = [$offset,$limit];
//查询
$datas = select_db('user_apply','*',$where);
msgA(['code'=>1,'msg'=>'获取成功','count'=>$count,'data'=>$datas]);
msgA(['code'=>-1,'msg'=>'免费版不支持此功能,请购买授权版','count'=>0,'data'=>[]]);
}
//写站点设置
@@ -1436,10 +1290,7 @@ function read_theme(){
//没有缓存 或 禁止缓存 或 缓存过时
if(empty($template) || $_GET['cache'] === 'no' || time() - $data["time"] > 1800 ){
$urls = [
"lm21" => "https://update.lm21.top/TwoNav/{$request_dir}_template.json",
"gitee" => "https://gitee.com/tznb/twonav_updata/raw/master/{$request_dir}_template.json"
];
$urls = ["gitee" => "http://tznb.gitee.io/twonav_resource/{$request_dir}_template.json"];
$Source = $global_config['Update_Source'] ?? '';
if (!empty($Source) && isset($urls[$Source])) {
$urls = [$Source => $urls[$Source]];
@@ -1450,7 +1301,7 @@ function read_theme(){
//读取超时参数
$overtime = !isset($global_config['Update_Overtime']) ? 3 : ($global_config['Update_Overtime'] < 3 || $global_config['Update_Overtime'] > 60 ? 3 : $global_config['Update_Overtime']);
//远程获取
foreach($urls as $key => $url){
foreach($urls as $key => $url){
$Res = ccurl($url,$overtime);
$data = json_decode($Res["content"], true);
if($data["code"] == 200 ){ //如果获取成功
@@ -1500,71 +1351,7 @@ function write_theme(){
is_root();
if($global_config['offline']){msg(-1,"离线模式禁止下载主题!");} //离线模式
if(!is_subscribe('bool')){msg(-1,"未检测到有效授权,无法使用该功能!");}
$dir = $_POST['dir'];
$name = $_POST['name'];
if(preg_match('/^v.+-(\d{8})$/i',SysVer,$matches)){
$sysver = intval( $matches[1] );
}else{
msg(-1,"获取程序版本异常");
}
if(!is_writable('./templates')){
msg(-1,"检测到模板目录不可写<br />请检查templates目录权限<br />宝塔面板请注意所有者为www<br />其他疑问请联系技术支持");
}
//从数据库查找主题信息
$template = get_db('global_config','v',['k'=> 'theme_'.$fn.'_cache']);
if(empty($template)){
msg(-1,'-1,未找到数据');
}else{
$data = json_decode($template, true); //转为数组
foreach($data["data"] as $key){
if( $key['dir'] === $dir && $sysver >= intval($key["low"]) && $sysver <= intval($key["high"])){
$file = $key['dir'].".tar.gz";
$filePath = DIR."/data/temp/{$file}";
break; //找到跳出
}
}
if(empty($file)){
msg(-1,'-2,未找到数据');
}
}
//下载主题包
if(!is_dir('./data/temp')) mkdir('./data/temp',0755,true) or msg(-1,'下载失败,创建临时[/data/temp]目录失败');
if(!is_writable('./data/temp')){
msg(-1,"检测到临时目录不可写<br />请检查data/temp目录权限<br />宝塔面板请注意所有者为www<br />其他疑问请联系技术支持");
}
$data = $key;
foreach($data['url'] as $url){
if(downFile( $url , $file , DIR.'/data/temp/')){
$file_md5 = md5_file($filePath);
if($file_md5 === $data['md5']){
$downok = true;
break;//下载成功,跳出循环!
}else{
unlink($filePath);
}
}
}
//判断下载结果
if(!$downok || !file_exists($filePath)){
msg(-1,'-1,下载失败');
}elseif($file_md5 != $data['md5']){
msgA(['code'=>-1,'msg'=> '效验压缩包异常','Correct_md5'=> $data['md5'],'file_md5'=>$file_md5]);
}
//解压主题包
try {
$phar = new PharData($filePath);
$phar->extractTo(DIR.'/templates/'.$fn, null, true); //路径 要解压的文件 是否覆盖
unlink($filePath);//删除文件
} catch (Exception $e) {
msg(-1,'解压主题包失败');
}
//检查结果并返回
if(file_exists(DIR."/templates/$fn/".$data['dir']."/info.json")){
msgA(['code'=>1,'msg'=> '下载成功']);
}else{
msgA(['code'=>-1,'msg'=> '解压后未找到主题信息','url'=> $url,'file_md5'=>$file_md5]);
}
msg(1,'请更新系统后再试');
//删除主题
}elseif($_GET['type'] == 'del'){
@@ -1995,19 +1782,11 @@ function read_data(){
//扩展功能
$extend = [];
if($global_config['apply'] == 1 && check_purview('apply',1)){
array_push($extend,['title'=>'收录管理','href'=>'expand/apply-admin','icon'=>'fa fa-pencil']);
}
if($global_config['guestbook'] == 1 && check_purview('guestbook',1)){
array_push($extend,['title'=>'留言管理','href'=>'expand/guestbook-admin','icon'=>'fa fa-commenting-o']);
}
if($global_config['article'] > 0 && check_purview('article',1)){
array_push($extend,['title'=>'文章管理','href'=>'expand/article-list','icon'=>'fa fa-file-text-o']);
}
if(!empty($extend)){
$extend = ['title'=>'扩展功能','icon'=>'fa fa-folder-open-o','href'=>'','child'=> $extend];
array_push($menu,$extend);
}
array_push($extend,['title'=>'收录管理','href'=>'expand/apply-admin','icon'=>'fa fa-pencil']);
array_push($extend,['title'=>'留言管理','href'=>'expand/guestbook-admin','icon'=>'fa fa-commenting-o']);
array_push($extend,['title'=>'文章管理','href'=>'expand/article-list','icon'=>'fa fa-file-text-o']);
$extend = ['title'=>'扩展功能','icon'=>'fa fa-folder-open-o','href'=>'','child'=> $extend];
array_push($menu,$extend);
//如果是管理员则追加菜单
if($USER_DB['UserGroup'] == 'root'){
@@ -2045,60 +1824,7 @@ function write_article(){
}
//百度推送
function other_baidu_push(){
global $u,$global_config;
if ( $global_config['offline'] == '1'){
msg(-1,"离线模式无法使用此功能");
}
if(!is_subscribe('bool')){
msg(-1,"未检测到有效授权,无法使用该功能!");
}
if(empty($_POST['push_api'])){
msg(-1,'请输入接口地址');
}
if(empty($_POST['id'])){
msg(-1,'请提交链接ID');
}
$host = $_SERVER['HTTP_HOST']; // 获取主机名
$port = isset($_SERVER['SERVER_PORT']) ? ($_SERVER['SERVER_PORT'] == 80 ? '' : ':'.$_SERVER['SERVER_PORT']) : ''; // 获取端口号
$scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://'; // 获取协议
$host = $scheme.$host.$port;
$ids = json_decode($_POST['id']) ?? 0;
if(count($ids)<1){
msg(-1,'解析数据失败,请检查格式是否正确');
}
$urls=[];
if($_POST['type'] == 'link'){
foreach($ids as $id){
$urls[] = "{$host}/{$u}/click/{$id}.html";
}
}elseif($_POST['type'] == 'article'){
foreach($ids as $id){
$urls[] = "{$host}/{$u}/article/{$id}.html";
}
}else{
msg(-1,'无效类型');
}
if(!empty($urls)){
$api = $_POST['push_api'];
write_user_config('baidu_push_api',$api,'config','百度推送API');
$ch = curl_init();
$options = array(
CURLOPT_URL => $api,
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => implode("\n", $urls),
CURLOPT_HTTPHEADER => array('Content-Type: text/plain'),
);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
$result = json_decode($result,true) ?? '';
if(empty($result)){
msg(-1,'推送失败');
}else{
msgA(['code'=>curl_getinfo($ch, CURLINFO_HTTP_CODE),'data'=>$result]);
}
}
msg(-1,'未检测到有效授权,无法使用该功能');
}
//获取链接信息
function other_get_link_info(){

222
system/api_article.php
View File

@@ -1,222 +1,2 @@
<?php if(!defined('DIR')){header('HTTP/1.1 404 Not Found');header("status: 404 Not Found");exit;}
$type = htmlspecialchars(trim($_GET['type']),ENT_QUOTES);
if (function_exists($type) ) {
if($GLOBALS['global_config']['article'] < 1 || !check_purview('article',1)){
msg(-1,'无权限');
}
$type();
}else{
Amsg(-1,'请求类型错误 >> '.$type);
}
//上传图片
function uploadImage(){
global $u;
//权限检测
if(!check_purview('article_image',1)){
msgA(['errno'=>-1,'message'=>'您的用户组无权限上传图片']);
}elseif(empty($_FILES["file"]) || $_FILES["file"]["error"] > 0){
msgA(['errno'=>-1,'message'=>'文件上传失败']);
}
//取后缀并判断是否支持
$suffix = strtolower(end(explode('.',$_FILES["file"]["name"])));
if(!preg_match('/^(jpg|png|gif|bmp|jpeg|svg|webp)$/',$suffix)){
@unlink($_FILES["file"]["tmp_name"]);
msgA(['errno'=>-1,'message'=>'文件格式不被支持']);
}
//限制文件大小
if(filesize($_FILES["file"]["tmp_name"]) > 5 * 1024 * 1024){
msgA(['errno'=>-1,'message'=>'文件大小超限']);
}
//文件临时路径
$ym = date("Ym");
$path = DIR . "/data/user/{$u}/upload/{$ym}/";
//检测目录,不存在则创建!
if(!Check_Path($path)){
msgA(['errno'=>-1,'message'=>'创建upload目录失败,请检查权限']);
}
$tmp_name = 'AI_'.uniqid().'.'.$suffix;
//移动文件
if(!move_uploaded_file($_FILES["file"]["tmp_name"],"{$path}/{$tmp_name}")) {
msgA(['errno'=>-1,'message'=>'上传失败,请检查目录权限']);
}else{
msgA(['errno'=>0,'data'=>['url'=>"./data/user/{$u}/upload/{$ym}/$tmp_name",'alt'=>$_FILES["file"]["name"],'href'=>''],'message'=>'上传成功']);
}
}
//删除图片
function deleteImage(){
global $u;
if(empty($_POST['path'])){
msg(-1,'请求参数错误');
}
$path = $_POST['path'];
$pattern = "/^\.\/data\/user\/{$u}\/upload\/\d{6}\/AI_[A-Za-z0-9_]+\.(jpg|png|gif|bmp|jpeg|svg|webp)$/i";
if(preg_match($pattern,$path) && is_file($path)){
@unlink($path);
}else{
msg(-1,'请求参数错误');
}
//需考虑编辑文章删除封面时未点击保存的情况
if(is_file($path)){
msg(-1,'删除失败');
}else{
msg(1,'删除成功');
}
}
//上传视频
function uploadVideo(){
msgA(['errno'=>-1,'message'=>'未开放']);
global $u;
//权限检测
if(!check_purview('article_image',1)){
msgA(['errno'=>-1,'message'=>'您的用户组无权限上传视频']);
}elseif(empty($_FILES["file"]) || $_FILES["file"]["error"] > 0){
msgA(['errno'=>-1,'message'=>'文件上传失败']);
}
//取后缀并判断是否支持
$suffix = strtolower(end(explode('.',$_FILES["file"]["name"])));
if(!preg_match('/^(avi|mp4|wma|rmvb|rm|flash|3gp|flv)$/',$suffix)){
@unlink($_FILES["file"]["tmp_name"]);
msgA(['errno'=>-1,'message'=>'文件格式不被支持']);
}
//限制文件大小
if(filesize($_FILES["file"]["tmp_name"]) > 20 * 1024 * 1024){
msgA(['errno'=>-1,'message'=>'文件大小超限']);
}
//文件临时路径
$ym = date("Ym");
$path = DIR . "/data/user/{$u}/upload/{$ym}/";
//检测目录,不存在则创建!
if(!Check_Path($path)){
msgA(['errno'=>-1,'message'=>'创建upload目录失败,请检查权限']);
}
$tmp_name = 'AV_'.uniqid().'.'.$suffix;
//移动文件
if(!move_uploaded_file($_FILES["file"]["tmp_name"],"{$path}/{$tmp_name}")) {
msgA(['errno'=>-1,'message'=>'上传失败,请检查目录权限']);
}else{
msgA(['errno'=>0,'data'=>['url'=>"./data/user/{$u}/upload/{$ym}/$tmp_name",'alt'=>$_FILES["file"]["name"],'href'=>''],'message'=>'上传成功']);
}
}
//获取文章列表
function article_list(){
$where['uid'] = UID;
//分类筛选
if(intval(@$_POST['category']) > 0){
$where['AND']['category'] = intval(@$_POST['category']);
}
//状态筛选
if(intval(@$_POST['state']) > 0){
$where['AND']['state'] = intval(@$_POST['state']);
}
//关键字筛选
$query = $_POST['keyword'];
if(!empty($query)){
$where['AND']['OR'] = ["title[~]" => $query,"summary[~]" => $query,"content[~]" => $query];
}
//统计条数
$count = count_db('user_article_list',$where);
//分页
$page = empty(intval($_REQUEST['page'])) ? 1 : intval($_REQUEST['page']);
$limit = empty(intval($_REQUEST['limit'])) ? 50 : intval($_REQUEST['limit']);
$offset = ($page - 1) * $limit; //起始行号
$where['LIMIT'] = [$offset,$limit];
$datas = select_db('user_article_list',['id','title','category','state','password','top','add_time','up_time','browse_count','summary','cover'],$where);
//查询分类
$categorys = select_db('user_categorys',['cid(id)','name'],['uid'=>UID]);
$categorys = array_column($categorys,'name','id');
//为文章添加分类名称
foreach ($datas as &$data) {
$data['category_name'] = $categorys[$data['category']] ?? 'Null';
}
msgA(['code'=>1,'count'=>$count,'data'=>$datas]);
}
//保存文章
function save_article(){
if(empty($_POST['category']) || !has_db('user_categorys',['uid'=>UID,'cid'=>$_POST['category']])){
msg(-1,'分类不存在');
}
$time = time();
//id为空,添加文章
if(empty($_POST['id'])){
insert_db('user_article_list',[
'uid'=>UID,
'title'=>$_POST['title'],
'category'=>$_POST['category'],
'state'=>$_POST['state'],
'password'=>'',
'top'=>0,
'add_time'=>$time,
'up_time'=>$time,
'browse_count'=>0,
'summary'=>$_POST['summary'],
'content'=>$_POST['content'],
'cover'=>$_POST['cover_url'],
'extend'=>''
],[1,'保存成功']);
//存在id,更新文章数据
}else{
if(!has_db('user_article_list',['uid'=>UID,'id'=>$_POST['id']])){
msg(-1,'文章id错误');
}
update_db('user_article_list',[
'title'=>$_POST['title'],
'category'=>$_POST['category'],
'state'=>$_POST['state'],
'up_time'=>$time,
'summary'=>$_POST['summary'],
'content'=>$_POST['content'],
'cover'=>$_POST['cover_url']
],['uid'=>UID,'id'=>$_POST['id']],[1,'保存成功']);
}
}
//删除文章
function del_article(){
$id = json_decode($_POST['id']);
if(empty($id)) msg(-1,'参数错误');
delete_db('user_article_list',['uid'=>UID,'id'=>$id],[1,'操作成功']);
}
//修改分类
function up_category(){
$id = json_decode($_POST['id']);
if(empty($id)) msg(-1,'参数错误');
if(empty($_POST['category_id']) || !has_db('user_categorys',['uid'=>UID,'cid'=>$_POST['category_id']])){
msg(-1,'分类不存在');
}
update_db('user_article_list',['category'=>$_POST['category_id']],['uid'=>UID,'id'=>$id],[1,'操作成功']);
}
//修改状态
function up_state(){
$id = json_decode($_POST['id']);
if(empty($id)) msg(-1,'参数错误');
if(!in_array($_POST['state_id'],['1','2','3','4'])){
msg(-1,'状态参数错误');
}
update_db('user_article_list',['state'=>$_POST['state_id']],['uid'=>UID,'id'=>$id],[1,'操作成功']);
}
//保存设置 (与站点配置共享)
function save_article_set(){
//检查配置参数
if(!in_array($_POST['visual'],['0','1','2']) || !in_array($_POST['icon'],['0','1','2'])){
msg(-1,'参数错误');
}
//读取站点配置
$s_site = unserialize(get_db('user_config','v',['uid'=>UID,'k'=>'s_site']));
$s_site['article_visual'] = $_POST['visual'];
$s_site['article_icon'] = $_POST['icon'];
update_db("user_config",["v"=>$s_site],["k"=>'s_site',"uid"=>UID],[1,'保存成功']);
}
msg(-1,'未检测到有效授权,无法使用该功能');

429
system/api_root.php
View File

@@ -33,76 +33,52 @@ function other_upsys(){
msg(-1,"文件夹不可写 >> $path");
}
}
$_SESSION['upsys']['sysver'] = intval($matches[1]);
usleep(1000*300); //延迟300毫秒
msg(1,'success');
}
//下载更新包
if($_POST['i'] == 2){
//检查授权状态
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权,请
<a href="https://gitee.com/tznb/TwoNav/wikis/pages?sort_id=7968669&doc_id=3767990" target="_blank" style="color: #01AAED;">购买授权</a>
<a href="https://gitee.com/tznb/TwoNav/wikis/pages?sort_id=8013447&doc_id=3767990" target="_blank" style="color: #01AAED;">手动更新</a>');
}
$subscribe = unserialize(get_db('global_config','v',["k" => "s_subscribe"]));
if(!isset($subscribe['public']) || empty($subscribe['public'])){
msg(-1,'
错误原因: 未检测到授权秘钥<br />如何处理: <br />
&nbsp;&nbsp; 1. 转到<a href="./index.php?c=admin&u='.U.'#root/vip" target="_blank" style="color: #01AAED;">授权管理</a>页面点击保存设置<br />
&nbsp;&nbsp; 2. 提示保存成功后在尝试更新');
}
$_SESSION['upsys']['sysver'] = intval($matches[1]);
usleep(1000*300); //延迟300毫秒
msg(1,'success');
}
//下载更新包
if($_POST['i'] == 2){
//设置执行最长时间0为无限制。单位秒!
set_time_limit(5*60);
$overtime = !isset($GLOBALS['global_config']['Update_Overtime']) ? 3 : ($GLOBALS['global_config']['Update_Overtime'] < 3 || $GLOBALS['global_config']['Update_Overtime'] > 60 ? 3 : $GLOBALS['global_config']['Update_Overtime']);
//加载远程数据
$urls = [
"lm21" => "https://update.lm21.top/TwoNav/updata.json",
"gitee" => "https://gitee.com/tznb/twonav_updata/raw/master/updata.json"
];
$Source = $GLOBALS['global_config']['Update_Source'] ?? '';
if (!empty($Source) && isset($urls[$Source])) {
$urls = [$Source => $urls[$Source]];
}
foreach($urls as $key => $url){
$Res = ccurl($url,$overtime);
$data = json_decode($Res["content"], true);
if($data["code"] == 200 ){ //如果获取成功
break; //跳出循环.
}
}
//请求获取更新包
$Res = ccurl("http://service.twonav.cn/service.php",30,true,data_encryption('updateSystem',['sysver'=>$_SESSION['upsys']['sysver']]));
$data = json_decode($Res["content"], true);
if($data["code"] != '200'){
msg(-1,'获取更新信息失败,请稍后再试..');
msg(-1,$data['msg'] ?? '获取更新信息失败,请稍后再试..');
}
foreach($data["data"] as $key){
if( $_SESSION['upsys']['sysver'] >= $key["low"] && $_SESSION['upsys']['sysver'] <= $key["high"] && $key["update"] > $_SESSION['upsys']['sysver']){
$file = "System_Upgrade.tar.gz";
$filePath = "./data/temp/{$file}";
$data = $key;
break; //找到跳出
}
}
if(empty($file)){
msg(-1,'暂无可用更新');
}
$file = "System_Upgrade.tar.gz";
$filePath = "./data/temp/{$file}";
//下载升级包
unlink($filePath);
foreach($data["url"] as $url){
if(downFile($url,$file,'./data/temp/')){
$file_md5 = md5_file($filePath);
if($file_md5 === $data['md5']){
break; //下载成功,跳出循环
}else{
unlink($filePath); //下载失败,删除文件
}
if(downFile($data['url'],$file,'./data/temp/')){
$file_md5 = md5_file($filePath);
if($file_md5 != $data['md5']){
unlink($filePath);
msg(-1,'更新包校验失败,请重试或联系客服');
}
}
//检查下载结果
if(empty($file_md5) ){
}else{
msg(-1,'下载更新包失败');
}elseif($file_md5 != $data['md5']){
msgA(['code'=>-1,'msg'=> '升级包效验失败','correct_md5'=> $data['md5'],'reality_md5'=>$file_md5]);
}
//sleep(1);
msg(1,'success');
}
@@ -199,6 +175,7 @@ function other_upsys(){
msgA(['code'=>-1,'msg'=>'步骤错误']);
}
//读用户列表
function read_user_list(){
$query = $_POST['query'];
@@ -261,19 +238,7 @@ function read_users_list(){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
$purview_list = select_db('purview_list','name','');
$datas = select_db('user_group',['id','name','allow','code','codes','uname'],'');
foreach ($datas as $key => $data){
$datas[$key]['codes'] = unserialize($datas[$key]['codes']);
if(empty($datas[$key]['codes'])){
$datas[$key]['disable'] = $purview_list;//为空表示全部
}else{
$datas[$key]['disable'] = array_diff($purview_list,explode(",", $data['allow']));
}
$datas[$key]['disable'] = implode(',',$datas[$key]['disable']); //数组转文本
}
msgA(['code'=>1,'msg'=>'获取成功','count'=>count($datas),'data'=>$datas]);
msg(1,'请更新系统后再试');
}
//写用户组
@@ -289,123 +254,13 @@ function write_users(){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
$USER = $_POST['uname'];
$USER_ID = '';
if(!empty($USER)){
$USER_ID = get_db("global_user", "ID", ["User"=>$USER]);
if(empty($USER_ID)){msg(-1,'蓝图用户不存在');}
}
if($_GET['type'] == 'add'){
if(!empty(get_db('user_group','code',['code' => $_POST['code']]))){
msg(-1,'分组代号已存在');
}elseif(!empty(get_db('user_group','name',['name' => $_POST['name']]))){
msg(-1,'分组名称已存在');
}
insert_db('user_group',["uname"=>$USER,"uid"=>$USER_ID,"code"=>$_POST['code'],"name"=>$_POST['name'],"allow"=>$_POST['allow_list'],"codes"=>json_decode($_POST['allow_code_list'])],[1,'添加成功']);
}elseif($_GET['type'] == 'edit'){
if(empty(get_db('user_group','code',['code' => $_POST['code']]))){
msg(-1,'此分组代号不存在');
}elseif(!empty(get_db('user_group','name',['name' => $_POST['name'],'code[!]'=>$_POST['code']]))){
msg(-1,'分组名称已存在');
}
update_db('user_group',["uname"=>$USER,"uid"=>$USER_ID,"name"=>$_POST['name'],'allow'=>$_POST['allow_list'],'codes'=>json_decode($_POST['allow_code_list']) ],['code'=>$_POST['code']],[1,'保存成功']);
}elseif($_GET['type'] == 'del'){
global $global_config;
if(!empty(get_db('global_user','ID',['UserGroup' => $_POST['code']]))){
msg(-1,'无法删除,有用户正在使用此用户组');
}elseif(!empty(get_db('regcode_list','regcode',['u_group' => $_POST['code']]))){
msg(-1,'无法删除,存在使用此用户组的注册码');
}elseif($global_config['default_UserGroup'] == $_POST['code']){
msg(-1,'无法删除,正在被使用:系统设置>默认分组');
}
delete_db('user_group',["code" => $_POST['code'] ],[1,'删除成功']);
}
msg(1,'请更新系统后再试');
}
//写用户信息
function write_user_info(){
switch ($_GET['type']) {
//删除
case "Del":
$uids = json_decode($_POST['ID']);
$USER_S = select_db('global_user','User',['ID'=>$uids]);
foreach($USER_S as $USER){
if(is_dir(DIR.'/data/user/'.$USER)){
deldir(DIR.'/data/user/'.$USER);
if(is_dir(DIR.'/data/user/'.$USER)){
msg(1,'删除用户数据目录失败,用户名:'.$USER);
}
}
if(is_dir(DIR.'/data/backup/'.$USER)){
deldir(DIR.'/data/backup/'.$USER);
if(is_dir(DIR.'/data/backup/'.$USER)){
msg(1,'删除用户备份目录失败,用户名:'.$USER);
}
}
}
foreach (['regcode_list','user_categorys','user_config','user_count','user_links','user_log','user_login_info'] as $table){
delete_db($table,[ "uid" => $uids ]);
}
delete_db('global_user',["ID" => $uids]);
msg(1,'删除成功');
break;
//删除OTP验证
case "Del_OTP":
$uids = json_decode($_POST['ID']);
$USER_S = select_db('global_user',['LoginConfig','ID','User'],['ID'=>$uids]);
$fail = 0;
foreach($USER_S as $USER){
$LoginConfig = unserialize($USER['LoginConfig']);
if(empty($LoginConfig['totp_key'])){
$fail ++;
continue;
}
$LoginConfig['totp_key'] = '';
update_db("global_user", ["LoginConfig" => $LoginConfig], ["ID" => $USER['ID']]);
}
if($fail > 0){
msg(1,'操作完毕,有'.$fail.'个账号未开启OTP双重验证');
}
msg(1,'操作成功');
break;
//设用户组
case "set_UserGroup":
if(empty($_POST['UserGroup'])){
msg(-1,'用户组不能为空');
}elseif(!in_array($_POST['UserGroup'],['default','root']) && empty(get_db('user_group','code',['code' => $_POST['UserGroup']]))){
msg(-1,'用户组不存在');
}
update_db('global_user',['UserGroup'=>$_POST['UserGroup']],["ID" => json_decode($_POST['ID']) ],[1,'修改成功']);
break;
//设密码
case "set_pwd":
if(!has_db('global_user',['ID'=>$_POST['ID']])){
msg(-1,'用户不存在!');
}
//空字符串md5 防止意外出现空密码
if( $_POST['new_pwd']== 'd41d8cd98f00b204e9800998ecf8427e'){
msg(-1,'密码不能为空');
}
$RegTime = get_db('global_user','RegTime',['ID'=>$_POST['ID']]);
update_db('global_user',['Password'=>Get_MD5_Password($_POST['new_pwd'],$RegTime)],["ID" => $_POST['ID'] ],[1,'修改成功']);
break;
//设邮箱
case "set_email":
if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$_POST['new_email'])){
msg(-1,'邮箱错误!');
}
if(has_db('global_user',['Email'=>$_POST['new_email']])){
msg(-1,'邮箱已存在!');
}
update_db('global_user',['Email'=>$_POST['new_email']],["ID" => $_POST['ID'] ],[1,'修改成功']);
break;
default:
msg(-1,'操作类型错误');
}
msg(-1,'未检测到有效授权,无法使用该功能');
}
//读注册码列表
@@ -413,29 +268,7 @@ function read_regcode_list(){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
$page = empty(intval($_REQUEST['page'])) ? 1 : intval($_REQUEST['page']);
$limit = empty(intval($_REQUEST['limit'])) ? 50 : intval($_REQUEST['limit']);
$offset = ($page - 1) * $limit; //起始行号
$where = [];
//统计条数
$count = count_db('regcode_list',$where);
//分页
$where['LIMIT'] = [$offset,$limit];
//排序
$where['ORDER']['id'] = 'DESC';
//查询
$datas = select_db('regcode_list','*',$where);
//用户组处理
if(!empty($datas)){
$user_group = select_db('user_group',['name','code'],'');//读用户组
$user_group = array_column($user_group, 'name', 'code');//以代号为键
$user_group['root'] = '站长';
$user_group['default'] = '默认';
foreach ($datas as $key => $data){
$datas[$key]['UserGroupName'] = $user_group[$data['u_group']]??'Null';
}
}
msg(1,'请更新系统后再试');
msgA(['code'=>1,'msg'=>'获取成功','count'=>$count,'data'=>$datas]);
}
@@ -445,43 +278,14 @@ function write_regcode(){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
if($_GET['type'] == 'generate'){
if(!in_array($_POST['group'] ,['default']) && empty(get_db('user_group','code',['code' => $_POST['group'] ]))){
msg(-1,'用户组不存在');
}
$t = time();
for ($i=1; $i<=$_POST['number']??1; $i++){
if($_POST['regcode_length'] == 8){
$regcode = hash("crc32b",uniqid());
}elseif($_POST['regcode_length'] == 36){
$regcode = $db::raw("UUID()");
}else{
$regcode = md5(uniqid());
}
insert_db('regcode_list',["uid"=>UID,"regcode"=>$regcode,"u_group"=>$_POST['group'],"use_state"=>'未使用',"add_time"=>$t,"use_time"=>0]);
}
msg(1,'注册码已生成');
}elseif($_GET['type'] == 'set'){
write_global_config('reg_tips',$_POST['content'],'注册提示');
msg(1,'保存成功');
}elseif($_GET['type'] == 'del'){
delete_db("regcode_list",[ "id" => json_decode($_POST['id'])]);
msg(1,'删除成功');
}
msg(-1,'无效的请求类型');
msg(1,'请更新系统后再试');
}
//写订阅信息
function write_subscribe(){
global $USER_DB;
$data['order_id'] = htmlspecialchars( trim($_REQUEST['order_id']) ); //获取订单ID
$data['email'] = htmlspecialchars( trim($_REQUEST['email']) ); //获取邮箱
$data['end_time'] = htmlspecialchars( trim($_REQUEST['end_time']) );//到期时间
$data['domain'] = htmlspecialchars( trim($_REQUEST['domain']) );//支持域名
$data = $_POST;
$data['host'] = $_SERVER['HTTP_HOST']; //当前域名
if(empty($data['order_id']) && empty($data['email']) && empty($data['end_time'])){
write_global_config('s_subscribe','','订阅信息');
@@ -504,8 +308,9 @@ function write_subscribe(){
}
}
}
if(stristr($data['domain'],$data['host'])){
//unset($data['public']); // 记得删除
write_global_config('s_subscribe',$data,'订阅信息');
msg(1,'保存成功');
}else{
@@ -527,16 +332,6 @@ function write_sys_settings(){
msg(-1,'默认账号不存在');
}elseif(!empty($_POST['default_UserGroup']) && empty(get_db('user_group','code',['code' => $_POST['default_UserGroup']]))){
msg(-1,'默认分组代号不存在');
}elseif($_POST['Sub_domain'] == 1){
if(preg_match('/\.(com|net|org|gov|edu)\.cn$/', $_SERVER["HTTP_HOST"])){
msg(-1,'不支持此类域名');
}
if(filter_var($_SERVER["HTTP_HOST"], FILTER_VALIDATE_IP) != false){
msg(-1,'不支持IP访问开启二级域名');
}
if(preg_match('/\.(\d+|:\d+)$/', preg_replace('/:\d+$/','',$_SERVER['HTTP_HOST'])) || substr_count($_SERVER["HTTP_HOST"],':') > 2){
msg(-1,'不支持IP访问开启二级域名,如有误判请联系技术支持!');
}
}
//自定义登录入口和注册入口检测
@@ -547,12 +342,7 @@ function write_sys_settings(){
if(in_array($_POST['Register'],$prohibits)){
msg(-1,'此注册入口名已被系统使用');
}
//长度限制
foreach (['c_name','c_desc','l_name','l_url','l_key','l_desc'] as $name){
$length_limit[$name] = is_subscribe('bool') ? intval($_POST[$name]) : 0;
}
write_global_config("length_limit",$length_limit,'长度限制');
//全局配置
$datas = [
'Login'=>['empty'=>false,'msg'=>'登录入口不能为空'],
@@ -567,23 +357,14 @@ function write_sys_settings(){
'offline'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'离线模式参数错误'],
'Debug'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'调试模式参数错误'],
'Maintenance'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'维护模式参数错误'],
'Sub_domain'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'二级域名参数错误'],
'Privacy'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'强制私有参数错误'],
'default_page'=>['int'=>true,'min'=>0,'max'=>2,'msg'=>'默认页面参数错误'],
'copyright'=>['empty'=>true],
'global_header'=>['empty'=>true],
'global_footer'=>['empty'=>true],
'api_extend'=>['empty'=>true],
'c_code'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'自定义代码参数错误'],
'static_link'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'静态链接参数错误'],
//更新设置
'Update_Source'=>['empty'=>true],
'Update_Overtime'=>['int'=>true,'min'=>3,'max'=>60,'msg'=>'资源超时参数错误'],
//扩展功能-(全局开关)
'apply'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'收录管理参数错误'],
'guestbook'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'留言管理参数错误'],
'link_extend'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'链接扩展参数错误'],
'article'=>['int'=>true,'min'=>0,'max'=>2,'msg'=>'文章管理参数错误']
];
$o_config = [];
foreach ($datas as $key => $data){
@@ -595,42 +376,9 @@ function write_sys_settings(){
$o_config[$key] = $data['empty']?$_POST[$key]:(!empty($_POST[$key])?$_POST[$key]:msg(-1,$data['msg']));
}
}
if(!is_subscribe('bool')){
if($_POST['Sub_domain'] == 1){$o_config['Sub_domain'] = 0;$filter = true;}
if($_POST['Privacy'] == 1){$o_config['Privacy'] = 0;$filter = true;}
if(!empty($_POST['copyright'])){$o_config['copyright'] = "";$filter = true;}
if(!empty($_POST['global_header'])){$o_config['global_header'] = "";$filter = true;}
if(!empty($_POST['global_footer'])){$o_config['global_footer'] = "";$filter = true;}
if($_POST['apply'] == 1){$o_config['apply'] = 0;$filter = true;}
if($_POST['guestbook'] == 1){$o_config['guestbook'] = 0;$filter = true;}
if($_POST['link_extend'] == 1){$o_config['link_extend'] = 0;$filter = true;}
if($_POST['article'] == 1){$o_config['article'] = 0;$filter = true;}
if($_POST['static_link'] == 1){$o_config['static_link'] = 0;$filter = true;}
}
//检测于下载文章管理依赖资源
clearstatcache();
if($o_config['article'] == 1 && ( !is_file('./static/wangEditor/wangEditor.js') || !is_file('./static/wangEditor/wangEditor.css'))){
$filePath = "./data/temp/wangEdito.tar.gz";
if(downFile('https://update.lm21.top/TwoNav/updata/wangEdito.tar.gz','wangEdito.tar.gz','./data/temp/')){
$file_md5 = md5_file($filePath);
if($file_md5 != "95f830656ba8972cca39a1ddd6ebaeda"){
unlink($filePath);
msg(-1,'效验wangEdito失败<br/>!');
}
}else{
msg(-1,'下载wangEdito失败,请重试!<br/>如需手动安装可联系技术支持!');
}
try {
$phar = new PharData($filePath);
$phar->extractTo('./static/', null, true);
unlink($filePath);
clearstatcache();
} catch (Exception $e) {
msg(-1,'安装wangEdito失败');
}
}
update_db("global_config", ["v" => $o_config], ["k" => "o_config"],[1,($filter ?"保存成功,未检测到有效授权,带*号的配置无法为你保存":"保存成功")]);
update_db("global_config", ["v" => $o_config], ["k" => "o_config"],[1,"免费版可用功能配置已保存!"]);
}
//写默认设置
@@ -639,54 +387,7 @@ function write_default_settings(){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
if(intval($_POST['Session']) > 0 && intval($_POST['KeyClear']) > intval($_POST['Session'])){
msg(-1,'Key清理时间不能大于登录保持时间');
}
// 安全配置(登录配置)
$datas = [
'Session'=>['int'=>true,'min'=>0,'max'=>360,'msg'=>'登录保持参数错误'],
'HttpOnly'=>['int'=>true,'min'=>0,'max'=>1,'msg'=>'HttpOnly参数错误'],
'KeySecurity'=>['int'=>true,'min'=>0,'max'=>2,'msg'=>'Key安全参数错误'],
'KeyClear'=>['int'=>true,'min'=>1,'max'=>60,'msg'=>'Key清理参数错误'],
'api_model'=>['v'=>['security','compatible','compatible+open'],'msg'=>'API模式参数错误'],
'login_page'=>['v'=>['admin','index','auto'],'msg'=>'登录成功参数错误']
];
foreach ($datas as $key => $data){
if($data['int']){
$LoginConfig[$key] = ($_POST[$key] >= $data['min'] && $_POST[$key] <= $data['max'])?intval($_POST[$key]):msg(-1,$data['msg']);
}elseif(isset($data['v'])){
$LoginConfig[$key] = in_array($_POST[$key],$data['v']) ? $_POST[$key]:msg(-1,$data['msg']);
}else{
$LoginConfig[$key] = $data['empty']?$_POST[$key]:(!empty($_POST[$key])?$_POST[$key]:msg(-1,$data['msg']));
}
}
$LoginConfig['Login'] = '0';
$LoginConfig['Password2'] = '';
update_db("global_config",["v"=>$LoginConfig],["k"=>'LoginConfig']);
//站点配置
$datas = [
'title'=>['empty'=>false,'msg'=>'主标题不能为空'],
'subtitle'=>['empty'=>true],
'logo'=>['empty'=>true],
'keywords'=>['empty'=>true],
'description'=>['empty'=>true],
'link_model'=>['v'=>['direct','Privacy','302','Transition'],'msg'=>'链接模式参数错误'],
'link_icon'=>['int'=>true,'min'=>0,'max'=>6,'msg'=>'链接图标参数错误'],
'custom_header'=>['empty'=>true],
'custom_footer'=>['empty'=>true]
];
$s_site = [];
foreach ($datas as $key => $data){
if($data['int']){
$s_site[$key] = ($_POST[$key] >= $data['min'] && $_POST[$key] <= $data['max'])?intval($_POST[$key]):msg(-1,$data['msg']);
}elseif(isset($data['v'])){
$s_site[$key] = in_array($_POST[$key],$data['v']) ? $_POST[$key]:msg(-1,$data['msg']);
}else{
$s_site[$key] = $data['empty']?$_POST[$key]:(!empty($_POST[$key])?$_POST[$key]:msg(-1,$data['msg']));
}
}
update_db("global_config",["v"=>$s_site],["k"=>'s_site'],[1,'保存成功']);
msg(1,'请更新系统后再试');
}
//读日志
function read_log(){
@@ -741,45 +442,14 @@ function other_root(){
$data = get_db("global_config", "v", ["k" => "username_retain"]);
msgA(['code'=>1,'msg'=>'获取成功','data'=>$data]);
}elseif($_GET['type'] == 'write_username_retain'){
//遍历检测语法
$patterns = explode("\n",$_POST['username_retain']);
foreach($patterns as $pattern){
if (@preg_match($pattern, '') === false) {
msg(-1,'正则表达式语法错误,请检查');
}
}
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
write_global_config('username_retain',$_POST['username_retain'],'账号保留');
msg(1,'保存成功');
msg(1,'请更新系统后再试');
}elseif($_GET['type'] == 'write_mail_config'){
if($GLOBALS['global_config']['offline'] == '1'){msg(-1,"离线模式无法使用此功能");}
if(!is_subscribe('bool')){msg(-1,"未检测到有效授权,无法使用该功能!");}
//检测PHPMailer是否存在
clearstatcache();
if(!is_file(DIR.'/system/PHPMailer/PHPMailer.php')){
$filePath = "./data/temp/PHPMailer_6.8.0.tar.gz";
if(downFile('https://update.lm21.top/TwoNav/updata/PHPMailer_6.8.0.tar.gz','PHPMailer_6.8.0.tar.gz','./data/temp/')){
$file_md5 = md5_file($filePath);
if($file_md5 != "07251997fb7ebf3bf2d296d4214ccf0a"){
unlink($filePath);
msg(-1,'效验PHPMailer失败<br/>!');
}
}else{
msg(-1,'下载PHPMailer失败,请重试!<br/>如需手动安装可联系技术支持!');
}
try {
$phar = new PharData($filePath);
$phar->extractTo('./system/', null, true);
unlink($filePath);
clearstatcache();
} catch (Exception $e) {
msg(-1,'安装PHPMailer失败');
}
}
write_global_config('mail_config',$_POST,'账号保留');
msg(1,'保存成功');
msg(1,'请更新系统后再试');
}elseif($_GET['type'] == 'write_mail_test'){
$_POST['Subject'] = 'TwoNav 测试邮件' . time();
$_POST['Body'] = '<h1>TwoNav 测试邮件</h1>' . date('Y-m-d H:i:s');
@@ -787,8 +457,7 @@ function other_root(){
}elseif($_GET['type'] == 'write_icon_config'){
if($GLOBALS['global_config']['offline'] == '1'){msg(-1,"离线模式无法使用此功能");}
if(!is_subscribe('bool')){msg(-1,"未检测到有效授权,无法使用该功能!");}
write_global_config('icon_config',$_POST,'图标配置');
msg(1,'保存成功');
msg(1,'请更新系统后再试');
}elseif($_GET['type'] == 'write_icon_del_cache'){
//删除数据库缓存信息
if(empty(count_db('global_icon','*'))){
@@ -808,12 +477,6 @@ function other_root(){
}
msg(1,'操作成功');
}elseif($_GET['type'] == 'write_sitemap_config'){
if(!is_subscribe('bool')){
msg(-1,'未检测到有效授权');
}
write_global_config('sitemap_config',$_POST,'站点地图配置');
msg(1,'保存成功');
}
}

131
system/expand/apply.php
View File

@@ -1,133 +1,6 @@
<?php
$apply = $global_config['apply'];
// 如果管理了收录功能则返回404
if ($apply != 1 ){
load_tip();
header('HTTP/1.1 404 Not Found');
header("status: 404 Not Found");
exit;
}
$apply = unserialize( get_db("user_config", "v", ["k" => "apply","uid"=>UID]));
// 用户关闭收录申请
if ( $apply['apply'] == 0 ){
if($_SERVER['REQUEST_METHOD'] === 'GET'){
load_tip();
}else{
msg(-1,"用户已关闭收录申请");
}
}
//get请求载入页面
if($_SERVER['REQUEST_METHOD'] === 'GET'){
require DIR."/system/templates.php";
require($index_path);
exit;
exit('当前为免费版,不支持此功能');
}
//载入提示页
function load_tip() {
$content = '站长或用户未开启申请收录功能';
require DIR.'/templates/admin/page/404.php';
exit;
}
//强制加载防火墙来过滤相关攻击!
$global_config['XSS_WAF'] = 1; $global_config['SQL_WAF'] = 1;
require DIR.'/system/firewall.php';
// 遍历请求表单,拦截可疑内容!
foreach($_POST as $key =>$value){
if( htmlspecialchars($value,ENT_QUOTES) != $value ){
msg(-1,$key.' > 请避免使用<\'&">单引号,双引号等特殊字符!');
}elseif( strlen($value) >= 256 ){
msg(-1,$key.' > 字符串长度不允许超过256');
}
}
$title = $_POST['title'];
$url = $_POST['url'];
$iconurl = $_POST['iconurl'] ?? '';
$description = $_POST['description'] ?? '';
$category_id = intval ($_POST['category_id']);
$email = $_POST['email'] ?? '';
$user_ip = Get_IP();
if( !filter_var($url, FILTER_VALIDATE_URL) ) {
msg(-1,'URL无效!');
}elseif(!empty($apply['iconurl']) && !filter_var($iconurl, FILTER_VALIDATE_URL) ){
msg(-1,'网站图标无效!');
}elseif(!empty($apply['email']) && !preg_match('/^([a-zA-Z]|[0-9])(\w|\-)+@[a-zA-Z0-9]+\.([a-zA-Z]{2,4})$/',$email)){
msg(-1,'联系邮箱无效!');
}elseif(!isset($_POST['category_id'])){
msg(-1,'分类ID不能为空!');
}elseif(!isset($_POST['title'])){
msg(-1,'网站标题不能为空!');
}elseif(!empty($apply['description']) && empty($_POST['description'])){
msg(-1,'网站描述不能为空!');
}
//获取和检查分类信息
$where['cid'] = $category_id;
$where['uid'] = UID;
$category_info = get_db('user_categorys',['cid','fid','property','name','font_icon','description'],$where);
if(empty($category_info) || $category_info['property'] != 0){
msgA(['code'=>-1,'msg'=>'没有找到分类信息']);
}
//检查是否重复
$url_data = get_db("user_apply","*",["url"=> $url,'uid'=>UID ]);
if(isset($url_data['id'])){
if ($url_data['state'] == 0){
msg(-1,'审核中,请勿重复提交!');
}elseif ($url_data['state'] == 1 || $url_data['state'] == 3 ){
msg(-1,'已通过,请勿重复提交!');
}elseif ($url_data['state'] == 2){
msg(-1,'已拒绝,请勿重复提交!');
}
}
// 统计IP 24小时内提交的数量!,超限则拦截!
$count = count_db("user_apply", ["uid"=>UID , "ip" => $user_ip ,"time[>]" => time() - 60*60*24]);
if ($count >= $apply['submit_limit'] ?? 5){
msg(-1,'您提交的申请数量已达到上限!请明天再试!');
}
$data = [
'uid' => UID,
'iconurl' => $iconurl,
'title' => $title,
'url' => $url,
'email' => $email,
'ip' => $user_ip,
'ua' => $_SERVER['HTTP_USER_AGENT'],
'time' => time(),
'state' => 0, // 0.待审核 1.手动通过 2.已拒绝 3.自动通过
'category_id' => $category_id,
'category_name' => $category_info['name'],
'description' => $description
];
//0.关闭 1.开启 2.无需审核
if($apply['apply'] == 1){
$data['state'] = 0 ;
}elseif($apply['apply'] == 2){
$data['state'] = 3 ;
if(!empty(get_db("user_links","*",["url"=> $url,'uid'=>UID ]))){
msg(-1,'URL已经存在'); //存在于链接列表中!
}
$lid = get_maxid('link_id');
$url_data = [
'lid' => $lid,
'uid' => UID,
'fid' => $category_id,
'title' => $title,
'url' => $url,
'description' => $description,
'add_time' => time(),
'up_time' => time(),
'weight' => 0,
'property' => 0,
'icon' => $iconurl
];
insert_db('user_links',$url_data);
}
insert_db('user_apply',$data,[1,'提交成功!']);
msg(-1,'当前为免费版,不支持此功能');
?>

76
system/expand/guestbook.php
View File

@@ -1,74 +1,6 @@
<?php
if($global_config['guestbook'] != 1 || !check_purview('guestbook',1)){
require DIR.'/templates/admin/page/404.php';
exit;
if($_SERVER['REQUEST_METHOD'] === 'GET'){
exit('当前为免费版,不支持此功能');
}
$s = unserialize( get_db("user_config", "v", ["k" => "guestbook","uid"=>UID]) );
if(empty($s) || $s['allow'] != 1){
$content = '站点已设置禁止留言';
require DIR.'/templates/admin/page/404.php';
exit;
}
if(!Check_Path("data/user/{$u}/MessageBoard")){
exit("<h2>创建目录失败,请检查权限</h2>");
}
//POST提交留言
if($_SERVER['REQUEST_METHOD'] === 'POST'){
if($s['allow'] != '1'){ msg(-1,'提交失败,当前禁止留言!'); }
$type = $_POST['type']; //类型
$contact = $_POST['contact']; //联系方式
$title = $_POST['title']; //标题
$content = $_POST['content']; //内容
if(empty($type)){
msg(-1,'提交失败,类型不能为空');
}elseif(empty($contact)){
msg(-1,'提交失败,联系方式不能为空');
}elseif(empty($title)){
msg(-1,'提交失败,标题不能为空');
}elseif(empty($content)){
msg(-1,'提交失败,内容不能为空');
}elseif(strlen($type) >= 32 || strlen($contact) >= 64 || strlen($title) >= 128 || strlen($content) >= 2048){
msg(-1,'提交失败,长度超限');
}elseif(ShuLiang("data/user/{$u}/MessageBoard/") > 256){
msg(-1,'提交失败,留言太多了请稍后再试');
}
$json_arr = array(
'type'=>htmlentities($type),
'contact'=>htmlentities($contact),
'title'=>htmlentities($title),
'content'=>htmlentities($content),
'time'=>time(),
'ip'=>get_IP()
);
//限制长度 参数
//var_dump($json_arr);exit;
$json = json_encode($json_arr);
$path = "data/user/{$u}/MessageBoard/".time().'_'.crc32($json).'.json';
if( Check_Path("data/user/{$u}/MessageBoard") && file_put_contents($path, $json)){
msg(1,'提交成功');
}else{
msg(-1,'系统错误,提交失败'); //创建目录或写入文件失败,请检查权限
}
}
//获取文件数
function ShuLiang($path){
$sl=0;
$arr = glob($path);
foreach ($arr as $v){
if(is_file($v)){
$sl++;
}else{
$sl+=ShuLiang($v."/*");
}
}
return $sl;
}
//通用数据初始化
require DIR."/system/templates.php";
require $index_path;
exit;
msg(-1,'当前为免费版,不支持此功能');
?>

46
system/expand/sitemap.php
View File

@@ -1,46 +0,0 @@
<?php
if(!is_subscribe('bool')){exit;}
//设置协议头
header('Content-Type: application/xml');
//读取配置
$sitemap_config = unserialize( get_db("global_config", "v", ["k" => "sitemap_config"]));
//储存路径
$sitemap_path = DIR . "/data/user/{$u}/sitemap.php";
//载入生成脚本
require 'sitemap_create.php';
//是否为手动生成
if(!empty($_GET['mode'])){
if($sitemap_config['switch'] != '1'){
msg(-1,'请将功能开关设为开启并保存');
}else{
create_sitemap($sitemap_config,$sitemap_path,$u);
msg(1,'生成完毕');
}
}else{
//未开启被动请求时,如果有缓存文件则返回
if($sitemap_config['beidong'] != '1'){
if(file_exists($sitemap_path)){
exit(file_get_contents($sitemap_path) ?? '');
}
exit;
}
}
//未开启功能时不输出任何数据
if($sitemap_config['switch'] != '1'){
exit;
}
//判断是否需要更新
if(is_Update_Sitemap($sitemap_config,$sitemap_path)){
exit (create_sitemap($sitemap_config,$sitemap_path,$u));
}else{
exit(file_get_contents($sitemap_path) ?? '');
}
?>

148
system/expand/sitemap_create.php
View File

@@ -1,148 +0,0 @@
<?php
//判断是否需要更新缓存
function is_Update_Sitemap($sitemap_config,$sitemap_path){
if (file_exists($sitemap_path)) {
$up_time = filemtime($sitemap_path);
$timeIntervals = [
'monthly' => 30 * 24 * 60 * 60, // 30天
'weekly' => 7 * 24 * 60 * 60, // 7天
'daily' => 24 * 60 * 60, // 1天
'hourly' => 60 * 60, // 1小时
'minute' => 60, //1分钟
'second' => 1 //1秒
];
$interval_seconds = $timeIntervals[$sitemap_config['changefreq']] ?? 86400; //间隔秒
if (time() - $up_time >= $interval_seconds){
return true;
}else{
return false;
}
//缓存文件不存在时重新创建地图
}else{
return true;
}
}
//创建地图数据函数
function create_sitemap($sitemap_config,$sitemap_path,$u){
//创建一个空的 XML 文档
$xml = new DOMDocument('1.0', 'UTF-8');
$xml->formatOutput = true;
//创建根元素
$urlset = $xml->createElement('urlset');
$urlset->setAttribute('xmlns', 'http://www.sitemaps.org/schemas/sitemap/0.9');
$xml->appendChild($urlset);
//今天
$today = date("Y-m-d\TH:i:s", time());
//域名
$host = $_SERVER['HTTP_HOST']; // 获取主机名
$port = isset($_SERVER['SERVER_PORT']) ? ($_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT']) : ''; // 获取端口号
$scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://'; // 获取协议
$host = $scheme.$host.$port;
//用户主页 0.关闭 1.动态地址 2.静态地址 3.二级域名
if($sitemap_config['user_homepage'] > 0){
//读取用户列表
$user_list = select_db('global_user','User','');
if($sitemap_config['user_homepage'] == '3'){
$strings = explode('.',$_SERVER['HTTP_HOST']);
if(count($strings) == 3){
$root_domain = "{$strings[1]}.{$strings[2]}";
}elseif(count($strings) == 2){
$root_domain = $_SERVER['HTTP_HOST'];
}else{
$sitemap_config['user_homepage'] == '1';
}
}
//遍历用户列表
foreach($user_list as $user){
if($sitemap_config['user_homepage'] == '2'){
$locurl = "{$host}/{$user}.html";
}elseif($sitemap_config['user_homepage'] == '3'){
$locurl = "{$scheme}{$user}.{$root_domain}";
}else{
$locurl = "{$host}/index.php?u={$user}";
}
//生成数据
$url = createUrlElement($xml, $locurl, $today, $sitemap_config['user_homepage_changefreq'], $sitemap_config['user_homepage_weight']);
$urlset->appendChild($url);
}
}
//过度页面 0.关闭 1.动态 2.静态
if($sitemap_config['click_page'] > 0){
$category_parent = []; //父分类
$categorys = []; //全部分类
//查找条件 - 分类
$where['uid'] = UID;
$where['fid'] = 0;
$where['pid'] = 0;
$where['status'] = 1;
$where['ORDER'] = ['weight'=>'ASC'];
$where['property'] = 0;
//查找一级分类
$category_parent = select_db('user_categorys','cid',$where);
//遍历二级分类
foreach ($category_parent as $cid) {
$where['fid'] = $cid;
$category_subitem = select_db('user_categorys','cid',$where);
array_push($categorys,$cid);
$categorys = array_merge ($categorys,$category_subitem);
}
//遍历链接
foreach ($categorys as $cid) {
$where['fid'] = $cid;
$links = select_db('user_links',['lid','up_time'],$where);
foreach ($links as $link) {
if($sitemap_config['click_page'] == '2'){
$locurl = "{$host}/{$u}/click/{$link['lid']}.html";
}else{
$locurl = "{$host}/index.php?c=click&id={$link['lid']}&u={$u}";
}
$url = createUrlElement($xml, $locurl, date("Y-m-d\TH:i:s", $link['up_time']), $sitemap_config['click_page_changefreq'], $sitemap_config['click_page_weight']);
$urlset->appendChild($url);
}
}
}
//文章页面
if($sitemap_config['article_page'] > 0){
$article_list = select_db('user_article_list',['id','up_time'],['state'=>1,'uid'=>UID]);
foreach ($article_list as $data) {
if($sitemap_config['article_page'] == '2'){
$locurl = "{$host}/{$u}/article/{$data['id']}.html";
}else{
$locurl = "{$host}/index.php?c=article&id={$data['id']}&u={$u}";
}
$url = createUrlElement($xml, $locurl, date("Y-m-d\TH:i:s", $data['up_time']), $sitemap_config['article_page_changefreq'], $sitemap_config['article_page_weight']);
$urlset->appendChild($url);
}
}
//保存 XML 内容到文件
$xml->save($sitemap_path);
//返回内容
return $xml->saveXML();
}
// 生成URL元素
function createUrlElement($xml, $loc, $lastmod, $changefreq, $priority) {
$url = $xml->createElement('url');
$locElem = $xml->createElement('loc', htmlspecialchars($loc));
$url->appendChild($locElem);
$lastmodElem = $xml->createElement('lastmod', $lastmod);
$url->appendChild($lastmodElem);
$changefreqElem = $xml->createElement('changefreq', $changefreq);
$url->appendChild($changefreqElem);
$priorityElem = $xml->createElement('priority', $priority);
$url->appendChild($priorityElem);
return $url;
}

26
system/public.php
View File

@@ -530,7 +530,7 @@ function get_http_code($url,$TIMEOUT = 10 ,$NOBODY = true) {
return $return;
}
function ccurl($url,$overtime = 3,$Referer = false){
function ccurl($url,$overtime = 3,$Referer = false,$post_data = false){
try {
$curl = curl_init ( $url ) ; //初始化
curl_setopt($curl, CURLOPT_TIMEOUT, $overtime ); //超时
@@ -539,6 +539,11 @@ function ccurl($url,$overtime = 3,$Referer = false){
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
if(!empty($post_data)){
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
}
if($Referer === true){
curl_setopt($curl, CURLOPT_REFERER, $_SERVER['HTTP_REFERER']);
}elseif(!empty($Referer)){
@@ -666,6 +671,25 @@ function check_purview($name,$return_type){
}
}
//数据加密函
function data_encryption($method,$extend = []){
$subscribe = unserialize(get_db('global_config','v',["k" => "s_subscribe"]));
if(!isset($subscribe['public']) || empty($subscribe['public'])){
msg(-1,'未检测到授权秘钥,如果已经获取授权,请在授权管理页面点击保存设置后在重试!');
}
$data['key'] = $subscribe['order_id'];
$data['host'] = $_SERVER['HTTP_HOST'];
$data['time'] = time();
$data['ip'] = Get_IP();
$data['method'] = $method;
$publicKey = openssl_pkey_get_public($subscribe['public']);
openssl_public_encrypt(json_encode($data), $encryptedData, $publicKey, OPENSSL_PKCS1_PADDING);
$data = $extend;
$data['data'] = base64_encode($encryptedData);
$data['md5'] = md5($subscribe['order_id']);
$data['email'] = md5($subscribe['email']);
return json_encode($data);
}
//字节格式化
function byteFormat($bytes) {
$sizetext = array(" B", " KB", " MB", " GB", " TB", " PB", " EB", " ZB", " YB");

2
system/version.txt
View File

@@ -1 +1 @@
v2.0.39-20230913
v2.0.40-20230916