diff --git a/application/admin/controller/Attribute.php b/application/admin/controller/Attribute.php index 0ea90c3a..3c6772f5 100644 --- a/application/admin/controller/Attribute.php +++ b/application/admin/controller/Attribute.php @@ -46,8 +46,7 @@ class Attribute extends Admin { * index方法 * @author colin */ - public function index($model = null){ - $model_id = input('get.model_id','','trim,intval'); + public function index($model_id = null){ $map['model_id'] = $model_id; if (!$model_id) { return $this->error("非法操作!"); diff --git a/application/admin/controller/Content.php b/application/admin/controller/Content.php index 3d328304..adbe4ddd 100644 --- a/application/admin/controller/Content.php +++ b/application/admin/controller/Content.php @@ -47,7 +47,7 @@ class Content extends Admin{ } $grid_list = get_grid_list($this->modelInfo['list_grid']); $order = "id desc"; - $map = array(); + $map = $this->buildMap(); $field = array_filter($grid_list['fields']); if ($this->modelInfo['extend'] == 1) { $map['model_id'] = $this->modelInfo['id']; @@ -91,9 +91,14 @@ class Content extends Admin{ 'info' => $info, 'fieldGroup' => $this->getField($this->modelInfo) ); + if($this->modelInfo['template_add']){ + $template = 'content/' . $this->modelInfo['template_add']; + }else{ + $template = 'public/edit'; + } $this->assign($data); $this->setMeta("添加".$this->modelInfo['title']); - return $this->fetch('public/edit'); + return $this->fetch($template); } } @@ -123,9 +128,14 @@ class Content extends Admin{ 'info' => $info, 'fieldGroup' => $this->getField($this->modelInfo) ); + if($this->modelInfo['template_edit']){ + $template = 'content/' . $this->modelInfo['template_edit']; + }else{ + $template = 'public/edit'; + } $this->assign($data); $this->setMeta("编辑".$this->modelInfo['title']); - return $this->fetch('public/edit'); + return $this->fetch($template); } } @@ -155,20 +165,34 @@ class Content extends Admin{ * 设置状态 * @author molong */ - public function status(){ + public function status($id, $status){ $model = $this->model; - $id = input('get.id','','trim,intval'); - $status = input('get.status','','trim,intval'); $map['id'] = $id; $result = $model::where($map)->setField('status',$status); - if ($result) { + if (false !== $result) { return $this->success("操作成功!"); }else{ return $this->error("操作失败!!"); } } + /** + * 设置置顶 + * @author molong + */ + public function settop($id, $is_top){ + $model = $this->model; + + $map['id'] = $id; + $result = $model::where($map)->setField('is_top',$is_top); + if (false !== $result) { + return $this->success("操作成功!", ''); + }else{ + return $this->error("操作失败!!", ''); + } + } + /** * 获取字段信息 * @return array 字段数组 @@ -219,6 +243,30 @@ class Content extends Admin{ return $data; } + /** + * 创建搜索 + * @return [array] [查询条件] + */ + protected function buildMap(){ + $map = array(); + $keyword = input('get.keyword', '', 'trim'); + $category = input('get.category', '', 'trim'); + + if ($keyword) { + $map['title'] = array("LIKE", "%$keyword%"); + } + if ($category){ + $map['category_id'] = $category; + } + + if ($this->modelInfo['extend'] == 1) { + $cate_list = parse_field_bind('category', $category, $this->modelInfo['id']); + $this->assign('cate_list', $cate_list); + } + $this->assign($this->request->get()); + return $map; + } + /** * 检测需要动态判断的文档类目有关的权限 * diff --git a/application/admin/view/content/index.html b/application/admin/view/content/index.html index 22481e35..e2a8ebc9 100644 --- a/application/admin/view/content/index.html +++ b/application/admin/view/content/index.html @@ -11,6 +11,26 @@
+
+
+
+ +
+ {if isset($cate_list)} +
+ +
+ {/if} +
+ +
+
+
@@ -46,9 +66,9 @@ {if isset($item['is_top'])} {if $item['is_top']} - 取消置顶 + 取消置顶 {else/} - 置顶 + 置顶 {/if} {/if} {if isset($item['status'])} diff --git a/application/common.php b/application/common.php index 91ba7d66..d200bcb6 100644 --- a/application/common.php +++ b/application/common.php @@ -11,6 +11,58 @@ define('SENTCMS_VERSION', '3.0.20160408'); define('SENT_ADDON_PATH', ROOT_PATH . DS . 'addons' . DS); +//字符串解密加密 +function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { + $ckey_length = 4; // 随机密钥长度 取值 0-32; + // 加入随机密钥,可以令密文无任何规律,即便是原文和密钥完全相同,加密结果也会每次不同,增大破解难度。 + // 取值越大,密文变动规律越大,密文变化 = 16 的 $ckey_length 次方 + // 当此值为 0 时,则不产生随机密钥 + $uc_key = config('data_auth_key') ? config('data_auth_key') : 'sentcms'; + $key = md5($key ? $key : $uc_key); + $keya = md5(substr($key, 0, 16)); + $keyb = md5(substr($key, 16, 16)); + $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : ''; + + $cryptkey = $keya.md5($keya.$keyc); + $key_length = strlen($cryptkey); + + $string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string; + + $string_length = strlen($string); + $result = ''; + $box = range(0, 255); + $rndkey = array(); + for($i = 0; $i <= 255; $i++) { + $rndkey[$i] = ord($cryptkey[$i % $key_length]); + } + + for($j = $i = 0; $i < 256; $i++) { + $j = ($j + $box[$i] + $rndkey[$i]) % 256; + $tmp = $box[$i]; + $box[$i] = $box[$j]; + $box[$j] = $tmp; + } + + for($a = $j = $i = 0; $i < $string_length; $i++) { + $a = ($a + 1) % 256; + $j = ($j + $box[$a]) % 256; + $tmp = $box[$a]; + $box[$a] = $box[$j]; + $box[$j] = $tmp; + $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256])); + } + + if($operation == 'DECODE') { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + return substr($result, 26); + } else { + return ''; + } + } else { + return $keyc.str_replace('=', '', base64_encode($result)); + } +} + /** +---------------------------------------------------------- * 产生随机字串,可用来自动生成密码 默认长度6位 字母和数字混合 @@ -61,80 +113,6 @@ function rand_string($len=6,$type='',$addChars='') { return $str; } -/** - * 系统加密方法 - * @param string $data 要加密的字符串 - * @param string $key 加密密钥 - * @param int $expire 过期时间 单位 秒 - * @return string - * @author 麦当苗儿 - */ -function think_encrypt($data, $key = '', $expire = 0) -{ - $key = md5(empty($key) ? config('data_auth_key') : $key); - $data = base64_encode($data); - $x = 0; - $len = strlen($data); - $l = strlen($key); - $char = ''; - - for ($i = 0; $i < $len; $i++) { - if ($x == $l) $x = 0; - $char .= substr($key, $x, 1); - $x++; - } - - $str = sprintf('%010d', $expire ? $expire + time() : 0); - - for ($i = 0; $i < $len; $i++) { - $str .= chr(ord(substr($data, $i, 1)) + (ord(substr($char, $i, 1))) % 256); - } - return str_replace(array('+', '/', '='), array('-', '_', ''), base64_encode($str)); -} - -/** - * 系统解密方法 - * @param string $data 要解密的字符串 (必须是think_encrypt方法加密的字符串) - * @param string $key 加密密钥 - * @return string - * @author 麦当苗儿 - */ -function think_decrypt($data, $key = '') -{ - $key = md5(empty($key) ? config('data_auth_key') : $key); - $data = str_replace(array('-', '_'), array('+', '/'), $data); - $mod4 = strlen($data) % 4; - if ($mod4) { - $data .= substr('====', $mod4); - } - $data = base64_decode($data); - $expire = substr($data, 0, 10); - $data = substr($data, 10); - - if ($expire > 0 && $expire < time()) { - return ''; - } - $x = 0; - $len = strlen($data); - $l = strlen($key); - $char = $str = ''; - - for ($i = 0; $i < $len; $i++) { - if ($x == $l) $x = 0; - $char .= substr($key, $x, 1); - $x++; - } - - for ($i = 0; $i < $len; $i++) { - if (ord(substr($data, $i, 1)) < ord(substr($char, $i, 1))) { - $str .= chr((ord(substr($data, $i, 1)) + 256) - ord(substr($char, $i, 1))); - } else { - $str .= chr(ord(substr($data, $i, 1)) - ord(substr($char, $i, 1))); - } - } - return base64_decode($str); -} - /** * 字符串截取,支持中文和其他编码 * @static @@ -1007,4 +985,21 @@ function getContentNav($type, $info){ $html = '没有了……'; } return $html; +} + +function send_email($to, $subject, $message){ + $config = array( + 'protocol' => 'smtp', + 'smtp_host' => \think\Config::get('mail_host'), + 'smtp_user' => \think\Config::get('mail_username'), + 'smtp_pass' => \think\Config::get('mail_password') + ); + $email = new \com\Email($config); + $email->from(\think\Config::get('mail_fromname'), \think\Config::get('web_site_title')); + $email->to($to); + + $email->subject($subject); + $email->message($message); + + return $email->send(); } \ No newline at end of file diff --git a/application/common/controller/Fornt.php b/application/common/controller/Fornt.php index 508af371..3aaba06f 100644 --- a/application/common/controller/Fornt.php +++ b/application/common/controller/Fornt.php @@ -13,6 +13,11 @@ class Fornt extends Base{ public function _initialize(){ parent::_initialize(); + + //判读是否为关闭网站 + if (\think\Config::get('web_site_close')) { + return $this->fetch('common@default/public/close');exit(); + } //设置SEO $this->setSeo(); diff --git a/application/common/model/Base.php b/application/common/model/Base.php index 9fc22d2c..2c041050 100644 --- a/application/common/model/Base.php +++ b/application/common/model/Base.php @@ -13,12 +13,18 @@ namespace app\common\model; * 模型基类 */ class Base extends \think\Model{ - - public function scopeList($query, $map, $field = '*', $limit = 10, $order = 'id desc'){ - $query->field($field)->where($map)->limit($limit)->order($order); - } - - public function scopeWhere($query, $map){ - $query->where($map); + + protected $type = array( + 'id' => 'integer', + 'cover_id' => 'integer', + ); + + /** + * 数据修改 + * @return [bool] [是否成功] + */ + public function change(){ + $data = \think\Request::instance()->post(); + return $this->save($data, array('id'=>$data['id'])); } } \ No newline at end of file diff --git a/application/common/model/Document.php b/application/common/model/Document.php index ac515cea..3cf0dd39 100644 --- a/application/common/model/Document.php +++ b/application/common/model/Document.php @@ -63,6 +63,12 @@ class Document extends \think\model\Merge{ return $status; } + protected function getTagsAttr($value){ + if ($value) { + return explode(',', $value); + } + } + public function extend($name){ if (is_numeric($name)) { $name = db('model')->where(array('id'=>$name))->value('name'); @@ -71,17 +77,6 @@ class Document extends \think\model\Merge{ return $this; } - public function scopeList($query, $map, $field = '*', $limit = 10, $order = 'Document.id desc'){ - if (!empty($map) && is_array($map)) { - foreach ($map as $key => $value) { - $where[$this->name . '.' . $key] = $value; - } - }else{ - $where = $map; - } - $query->field($field)->where($where)->limit($limit)->order($order); - } - public function change(){ /* 获取数据对象 */ $data = input('post.'); @@ -119,4 +114,22 @@ class Document extends \think\model\Merge{ return $data; } + + public function recom($id, $field = '*', $limit = 10, $order = 'id desc'){ + $tag = $this->where(array('id'=>$id))->value('tags'); + $map = ''; + if ($tag) { + $tags = explode(',', $tag); + foreach ($tags as $item) { + $where[] = 'tags LIKE "%' . $item . '%"'; + } + $map = implode(' OR ', $where); + } + $list = $this->where($map)->field($field)->limit($limit)->order($order)->select(); + if (empty($list)) { + return $list; + }else{ + return $this->field($field)->limit($limit)->order($order)->select(); + } + } } \ No newline at end of file diff --git a/application/common/view/default/form/tags.html b/application/common/view/default/form/tags.html index 2356a642..a308abae 100644 --- a/application/common/view/default/form/tags.html +++ b/application/common/view/default/form/tags.html @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/application/config.php b/application/config.php index 3c027423..46764f2d 100644 --- a/application/config.php +++ b/application/config.php @@ -12,10 +12,15 @@ return array( // 调试模式 'app_debug' => true, + 'charset' => 'UTF-8', + 'lang_switch_on' => true, // 开启语言包功能 + 'lang_list' => ['zh-cn'], // 支持的语言列表 + 'data_auth_key' => 'sent', 'base_url' => BASE_PATH, 'url_route_on' => true, + 'url_common_param' => false, 'template' => array( 'taglib_build_in' => 'cx,com\Sent' diff --git a/application/database.php b/application/database.php index bed5de53..ef2a84d1 100644 --- a/application/database.php +++ b/application/database.php @@ -15,11 +15,11 @@ return array( // 服务器地址 'hostname' => '127.0.0.1', // 数据库名 - 'database' => 'sentcms_www', + 'database' => 'nmg_www', // 数据库用户名 'username' => 'root', // 数据库密码 - 'password' => '', + 'password' => 'nitbbs_org', // 数据库连接端口 'hostport' => '', // 数据库连接参数 diff --git a/application/user/controller/Login.php b/application/user/controller/Login.php index 117e35ce..825dbd06 100644 --- a/application/user/controller/Login.php +++ b/application/user/controller/Login.php @@ -71,11 +71,79 @@ class Login extends Fornt{ } } - public function forget(){ - + public function forget($email = '', $verify = ''){ + if (IS_POST) { + //验证码验证 + $this->checkVerify($verify); + if (!$email) { + return $this->error('邮件必填!', url('index/index/index')); + } + $result = false; + $user = db('Member')->where(array('email'=>$email))->find(); + if (!empty($user)){ + $time = time(); + $token = authcode($user['uid'] . "\n\r" . $user['email'] . "\n\r" . $time, 'ENCODE'); + config('url_common_param', true); + $url = url('user/login/find',array('time'=>$time, 'token'=>$token), 'html', true); + $html = \think\Lang::get('find_password', array('url'=>$url)); + + $result = send_email($user['email'], '找回密码确认邮件', $html); + } + if ($result) { + return $this->success("已发送邮件至您邮箱,请登录您的邮箱!", url('index/index/index')); + }else{ + return $this->error('发送失败!', ''); + } + }else{ + return $this->fetch(); + } } public function find(){ - + //http://127.0.0.2/user/login/find.html?time=1467174578&token=b561PJhVI2OjWUPNLsAMdeW8AKZLw/RcqyXUHBa1mCiX2OUzvq0D69Rt40F/n7zfJKR05d7qA41G6/33NQ + if (IS_POST) { + $data = $this->request->post(); + //验证码验证 + $this->checkVerify($data['verify']); + if ($data['password'] !== $data['repassword']) { + return $this->error('确认密码和密码不同!',''); + } + + $token_decode = authcode($data['token']); + list($uid, $email, $time) = explode("\n\r", $token_decode); + + $save['salt'] = rand_string(6); + $save['password'] = md5($data['password'].$save['salt']); + $result = db('Member')->where(array('uid'=>$uid))->update($save); + if (false != $result) { + return $this->success('重置成功!'); + }else{ + return $this->success('重置失败!'); + } + }else{ + $time = input('get.time', '', 'trim'); + $token = input('get.token', '', 'trim'); + if (!$time || !$token) { + return $this->error('参数错误!',''); + } + + $token_decode = authcode($token); + list($uid, $email, $time) = explode("\n\r", $token_decode); + + if ((time() - $time) > 3600 || (time() - $time) < 0) { + return $this->error('链接已失效!', ''); + } + if ($time != $time) { + return $this->error('非法操作!', ''); + } + + $data = array( + 'token' => $token, + 'email' => $email, + 'uid' => $uid, + ); + $this->assign($data); + return $this->fetch(); + } } } diff --git a/application/user/controller/Upload.php b/application/user/controller/Upload.php index e963e6e6..0659278c 100644 --- a/application/user/controller/Upload.php +++ b/application/user/controller/Upload.php @@ -57,7 +57,7 @@ class Upload extends User { } public function avatar(){ - $file = \think\Input::file('UpFile'); + $file = $this->request->file('UpFile'); $info = $file->rule('uniqid')->move('./uploads/avatar/'.setavatardir(session('user_auth.uid')), true, true); $image = new \org\Image(); diff --git a/application/user/view/login/index.html b/application/user/view/login/index.html index c3e56d99..bf196a1a 100644 --- a/application/user/view/login/index.html +++ b/application/user/view/login/index.html @@ -4,7 +4,7 @@ -用户注册 +用户登录 @@ -75,13 +75,8 @@
@@ -123,12 +118,12 @@ $(function(){ //初始化选中用户名输入框 $("#itemBox").find("input[name=username]").focus(); //刷新验证码 - var verifyimg = $(".codeimage").attr("src"); + var verifyimg = $("#codeimage").attr("src"); $(".makecode").click(function(){ if( verifyimg.indexOf('?')>0){ - $(".codeimage").attr("src", verifyimg+'&random='+Math.random()); + $("#codeimage").attr("src", verifyimg+'&random='+Math.random()); }else{ - $(".codeimage").attr("src", verifyimg.replace(/\?.*$/,'')+'?'+Math.random()); + $("#codeimage").attr("src", verifyimg.replace(/\?.*$/,'')+'?'+Math.random()); } }); diff --git a/application/user/view/login/register.html b/application/user/view/login/register.html index 28328d60..954eba0e 100644 --- a/application/user/view/login/register.html +++ b/application/user/view/login/register.html @@ -97,13 +97,8 @@