2015-07-28 15:15:57 +08:00
|
|
|
<?php
|
|
|
|
|
namespace Admin\Controller;
|
|
|
|
|
use Admin\Controller;
|
2017-02-03 12:32:57 +08:00
|
|
|
|
2015-07-28 15:15:57 +08:00
|
|
|
/**
|
2017-02-03 12:32:57 +08:00
|
|
|
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
|
2016-12-03 21:42:04 +08:00
|
|
|
* @Copyright 2015-2020 SISMO
|
|
|
|
|
* @Project homepage https://github.com/CNSISMO
|
2017-02-03 12:32:57 +08:00
|
|
|
* @Version 2.0
|
2015-07-28 15:15:57 +08:00
|
|
|
*/
|
2017-02-03 12:32:57 +08:00
|
|
|
|
2015-07-28 15:15:57 +08:00
|
|
|
|
|
|
|
|
class PostController extends BaseController
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* 漏洞报告列表
|
|
|
|
|
* @return [type] [description]
|
|
|
|
|
*/
|
|
|
|
|
public function index($key="")
|
|
|
|
|
{
|
|
|
|
|
if($key == ""){
|
2017-02-03 12:32:57 +08:00
|
|
|
$model = D('PostView');
|
2015-07-28 15:15:57 +08:00
|
|
|
}else{
|
2017-02-03 12:32:57 +08:00
|
|
|
$where['title'] = array('like',"%$key%");
|
|
|
|
|
$where['name'] = array('like',"%$key%");
|
|
|
|
|
$where['type'] = array('like',"%$key%");
|
2015-07-28 15:15:57 +08:00
|
|
|
$where['_logic'] = 'or';
|
|
|
|
|
$model = D('PostView')->where($where);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$count = $model->where($where)->count();// 查询满足要求的总记录数
|
|
|
|
|
$Page = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
|
|
|
|
|
$show = $Page->show();// 分页显示输出
|
2017-02-03 12:32:57 +08:00
|
|
|
$pages = $model->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
|
|
|
|
|
$this->assign('model', $pages);
|
2015-07-28 15:15:57 +08:00
|
|
|
$this->assign('page',$show);
|
|
|
|
|
$this->display();
|
|
|
|
|
}
|
2017-02-03 12:32:57 +08:00
|
|
|
|
2015-07-28 15:15:57 +08:00
|
|
|
/**
|
|
|
|
|
* 添加漏洞报告
|
|
|
|
|
*/
|
|
|
|
|
public function add()
|
|
|
|
|
{
|
|
|
|
|
//默认显示添加表单
|
|
|
|
|
if (!IS_POST) {
|
|
|
|
|
$this->assign("category",getSortedCategory(M('category')->select()));
|
|
|
|
|
$this->display();
|
|
|
|
|
}
|
|
|
|
|
if (IS_POST) {
|
|
|
|
|
//如果用户提交数据
|
|
|
|
|
$model = D("Post");
|
|
|
|
|
$model->time = time();
|
|
|
|
|
$model->user_id = 1;
|
|
|
|
|
if (!$model->create()) {
|
|
|
|
|
// 如果创建失败 表示验证没有通过 输出错误提示信息
|
|
|
|
|
$this->error($model->getError());
|
|
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
if ($model->add()) {
|
|
|
|
|
$this->success("添加成功", U('post/index'));
|
|
|
|
|
} else {
|
|
|
|
|
$this->error("添加失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/**
|
2017-02-03 12:32:57 +08:00
|
|
|
* 编辑漏洞报告
|
2015-07-28 15:15:57 +08:00
|
|
|
*/
|
2015-07-28 19:00:39 +08:00
|
|
|
public function update()
|
2015-07-28 15:15:57 +08:00
|
|
|
{
|
2015-07-28 19:00:39 +08:00
|
|
|
$id = I('get.id',0,'intval');
|
2015-07-28 15:15:57 +08:00
|
|
|
if (!IS_POST) {
|
|
|
|
|
$model = M('post')->where('id='.$id)->find();
|
|
|
|
|
$this->assign("category",getSortedCategory(M('category')->select()));
|
|
|
|
|
$this->assign('post',$model);
|
|
|
|
|
$this->display();
|
|
|
|
|
}
|
|
|
|
|
if (IS_POST) {
|
|
|
|
|
$model = D("Post");
|
2017-02-03 12:32:57 +08:00
|
|
|
$model->time = time();
|
2015-07-28 15:15:57 +08:00
|
|
|
if (!$model->create()) {
|
|
|
|
|
$this->error($model->getError());
|
|
|
|
|
}else{
|
|
|
|
|
if ($model->save()) {
|
|
|
|
|
$this->success("更新成功", U('post/index'));
|
|
|
|
|
} else {
|
|
|
|
|
$this->error("更新失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-02-03 12:32:57 +08:00
|
|
|
}
|
|
|
|
|
/**
|
|
|
|
|
* 审核漏洞报告
|
|
|
|
|
*/
|
|
|
|
|
public function review()
|
|
|
|
|
{
|
|
|
|
|
$id = I('get.id',0,'intval');
|
|
|
|
|
if (!IS_POST) {
|
|
|
|
|
$model = M('post')->where('id='.$id)->find();
|
|
|
|
|
$comment = M('comment')->where('post_id='.$id)->select();
|
|
|
|
|
$this->assign("category",getSortedCategory(M('category')->select()));
|
|
|
|
|
$this->assign('post',$model);
|
|
|
|
|
$this->assign('comment',$comment);
|
|
|
|
|
$this->display();
|
|
|
|
|
}
|
|
|
|
|
if (IS_POST) {
|
|
|
|
|
$model = D("Post");
|
|
|
|
|
$model->time = time();
|
|
|
|
|
$data = I();
|
|
|
|
|
if ($model->where('id='.$id)->field('day,rank,type')->save($data)) {
|
|
|
|
|
$this->success("审核成功", U('post/index'));
|
|
|
|
|
} else {
|
|
|
|
|
$this->error("审核失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-07-28 15:15:57 +08:00
|
|
|
}
|
|
|
|
|
/**
|
|
|
|
|
* 删除漏洞报告
|
|
|
|
|
*/
|
2015-07-28 19:00:39 +08:00
|
|
|
public function delete()
|
2015-07-28 15:15:57 +08:00
|
|
|
{
|
2015-07-28 19:00:39 +08:00
|
|
|
$id = I('get.id',0,'intval');
|
2015-07-28 15:15:57 +08:00
|
|
|
$model = M('post');
|
|
|
|
|
$result = $model->where("id=".$id)->delete();
|
|
|
|
|
if($result){
|
|
|
|
|
$this->success("删除成功", U('post/index'));
|
|
|
|
|
}else{
|
|
|
|
|
$this->error("删除失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 添加积分
|
|
|
|
|
*/
|
|
|
|
|
public function jifen()
|
|
|
|
|
{
|
2017-02-03 12:32:57 +08:00
|
|
|
$member = M('member');
|
|
|
|
|
$record = M('record');
|
2017-02-07 17:41:22 +08:00
|
|
|
$post = M('post');
|
|
|
|
|
$adminId = session('adminId');
|
|
|
|
|
|
2017-02-03 12:32:57 +08:00
|
|
|
$user_id = I('get.uid',0,'intval');
|
|
|
|
|
$jifen = I('post.jifen',0,'intval');
|
|
|
|
|
$jinbi = I('post.jinbi',0,'intval');
|
2017-02-07 17:41:22 +08:00
|
|
|
$pid = I('post.pid',0,'intval');
|
|
|
|
|
$token = I('post.token');
|
|
|
|
|
|
|
|
|
|
//添加积分记录
|
2017-02-03 12:32:57 +08:00
|
|
|
$data['type'] = 1;
|
|
|
|
|
$data['name'] = '增加积分/安全币';
|
|
|
|
|
$data['content'] = '+积分:'.$jifen.' +安全币:'.$jinbi;
|
|
|
|
|
$data['time'] = time();
|
|
|
|
|
$user = $member->where('id='.$user_id)-> select();
|
|
|
|
|
$data['user'] = $user[0]['username'];
|
|
|
|
|
$data['operator'] = session('adminname');
|
2017-02-07 17:41:22 +08:00
|
|
|
|
|
|
|
|
//单个报告奖励详情
|
|
|
|
|
$pdata['bounty'] = '+积分:'.$jifen.' +安全币:'.$jinbi;
|
|
|
|
|
|
|
|
|
|
$manager = M('manager')-> where(array('id'=>$adminId)) -> find();
|
|
|
|
|
|
|
|
|
|
if($token != $manager['token']){
|
|
|
|
|
$this->error("非法请求");
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-03 12:32:57 +08:00
|
|
|
$result1 = $member->where('id='.$user_id)->setInc('jifen',$jifen);
|
|
|
|
|
$result2 = $member->where('id='.$user_id)->setInc('jinbi',$jinbi);
|
|
|
|
|
$result3 = $record -> add($data);
|
2017-02-07 17:41:22 +08:00
|
|
|
$result4 = $post->where('id='.$pid) -> field('bounty') -> save($pdata);
|
2017-02-03 12:32:57 +08:00
|
|
|
if($result1 && $result2){
|
|
|
|
|
$this->success("增加积分/安全币成功", U('post/index'));
|
2015-07-28 15:15:57 +08:00
|
|
|
}else{
|
2017-02-03 12:32:57 +08:00
|
|
|
$this->error("增加积分/安全币失败");
|
2015-07-28 15:15:57 +08:00
|
|
|
}
|
|
|
|
|
}
|
2015-10-06 20:25:13 +08:00
|
|
|
|
|
|
|
|
/**
|
2016-01-24 11:54:16 +08:00
|
|
|
* 生成session key
|
2017-07-02 22:50:28 +08:00
|
|
|
**/
|
2017-02-07 17:41:22 +08:00
|
|
|
|
2017-07-02 22:50:28 +08:00
|
|
|
public function session(){
|
|
|
|
|
$id = I('get.id');
|
|
|
|
|
$str = '1234567890abcdefg';
|
|
|
|
|
$session = $str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)];
|
2016-12-03 21:42:04 +08:00
|
|
|
$visible = 1;
|
2016-01-24 11:54:16 +08:00
|
|
|
$model = M('post');
|
|
|
|
|
$model->session = $session;
|
2016-12-03 21:42:04 +08:00
|
|
|
$model->visible = $visible;
|
2017-07-02 22:50:28 +08:00
|
|
|
$result = $model->where(array('id'=>$id))->save();
|
2016-01-24 11:54:16 +08:00
|
|
|
if($result){
|
2017-07-02 22:50:28 +08:00
|
|
|
$this->success("授权成功", U('post/index'));
|
2016-01-24 11:54:16 +08:00
|
|
|
}else{
|
|
|
|
|
$this->error("授权失败");
|
2015-10-06 20:25:13 +08:00
|
|
|
}
|
2016-01-24 11:54:16 +08:00
|
|
|
}
|
2017-07-02 22:50:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 取消导出
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
public function cancel(){
|
|
|
|
|
$id = I('get.id');
|
|
|
|
|
$visible = 0;
|
|
|
|
|
$model = M('post');
|
|
|
|
|
$model->visible = $visible;
|
|
|
|
|
$result = $model->where(array('id'=>$id))->save();
|
|
|
|
|
if($result){
|
|
|
|
|
$this->success("取消成功", U('post/index'));
|
|
|
|
|
}else{
|
|
|
|
|
$this->error("取消失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 导出全部
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
public function portall(){
|
|
|
|
|
$model = M('post')->field('id,title,content,advise,time,day,bounty')->limit(100)->select();
|
|
|
|
|
set_time_limit(0);
|
|
|
|
|
ini_set('memory_limit', '512M');
|
|
|
|
|
$output = fopen('php://output', 'w') or die("can't open php://output");
|
|
|
|
|
$filename = "安全应急响应中心外部漏洞报告统计表" . date('Y-m-d', time());
|
|
|
|
|
header("Content-Type: application/csv");
|
|
|
|
|
header("Content-Disposition: attachment; filename=$filename.csv");
|
|
|
|
|
$table_head = array('报告编号','报告名称','报告内容', '修复建议','提交时间','修补期限','漏洞奖励');
|
|
|
|
|
fputcsv($output, $table_head);
|
|
|
|
|
foreach ($model as $e) {
|
|
|
|
|
fputcsv($output, array_values($e));
|
|
|
|
|
}
|
|
|
|
|
fclose($output) or die("can't close php://output");
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2017-02-03 12:32:57 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
添加报告评论
|
2016-12-26 21:11:19 +08:00
|
|
|
**/
|
2017-02-03 12:32:57 +08:00
|
|
|
public function comment()
|
2016-12-26 21:11:19 +08:00
|
|
|
{
|
2017-02-03 12:32:57 +08:00
|
|
|
if (!IS_POST) {
|
|
|
|
|
$this->error("非法请求");
|
|
|
|
|
}
|
|
|
|
|
if (IS_POST) {
|
|
|
|
|
$model = D("Comment");
|
|
|
|
|
if (!$model->create()) {
|
|
|
|
|
$this->error($model->getError());
|
|
|
|
|
exit();
|
|
|
|
|
} else {
|
|
|
|
|
if ($model->add()) {
|
|
|
|
|
$this->success("添加成功", U('post/index'));
|
|
|
|
|
} else {
|
|
|
|
|
$this->error("添加失败");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-12-26 21:11:19 +08:00
|
|
|
}
|
2015-10-06 20:25:13 +08:00
|
|
|
}
|
