bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS·轻响应 V1.7正式版

Browse Source 
修复
1. 前台验证码刷新无效问题
2. 前台用户在后台管理界面密码修改逻辑缺陷
3. 前台用户上传附件越权查看漏洞
新增:
1. 用户密码存储加盐
This commit is contained in:
Martin Zhou
2016-12-02 12:24:27 +08:00
parent 15356310a6
commit 3f830d2cee
58 changed files with 1359 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Application/Admin/View/Check/view.html
View File

@@ -6,12 +6,12 @@
<title>安全工单</title>
<meta name="generator" content="Bootply" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href="/dev/Public/Home/css/bootstrap.min.css" rel="stylesheet">
<link href="/dev/Public/Home/index/carousel.css" rel="stylesheet">
<link href="__PUBLIC__/Home/css/bootstrap.min.css" rel="stylesheet">
<link href="__PUBLIC__/Home/index/carousel.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="/dev/Public/Home/css/styles.css" rel="stylesheet">
<link href="__PUBLIC__/Home/css/styles.css" rel="stylesheet">
</head>
<body>
@@ -25,7 +25,7 @@
<span class="yaheiicon-bar"></span>
</button>
<a class="yahei navbar-brand" href="/dev/index.php?m=&c=index&a=index"><strong>安全应急响应中心</strong>
<span class="yahei navbar-brand-subtitle">工单系统</span>
<span class="yahei navbar-brand-subtitle">安全工单</span>
</a>
</div>
<div class="navbar-collapse collapse" id="navbar">

26
Application/Admin/View/Index/index.html
View File

@@ -1,24 +1,40 @@
<include file="Public/header" title="后台主页" />
<include file="Public/header" title="应急响应中心后台主页" />
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<b><h2>您好!欢迎登陆应急响应中心后台</h2></b>
<span style="font-size:20px">您好!欢迎登陆应急响应中心管理后台</span>
<p>注意:请定期修改您的后台密码,保证安全性!</p>
<p>您可以进行以下操作:</p>
<!--<p>您可以进行以下操作:</p>
<ul>
<li>1.漏洞审核</li>
<li>2.博客更新</li>
<li>3.礼品库更新</li>
<li>3.用户管理</li>
</u/>
</u/>-->
<div class="clearfix"></div>
</div>
</div>
</div><!-- /.row -->
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>
<span><strong>最新版本:</strong></span>
<span id="version"></span>
</p>
<p><span><strong>发布日期:</strong></span>
<span id="date"></span>
</p>
<p>
<span><strong>更新简介:</strong></span>
<span id="des"></span>
</p>
<p>
<a href="https://github.com/martinzhou2015">立即下载</a>
</p>
</div>
<div class="row">
<div class="col-lg-3">
<div class="panel panel-info">

4
Application/Admin/View/Order/index.html
View File

@@ -36,9 +36,9 @@
<td>{$v.tel}</td>
<td>{$v.zipcode}</td>
<td><if condition="$v.finish eq 0"><span class="label label-info">未处理</span>
<elseif condition="$v.finish eq 1" /><span class="label label-default">忽略</span>
<elseif condition="$v.finish eq 1" /><span class="label label-default">发货</span>
</if></td>
<td><a href="{:U('info/delete?id=')}{$v.user_id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td><a href="{:U('order/update?id=')}{$v.id}" target="_Blank">查看</a> | <a href="{:U('order/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>

18
Application/Admin/View/Order/jifen.html Normal file
View File

@@ -0,0 +1,18 @@
<include file="Public/header" title="积分变动" />
<div id="page-wrapper">
<form method="post" action="{:U('order/jifen')}">
<div class="form-group">
<label for="aa">用户名</label>
<label>{$model.gid}</label>
</div>
<div class="form-group">
<label for="bb">扣除积分</label>
<input type="text" name="amount" class="form-control" id="bb" value="" placeholder="填写真实姓名">
</div>
<div class="form-group">
<input type="hidden" name="id" value="{$model.id}">
<button type="submit" class="btn btn-default">更新</button>
</div>
</form>
</div>
<include file="Public/footer" />

66
Application/Admin/View/Order/update.html Normal file
View File

@@ -0,0 +1,66 @@
<include file="Public/header" title="订单详情" />
<div id="page-wrapper">
<form method="post" action="{:U('order/jifen')}">
<div class="form-group">
<label for="bb">目前积分: </label>
<label><foreach name="userM" item="v">{$v.jifen}</foreach></label>
</div>
<div class="form-group">
<label for="bb">扣除积分: </label>
<input type="text" name="amount" class="form-control" id="ee" value="" placeholder="填写扣除积分" value="100">
</div>
<input type="hidden" name="user_id" value="{$model.username}">
<div class="form-group">
<input type="hidden" name="id" value="{$model.id}">
<button type="submit" class="btn btn-default">执行</button>
</div>
</form>
</div>
<div id="page-wrapper">
<form method="post" action="{:U('order/update')}">
<div class="form-group">
<label for="aa">礼品名称</label>
<input type="text" name="gid" class="form-control" id="aa" value="{$model.gid}" placeholder="输入礼品名称">
</div>
<div class="form-group">
<label for="bb">真实姓名</label>
<input type="text" name="realname" class="form-control" id="bb" value="{$model.realname}" placeholder="填写真实姓名">
</div>
<div class="form-group">
<label for="cc">住址</label>
<input type="text" name="location" class="form-control" id="cc" value="{$model.location}" placeholder="填写住址" value="100">
</div>
<div class="form-group">
<label for="cc">联系方式</label>
<input type="text" name="tel" class="form-control" id="dd" value="{$model.tel}" placeholder="填写联系方式" value="100">
</div>
<div class="form-group">
<label for="cc">邮编</label>
<input type="text" name="zipcode" class="form-control" id="ee" value="{$model.zipcode}" placeholder="填写邮编" value="100">
</div>
<div class="form-group">
<label for="cc">支付宝帐号</label>
<input type="text" name="alipay" class="form-control" id="ee" value="{$model.alipay}" placeholder="填写扣除积分" value="100">
</div>
<div class="form-group">
<label>订单状态: </label>
<label class="radio-inline">
<input type="radio" name="finish" id="finish" value="0" <if condition="$post.day eq 0">checked="checked"</if> > 待处理
</label>
<label class="radio-inline">
<input type="radio" name="finish" id="finish" value="1" <if condition="$post.day eq 1">checked="checked"</if>> 已发货
</label>
<label class="radio-inline">
<input type="radio" name="finish" id="finish" value="0" <if condition="$post.day eq 2">checked="checked"</if> > 发货中
</label>
<label class="radio-inline">
<input type="radio" name="finish" id="finish" value="1" <if condition="$post.day eq 3">checked="checked"</if>> 已关闭
</label>
</div>
<div class="form-group">
<input type="hidden" name="id" value="{$model.id}">
<button type="submit" class="btn btn-default">更新</button>
</div>
</form>
</div>
<include file="Public/footer" />

2
Application/Admin/View/Post/index.html
View File

@@ -32,7 +32,7 @@
<foreach name="model" item="v">
<tr>
<td>{$v.id}</td>
<td>{$v.title}</td>
<td><a href="{:U('post/update?id=')}{$v.id}">{$v.title}</a></td>
<td>
<if condition="$v.type eq 1"><span class="label label-info">审核中</span>
<elseif condition="$v.type eq 2" /><span class="label label-default">已忽略</span>

6
Application/Admin/View/Post/update.html
View File

@@ -28,6 +28,12 @@
<div class="form-group">
<label for="post-content">修复建议</label>
<input type="text" name="advise" class="form-control" value="{$post.advise}" id="post-title" placeholder="输入修复建议">
</div>
<div class="form-group">
<label>漏洞公开</label>
<label class="radio-inline">
<input type="radio" name="visible" id="visible" value="1" <if condition="$post.day eq 2">checked="checked"</if>>公开
</label>
</div>
<div class="form-group">
<label>修补限期</label>

9
Application/Admin/View/Public/footer.html
View File

@@ -2,6 +2,13 @@
<script src="__STATIC__/js/jquery-1.10.2.js"></script>
<script src="__STATIC__/js/bootstrap.js"></script>
<script src="__STATIC__/js/app.js"></script>
<script>
function callback(a){
document.getElementById('version').innerHTML= a['version'];
document.getElementById('des').innerHTML= a['des'];
document.getElementById('date').innerHTML= a['date'];
};
</script>
<script src="http://www.src.pw/json.php?callback=callback"></script>
</body>
</html>

4
Application/Admin/View/Public/header.html
View File

@@ -13,7 +13,7 @@
<link rel="stylesheet" href="__STATIC__/font-awesome/css/font-awesome.min.css">
</head>
<body>
<body style="font-family:微软雅黑">
<div id="wrapper">
@@ -38,7 +38,7 @@
<ul class="nav navbar-nav navbar-right navbar-user">
<li class="dropdown user-dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> 你好,{:session('username')} <b class="caret"></b></a>
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> 你好,{:session('adminname')} <b class="caret"></b></a>
<ul class="dropdown-menu">
<!--<li><a href="#"><i class="fa fa-gear"></i> 设置</a></li>
<li class="divider"></li>-->

4
Application/Admin/View/Public/sidebar.html
View File

@@ -13,7 +13,7 @@
<a href="{:U('blog/index')}"><i class="fa fa-th-list"></i> 博客管理</a>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fa fa-users"></i>用户管理<span class="caret"></span></a>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fa fa-users"></i> 用户管理<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="{:U('member/index')}"><i class="fa fa-tag"></i> 前台用户</a> </li>
<li><a href="{:U('manager/index')}"><i class="fa fa-tag"></i> 后台用户</a></li>
@@ -23,7 +23,7 @@
<a href="{:U('hall/index')}"><i class="fa fa-star"></i> 贡献榜管理</a>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fa fa-shopping-cart"></i>礼品管理<span class="caret"></span></a>
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fa fa-shopping-cart"></i> 礼品管理<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="{:U('info/index')}"><i class="fa fa-tag"></i> 地址管理</a> </li>
<li><a href="{:U('links/index')}"><i class="fa fa-shopping-cart"></i> 礼品库管理</a></li>

1
Application/Admin/View/Setting/index.html
View File

@@ -21,7 +21,6 @@
<thead>
<tr>
<th>字段名</th>
<!-- <th>字段值</th> -->
<th>字段描述</th>
<th>操作</th>
</tr>