bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS V2 开发版

Browse Source 
唯一的改变就是万变,重新定义安全应急响应中心。
This commit is contained in:
Martin Zhou
2017-02-03 12:32:57 +08:00
parent 0ad6b00156
commit 684da35950
505 changed files with 88079 additions and 3292 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Application/User/Controller/BaseController.class.php
View File

@@ -3,12 +3,13 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class BaseController extends Controller {
public function _initialize(){
$sid = session('userId');

59
Application/User/Controller/ChangeController.class.php
View File

@@ -3,22 +3,20 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class ChangeController extends BaseController{
/**
* 显示更改密码页面
*/
public function index()
{
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->display();
}
@@ -27,37 +25,58 @@ class ChangeController extends BaseController{
*/
public function change()
{
//验证请求方式
if(!IS_POST)$this->error("非法请求");
$member = M('member');
$id = session('userId');
$username = session('username');
$oldpassword = I('post.oldpassword','','md5');
$password = I('post.password','','md5');
$oldpassword = I('post.oldpassword');
$password = I('post.password');
$repassword = I('post.repassword');
//获取salt
$salt = $member->where(array('id'=>$id,'username'=>$username))->find();
$s_oldpassword = md5(md5(md5($salt['salt']).$oldpassword."SR")."CMS");
$s_oldpassword = md5(md5(md5($salt['salt']).md5($oldpassword)."SR")."CMS");
//验证原密码
$user = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->find();
$code = I('verify','','strtolower');
if(!($this->check_verify($code))){
$this->error('验证码错误');
}
if(!$user) {
$this->error('旧密码校验失败 :(') ;
}
//验证账户是否管理员,管理员无法在前台修改密码
if($user['type'] == 2){
$this->error('前台无法修改管理员密码 :(') ;
if($password != $repassword) {
$this->error('两次密码输入不相符 :(') ;
}
if(strlen($password) < 8){ $this->error("为了保证帐户安全,请输入大于八位数的密码!");}
$s_password = md5(md5(md5($salt['salt']).$password."SR")."CMS");
$member-> password=$s_password;
$result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save();
if($result){
$this->success("修改成功",U('login/logout'));
}else{
$this->error('修改失败,请重试 :(',U('change/index')) ;
}
$s_password = md5(md5(md5($salt['salt']).md5($password)."SR")."CMS");
$data['password']= $s_password;
$result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save($data);
if($result){
$this->success("修改成功",U('login/logout'));
}else{
$this->error('修改失败,请重试 :(',U('change/index')) ;
}
}
//验证码
public function verify(){
ob_clean();
$Verify = new \Think\Verify();
$Verify->codeSet = '123456789abcdefghijklmnopqrst';
$Verify->fontSize = 16;
$Verify->length = 4;
$Verify->entry();
}
protected function check_verify($code){
$verify = new \Think\Verify();
return $verify->check($code);
}
}

11
Application/User/Controller/ForgetController.class.php
View File

@@ -3,18 +3,16 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class ForgetController extends Controller {
//显示找回密码页面
public function index(){
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->display();
}
//验证码
@@ -58,7 +56,8 @@ class ForgetController extends Controller {
}
//发送验证码邮件
import('ORG.Net.Mail');
//import('ORG.Net.Mail');
require "./././././ThinkPHP/Library/Org/Net/Mail.class.php";
$str = '1234567890abcdefghijklmnopqrstuvwxyz';
$passwd=$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)];
$content = md5(md5(md5($salt['salt']).md5($passwd)."SR")."CMS");

77
Application/User/Controller/GiftController.class.php
View File

@@ -3,66 +3,83 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class GiftController extends BaseController{
public function index(){
$id = session('userId');
$gift = M('links')->select();
$tmodel= M('setting');
$gifts = M('links');
$count = $gifts->where($where)->count();
$Page = new \Extend\Page($count,8);
$show = $Page->show();// 分页显示输出
$pages = $gifts->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
$this->assign('gift',$pages);
$this->assign('page',$show);
$info = M('member')->where('id='.$id)->select();
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('gift',$gift);
$this->assign('info',$info);
$this->display();
}
public function order(){
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$id = session('userId');
$info = M('order')->where('username='.$id)->select();
$this->assign('title', $title);
$username = session('username');
$info = M('order')->where(array('username'=>$username,'userid'=>$id))->select();
$this->assign('info',$info);
$this->display();
}
public function add()
{
//默认显示添加表单
$id = session('userId');
$gid = I('get.gid',0,'intval');
if (!IS_POST) {
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$info = M('info')->where('user_id='.$id)->select();
$gift = M('links')->where('id='.$gid)->select();
$info = M('member')->where('id='.$id)->find();
$gift = M('links')->where('id='.$gid)->find();
$this->assign('info',$info);
$this->assign('gift',$gift);
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$model = D("order");
if (!$model->field('username,gid,tel,alipay,realname,location,zipcode')->create()) {
// 如果创建失败 表示验证没有通过 输出错误提示信息
$this->error($model->getError());
exit();
} else {
if ($model->add()) {
$this->success("下单成功", U('index/index'));
$model = M("order");
$record = M('record');
$user = M('member')->where('id='.$id)->find();
$gift = M('links')->where('id='.$gid)->find();
if($user['jinbi']<$gift['price']){
$this->error("安全币余额不足!", U('gift/index'));
exit();
}
$data = I();
$data['gid'] = $gift['title'];
$data['username'] = session('username');
$data['userid'] = session('userId');
$data['update_time'] = time();
//记录兑换安全币变动日志
$rdata['type'] = 1;
$rdata['name'] = '兑换'.$gift['title'];
$rdata['content'] = '-安全币:'.$gift['price'];
$rdata['time'] = time();
$rdata['user'] = session('username');
$rdata['operator'] = session('username');
$record_result = $record -> add($rdata);
$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,update_time')->add($data)) {
if($result){
$this->success("兑换成功", U('gift/index'));
}
else{
$this->error("兑换失败");
}
} else {
$this->error("下单失败");
$this->error("兑换失败");
}
}
}
}
}

23
Application/User/Controller/IndexController.class.php
View File

@@ -3,24 +3,25 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class IndexController extends BaseController {
public function index(){
$id = session('userId');
$tmodel= M('setting');
$gCount = M('links')->count();
$title = $tmodel->where('id=1')->select();
$page = M('post')->where('user_id='.$id)->count();
$user = M('member')->where('id='.$id)->select();
$this->assign('title', $title);
$this->assign('page',$page);
$this->assign('user',$user);
$this->assign('gift',$gCount);
$username = session('username');
$pnum = M('post')->where('user_id='.$id)->count();
$jinbi = M('member')->where('id='.$id)->find();
$gift = M('order')->where(array('username'=>$username,'userid'=>$id))->count();
$page = M('page')->select();
$this->assign('pnum',$pnum);
$this->assign('jinbi',$jinbi);
$this->assign('gift',$gift);
$this->assign('page',$page);
$this->display();
}
}

70
Application/User/Controller/InfoController.class.php
View File

@@ -3,86 +3,36 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class InfoController extends BaseController{
public function index(){
$id = session('userId');
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$info = M('info')->where('user_id='.$id)->select();
$this->assign('title', $title);
$this->assign('info',$info);
$this->display();
}
/**
* 添加联系方式
*/
public function add()
{
//默认显示添加表单
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
if (!IS_POST) {
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$model = D("info");
$model->user_id = 1;
$model->username = 1;
if (!$model->field('realname,zipcode,location,tel,alipay')->create()) {
// 如果创建失败 表示验证没有通过 输出错误提示信息
$this->error($model->getError());
exit();
} else {
if ($model->add()) {
$this->success("添加成功", U('info/index'));
} else {
$this->error("添加失败");
}
}
}
}
/**
* 更新联系方式
*/
public function update()
public function index()
{
//默认显示添加表单
$id = session('userId');
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('title', $title);
$id = session('userId');
if (!IS_POST) {
$info = M('info')->where('user_id='.$id)->select();
$info = M('member')->where(array('id'=>$id))->select();
$this->assign('info',$info);
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$model = D("info");
$model->user_id = 1;
$model->username = 1;
if (!$model->field('realname,zipcode,location,tel,alipay')->create()) {
// 如果创建失败 表示验证没有通过 输出错误提示信息
$this->error($model->getError());
exit();
} else {
if ($model->save()) {
$model = M("member");
$data = I();
if ($model->where(array('id'=>$id))->field('realname,zipcode,address,tel,alipay,bankcode,idcode,qqnumber,website,description,qqnumber')->save($data)) {
$this->success("联系方式更新成功", U('info/index'));
} else {
$this->error("联系方式更新失败");
}
}
}
}

61
Application/User/Controller/LoginController.class.php
View File

@@ -3,12 +3,13 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class LoginController extends Controller {
//登陆主页
public function index(){
@@ -17,45 +18,59 @@ class LoginController extends Controller {
$this->assign('title', $title);
$this->display();
}
public function svalid(){
$email =I('get.email','','email');
$this->assign('email', $email);
$this->display();
}
public function valid(){
if(!IS_POST){$this->error("非法请求");}
$code = I('verify','','strtolower');
$email =I('get.email','','email');
$token = session('token');
$member = M('member');
$user = $member->where(array('email'=>$email))->find();
if($token != $user['token']){$this->error("非法请求");}
//验证验证码是否正确
if(!($this->check_verify($code))){
session('userId',null);
session('username',null);
$this->error('验证码错误',U('Login/index'));
}
//如果验证码校验成功 跳转到后台主页
session('userId',$user['id']);
session('username',$user['username']);
$this->success("登陆成功",U('Index/index'));
}
//登陆验证
public function login(){
if(!IS_POST)$this->error("非法请求");
if(!IS_POST){$this->error("非法请求");}
$member = M('member');
$username = I('username','','htmlspecialchars');
$password = I('password');
$code = I('verify','','strtolower');
//验证验证码是否正确
if(!($this->check_verify($code))){
$this->error('验证码错误');
}
$user = $member->where(array('username'=>$username))->find();
if($user['password'] != md5(md5(md5($user['salt']).md5($password)."SR")."CMS")) {
$this->error('账号或密码错误 :(') ;
}
// 验证账户是否被禁用
if($user['status'] == 0){
$this->error('账号被禁用,请联系网站管理员 :(') ;
$this->error('账号被禁用,请联系管理员 :(') ;
}
$token = md5(md5($user['email'].time()).time());
//更新登陆信息
$data =array(
'id' => $user['id'],
'update_at' => time(),
'login_ip' => get_client_ip(),
'token' => $token,
);
//如果数据更新成功 跳转到后台主页
//登陆成功
if($member->save($data)){
session('userId',$user['id']);
session('username',$user['username']);
// session('token',md5(time().$user['salt']));
$this->success("登陆成功",U('Index/index'));
}
//定向之后台主页
session('token',$token);
$this->success("请先完成验证",U('Login/svalid?email=').$user['email']);
}
}

31
Application/User/Controller/PostController.class.php
View File

@@ -3,11 +3,12 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class PostController extends BaseController
{
@@ -75,14 +76,34 @@ class PostController extends BaseController
*查看漏洞报告
*/
public function view(){
$rid = I('get.rid',0,'intval');
$model = M("Post");
$id = session('userId');
$rid = I('get.rid',0,'intval');
$model = M("Post");
$post = $model->where(array('user_id'=>$id,'id'=>$rid))->find(); //修复越权漏洞
$comment = M('comment')->where(array('post_id'=>$rid))->select();
$post = $model->where(array('user_id'=>$id,'id'=>$rid))->find();
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('model', $post);
$this->assign('comment',$comment);
$this->display();
}
public function comment()
{
if (!IS_POST) {
$this->error("非法请求");
}
if (IS_POST) {
$data = I();
$data['update_time'] = time();
$data['user_id'] = session('username');
$model = M("Comment");
if ($model->add($data)) {
$this->success("评论成功", U('post/index'));
} else {
$this->error("评论失败");
}
}
}
}

61
Application/User/Controller/RegController.class.php
View File

@@ -3,36 +3,21 @@ namespace User\Controller;
use Think\Controller;
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2017/02/02
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
* @Version 2.0
*/
class RegController extends Controller{
/**
* 用户列表
*/
public function index()
{
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->display();
}
//验证码
public function verify(){
ob_clean();
$Verify = new \Think\Verify();
$Verify->codeSet = '123456789abcdefghijklmnopqrst';
$Verify->fontSize = 20;
$Verify->length = 4;
$Verify->entry();
}
protected function check_verify($code){
$verify = new \Think\Verify();
return $verify->check($code);
$this->display();
}
/**
@@ -40,29 +25,35 @@ class RegController extends Controller{
*/
public function add()
{
//默认显示添加表单
if (!IS_POST) {
$this->display();
}
if (IS_POST) {
//如果用户提交数据
$data['salt'] = "";
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$data['salt'] = "";
$data['pid'] = "";
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$pchars = '0123456789';
for($num=0;$num<8;$num++)
{
$RandNum = rand(0,strlen($chars)-1);
$data['salt'] .= $chars[$RandNum];
}
}
for($num=0;$num<32;$num++)
{
$RandNum = rand(0,strlen($pchars)-1);
$data['pid'] .= $pchars[$RandNum];
}
$data['username'] = I('username');
$data['email']= I('email');
$data['password'] = I('password');
$repassword= I('repassword');
if(strlen($data['password']) < 8){ $this->error("为了保证帐户安全,请输入大于八位数的密码!");}
if($data['password'] != $repassword){ $this->error("两次密码不一致!");}
$code = I('verify','','strtolower');
//验证验证码是否正确
if(!($this->check_verify($code))){
$this->error('验证码错误');
}
@@ -77,10 +68,10 @@ class RegController extends Controller{
if ($model->where(array('email'=>$data['email']))->find()){
$this->error('邮箱重复');
}
if ($model->field('username,email,salt,password,create_at')->data($data)->add()) {
if ($model->field('username,email,pid,salt,password,create_at')->data($data)->add()) {
$user = $model->where(array('username'=>$data['username']))->find();
//更新登陆信息
$date =array(
'id' => $user['id'],
'update_at' => time(),
@@ -98,4 +89,18 @@ class RegController extends Controller{
}
}
}
//验证码
public function verify(){
ob_clean();
$Verify = new \Think\Verify();
$Verify->codeSet = '123456789abcdefghijklmnopqrst';
$Verify->fontSize = 20;
$Verify->length = 4;
$Verify->entry();
}
protected function check_verify($code){
$verify = new \Think\Verify();
return $verify->check($code);
}
}