bozhihouc/SRCMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SRCMS·轻响应 V1.8正式版

Browse Source 
修复:
1. 后台无法查看生成的工单
2. 前端页面JS远程资源失效问题
3.  前台用户密码修改设计缺陷(Issued By 藏形匿影)
优化:
1. 多处代码提升二次开发可读性
新增:
1. 安全工单模块中动态更新功能
This commit is contained in:
Martin Zhou
2016-12-03 21:42:04 +08:00
parent 3f830d2cee
commit 9cc8998300
48 changed files with 372 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Application/Admin/Controller/BaseController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/

8
Application/Admin/Controller/BlogController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/CategoryController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

37
Application/Admin/Controller/CheckController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class CheckController extends Controller
@@ -15,9 +15,34 @@ class CheckController extends Controller
* 临时查看漏洞报告
*/
public function view(){
$id = I('get.session_id',0,'intval');
$id = I('get.session_id',0,'number_int'); //seesion token防注入
$model = M('post')->where('session='.$id)->find();
$flow = M('wflow')->where('session='.$id)->select();
$this->assign('wflow',$flow);
$this->assign('model',$model);
$this->display();
$this->display();
}
/**
* 添加漏洞处理进展
*/
public function add()
{
//默认显示添加表单
if (!IS_POST) {
$this->display();
}
if (IS_POST) {
$model = D("wflow");
if (!$model->create()) {
$this->error($model->getError());
exit();
} else {
if ($model->add()) {
$this->success("添加成功", U('post/index'));
} else {
$this->error("添加失败", U('post/index'));
}
}
}
}
}

8
Application/Admin/Controller/HallController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/IndexController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class IndexController extends BaseController{

8
Application/Admin/Controller/InfoController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/LoginController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class LoginController extends Controller {

8
Application/Admin/Controller/ManagerController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/26
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.6
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/MemberController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/OrderController.class.php
View File

@@ -2,10 +2,10 @@
namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

8
Application/Admin/Controller/PageController.class.php
View File

@@ -2,10 +2,10 @@
namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

14
Application/Admin/Controller/PostController.class.php
View File

@@ -2,10 +2,10 @@
namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class PostController extends BaseController
@@ -130,10 +130,12 @@ class PostController extends BaseController
*/
public function session(){
$id = I('get.id',0,'intval');
$str = '!@#$%^&*abcdefghijklmnopqrstuvwxyz';
$session = md5($str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)]);
$str = '1234567890';
$session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)];
$visible = 1;
$model = M('post');
$model->session = $session;
$model->visible = $visible;
$result = $model->where('id='.$id)->save();
if($result){
$this->success("授权成功", U('Check/view?session_id='.$session));

8
Application/Admin/Controller/SettingController.class.php
View File

@@ -3,10 +3,10 @@ namespace Admin\Controller;
use Admin\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**

72
Application/Admin/View/Check/view.html
View File

@@ -4,13 +4,11 @@
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title>安全工单</title>
<meta name="generator" content="Bootply" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<!--防止外泄referer-->
<meta name="referrer" content="never">
<link href="__PUBLIC__/Home/css/bootstrap.min.css" rel="stylesheet">
<link href="__PUBLIC__/Home/index/carousel.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="__PUBLIC__/Home/css/styles.css" rel="stylesheet">
</head>
<body>
@@ -25,7 +23,7 @@
<span class="yaheiicon-bar"></span>
</button>
<a class="yahei navbar-brand" href="/dev/index.php?m=&c=index&a=index"><strong>安全应急响应中心</strong>
<span class="yahei navbar-brand-subtitle">安全工单</span>
<span class="yahei navbar-brand-subtitle">外部安全工单</span>
</a>
</div>
<div class="navbar-collapse collapse" id="navbar">
@@ -54,7 +52,7 @@
</pre>
</div>
<div class="row">
<p>#修复建议 / 修补期限:</span><span><if condition="$model.type eq 1"><span class="label label-success"></span>
<p><b><span>#修复建议</span></b><span> / 修补期限:</span><span><if condition="$model.type eq 1"><span class="label label-success"></span>
<elseif condition="$model.type eq 2" /><span class="label label-default">10天</span>
<elseif condition="$model.type eq 3" /><span class="label label-warning">3天</span>
<elseif condition="$model.type eq 4" /><span class="label label-danger">2天</span>
@@ -69,6 +67,53 @@
{$model.advise}
</pre>
</div>
<hr/>
<foreach name="wflow" item="v">
<div class="row">
<p><b><span>#处理进展</span></b><span> / </span><span>@{$v.time}</span><span> / </span><span>状态变更:<if condition="$v.type eq 1"><span class="label label-info">已确认</span>
<elseif condition="$v.type eq 2" /><span class="label label-default">已分配</span>
<elseif condition="$v.type eq 3" /><span class="label label-warning">处理中</span>
<elseif condition="$v.type eq 4" /><span class="label label-success">已结单</span>
</if><span> / 变动人:<span class="label label-default">{$v.userid}</span></p>
</div>
<div class="row">
<pre>
{$v.content|htmlspecialchars_decode|waf}
</pre>
</div>
</foreach>
<div class="row">
<form method="post" action="{:U('check/add')}">
<label for="post-content">添加处理进展</label>
<script id="post-content" name="content" type="text/plain"></script>
<br/>
<div class="form-group input-group input-group-sm">
<span class="input-group-addon">处理人:</span><input type="text" class="form-control" name="userid" id="userid" placeholder="请输入您的公司id"/>
</div>
<div class="form-group input-group input-group-sm">
<span class="input-group"><b>处理状态:</b></span>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="1" checked="checked" />已确认
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="2" />已分配
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="3" />处理中
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="4" />已结单
</label>
</div>
<div class="form-group input-group input-group-sm">
<input type="hidden" name="session" id="session" value="{$model.session}" />
</div>
<div class="form-group input-group input-group-sm">
<input type="hidden" name="time" id="time" value="<?php echo date('Y-m-d H:i:s',time());?>" />
</div>
<button type="submit" class="btn btn-default">提交</button>
</form>
</div>
<div class="row">
<hr/>
<p><b>注意事项:</b></p>
@@ -77,5 +122,20 @@
</div>
</div>
</div>
<!-- 配置文件 -->
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.config.js"></script>
<!-- 编辑器源码文件 -->
<script type="text/javascript" src="__PUBLIC__/ueditor/ueditor.all.js"></script>
<!-- 实例化编辑器 -->
<script type="text/javascript">
var ue = UE.getEditor('post-content',{
toolbars: [
['source', 'undo', 'redo','bold', 'italic', 'underline','fontborder', 'strikethrough', '|','simpleupload', 'insertimage','attachment','emotion','link','unlink', '|', 'removeformat', 'formatmatch', 'autotypeset', 'blockquote','searchreplace', 'pasteplain', '|', 'forecolor', 'backcolor', 'insertorderedlist', 'insertunorderedlist', 'selectall', 'cleardoc'],
['inserttable','insertrow', 'insertcol','mergeright', 'mergedown','deleterow', 'deletecol','splittorows','splittocols', 'splittocells','deletecaption','inserttitle', 'mergecells', 'deletetable','insertparagraphbeforetable', 'paragraph','fontsize','fontfamily']
],
initialFrameHeight:500,
zIndex:100
});
</script>
</body>
</html>

18
Application/Admin/View/Index/index.html
View File

@@ -7,6 +7,7 @@
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<span style="font-size:20px">您好!欢迎登陆应急响应中心管理后台</span>
<p>注意:请定期修改您的后台密码,保证安全性!</p>
<p>请您定期更新SRCMS以获取最新安全补丁和特性<a href="https://github.com/martinzhou2015/SRCMS" target="_blank">点击此处查看项目</a></p>
<!--<p>您可以进行以下操作:</p>
<ul>
<li>1.漏洞审核</li>
@@ -18,23 +19,6 @@
</div>
</div>
</div><!-- /.row -->
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>
<span><strong>最新版本:</strong></span>
<span id="version"></span>
</p>
<p><span><strong>发布日期:</strong></span>
<span id="date"></span>
</p>
<p>
<span><strong>更新简介:</strong></span>
<span id="des"></span>
</p>
<p>
<a href="https://github.com/martinzhou2015">立即下载</a>
</p>
</div>
<div class="row">
<div class="col-lg-3">
<div class="panel panel-info">

2
Application/Admin/View/Post/index.html
View File

@@ -43,7 +43,7 @@
<td>{$v.time|date="Y/m/d",###}</td>
<td>{$v.username}</td>
<td>{$v.category_title}</td>
<td><a href="{:U('post/update?id=')}{$v.id}">审核</a> | <a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> | <a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
<td><a href="{:U('post/update?id=')}{$v.id}">审核</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
</tr>
</foreach>
</tbody>

6
Application/Admin/View/Post/update.html
View File

@@ -28,12 +28,6 @@
<div class="form-group">
<label for="post-content">修复建议</label>
<input type="text" name="advise" class="form-control" value="{$post.advise}" id="post-title" placeholder="输入修复建议">
</div>
<div class="form-group">
<label>漏洞公开</label>
<label class="radio-inline">
<input type="radio" name="visible" id="visible" value="1" <if condition="$post.day eq 2">checked="checked"</if>>公开
</label>
</div>
<div class="form-group">
<label>修补限期</label>

2
Application/Admin/View/Public/sidebar.html
View File

@@ -31,6 +31,6 @@
</ul>
</li>
<li class="dropdown">
<a href="{:U('setting/index')}"><i class="fa fa-star"></i>系统设置</a>
<a href="{:U('setting/index')}"><i class="fa fa-star"></i> 系统设置</a>
</li>
</ul>

34
Application/Common/Conf/config.php
View File

@@ -1,25 +1,27 @@
<?php
return array(
//'配置项' =>'配置值'
'MODULE_ALLOW_LIST' => array('Home','Admin',),
//我们用了入口版定 所以下面这行可以注释掉
//'DEFAULT_MODULE' => 'Home', // 默认模块
//'SHOW_PAGE_TRACE' => flase,
'LOAD_EXT_CONFIG' => 'db',
'URL_CASE_INSENSITIVE' => true, //url不区分大小写
/**
URL不区分大小写
**/
'URL_CASE_INSENSITIVE' => true,
'URL_MODEL' =>0,
'URL_HTML_SUFFIX' =>'html',
//'DEFAULT_FILTER' => 'htmlspecialchars',
'SUPER_ADMIN_ID'=>1, //超级管理员id 删除用户的时候用这个禁止删除
'SHOW_ERROR_MSG' => true,
//用户注册默认信息
'DEFAULT_SCORE'=>100,
'MAIL_ADDRESS'=>'xxxx@126.com', // 此处填写邮箱地址
'MAIL_SMTP'=>'smtp.126.com', // 邮箱SMTP服务器
'MAIL_LOGINNAME'=>'xxxxx', // 邮箱登录帐号
'MAIL_PASSWORD'=>'xxxxx', // 邮箱密码
'MAIL_CHARSET'=>'UTF-8',//编码
'MAIL_AUTH'=>true,//邮箱认证
'MAIL_HTML'=>true,//true HTML格式 false TXT格式
/**
邮件服务配置
**/
'MAIL_ADDRESS'=>'xxxx@126.com', // 此处填写邮箱地址
'MAIL_SMTP'=>'smtp.126.com', // 邮箱SMTP服务器各家邮件服务提供商smtp服务器地址不同
'MAIL_LOGINNAME'=>'xxxxx', // 邮箱登录帐号
'MAIL_PASSWORD'=>'xxxxx', // 邮箱密码QQ邮箱登录密码不是QQ密码
'MAIL_CHARSET'=>'UTF-8', // 邮件字符编码
'MAIL_AUTH'=>true, // 邮箱认证
// true发送的邮件正文为HTML格式 false发送的邮件正文为TXT格式
'MAIL_HTML'=>true,
/**
站点全局开启http-only
**/
'COOKIE_HTTPONLY' => ''
);

28
Application/Home/Controller/BlogController.class.php
View File

@@ -1,10 +1,10 @@
<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
namespace Home\Controller;
@@ -13,32 +13,20 @@ use Think\Controller;
class BlogController extends Controller{
public function index($key="")
public function index()
{
if($key == ""){
$model = M('blog');
}else{
$where['title'] = array('like',"%$key%");
$where['name'] = array('like',"%$key%");
$where['_logic'] = 'or';
$model = M('blog')->where($where);
}
$count = $model->where($where)->count();// 查询满足要求的总记录数
$Page = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
$show = $Page->show();// 分页显示输出
$pages = $model->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
$model = M('blog');
$tmodel= M('setting');
$pages = $model->limit(15)->select();
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('model', $pages);
$this->assign('page',$show);
$this->display();
}
public function view(){
$id = I('get.id',0,'intval');
$id = I('get.id',0,'number_int');
$model = M('blog')->where('id='.$id)->find();
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();

8
Application/Home/Controller/GiftController.class.php
View File

@@ -1,10 +1,10 @@
<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
namespace Home\Controller;

21
Application/Home/Controller/HallController.class.php
View File

@@ -1,10 +1,10 @@
<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 13:59 2016/1/25
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
namespace Home\Controller;
@@ -15,13 +15,14 @@ class HallController extends Controller{
public function index()
{
$xuhao = 1;
$model = M('member');
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
$user = $model->order('jifen ASC')->where('type=1')->where('jifen>0')->select(); // fix bug issued by phith0n 13:59 2016/1/25
$xuhao = 1;
$model = M('member');
$tmodel= M('setting');
$title = $tmodel->where('id=1')->select();
// fix bug issued by phith0n 13:59 2016/1/25
$user = $model->order('jifen ASC')->where('type=1')->where('jifen>0')->select();
$this->assign('title', $title);
$this ->assign('xuhao',$xuhao);
$this ->assign('xuhao',$xuhao);
$this->assign('user',getSortedCategory($user));
$this->display();
}

8
Application/Home/Controller/IndexController.class.php
View File

@@ -1,10 +1,10 @@
<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
namespace Home\Controller;

26
Application/Home/Controller/PageController.class.php
View File

@@ -1,10 +1,10 @@
<?php
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
namespace Home\Controller;
@@ -13,26 +13,14 @@ use Think\Controller;
class PageController extends Controller{
public function index($key="")
public function index()
{
if($key == ""){
$model = M('page');
}else{
$where['title'] = array('like',"%$key%");
$where['name'] = array('like',"%$key%");
$where['_logic'] = 'or';
$model = M('page')->where($where);
}
$count = $model->where($where)->count();// 查询满足要求的总记录数
$Page = new \Extend\Page($count,15);// 实例化分页类 传入总记录数和每页显示的记录数(25)
$show = $Page->show();// 分页显示输出
$pages = $model->limit($Page->firstRow.','.$Page->listRows)->where($where)->order('id DESC')->select();
$model = M('page');
$tmodel= M('setting');
$pages = $model->limit(15)->select();
$title = $tmodel->where('id=1')->select();
$this->assign('title', $title);
$this->assign('model', $pages);
$this->assign('page',$show);
$this->display();
}

16
Application/Home/View/Blog/index.html
View File

@@ -31,7 +31,6 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li class="active"><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -59,19 +58,6 @@
</div>
</div>
</div>
<!--分页
<div class="row" align="center">
<ul class="pagination pagination-lg">
<li><a href="#">&laquo;</a></li>
<li><a href="#">1</a></li>
<li class="disabled"><a href="#" >2</a></li>
<li class="disabled"><a href="#">3</a></li>
<li class="disabled"><a href="#">4</a></li>
<li class="disabled"><a href="#">5</a></li>
<li class="disabled"><a href="#">&raquo;</a></li>
</ul>
</div>-->
<footer class="footer">
<div class="container marketing yahei">
<p class="pull-right"><a href="{:U('index/index')}">Back to top</a></p>
@@ -80,7 +66,7 @@
</footer>
<!-- script references -->
<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
<script src="__PUBLIC__/Home/js/scripts.js"></script>
</body>

10
Application/Home/View/Blog/view.html
View File

@@ -7,9 +7,6 @@
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href="__PUBLIC__/Home/css/bootstrap.min.css" rel="stylesheet">
<link href="__PUBLIC__/Home/index/carousel.css" rel="stylesheet">
<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="__PUBLIC__/Home/css/styles.css" rel="stylesheet">
</head>
<body>
@@ -30,13 +27,12 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li class="active"><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
</div>
</div><!--/.navbar-collapse -->
</div>
</div>
</nav>
@@ -54,7 +50,7 @@
</div>
<div class="row">
<hr/>
<a class="btn btn-primary" href="{:U('page/index')}">返回列表</a>
<a class="btn btn-primary" href="{:U('blog/index')}">返回列表</a>
</div>
</div>
</div>
@@ -68,7 +64,7 @@
</footer>
<!-- script references -->
<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
<script src="__PUBLIC__/Home/js/scripts.js"></script>
</body>

5
Application/Home/View/Gift/index.html
View File

@@ -30,7 +30,6 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -53,8 +52,6 @@
<foreach name="gift" item="v">
<li class="panel panel-default" style="width:190px;height:150px;margin:5px 5px 5px 5px;text-align:center;"><br/><img src="{$v.url}" style="width:100px;height:100px;"/><br/>{$v.title}<br/></li>
</foreach>
<!--<li class="panel panel-default" style="width:200px;height:180px;text-align:center;"><br/><img src="__PUBLIC__/Home/pic/iphone.jpg" style="width:100px;height:100px;"/><br/>iPhone6<br/><button class="btn btn-default text-align" >兑换</button></li>
<li class="panel panel-default" style="width:200px;height:180px;text-align:center;"><br/><img src="__PUBLIC__/Home/pic/iphone.jpg" style="width:100px;height:100px;"/><br/>iPhone6<br/><button class="btn btn-default text-align" >兑换</button></li>-->
</ul>
</div>
</div>
@@ -67,7 +64,7 @@
</footer>
<!-- script references -->
<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
<script src="__PUBLIC__/Home/js/scripts.js"></script>
</body>

14
Application/Home/View/Hall/index.html
View File

@@ -46,24 +46,10 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li class="active"><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
<!--<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Dropdown <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Action</a></li>
<li><a href="#">Another action</a></li>
<li><a href="#">Something else here</a></li>
<li role="separator" class="divider"></li>
<li class="dropdown-header">Nav header</li>
<li><a href="#">Separated link</a></li>
<li><a href="#">One more separated link</a></li>
</ul>
</li>
</ul>-->
</div>
</div><!--/.navbar-collapse -->
</div>

1
Application/Home/View/Index/index.html
View File

@@ -45,7 +45,6 @@
<ul class="yahei nav navbar-nav">
<li class="yahei active"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>

28
Application/Home/View/Page/index.html
View File

@@ -31,24 +31,10 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li class="active"><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
<li><a class="yahei" href="{:U('gift/index')}">礼品库</a></li>
<!--<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Dropdown <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Action</a></li>
<li><a href="#">Another action</a></li>
<li><a href="#">Something else here</a></li>
<li role="separator" class="divider"></li>
<li class="dropdown-header">Nav header</li>
<li><a href="#">Separated link</a></li>
<li><a href="#">One more separated link</a></li>
</ul>
</li>
</ul>-->
</div>
</div><!--/.navbar-collapse -->
</div>
@@ -71,7 +57,17 @@
</div>
</div>
</div>
<!--<div class="row" align="center">
<ul class="pagination pagination-lg">
<li><a href="#">&laquo;</a></li>
<li><a href="#">1</a></li>
<li class="disabled"><a href="#" >2</a></li>
<li class="disabled"><a href="#">3</a></li>
<li class="disabled"><a href="#">4</a></li>
<li class="disabled"><a href="#">5</a></li>
<li class="disabled"><a href="#">&raquo;</a></li>
</ul>
</div>-->
<footer class="footer">
<div class="container marketing yahei">
<p class="pull-right"><a href="{:U('index/index')}">返回顶部</a></p>
@@ -81,7 +77,7 @@
<!-- script references -->
<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
<script src="__PUBLIC__/Home/js/scripts.js"></script>
</body>

3
Application/Home/View/Page/view.html
View File

@@ -31,7 +31,6 @@
<ul class="yahei nav navbar-nav">
<li class="yahei"><a href="{:U('index/index')}">首页</a></li>
<li><a class="yahei" href="__ROOT__/user.php">漏洞提交</a></li>
<li><a class="yahei" href="{:U('post/index')}">漏洞公开</a></li>
<li class="active"><a class="yahei" href="{:U('page/index')}">安全公告</a></li>
<li><a class="yahei" href="{:U('blog/index')}">研究博客</a></li>
<li><a class="yahei" href="{:U('hall/index')}">贡献榜</a></li>
@@ -70,7 +69,7 @@
</footer>
<!-- script references -->
<script src="//2.srcmsdemo.sinaapp.com/jquery.min.js"></script>
<script src="__PUBLIC__/Home/index/jquery.min.js"></script>
<script src="__PUBLIC__/Home/js/bootstrap.min.js"></script>
<script src="__PUBLIC__/Home/js/scripts.js"></script>
</body>

8
Application/User/Controller/BaseController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class BaseController extends Controller {

32
Application/User/Controller/ChangeController.class.php
View File

@@ -3,17 +3,16 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class ChangeController extends BaseController{
/**
* 显示更改密码页面
* @return [type] [description]
*/
public function index()
{
@@ -32,28 +31,33 @@ class ChangeController extends BaseController{
if(!IS_POST)$this->error("非法请求");
$member = M('member');
$id = session('userId');
$oldpassword =I('post.oldpassword','','md5');
$password =I('post.password','','md5');
$username = session('username');
$oldpassword = I('post.oldpassword','','md5');
$password = I('post.password','','md5');
//获取salt
$salt = $member->where(array('id'=>$id,'username'=>$username))->find();
$s_oldpassword = md5(md5(md5($salt['salt']).$oldpassword."SR")."CMS");
//验证原密码
$user = $member->where(array('id'=>$id,'password'=>$oldpassword))->find();
$user = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->find();
if(!$user) {
$this->error('邮箱不存在 :(') ;
$this->error('旧密码校验失败 :(') ;
}
//验证账户是否管理员
//验证账户是否管理员,管理员无法在前台修改密码
if($user['type'] == 2){
$this->error('前台无法修改管理员密码 :(') ;
}
$member-> password=$password;
$result = $member->where(array('id'=>$id,'password'=>$oldpassword))->save();
$s_password = md5(md5(md5($salt['salt']).$password."SR")."CMS");
$member-> password=$s_password;
$result = $member->where(array('id'=>$id,'password'=>$s_oldpassword))->save();
if($result){
$this->success("修改成功",U('login/logout'));
}else{
$this->error('修改失败 :(') ;
$this->error('修改失败,请重试 :(',U('change/index')) ;
}
}
}

11
Application/User/Controller/ForgetController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class ForgetController extends Controller {
@@ -43,6 +43,7 @@ class ForgetController extends Controller {
}
//验证输入邮箱是否存在
$user = $member->where(array('username'=>$username,'email'=>$email))->find();
$salt = $member->where(array('email'=>$email,'username'=>$username))->find();
if(!$user) {
$this->error('邮箱不存在 :(') ;
@@ -60,7 +61,7 @@ class ForgetController extends Controller {
import('ORG.Net.Mail');
$str = '1234567890abcdefghijklmnopqrstuvwxyz';
$passwd=$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)].$str[rand(0,35)];
$content = md5($passwd);
$content = md5(md5(md5($salt['salt']).md5($passwd)."SR")."CMS");
$member = M('member');
$member-> password=$content;
$member ->where(array('username'=>$username,'email'=>$email))->save();

8
Application/User/Controller/GiftController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class GiftController extends BaseController{

8
Application/User/Controller/IndexController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class IndexController extends BaseController {

8
Application/User/Controller/InfoController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:21 2016/1/26
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.6
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class InfoController extends BaseController{

8
Application/User/Controller/LoginController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class LoginController extends Controller {

8
Application/User/Controller/PostController.class.php
View File

@@ -3,10 +3,10 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 12:28 2016/1/23
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.5
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
class PostController extends BaseController

15
Application/User/Controller/RegController.class.php
View File

@@ -3,20 +3,15 @@ namespace User\Controller;
use Think\Controller;
/**
* @author Zhou Yuyang <1009465756@qq.com> 11:28 2016/1/26
* @copyright 2105-2018 SRCMS
* @homepage http://www.src.pw
* @version 1.6
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
/**
* 注册页面
*/
class RegController extends Controller{
/**
* 用户列表
* @return [type] [description]
*/
public function index()
{
@@ -41,7 +36,7 @@ class RegController extends Controller{
}
/**
* 添加用户
* 用户注册
*/
public function add()
{

2
Application/User/View/Change/index.html
View File

@@ -10,7 +10,7 @@
<form action="{:U('change/change')}" method="post">
<div class="form-group">
<label>旧密码</label>
<input class="form-control" type="text" name="oldpassword" placeholder="请输入旧密码">
<input class="form-control" type="password" name="oldpassword" placeholder="请输入旧密码">
</div>
<div class="form-group">
<label>密码</label>

7
Application/User/View/Public/header.html
View File

@@ -36,17 +36,12 @@
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><?php echo session('username')?><span class="caret"></span></a>
<ul class="dropdown-menu">
<!--<li><a href="#">Action</a></li>
<li><a href="#">更改密码</a></li>
<li><a href="#">Something else here</a></li>
<li role="separator" class="divider"></li>
<li class="dropdown-header">Nav header</li>-->
<li><a href="{:U('change/index')}">更改密码</a></li>
<li><a href="{:U('login/logout')}">退出登录</a></li>
</ul>
</li>
</ul>
</div>
</div><!--/.navbar-collapse -->
</div>
</div>
</nav>

54
DB/srcms.sql
View File

@@ -3,7 +3,7 @@
-- http://www.phpmyadmin.net
--
-- 主机: localhost
-- 生成日期: 2016 年 12 月 0212:16
-- 生成日期: 2016 年 12 月 0321:32
-- 服务器版本: 5.5.40
-- PHP 版本: 5.3.29
@@ -145,10 +145,10 @@ CREATE TABLE IF NOT EXISTS `links` (
--
INSERT INTO `links` (`id`, `title`, `url`, `sort`) VALUES
(1, 'iPhone6', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
(2, 'iPhone6 Plus', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
(3, 'MacBook', 'http://1.srcms.applinzi.com/iphone.jpg', 100),
(4, 'MacBook Air', 'http://1.srcms.applinzi.com/iphone.jpg', 100);
(1, 'iPhone6', './public/Home/images/iphone.jpg', 100),
(2, 'iPhone6 Plus', './public/Home/images/iphone.jpg', 100),
(3, 'Macbook', './public/Home/images/iphone.jpg', 100),
(4, 'MacBook Air', './public/Home/images/iphone.jpg', 100);
-- --------------------------------------------------------
@@ -172,7 +172,7 @@ CREATE TABLE IF NOT EXISTS `manager` (
--
INSERT INTO `manager` (`id`, `username`, `email`, `password`, `login_ip`, `create_at`, `update_at`) VALUES
(1, 'admin', '100946575@qq.com', '21232f297a57a5a743894a0e4a801fc3', '0.0.0.0', '1453778451', '1480648405');
(1, 'admin', '100946575@qq.com', '21232f297a57a5a743894a0e4a801fc3', '0.0.0.0', '1453778451', '1480752301');
-- --------------------------------------------------------
@@ -196,7 +196,14 @@ CREATE TABLE IF NOT EXISTS `member` (
PRIMARY KEY (`id`),
KEY `username` (`username`) USING BTREE,
KEY `password` (`password`) USING BTREE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
--
-- 转存表中的数据 `member`
--
INSERT INTO `member` (`id`, `username`, `email`, `salt`, `password`, `avatar`, `create_at`, `update_at`, `login_ip`, `status`, `type`, `jifen`) VALUES
(1, 'user', '1@qq.com', 'pGFhwRqX', 'f3fa525a696371c3db889bf5cec6d1d2', NULL, '1480658200', '1480766843', '0.0.0.0', 1, 1, 0);
-- --------------------------------------------------------
@@ -254,7 +261,7 @@ INSERT INTO `page` (`id`, `title`, `name`, `content`) VALUES
CREATE TABLE IF NOT EXISTS `post` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`session` varchar(15) NOT NULL,
`session` varchar(255) NOT NULL,
`title` varchar(255) DEFAULT NULL,
`content` text,
`advise` varchar(255) NOT NULL,
@@ -268,16 +275,14 @@ CREATE TABLE IF NOT EXISTS `post` (
PRIMARY KEY (`id`),
KEY `cate_id` (`cate_id`),
KEY `user_id` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
--
-- 转存表中的数据 `post`
--
INSERT INTO `post` (`id`, `session`, `title`, `content`, `advise`, `time`, `day`, `cate_id`, `user_id`, `rank`, `type`, `visible`) VALUES
(1, '4a5e3249c99651c', '漏洞漏洞', '&lt;p&gt;漏洞啊&lt;/p&gt;', '修补啊', '1453799758', 3, 6, 1, 4, 1, 1),
(2, '43eb5b1522075c3', '漏洞2', '&lt;p&gt;漏洞2&lt;/p&gt;', '', '1454464294', 1, 6, 1, 4, 1, 0),
(3, '44070a764435658', '漏洞3', '&lt;p&gt;漏洞3&lt;br/&gt;&lt;/p&gt;', '', '1454474524', 0, 13, 1, 0, 1, 0);
(1, '4260545457986537762', '测试', '&lt;p&gt;测试&lt;/p&gt;', '', '1480684856', 0, 2, 1, 0, 1, 1);
-- --------------------------------------------------------
@@ -305,6 +310,31 @@ INSERT INTO `setting` (`id`, `key`, `value`, `description`) VALUES
(4, 'site-tongji', '&lt;script&gt; console.log(&quot;统计代码&quot;)&lt;/script&gt;', '统计代码'),
(5, 'site-introduce', '<p >华软安全应急响应中心HR Security Response Center是轻响应致力于维护华软内网健康生态环境保障内务产品和网络的信息安全促进同学们的合作与交流而建立的漏洞收集及应急响应平台。本平台收集华软产品线及业务上存在的安全漏洞同时我们也希望借此平台加强同学们的网络安全意识共同打造简单可信赖的华软内网健康生态。</p>', '站点介绍');
-- --------------------------------------------------------
--
-- 表的结构 `wflow`
--
CREATE TABLE IF NOT EXISTS `wflow` (
`id` int(255) NOT NULL AUTO_INCREMENT,
`session` varchar(255) CHARACTER SET gbk NOT NULL,
`type` varchar(255) CHARACTER SET gbk NOT NULL,
`content` varchar(255) CHARACTER SET gbk NOT NULL,
`time` varchar(255) CHARACTER SET gbk NOT NULL,
`rank` int(11) NOT NULL,
`userid` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`),
KEY `id` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
--
-- 转存表中的数据 `wflow`
--
INSERT INTO `wflow` (`id`, `session`, `type`, `content`, `time`, `rank`, `userid`) VALUES
(1, '4260545457986537762', '3', '&lt;p&gt;收到,正在处理。&lt;/p&gt;', '2016-12-03 19:42:03', 0, 'martin');
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

36
README.md
View File

@@ -1,13 +1,20 @@
# 欢迎使用SRCMS·轻响应框架 V1.6正式版
**SRCMS**是专门为中小企业和互联网产品创业团队打造的应急响应中心网站建站框架。有了它,如今你可以像使用办公软件一样容易,为你的企业建立起美观完备的安全应急响应中心
# 欢迎使用SRCMS·轻响应框架 V1.8正式版
**SRCMS**是专门为中小企业和互联网产品创业团队打造的应急响应中心网站建站框架。有了它,如今你可以像使用办公软件一样容易,为你的企业建立起美观完备的安全应急响应中心
> * **项目维护:** Martin Zhou
> * **E-Mail**:1009465756@qq.com
> * **官网:** http://www.src.pw
> * **开发帮助文档:** http://t.cn/RbRirJt
> * **QQ交流群**132108046
> * **最后更新日期:**2016-12-03
---
##框架首次运行配置说明
##免责说明
SRCMS仅为建站软件任何使用本建站程序搭建的网站其运营的内容所产生的纠纷与本项目无关。
---
##开源贡献说明
本项目欢迎所有Github开源社区的同学贡献改进代码让我们一起将SRCMS做的越来越好
---
##框架首次运行配置说明(!第一次使用前请您仔细阅读以下内容!):
在进行下面的步骤之前请您确保本地或服务器有运行PHP程序的环境推荐环境:Apache+PHP5.0及以上[暂不能完美兼容PHP7]+MySQL接下来您需要
* 第一步通过Github代码托管页面将项目源代码下载
@@ -20,10 +27,23 @@
* 第五步:打开./Application/Admin/Controller/LoginController.class.php,修改第59行sendMail方法内初始值1009465756@qq.com为您自己的安全邮箱。配置完成后每次管理员登陆后台该邮箱都将会接收到登陆日志。
* 配置完成基础配置全部完成下面您就可以通过在浏览器内输入相应地址体验SRCMS轻响应了。
* 配置完成基础配置全部完成下面您就可以通过在浏览器内输入相应地址体验SRCMS轻响应了。后台默认管理帐号为admin/amdin。
---
##版本更新日志
#####2016-12-03建议等级推荐更新
* **修复** 后台无法查看生成的工单
* **修复** 前端页面JS远程资源失效问题
* **修复** 前台用户密码修改设计缺陷Issued By 藏形匿影)
* **优化** 多处代码提升二次开发可读性
* **新增** 安全工单模块中动态更新功能
#####2016-12-02建议等级推荐更新
* **修复** 一处前台越权漏洞
* **修复** 前台验证码刷新无效问题
* **修复** 后台用户管理逻辑缺陷
* **新增** 用户密码存储加盐Issued By 华软HRCMS团队
#####2016-01-26
* **修复** 三处严重的前台个人中心安全问题(Issued By phithon)
* **修复** 富文本过滤不严格的问题(Issued By mramydnei)
@@ -54,7 +74,7 @@
---
##框架BUG提交说明
如果您在使用本框架或是二次开发中发现任何SRCMS的问题都欢迎通过Github将问题issue给我
如果您在使用本框架或是二次开发中发现任何SRCMS的问题都欢迎通过Github将问题issue给我
---
##二次开发帮助说明

15
admin.php
View File

@@ -1,13 +1,10 @@
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
// 应用入口文件

15
index.php
View File

@@ -1,13 +1,10 @@
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
// 应用入口文件

17
user.php
View File

@@ -1,13 +1,10 @@
<?php
// +----------------------------------------------------------------------
// | ThinkPHP [ WE CAN DO IT JUST THINK ]
// +----------------------------------------------------------------------
// | Copyright (c) 2006-2014 http://thinkphp.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: liu21st <liu21st@gmail.com>
// +----------------------------------------------------------------------
/**
* @Author: Zhou Yuyang <1009465756@qq.com> 10:28 2016/12/03
* @Copyright 2015-2020 SISMO
* @Project homepage https://github.com/CNSISMO
* @Version 1.8
*/
// 应用入口文件
@@ -20,7 +17,7 @@ if(version_compare(PHP_VERSION,'5.3.0','<')) die('require PHP > 5.3.0 !');
define('BIND_MODULE','User');
// 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
define('APP_DEBUG',False);
define('APP_DEBUG',True);
// 定义应用目录
define('APP_PATH','./Application/');