SRCMS V2.2 开发版
[新增] 审核后台单个漏洞报告导出 [新增] 审核后台全部漏洞报告导出为报表 [修复] Ueditor上传路径错误导致的文件上传失败问题 [修复] 用户个人中心礼品无法兑换的问题 [修复] 前台安全应急响应中心名称动态不显示的问题 [修复] 跳转页面LOGO不显示的问题
This commit is contained in:
Martin Zhou
@@ -12,9 +12,24 @@ use Think\Controller;
|
||||
|
||||
class CheckController extends Controller
|
||||
{
|
||||
/**
|
||||
* 导出漏洞报告
|
||||
*/
|
||||
public function view(){
|
||||
$id = I('get.session_id');
|
||||
$model = M('post')->where('visible=1')->where(array('session'=>$id))->find();
|
||||
$arr['id']= $model['id'];
|
||||
$arr['title']= $model['title'];
|
||||
$arr['content']= $model['content'];
|
||||
$arr['advise']= $model['advise'];
|
||||
$arr['time']= $model['time'];
|
||||
$arr['type']= $model['type'];
|
||||
$this->ajaxReturn ($arr,'JSON');
|
||||
}
|
||||
|
||||
/**
|
||||
* 临时查看漏洞报告
|
||||
*/
|
||||
|
||||
public function view(){
|
||||
$id = I('get.session_id',0,'number_int'); //seesion token防注入
|
||||
$model = M('post')->where('session='.$id)->find();
|
||||
@@ -23,9 +38,12 @@ class CheckController extends Controller
|
||||
$this->assign('model',$model);
|
||||
$this->display();
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 添加漏洞处理进展
|
||||
*/
|
||||
public function add()
|
||||
{
|
||||
//默认显示添加表单
|
||||
@@ -46,4 +64,5 @@ class CheckController extends Controller
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
@@ -115,13 +115,21 @@ class MemberController extends BaseController
|
||||
}
|
||||
/**
|
||||
* 删除用户
|
||||
* @param [type] $id [管理员ID]
|
||||
*/
|
||||
public function delete()
|
||||
{
|
||||
$id = I('get.id',0,'intval');
|
||||
$model = M('member');
|
||||
if($model->where('id='.$id)->delete()){
|
||||
$data['username'] = '[已删除]';
|
||||
$data['realname'] = '[已删除]';
|
||||
$data['email'] = '0';
|
||||
$data['salt'] = '0';
|
||||
$data['passwd'] = '0';
|
||||
$data['team'] = '[已删除]';
|
||||
$data['description'] = '[已删除]';
|
||||
$data['website'] = '[已删除]';
|
||||
$data['status'] = 1;
|
||||
if($model->where('id='.$id)->save($data)){
|
||||
$this->success("用户删除成功", U('member/index'));
|
||||
}else{
|
||||
$this->error("用户删除失败");
|
||||
|
||||
@@ -178,23 +178,63 @@ class PostController extends BaseController
|
||||
|
||||
/**
|
||||
* 生成session key
|
||||
**/
|
||||
|
||||
public function session(){
|
||||
$id = I('get.id',0,'intval');
|
||||
$str = '1234567890';
|
||||
$session = $str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)].$str[rand(0,10)];
|
||||
public function session(){
|
||||
$id = I('get.id');
|
||||
$str = '1234567890abcdefg';
|
||||
$session = $str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)].$str[rand(0,17)];
|
||||
$visible = 1;
|
||||
$model = M('post');
|
||||
$model->session = $session;
|
||||
$model->visible = $visible;
|
||||
$result = $model->where('id='.$id)->save();
|
||||
$result = $model->where(array('id'=>$id))->save();
|
||||
if($result){
|
||||
$this->success("授权成功", U('Check/view?session_id='.$session));
|
||||
$this->success("授权成功", U('post/index'));
|
||||
}else{
|
||||
$this->error("授权失败");
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* 取消导出
|
||||
**/
|
||||
|
||||
public function cancel(){
|
||||
$id = I('get.id');
|
||||
$visible = 0;
|
||||
$model = M('post');
|
||||
$model->visible = $visible;
|
||||
$result = $model->where(array('id'=>$id))->save();
|
||||
if($result){
|
||||
$this->success("取消成功", U('post/index'));
|
||||
}else{
|
||||
$this->error("取消失败");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 导出全部
|
||||
**/
|
||||
|
||||
public function portall(){
|
||||
$model = M('post')->field('id,title,content,advise,time,day,bounty')->limit(100)->select();
|
||||
set_time_limit(0);
|
||||
ini_set('memory_limit', '512M');
|
||||
$output = fopen('php://output', 'w') or die("can't open php://output");
|
||||
$filename = "安全应急响应中心外部漏洞报告统计表" . date('Y-m-d', time());
|
||||
header("Content-Type: application/csv");
|
||||
header("Content-Disposition: attachment; filename=$filename.csv");
|
||||
$table_head = array('报告编号','报告名称','报告内容', '修复建议','提交时间','修补期限','漏洞奖励');
|
||||
fputcsv($output, $table_head);
|
||||
foreach ($model as $e) {
|
||||
fputcsv($output, array_values($e));
|
||||
}
|
||||
fclose($output) or die("can't close php://output");
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
添加报告评论
|
||||
|
||||
@@ -15,6 +15,16 @@
|
||||
<li><a href="{:U('post/index?key=3')}">已确认</a></li>
|
||||
<li><a href="{:U('post/index?key=4')}">已修复</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="btn-group">
|
||||
<button type="button" class="btn btn-primary" style="margin : 2px 0px 5px 0px;">高级功能</button>
|
||||
<button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" style="margin : 2px 0px 5px 0px;">
|
||||
<span class="caret"></span>
|
||||
<span class="sr-only">切换下拉菜单</span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
<li><a href="{:U('post/portall')}">导出全部</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</ul>
|
||||
</div>
|
||||
@@ -57,7 +67,7 @@
|
||||
<td data-title="提交时间">{$v.time|date="Y/m/d",###}</td>
|
||||
<td data-title="提交者">{$v.username}</td>
|
||||
<td data-title="分类">{$v.category_title}</td>
|
||||
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> <!--| <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">生成工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a></if>--> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
|
||||
<td data-title="操作"><a href="{:U('post/review?id=')}{$v.id}">审核</a> | <a href="{:U('post/update?id=')}{$v.id}">编辑</a> | <if condition="$v.visible eq 0"><a href="{:U('post/session?id=')}{$v.id}" target="_Blank">导出工单</a> <elseif condition="$v.visible eq 1" /><a href="{:U('check/view?session_id=')}{$v.session}" target="_Blank">查看工单</a> | <a href="{:U('post/cancel?id=')}{$v.id}" target="_Blank">取消导出</a> </if> | <a href="{:U('post/delete?id=')}{$v.id}" style="color:red;" onclick="javascript:return del('您真的确定要删除吗?\n\n删除后将不能恢复!');">删除</a></td>
|
||||
</tr>
|
||||
</foreach>
|
||||
</tbody>
|
||||
|
||||
@@ -32,6 +32,9 @@ class HallController extends Controller{
|
||||
$pid = I('get.pid',0,'number_int');
|
||||
$model = M('member');
|
||||
$report = M('post');
|
||||
$tmodel= M('setting');
|
||||
$settings = $tmodel -> where('id=1') -> select();
|
||||
$this->assign('settings', $settings);
|
||||
$user = $model -> where(array('pid'=>$pid)) -> select();
|
||||
$uid = $user[0]['id'];
|
||||
if ($uid != null){
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<meta charset="utf-8"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
||||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
|
||||
<title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
|
||||
<meta name="keywords" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心" />
|
||||
<meta name="description" content="<foreach name='settings' item='s'> {$s.key2} </foreach>安全应急响应中心">
|
||||
<meta name="author" content="srcms.xyz">
|
||||
@@ -43,7 +43,7 @@
|
||||
<span class="yahei icon-bar"></span>
|
||||
<span class="yaheiicon-bar"></span>
|
||||
</button>
|
||||
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong>
|
||||
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
|
||||
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<meta charset="utf-8"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
||||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<title>{$model.title} - <foreach name="settings" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
|
||||
<title>{$model.title} - <foreach name="title" item="s"> {$s.key2} </foreach>安全应急响应中心</title>
|
||||
<meta name="keywords" content="Google Inc.安全应急响应中心" />
|
||||
<meta name="description" content="Google Inc.安全应急响应中心">
|
||||
<meta name="author" content="srcms.xyz">
|
||||
@@ -43,7 +43,7 @@
|
||||
<span class="yahei icon-bar"></span>
|
||||
<span class="yaheiicon-bar"></span>
|
||||
</button>
|
||||
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="settings" item="s"> {$s.key2} </foreach></strong>
|
||||
<a class="yahei navbar-brand" href="{:U('index/index')}"><strong><foreach name="title" item="s"> {$s.key2} </foreach></strong>
|
||||
<span class="yahei" style=" font-size: 12px;padding: 2px 6px;border: 1px solid;border-radius: 4px;vertical-align: 4px; ">安全应急响应中心</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@@ -82,7 +82,10 @@ class GiftController extends BaseController{
|
||||
$record_result = $record -> add($rdata);
|
||||
|
||||
$token = $data['token'];
|
||||
if($token != $user['token']){$this->error("非法请求");}
|
||||
if($token != $user['token']){
|
||||
$this->error("非法请求");
|
||||
}
|
||||
|
||||
|
||||
$result = M('member')->where('id='.$id)->setDec('jinbi',$gift['price']);
|
||||
if ($model->field('userid,username,gid,tel,alipay,realname,address,zipcode,price,update_time')->add($data)) {
|
||||
|
||||
@@ -66,7 +66,7 @@ class LoginController extends Controller {
|
||||
'id' => $user['id'],
|
||||
'update_at' => time(),
|
||||
'login_ip' => get_client_ip(),
|
||||
'token' => $token,
|
||||
'token' => $token //2017-07-02 fix bug: token can't be inserted into databease.
|
||||
);
|
||||
//登陆成功
|
||||
if($member->save($data)){
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
"imageCompressBorder": 1600, /* 图片压缩最长边限制 */
|
||||
"imageInsertAlign": "none", /* 插入的图片浮动方式 */
|
||||
"imageUrlPrefix": "", /* 图片访问路径前缀 */
|
||||
"imagePathFormat": "../../Temp/{yyyy}{mm}{dd}/{time}{rand:6}", /* 上传保存路径,可以自定义保存路径和文件名格式 */
|
||||
"imagePathFormat": "/ueditor/php/upload/image/{yyyy}{mm}{dd}/{time}{rand:6}", /* 上传保存路径,可以自定义保存路径和文件名格式 */
|
||||
/* {filename} 会替换成原文件名,配置这项需要注意中文乱码问题 */
|
||||
/* {rand:6} 会替换成随机数,后面的数字是随机数的位数 */
|
||||
/* {time} 会替换成时间戳 */
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@@ -15,7 +15,7 @@ if(version_compare(PHP_VERSION,'5.3.0','<')) die('require PHP > 5.3.0 !');
|
||||
define('BIND_MODULE','Admin');
|
||||
|
||||
// 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
|
||||
define('APP_DEBUG',False);
|
||||
define('APP_DEBUG',True);
|
||||
|
||||
// 定义应用目录
|
||||
define('APP_PATH','./Application/');
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
# robots.txt for SRCMS V2 Community Version
|
||||
# robots.txt for SRCMS V2.2 Community Version
|
||||
#
|
||||
|
||||
User-agent: *
|
||||
|
||||
Reference in New Issue
Block a user