diff --git a/admin/add_registration.php b/admin/add_registration.php index ca719a6..21e7b86 100644 --- a/admin/add_registration.php +++ b/admin/add_registration.php @@ -1,416 +1,425 @@ -getMessage()); - } -} - -// 连接数据库 -$pdo = getDatabaseConnection(); - -// 从数据库获取网站信息 -$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); -$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); - -// 如果找不到网站信息,使用配置文件中的默认值 -if (!$siteInfo) { - $siteInfo = [ - 'name' => $config['site_name'] ?? '二次元网站备案系统', - 'description' => $config['site_description'] ?? '管理和审核网站备案申请' - ]; -} - -// 处理表单提交 -$success = ''; -$errors = []; -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - // 验证表单数据 - $data = []; - - // 验证网站名称 - if (empty($_POST['website_name'])) { - $errors[] = '网站名称不能为空'; - } else { - $data['website_name'] = trim($_POST['website_name']); - } - - // 验证网站类型 - if (empty($_POST['website_category'])) { - $errors[] = '请选择网站类型'; - } else { - $data['website_category'] = $_POST['website_category']; - } - - // 验证网站负责人 - if (empty($_POST['contact_person'])) { - $errors[] = '网站负责人不能为空'; - } else { - $data['contact_person'] = trim($_POST['contact_person']); - } - - // 验证联系电话 - if (empty($_POST['contact_phone'])) { - $errors[] = '联系电话不能为空'; - } else { - $data['contact_phone'] = trim($_POST['contact_phone']); - } - - // 验证联系邮箱 - if (empty($_POST['contact_email'])) { - $errors[] = '联系邮箱不能为空'; - } elseif (!filter_var($_POST['contact_email'], FILTER_VALIDATE_EMAIL)) { - $errors[] = '请输入有效的邮箱地址'; - } else { - $data['contact_email'] = trim($_POST['contact_email']); - } - - // 验证网站地址 - if (empty($_POST['website_url'])) { - $errors[] = '网站地址不能为空'; - } else { - // 移除可能的http://或https://前缀 - $website = trim($_POST['website_url']); - $website = preg_replace('#^https?://#', '', $website); - $data['website_url'] = $website; - } - - // 验证网站描述 - if (empty($_POST['website_description'])) { - $errors[] = '网站描述不能为空'; - } else { - $data['website_description'] = trim($_POST['website_description']); - } - - // 验证状态 - if (empty($_POST['status'])) { - $errors[] = '请选择状态'; - } else { - $data['status'] = $_POST['status']; - } - - // 如果没有错误,保存数据 - if (empty($errors)) { - // 生成唯一备案编号 (ICP-年月日-6位ID) - // 生成8位数字备案编号 - $data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); - $data['created_at'] = date('Y-m-d H:i:s'); - - if ($data['status'] === 'approved' || $data['status'] === 'rejected') { - $data['processed_at'] = $data['created_at']; - } - - // 初始化reason字段 - $data['reason'] = $_POST['reason'] ?? ''; - - try { - // 插入数据到数据库 - $stmt = $pdo->prepare("INSERT INTO registrations (website_name, website_category, contact_person, contact_phone, contact_email, website_url, website_description, status, created_at, processed_at, registration_number, reason) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - $stmt->execute([ - $data['website_name'], - $data['website_category'], - $data['contact_person'], - $data['contact_phone'], - $data['contact_email'], - $data['website_url'], - $data['website_description'], - $data['status'], - $data['created_at'], - $data['processed_at'] ?? null, - $data['registration_number'], - $data['reason'] - ]); - - $success = '备案信息添加成功!备案编号: 初ICP备' . $data['registration_number'] . '备'; - } catch (PDOException $e) { - $errors[] = '添加备案信息失败: ' . $e->getMessage(); - } - } -} -?> - - - - - 添加备案信息 - <?php echo $siteInfo['name']; ?> - - - -
-

- 管理员面板

-
- 控制面板 - 所有备案 - 待审核备案 - 添加备案 - 系统设置 - -
-
-
-
-

- 添加备案信息

-

直接添加新的备案信息

-
- -
-

添加备案信息

- - -
- - - - -
- - - -
-
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- - - - - -
- - 返回控制面板 -
-
-
-
- +getMessage()); + } +} + +// 连接数据库 +$pdo = getDatabaseConnection(); + +// 从数据库获取网站信息 +$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); +$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); + +// 如果找不到网站信息,使用配置文件中的默认值 +if (!$siteInfo) { + $siteInfo = [ + 'name' => $config['site_name'] ?? '二次元网站备案系统', + 'description' => $config['site_description'] ?? '管理和审核网站备案申请' + ]; +} + +// 处理表单提交 +$success = ''; +$errors = []; +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // 验证CSRF令牌 + verifyCSRFToken($_POST['csrf_token'] ?? ''); + + // 验证表单数据 + $data = []; + + // 验证网站名称 + if (empty($_POST['website_name'])) { + $errors[] = '网站名称不能为空'; + } else { + $data['website_name'] = trim($_POST['website_name']); + } + + // 验证网站类型 + if (empty($_POST['website_category'])) { + $errors[] = '请选择网站类型'; + } else { + $data['website_category'] = $_POST['website_category']; + } + + // 验证网站负责人 + if (empty($_POST['contact_person'])) { + $errors[] = '网站负责人不能为空'; + } else { + $data['contact_person'] = trim($_POST['contact_person']); + } + + // 验证联系电话 + if (empty($_POST['contact_phone'])) { + $errors[] = '联系电话不能为空'; + } else { + $data['contact_phone'] = trim($_POST['contact_phone']); + } + + // 验证联系邮箱 + if (empty($_POST['contact_email'])) { + $errors[] = '联系邮箱不能为空'; + } elseif (!filter_var($_POST['contact_email'], FILTER_VALIDATE_EMAIL)) { + $errors[] = '请输入有效的邮箱地址'; + } else { + $data['contact_email'] = trim($_POST['contact_email']); + } + + // 验证网站地址 + if (empty($_POST['website_url'])) { + $errors[] = '网站地址不能为空'; + } else { + // 移除可能的http://或https://前缀 + $website = trim($_POST['website_url']); + $website = preg_replace('#^https?://#', '', $website); + $data['website_url'] = $website; + } + + // 验证网站描述 + if (empty($_POST['website_description'])) { + $errors[] = '网站描述不能为空'; + } else { + $data['website_description'] = trim($_POST['website_description']); + } + + // 验证状态 + if (empty($_POST['status'])) { + $errors[] = '请选择状态'; + } else { + $data['status'] = $_POST['status']; + } + + // 如果没有错误,保存数据 + if (empty($errors)) { + // 生成8位数字备案编号 + $data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); + $data['created_at'] = date('Y-m-d H:i:s'); + + if ($data['status'] === 'approved' || $data['status'] === 'rejected') { + $data['processed_at'] = $data['created_at']; + } + + // 初始化reason字段 + $data['reason'] = $_POST['reason'] ?? ''; + + try { + // 插入数据到数据库 + $stmt = $pdo->prepare("INSERT INTO registrations (website_name, website_category, contact_person, contact_phone, contact_email, website_url, website_description, status, created_at, processed_at, registration_number, reason) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([ + $data['website_name'], + $data['website_category'], + $data['contact_person'], + $data['contact_phone'], + $data['contact_email'], + $data['website_url'], + $data['website_description'], + $data['status'], + $data['created_at'], + $data['processed_at'] ?? null, + $data['registration_number'], + $data['reason'] + ]); + + $success = '备案信息添加成功!备案编号: 初ICP备' . $data['registration_number'] . '备'; + } catch (PDOException $e) { + $errors[] = '添加备案信息失败: ' . $e->getMessage(); + } + } +} +?> + + + + + 添加备案信息 - <?php echo $siteInfo['name']; ?> + + + +
+

- 管理员面板

+
+ 控制面板 + 所有备案 + 待审核备案 + 添加备案 + 系统设置 + +
+
+
+
+

- 添加备案信息

+

直接添加新的备案信息

+
+ +
+

添加备案信息

+ + +
+ + + + +
+ + + +
+ + +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ + + + + +
+ + 返回控制面板 +
+
+
+
+ \ No newline at end of file diff --git a/admin/admin_dashboard.php b/admin/admin_dashboard.php index b1b5431..e298b4a 100644 --- a/admin/admin_dashboard.php +++ b/admin/admin_dashboard.php @@ -1,599 +1,608 @@ - -getMessage()); - } -} - -// 连接数据库 -$pdo = getDatabaseConnection(); - -// 获取网站信息 -$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); -$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); - -// 如果找不到网站信息,使用配置文件中的默认值 -if (!$siteInfo) { - $siteInfo = [ - 'name' => $config['site_name'] ?? '二次元网站备案系统', - 'description' => $config['site_description'] ?? '管理和审核网站备案申请' - ]; -} - -// 处理备案状态更新 -if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_status' && isset($_POST['id']) && isset($_POST['status'])) { - $id = $_POST['id']; - $status = $_POST['status']; - $reason = $_POST['reason'] ?? ''; - - try { - // 开始事务 - $pdo->beginTransaction(); - - // 获取备案信息 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); - $stmt->execute([$id]); - $registration = $stmt->fetch(PDO::FETCH_ASSOC); - - if (!$registration) { - throw new Exception('未找到该备案申请'); - } - - // 生成备案编号(如果通过审核) - $registrationNumber = $registration['registration_number']; - if ($status === 'approved' && empty($registrationNumber)) { - $registrationNumber = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); - } - - // 更新备案状态 - $stmt = $pdo->prepare("UPDATE registrations SET status = ?, reason = ?, processed_at = NOW(), registration_number = ? WHERE id = ?"); - $stmt->execute([$status, $reason, $registrationNumber, $id]); - - // 如果审核通过,发送邮件 - if ($status === 'approved') { - // 加载邮件工具 - require_once '../email_utils.php'; - - // 更新备案信息中的处理日期和备案编号 - $registration['status'] = 'approved'; - $registration['processed_at'] = date('Y-m-d H:i:s'); - $registration['registration_number'] = $registrationNumber; - - // 确保contact_email字段存在 - if (!isset($registration['contact_email']) || empty($registration['contact_email'])) { - throw new Exception('缺少联系邮箱,无法发送审核通过邮件'); - } - - try { - // 创建邮件工具实例 - $emailUtils = new EmailUtils($pdo); - // 发送审核通过邮件 - $emailUtils->sendApprovalEmail($registration); - } catch (Exception $e) { - // 记录邮件发送失败,但不影响审核流程 - error_log('发送审核通过邮件失败: ' . $e->getMessage()); - } - } - - // 提交事务 - $pdo->commit(); - - header("Location: admin_dashboard.php"); - exit(); - } catch (PDOException $e) { - // 回滚事务 - $pdo->rollBack(); - die('更新备案状态失败: ' . $e->getMessage()); - } catch (Exception $e) { - // 回滚事务 - $pdo->rollBack(); - die('处理失败: ' . $e->getMessage()); - } -} - -// 确定要显示的备案类型 -$view = $_GET['view'] ?? 'all'; - -// 根据视图类型获取备案申请 -if ($view === 'pending') { - // 获取待审核的备案申请 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'pending' ORDER BY created_at DESC"); - $stmt->execute(); - $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); - $title = '待审核备案申请'; -} else if ($view === 'approved') { - // 获取已通过的备案申请 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'approved' ORDER BY processed_at DESC"); - $stmt->execute(); - $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); - $title = '已通过备案申请'; -} else if ($view === 'rejected') { - // 获取已拒绝的备案申请 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'rejected' ORDER BY processed_at DESC"); - $stmt->execute(); - $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); - $title = '已拒绝备案申请'; -} else { - // 获取所有备案申请 - $stmt = $pdo->prepare("SELECT * FROM registrations ORDER BY created_at DESC"); - $stmt->execute(); - $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); - $title = '所有备案申请'; -} - -// 确保registrations表存在 -function ensureRegistrationsTableExists($pdo) { - try { - // 根据数据库类型选择自增关键字 - global $config; - $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; - $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; - - $pdo->exec("CREATE TABLE IF NOT EXISTS registrations ( - id $int_type PRIMARY KEY $auto_increment, - website_name VARCHAR(255) NOT NULL, - website_url VARCHAR(255) NOT NULL, - contact_person VARCHAR(100) NOT NULL, - contact_email VARCHAR(255) NOT NULL, - contact_phone VARCHAR(255) NOT NULL, - website_category VARCHAR(100) NOT NULL, - website_description TEXT NOT NULL, - status VARCHAR(20) DEFAULT 'pending', - reason TEXT, - registration_number VARCHAR(50), - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - processed_at TIMESTAMP - )"); - } catch (PDOException $e) { - die('创建registrations表失败: ' . $e->getMessage()); - } -} - -// 确保site_info表存在 -function ensureSiteInfoTableExists($pdo) { - try { - // 根据数据库类型选择自增关键字 - global $config; - $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; - $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; - - $pdo->exec("CREATE TABLE IF NOT EXISTS site_info ( - id $int_type PRIMARY KEY $auto_increment, - name VARCHAR(255) NOT NULL, - description TEXT NOT NULL, - updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )"); - } catch (PDOException $e) { - die('创建site_info表失败: ' . $e->getMessage()); - } -} - -// 确保email_config表存在 -function ensureEmailConfigTableExists($pdo) { - try { - // 根据数据库类型选择自增关键字 - global $config; - $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; - $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; - - $pdo->exec("CREATE TABLE IF NOT EXISTS email_config ( - id $int_type PRIMARY KEY $auto_increment, - smtp_host VARCHAR(255) NOT NULL, - smtp_port INTEGER NOT NULL, - smtp_username VARCHAR(255) NOT NULL, - smtp_password VARCHAR(255) NOT NULL, - smtp_encryption VARCHAR(10) NOT NULL, - from_email VARCHAR(255) NOT NULL, - from_name VARCHAR(255) NOT NULL, - updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )"); - } catch (PDOException $e) { - die('创建email_config表失败: ' . $e->getMessage()); - } -} - -// 确保表存在 -ensureRegistrationsTableExists($pdo); -ensureSiteInfoTableExists($pdo); -ensureEmailConfigTableExists($pdo); -?> - - - - - 管理员控制面板 - <?php echo $siteInfo['name']; ?> - - - -
-

- 管理员面板

-
- 控制面板 - 所有备案 - 待审核备案 - 添加备案 - 系统设置 - -
-
-
-
-

- 管理员控制面板

-

-
- -
-

- -
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - -
ID网站名称网站URL联系人提交时间状态操作
- - - - - - - - - - -
-
-
- - - - - - + +getMessage()); + } +} + +// 连接数据库 +$pdo = getDatabaseConnection(); + +// 获取网站信息 +$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); +$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); + +// 如果找不到网站信息,使用配置文件中的默认值 +if (!$siteInfo) { + $siteInfo = [ + 'name' => $config['site_name'] ?? '二次元网站备案系统', + 'description' => $config['site_description'] ?? '管理和审核网站备案申请' + ]; +} + +// 处理备案状态更新 +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_status') { + // 验证CSRF令牌 + verifyCSRFToken($_POST['csrf_token'] ?? ''); + + $id = $_POST['id']; + $status = $_POST['status']; + $reason = $_POST['reason'] ?? ''; + + try { + // 开始事务 + $pdo->beginTransaction(); + + // 获取备案信息 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); + $stmt->execute([$id]); + $registration = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$registration) { + throw new Exception('未找到该备案申请'); + } + + // 生成备案编号(如果通过审核) + $registrationNumber = $registration['registration_number']; + if ($status === 'approved' && empty($registrationNumber)) { + $registrationNumber = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); + } + + // 更新备案状态 + $stmt = $pdo->prepare("UPDATE registrations SET status = ?, reason = ?, processed_at = NOW(), registration_number = ? WHERE id = ?"); + $stmt->execute([$status, $reason, $registrationNumber, $id]); + + // 如果审核通过,发送邮件 + if ($status === 'approved') { + // 加载邮件工具 + require_once '../email_utils.php'; + + // 更新备案信息中的处理日期和备案编号 + $registration['status'] = 'approved'; + $registration['processed_at'] = date('Y-m-d H:i:s'); + $registration['registration_number'] = $registrationNumber; + + // 确保contact_email字段存在 + if (!isset($registration['contact_email']) || empty($registration['contact_email'])) { + throw new Exception('缺少联系邮箱,无法发送审核通过邮件'); + } + + try { + // 创建邮件工具实例 + $emailUtils = new EmailUtils($pdo); + // 发送审核通过邮件 + $emailUtils->sendApprovalEmail($registration); + } catch (Exception $e) { + // 记录邮件发送失败,但不影响审核流程 + error_log('发送审核通过邮件失败: ' . $e->getMessage()); + } + } + + // 提交事务 + $pdo->commit(); + + header("Location: admin_dashboard.php"); + exit(); + } catch (PDOException $e) { + // 回滚事务 + $pdo->rollBack(); + die('更新备案状态失败: ' . $e->getMessage()); + } catch (Exception $e) { + // 回滚事务 + $pdo->rollBack(); + die('处理失败: ' . $e->getMessage()); + } +} + +// 确定要显示的备案类型 +$view = $_GET['view'] ?? 'all'; + +// 根据视图类型获取备案申请 +if ($view === 'pending') { + // 获取待审核的备案申请 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'pending' ORDER BY created_at DESC"); + $stmt->execute(); + $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); + $title = '待审核备案申请'; +} else if ($view === 'approved') { + // 获取已通过的备案申请 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'approved' ORDER BY processed_at DESC"); + $stmt->execute(); + $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); + $title = '已通过备案申请'; +} else if ($view === 'rejected') { + // 获取已拒绝的备案申请 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE status = 'rejected' ORDER BY processed_at DESC"); + $stmt->execute(); + $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); + $title = '已拒绝备案申请'; +} else { + // 获取所有备案申请 + $stmt = $pdo->prepare("SELECT * FROM registrations ORDER BY created_at DESC"); + $stmt->execute(); + $registrations = $stmt->fetchAll(PDO::FETCH_ASSOC); + $title = '所有备案申请'; +} + +// 确保registrations表存在 +function ensureRegistrationsTableExists($pdo) { + try { + // 根据数据库类型选择自增关键字 + global $config; + $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; + $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; + + $pdo->exec("CREATE TABLE IF NOT EXISTS registrations ( + id $int_type PRIMARY KEY $auto_increment, + website_name VARCHAR(255) NOT NULL, + website_url VARCHAR(255) NOT NULL, + contact_person VARCHAR(100) NOT NULL, + contact_email VARCHAR(255) NOT NULL, + contact_phone VARCHAR(255) NOT NULL, + website_category VARCHAR(100) NOT NULL, + website_description TEXT NOT NULL, + status VARCHAR(20) DEFAULT 'pending', + reason TEXT, + registration_number VARCHAR(50), + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + processed_at TIMESTAMP + )"); + } catch (PDOException $e) { + die('创建registrations表失败: ' . $e->getMessage()); + } +} + +// 确保site_info表存在 +function ensureSiteInfoTableExists($pdo) { + try { + // 根据数据库类型选择自增关键字 + global $config; + $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; + $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; + + $pdo->exec("CREATE TABLE IF NOT EXISTS site_info ( + id $int_type PRIMARY KEY $auto_increment, + name VARCHAR(255) NOT NULL, + description TEXT NOT NULL, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )"); + } catch (PDOException $e) { + die('创建site_info表失败: ' . $e->getMessage()); + } +} + +// 确保email_config表存在 +function ensureEmailConfigTableExists($pdo) { + try { + // 根据数据库类型选择自增关键字 + global $config; + $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; + $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; + + $pdo->exec("CREATE TABLE IF NOT EXISTS email_config ( + id $int_type PRIMARY KEY $auto_increment, + smtp_host VARCHAR(255) NOT NULL, + smtp_port INTEGER NOT NULL, + smtp_username VARCHAR(255) NOT NULL, + smtp_password VARCHAR(255) NOT NULL, + smtp_encryption VARCHAR(10) NOT NULL, + from_email VARCHAR(255) NOT NULL, + from_name VARCHAR(255) NOT NULL, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )"); + } catch (PDOException $e) { + die('创建email_config表失败: ' . $e->getMessage()); + } +} + +// 确保表存在 +ensureRegistrationsTableExists($pdo); +ensureSiteInfoTableExists($pdo); +ensureEmailConfigTableExists($pdo); +?> + + + + + 管理员控制面板 - <?php echo $siteInfo['name']; ?> + + + +
+

- 管理员面板

+
+ 控制面板 + 所有备案 + 待审核备案 + 添加备案 + 系统设置 + +
+
+
+
+

- 管理员控制面板

+

+
+ +
+

+ +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
ID网站名称网站URL联系人提交时间状态操作
+ + + + + + + + + + +
+
+
+ + + + + + \ No newline at end of file diff --git a/admin/admin_login.php b/admin/admin_login.php index 1669cc6..b36a316 100644 --- a/admin/admin_login.php +++ b/admin/admin_login.php @@ -1,161 +1,227 @@ -getMessage()); - } -} - -// 处理注销请求 -if (isset($_GET['action']) && $_GET['action'] === 'logout') { - setcookie('admin_logged_in', '', time() - 3600, '/'); - header('Location: admin_login.php'); - exit; -} - -// 检查是否已登录 -if (isset($_COOKIE['admin_logged_in']) && $_COOKIE['admin_logged_in'] === 'true') { - header('Location: admin_dashboard.php'); - exit; -} - -$error = ''; -// 处理登录请求 -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - $username = $_POST['username'] ?? ''; - $password = $_POST['password'] ?? ''; - - // 连接数据库 - $pdo = getDatabaseConnection(); - - // 查询管理员信息 - $stmt = $pdo->prepare("SELECT password_hash FROM admins WHERE username = ?"); - $stmt->execute([$username]); - $admin = $stmt->fetch(PDO::FETCH_ASSOC); - - // 验证密码 - if ($admin && password_verify($password, $admin['password_hash'])) { - // 设置登录cookie,有效期1小时 - setcookie('admin_logged_in', 'true', time() + 3600, '/'); - header('Location: admin_dashboard.php'); - exit; - } else { - $error = '用户名或密码错误'; - } -} -?> - - - - - - 管理员登录 - 二次元网站备案系统 - - - -
-

管理员登录

-
-
- - -
-
- - -
- - -
- -
-
- +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + return $pdo; + } catch (PDOException $e) { + die('数据库连接失败'); + } +} + +// 处理注销请求 +if (isset($_GET['action']) && $_GET['action'] === 'logout') { + session_unset(); + session_destroy(); + header('Location: admin_login.php'); + exit; +} + +// 检查是否已登录 +if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) { + header('Location: admin_dashboard.php'); + exit; +} + +// 防止暴力破解:记录失败次数 +if (!isset($_SESSION['login_attempts'])) { + $_SESSION['login_attempts'] = 0; + $_SESSION['last_attempt'] = time(); +} + +// 重置计数器(5分钟后) +if (time() - $_SESSION['last_attempt'] > 300) { + $_SESSION['login_attempts'] = 0; +} + +$error = ''; + +// 处理登录请求 +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // 检查是否超过最大尝试次数(5次) + if ($_SESSION['login_attempts'] >= 5) { + $error = '登录尝试次数过多,请5分钟后重试'; + } else { + // 验证CSRF令牌 + if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) { + $error = '安全验证失败,请重新登录'; + } else { + $username = $_POST['username'] ?? ''; + $password = $_POST['password'] ?? ''; + + // 输入验证 + if (empty($username) || empty($password)) { + $error = '用户名和密码不能为空'; + } else { + // 连接数据库 + $pdo = getDatabaseConnection(); + + // 查询管理员信息 + $stmt = $pdo->prepare("SELECT id, password_hash FROM admins WHERE username = ?"); + $stmt->execute([$username]); + $admin = $stmt->fetch(PDO::FETCH_ASSOC); + + // 验证密码 + if ($admin && password_verify($password, $admin['password_hash'])) { + // 登录成功,重置尝试次数 + $_SESSION['login_attempts'] = 0; + + // 设置会话变量 + $_SESSION['admin_logged_in'] = true; + $_SESSION['admin_id'] = $admin['id']; + $_SESSION['admin_username'] = $username; + $_SESSION['last_activity'] = time(); + + // 重新生成会话ID + session_regenerate_id(true); + + header('Location: admin_dashboard.php'); + exit; + } else { + $_SESSION['login_attempts']++; + $_SESSION['last_attempt'] = time(); + $error = '用户名或密码错误'; + } + } + } + } +} + +// 生成CSRF令牌 +if (!isset($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); +} +?> + + + + + + 管理员登录 - 二次元网站备案系统 + + + +
+

管理员登录

+
+ + +
+ + +
+ +
+ + +
+ + + + +
+ + + = 3): ?> +
+ 剩余尝试次数: +
+ +
+
+ \ No newline at end of file diff --git a/admin/approve.php b/admin/approve.php index 6895f22..f9b5f00 100644 --- a/admin/approve.php +++ b/admin/approve.php @@ -1,63 +1,62 @@ -beginTransaction(); - - // 获取备案信息 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); - $stmt->execute([$registrationId]); - $registration = $stmt->fetch(PDO::FETCH_ASSOC); - - if (!$registration) { - die('未找到该备案申请'); - } - - // 更新状态 - $stmt = $pdo->prepare("UPDATE registrations SET status = 'approved', processed_at = NOW(), reason = ? WHERE id = ?"); - $stmt->execute([$reason, $registrationId]); - - // 提交事务 - $pdo->commit(); - - // 发送邮件通知 - try { - $emailUtils = new EmailUtils($pdo); - $emailUtils->sendApprovalEmail($registration); - } catch (Exception $e) { - // 邮件发送失败,记录日志但不影响主流程 - error_log('发送审核通过邮件失败: ' . $e->getMessage()); - } - - // 重定向回管理员面板 - header('Location: admin_dashboard.php?success=1&message=备案申请已成功通过'); - exit; -} catch (PDOException $e) { - // 回滚事务 - $pdo->rollBack(); - die('更新备案申请状态失败: ' . $e->getMessage()); -} +beginTransaction(); + + // 获取备案信息 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); + $stmt->execute([$registrationId]); + $registration = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$registration) { + die('未找到该备案申请'); + } + + // 更新状态 + $stmt = $pdo->prepare("UPDATE registrations SET status = 'approved', processed_at = NOW(), reason = ? WHERE id = ?"); + $stmt->execute([$reason, $registrationId]); + + // 提交事务 + $pdo->commit(); + + // 发送邮件通知 + try { + $emailUtils = new EmailUtils($pdo); + $emailUtils->sendApprovalEmail($registration); + } catch (Exception $e) { + // 邮件发送失败,记录日志但不影响主流程 + error_log('发送审核通过邮件失败: ' . $e->getMessage()); + } + + // 重定向回管理员面板 + header('Location: admin_dashboard.php?success=1&message=备案申请已成功通过'); + exit; +} catch (PDOException $e) { + // 回滚事务 + $pdo->rollBack(); + die('更新备案申请状态失败: ' . $e->getMessage()); +} ?> \ No newline at end of file diff --git a/admin/manage_admins.php b/admin/manage_admins.php index 3aeb40f..c0c360e 100644 --- a/admin/manage_admins.php +++ b/admin/manage_admins.php @@ -1,287 +1,309 @@ -getMessage()); - } -} - -// 连接数据库 -$pdo = getDatabaseConnection(); - -// 获取所有管理员账户 -function getAllAdmins($pdo) { - $stmt = $pdo->query("SELECT id, username, created_at FROM admins"); - return $stmt->fetchAll(PDO::FETCH_ASSOC); -} - -// 检查用户名是否已存在 -function checkUsernameExists($pdo, $username) { - $stmt = $pdo->prepare("SELECT COUNT(*) FROM admins WHERE username = ?"); - $stmt->execute([$username]); - return $stmt->fetchColumn() > 0; -} - -// 添加新管理员 -function addAdmin($pdo, $username, $password) { - if (checkUsernameExists($pdo, $username)) { - return ['success' => false, 'message' => '用户名已存在']; - } - - $password_hash = password_hash($password, PASSWORD_DEFAULT); - try { - $stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)"); - $stmt->execute([$username, $password_hash]); - return ['success' => true, 'message' => '管理员添加成功']; - } catch (PDOException $e) { - return ['success' => false, 'message' => '添加失败: ' . $e->getMessage()]; - } -} - -// 删除管理员 -function deleteAdmin($pdo, $id) { - try { - $stmt = $pdo->prepare("DELETE FROM admins WHERE id = ?"); - $stmt->execute([$id]); - return ['success' => true, 'message' => '管理员删除成功']; - } catch (PDOException $e) { - return ['success' => false, 'message' => '删除失败: ' . $e->getMessage()]; - } -} - -// 处理表单提交 -$message = ''; -$success = false; - -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - if (isset($_POST['action'])) { - switch ($_POST['action']) { - case 'add': - $username = trim($_POST['username']); - $password = trim($_POST['password']); - $confirm_password = trim($_POST['confirm_password']); - - if (empty($username) || empty($password)) { - $message = '用户名和密码不能为空'; - } elseif ($password !== $confirm_password) { - $message = '两次输入的密码不一致'; - } elseif (strlen($password) < 6) { - $message = '密码长度不能少于6位'; - } else { - $result = addAdmin($pdo, $username, $password); - $success = $result['success']; - $message = $result['message']; - } - break; - - case 'delete': - $id = (int)$_POST['id']; - $result = deleteAdmin($pdo, $id); - $success = $result['success']; - $message = $result['message']; - break; - } - } -} - -// 获取所有管理员 -$admins = getAllAdmins($pdo); - -?> - - - - - - 管理员账户管理 - - - -
-

管理员账户管理

- - -
- -
- - -
-

当前管理员账户

- - - - - - - - - - - - - - - - - - - -
ID用户名创建时间操作
-
- - - -
-
-
- -
-

添加新管理员

-
- -
- - -
-
- - -
-
- - -
- -
-
- -
- 返回管理面板 -
-
- +getMessage()); + } +} + +// 连接数据库 +$pdo = getDatabaseConnection(); + +// 获取所有管理员账户 +function getAllAdmins($pdo) { + $stmt = $pdo->query("SELECT id, username, created_at FROM admins"); + return $stmt->fetchAll(PDO::FETCH_ASSOC); +} + +// 检查用户名是否已存在 +function checkUsernameExists($pdo, $username) { + $stmt = $pdo->prepare("SELECT COUNT(*) FROM admins WHERE username = ?"); + $stmt->execute([$username]); + return $stmt->fetchColumn() > 0; +} + +// 添加新管理员 +function addAdmin($pdo, $username, $password) { + if (checkUsernameExists($pdo, $username)) { + return ['success' => false, 'message' => '用户名已存在']; + } + + $password_hash = password_hash($password, PASSWORD_DEFAULT); + try { + $stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)"); + $stmt->execute([$username, $password_hash]); + return ['success' => true, 'message' => '管理员添加成功']; + } catch (PDOException $e) { + return ['success' => false, 'message' => '添加失败: ' . $e->getMessage()]; + } +} + +// 删除管理员 +function deleteAdmin($pdo, $id) { + try { + $stmt = $pdo->prepare("DELETE FROM admins WHERE id = ?"); + $stmt->execute([$id]); + return ['success' => true, 'message' => '管理员删除成功']; + } catch (PDOException $e) { + return ['success' => false, 'message' => '删除失败: ' . $e->getMessage()]; + } +} + +// 处理表单提交 +$message = ''; +$success = false; + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // 验证CSRF令牌 + if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) { + $message = '安全验证失败'; + } else { + if (isset($_POST['action'])) { + switch ($_POST['action']) { + case 'add': + $username = trim($_POST['username']); + $password = trim($_POST['password']); + $confirm_password = trim($_POST['confirm_password']); + + if (empty($username) || empty($password)) { + $message = '用户名和密码不能为空'; + } elseif ($password !== $confirm_password) { + $message = '两次输入的密码不一致'; + } elseif (strlen($password) < 6) { + $message = '密码长度不能少于6位'; + } else { + $result = addAdmin($pdo, $username, $password); + $success = $result['success']; + $message = $result['message']; + } + break; + + case 'delete': + $id = (int)$_POST['id']; + // 防止删除自己 + if ($id == $_SESSION['admin_id']) { + $message = '不能删除当前登录的管理员账户'; + } else { + $result = deleteAdmin($pdo, $id); + $success = $result['success']; + $message = $result['message']; + } + break; + } + } + } +} + +// 生成CSRF令牌 +$csrf_token = generateCSRFToken(); + +// 获取所有管理员 +$admins = getAllAdmins($pdo); +?> + + + + + + 管理员账户管理 + + + +
+

管理员账户管理

+ + +
+ +
+ + +
+

当前管理员账户

+ + + + + + + + + + + + + + + + + + + +
ID用户名创建时间操作
+ +
+ + + + +
+ + 当前账户 + +
+
+ +
+

添加新管理员

+
+ + +
+ + +
+
+ + +
+
+ + +
+ +
+
+ +
+ 返回管理面板 +
+
+ \ No newline at end of file diff --git a/admin/reject.php b/admin/reject.php index 5048da3..4e1e8c0 100644 --- a/admin/reject.php +++ b/admin/reject.php @@ -1,67 +1,66 @@ -beginTransaction(); - - // 获取备案信息 - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); - $stmt->execute([$registrationId]); - $registration = $stmt->fetch(PDO::FETCH_ASSOC); - - if (!$registration) { - die('未找到该备案申请'); - } - - // 更新状态 - $stmt = $pdo->prepare("UPDATE registrations SET status = 'rejected', processed_at = NOW(), reason = ? WHERE id = ?"); - $stmt->execute([$reason, $registrationId]); - - // 提交事务 - $pdo->commit(); - - // 发送邮件通知 - try { - $emailUtils = new EmailUtils($config); - $emailUtils->sendRejectionEmail($registration); - } catch (Exception $e) { - // 邮件发送失败,记录日志但不影响主流程 - error_log('发送拒绝通知邮件失败: ' . $e->getMessage()); - } - - // 重定向回管理员面板 - header('Location: admin_dashboard.php?success=1&message=备案申请已拒绝'); - exit; -} catch (PDOException $e) { - // 回滚事务 - $pdo->rollBack(); - die('更新备案申请状态失败: ' . $e->getMessage()); -} +beginTransaction(); + + // 获取备案信息 + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE id = ?"); + $stmt->execute([$registrationId]); + $registration = $stmt->fetch(PDO::FETCH_ASSOC); + + if (!$registration) { + die('未找到该备案申请'); + } + + // 更新状态 + $stmt = $pdo->prepare("UPDATE registrations SET status = 'rejected', processed_at = NOW(), reason = ? WHERE id = ?"); + $stmt->execute([$reason, $registrationId]); + + // 提交事务 + $pdo->commit(); + + // 发送邮件通知 + try { + $emailUtils = new EmailUtils($pdo); + $emailUtils->sendRejectionEmail($registration); + } catch (Exception $e) { + // 邮件发送失败,记录日志但不影响主流程 + error_log('发送拒绝通知邮件失败: ' . $e->getMessage()); + } + + // 重定向回管理员面板 + header('Location: admin_dashboard.php?success=1&message=备案申请已拒绝'); + exit; +} catch (PDOException $e) { + // 回滚事务 + $pdo->rollBack(); + die('更新备案申请状态失败: ' . $e->getMessage()); +} ?> \ No newline at end of file diff --git a/admin/settings.php b/admin/settings.php new file mode 100644 index 0000000..e29725d --- /dev/null +++ b/admin/settings.php @@ -0,0 +1,476 @@ +getMessage()); + } +} + +// 连接数据库 +$pdo = getDatabaseConnection(); + +// 从数据库获取网站信息 +$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); +$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); + +// 如果找不到网站信息,使用配置文件中的默认值 +if (!$siteInfo) { + $siteInfo = [ + 'name' => $config['site_name'] ?? '二次元网站备案系统', + 'description' => $config['site_description'] ?? '管理和审核网站备案申请' + ]; +} + +// 从数据库获取邮件配置 +$stmt = $pdo->query("SELECT * FROM email_config LIMIT 1"); +$emailConfig = $stmt->fetch(PDO::FETCH_ASSOC); + +// 如果找不到邮件配置,使用默认值 +if (!$emailConfig) { + $emailConfig = [ + 'smtp_host' => '', + 'smtp_port' => 465, + 'smtp_username' => '', + 'smtp_password' => '', + 'smtp_encryption' => 'ssl', + 'from_email' => '', + 'from_name' => $siteInfo['name'] + ]; +} + +// 处理表单提交 +$success = ''; +$errors = []; +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // 验证CSRF令牌 + verifyCSRFToken($_POST['csrf_token'] ?? ''); + + // 处理站点设置 + $siteName = trim($_POST['site_name']); + $siteDescription = trim($_POST['site_description']); + + // 处理邮件设置 + $smtpHost = trim($_POST['smtp_host']); + $smtpPort = (int)$_POST['smtp_port']; + $smtpUsername = trim($_POST['smtp_username']); + $smtpPassword = trim($_POST['smtp_password']); + $smtpEncryption = $_POST['smtp_encryption']; + $fromEmail = trim($_POST['from_email']); + $fromName = trim($_POST['from_name']); + + // 验证必填字段 + if (empty($siteName)) { + $errors[] = '站点名称不能为空'; + } + + if (empty($smtpHost) || empty($smtpUsername) || empty($smtpPassword) || empty($fromEmail)) { + $errors[] = '邮件配置的必填字段不能为空'; + } + + if (empty($errors)) { + try { + // 开始事务 + $pdo->beginTransaction(); + + // 更新站点信息 + if ($siteInfo) { + $stmt = $pdo->prepare("UPDATE site_info SET name = ?, description = ?"); + $stmt->execute([$siteName, $siteDescription]); + } else { + $stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)"); + $stmt->execute([$siteName, $siteDescription]); + } + + // 更新邮件配置 + if ($emailConfig) { + $stmt = $pdo->prepare("UPDATE email_config SET smtp_host = ?, smtp_port = ?, smtp_username = ?, smtp_password = ?, smtp_encryption = ?, from_email = ?, from_name = ?"); + $stmt->execute([$smtpHost, $smtpPort, $smtpUsername, $smtpPassword, $smtpEncryption, $fromEmail, $fromName]); + } else { + $stmt = $pdo->prepare("INSERT INTO email_config (smtp_host, smtp_port, smtp_username, smtp_password, smtp_encryption, from_email, from_name) VALUES (?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([$smtpHost, $smtpPort, $smtpUsername, $smtpPassword, $smtpEncryption, $fromEmail, $fromName]); + } + + // 提交事务 + $pdo->commit(); + + $success = '设置已成功保存'; + + // 更新本地变量以反映更改 + $siteInfo['name'] = $siteName; + $siteInfo['description'] = $siteDescription; + $emailConfig = [ + 'smtp_host' => $smtpHost, + 'smtp_port' => $smtpPort, + 'smtp_username' => $smtpUsername, + 'smtp_password' => $smtpPassword, + 'smtp_encryption' => $smtpEncryption, + 'from_email' => $fromEmail, + 'from_name' => $fromName + ]; + } catch (PDOException $e) { + // 回滚事务 + $pdo->rollBack(); + $errors[] = '保存设置失败: ' . $e->getMessage(); + } + } +} + +// 确保email_config表存在 +function ensureEmailConfigTableExists($pdo) { + try { + // 根据数据库类型选择自增关键字 + global $config; + $auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; + $int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER'; + + $pdo->exec("CREATE TABLE IF NOT EXISTS email_config ( + id $int_type PRIMARY KEY $auto_increment, + smtp_host VARCHAR(255) NOT NULL, + smtp_port INTEGER NOT NULL, + smtp_username VARCHAR(255) NOT NULL, + smtp_password VARCHAR(255) NOT NULL, + smtp_encryption VARCHAR(10) NOT NULL, + from_email VARCHAR(255) NOT NULL, + from_name VARCHAR(255) NOT NULL, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )"); + } catch (PDOException $e) { + die('创建email_config表失败: ' . $e->getMessage()); + } +} + +// 确保表存在 +ensureEmailConfigTableExists($pdo); +?> + + + + + 系统设置 - <?php echo $siteInfo['name']; ?> + + + + +
+

- 管理员面板

+
+ 控制面板 + 所有备案 + 待审核备案 + 添加备案 + 系统设置 + +
+
+
+
+

- 系统设置

+

配置站点信息和邮件设置

+
+ +
+

系统设置

+ + +
+ + + + +
+ + + +
+
站点设置
+
邮件设置
+
+ +
+ + +
+
+ + +
+ +
+ + +
+
+ +
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+
+ +
+ + 返回控制面板 +
+
+
+
+ + \ No newline at end of file diff --git a/auth_check.php b/auth_check.php new file mode 100644 index 0000000..fba38d1 --- /dev/null +++ b/auth_check.php @@ -0,0 +1,44 @@ + 3600)) { + session_unset(); + session_destroy(); + header('Location: /admin/admin_login.php?timeout=1'); + exit; + } + + $_SESSION['last_activity'] = time(); + + // 重新生成会话ID以防止会话固定攻击 + if (!isset($_SESSION['regenerated'])) { + session_regenerate_id(true); + $_SESSION['regenerated'] = true; + } +} + +// 生成CSRF令牌 +function generateCSRFToken() { + if (!isset($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); + } + return $_SESSION['csrf_token']; +} + +// 验证CSRF令牌 +function verifyCSRFToken($token) { + if (!isset($_SESSION['csrf_token']) || $token !== $_SESSION['csrf_token']) { + die('CSRF token validation failed'); + } +} +?> \ No newline at end of file diff --git a/db_init.php b/db_init.php index 74b6f30..16803c2 100644 --- a/db_init.php +++ b/db_init.php @@ -1,104 +1,80 @@ -getMessage()); - } -} - -// 连接数据库 -$pdo = getDatabaseConnection(); - -// 创建表的SQL语句 -// 根据数据库类型选择合适的自增语法 -$autoIncrement = $config['database_type'] === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; - -$queries = [ - // 创建管理员表 - "CREATE TABLE IF NOT EXISTS admins ( - id INTEGER PRIMARY KEY $autoIncrement, - username VARCHAR(50) NOT NULL UNIQUE, - password_hash VARCHAR(255) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )", - - // 创建网站信息表 - "CREATE TABLE IF NOT EXISTS site_info ( - id INTEGER PRIMARY KEY $autoIncrement, - name VARCHAR(100) NOT NULL, - description TEXT, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )", - - // 创建备案申请表 - "CREATE TABLE IF NOT EXISTS registrations ( - id INTEGER PRIMARY KEY $autoIncrement, - website_name VARCHAR(255) NOT NULL, - website_url VARCHAR(255) NOT NULL, - contact_person VARCHAR(100) NOT NULL, - contact_email VARCHAR(255) NOT NULL, - contact_phone VARCHAR(255) NOT NULL, - website_category VARCHAR(100) NOT NULL, - website_description TEXT NOT NULL, - status VARCHAR(20) DEFAULT 'pending', - reason TEXT, - registration_number VARCHAR(50), - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - processed_at TIMESTAMP - )" -]; - -// 执行SQL语句 -try { - foreach ($queries as $query) { - $pdo->exec($query); - } - - // 初始化管理员账户 - $stmt = $pdo->prepare("SELECT COUNT(*) FROM admins"); - $stmt->execute(); - $count = $stmt->fetchColumn(); - - if ($count === 0) { - // 创建默认管理员账户 - $username = $config['admin']['username']; - $password = $config['admin']['password']; - $passwordHash = password_hash($password, PASSWORD_DEFAULT); - - $stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)"); - $stmt->execute([$username, $passwordHash]); - - echo "管理员账户已创建!用户名: $username, 密码: $password
"; - echo "请登录后立即修改密码!
"; - } - - // 初始化网站信息 - $stmt = $pdo->prepare("SELECT COUNT(*) FROM site_info"); - $stmt->execute(); - $count = $stmt->fetchColumn(); - - if ($count === 0) { - $stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)"); - $stmt->execute([$config['site_name'], $config['site_description']]); - } - - // 表结构初始化完成 -} catch (PDOException $e) { - die('创建表结构失败: ' . $e->getMessage()); -} +getMessage()); + } +} + +// 连接数据库 +$pdo = getDatabaseConnection(); + +// 根据数据库类型选择合适的自增语法 +$autoIncrement = $config['database_type'] === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; + +$queries = [ + // 创建管理员表 + "CREATE TABLE IF NOT EXISTS admins ( + id INTEGER PRIMARY KEY $autoIncrement, + username VARCHAR(50) NOT NULL UNIQUE, + password_hash VARCHAR(255) NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )", + + // 创建网站信息表 + "CREATE TABLE IF NOT EXISTS site_info ( + id INTEGER PRIMARY KEY $autoIncrement, + name VARCHAR(100) NOT NULL, + description TEXT, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )", + + // 创建备案申请表 + "CREATE TABLE IF NOT EXISTS registrations ( + id INTEGER PRIMARY KEY $autoIncrement, + website_name VARCHAR(255) NOT NULL, + website_url VARCHAR(255) NOT NULL, + contact_person VARCHAR(100) NOT NULL, + contact_email VARCHAR(255) NOT NULL, + contact_phone VARCHAR(255) NOT NULL, + website_category VARCHAR(100) NOT NULL, + website_description TEXT NOT NULL, + status VARCHAR(20) DEFAULT 'pending', + reason TEXT, + registration_number VARCHAR(50), + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + processed_at TIMESTAMP + )" +]; + +// 执行SQL语句 +try { + foreach ($queries as $query) { + $pdo->exec($query); + } + echo "数据库表结构初始化完成
"; +} catch (PDOException $e) { + die('创建表结构失败: ' . $e->getMessage()); +} ?> \ No newline at end of file diff --git a/index.php b/index.php index b5b90e6..f0ed05c 100644 --- a/index.php +++ b/index.php @@ -1,184 +1,176 @@ - - - - -
- - - - -
-
-

备案查询

-

输入备案编号或网站地址查询备案信息

- -
-
- - -
- -
- - -
- -
- -
-
-
- - -
- + + + + +
+ + + +
+
+

备案查询

+

输入备案编号或网站地址查询备案信息

+ +
+
+ + +
+ +
+ + +
+ +
+ +
+
+
+
+ \ No newline at end of file diff --git a/install.php b/install.php index 6e1b593..931f7e4 100644 --- a/install.php +++ b/install.php @@ -1,495 +1,531 @@ -setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - - // 根据数据库类型选择自增关键字和整数类型 - if ($database_type === 'mysql') { - $auto_increment = 'AUTO_INCREMENT'; - $int_type = 'INT'; - } else { - $auto_increment = 'AUTOINCREMENT'; - $int_type = 'INTEGER'; - } - - // 创建管理员表 - $pdo->exec("CREATE TABLE IF NOT EXISTS admins ( - id $int_type PRIMARY KEY $auto_increment, - username VARCHAR(50) NOT NULL UNIQUE, - password_hash VARCHAR(255) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )"); - - // 创建网站信息表 - $pdo->exec("CREATE TABLE IF NOT EXISTS site_info ( - id $int_type PRIMARY KEY $auto_increment, - name VARCHAR(100) NOT NULL, - description TEXT, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - )"); - - // 创建备案申请表 - $pdo->exec("CREATE TABLE IF NOT EXISTS registrations ( - id $int_type PRIMARY KEY $auto_increment, - website_name VARCHAR(255) NOT NULL, - website_url VARCHAR(255) NOT NULL, - contact_person VARCHAR(100) NOT NULL, - contact_email VARCHAR(255) NOT NULL, - contact_phone VARCHAR(255) NOT NULL, - website_category VARCHAR(100) NOT NULL, - website_description TEXT NOT NULL, - status VARCHAR(20) DEFAULT 'pending', - reason TEXT, - registration_number VARCHAR(50), - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - processed_at TIMESTAMP - )"); - - // 插入管理员信息 - $stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)"); - $stmt->execute([$admin_username, $password_hash]); - - // 插入网站信息 - $stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)"); - $stmt->execute([$site_name, $site_description]); - - // 创建配置文件内容 - $config_content = << '$site_name', - 'site_description' => '$site_description', - - // 数据库配置 - 'database_type' => '$database_type', - 'database_config' => [ -EOT; - - // 添加数据库特定配置 - if ($database_type === 'mysql') { - $config_content .= << '{$db_config['host']}', - 'port' => '{$db_config['port']}', - 'name' => '{$db_config['name']}', - 'user' => '{$db_config['user']}', - 'password' => '{$db_config['password']}' -EOT; - } else if ($database_type === 'sqlite') { - $config_content .= << '{$db_config['path']}' -EOT; - } - - $config_content .= << [ - 'username' => '$admin_username', - 'password' => '$admin_password' // 安装后会自动加密 - ], - - // 邮件配置 - 'email' => [ - 'smtp_host' => '', - 'smtp_port' => 465, - 'smtp_username' => '', - 'smtp_password' => '', - 'smtp_encryption' => 'ssl', - 'from_email' => '', - 'from_name' => '网站备案系统' - ] -]; -EOT; - - // 写入配置文件 - if (file_put_contents('config.php', $config_content)) { - // 创建数据存储目录 - if (!is_dir('data')) { - mkdir('data', 0755); - } - - // 安装完成,显示提示页面 - echo ' - - - - - 安装完成 - - - -
-

安装完成!

-
-

重要安全提示:请立即删除服务器上的 install.php 文件!

-

该文件包含敏感信息,可能被未授权用户利用。

-
-

安装已成功完成,您的网站备案系统已准备就绪。

- 前往首页 -
- - '; - exit; - } else { - $errors[] = '创建配置文件失败,请检查目录权限'; - } - - } catch (PDOException $e) { - $errors[] = '数据库连接或操作失败: ' . $e->getMessage(); - } - } -} -?> - - - - - - 网站安装 - - - -
-

网站安装向导

- -
-
1
-
2
-
3
-
- - -
-
    - -
    • - -
-
- - -
-
- - -
- -
- - -
- -
- - -
- -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- -
-
- - -
-
- -
- - -
- -
- - -
- -
- - -
- - -
-
- - +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + + // 根据数据库类型选择自增关键字和整数类型 + if ($database_type === 'mysql') { + $auto_increment = 'AUTO_INCREMENT'; + $int_type = 'INT'; + } else { + $auto_increment = 'AUTOINCREMENT'; + $int_type = 'INTEGER'; + } + + // 创建管理员表 + $pdo->exec("CREATE TABLE IF NOT EXISTS admins ( + id $int_type PRIMARY KEY $auto_increment, + username VARCHAR(50) NOT NULL UNIQUE, + password_hash VARCHAR(255) NOT NULL, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )"); + + // 创建网站信息表 + $pdo->exec("CREATE TABLE IF NOT EXISTS site_info ( + id $int_type PRIMARY KEY $auto_increment, + name VARCHAR(100) NOT NULL, + description TEXT, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + )"); + + // 创建备案申请表 + $pdo->exec("CREATE TABLE IF NOT EXISTS registrations ( + id $int_type PRIMARY KEY $auto_increment, + website_name VARCHAR(255) NOT NULL, + website_url VARCHAR(255) NOT NULL, + contact_person VARCHAR(100) NOT NULL, + contact_email VARCHAR(255) NOT NULL, + contact_phone VARCHAR(255) NOT NULL, + website_category VARCHAR(100) NOT NULL, + website_description TEXT NOT NULL, + status VARCHAR(20) DEFAULT 'pending', + reason TEXT, + registration_number VARCHAR(50), + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + processed_at TIMESTAMP + )"); + + // 插入管理员信息 + $stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)"); + $stmt->execute([$admin_username, $password_hash]); + + // 插入网站信息 + $stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)"); + $stmt->execute([$site_name, $site_description]); + + // 创建配置文件内容(不包含明文密码) + $config_content = << '$site_name', + 'site_description' => '$site_description', + + // 数据库配置 + 'database_type' => '$database_type', + 'database_config' => [ +EOT; + + // 添加数据库特定配置 + if ($database_type === 'mysql') { + $config_content .= << '{$db_config['host']}', + 'port' => '{$db_config['port']}', + 'name' => '{$db_config['name']}', + 'user' => '{$db_config['user']}', + 'password' => '{$db_config['password']}' +EOT; + } else if ($database_type === 'sqlite') { + $config_content .= << '{$db_config['path']}' +EOT; + } + + $config_content .= << [ + 'smtp_host' => '', + 'smtp_port' => 465, + 'smtp_username' => '', + 'smtp_password' => '', + 'smtp_encryption' => 'ssl', + 'from_email' => '', + 'from_name' => '网站备案系统' + ] +]; +EOT; + + // 写入配置文件 + if (file_put_contents('config.php', $config_content)) { + // 创建数据存储目录 + if (!is_dir('data')) { + mkdir('data', 0755); + } + + // 创建安装锁文件 + file_put_contents('.installed', date('Y-m-d H:i:s')); + + // 尝试删除安装文件 + @unlink(__FILE__); + + // 如果存在db_init.php,也删除它 + @unlink('db_init.php'); + + // 安装完成,显示提示页面 + echo ' + + + + + 安装完成 + + + +
+

安装完成!

+
+

重要:请立即设置正确的文件权限!

+
+
+

请在服务器上执行以下命令:

+

1. 设置目录权限:

+

chmod 755 /path/to/your/site

+

chmod 750 /path/to/your/site/data

+

chmod 640 /path/to/your/site/config.php

+

chmod 640 /path/to/your/site/.htaccess

+

chmod 640 /path/to/your/site/.installed

+
+

2. 设置文件所有者(假设Web服务器用户为www-data):

+

chown -R your-user:www-data /path/to/your/site

+
+

3. 如果install.php和db_init.php未自动删除,请手动删除:

+

rm -f /path/to/your/site/install.php

+

rm -f /path/to/your/site/db_init.php

+
+

管理员账户已创建:' . htmlspecialchars($admin_username) . '

+

请妥善保管您的登录凭据。

+ 前往首页 +
+ + '; + exit; + } else { + $errors[] = '创建配置文件失败,请检查目录权限'; + } + + } catch (PDOException $e) { + $errors[] = '数据库连接或操作失败: ' . $e->getMessage(); + } + } +} +?> + + + + + + 网站安装 + + + +
+

网站安装向导

+ +
+
1
+
2
+
3
+
+ + +
+
    + +
    • + +
+
+ + +
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ + +
+
+ + \ No newline at end of file diff --git a/register.php b/register.php index 734e933..56a160d 100644 --- a/register.php +++ b/register.php @@ -1,314 +1,312 @@ -prepare("INSERT INTO registrations (website_name, website_url, contact_person, contact_email, contact_phone, website_category, website_description, status, reason, registration_number, created_at, processed_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - $stmt->execute([ - $data['website_name'], - $data['website_url'], - $data['contact_person'], - $data['contact_email'], - $data['contact_phone'], - $data['website_category'], - $data['website_description'], - $data['status'], - $data['reason'], - $data['registration_number'], - $data['created_at'], - null - ]); - - $success = '备案信息添加成功!备案编号: 初ICP备' . $data['registration_number'] . '备'; - } catch (PDOException $e) { - $errors[] = '添加备案信息失败: ' . $e->getMessage(); - } - } -} - -// 从数据库获取网站信息 -$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); -$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); - -// 如果找不到网站信息,使用配置文件中的默认值 -if (!$siteInfo) { - $siteInfo = [ - 'name' => $config['site_name'] ?? '网站备案系统', - 'description' => $config['site_description'] ?? 'ICP备案管理平台' - ]; -} -?> - - - - - -
-

网站备案申请

-

填写以下信息完成网站备案申请

-
- -
-

网站备案申请

- - -
- - - - -
- - - -
-
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - -
- -
- - 返回首页 -
-
-
-
- - - -
- +prepare("INSERT INTO registrations (website_name, website_url, contact_person, contact_email, contact_phone, website_category, website_description, status, reason, registration_number, created_at, processed_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt->execute([ + $data['website_name'], + $data['website_url'], + $data['contact_person'], + $data['contact_email'], + $data['contact_phone'], + $data['website_category'], + $data['website_description'], + $data['status'], + $data['reason'], + $data['registration_number'], + $data['created_at'], + null + ]); + + $success = '备案信息添加成功!备案编号: 初ICP备' . $data['registration_number'] . '备'; + } catch (PDOException $e) { + $errors[] = '添加备案信息失败: ' . $e->getMessage(); + } + } +} + +// 从数据库获取网站信息 +$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1"); +$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC); + +// 如果找不到网站信息,使用配置文件中的默认值 +if (!$siteInfo) { + $siteInfo = [ + 'name' => $config['site_name'] ?? '网站备案系统', + 'description' => $config['site_description'] ?? 'ICP备案管理平台' + ]; +} +?> + + + + + +
+

网站备案申请

+

填写以下信息完成网站备案申请

+
+ +
+

网站备案申请

+ + +
+ + + + +
+ + + +
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + 返回首页 +
+
+
+ + \ No newline at end of file diff --git a/search.php b/search.php index 56cf53c..d4d3c7b 100644 --- a/search.php +++ b/search.php @@ -1,258 +1,257 @@ - - - -
- -
-

网站备案查询

-

输入备案编号或网站地址查询备案信息

-
- -
-

查询备案信息

- -
-
- - -
- -
- - -
- -
- -
- 返回首页 -
- -
- prepare("SELECT * FROM registrations WHERE registration_number LIKE :query"); - $stmt->execute(['query' => '%' . $search_query . '%']); - } elseif ($search_type === 'website') { - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE website_url LIKE :query"); - $stmt->execute(['query' => '%' . $search_query . '%']); - } elseif ($search_type === 'email') { - $stmt = $pdo->prepare("SELECT * FROM registrations WHERE contact_email LIKE :query"); - $stmt->execute(['query' => '%' . $search_query . '%']); - } - - $results = $stmt->fetchAll(PDO::FETCH_ASSOC); - } catch (PDOException $e) { - echo '
查询失败: ' . $e->getMessage() . '
'; - } - } else { - echo '
数据库连接失败,请检查配置文件。
'; - } - - // 显示查询结果 - if (!empty($results)) { - echo '

查询结果 (共 ' . count($results) . ' 条)

'; - foreach ($results as $result) { - echo '
'; - echo '

' . htmlspecialchars($result['website_name']) . '

'; - echo '

备案编号:初ICP备' . htmlspecialchars($result['registration_number']) . '备

'; - - // 显示网站类型 - $categoryMap = [ - 'anime' => '动漫网站', - 'game' => '游戏网站', - 'blog' => '个人博客', - 'other' => '其他类型' - ]; - echo '

网站类型:' . htmlspecialchars($categoryMap[$result['website_category']] ?? '未知类型') . '

'; - - echo '

网站负责人:' . htmlspecialchars($result['contact_person']) . '

'; - echo '

联系电话:' . htmlspecialchars($result['contact_phone']) . '

'; - echo '

联系邮箱:' . htmlspecialchars($result['contact_email']) . '

'; - echo '

网站地址:' . htmlspecialchars($result['website_url']) . '

'; - echo '

提交日期:' . htmlspecialchars($result['created_at']) . '

'; - echo '

处理日期:' . htmlspecialchars($result['processed_at'] ?? '未处理') . '

'; - echo '

状态:' . ($result['status'] === 'pending' ? '待审核' : ($result['status'] === 'approved' ? '已通过' : '已拒绝')) . '

'; - echo '

网站描述:' . nl2br(htmlspecialchars($result['website_description'])) . '

'; - if (!empty($result['reason'])) { - echo '

处理说明:' . nl2br(htmlspecialchars($result['reason'])) . '

'; - } - echo '
'; - } - } else { - echo '
'; - echo '

没有找到符合条件的备案信息

'; - echo '
'; - } - } - ?> -
-
- -
- - + + + +
+ +
+

网站备案查询

+

输入备案编号或网站地址查询备案信息

+
+ +
+

查询备案信息

+ +
+
+ + +
+ +
+ + +
+ +
+ + 返回首页 +
+
+ +
+ prepare("SELECT * FROM registrations WHERE registration_number LIKE :query"); + $stmt->execute(['query' => '%' . $search_query . '%']); + } elseif ($search_type === 'website') { + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE website_url LIKE :query"); + $stmt->execute(['query' => '%' . $search_query . '%']); + } elseif ($search_type === 'email') { + $stmt = $pdo->prepare("SELECT * FROM registrations WHERE contact_email LIKE :query"); + $stmt->execute(['query' => '%' . $search_query . '%']); + } + + $results = $stmt->fetchAll(PDO::FETCH_ASSOC); + } catch (PDOException $e) { + echo '
查询失败: ' . $e->getMessage() . '
'; + } + } else { + echo '
数据库连接失败,请检查配置文件。
'; + } + + // 显示查询结果 + if (!empty($results)) { + echo '

查询结果 (共 ' . count($results) . ' 条)

'; + foreach ($results as $result) { + echo '
'; + echo '

' . htmlspecialchars($result['website_name']) . '

'; + echo '

备案编号:初ICP备' . htmlspecialchars($result['registration_number']) . '备

'; + + // 显示网站类型 + $categoryMap = [ + 'anime' => '动漫网站', + 'game' => '游戏网站', + 'blog' => '个人博客', + 'other' => '其他类型' + ]; + echo '

网站类型:' . htmlspecialchars($categoryMap[$result['website_category']] ?? '未知类型') . '

'; + + echo '

网站负责人:' . htmlspecialchars($result['contact_person']) . '

'; + echo '

联系电话:' . htmlspecialchars($result['contact_phone']) . '

'; + echo '

联系邮箱:' . htmlspecialchars($result['contact_email']) . '

'; + echo '

网站地址:' . htmlspecialchars($result['website_url']) . '

'; + echo '

提交日期:' . htmlspecialchars($result['created_at']) . '

'; + echo '

处理日期:' . htmlspecialchars($result['processed_at'] ?? '未处理') . '

'; + echo '

状态:' . ($result['status'] === 'pending' ? '待审核' : ($result['status'] === 'approved' ? '已通过' : '已拒绝')) . '

'; + echo '

网站描述:' . nl2br(htmlspecialchars($result['website_description'])) . '

'; + if (!empty($result['reason'])) { + echo '

处理说明:' . nl2br(htmlspecialchars($result['reason'])) . '

'; + } + echo '
'; + } + } else { + echo '
'; + echo '

没有找到符合条件的备案信息

'; + echo '
'; + } + } + ?> +
+
+
+ + \ No newline at end of file