kezhui/TrackICP
1
0
Fork 0
mirror of https://github.com/UISNBLOON/TrackICP.git synced 2025-11-20 14:55:57 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: kezhui:7dc603fd42090373f61f9eba5c6c5bf2d0881243
Branches Tags
kezhui:main
kezhui:V1.0.2
kezhui:V1.0.1
kezhui:TrackICP
...
compare: kezhui:c67f0eabfe6f8d2a41be7a85060e224374043cf8
Branches Tags
kezhui:main
kezhui:V1.0.2
kezhui:V1.0.1
kezhui:TrackICP

3 commits
7dc603fd42 ... c67f0eabfe

Author SHA1 Message Date
UISNBLOON
c67f0eabfe
Merge pull request #2 from terrified2025/main 
修复了容易被黑掉的bug
 2025-10-04 09:58:02 +08:00
terrified2025
24b4dd868c
Delete ddd.zip 2025-08-23 00:31:10 +08:00
terrified2025
bc57760643
Add files via upload 2025-08-23 00:26:40 +08:00
13 changed files with 3563 additions and 2938 deletions
Download patch file Download diff file Expand all files Collapse all files

11
admin/add_registration.php
View file

@ -1,4 +1,9 @@
<?php <?php
session_start();
require_once '../auth_check.php';
checkAdminAuth();
$csrf_token = generateCSRFToken();

// 加载配置 // 加载配置
$config = include '../config.php'; $config = include '../config.php';


@ -37,6 +42,9 @@ if (!$siteInfo) {
$success = ''; $success = '';
$errors = []; $errors = [];
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 验证CSRF令牌
verifyCSRFToken($_POST['csrf_token'] ?? '');
// 验证表单数据 // 验证表单数据
$data = []; $data = [];


@ -103,7 +111,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {


// 如果没有错误,保存数据 // 如果没有错误,保存数据
if (empty($errors)) { if (empty($errors)) {
// 生成唯一备案编号 (ICP-年月日-6位ID)
// 生成8位数字备案编号 // 生成8位数字备案编号
$data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); $data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT);
$data['created_at'] = date('Y-m-d H:i:s'); $data['created_at'] = date('Y-m-d H:i:s');
@ -338,6 +345,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<?php endif; ?> <?php endif; ?>


<form method="post" enctype="multipart/form-data"> <form method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
<div class="form-group"> <div class="form-group">
<label for="website_name">网站名称 *</label> <label for="website_name">网站名称 *</label>
<input type="text" id="website_name" name="website_name" required placeholder="请输入网站的名称"> <input type="text" id="website_name" name="website_name" required placeholder="请输入网站的名称">

11
admin/admin_dashboard.php
View file

@ -1,5 +1,10 @@
<!DOCTYPE html> <!DOCTYPE html>
<?php <?php
session_start();
require_once '../auth_check.php';
checkAdminAuth();
$csrf_token = generateCSRFToken();

// 加载配置 // 加载配置
$config = include '../config.php'; $config = include '../config.php';


@ -35,7 +40,10 @@ if (!$siteInfo) {
} }


// 处理备案状态更新 // 处理备案状态更新
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_status' && isset($_POST['id']) && isset($_POST['status'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_status') {
// 验证CSRF令牌
verifyCSRFToken($_POST['csrf_token'] ?? '');
$id = $_POST['id']; $id = $_POST['id'];
$status = $_POST['status']; $status = $_POST['status'];
$reason = $_POST['reason'] ?? ''; $reason = $_POST['reason'] ?? '';
@ -514,6 +522,7 @@ ensureEmailConfigTableExists($pdo);
<h3 id="modalTitle">审核操作</h3> <h3 id="modalTitle">审核操作</h3>
<form method="post" id="actionForm"> <form method="post" id="actionForm">
<input type="hidden" name="action" value="update_status"> <input type="hidden" name="action" value="update_status">
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
<input type="hidden" name="id" id="registrationId"> <input type="hidden" name="id" id="registrationId">
<input type="hidden" name="status" id="actionStatus"> <input type="hidden" name="status" id="actionStatus">

88
admin/admin_login.php
View file

@ -1,4 +1,6 @@
<?php <?php
session_start();

// 加载配置 // 加载配置
$config = include '../config.php'; $config = include '../config.php';


@ -8,52 +10,99 @@ function getDatabaseConnection() {
try { try {
if ($config['database_type'] === 'mysql') { if ($config['database_type'] === 'mysql') {
$dsn = "mysql:host={$config['database_config']['host']};port={$config['database_config']['port']};dbname={$config['database_config']['name']};charset=utf8mb4"; $dsn = "mysql:host={$config['database_config']['host']};port={$config['database_config']['port']};dbname={$config['database_config']['name']};charset=utf8mb4";
return new PDO($dsn, $config['database_config']['user'], $config['database_config']['password']); $pdo = new PDO($dsn, $config['database_config']['user'], $config['database_config']['password']);
} else if ($config['database_type'] === 'sqlite') { } else if ($config['database_type'] === 'sqlite') {
$dsn = "sqlite:{$config['database_config']['path']}"; $dsn = "sqlite:{$config['database_config']['path']}";
return new PDO($dsn); $pdo = new PDO($dsn);
} }
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $pdo;
} catch (PDOException $e) { } catch (PDOException $e) {
die('数据库连接失败: ' . $e->getMessage()); die('数据库连接失败');
} }
} }


// 处理注销请求 // 处理注销请求
if (isset($_GET['action']) && $_GET['action'] === 'logout') { if (isset($_GET['action']) && $_GET['action'] === 'logout') {
setcookie('admin_logged_in', '', time() - 3600, '/'); session_unset();
session_destroy();
header('Location: admin_login.php'); header('Location: admin_login.php');
exit; exit;
} }


// 检查是否已登录 // 检查是否已登录
if (isset($_COOKIE['admin_logged_in']) && $_COOKIE['admin_logged_in'] === 'true') { if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) {
header('Location: admin_dashboard.php'); header('Location: admin_dashboard.php');
exit; exit;
} }


// 防止暴力破解:记录失败次数
if (!isset($_SESSION['login_attempts'])) {
$_SESSION['login_attempts'] = 0;
$_SESSION['last_attempt'] = time();
}

// 重置计数器5分钟后
if (time() - $_SESSION['last_attempt'] > 300) {
$_SESSION['login_attempts'] = 0;
}

$error = ''; $error = '';

// 处理登录请求 // 处理登录请求
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 检查是否超过最大尝试次数5次
if ($_SESSION['login_attempts'] >= 5) {
$error = '登录尝试次数过多请5分钟后重试';
} else {
// 验证CSRF令牌
if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$error = '安全验证失败,请重新登录';
} else {
$username = $_POST['username'] ?? ''; $username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? ''; $password = $_POST['password'] ?? '';


// 输入验证
if (empty($username) || empty($password)) {
$error = '用户名和密码不能为空';
} else {
// 连接数据库 // 连接数据库
$pdo = getDatabaseConnection(); $pdo = getDatabaseConnection();


// 查询管理员信息 // 查询管理员信息
$stmt = $pdo->prepare("SELECT password_hash FROM admins WHERE username = ?"); $stmt = $pdo->prepare("SELECT id, password_hash FROM admins WHERE username = ?");
$stmt->execute([$username]); $stmt->execute([$username]);
$admin = $stmt->fetch(PDO::FETCH_ASSOC); $admin = $stmt->fetch(PDO::FETCH_ASSOC);


// 验证密码 // 验证密码
if ($admin && password_verify($password, $admin['password_hash'])) { if ($admin && password_verify($password, $admin['password_hash'])) {
// 设置登录cookie有效期1小时 // 登录成功,重置尝试次数
setcookie('admin_logged_in', 'true', time() + 3600, '/'); $_SESSION['login_attempts'] = 0;
// 设置会话变量
$_SESSION['admin_logged_in'] = true;
$_SESSION['admin_id'] = $admin['id'];
$_SESSION['admin_username'] = $username;
$_SESSION['last_activity'] = time();
// 重新生成会话ID
session_regenerate_id(true);
header('Location: admin_dashboard.php'); header('Location: admin_dashboard.php');
exit; exit;
} else { } else {
$_SESSION['login_attempts']++;
$_SESSION['last_attempt'] = time();
$error = '用户名或密码错误'; $error = '用户名或密码错误';
} }
}
}
}
}

// 生成CSRF令牌
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -137,23 +186,40 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
margin-top: 15px; margin-top: 15px;
text-align: center; text-align: center;
} }
.info {
color: #666;
font-size: 0.85rem;
margin-top: 20px;
text-align: center;
}
</style> </style>
</head> </head>
<body> <body>
<div class="login-container"> <div class="login-container">
<h1>管理员登录</h1> <h1>管理员登录</h1>
<form method="post" class="login-form"> <form method="post" class="login-form">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<div class="form-group"> <div class="form-group">
<label for="username">用户名</label> <label for="username">用户名</label>
<input type="text" id="username" name="username" required placeholder="请输入管理员用户名"> <input type="text" id="username" name="username" required placeholder="请输入管理员用户名" autocomplete="username">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="password">密码</label> <label for="password">密码</label>
<input type="password" id="password" name="password" required placeholder="请输入管理员密码"> <input type="password" id="password" name="password" required placeholder="请输入管理员密码" autocomplete="current-password">
</div> </div>
<button type="submit" class="btn">登录</button> <button type="submit" class="btn">登录</button>
<?php if (!empty($error)): ?> <?php if (!empty($error)): ?>
<div class="error"><?php echo $error; ?></div> <div class="error"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<?php if ($_SESSION['login_attempts'] >= 3): ?>
<div class="info">
剩余尝试次数: <?php echo 5 - $_SESSION['login_attempts']; ?>
</div>
<?php endif; ?> <?php endif; ?>
</form> </form>
</div> </div>

15
admin/approve.php
View file

@ -1,11 +1,7 @@
<?php <?php
// 管理员审核通过备案申请 session_start();

require_once '../auth_check.php';
// 检查是否已登录 checkAdminAuth();
if (!isset($_COOKIE['admin_logged_in']) || $_COOKIE['admin_logged_in'] !== 'true') {
header('Location: admin_login.php');
exit;
}


// 检查是否提供了申请ID // 检查是否提供了申请ID
if (!isset($_POST['registration_id'])) { if (!isset($_POST['registration_id'])) {
@ -15,8 +11,11 @@ if (!isset($_POST['registration_id'])) {
$registrationId = $_POST['registration_id']; $registrationId = $_POST['registration_id'];
$reason = $_POST['reason'] ?? '审核通过'; $reason = $_POST['reason'] ?? '审核通过';


// 加载配置 // 正确加载配置
$config = include '../config.php'; $config = include '../config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}


// 初始化数据库连接 // 初始化数据库连接
require_once '../db_init.php'; require_once '../db_init.php';

32
admin/manage_admins.php
View file

@ -1,12 +1,16 @@
<?php <?php
// 管理管理员账户脚本 session_start();
// 使用方法: 访问此文件并按照提示操作 require_once '../auth_check.php';
checkAdminAuth();


error_reporting(E_ALL); error_reporting(E_ALL);
ini_set('display_errors', 1); ini_set('display_errors', 1);


// 加载配置 // 正确加载配置
$config = include '../config.php'; $config = include '../config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}


// 数据库连接函数 // 数据库连接函数
function getDatabaseConnection() { function getDatabaseConnection() {
@ -72,6 +76,10 @@ $message = '';
$success = false; $success = false;


if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 验证CSRF令牌
if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$message = '安全验证失败';
} else {
if (isset($_POST['action'])) { if (isset($_POST['action'])) {
switch ($_POST['action']) { switch ($_POST['action']) {
case 'add': case 'add':
@ -94,17 +102,25 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {


case 'delete': case 'delete':
$id = (int)$_POST['id']; $id = (int)$_POST['id'];
// 防止删除自己
if ($id == $_SESSION['admin_id']) {
$message = '不能删除当前登录的管理员账户';
} else {
$result = deleteAdmin($pdo, $id); $result = deleteAdmin($pdo, $id);
$success = $result['success']; $success = $result['success'];
$message = $result['message']; $message = $result['message'];
}
break; break;
} }
} }
}
} }


// 生成CSRF令牌
$csrf_token = generateCSRFToken();

// 获取所有管理员 // 获取所有管理员
$admins = getAllAdmins($pdo); $admins = getAllAdmins($pdo);

?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="zh-CN"> <html lang="zh-CN">
@ -244,14 +260,19 @@ $admins = getAllAdmins($pdo);
<?php foreach ($admins as $admin): ?> <?php foreach ($admins as $admin): ?>
<tr> <tr>
<td><?php echo $admin['id']; ?></td> <td><?php echo $admin['id']; ?></td>
<td><?php echo $admin['username']; ?></td> <td><?php echo htmlspecialchars($admin['username']); ?></td>
<td><?php echo $admin['created_at']; ?></td> <td><?php echo $admin['created_at']; ?></td>
<td> <td>
<?php if ($admin['id'] != $_SESSION['admin_id']): ?>
<form method="post" style="display: inline;"> <form method="post" style="display: inline;">
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
<input type="hidden" name="action" value="delete"> <input type="hidden" name="action" value="delete">
<input type="hidden" name="id" value="<?php echo $admin['id']; ?>"> <input type="hidden" name="id" value="<?php echo $admin['id']; ?>">
<button type="submit" class="btn btn-danger" onclick="return confirm('确定要删除这个管理员账户吗?');">删除</button> <button type="submit" class="btn btn-danger" onclick="return confirm('确定要删除这个管理员账户吗?');">删除</button>
</form> </form>
<?php else: ?>
<span style="color: #999;">当前账户</span>
<?php endif; ?>
</td> </td>
</tr> </tr>
<?php endforeach; ?> <?php endforeach; ?>
@ -262,6 +283,7 @@ $admins = getAllAdmins($pdo);
<div class="card"> <div class="card">
<h2>添加新管理员</h2> <h2>添加新管理员</h2>
<form method="post"> <form method="post">
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
<input type="hidden" name="action" value="add"> <input type="hidden" name="action" value="add">
<div class="form-group"> <div class="form-group">
<label for="username">用户名</label> <label for="username">用户名</label>

17
admin/reject.php
View file

@ -1,11 +1,7 @@
<?php <?php
// 管理员拒绝备案申请 session_start();

require_once '../auth_check.php';
// 检查是否已登录 checkAdminAuth();
if (!isset($_COOKIE['admin_logged_in']) || $_COOKIE['admin_logged_in'] !== 'true') {
header('Location: admin_login.php');
exit;
}


// 检查是否提供了申请ID // 检查是否提供了申请ID
if (!isset($_POST['registration_id'])) { if (!isset($_POST['registration_id'])) {
@ -19,8 +15,11 @@ if (empty($reason)) {
die('请提供拒绝原因'); die('请提供拒绝原因');
} }


// 加载配置 // 正确加载配置
$config = include '../config.php'; $config = include '../config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}


// 初始化数据库连接 // 初始化数据库连接
require_once '../db_init.php'; require_once '../db_init.php';
@ -49,7 +48,7 @@ try {


// 发送邮件通知 // 发送邮件通知
try { try {
$emailUtils = new EmailUtils($config); $emailUtils = new EmailUtils($pdo);
$emailUtils->sendRejectionEmail($registration); $emailUtils->sendRejectionEmail($registration);
} catch (Exception $e) { } catch (Exception $e) {
// 邮件发送失败,记录日志但不影响主流程 // 邮件发送失败,记录日志但不影响主流程

476
admin/settings.php Normal file
View file

@ -0,0 +1,476 @@
<?php
session_start();
require_once '../auth_check.php';
checkAdminAuth();
$csrf_token = generateCSRFToken();

// 加载配置
$config = include '../config.php';

// 数据库连接函数
function getDatabaseConnection() {
global $config;
try {
if ($config['database_type'] === 'mysql') {
$dsn = "mysql:host={$config['database_config']['host']};port={$config['database_config']['port']};dbname={$config['database_config']['name']};charset=utf8mb4";
return new PDO($dsn, $config['database_config']['user'], $config['database_config']['password']);
} else if ($config['database_type'] === 'sqlite') {
$dsn = "sqlite:{$config['database_config']['path']}";
return new PDO($dsn);
}
} catch (PDOException $e) {
die('数据库连接失败: ' . $e->getMessage());
}
}

// 连接数据库
$pdo = getDatabaseConnection();

// 从数据库获取网站信息
$stmt = $pdo->query("SELECT name, description FROM site_info LIMIT 1");
$siteInfo = $stmt->fetch(PDO::FETCH_ASSOC);

// 如果找不到网站信息,使用配置文件中的默认值
if (!$siteInfo) {
$siteInfo = [
'name' => $config['site_name'] ?? '二次元网站备案系统',
'description' => $config['site_description'] ?? '管理和审核网站备案申请'
];
}

// 从数据库获取邮件配置
$stmt = $pdo->query("SELECT * FROM email_config LIMIT 1");
$emailConfig = $stmt->fetch(PDO::FETCH_ASSOC);

// 如果找不到邮件配置,使用默认值
if (!$emailConfig) {
$emailConfig = [
'smtp_host' => '',
'smtp_port' => 465,
'smtp_username' => '',
'smtp_password' => '',
'smtp_encryption' => 'ssl',
'from_email' => '',
'from_name' => $siteInfo['name']
];
}

// 处理表单提交
$success = '';
$errors = [];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 验证CSRF令牌
verifyCSRFToken($_POST['csrf_token'] ?? '');
// 处理站点设置
$siteName = trim($_POST['site_name']);
$siteDescription = trim($_POST['site_description']);

// 处理邮件设置
$smtpHost = trim($_POST['smtp_host']);
$smtpPort = (int)$_POST['smtp_port'];
$smtpUsername = trim($_POST['smtp_username']);
$smtpPassword = trim($_POST['smtp_password']);
$smtpEncryption = $_POST['smtp_encryption'];
$fromEmail = trim($_POST['from_email']);
$fromName = trim($_POST['from_name']);

// 验证必填字段
if (empty($siteName)) {
$errors[] = '站点名称不能为空';
}

if (empty($smtpHost) || empty($smtpUsername) || empty($smtpPassword) || empty($fromEmail)) {
$errors[] = '邮件配置的必填字段不能为空';
}

if (empty($errors)) {
try {
// 开始事务
$pdo->beginTransaction();

// 更新站点信息
if ($siteInfo) {
$stmt = $pdo->prepare("UPDATE site_info SET name = ?, description = ?");
$stmt->execute([$siteName, $siteDescription]);
} else {
$stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)");
$stmt->execute([$siteName, $siteDescription]);
}

// 更新邮件配置
if ($emailConfig) {
$stmt = $pdo->prepare("UPDATE email_config SET smtp_host = ?, smtp_port = ?, smtp_username = ?, smtp_password = ?, smtp_encryption = ?, from_email = ?, from_name = ?");
$stmt->execute([$smtpHost, $smtpPort, $smtpUsername, $smtpPassword, $smtpEncryption, $fromEmail, $fromName]);
} else {
$stmt = $pdo->prepare("INSERT INTO email_config (smtp_host, smtp_port, smtp_username, smtp_password, smtp_encryption, from_email, from_name) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$smtpHost, $smtpPort, $smtpUsername, $smtpPassword, $smtpEncryption, $fromEmail, $fromName]);
}

// 提交事务
$pdo->commit();

$success = '设置已成功保存';

// 更新本地变量以反映更改
$siteInfo['name'] = $siteName;
$siteInfo['description'] = $siteDescription;
$emailConfig = [
'smtp_host' => $smtpHost,
'smtp_port' => $smtpPort,
'smtp_username' => $smtpUsername,
'smtp_password' => $smtpPassword,
'smtp_encryption' => $smtpEncryption,
'from_email' => $fromEmail,
'from_name' => $fromName
];
} catch (PDOException $e) {
// 回滚事务
$pdo->rollBack();
$errors[] = '保存设置失败: ' . $e->getMessage();
}
}
}

// 确保email_config表存在
function ensureEmailConfigTableExists($pdo) {
try {
// 根据数据库类型选择自增关键字
global $config;
$auto_increment = ($config['database_type'] === 'mysql') ? 'AUTO_INCREMENT' : 'AUTOINCREMENT';
$int_type = ($config['database_type'] === 'mysql') ? 'INT' : 'INTEGER';

$pdo->exec("CREATE TABLE IF NOT EXISTS email_config (
id $int_type PRIMARY KEY $auto_increment,
smtp_host VARCHAR(255) NOT NULL,
smtp_port INTEGER NOT NULL,
smtp_username VARCHAR(255) NOT NULL,
smtp_password VARCHAR(255) NOT NULL,
smtp_encryption VARCHAR(10) NOT NULL,
from_email VARCHAR(255) NOT NULL,
from_name VARCHAR(255) NOT NULL,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)");
} catch (PDOException $e) {
die('创建email_config表失败: ' . $e->getMessage());
}
}

// 确保表存在
ensureEmailConfigTableExists($pdo);
?>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>系统设置 - <?php echo $siteInfo['name']; ?></title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
background-color: #f0f2f5;
color: #333;
line-height: 1.6;
}
.container {
max-width: 800px;
margin: 0 auto;
padding: 20px;
}
.header-frosted {
position: fixed;
top: 0;
left: 0;
right: 0;
background: rgba(255, 255, 255, 0.7);
backdrop-filter: blur(10px);
-webkit-backdrop-filter: blur(10px);
color: #333;
padding: 15px 20px;
display: flex;
justify-content: space-between;
align-items: center;
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
z-index: 1000;
}
.header-nav {
display: flex;
gap: 20px;
}
.header-nav span {
cursor: pointer;
color: #7873f5;
font-weight: bold;
transition: color 0.3s ease;
}
.header-nav span:hover {
color: #605acf;
}
header {
background: linear-gradient(135deg, #ff6ec7, #7873f5);
color: white;
padding: 80px 0 40px;
text-align: center;
border-radius: 10px;
margin-bottom: 30px;
box-shadow: 0 4px 12px rgba(0,0,0,0.1);
margin-top: 60px;
}
h1 {
font-size: 2rem;
margin-bottom: 10px;
}
.card {
background: white;
border-radius: 10px;
padding: 30px;
margin-bottom: 30px;
box-shadow: 0 2px 10px rgba(0,0,0,0.05);
}
h2 {
color: #7873f5;
margin-bottom: 20px;
padding-bottom: 10px;
border-bottom: 2px solid #f0f0f0;
}
.form-group {
margin-bottom: 20px;
}
label {
display: block;
margin-bottom: 8px;
font-weight: bold;
color: #555;
}
input[type="text"],
input[type="email"],
input[type="password"],
textarea,
select {
width: 100%;
padding: 12px;
border: 1px solid #ddd;
border-radius: 6px;
font-size: 1rem;
transition: border 0.3s ease;
}
input[type="text"]:focus,
input[type="email"]:focus,
input[type="password"]:focus,
textarea:focus,
select:focus {
border-color: #7873f5;
outline: none;
box-shadow: 0 0 0 3px rgba(120, 115, 245, 0.2);
}
textarea {
height: 150px;
resize: vertical;
}
.btn {
display: inline-block;
background: #7873f5;
color: white;
padding: 12px 25px;
border-radius: 30px;
text-decoration: none;
font-weight: bold;
transition: background 0.3s ease;
border: none;
cursor: pointer;
font-size: 1rem;
}
.btn:hover {
background: #605acf;
}
.btn-container {
text-align: center;
margin-top: 30px;
}
.back-link {
display: inline-block;
margin-top: 15px;
color: #7873f5;
text-decoration: none;
}
.back-link:hover {
text-decoration: underline;
}
.error {
color: #e74c3c;
font-size: 0.9rem;
margin-top: 5px;
}
.success {
color: #2ecc71;
padding: 15px;
background: #f1f9f1;
border-radius: 6px;
margin-bottom: 20px;
border-left: 4px solid #2ecc71;
}
.logout-btn {
background: #e74c3c;
color: white;
border: none;
padding: 8px 15px;
border-radius: 30px;
cursor: pointer;
font-weight: bold;
transition: background 0.3s ease;
}
.logout-btn:hover {
background: #c0392b;
}
.tab-container {
margin-bottom: 20px;
}
.tab {
display: inline-block;
padding: 10px 20px;
background: #f0f0f0;
border-radius: 5px 5px 0 0;
cursor: pointer;
font-weight: bold;
color: #777;
transition: all 0.3s ease;
}
.tab.active {
background: white;
color: #7873f5;
border-top: 2px solid #7873f5;
}
.tab-content {
display: none;
background: white;
padding: 20px;
border-radius: 0 5px 5px 5px;
box-shadow: 0 2px 5px rgba(0,0,0,0.1);
}
.tab-content.active {
display: block;
}
</style>
<script>
document.addEventListener('DOMContentLoaded', function() {
// 选项卡切换
const tabs = document.querySelectorAll('.tab');
tabs.forEach(tab => {
tab.addEventListener('click', function() {
// 移除所有active类
document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
document.querySelectorAll('.tab-content').forEach(c => c.classList.remove('active'));

// 添加active类到当前选项卡
this.classList.add('active');
const target = this.getAttribute('data-target');
document.getElementById(target).classList.add('active');
});
});
});
</script>
</head>
<body>
<div class="header-frosted">
<h3><?php echo $siteInfo['name']; ?> - 管理员面板</h3>
<div class="header-nav">
<span onclick="window.location.href='admin_dashboard.php'">控制面板</span>
<span onclick="window.location.href='admin_dashboard.php?view=all'">所有备案</span>
<span onclick="window.location.href='admin_dashboard.php?view=pending'">待审核备案</span>
<span onclick="window.location.href='add_registration.php'">添加备案</span>
<span onclick="window.location.href='settings.php'">系统设置</span>
<button class="logout-btn" onclick="window.location.href='admin_login.php?action=logout'">退出登录</button>
</div>
</div>
<div class="container">
<header>
<h1><?php echo $siteInfo['name']; ?> - 系统设置</h1>
<p>配置站点信息和邮件设置</p>
</header>

<div class="card">
<h2>系统设置</h2>

<?php if ($success): ?>
<div class="success"><?php echo $success; ?></div>
<?php endif; ?>

<?php if (!empty($errors)): ?>
<?php foreach ($errors as $error): ?>
<div class="error"><?php echo $error; ?></div>
<?php endforeach; ?>
<?php endif; ?>

<div class="tab-container">
<div class="tab active" data-target="site-settings">站点设置</div>
<div class="tab" data-target="email-settings">邮件设置</div>
</div>

<form method="post">
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
<div id="site-settings" class="tab-content active">
<div class="form-group">
<label for="site_name">站点名称 *</label>
<input type="text" id="site_name" name="site_name" required value="<?php echo htmlspecialchars($siteInfo['name']); ?>">
</div>

<div class="form-group">
<label for="site_description">站点描述</label>
<textarea id="site_description" name="site_description"><?php echo htmlspecialchars($siteInfo['description']); ?></textarea>
</div>
</div>

<div id="email-settings" class="tab-content">
<div class="form-group">
<label for="smtp_host">SMTP 服务器 *</label>
<input type="text" id="smtp_host" name="smtp_host" required value="<?php echo htmlspecialchars($emailConfig['smtp_host']); ?>">
</div>

<div class="form-group">
<label for="smtp_port">SMTP 端口 *</label>
<input type="text" id="smtp_port" name="smtp_port" required value="<?php echo htmlspecialchars($emailConfig['smtp_port']); ?>">
</div>

<div class="form-group">
<label for="smtp_encryption">加密方式 *</label>
<select id="smtp_encryption" name="smtp_encryption" required>
<option value="ssl" <?php echo $emailConfig['smtp_encryption'] === 'ssl' ? 'selected' : ''; ?>>SSL</option>
<option value="tls" <?php echo $emailConfig['smtp_encryption'] === 'tls' ? 'selected' : ''; ?>>TLS</option>
<option value="none" <?php echo $emailConfig['smtp_encryption'] === 'none' ? 'selected' : ''; ?>>无</option>
</select>
</div>

<div class="form-group">
<label for="smtp_username">SMTP 用户名 *</label>
<input type="text" id="smtp_username" name="smtp_username" required value="<?php echo htmlspecialchars($emailConfig['smtp_username']); ?>">
</div>

<div class="form-group">
<label for="smtp_password">SMTP 密码 *</label>
<input type="password" id="smtp_password" name="smtp_password" required value="<?php echo htmlspecialchars($emailConfig['smtp_password']); ?>">
</div>

<div class="form-group">
<label for="from_email">发件人邮箱 *</label>
<input type="email" id="from_email" name="from_email" required value="<?php echo htmlspecialchars($emailConfig['from_email']); ?>">
</div>

<div class="form-group">
<label for="from_name">发件人名称 *</label>
<input type="text" id="from_name" name="from_name" required value="<?php echo htmlspecialchars($emailConfig['from_name']); ?>">
</div>
</div>

<div class="btn-container">
<button type="submit" class="btn">保存设置</button>
<a href="admin_dashboard.php" class="back-link">返回控制面板</a>
</div>
</form>
</div>
</div>
</body>
</html>

44
auth_check.php Normal file
View file

@ -0,0 +1,44 @@
<?php
// 统一身份验证和安全检查模块
session_start();

// 验证管理员登录状态
function checkAdminAuth() {
// 检查 session 而不是 cookie
if (!isset($_SESSION['admin_logged_in']) || $_SESSION['admin_logged_in'] !== true) {
header('Location: /admin/admin_login.php');
exit;
}
// 检查会话超时1小时
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > 3600)) {
session_unset();
session_destroy();
header('Location: /admin/admin_login.php?timeout=1');
exit;
}
$_SESSION['last_activity'] = time();
// 重新生成会话ID以防止会话固定攻击
if (!isset($_SESSION['regenerated'])) {
session_regenerate_id(true);
$_SESSION['regenerated'] = true;
}
}

// 生成CSRF令牌
function generateCSRFToken() {
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
return $_SESSION['csrf_token'];
}

// 验证CSRF令牌
function verifyCSRFToken($token) {
if (!isset($_SESSION['csrf_token']) || $token !== $_SESSION['csrf_token']) {
die('CSRF token validation failed');
}
}
?>

42
db_init.php
View file

@ -1,9 +1,15 @@
<?php <?php
// 数据库初始化脚本 // 数据库初始化脚本
// 这个脚本用于创建必要的数据库表结构 // 安全检查:如果系统已安装,禁止访问
if (file_exists('.installed')) {
die('系统已安装。数据库初始化已被禁用。');
}


// 加载配置 // 正确加载配置
$config = include 'config.php'; $config = include 'config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}


// 数据库连接函数 // 数据库连接函数
function getDatabaseConnection() { function getDatabaseConnection() {
@ -24,7 +30,6 @@ function getDatabaseConnection() {
// 连接数据库 // 连接数据库
$pdo = getDatabaseConnection(); $pdo = getDatabaseConnection();


// 创建表的SQL语句
// 根据数据库类型选择合适的自增语法 // 根据数据库类型选择合适的自增语法
$autoIncrement = $config['database_type'] === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT'; $autoIncrement = $config['database_type'] === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT';


@ -68,36 +73,7 @@ try {
foreach ($queries as $query) { foreach ($queries as $query) {
$pdo->exec($query); $pdo->exec($query);
} }

echo "数据库表结构初始化完成<br>";
// 初始化管理员账户
$stmt = $pdo->prepare("SELECT COUNT(*) FROM admins");
$stmt->execute();
$count = $stmt->fetchColumn();

if ($count === 0) {
// 创建默认管理员账户
$username = $config['admin']['username'];
$password = $config['admin']['password'];
$passwordHash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $pdo->prepare("INSERT INTO admins (username, password_hash) VALUES (?, ?)");
$stmt->execute([$username, $passwordHash]);

echo "管理员账户已创建!用户名: $username, 密码: $password <br>";
echo "请登录后立即修改密码!<br>";
}

// 初始化网站信息
$stmt = $pdo->prepare("SELECT COUNT(*) FROM site_info");
$stmt->execute();
$count = $stmt->fetchColumn();

if ($count === 0) {
$stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)");
$stmt->execute([$config['site_name'], $config['site_description']]);
}

// 表结构初始化完成
} catch (PDOException $e) { } catch (PDOException $e) {
die('创建表结构失败: ' . $e->getMessage()); die('创建表结构失败: ' . $e->getMessage());
} }

18
index.php
View file

@ -2,14 +2,15 @@
<?php <?php
// 检查是否已安装 // 检查是否已安装
if (!file_exists('config.php')) { if (!file_exists('config.php')) {
// 调试信息
error_log('index.php: config.php不存在重定向到install.php');
header('Location: install.php'); header('Location: install.php');
exit; exit;
} }


// 加载配置 // 正确加载配置
$config = include 'config.php'; $config = include 'config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}
?> ?>
<?php include 'common_header.php'; ?> <?php include 'common_header.php'; ?>


@ -29,12 +30,11 @@ $config = include 'config.php';
line-height: 1.6; line-height: 1.6;
background-color: #f0f2f5; background-color: #f0f2f5;
} }
/* 页眉样式已移至common_header.php */
.container { .container {
max-width: 1200px; max-width: 1200px;
margin: 0 auto; margin: 0 auto;
padding: 20px; padding: 20px;
margin-top: 90px; /* 为固定的页眉留出空间 */ margin-top: 90px;
} }
h1 { h1 {
font-size: 2.5rem; font-size: 2.5rem;
@ -56,18 +56,15 @@ $config = include 'config.php';
box-shadow: 0 2px 10px rgba(0,0,0,0.05); box-shadow: 0 2px 10px rgba(0,0,0,0.05);
transition: transform 0.3s ease, box-shadow 0.3s ease; transition: transform 0.3s ease, box-shadow 0.3s ease;
} }

.form-group { .form-group {
margin-bottom: 20px; margin-bottom: 20px;
} }

label { label {
display: block; display: block;
margin-bottom: 8px; margin-bottom: 8px;
font-weight: bold; font-weight: bold;
color: #555; color: #555;
} }

input[type="text"], input[type="text"],
select { select {
width: 100%; width: 100%;
@ -77,14 +74,12 @@ $config = include 'config.php';
font-size: 1rem; font-size: 1rem;
transition: border 0.3s ease; transition: border 0.3s ease;
} }

input[type="text"]:focus, input[type="text"]:focus,
select:focus { select:focus {
border-color: #7873f5; border-color: #7873f5;
outline: none; outline: none;
box-shadow: 0 0 0 3px rgba(120, 115, 245, 0.2); box-shadow: 0 0 0 3px rgba(120, 115, 245, 0.2);
} }

.btn-container { .btn-container {
text-align: center; text-align: center;
margin-top: 30px; margin-top: 30px;
@ -152,7 +147,6 @@ $config = include 'config.php';
</style> </style>
</head> </head>
<body> <body>

<div class="container"> <div class="container">
<div class="card"> <div class="card">
<h2>备案查询</h2> <h2>备案查询</h2>
@ -177,8 +171,6 @@ $config = include 'config.php';
</div> </div>
</form> </form>
</div> </div>

<!-- 页脚已删除 -->
</div> </div>
</body> </body>
</html> </html>

68
install.php
View file

@ -1,9 +1,11 @@
<?php <?php
// 安装程序 // 检查是否已安装(通过锁文件)
if (file_exists('.installed')) {
die('系统已安装。如需重新安装,请删除 .installed 文件。');
}

// 检查是否已安装,允许通过?force=1参数强制进入安装 // 检查是否已安装,允许通过?force=1参数强制进入安装
if (file_exists('config.php') && (!isset($_GET['force']) || $_GET['force'] !== '1')) { if (file_exists('config.php') && (!isset($_GET['force']) || $_GET['force'] !== '1')) {
// 调试信息
error_log('install.php: config.php存在重定向到index.php');
header('Location: index.php'); header('Location: index.php');
exit; exit;
} }
@ -66,7 +68,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {


// 如果没有错误,创建配置文件 // 如果没有错误,创建配置文件
if (empty($errors)) { if (empty($errors)) {
// 创建配置文件
// 生成密码哈希 // 生成密码哈希
$password_hash = password_hash($admin_password, PASSWORD_DEFAULT); $password_hash = password_hash($admin_password, PASSWORD_DEFAULT);


@ -135,11 +136,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)"); $stmt = $pdo->prepare("INSERT INTO site_info (name, description) VALUES (?, ?)");
$stmt->execute([$site_name, $site_description]); $stmt->execute([$site_name, $site_description]);


// 创建配置文件内容 // 创建配置文件内容(不包含明文密码)
$config_content = <<<EOT $config_content = <<<EOT
<?php <?php
/** /**
* 网站备案系统配置文件 * 网站备案系统配置文件
* 安装时间: " . date('Y-m-d H:i:s') . "
*/ */


return [ return [
@ -170,13 +172,7 @@ EOT;
$config_content .= <<<EOT $config_content .= <<<EOT
], ],


// 管理员账户 // 邮件配置(请在系统设置中配置)
'admin' => [
'username' => '$admin_username',
'password' => '$admin_password' // 安装后会自动加密
],

// 邮件配置
'email' => [ 'email' => [
'smtp_host' => '', 'smtp_host' => '',
'smtp_port' => 465, 'smtp_port' => 465,
@ -196,6 +192,15 @@ EOT;
mkdir('data', 0755); mkdir('data', 0755);
} }


// 创建安装锁文件
file_put_contents('.installed', date('Y-m-d H:i:s'));
// 尝试删除安装文件
@unlink(__FILE__);
// 如果存在db_init.php也删除它
@unlink('db_init.php');

// 安装完成,显示提示页面 // 安装完成,显示提示页面
echo '<!DOCTYPE html> echo '<!DOCTYPE html>
<html lang="zh-CN"> <html lang="zh-CN">
@ -239,16 +244,47 @@ EOT;
.btn:hover { .btn:hover {
background-color: #45a049; background-color: #45a049;
} }
.permissions {
text-align: left;
background: #f9f9f9;
padding: 15px;
border-radius: 5px;
margin: 20px 0;
}
.permissions h3 {
margin-top: 0;
}
.permissions code {
background: #eee;
padding: 2px 5px;
border-radius: 3px;
}
</style> </style>
</head> </head>
<body> <body>
<div class="container"> <div class="container">
<h1>安装完成!</h1> <h1>安装完成!</h1>
<div class="warning"> <div class="warning">
<p>重要安全提示:请立即删除服务器上的 install.php 文件!</p> <p>重要:请立即设置正确的文件权限!</p>
<p>该文件包含敏感信息,可能被未授权用户利用。</p>
</div> </div>
<p>安装已成功完成,您的网站备案系统已准备就绪。</p> <div class="permissions">
<h3>请在服务器上执行以下命令:</h3>
<p>1. 设置目录权限:</p>
<p><code>chmod 755 /path/to/your/site</code></p>
<p><code>chmod 750 /path/to/your/site/data</code></p>
<p><code>chmod 640 /path/to/your/site/config.php</code></p>
<p><code>chmod 640 /path/to/your/site/.htaccess</code></p>
<p><code>chmod 640 /path/to/your/site/.installed</code></p>
<br>
<p>2. 设置文件所有者假设Web服务器用户为www-data</p>
<p><code>chown -R your-user:www-data /path/to/your/site</code></p>
<br>
<p>3. 如果install.php和db_init.php未自动删除请手动删除</p>
<p><code>rm -f /path/to/your/site/install.php</code></p>
<p><code>rm -f /path/to/your/site/db_init.php</code></p>
</div>
<p>管理员账户已创建:<strong>' . htmlspecialchars($admin_username) . '</strong></p>
<p>请妥善保管您的登录凭据。</p>
<a href="index.php" class="btn">前往首页</a> <a href="index.php" class="btn">前往首页</a>
</div> </div>
</body> </body>
@ -278,7 +314,7 @@ EOT;
} }


body { body {
font-family: \'ZD\', sans-serif; font-family: 'ZD', sans-serif;
line-height: 1.6; line-height: 1.6;
color: #333; color: #333;
background-color: #f5f5f5; background-color: #f5f5f5;

16
register.php
View file

@ -5,8 +5,11 @@ if (!file_exists('config.php')) {
exit; exit;
} }


// 加载配置 // 正确加载配置
$config = include 'config.php'; $config = include 'config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}


// 初始化数据库连接 // 初始化数据库连接
require_once 'db_init.php'; require_once 'db_init.php';
@ -60,7 +63,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$errors[] = '网站地址不能为空'; $errors[] = '网站地址不能为空';
} else { } else {
$website = trim($_POST['website_url']); $website = trim($_POST['website_url']);
$website = preg_replace('#^https?://#', '', $website); // 统一格式 $website = preg_replace('#^https?://#', '', $website);
$data['website_url'] = $website; $data['website_url'] = $website;
} }


@ -73,11 +76,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {


// 如果没有错误,保存数据 // 如果没有错误,保存数据
if (empty($errors)) { if (empty($errors)) {
// 生成唯一备案编号 (ICP-年月日-6位ID)
// 生成8位数字备案编号 // 生成8位数字备案编号
$data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT); $data['registration_number'] = str_pad(rand(10000000, 99999999), 8, '0', STR_PAD_LEFT);
$data['created_at'] = date('Y-m-d H:i:s'); $data['created_at'] = date('Y-m-d H:i:s');
$data['status'] = 'pending'; // 默认为待审核 $data['status'] = 'pending';
$data['reason'] = ''; $data['reason'] = '';


try { try {
@ -236,7 +238,7 @@ if (!$siteInfo) {
max-height: 200px; max-height: 200px;
} }
} }
</style> </style>
</head> </head>
<body> <body>
<div class="header-content"> <div class="header-content">
@ -305,10 +307,6 @@ if (!$siteInfo) {
</div> </div>
</form> </form>
</div> </div>
</div>

<!-- common_footer.php 文件不存在,已移除引用 -->

</div> </div>
</body> </body>
</html> </html>

23
search.php
View file

@ -5,8 +5,11 @@ if (!file_exists('config.php')) {
exit; exit;
} }


// 加载配置 // 正确加载配置
$config = include 'config.php'; $config = include 'config.php';
if (!$config || !is_array($config)) {
die('配置文件加载失败');
}
?> ?>
<?php include 'common_header.php'; ?> <?php include 'common_header.php'; ?>


@ -168,23 +171,20 @@ $config = include 'config.php';


<div class="btn-container"> <div class="btn-container">
<button type="submit" class="btn">查询</button> <button type="submit" class="btn">查询</button>
<a href="index.php" class="back-link">返回首页</a>
</div> </div>
<span class="back-link">返回首页</span>
</form> </form>


<div class="search-results"> <div class="search-results">
<?php <?php
// 加载配置 // 设置默认配置值
$config = include 'config.php'; $site_name = $config['site_name'] ?? '网站备案系统';
$site_description = $config['site_description'] ?? 'ICP备案管理平台';


// 设置默认配置值 // 初始化数据库连接
$site_name = $config['site_name'] ?? '网站备案系统'; require_once 'db_init.php';
$site_description = $config['site_description'] ?? 'ICP备案管理平台';


// 初始化数据库连接 // 处理查询请求
require_once 'db_init.php';

// 处理查询请求
if (isset($_GET['search_query']) && !empty($_GET['search_query'])) { if (isset($_GET['search_query']) && !empty($_GET['search_query'])) {
$search_type = $_GET['search_type']; $search_type = $_GET['search_type'];
$search_query = trim($_GET['search_query']); $search_query = trim($_GET['search_query']);
@ -252,7 +252,6 @@ require_once 'db_init.php';
?> ?>
</div> </div>
</div> </div>

</div> </div>
</body> </body>
</html> </html>