Hawkin
/
nav-site
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化输入参数判断

This commit is contained in:
LyLme 2022-03-26 11:13:10 +08:00
parent 46b969c6ac
commit 007423e9e7
1 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
apply/index.php
View File

@ -1,21 +1,23 @@
<?php
include("../include/common.php");
$grouplists =$DB->query("SELECT * FROM `lylme_groups`");
if(isset($_REQUEST['authcode'])){
session_start();
if(strtolower($_REQUEST['authcode'])== $_SESSION['authcode']){
if(isset($_POST['name'])&& isset($_POST['url'])&& isset($_POST['icon'])&& isset($_POST['group_id'])&& isset($_POST['mail'])!=NULL){
$name=daddslashes($_POST['name']);
$url=daddslashes($_POST['url']);
$icon=daddslashes($_POST['icon']);
$group_id=daddslashes($_POST['group_id']);
$mail=daddslashes($_POST['mail']);
$sw = 1;
$date = date("Y-m-d H:i:s");
$status = $conf["apply"];
if($status==2) {
exit('<script>alert("提交失败,网站已关闭申请收录功能!");window.location.href="./";</script>');
}
$name=strip_tags(daddslashes($_POST['name']));
$url=strip_tags(daddslashes($_POST['url']));
$icon=daddslashes($_POST['icon']);
$group_id=daddslashes($_POST['group_id']);
$mail=strip_tags(daddslashes($_POST['mail']));
$sw = 1;
$date = date("Y-m-d H:i:s");
if(empty($status)){
$status=0;
}
@ -23,21 +25,22 @@ if(isset($_REQUEST['authcode'])){
if($sw == 1){
if(empty($name) || empty($url) || empty($icon) || empty($group_id) || empty($mail) ){
exit('<script>alert("提交失败,请确保所有选项都不为空!");history.go(-1);</script>');
} else if(strpos($icon, 'http') !== 0 && strpos($icon, '<svg') !== 0 ||strpos($url, 'http') !== 0) {
exit('<script>alert("提交失败,请按要求填写!");history.go(-1);</script>');
} else if(!preg_match('{^http[s]?://([\w-]+\.)+[\w]+(/[\w-./%&=]*)\.(jpg|png|ico)$}i', $icon)
|| !preg_match('{^http[s]?://([\w-]+\.)+[\w-]+(/[\w-./?%&#=]*)?$}i', $url)) {
exit('<script>alert("提交失败!输入不符合要求");history.go(-1);</script>');
} else{
$sql = "INSERT INTO `lylme_apply` (`apply_id`, `apply_name`, `apply_url`, `apply_group`, `apply_icon`, `apply_mail`, `apply_time`, `apply_status`) VALUES (NULL, '".$name."', '".$url."', '".$group_id."', '".$icon."', '".$mail."', '".$date."', '".$status."');";
if($DB->query($sql)){
switch ($status) {
case 0:
echo '<script>alert("提交成功请等待管理员审核!");window.location.href="./";</script>';
echo '<script>alert("提交成功请等待管理员审核!");window.location.href="./";</script>';
break;
case 1:
echo '<script>alert("提交成功网站已成功收录!");window.location.href="./";</script>';
echo '<script>alert("提交成功网站已成功收录!");window.location.href="./";</script>';
break;
}
} else{
echo '<script>alert("提交失败,请联系网站管理员!");history.go(-1);</script>';
echo '<script>alert("提交失败请联系网站管理员!");history.go(-1);</script>';
}
}
}
@ -112,6 +115,9 @@ if(isset($_REQUEST['authcode'])){
<div class="row lylme-wrapper" style="background-image: url(../assets/img/background.jpg);background-size: cover;">
<div class="lylme-form">
<div class="lylme-center">
<?php if($conf["apply"]==2) {
exit('<div class="lylme-header text-center"><h2>网站已关闭申请收录</h2></div> </div>');
}?>
<div class="lylme-header text-center"><h2>申请收录</h2></div>
<form action="" method="POST">
<div class="form-group has-feedback feedback-left row">
@ -147,17 +153,18 @@ if(isset($_REQUEST['authcode'])){
<div class="form-group has-feedback feedback-left row">
<div class="col-xs-12">
<label>* 网站图标:</label>
<textarea type="text" class="form-control" name="icon" required placeholder="<svg 或 http://"></textarea>
<textarea type="text" id="icon" class="form-control" name="icon" required placeholder="https://hao.lylme.com/assets/img/logo.png"></textarea>
<span class="mdi mdi-emoticon form-control-feedback" aria-hidden="true"></span>
<small class="help-block">方式1填写图标的<code>URL</code>地址,如<code>http://www.xxx.com/img/logo.png</code><br>
方式2粘贴图标的<code>SVG</code>代码(建议)<a href="https://blog.lylme.com/archives/lylme_spage-svg.html" target="_blank">查看教程</a></small>
<small class="help-block">1.填写图标的<code>URL</code>地址,如<code>http://www.xxx.com/img/logo.png</code><br>
2. 链接使用<code>http</code>或用<code>https</code>协议<br>
3. 仅支持<code>.ico .png .jpg .gif</code>的格式</small>
</div>
</div>
<div class="form-group has-feedback feedback-left row">
<div class="col-xs-12">
<label>* 联系邮箱:</label>
<input type="text" class="form-control" name="mail" value="" required placeholder="填写邮箱">
<input type="text" class="form-control" name="mail" value="" autocomplete="off" required placeholder="填写邮箱">
<span class="mdi mdi-email form-control-feedback" aria-hidden="true"></span>
</div>
</div>
@ -177,9 +184,27 @@ if(isset($_REQUEST['authcode'])){
</div>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary btn-block" value="提交"></form>
<input type="submit" id="submit"class="btn btn-primary btn-block" value="提交申请"></form>
</div>
</div>
</div>
</body>
</html>
<script>
window.onload = function() {
var inputInt = document.getElementById('icon');
var submit = document.getElementById("submit");
function sw_on(){inputInt.style.borderColor = "#ebebeb";submit.disabled = false;submit.value = "提交";}
function sw_off(){inputInt.style.borderColor = "#ff0000";submit.disabled = true;submit.value = "输入不符合要求";}
inputInt.oninput = function() {
var re =/^http[s]?:\/\/([\w-]+\.)+[\w]+(\/[\w-./%&=]*)\.(jpg|png|ico|gif)$/
if (!re.test(this.value)) {
sw_off();
} else {
sw_on();
}
};
sw_on();
}
</script>
</html>