function _initialize() { // 用户权限检查 if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { import('ORG.Util.RBAC'); if (!RBAC::AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('USER_AUTH_GATEWAY')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 $this->error(L('_VALID_ACCESS_')); } } if (!get_magic_quotes_gpc()) { !empty($_POST) && Add_S($_POST); !empty($_GET) && Add_S($_GET); !empty($_COOKIE) && Add_S($_COOKIE); !empty($_SESSION) && Add_S($_SESSION); } !empty($_FILES) && Add_S($_FILES); } }
function _initialize() { if (!get_magic_quotes_gpc()) { !empty($_POST) && Add_S($_POST); !empty($_GET) && Add_S($_GET); !empty($_COOKIE) && Add_S($_COOKIE); !empty($_SESSION) && Add_S($_SESSION); } !empty($_FILES) && Add_S($_FILES); }
function Add_S(&$array) { if (is_array($array)) { foreach ($array as $key => $value) { if (!is_array($value)) { $array[$key] = addslashes(trim($value)); } else { Add_S($array[$key]); } } } }
/** * 解析用DES加密的字符串, 返回 key => value 数组。 * @param type $desparam * @param type $key * @return type */ static function parse_des_urlparam($desparam, $os, $key) { $des = DES::share($os); $params = $des->decode($desparam, $key); $arrParam = array(); $arrTmp = explode("&", $params); foreach ($arrTmp as $p) { $item = explode("=", $p); if (count($item) == 2) { $arrParam[$item[0]] = $item[1]; } } $arrParam = Add_S($arrParam); return $arrParam; }
function Add_S($array) { foreach ($array as $key => $value) { if (!is_array($value)) { $filter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\\s*?\\(.*\\)|sleep\\s*?\\(.*\\)|load_file\\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\\s+?[\\w]+?\\s+?\\bin\\b\\s*?\\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(|@{1,2}\\w+?\\s*|\\s+?.+?|.*(`|'|\").+(`|'|\")\\s*)|UPDATE\\s*(\\(.+\\)\\s*|@{1,2}.+?\\s*|\\s+?.+?|(`|'|\").*?(`|'|\")\\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM\\s+?|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|FROM\\s.?|\\(select|\\(\\sselect|\\bunion\\b|select\\s.+?"; //过滤子查询各种 !get_magic_quotes_gpc() && ($value = addslashes($value)); $value = check_sql($value); webscan_StOpAttack($key, $value, $filter, "GET"); $array[$key] = $value; } else { $array[$key] = Add_S($array[$key]); } } return $array; }
/** * 过滤 数组 中的不安全字符和函数 * @param type $array * @return type */ function Add_S($array) { foreach ($array as $key => $value) { if (!is_array($value)) { $value = str_replace("&#x", "& # x", $value); //过滤一些不安全字符 $value = preg_replace("/eval/i", "eva l", $value); //过滤不安全函数 !get_magic_quotes_gpc() && ($value = addslashes($value)); $array[$key] = $value; } else { $array[$key] = Add_S($array[$key]); } } return $array; }
adminmsg('fup_empty'); } $checked = $ifsave == 1 ? 'checked' : ''; empty($forumnum) && ($forumnum = 5); require_once R_P . "require/forum.php"; $setfid_style = getstyles($style); } include PrintEot('setforum'); exit; } else { InitGP(array('vieworder', 'forumadmin', 'style', 'keywords', 'descrip', 'logo', 'ifsave', 'addtype')); InitGP(array('descrip'), 'P', 0); $forumtype = $forum[$fup]['type'] == 'category' ? 'forum' : ($forum[$fup]['type'] == 'forum' ? 'sub' : 'sub2'); if ($forum[$fup]['type'] != 'category') { $fupset = $db->get_one("SELECT f.allowhide,f.allowsell,f.allowtype,f.copyctrl,f.viewsub,f.allowvisit,f.allowpost,f.allowrp,f.allowdownload,f.allowupload,f.f_type,f.f_check,f.cms,f.ifhide,fe.creditset,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe USING(fid) WHERE f.fid=" . pwEscape($fup)); Add_S($fupset); @extract($fupset, EXTR_OVERWRITE); } foreach ($name as $key => $value) { if (empty($value)) { continue; } $value = str_replace('<iframe', '<iframe', $value); $descrip[$key] = str_replace('<iframe', '<iframe', $descrip[$key]); $keywords[$key] = Char_cv($keywords[$key]); strlen($descrip[$key]) > 250 && adminmsg('descrip_long'); $newadmin = array(); $str_admin = ''; $admin_a = explode(",", $forumadmin[$key]); foreach ($admin_a as $aid => $avalue) { $avalue = trim($avalue);
$userdb['timedf'] < 0 ? ${'zone_0' . $temptimedf} = 'selected' : (${'zone_' . $temptimedf} = 'selected'); } $ubinding = array(); $query = $db->query("SELECT m.uid,m.username,m.groupid,m.memberid,m.regdate,mb.postnum FROM pw_userbinding u1 LEFT JOIN pw_userbinding u2 ON u1.id=u2.id LEFT JOIN pw_members m ON m.uid=u2.uid LEFT JOIN pw_memberdata mb ON m.uid=mb.uid WHERE u1.uid=" . pwEscape($winduid)); while ($rt = $db->fetch_array($query)) { if ($rt['uid'] != $winduid) { $rt['groupid'] == '-1' && ($rt['groupid'] = $rt['memberid']); $rt['regdate'] = get_date($rt['regdate']); $ubinding[] = $rt; } } require_once PrintEot('profile_modify'); footer(); } elseif ($_POST['step'] == '2') { PostCheck(); Add_S($userdb); $ustatus = ''; $upmembers = $upmemdata = $upmeminfo = array(); if ($ifppt) { include_once D_P . 'data/bbscache/dbreg.php'; InitGP(array('propwd', 'proemail'), 'P'); if ($propwd || $userdb['email'] != $proemail) { if ($_POST['oldpwd']) { if (strlen($userdb['password']) == 16) { $_POST['oldpwd'] = substr(md5($_POST['oldpwd']), 8, 16); //支持 16 位 md5截取密码 } else { $_POST['oldpwd'] = md5($_POST['oldpwd']); } } $userdb['password'] != $_POST['oldpwd'] && Showmsg('pwd_confirm_fail');
function updatecache_fd1() { global $db; $db->update("UPDATE pw_forums SET childid='0',fupadmin=''"); $query = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='category' ORDER BY vieworder"); while ($cate = $db->fetch_array($query)) { Add_S($cate); $query2 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='forum' AND fup=" . pwEscape($cate['fid'])); if ($db->num_rows($query2)) { $havechild[] = $cate['fid']; while ($forum = $db->fetch_array($query2)) { Add_S($forum); $fupadmin = trim($cate['forumadmin']); if ($fupadmin) { $db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin) . " WHERE fid=" . pwEscape($forum['fid'])); } if (trim($forum['forumadmin'])) { $fupadmin .= $fupadmin ? substr($forum['forumadmin'], 1) : $forum['forumadmin']; //is } $query3 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . pwEscape($forum['fid'])); if ($db->num_rows($query3)) { $havechild[] = $forum['fid']; while ($sub1 = $db->fetch_array($query3)) { Add_S($sub1); $fupadmin1 = $fupadmin; if ($fupadmin1) { $db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin1) . " WHERE fid=" . pwEscape($sub1['fid'])); } if (trim($sub1['forumadmin'])) { $fupadmin1 .= $fupadmin1 ? substr($sub1['forumadmin'], 1) : $sub1['forumadmin']; } $query4 = $db->query("SELECT fid,forumadmin FROM pw_forums WHERE type='sub' AND fup=" . pwEscape($sub1['fid'])); if ($db->num_rows($query4)) { $havechild[] = $sub1['fid']; while ($sub2 = $db->fetch_array($query4)) { Add_S($sub2); $fupadmin2 = $fupadmin1; if ($fupadmin2) { $db->update("UPDATE pw_forums SET fupadmin=" . pwEscape($fupadmin2) . " WHERE fid=" . pwEscape($sub2['fid'])); } } } } } } } } if ($havechild) { $havechilds = pwImplode($havechild); $db->update("UPDATE pw_forums SET childid='1' WHERE fid IN({$havechilds})"); } }
!function_exists('adminmsg') && exit('Forbidden'); $basename = "{$admin_file}?adminjob=unituser"; require_once R_P . 'require/credit.php'; if (!$action) { require_once PrintEot('unituser'); } elseif ($_POST['action'] == "unit") { InitGP(array('uids', 'newuid'), 'P'); if (!$uids) { adminmsg('unituser_username_empty'); } if (!$newuid) { adminmsg('unituser_newname_empty'); } $touser = $db->get_one("SELECT username FROM pw_members WHERE uid=" . pwEscape($newuid)); Add_S($touser); if (!$touser['username']) { adminmsg('unituser_newname_error'); } $oldinfo = array(); $uids = explode(',', $uids); foreach ($uids as $key => $val) { if (is_numeric($val)) { if ($val == $newuid) { adminmsg('unituser_samename'); } $rt = $db->get_one("SELECT m.uid,m.username,md.postnum,md.digests,md.rvrc,md.money,md.credit,md.currency,mi.deposit,mi.ddeposit FROM pw_members m LEFT JOIN pw_memberdata md ON m.uid=md.uid LEFT JOIN pw_memberinfo mi ON m.uid=mi.uid WHERE m.uid=" . pwEscape($val)); if (!$rt['uid']) { adminmsg('unituser_username_error'); } else { $oldinfo[] = $rt;
function checkpass($CK) { Add_S($CK); global $db, $manager, $db_ifsafecv, $db_gdcheck; if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } if (CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; } return $rightset; }
$newtype = addslashes(Char_cv($newtype)); if ($favor) { $db->update("UPDATE pw_favors SET type=" . pwEscape($newtype) . "WHERE uid=" . pwEscape($winduid)); } else { $db->update("INSERT INTO pw_favors SET" . pwSqlSingle(array('uid' => $winduid, 'type' => $newtype))); } refreshto("u.php?action=favor", 'operate_success'); } elseif ($job == 'deltype') { PostCheck(); !$isU && Showmsg('space_over_right'); (int) $type < 1 && Showmsg('type_error'); $tnum = $type - 1; $rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid)); $tiddb = getfavor($rs['tids']); $typedb = explode(',', $rs['type']); Add_S($typedb); unset($typedb[$tnum]); if ($tiddb[$type]) { foreach ($tiddb[$type] as $key => $val) { $tiddb['0'][$val] = $val; } } unset($tiddb[$type]); $newtids = makefavor($tiddb); $newtype = Char_cv(implode(',', $typedb)); $db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid)); refreshto("u.php?action=favor", 'operate_success'); } function getfavor($tids) { $tids = explode('|', $tids);
function checkuptoadmin($CK) { Add_S($CK); global $db, $manager; if (is_array($manager) && CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password FROM pw_members WHERE username="******"SELECT uid,username,groupid,groups,password FROM pw_members WHERE username=" . pwEscape($CK[1])); if (!SafeCheck($CK, PwdCode($rt['password']))) { return false; } } return true; } else { return false; } }
function Add_S(&$array) { global $config; if (is_array($array)) { foreach ($array as $key => $value) { if (!is_array($value)) { if ($value == ' ') { $array[$key] = ""; } if ($config['html'] == '1') { $array[$key] = fCharchr($value); } else { $value = fShowhtml($value); $array[$key] = addslashes(trim(ltrim($value))); } } else { Add_S($array[$key]); } } } else { if ($array == ' ') { $array = ""; } if ($config['html'] == '1') { $array = fCharchr($array); } else { $array = fShowhtml($array); $array = addslashes(trim(ltrim($array))); } } }
if (empty($val)) { unset($tiddb[$key]); } } $newtids = makefavor($tiddb); $db->update("UPDATE pw_favors SET tids=" . pwEscape($newtids) . "WHERE uid=" . pwEscape($winduid)); } refreshto("{$basename}" . 'a=my&see=postfavor', 'operate_success'); } elseif ($job == 'deltype') { PostCheck(); (int) $ftype < 1 && Showmsg('type_error'); $tnum = $ftype - 1; $rs = $db->get_one("SELECT tids,type FROM pw_favors WHERE uid=" . pwEscape($winduid)); list($tiddb) = getfavor($rs['tids']); $ftypedb = explode(',', $rs['type']); Add_S($ftypedb); unset($ftypedb[$tnum]); if ($tiddb[$ftype]) { foreach ($tiddb[$ftype] as $key => $val) { $tiddb['0'][$val] = $val; } } unset($tiddb[$ftype]); $newtids = makefavor($tiddb); $newtype = Char_cv(implode(',', $ftypedb)); $db->update("UPDATE pw_favors SET " . pwSqlSingle(array('tids' => $newtids, 'type' => $newtype)) . "WHERE uid=" . pwEscape($winduid)); refreshto("{$basename}" . 'a=my&see=postfavor', 'operate_success'); } // require_once(M_P.'require/header.php'); if ($space == 1 && defined('F_M')) { $isGM = CkInArray($windid, $manager);
if ($j > 1) { $i++; $j = 0; } } require_once PrintEot('ajax'); ajax_footer(); } elseif ($action == 'dig') { PostCheck(); !$_G['dig'] && Showmsg("dig_right"); $read = $db->get_one("SELECT t.author,t.subject,t.dig,f.forumset FROM pw_threads t LEFT JOIN pw_forumsextra f USING(fid) WHERE tid=" . pwEscape($tid)); !$read && Showmsg('data_error'); $forumset = unserialize($read['forumset']); !$forumset['dig'] && Showmsg('forum_dig_allow'); $rt = $db->get_one("SELECT uid,digtid FROM pw_memberinfo WHERE uid=" . pwEscape($winduid)); Add_S($rt); if (strpos(",{$rt['digtid']},", ",{$tid},") === false) { $read['dig']++; $db->update("UPDATE pw_threads SET dig=dig+1 WHERE tid=" . pwEscape($tid)); if ($rt) { strlen($rt['digtid']) > 2000 && ($rt['digtid'] = ''); $rt['digtid'] .= ($rt['digtid'] ? ',' : '') . $tid; $db->update("UPDATE pw_memberinfo SET digtid=" . pwEscape($rt['digtid']) . "WHERE uid=" . pwEscape($winduid)); } else { $db->update("INSERT INTO pw_memberinfo SET " . pwSqlSingle(array('uid' => $winduid, 'digtid' => $tid))); } require_once R_P . 'require/posthost.php'; PostHost("http://push.phpwind.net/push.php?type=dig&url=" . rawurlencode("{$db_bbsurl}/read.php?tid={$tid}") . "&tocharset={$db_charset}&title=" . rawurlencode($read['subject']) . "&bbsname=" . rawurlencode($db_bbsname), ""); Showmsg('dig_success'); } else { Showmsg("dig_limit");
/* * To change this template, choose Tools | Templates * and open the template in the editor. */ error_reporting(7); //set_magic_quotes_runtime(0); require_once 'Common/Config.inc.php'; require_once 'Common/Common.inc.php'; require_once 'Common/Function.inc.php'; require_once 'Common/Runtime.inc.php'; //添加自动加载Class路径 add_autoload_path(ZJ_PHP_PATH . "Lib/", true); add_autoload_path(ZJ_PHP_PATH . "Extend/", true); $_POST = Add_S($_POST); $_GET = Add_S($_GET); $_COOKIE = Add_S($_COOKIE); // 可以用 $q_xx 直接访问 $_REQUEST["aa"]; foreach ($_REQUEST as $key => $value) { $name1 = "q_" . $key; ${$name1} = $value; } //请求的Action和Method,在Runtime的Query对其赋值。 $_QueryAction = ""; $_QueryMethod = ""; ob_start(); //JS跨域 if (getC("CORS")) { @header('Access-Control-Allow-Origin: ' . getC("CORS")); } @header('Content-Type: text/html; charset=' . WEB_LANG); //xxx/index.php?doTaskQueue
*/ if (!defined('SI_IMAGE_GIF')) { define('SI_IMAGE_GIF', 3); } /** * Securimage CAPTCHA Class. * * @package Securimage * @subpackage classes * */ ob_start(); @(include_once '../../common.inc.php'); if (!get_magic_quotes_gpc() && function_exists('Add_S')) { Add_S($_POST); Add_S($_GET); } ob_end_clean(); class Securimage { /** * The desired width of the CAPTCHA image. * * @var int */ var $image_width; /** * The desired width of the CAPTCHA image. * * @var int */