function __construct()
{
if (!defined('WEBSCAN_KEY') || WEBSCAN_KEY == null || WEBSCAN_KEY == '' || WEBSCAN_KEY == "@webscan360key@") {
require_once dirname(dirname(__FILE__)) . '/lib/webscan360_db.class.php';
$webscan360db = new Webscan360_db();
$ressult = $webscan360db->rec_getRow(array('var' => 'skey'));
if (!empty($ressult) && !empty($ressult['value'])) {
$skey = $ressult['value'];
define("WEBSCAN_KEY", "{$skey}");
}
}
if (defined('WEBSCAN_KEY') && isset($_POST['action']) && isset($_POST['key']) && $_POST['key'] == WEBSCAN_KEY && isset($_POST['task']) && WEBSCAN_KEY != null && WEBSCAN_KEY != '' && WEBSCAN_KEY != "@webscan360key@") {
$this->action = $_POST['action'];
$this->taskid = $_POST['task'];
}
if (is_writable('./')) {
$this->_tmp = './';
} elseif (is_writable(sys_get_temp_dir())) {
$this->_tmp = substr(sys_get_temp_dir(), -1) == '/' || substr(sys_get_temp_dir(), -1) == '\\' ? sys_get_temp_dir() : sys_get_temp_dir() . '/';
}
}
/**
* 域名管理者权限验证
*
* @return array
*/
private function verifyDomain() {
$webscan_config = $this->webscan360_config;
//print_r($webscan_config);exit;
if(!empty($webscan_config)){
$site_url = $webscan_config['SITE_URL'];
if(!empty($site_url)){
$site_url ="http://".str_replace("http://","",strtolower($site_url));
}
}
if(empty($site_url)){
$site_url = $_SERVER ['HTTP_HOST'];
}
$result = array ('infocode' => "no", 'msg' => "" );
$model = new webscan360_http( );
$ret = $model->http_request ( $this->webscan360_getkey_url, array ('host' => $site_url , 'mid'=>$webscan_config['MID'] ) );
if(empty($ret)){
return array ('infocode' => "601", 'msg' => "not http");
}
//print_r($ret);exit;
$httpcode = $ret ['httpcode'];
$response = $ret ['response'];
$response = json_decode ( $response, true );
$webscan360db = new Webscan360_db();
if (! empty ( $ret ) && ! empty ( $response ) && $httpcode == 200 && $response ['infocode'] == "111" && ! empty ( $response ['key'] )) {
$key = $response ['key'];
$res_key = $webscan360db->rec_getRow( array ('var' => 'key' ) );
if (! empty ( $res_key )) {
$op_ret = $webscan360db->rec_update( array ('value' => $key ), array ('var' => 'key' ) );
} else {
$op_ret = $webscan360db->rec_insert ( array ('var' => 'key', 'value' => $key ) );
}
if ($op_ret) {
$ret_verityDomain = $model->http_request ( $this->webscan360_verifydomain_url, array ('key' => $key, 'host' => $site_url, 'mid'=>$webscan_config['MID'] ) );
$httpcode_verityDomain = $ret_verityDomain ['httpcode'];
$response_verityDomain = $ret_verityDomain ['response'];
if (! empty ( $ret_verityDomain ) && ! empty ( $response_verityDomain ) && $httpcode_verityDomain == 200) {
$response_verityDomain_array = json_decode ( $response_verityDomain, true );
$result = $response_verityDomain_array;
} else {
$result = array ('infocode' => "203", 'msg' => "not verify host from 360webscan", 'httpcode' => $httpcode_verityDomain,'response'=>$response_verityDomain );
}
} else {
$result = array ('infocode' => "202", 'msg' => "not insert key" );
}
} else {
if ($response['infocode'] == "300"||$response['infocode'] == "106") {
$result = $response;
} else {
$result = array ('infocode' => "201", 'msg' => "not get key from 360webscan", 'httpcode' => $httpcode ,'response'=>$response);
}
}
if (! empty ( $result )) {
$webscan360db->rec_insert( array ('var' => 'log_verify', 'value' => json_encode ( $result ) ) );
}
return $result;
}
<?php
$ptime = $_POST['ptime'];
if (!empty($ptime)) {
require_once 'lib/webscan360_db.class.php';
$webscan360db = new Webscan360_db();
$res = $webscan360db->rec_getRow(array('var' => 'key'));
if (!empty($res) && !empty($res['value'])) {
echo md5("webscan360:" . $res['value'] . ":" . $ptime);
}
}
<?php
webscan_error();
//引用配置文件
require_once('webscan_cache.php');
if (!defined('WEBSCAN_U_KEY')||WEBSCAN_U_KEY==null||WEBSCAN_U_KEY==''||WEBSCAN_U_KEY=="@webscan360key@"){
require_once dirname(dirname(__FILE__)).'/lib/webscan360_db.class.php';
$webscan360db = new Webscan360_db();
$ressult = $webscan360db->rec_getRow(array('var'=>'pkey'));
if(!empty($ressult)&&!empty($ressult['value'])){
$pkey = $ressult['value'];
define("WEBSCAN_U_KEY", "$pkey");
define("WEBSCAN_API_LOG" , WEBSCAN_API_LOG_T . "/?key=".WEBSCAN_U_KEY);
define("WEBSCAN_UPDATE_FILE" , WEBSCAN_UPDATE_FILE_T . "/?key=".WEBSCAN_U_KEY);
}
}
//防护脚本版本号
define("WEBSCAN_VERSION", '0.1.1.9');
//防护脚本MD5值
define("WEBSCAN_MD5", md5(@file_get_contents(__FILE__)));
//get拦截规则
$getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//post拦截规则
$postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//cookie拦截规则
$cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//获取指令
$webscan_action = isset($_POST['webscan_act'])&&webscan_cheack() ? trim($_POST['webscan_act']) : '';
//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);
