function CheckRank($rank = 0, $money = 0) { global $cfg_ml, $cfg_memberurl; if (!$cfg_ml->IsLogin()) { header("Location:{$cfg_memberurl}/login.php?gourl=" . urlencode(GetCurUrl())); exit; } else { if ($cfg_ml->M_Rank < $rank) { $needname = ""; if ($cfg_ml->M_Rank == 0) { $row = $dsql->GetOne("Select membername From #@__arcrank where rank='{$rank}'"); $myname = "普通会员"; $needname = $row['membername']; } else { $dsql->SetQuery("Select membername From #@__arcrank where rank='{$rank}' Or rank='" . $cfg_ml->M_Rank . "' order by rank desc"); $dsql->Execute(); $row = $dsql->GetObject(); $needname = $row->membername; if ($row = $dsql->GetObject()) { $myname = $row->membername; } else { $myname = "普通会员"; } } ShowMsg("对不起,需要:<span style='font-size:11pt;color:red'>{$needname}</span> 才能访问本页面。<br>你目前的等级是:<span style='font-size:11pt;color:red'>{$myname}</span> 。", "-1", 0, 5000); exit; } else { if ($cfg_ml->M_Money < $money) { ShowMsg("对不起,需要花费金币:<span style='font-size:11pt;color:red'>{$money}</span> 才能访问本页面。<br>你目前拥有的金币是:<span style='font-size:11pt;color:red'>" . $cfg_ml->M_Money . "</span> 。", "-1", 0, 5000); exit; } } } }
function slide() { parent::__construct(); $this->style = 'admin'; //获取url $this->currurl = GetCurUrl(); //载入模型 $this->answer = $this->Model('askanswer'); $this->question = $this->Model('mquestion'); }
function asktype() { parent::__construct(); //获取url $this->currurl = GetCurUrl(); //获取类别 require_once DEDEASK . '/data/asktype.inc.php'; $this->asktypes = $asktypes; $this->style = 'admin'; //载入模型 $this->type = $this->Model('mtype'); }
/** * 检查用户是否有权限进行某个操作 * * @param int $rank 权限值 * @param int $money 金币 * @param bool $needinfo 是否需要填写详细信息 * @return void */ function CheckRank($rank = 0, $money = 0, $needinfo = TRUE) { global $cfg_ml, $cfg_memberurl, $cfg_mb_reginfo, $cfg_mb_spacesta; if (!$cfg_ml->IsLogin()) { header("Location:{$cfg_memberurl}/login.php?gourl=" . urlencode(GetCurUrl())); exit; } else { if ($cfg_mb_reginfo == 'Y' && $needinfo) { //如果启用注册详细信息 if ($cfg_ml->fields['spacesta'] == 0 || $cfg_ml->fields['spacesta'] == 1) { ShowMsg("尚未完成详细资料,请完善...", "{$cfg_memberurl}/index_do.php?fmdo=user&dopost=regnew&step=2", 0, 1000); exit; } } if ($cfg_mb_spacesta == '-10') { //如果启用注册邮件验证 if ($cfg_ml->fields['spacesta'] == '-10') { $msg = "您尚未进行邮件验证,请到邮箱查阅...</br>重新发送邮件验证 <a href='/member/index_do.php?fmdo=sendMail'><font color='red'>点击此处</font></a>"; ShowMsg($msg, "-1", 0, 5000); exit; } } if ($cfg_ml->M_Rank < $rank) { $needname = ""; if ($cfg_ml->M_Rank == 0) { $row = $dsql->GetOne("SELECT membername FROM #@__arcrank WHERE rank='{$rank}'"); $myname = "普通会员"; $needname = $row['membername']; } else { $dsql->SetQuery("SELECT membername From #@__arcrank WHERE rank='{$rank}' OR rank='" . $cfg_ml->M_Rank . "' ORDER BY rank DESC"); $dsql->Execute(); $row = $dsql->GetObject(); $needname = $row->membername; if ($row = $dsql->GetObject()) { $myname = $row->membername; } else { $myname = "普通会员"; } } ShowMsg("对不起,需要:<span style='font-size:11pt;color:red'>{$needname}</span> 才能访问本页面。<br>你目前的等级是:<span style='font-size:11pt;color:red'>{$myname}</span> 。", "-1", 0, 5000); exit; } else { if ($cfg_ml->M_Money < $money) { ShowMsg("对不起,需要花费金币:<span style='font-size:11pt;color:red'>{$money}</span> 才能访问本页面。<br>你目前拥有的金币是:<span style='font-size:11pt;color:red'>" . $cfg_ml->M_Money . "</span> 。", "-1", 0, 5000); exit; } } } }
function issue() { parent::__construct(); $this->temp = DEDEAPPTPL . '/admin'; $this->lurd = new Lurd('#@__ask', $this->temp, $this->temp . '/lurd'); $this->lurd->appName = "问题管理"; $this->lurd->isDebug = FALSE; //开启调试模式后每次都会生成模板 $this->lurd->stringSafe = 2; //默认1(只限制不安全的HTML[script、frame等],0--为不限,2--为不支持HTML //获取url $this->currurl = GetCurUrl(); //载入模型 $this->question = $this->Model('mquestion'); }
function getArticleList($parm) { if (empty($parm['type_id'])) { return; } $map['type_id'] = $parm['type_id']; $Osql = "id DESC"; $field = "id,title,art_set,art_time,art_url"; if ($parm["need_content"]) { $field .= ",art_content"; } //查询条件 if ($parm['pagesize']) { //分页处理 import("ORG.Util.Page"); $count = M('article')->where($map)->count('id'); $depr = C('URL_PATHINFO_DEPR'); $cur_url = GetCurUrl(); if (preg_match("/\\/l\\/([a-zA-z-]+)\\/([\\w\\/]*)\\?l=([a-zA-z-]+)/", $cur_url) === 1) { $cur_url = preg_replace("/\\?l=([a-zA-z-]+)/", "", $cur_url); } $p = new Page($count, $parm['pagesize'], '', preg_replace(array('/.html\\/l\\/([a-zA-z-]+)\\/\\d*/', '/.html\\/\\d+/'), array('.html?l=' . LANG_SET, '.html'), ltrim($cur_url, $depr))); $page = $p->show(); $Lsql = "{$p->firstRow},{$p->listRows}"; //分页处理 } else { $page = ""; $Lsql = "{$parm['limit']}"; } $data = M('article')->field($field)->where($map)->order($Osql)->limit($Lsql)->select(); $suffix = C("URL_HTML_SUFFIX"); $typefix = get_type_leve_nid($map['type_id']); $typeu = implode("/", $typefix); foreach ($data as $key => $v) { if ($v['art_set'] == 1) { $data[$key]['arturl'] = stripos($v['art_url'], "http://") === false ? "http://" . $v['art_url'] : $v['art_url']; } else { $data[$key]['arturl'] = MU("Home/{$typeu}", "article", array("id" => $v['id'], "suffix" => $suffix)); } } $row = array(); $row['list'] = $data; $row['page'] = $page; return $row; }
public static function loader($appid, $file, $url = "") { global $_G; global $_CACHE; $cache = VI_ROOT . 'cache/dataset/' . $appid . "/" . $file . ".php"; if (file_exists($cache)) { return require $cache; } elseif ($url) { if (strrpos($url, "=") > 0 || strrpos($url, "%3d") > 0) { $url .= "&jump=" . GetCurUrl(); } else { $url .= "?jump=" . GetCurUrl(); } header("Location:" . VI_BASE . "serve.error.php?action=cache&cache=" . ($id ? $file . "/" . $id : $file) . "&url=" . urlencode($url)); } else { return FALSE; } }
function get_openid($openid = NULL) { if ($openid !== NULL) { $_SESSION['openid'] = $openid; } elseif (!empty($_REQUEST['openid'])) { $_SESSION['openid'] = $_REQUEST['openid']; } if (isset($_SESSION['openid'])) { $openid = $_SESSION['openid']; } $isWeixinBrowser = isWeixinBrowser(); if ((empty($openid) || $openid == '-1') && $isWeixinBrowser) { $callback = GetCurUrl(); OAuthWeixin($callback); } if (empty($openid)) { return -1; } return $openid; }
function getPaymentOpenid() { // echo '444'; $callback = GetCurUrl(); if (defined('IN_WEIXIN') && IN_WEIXIN || isset($_GET['is_stree'])) { return false; } $callback = urldecode($callback); $isWeixinBrowser = isWeixinBrowser(); // echo '555';die(); // $info = get_token_appinfo ( $token ); if (strpos($callback, '?') === false) { $callback .= '?'; } else { $callback .= '&'; } // if (! $isWeixinBrowser || $info ['type'] != 2 || empty ( $info ['appid'] )) { // redirect ( $callback . 'openid=-1' ); // } // $map['token'] = get_token(); // $info=M ( 'payment_set' )->where($map)->find(); $param['appid'] = $this->payConfig['wxappid']; if (!isset($_GET['getOpenId'])) { $param['redirect_uri'] = $callback . 'getOpenId=1'; $param['response_type'] = 'code'; $param['scope'] = 'snsapi_base'; $param['state'] = 123; $url = 'https://open.weixin.qq.com/connect/oauth2/authorize?' . http_build_query($param) . '#wechat_redirect'; redirect($url); } else { if ($_GET['state']) { $param['secret'] = $this->payConfig['wxappsecret']; $param['code'] = I('code'); $param['grant_type'] = 'authorization_code'; $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?' . http_build_query($param); $content = file_get_contents($url); $content = json_decode($content, true); return $content['openid']; } } }
require_once PHPMYWIND_INC . '/mysql.class.php'; } //引入语言包 //Session保存路径 $sess_savepath = PHPMYWIND_DATA . '/sessions/'; if (is_writable($sess_savepath) && is_readable($sess_savepath)) { session_save_path($sess_savepath); } //上传文件保存路径 $cfg_image_dir = PHPMYWIND_UPLOAD . '/image'; $cfg_soft_dir = PHPMYWIND_UPLOAD . '/soft'; $cfg_media_dir = PHPMYWIND_UPLOAD . '/media'; //系统版本号 $cfg_vernum = '5.3 Beta'; $cfg_vertime = '20150913221909'; //设置默认时区 if (PHP_VERSION > '5.1') { $time51 = $cfg_timezone * -1; @date_default_timezone_set('Etc/GMT' . $time51); } //判断是否开启错误提示 if ($cfg_diserror == 'Y') { error_reporting(E_ALL); } else { error_reporting(0); } //判断访问设备 //如果手动更改后台目录,请将/admin目录更改成新后台目录 if (IsMobile() && !strstr(GetCurUrl(), '4g.php') && $cfg_mobile == 'Y' && !strstr(GetCurUrl(), '/admin')) { header('location:4g.php'); }
define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__))); require_once DEDEADMIN . '/../include/common.inc.php'; require_once DEDEINC . '/userlogin.class.php'; header('Cache-Control:private'); $dsql->safeCheck = FALSE; $dsql->SetLongLink(); $cfg_admin_skin = 1; // 后台管理风格 if (file_exists(DEDEDATA . '/admin/skin.txt')) { $skin = file_get_contents(DEDEDATA . '/admin/skin.txt'); $cfg_admin_skin = !in_array($skin, array(1, 2, 3, 4)) ? 1 : $skin; } //获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项 $dedeNowurl = $s_scriptName = ''; $isUrlOpen = @ini_get('allow_url_fopen'); $dedeNowurl = GetCurUrl(); $dedeNowurls = explode('?', $dedeNowurl); $s_scriptName = $dedeNowurls[0]; $cfg_remote_site = empty($cfg_remote_site) ? 'N' : $cfg_remote_site; //检验用户登录状态 $cuserLogin = new userLogin(); if ($cuserLogin->getUserID() == -1) { header("location:login.php?gotopage=" . urlencode($dedeNowurl)); exit; } function XSSClean($val) { if (is_array($val)) { while (list($key) = each($val)) { $val[$key] = XSSClean($val[$key]); }
$gid = $dsql->GetLastID(); if ($needCheck == 1) { require_once DEDEINC . "/oxwindow.class.php"; $msg = "\r\n <font color='red'><b>成功发送或回复留言!</b></font> <a href='guestbook.php' style='font-size:14px;font-weight:bold'><u>我已经知道了,点击此返回>></u></a>"; $wintitle = "留言发布成功提示"; $wecome_info = "留言发布成功:"; $win = new OxWindow(); $win->Init("", "js/blank.js", "post"); $win->AddTitle("提示:"); $win->AddMsgItem("<div style='padding:20px;line-height:300%;font-size:14px'>{$msg}</div>"); $winform = $win->GetWindow("hand"); $win->Display(); } else { ShowMsg('成功发送一则留言,但需审核后才能显示!', 'guestbook.php', 0, 3000); } exit; } else { setcookie('GUEST_BOOK_POS', GetCurUrl(), time() + 3600, '/'); if ($g_isadmin) { $sql = 'SELECT * FROM `#@__guestbook` ORDER BY id DESC'; } else { $sql = 'SELECT * FROM `#@__guestbook` WHERE ischeck=1 ORDER BY id DESC'; } $dlist = new DataListCP(); $dlist->pageSize = 10; $dlist->SetParameter('gotopagerank', $gotopagerank); $dlist->SetTemplate(DEDETEMPLATE . '/plus/guestbook.htm'); $dlist->SetSource($sql); $dlist->Display(); } }
<?php /** * 我的收藏夹 * * @version $Id: mystow.php 1 8:38 2010年7月9日Z tianya $ * @package DedeCMS.Member * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ require_once dirname(__FILE__) . "/config.php"; CheckRank(0, 0); require_once DEDEINC . "/datalistcp.class.php"; setcookie("ENV_GOBACK_URL", GetCurUrl(), time() + 3600, "/"); $type = empty($type) ? "sys" : trim($type); $tpl = ''; $menutype = 'mydede'; $rank = empty($rank) ? "" : $rank; if ($rank == 'top') { $sql = "SELECT s.*,COUNT(s.aid) AS num,t.* from #@__member_stow AS s LEFT JOIN `#@__member_stowtype` AS t on t.stowname=s.type group by s.aid order by num desc"; $tpl = 'stowtop'; } else { $sql = "SELECT s.*,t.* FROM `#@__member_stow` AS s left join `#@__member_stowtype` AS t on t.stowname=s.type where s.mid='" . $cfg_ml->M_ID . "' order by s.id desc"; $tpl = 'mystow'; } $dsql->Execute('nn', 'SELECT indexname,stowname FROM `#@__member_stowtype`'); while ($row = $dsql->GetArray('nn')) { $rows[] = $row; } $dlist = new DataListCP();
function get_openid($openid = NULL) { $token = get_token(); if ($openid !== NULL) { session('openid_' . $token, $openid); } elseif (!empty($_REQUEST['openid'])) { session('openid_' . $token, $_REQUEST['openid']); } $openid = session('openid_' . $token); $isWeixinBrowser = isWeixinBrowser(); if (empty($openid) && $isWeixinBrowser) { $callback = GetCurUrl(); OAuthWeixin($callback); } if (empty($openid)) { return -1; } return $openid; }
public function index() { if (IS_GET) { $url = GetCurUrl(); weixin_log($url, 'auth'); if ($this->auth(TOKEN)) { echo $_GET['echostr']; } die; } $content = file_get_contents('php://input'); $content = new \SimpleXMLElement($content); foreach ($content as $key => $value) { $data[$key] = strval($value); } $this->data = $data; weixin_log($data, $GLOBALS['HTTP_RAW_POST_DATA']); if (!empty($data['FromUserName'])) { session('openid', $data['FromUserName']); } $key = $data['Content']; $keywordArr = array(); $list = D('addons')->where('is_weixin=1')->findAll(); foreach ($list as $vo) { if ($vo['status']) { $addon_list[] = $vo; } else { $forbit_list[] = $vo; } } if ($data['MsgType'] == 'event') { $event = strtolower($data['Event']); foreach ($addon_list as $vo) { $name = $vo['name']; $this->plugin_deal($name, $event, $data); } if (!($event == 'click' && !empty($data['EventKey']))) { return true; } $key = $data['Content'] = $data['EventKey']; } $uid = intval($this->mid); $user_status = S('user_status_' . $uid); if (!isset($plugins[$key]) && $user_status) { $plugins[$key] = $user_status['module']; $keywordArr = $user_status['keywordArr']; S('user_status_' . $uid, null); } if (!isset($plugins[$key])) { foreach ($addon_list as $k => $vo) { $plugins[$vo['name']] = $k; $plugins[$vo['pluginName']] = $k; } } if (!isset($plugins[$key])) { $like['keyword'] = array('like', "%{$key}%"); if (!empty($forbit_list)) { $like['module'] = array('not in', $forbit_list); } $keywordArr = M('keyword')->where($like)->order('id desc')->find(); $plugins[$key] = $keywordArr['module']; } // 回答不上 if (!isset($plugins[$key])) { $plugins[$key] = 'Base'; } $this->plugin_deal($plugins[$key], 'response', $data, $keywordArr); }
copy($configfile,$configfile_bak) or die("保存配置{$configfile}时失败!请检测权限"); $fp = fopen($configfile,'w') or die("保存配置{$configfile}时失败!请检测权限"); flock($fp,3); fwrite($fp,"<"."?php\r\n"); while($row = $dsql->GetArray()){ fwrite($fp,"\${$row['varname']} = '".str_replace("'","\\'",$row['value'])."';\r\n"); } fwrite($fp,"?".">"); fclose($fp); $dsql->ExecuteNoneQuery("Delete From #@__member "); $dsql->ExecuteNoneQuery("Delete From #@__member_arctype "); $dsql->ExecuteNoneQuery("Delete From #@__member_flink "); $dsql->ExecuteNoneQuery("Delete From #@__member_guestbook "); $dsql->ExecuteNoneQuery("Delete From #@__memberstow "); $dsql->Close(); $nurl = GetCurUrl(); $nurl = str_replace("savesetting","converdata",$nurl); ShowMsg("完成数据保存,并清空本系统的会员数据,现在开始导入数据!",$nurl); exit(); } /*------------------------------- //保存用户设置,转换会员数据 function __ConverData() --------------------------------*/ else if($action=='converdata'){ set_time_limit(0); if(empty($tgmd5len)) $tgmd5len = 32; if($tgmd5len < $cfg_md5len && $tgtype=='md5'){ ShowMsg("无法从短的MD5密码转换为更长的密码!","javascript:;"); exit(); }
define('ConfigDIR', "config" . pathspace); require ConfigDIR . "config.php"; //模块目录 define('ModuleDIR', "module" . pathspace); //语言目录 define('LanDIR', PluginDIR . "language" . pathspace); //标签目录 define('TagDIR', PluginDIR . 'tag' . pathspace); //模板目录 define('TmpDIR', $config['tmpDir'] . pathspace); //载入通用模块 require LanDIR . $config['language'] . ".php"; require PluginDIR . "url.php"; require PluginDIR . "dbBase.php"; //解析URL地址 $arr = explode('/', GetCurUrl()); //检查URL,加载请求模块 if (count($arr) > 3) { //判断索引文件是否存在 if (is_dir(ModuleDIR . $arr[2])) { //加载初始化 include_once PluginDIR . "contrl.php"; $module_file = ModuleDIR . $arr[2] . pathspace . "index.php"; if (is_file($module_file)) { include_once $module_file; $clsname = $arr[2]; //执行方法 if (isset($clsname)) { $obj = new $clsname(); if (in_array($arr[3], get_class_methods($clsname))) { //解析方法参数
function get_openid($openid = NULL) { $mp_id = get_mpid(); if ($openid !== NULL) { session('openid_' . $mp_id, $openid); } elseif (!empty($_REQUEST['openid'])) { session('openid_' . $mp_id, $_REQUEST['openid']); } $openid = session('openid_' . $mp_id); trace($mp_id . 'wechat:openid' . $openid, '微信', 'DEBUG', true); $isWeixinBrowser = isWeixinBrowser(); //下面这段应该逻辑没问题,如果公众号配置信息错误或者没有snsapi_base作用域的获取信息权限可能会出现死循环,注释掉以下if可治愈 if ($openid <= 0 && $isWeixinBrowser) { trace('wechat:openid1' . $openid, '微信', 'DEBUG', true); $callback = GetCurUrl(); // OAuthWeixin ( $callback ); $info = get_mpid_appinfo(); trace('wechat:OAuthWeixin' . $info['id'], '微信', 'DEBUG', true); $options['token'] = APP_TOKEN; $options['appid'] = $info['appid']; //初始化options信息 $options['appsecret'] = $info['secret']; $options['encodingaeskey'] = $info['encodingaeskey']; $auth = new Com\Wxauth($options); $openid = $auth->open_id; trace('wechat:openid3' . $openid, '微信', 'DEBUG', true); } if (empty($openid)) { return -1; } trace($mp_id . 'wechat:openid2' . $openid, '微信', 'DEBUG', true); return $openid; }
<?php /** * @version $Id: create.php 1 12:11 2010年9月13日Z tianya $ * @package DedeCMS.Module.Group * @copyright Copyright (c) 2007 - 2010, DesDev, Inc. * @license http://help.dedecms.com/usersguide/license.html * @link http://www.dedecms.com */ require_once dirname(__FILE__) . "/config.php"; require_once DEDEINC . "/oxwindow.class.php"; require_once DEDEINC . "/image.func.php"; require_once DEDEMEMBER . '/inc/inc_archives_functions.php'; $action = isset($action) ? trim($action) : ''; if (!$cfg_ml->IsLogin()) { ShowMsg("你尚未登录或已经超时!", $cfg_member_dir . "/login.php?gourl=" . urlencode(GetCurUrl())); exit; } if (!isset($cfg_group_creators)) { $cfg_group_creators = 0; //积分条件全局 } if (!isset($cfg_group_max)) { $cfg_group_max = 0; //用户可建圈子数全局 } //对积分要求 if ($cfg_ml->M_Scores < $cfg_group_creators) { ShowMsg("积分小于{$cfg_group_creators}!还没达到创建圈子积分条件.", "-1"); exit; }
con.style.display=i==cursel?"block":"none"; } } function setTabNew(name,cursel,n){ for(i=1;i<=n;i++){ var menu=document.getElementById(name+i); var con=document.getElementById("Ncon_"+name+"_"+i); menu.className=i==cursel?"hover1":"nohover"; con.style.display=i==cursel?"block":"none"; } } function LoginSubmit() { $.jBox.tip("登陆中......",'loading'); $.ajax({ url: "__APP__/member/common/actlogin", data: {"sUserName": $("#txtUser").val(),"sPassword": $("#txtPwd").val(),"sVerCode": $("#txtCode").val(),"Keep":$("#loginstate").val(),"url_referer":'<?php echo GetCurUrl(); ?>'}, timeout: 5000, cache: false, type: "post", dataType: "json", success: function (d, s, r) { if(d){ if(d.status==0){ $.jBox.tip(d.message,"tip"); }else{ window.location.href=d.url_referer; } } } }); }
} else { $cfg_siteid = 1; $cfg_sitekey = ''; } require_once MOBILE_INC . '/admin.func.php'; require_once MOBILE_INC . '/page.class.php'; //加载模板页面 if ($c == 'index' || $c == 'web_config' || $c == 'infoclass' || $c == 'info' || $c == 'infolist' || $c == 'infoimg') { //检测是否登录 if (!isset($_SESSION['admin']) || !isset($_SESSION['adminlevel']) || !isset($_SESSION['logintime'])) { $_SESSION = array(); session_destroy(); if (strstr(GetCurUrl(), '/plugin/') or strstr(GetCurUrl(), '/editor/')) { echo '<script type="text/javascript">window.top.location.href="../login.php";</script>'; } else { if (strstr(GetCurUrl(), 'inc/config.inc.php')) { echo '<script type="text/javascript">window.top.location.href="login.php";</script>'; } else { echo '<script type="text/javascript">window.top.location.href="login.php";</script>'; } } exit; } } //登录页面 if ($c == 'login') { require_once 'mobile/login.php'; exit; } else { if ($c == 'index') { require_once 'mobile/index.php';
function get_openid($openid = NULL) { $mp_id = get_mpid(); if ($openid !== NULL) { session('openid_' . $mp_id, $openid); } elseif (!empty($_REQUEST['openid'])) { session('openid_' . $mp_id, $_REQUEST['openid']); } $openid = session('openid_' . $mp_id); $isWeixinBrowser = isWeixinBrowser(); //下面这段应该逻辑没问题,如果公众号配置信息错误或者没有snsapi_base作用域的获取信息权限可能会出现死循环,注释掉以下if可治愈 if ($openid <= 0 && $isWeixinBrowser) { $callback = GetCurUrl(); // OAuthWeixin ( $callback ); $info = get_mpid_appinfo(); $options['token'] = APP_TOKEN; $options['appid'] = $info['appid']; //初始化options信息 $options['appsecret'] = $info['secret']; $options['encodingaeskey'] = $info['encodingaeskey']; $auth = new Com\Wxauth($options); $openid = $auth->open_id; session('wxuser_' . $mp_id . $openid, $auth->wxuser); //wxauth获得的微信用户信息存到session中 } if (empty($openid)) { return -1; } return $openid; }
function DisplayError($msg, $t = 0) { global $cfg_diserror; //向浏览器输出错误 switch ($t) { case 0: $title = '安全警告:MySql Error!'; break; case 1: $title = '安全警告:请检查您的SQL语句是否合法,您的操作将被强制停止!'; break; default: } $str = '<div style="font-family:\'微软雅黑\';font-size:12px;">'; $str .= '<h3 style="margin:0;padding:0;line-height:30px;color:red;">' . $title . '</h3>'; $str .= '<strong>错误文件</strong>:' . GetCurUrl() . '<br />'; $str .= '<strong>错误信息</strong>:' . $msg . ''; $str .= '</div>'; //判断是否输出错误提示 if ($cfg_diserror == 'Y') { echo $str; } //保存MySql错误日志 $userIP = GetIP(); $getUrl = GetCurUrl(); $getTime = GetDateTime(time()); $logfile = dirname(__FILE__) . '/../data/error/mysql_error_trace.php'; $savemsg = '<?php exit(); ?> Time: ' . $getTime . '. || Page: ' . $getUrl . ' || IP: ' . $userIP . ' || Error: ' . $msg . "\r\n"; Writef($logfile, $savemsg, 'a+'); //危险错误,强制停止 if ($t == 1) { exit; } }
function CheckSql($db_string, $querytype = 'select') { global $cfg_cookie_encode; $clean = ''; $error = ''; $old_pos = 0; $pos = -1; $log_file = DEDEINC . '/../data/' . md5($cfg_cookie_encode) . '_safe.txt'; $userIP = GetIP(); $getUrl = GetCurUrl(); //如果是普通查询语句,直接过滤一些特殊语法 if ($querytype == 'select') { $notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}"; //$notallow2 = "--|/\*"; if (preg_match("/" . $notallow1 . "/i", $db_string)) { fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||SelectBreak\r\n"); exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>"); } } //完整的SQL检查 while (TRUE) { $pos = strpos($db_string, '\'', $pos + 1); if ($pos === FALSE) { break; } $clean .= substr($db_string, $old_pos, $pos - $old_pos); while (TRUE) { $pos1 = strpos($db_string, '\'', $pos + 1); $pos2 = strpos($db_string, '\\', $pos + 1); if ($pos1 === FALSE) { break; } elseif ($pos2 == FALSE || $pos2 > $pos1) { $pos = $pos1; break; } $pos = $pos2 + 1; } $clean .= '$s$'; $old_pos = $pos + 1; } $clean .= substr($db_string, $old_pos); $clean = trim(strtolower(preg_replace(array('~\\s+~s'), array(' '), $clean))); if (strpos($clean, '@') !== FALSE or strpos($clean, 'char(') !== FALSE or strpos($clean, '"') !== FALSE or strpos($clean, '$s$$s$') !== FALSE) { $fail = TRUE; if (preg_match("#^create table#i", $clean)) { $fail = FALSE; } $error = "unusual character"; } //老版本的Mysql并不支持union,常用的程序里也不使用union,但是一些黑客使用它,所以检查它 if (strpos($clean, 'union') !== FALSE && preg_match('~(^|[^a-z])union($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "union detect"; } elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== FALSE || strpos($clean, '#') !== FALSE) { $fail = TRUE; $error = "comment detect"; } elseif (strpos($clean, 'sleep') !== FALSE && preg_match('~(^|[^a-z])sleep($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "slown down detect"; } elseif (strpos($clean, 'benchmark') !== FALSE && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "slown down detect"; } elseif (strpos($clean, 'load_file') !== FALSE && preg_match('~(^|[^a-z])load_file($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "file fun detect"; } elseif (strpos($clean, 'into outfile') !== FALSE && preg_match('~(^|[^a-z])into\\s+outfile($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "file fun detect"; } elseif (preg_match('~\\([^)]*?select~is', $clean) != 0) { $fail = TRUE; $error = "sub select detect"; } if (!empty($fail)) { fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||{$error}\r\n"); exit("<font size='5' color='red'>Safe Alert: Request Error step 2!</font>"); } else { return $db_string; } }
<?php require_once dirname(__FILE__) . '/config.php'; CheckRank(0, 0); require_once DEDEINC . '/datalistcp.class.php'; setcookie('ENV_GOBACK_URL', GetCurUrl(), time() + 3600, '/'); $query = "Select * From `#@__member_operation` where mid='" . $cfg_ml->M_ID . "' And product='archive' order by aid desc"; $dlist = new DataListCP(); $dlist->pageSize = 20; $dlist->SetTemplate(DEDEMEMBER . '/templets/mypay.htm'); $dlist->SetSource($query); $dlist->Display();
function SetSysEvent($m = '', $cid = 0, $a = 'all') { global $dosql; //数据库还原报错问题兼容方法 if (strpos(GetCurUrl(), 'database_backup.php') && (isset($_GET['action']) && $_GET['action'] == 'import')) { return false; } $sql = "INSERT INTO `#@__sysevent` (uname, siteid, model, classid, action, posttime, ip) VALUE ('" . $_SESSION['admin'] . "', '" . $_SESSION['siteid'] . "', '{$m}', '{$cid}', '{$a}', '" . time() . "', '" . GetIP() . "')"; //更新操作日志 //一分钟内连续操作只记录一次 $r = $dosql->GetOne("SELECT `posttime` FROM `#@__sysevent` WHERE `uname`='" . $_SESSION['admin'] . "' AND `siteid`=" . $_SESSION['siteid'] . " AND `model`='{$m}' AND `action`='{$a}' ORDER BY id DESC"); if (!isset($r['posttime'])) { $dosql->ExecNoneQuery($sql); } else { if (isset($r['posttime']) && $r['posttime'] < time() - 60) { $dosql->ExecNoneQuery($sql); } } }
} ?> </head> <body> <?php //检测安装目录安全性 if( is_dir(dirname(__FILE__).'/../install') && !file_exists(dirname(__FILE__).'/../install/install.lock') ) { $fp = fopen(dirname(__FILE__).'/../install/install.lock', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!'); fwrite($fp,' '); fclose($fp); } //检测后台目录是否更名 $cururl = GetCurUrl(); if(eregi('/dede/login',$cururl)) { $redmsg = '<center><br /><br /><font color=\'red\'><b>你的管理目录使用默认名称dede,建议修改为其它名称会更安全!</b></font></center>'; } else { $redmsg = ''; } echo $redmsg; //-------------------------------- //登录检测 //-------------------------------- if($dopost=="login") { if(empty($validate)) $validate=""; else $validate = strtolower($validate); $admindirs = explode('/',str_replace("\\","/",dirname(__FILE__)));
function get_openid($openid = NULL) { $token = get_token(); if ($openid !== NULL && $openid != '-1') { session('openid_' . $token, $openid); } elseif (!empty($_REQUEST['openid']) && $_REQUEST['openid'] != '-1' && $_REQUEST['openid'] != '-2') { session('openid_' . $token, $_REQUEST['openid']); } $openid = session('openid_' . $token); $isWeixinBrowser = isWeixinBrowser(); if ((empty($openid) || $openid == '-1') && $isWeixinBrowser && $_REQUEST['openid'] != '-2' && IS_GET && !IS_AJAX) { $callback = GetCurUrl(); OAuthWeixin($callback, $token); } if (empty($openid)) { return '-1'; // exit ( 'openid获取失败error' ); } return $openid; }
<div id="i-engine" class="panel" style="display: none"> <table cellpadding="0" cellspacing="0"> <tr> <td>language</td> <td><?php echo $g_arrLangs[LANG]['name']; ?> <strong>(<?php echo LANG; ?> )</strong></td> </tr> <tr> <td>current url</td> <td><?php echo GetCurUrl(); ?> </td> </tr> <tr> <td>query</td> <td><?php echo GetQuery(); ?> </td> </tr> <?php foreach ($g_config['phpIni'] as $k => $v) { ?> <tr> <td><?php
function GetRealOpenId() { $appid = "wxadd0d2ec0a8fe9fe"; $appsecret = "f71b4c54f831bcde726a428caa46062c"; $callback = GetCurUrl(); if (isset($_GET['code'])) { $code = $_GET['code']; $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid=' . $appid . '&secret=' . $appsecret . '&code=' . $code . '&grant_type=authorization_code'; $result = https_request($url); $result = json_decode($result); //$access_token = $result->access_token; $openid = $result->openid; return $openid; } else { $url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid={$appid}&redirect_uri={$callback}&response_type=code&scope=snsapi_base&state=123#wechat_redirect"; redirect($url); } }