function strCheck($str)
{
if (inject_check($str)) {
die('非法参数');
}
//注入判断
$str = htmlspecialchars($str);
return $str;
}
function checkLogin()
{
if (empty($_POST['username'])) {
$this->error("帐号错误");
} elseif (empty($_POST['password'])) {
$this->error("密码必须!");
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = inject_check($_POST['username']);
$map["status"] = array('gt', 0);
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在!');
}
if (empty($authInfo)) {
$this->error('帐号不存在或已禁用!');
}
$pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms'));
if ($pwdinfo != 0) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['username'] = $_POST['username'];
$_SESSION['cookietime'] = time();
$role = M('role_admin');
$authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id');
if ($authInfo['role_id'] == '1') {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$admin = M('admin');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['lastlogintime'] = $time;
$data['lastloginip'] = $ip;
$admin->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//保存cookie信息
import('ORG.Util.Cookie');
Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3);
//dump($_SESSION);
$this->index();
}
function str_check($str)
{
if (inject_check($str)) {
echo $str;
die('非法参数');
}
//注入判断
$str = htmlspecialchars($str);
//转换html
return $str;
}
public function index()
{
inject_check($_GET['aid']);
$mood = M('mood');
$list = $mood->where('aid=' . intval($_GET['aid']))->find();
if ($list) {
echo "{$list['mood1']},{$list['mood2']},{$list['mood3']},{$list['mood4']},{$list['mood5']},{$list['mood6']},{$list['mood7']},{$list['mood8']}";
} else {
$data['aid'] = intval($_GET['aid']);
$mood->add($data);
echo "0,0,0,0,0,0,0,0";
}
}
function ajax_arclist()
{
$prefix = !empty($_REQUEST['prefix']) ? (bool) $_REQUEST['prefix'] : true;
//表过滤防止泄露信息,只允许的表
if (!in_array($_REQUEST['model'], array('article', 'type', 'ad', 'label', 'link'))) {
exit;
}
if (!empty($_REQUEST['model'])) {
if ($prefix == true) {
$model = C('DB_PREFIX') . $_REQUEST['model'];
} else {
$model = $_REQUEST['model'];
}
} else {
$model = C('DB_PREFIX') . 'article';
}
$order = !empty($_REQUEST['order']) ? inject_check($_REQUEST['order']) : '';
$num = !empty($_REQUEST['num']) ? inject_check($_REQUEST['num']) : '';
$where = !empty($_REQUEST['where']) ? inject_check(urldecode($_REQUEST['where'])) : '';
//使where支持 条件判断,添加不等于的判断
$page = false;
if (!empty($_REQUEST['page'])) {
$page = (bool) $_REQUEST['page'];
}
$pagesize = !empty($_REQUEST['pagesize']) ? intval($_REQUEST['pagesize']) : '10';
//$query =!empty($_REQUEST['sql'])?$_REQUEST['sql']:'';//太危险不用
$field = '';
if (!empty($_REQUEST['field'])) {
$f_t = explode(',', inject_check($_REQUEST['field']));
$f_t = array_map('urlencode', $f_t);
$field = implode(',', $f_t);
}
$m = new Model($model, NULL);
//如果使用了分页,缓存也不生效
if ($page) {
import("ORG.Util.Page");
//这里改成你的Page类
$count = $m->where($where)->count();
$total_page = ceil($count / $pagesize);
$p = new Page($count, $pagesize);
//如果使用了分页,num将不起作用
$t = $m->field($field)->where($where)->limit($p->firstRow . ',' . $p->listRows)->order($order)->select();
//echo $m->getLastSql();
$ret = array('total_page' => $total_page, 'data' => $t);
}
//如果没有使用分页,并且没有 query
if (!$page) {
$ret = $m->field($field)->where($where)->order($order)->limit($num)->select();
}
$this->ajaxReturn($ret, '返回信息', 1);
}
public function index()
{
inject_check($_GET['aid']);
inject_check($_GET['page']);
$pl = M('pl');
$config = F('basic', '', './Web/Conf/');
$data['status'] = 1;
$data['aid'] = intval($_GET['aid']);
$list = $pl->where($data)->select();
if (!$list) {
$this->display(TMPL_PATH . cookie('think_template') . '/pl_nopl.html', 'utf-8', 'text/xml');
exit;
}
$count = $pl->where($data)->count();
$this->assign('allnum', $count);
$pagenum = 6;
//每六条分页
$pages = ceil($count / $pagenum);
//总页数
$prepage = ($_GET['page'] - 1) * $pagenum;
$endpage = $_GET['page'] * $pagenum;
$tempnum = $pagenum * $_GET['page'];
$lastnum = $tempnum < $count ? $tempnum : $count;
$plist = $pl->where($data)->order('ptime asc')->limit($prepage . ',' . $endpage)->select();
foreach ($plist as $k => $v) {
if (!empty($v['recontent'])) {
$v['recontent'] = '<font color=red><b>管理员回复:' . $v['recontent'] . '</b></font>';
}
$pp[$k] = $v;
$pp[$k]['num'] = $k + 1 + (intval($_GET['page']) - 1) * $pagenum;
}
//封装变量
$this->assign('nowpage', intval($_GET['page']));
//当前页
$this->assign('pages', $pages);
//总页数
$this->assign('aid', intval($_GET['aid']));
//文章aid
$this->assign('lastnum', $lastnum);
//最后一条记录数
$this->assign('list', $pp);
//模板输出
$this->display(TMPL_PATH . cookie('think_template') . '/pl_pl.html', 'utf-8', 'text/xml');
}
public function update()
{
if (empty($_POST)) {
alert('请选择投票项!', 1);
}
inject_check($_POST['id']);
if (Cookie::is_set('vote' . $_POST['id'])) {
alert('您已投过票了!', 1);
}
//读取数据库
$vote = M('vote');
//if(C('TOKEN_ON') && !$vote->autoCheckToken($_POST)){$this->error(L('_TOKEN_ERROR_'));}//防止乱提交表单
$vo = $vote->where('id=' . intval($_POST['id']))->field('vote,overtime,starttime,stype')->find();
$strs = explode(PHP_EOL, trim($vo['vote']));
//业务处理
if (!$vo) {
alert('投票不存在!', 3);
}
if ($vo['overtime'] != '' && cptime(date('Y-m-d H:i:s'), $vo['overtime'])) {
alert('投票已结束!', U('votes/' . $_POST['id']));
}
if (!cptime(date('Y-m-d H:i:s'), $vo['starttime'])) {
alert('投票没有开始!', U('votes/' . $_POST['id']));
}
$data['vote'] = $vo['vote'];
if ($vo['stype'] == 0) {
$_POST['vote'] = array($_POST['vote']);
}
foreach ($_POST['vote'] as $v) {
$v = str_replace(PHP_EOL, "", $v);
if (in_array($v, $strs)) {
$s = explode("=", $v);
if (count($s) == 2 && is_numeric($s[1])) {
$data['vote'] = str_replace($v, $s[0] . "=" . (intval($s[1]) + 1), $data['vote']);
}
}
}
if ($vote->where('id=' . intval($_POST['id']))->save($data)) {
Cookie::set('vote' . $_POST['id'], '1', 365 * 60 * 60 * 24);
alert('投票成功!', U('votes/' . $_POST['id']));
}
alert("操作失败!", U('votes/' . $_POST['id']));
}
public function index()
{
if (!isset($_GET['aid'])) {
$this->error('非法操作');
}
inject_check($_GET['aid']);
inject_check($_GET['p']);
$aid = intval($_GET['aid']);
//读取数据库和缓存
ob_start();
//用于生成静态HTML
$is_build = C('IS_BUILD_HTML');
//允许参数
$allow_param = array('p', 'keyword');
$static_file = './Html/' . cookie('think_template') . '/articles/' . $aid;
$mid_str = '';
if (count($_REQUEST) > 1) {
foreach ($_REQUEST as $k => $v) {
if ($k != 'aid' && in_array($k, $allow_param)) {
$mid_str .= '/' . $k . '/' . md5($v);
}
}
}
$static_file .= $mid_str . '.html';
$path = './ArticleAction.class.php';
$php_file = basename($path);
parent::html_init($static_file, $php_file, $is_build);
//以下是动态代码
$article = M('article');
$config = F('basic', '', './Web/Conf/');
$page_model = 'page/page_default.html';
//相关判断
$alist = $article->where('aid=' . $aid)->find();
if (!$alist) {
alert('文章不存在或已删除!', __APP__);
}
if ($alist['islink'] == 1) {
Header('Location:' . $alist['linkurl']);
}
if ($alist['status'] == 0) {
alert('文章未审核!', __APP__);
}
//阅读权限
if ($config['isread'] == 1) {
$uvail = explode(',', $_SESSION['dami_uservail']);
if (!in_array($alist['typeid'], $uvail)) {
alert('对不起您没有阅读改文章的权限!', __APP__);
}
}
$this->assign('title', $alist['title']);
parent::tree_dir($alist['typeid'], 'tree_list');
$type = M('type');
$list = $type->where('typeid=' . intval($alist['typeid']))->find();
if ($list) {
$pid = get_first_father($list['typeid']);
$cur_menu = get_field('type', 'typeid=' . $pid, 'drank');
$this->assign('cur_menu', $cur_menu);
$this->assign('type', $list);
}
$a = M('type')->where('typeid=' . $alist['typeid'])->getField('page_path');
if ($a != '' && file_exists(TMPL_PATH . cookie('think_template') . '/' . $a)) {
$page_model = $a;
}
//网站头部
R('Public/head');
R('Public/py_link');
//统计处理
if ($alist['status'] == 1) {
$map['hits'] = $alist['hits'] + 1;
$article->where('aid=' . $aid)->save($map);
}
//注销map
unset($map);
$alist['hits'] += 1;
//关键字替换
$alist['content'] = $this->key($alist['content']);
//鼠标轮滚图片
if ($config['mouseimg'] == 1) {
$alist['content'] = $this->mouseimg($alist['content']);
}
//文章内分页处理
if ($alist['pagenum'] == 0) {
//手动分页
$alist['content'] = $this->diypage($alist['content']);
} else {
//自动分页
$alist['content'] = $this->autopage($alist['pagenum'], $alist['content']);
}
//文章内投票
$this->vote($alist['voteid']);
//心情投票
$url = __ROOT__;
//用于心情js的根路径变量
$this->assign('url', $url);
//文章上下篇
$map['status'] = 1;
$map['typeid'] = $alist['typeid'];
$map['aid'] = array('lt', $alist['aid']);
$up = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find();
//dump($article->getLastsql());
if (!$up) {
$lastpage = '';
$updown = '下一篇:<span>无</span>';
} else {
$up['title'] = msubstr($up['title'], 0, 20, 'utf-8');
$lastpage = '<a href="' . U('articles/' . $up['aid']) . '" data-icon="arrow-l" data-iconpos="left">' . $up['title'] . '</a>';
$updown = '下一篇:<span><a href="' . U('articles/' . $up['aid']) . '" >' . $up['title'] . '</a></span>';
}
$this->assign('lastpage', $lastpage);
$map['aid'] = array('gt', $alist['aid']);
$down = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find();
if (!$down) {
$nextpage = '';
$updown .= ' 上一篇:<span>无</span>';
} else {
$dowm['title'] = msubstr($down['title'], 0, 20, 'utf-8');
$nextpage = '<a href="' . U('articles/' . $down['aid']) . '" data-icon="arrow-r" data-iconpos="right">' . $down['title'] . '</a>';
$updown .= ' 上一篇:<span><a href="' . U('articles/' . $down['aid']) . '">' . $down['title'] . '</a></span>';
}
$this->assign('nextpage', $nextpage);
$this->assign('updown', $updown);
//释放相关内存
unset($updown, $up, $down, $map, $lastpage, $nextpage);
//相关文章
if ($alist['keywords'] != '') {
$map['status'] = 1;
$keywords = explode(",", $alist['keywords']);
foreach ($keywords as $k => $v) {
if ($k == 0) {
$map['_string'] = "(keywords like '%{$v}%')";
} else {
$map['_string'] = " OR (keywords like '%{$v}%')";
}
}
$klist = $article->where($map)->field('aid,title,imgurl,addtime')->limit(6)->select();
//封装变量
$this->assign('keylist', $klist);
}
$this->assign('article', $alist);
//释放内存
unset($article, $alist, $klist, $map);
//模板输出
$this->display(TMPL_PATH . cookie('think_template') . '/' . $page_model);
if ($is_build == 1) {
$c = ob_get_contents();
if (!file_exists(dirname($static_file))) {
@mk_dir(dirname($static_file));
}
file_put_contents($static_file, $c);
}
}
<?php
require_once "../config.php";
require_once '../includes/function.php';
require_once '../includes/smarty.inc.php';
require_once '../includes/connect.php';
require_once '../includes/userShell.php';
$id = $_GET["id"];
$key_check = inject_check($id);
$result1 = mysqli_query($con, "SELECT * FROM sd_setting");
//获取数据
while ($row1 = mysqli_fetch_assoc($result1)) {
$tit = $row1['main_tit'];
$share = $row1['share'];
$theme = $row1['theme'];
$url1 = $row1['zzurl'];
$domain = $row1['kjurl'];
$tjcode = $row1['tjcode'];
}
$err[0] = false;
$err[1] = "";
if (file_exists("../content/themes/" . $theme . "/pages/config.json")) {
$configFile = fopen("../content/themes/" . $theme . "/pages/config.json", "r");
$configContent = fread($configFile, filesize("../content/themes/" . $theme . "/pages/config.json"));
fclose($configFile);
$pages = json_decode($configContent, true);
$idCheck[0] = false;
foreach ($pages as $key => $value) {
if ($value["id"] == $id) {
$idCheck[0] = false;
$idCheck[1] = $value["file"];
*
*
*/
foreach ($_POST as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
foreach ($_GET as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
foreach ($_REQUEST as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
function inject_check($Sql_Str)
{
//自动过滤Sql的注入语句。
$check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str);
if ($check) {
$result['code'] = 0;
$result['info'] = "您提交的信息包含非法字符!";
print_r(json_encode($result));
exit;
} else {
return $Sql_Str;
}
}
$key1 = "";
$sskey = $_GET['sskey'];
$tp = $_GET['type'];
require_once "../config.php";
//引入配置文件
require_once 'function.php';
//引入函数库
require_once 'connect.php';
require_once "qiniu/rs.php";
date_default_timezone_set("Asia/Shanghai");
//设置时区
error_reporting(0);
//设置错误级别0
$keyp = inject_check($tp);
//检查sql注入
$keyp1 = inject_check($sskey);
//检查sql注入
if ($keyp == "bad" || $keyp1 == "bad") {
exit;
}
if ($tp == "open") {
$ku = "sd_ss";
} else {
if ($tp == "lock") {
$ku = "sd_sskey";
}
}
$ju = "select * from " . $ku . " where sskey = '{$sskey}'";
$result = mysqli_query($con, $ju);
//获取数据
while ($row = mysqli_fetch_assoc($result)) {
ob_start();
header("Content-Type: text/html; charset=utf-8");
include "../include/config.php";
function inject_check($Sql_Str)
{
//自动过滤Sql的注入语句。
$check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str);
if ($check) {
echo '<script language="JavaScript">alert("系统警告:\\n\\n请不要尝试在参数中包含非法字符尝试注入!");window.location.href="/";</script>';
exit;
} else {
return $Sql_Str;
}
}
$AdminUser = inject_check($_REQUEST["AdminUser"]);
$AdminPass = md5(inject_check($_REQUEST["AdminPass"]));
$sql = "select * from admin where AdminUser='******' and AdminPass='******'";
$result = mysql_db_query($dbname, $sql);
//mysql_select_db($dbname);
//$result=mysql_query($sql);
$rs = mysql_fetch_array($result);
$fg = $rs["flag"];
$ip = $_SERVER["HTTP_VIA"] ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$ip = $ip ? $ip : $_SERVER["REMOTE_ADDR"];
$data = date("Y-m-d H:i:s");
if ($rs != NULL) {
setcookie('ckey', "yes");
setcookie('AdminUser', $AdminUser);
setcookie('fg', $fg);
setcookie('ips', $ip);
setcookie('dt', $data);
<?php require_once 'include.php';
$sql="select * from dw_article where articleid=".inject_check($_GET['id']);
$rows=fetchOne($sql);
$web_sql="select * from dw_config";
$web_config=fetchOne($web_sql);
//print_r($web_config);
//echo $key."=>".$value; [$web_config][$webtitle];
//foreach($web_configs as $web_config):
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo $rows['title'];?></title></title>
<link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="http://cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
<!-- 最新的 Bootstrap 核心 JavaScript 文件 -->
<script src="http://cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<!-- 这个是页头-->
<?php require_once "head.php";?>
<!--这个是导航-->
<nav class="navbar navbar-default" style="margin:3px 0px; padding:0px;">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<?php
require_once "../config.php";
//基础配置文件
require_once '../includes/function.php';
//函数库
require_once '../includes/smarty.inc.php';
//smarty模板配置
require_once '../includes/connect.php';
require_once '../includes/userShell.php';
$key = $_GET["key"];
//GET到的KEY值
$key_check = inject_check($key);
$result = mysqli_query($con, "SELECT * FROM sd_file\nWHERE key1='{$key}'");
while ($row = mysqli_fetch_assoc($result)) {
$ming = $row['ming'];
$zhuangtai = $row['cishuo'];
$policyId = $row['policyid'];
$uploadUser = $row['upuser'];
$array = explode(".", $ming);
//分割文件名
$filetype = end($array);
//获取文件扩展名
}
$results = mysqli_query($con, "SELECT * FROM sd_policy where id = {$policyId}");
while (@($row2 = mysqli_fetch_assoc($results))) {
$serverUrl = $row2['p_url'];
$fileSize = $row2['p_size'];
$fileDir = $row2['p_dir'];
$autoName = $row2['p_autoname'];
$nameRule = $row2['p_namerule'];
<?php
header("content-type:text/html;charset=utf-8");
error_reporting(E_ALL^E_NOTICE);
echo '<link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">';
require_once("../include.php");
$act=$_GET['act'];
if($act=="login"){
$username=inject_check($_POST['username']);
$userpass=md5(inject_check(($_POST['userpass'])));
$sql="select * from dw_user where username='******' and userpass='******'";
$row=fetchOne($sql);
if($row){
session_start();
$_SESSION['username']=$row['username'];
echo '<div class="alert alert-success" role="alert">登录成功!<a href="index.php">进入后台</a>!</div>';
}
else
{
echo '<div class="alert alert-danger" role="alert">登录失败!<a href="login.php">重新登录</a>!</div>';
}
}
//添加分类
if($act=="addclass"){
addclass();
}
//添加文章
if($act=="addarticle"){
function returnResponse($code, $desc)
{
echo json_encode(array("errorcode" => $code, "errmsg" => $desc));
exit;
}
if ($_SERVER['REQUEST_METHOD'] != "POST") {
returnResponse(40002, "method is not correct");
} else {
try {
$content = file_get_contents('php://input');
$json = json_decode($content);
$uid = $json->uid;
$username = $json->username;
$message = $json->message;
$wallid = $json->wallid;
if (inject_check($uid) || inject_check($message) || inject_check($wallid)) {
returnResponse(40001, "system is busy 05");
} else {
$Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' ");
if ($Value = $_SGLOBAL['db']->fetch_array($Query)) {
$apply = $Value['uid'];
$check = $Value['check'];
$WallTitle = $Value['wallname'];
}
$isfounder = ckfounder($uid);
if ($check || $isfounder || $uid == 144 || $uid == $apply) {
$pass = 1;
}
$setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat');
//入库
$newwallid = inserttable('wallfield', $setarr, 1);
}
}
if ($inject_chk) {
$i = 0;
$Ary =& $_POST;
foreach ($Ary as $AryKey[$i] => $a[$i]) {
if (inject_check($a[$i])) {
msgurlbox("", $web_error_url . "?category=input_error");
exit;
}
$i++;
}
$i = 0;
$Ary =& $_GET;
foreach ($Ary as $AryKey[$i] => $a[$i]) {
if (inject_check($a[$i])) {
msgurlbox("", $web_error_url . "?category=input_error");
exit;
}
$i++;
}
}
//語系相關函式=======================================================
function build_language_list($obj_id, $onchange, $empty, $select_value)
{
//建立語系下拉
$lg1 = explode(",", web_language_text());
$lg2 = explode(",", web_language_value());
if ($obj_id == "") {
$obj_id = "language";
}
public function index()
{
inject_check($_GET['typeid']);
inject_check($_GET['p']);
//读取数据库&判断
$type = M('type');
$list = $type->where('typeid=' . intval($_GET['typeid']))->field('typename,fid,keywords,description,islink,url')->find();
if (!$list) {
alert('栏目不存在!', __APP__);
}
if ($list['islink'] == 1) {
Header('Location:' . turl($list['url']));
}
//栏目基本信息封装
$this->assign('type', $list);
//栏目导航
$config = F('basic', '', './Web/Conf/');
if ($config['listshowmode'] == 1) {
$map['fid'] = $list['fid'];
} else {
$map['fid'] = $_GET['typeid'];
}
$map['islink'] = 0;
$nav = $type->where($map)->field('typeid,typename')->select();
$this->assign('dh', $nav);
//第一次释放内存
unset($list, $nav, $map);
//网站头部
R('Public', 'head');
//查询数据库和缓存
$article = D('ArticleView');
//封装条件
$map['status'] = 1;
//导入分页类
import('@.ORG.Page');
//准备工作
$data['fid'] = $_GET['typeid'];
$tlist = $type->where($data)->field('typeid')->select();
foreach ($tlist as $v) {
$arr[] = $v['typeid'];
}
$arr[] = $_GET['typeid'];
$map['article.typeid'] = array('in', $arr);
//分页处理
$count = $article->where($map)->count();
$p = new Page($count, $config['artlistnum']);
$p->setConfig('prev', '上一页');
$p->setConfig('header', '篇文章');
$p->setConfig('first', '首 页');
$p->setConfig('last', '末 页');
$p->setConfig('next', '下一页');
$p->setConfig('theme', "%first%%upPage%%linkPage%%downPage%%end%\n\t\t<li><span><select name='select' onChange='javascript:window.location.href=(this.options[this.selectedIndex].value);'>%allPage%</select></span></li><li><span>共<font color='#CD4F07'><b>%totalRow%</b></font>篇文章" . $config['artlistnum'] . "篇/每页</span></li>");
//数据查询
$alist = $article->where($map)->order('addtime desc')->limit($p->firstRow . ',' . $p->listRows)->select();
//封装变量
$this->assign('page', $p->show());
$this->assign('list', $alist);
//释放内存
unset($article, $type, $p, $tlist, $alist);
//模板输出
$this->display(TMPL_PATH . $config['sitetpl'] . '/article_list.html');
}
if_get('/', function () {
not_found();
});
if_post('/Login.json', function () {
is_api();
$json = file_get_contents('php://input');
$jsonarray = json_decode($json, true);
$username = $jsonarray["username"];
$password = $jsonarray["password"];
if (empty($username)) {
die(ErrorCode::CODE("1004"));
}
if (empty($password)) {
die(ErrorCode::CODE("1005"));
}
if (inject_check($username)) {
die(ErrorCode::CODE("1006"));
}
$data = array("username" => $username, "password" => $password);
$info = UserLogin($data);
die($info);
});
if_post("/Encrypt.json", function () {
is_api();
$json = file_get_contents('php://input');
$jsonarray = json_decode($json, true);
$userinfo = GetUserinfoJson($jsonarray['token']);
$md5 = md5($userinfo['username'] . $userinfo['id'] . $userinfo['create_at'] . $userinfo['create_ip'] . $jsonarray['key']);
$key = Crypt3Des::encrypt($jsonarray['pass'], $md5);
$md5Key = MD5($key);
$md5Key = base64_encode($md5Key . $md5Key . $md5Key);
public function search()
{
if (empty($_POST['k'])) {
alert('请输入关键字!', 1);
}
inject_check($_GET['k']);
inject_check($_GET['p']);
//网站头部
R('Public', 'head');
//查询数据库准备
$config = F('basic', '', './Web/Conf/');
$article = M('article');
$map['status'] = 1;
$keyword = $_POST['k'];
$map['title'] = array('like', '%' . $keyword . '%');
//导入分页类
import('@.ORG.Page');
//分页相关配置
$count = $article->where($map)->count();
$p = new Page($count, 20);
$p->setConfig('prev', '上一页');
$p->setConfig('header', '篇文章');
$p->setConfig('first', '首 页');
$p->setConfig('last', '末 页');
$p->setConfig('next', '下一页');
$p->setConfig('theme', "%first%%upPage%%linkPage%%downPage%%end%\n\t\t<li><span><select name='select' onChange='javascript:window.location.href=(this.options[this.selectedIndex].value);'>%allPage%</select></span></li><li><span>共<font color='#CD4F07'><b>%totalRow%</b></font>篇文章 20篇/每页</span></li>");
//查询数据库
$prefix = C('DB_PREFIX');
$list = $article->join('left join ' . $prefix . 'type on ' . $prefix . 'article.typeid=' . $prefix . 'type.typeid')->where($map)->field("aid,title,addtime," . $prefix . "article.typeid as typeid,typename")->limit($p->firstRow . ',' . $p->listRows)->order("addtime desc")->select();
//echo $article->getLastSql(); 验证sql
//封装变量
$this->assign('list', $list);
$this->assign('num', $count);
$this->assign('page', $p->show());
$this->assign('keyword', $keyword);
//模板输出
$this->display(TMPL_PATH . $config['sitetpl'] . '/search.html');
}
!$db && ($db = new DB($mysql['server'], $mysql['username'], $mysql['password'], $mysql['database']));
//hooker
function_exists('lz_on_after_db') && lz_on_after_db();
//define directories
!defined('LZ_LANGUAGE_DIR') && define('LZ_LANGUAGE_DIR', 'language/' . $config['template'] . '/');
!defined('LZ_CONTROLLER_DIR') && define('LZ_CONTROLLER_DIR', 'controller/');
!defined('LZ_VIEWER_DIR') && define('LZ_VIEWER_DIR', 'view/' . $config['template'] . '/');
!defined('LZ_VIEWER_EXT') && define('LZ_VIEWER_EXT', 'html');
$_header_type = LZ_MODULE != 'wap' ? 'html' : 'vnd.wap.wml';
//get system root path
$_system_folder = dirname(__FILE__);
$_system_folder = str_replace("\\", "/", $_system_folder);
!defined('LZ_BASEPATH') && define('LZ_BASEPATH', $_system_folder . '/');
!defined('LZ_TOPPATH') && define('LZ_TOPPATH', preg_replace('/\\/lz_system\\/?$/', '/', $_system_folder));
//get main controller
$p = inject_check($_GET['p']);
$_page = $p ? $p : 'index';
$_page = preg_replace('/[^a-zA-Z0-9_]/', '', $_page);
define('LZ_CONTROLLER', $_page);
$_controller = $_page . '.php';
$_viewer = $_page . '.' . LZ_VIEWER_EXT;
//auto load language file which has the same name as the main controller
$_language_dir = LZ_LANGUAGE_DIR . LZ_LANGUAGE . '/';
$_preload['language'][] = $_page;
//load files defined in $_preload
foreach ($_preload as $_fpath => $_files) {
if ($_fpath == 'controller') {
continue;
}
foreach ($_files as $_fname) {
$_filename = $_fpath . '/' . $_fname;
public function index()
{
if (!isset($_GET['aid'])) {
alert('非法操作', __APP__);
}
inject_check($_GET['aid']);
inject_check($_GET['p']);
//读取数据库和缓存
$article = M('article');
$config = F('basic', '', './Web/Conf/');
//相关判断
$alist = $article->where('aid=' . intval($_GET['aid']))->find();
if (!$alist) {
alert('文章不存在或已删除!', __APP__);
}
if ($alist['islink'] == 1) {
Header('Location:' . $alist['linkurl']);
}
if ($alist['status'] == 0) {
alert('文章未审核!', __APP__);
}
//网站头部
R('Public', 'head');
//统计处理
if ($alist['status'] == 1) {
$map['hits'] = $alist['hits'] + 1;
$article->where('aid=' . $_GET['aid'])->save($map);
}
//注销map
unset($map);
$alist['hits'] += 1;
//关键字替换
$alist['content'] = $this->key($alist['content']);
//鼠标轮滚图片
if ($config['mouseimg'] == 1) {
$alist['content'] = $this->mouseimg($alist['content']);
}
//文章内分页处理
if ($alist['pagenum'] == 0) {
//手动分页
$alist['content'] = $this->diypage($alist['content']);
} else {
//自动分页
$alist['content'] = $this->autopage($alist['pagenum'], $alist['content']);
}
//文章内投票
$this->vote($alist['voteid']);
//心情投票
$url = __ROOT__;
//用于心情js的根路径变量
$this->assign('url', $url);
//文章上下篇
$map['status'] = 1;
$map['typeid'] = $alist['typeid'];
$map['addtime'] = array('lt', $alist['addtime']);
$up = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find();
//dump($article->getLastsql());
if (!$up) {
$updown = '上一篇:<span>无</span>';
} else {
$up['title'] = msubstr($up['title'], 0, 20, 'gb2312');
$updown = '上一篇:<span><a href="' . U('articles/' . $up['aid']) . '">' . $up['title'] . '</a></span>';
}
$map['addtime'] = array('gt', $alist['addtime']);
$down = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find();
if (!$down) {
$updown .= '下一篇:<span>无</span>';
} else {
$dowm['title'] = msubstr($down['title'], 0, 20, 'gb2312');
$updown .= '下一篇:<span><a href="' . U('articles/' . $down['aid']) . '">' . $down['title'] . '</a></span>';
}
$this->assign('updown', $updown);
//释放相关内存
unset($updown, $up, $down, $map);
//相关文章
$map['status'] = 1;
$keywords = explode(",", $alist['keywords']);
foreach ($keywords as $k => $v) {
if ($k == 0) {
$map['_string'] = "(keywords like '%{$v}%')";
} else {
$map['_string'] = " OR (keywords like '%{$v}%')";
}
}
$klist = $article->where($map)->field('aid,title')->limit(6)->select();
//封装变量
$this->assign('keylist', $klist);
$this->assign('article', $alist);
//释放内存
unset($article, $alist, $klist, $map);
//模板输出
$this->display(TMPL_PATH . $config['sitetpl'] . '/article_article.html');
}
* User: yzj
* Date: 2015/12/10
* Time: 17:11
*/
require_once "connect.php";
session_start();
if ($_GET['act'] == "check") {
$xuehao = $_GET['xuehao'];
$sql = "select * from user where xuehao='{$xuehao}'";
$query = mysql_query($sql);
$cnt = mysql_num_rows($query);
echo $cnt;
} else {
$xuehao = inject_check($_POST['xuehao']);
$username = inject_check($_POST['username']);
$nicheng = inject_check($_POST['nicheng']);
$password = md5(inject_check($_POST['password']));
$sql = "insert into user (xuehao, username, nicheng, password) VALUES ('{$xuehao}','{$username}', '{$nicheng}', '{$password}' )";
$query = mysql_query($sql);
//$cnt=mysql_num_rows($query,$conn);
$user_id = mysql_insert_id();
if ($user_id) {
echo "<script>alert('注册成功!');window.location.href='index.php'</script>";
} else {
echo "error!";
}
$_SESSION['username'] = $username;
$_SESSION['nicheng'] = $nicheng;
$_SESSION['xuehao'] = $xuehao;
$_SESSION['user_id'] = $user_id;
}
<?php
$key1 = "";
$key1 = $_POST['key'];
require_once "../config.php";
//引入配置文件
require_once 'function.php';
//引入函数库
require_once 'connect.php';
require_once "qiniu/rs.php";
date_default_timezone_set("Asia/Shanghai");
//设置时区
error_reporting(0);
//设置错误级别0
$keyp = inject_check($key1);
//检查sql注入
if ($keyp == "bad") {
exit;
}
$ju = "SELECT * FROM sd_file where key1 ='{$key1}'";
$result = mysqli_query($con, $ju);
//获取数据
while ($row = mysqli_fetch_assoc($result)) {
$ming = $row['ming'];
$policyId = $row['policyid'];
}
$results = mysqli_query($con, "SELECT * FROM sd_policy where id = {$policyId}");
while (@($row3 = mysqli_fetch_assoc($results))) {
$policyType = $row3['p_type'];
$serverUrl = $row3['p_server'];
$fileDir = $row3['p_dir'];
function verify_id($id=null) {
if (!$id) {
exit('没有提交参数!');
}
elseif (inject_check($id)) {
exit('提交的参数非法!');
}
elseif (!is_numeric($id)) {
exit('提交的参数非法!');
}
$id=intval($id);
return $id;
}
<?php
if (isset($_GET['Submit'])) {
// Retrieve data
$id = inject_check($_GET['id']);
$getid = "SELECT first_name, last_name FROM users WHERE user_id = {$id}";
$result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>');
$num = mysql_numrows($result);
$i = 0;
while ($i < $num) {
$first = mysql_result($result, $i, "first_name");
$last = mysql_result($result, $i, "last_name");
$html .= '<pre>';
$html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last;
$html .= '</pre>';
$i++;
}
}
function inject_check($str)
{
//防注入函数开始
$check = preg_match('/select|order|insert|update|eval|document|delete|injection|jection|link|\'|\\%|\\/\\*|\\*|\\.\\.\\/|\\.\\/|\\,|\\.|--|\\"|and|or|from|union|into|load_file|outfile|<script>/', $str);
if ($check) {
echo "<script>alert('Filtered!!!');window.history.go(-1);</script>";
exit;
} else {
return $str;
}
}
<?php
require_once "config.php";
//基础配置文件
require_once 'includes/function.php';
//函数库
require_once 'includes/connect.php';
require_once 'includes/smarty.inc.php';
//smarty模板配置
require_once 'includes/userShell.php';
error_reporting(0);
//设置错误级别0
$share_key = $_GET['k'];
$share_c = inject_check($share_key);
if ($share_c == "bad") {
exit;
}
session_start();
$result = mysqli_query($con, "SELECT * FROM sd_setting");
//获取数据
while ($row = mysqli_fetch_assoc($result)) {
$tit = $row['main_tit'];
$theme = $row['theme'];
$des = $row['desword'];
$kw = $row['keyword'];
$tjcode = $row['tjcode'];
$share = $row['share'];
$url = $row['zzurl'];
}
if ($share == "false") {
echo '<script>document.location="views/error.php";</script>';
function qqupdate()
{
$username = remove_xss(inject_check($_POST['username']));
$userpwd = remove_xss($_POST['userpwd']);
$qid = remove_xss($_POST['qid']);
$icon = remove_xss($_POST['icon']);
if ($username == '' || $userpwd == '' || $qid == '') {
$this->error('请输入用户名和密码?');
exit;
}
$info = M('member')->where("username='******' and is_lock=0")->find();
if (!$info) {
$this->error('用户不存在或已经禁止登陆!');
} else {
if ($info['userpwd'] != md5($userpwd)) {
$this->error('密码错误,绑定失败!');
} else {
$_SESSION['dami_uid'] = $info['id'];
$_SESSION['dami_username'] = $info['username'];
$_SESSION['dami_usericon'] = $icon;
$_SESSION['dami_uservail'] = get_field('member_group', 'group_id=' . $info['group_id'], 'group_vail');
if ($info['icon'] == '') {
M('member')->where("username='******' and is_lock=0")->setField(array('qid', 'icon'), array($qid, $icon));
} else {
M('member')->where("username='******' and is_lock=0")->setField('qid', $qid);
}
if (!empty($_REQUEST['lasturl'])) {
$this->assign('jumpUrl', urldecode(htmlspecialchars($_REQUEST['lasturl'])));
} else {
$this->assign('jumpUrl', U('Member/main'));
}
$this->success('绑定成功,正在登陆~');
}
}
}
require_once 'function.php';
//引入函数库
require_once 'connect.php';
date_default_timezone_set("Asia/Shanghai");
//设置时区
error_reporting(0);
//设置错误级别0
$pw = $_POST["password"];
$um = $_POST["username"];
if ($pw == "" || $um == "") {
echo "bad.1.用户名或密码不能为空";
exit;
}
$re = inject_check($pw);
//检查sql注入
$re1 = inject_check($um);
//检查sql注入
if ($re == "bad" || $re1 == "bad") {
exit;
}
$sql = "select * from sd_user where `username` = '{$um}'";
$query = mysqli_query($con, $sql);
$us = is_array($row = mysqli_fetch_assoc($query));
$ps = $us ? md5($pw . "sdshare") == $row[pwd] : FALSE;
if ($ps) {
$_SESSION[id] = $row[id];
$_SESSION[user_shell] = md5($row[username] . $row[pwd] . "sdshare");
echo "ok.2.登陆成功";
} else {
echo "bad.1.用户名或密码错误";
}
<?php
require_once "../module/config.php";
if ($_POST["type"] != "login") {
setcookie("root", "", time() + $t_diff - 86400);
} elseif ($_POST["type"] == "login") {
if (strtolower($_POST["chknum"]) == strtolower($_SESSION["string"])) {
if (inject_check($_POST["u_id"]) || inject_check($_POST["u_password"])) {
msgurlbox("登入帳號密碼錯誤!", "index.php");
exit;
}
//如果忘記密碼就把mysql裡的admin資料表u_password欄位改成202cb962ac59075b964b07152d234b70,即可用密碼123登入
$query = "select * from `admin` where `u_id`='" . $_POST["u_id"] . "' and `u_password`='" . $_POST["u_password"] . "'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if ($row == "") {
msgurlbox("登入帳號密碼錯誤!", "index.php");
exit;
} else {
$w = false;
$ckvalue = $row["num"];
//記錄流水號
$ckvalue .= "|" . $row["u_id"];
//記錄帳號
$ckvalue .= "|" . urlencode($row["u_name"]);
//記錄使用者
$time = date("Y-m-d H:i:s", time() + $t_diff);
$ckvalue .= "|" . $time;
//記錄登入時間
$query2 = "select * from admin_group where u_power=" . $row["u_power"] . "";
$result2 = mysql_query($query2);
