function is_write($file) { if (DT_WIN) { if (substr($file, -1) == '/') { if (is_dir($file)) { $file = $file . 'writeable-test.tmp'; if (@($fp = fopen($file, 'a'))) { flock($fp, LOCK_EX); fwrite($fp, 'OK'); flock($fp, LOCK_UN); fclose($fp); $tmp = file_get_contents($file); unlink($file); if ($tmp == 'OK') { return true; } } return false; } else { dir_create($file); if (is_dir($file)) { return is_write($file); } return false; } } else { if (@($fp = fopen($file, 'a'))) { fclose($fp); return true; } return false; } } else { return is_writeable($file); } }
<th>值</th> <th>说明</th> </tr> <?php if (strpos(get_env('self'), '/admin.php') !== false) { ?> <tr> <td class="t1">后台登录地址</td> <td class="t2"><span>admin.php</span></td> <td class="t3"> 如果管理帐号泄漏,后台容易遭受攻击,为了系统安全,请修改根目录admin.php的文件名 </td> </tr> <?php } $D = is_write(DT_ROOT . '/file/') && is_write(DT_ROOT . '/file/cache/') && is_write(DT_ROOT . '/file/cache/tpl/') && is_write(DT_ROOT . '/file/upload/'); ?> <tr> <td class="t1">file目录是否可写</td> <td class="t2"><?php echo $D ? '可写' : '<span>不可写</span>'; ?> </td> <td class="t3"> file目录及所有子目录和子文件都必须设置可写,否则会出现以下问题:<br/> 系统缓存无法更新<br/> 后台无法登录<br/> 登录后台不显示密码输入框<br/> 前台页面无法正常显示<br/> 文件无法上传<br/> </td>
} if (!preg_match("/^[0-9a-z_-]+\$/i", $dir)) { msg('目录名不合法,请更换一个再试'); } $r = $db->get_one("SELECT moduleid FROM {$DT_PRE}module WHERE moduledir='{$dir}' AND islink=0"); if ($r) { msg('此目录名已经被其他模块使用,请更换一个再试'); } $sysdirs = array('ad', 'admin', 'announce', 'api', 'archiver', 'comment', 'feed', 'file', 'gift', 'guestbook', 'include', 'install', 'lang', 'link', 'module', 'poll', 'sitemap', 'skin', 'spread', 'template', 'upgrade', 'vote', 'mobile', 'form'); if (in_array($dir, $sysdirs)) { msg('安装目录与系统目录冲突,请更换安装目录'); } if (!dir_create(DT_ROOT . '/' . $dir . '/')) { msg('无法创建' . $dir . '目录,请检查PHP是否有创建权限或手动创建'); } if (!is_write(DT_ROOT . '/' . $dir . '/')) { msg('目录' . $dir . '无法写入,请设置此目录可写权限'); } if (!file_put(DT_ROOT . '/' . $dir . '/config.inc.php', "DESTOON")) { msg('目录' . $dir . '无法写入,请设置此目录可写权限'); } } if ($post['domain']) { if (substr($post['domain'], 0, 4) != 'http') { $post['domain'] = 'http://' . $post['domain']; } if (substr($post['domain'], -1) != '/') { $post['domain'] = $post['domain'] . '/'; } } $post['linkurl'] = $post['islink'] ? $post['linkurl'] : ($post['domain'] ? $post['domain'] : linkurl($post['moduledir'] . "/"));
if ($config['cookie_domain'] && substr($config['cookie_domain'], 0, 1) != '.') { $config['cookie_domain'] = '.' . $config['cookie_domain']; } if ($config['cookie_domain'] != $CFG['cookie_domain']) { $config['cookie_pre'] = 'D' . random(2) . '_'; } $setting['smtp_pass'] = pass_decode($setting['smtp_pass'], $DT['smtp_pass']); $setting['ftp_pass'] = pass_decode($setting['ftp_pass'], $DT['ftp_pass']); $setting['sms_key'] = pass_decode($setting['sms_key'], $DT['sms_key']); $setting['trade_pw'] = pass_decode($setting['trade_pw'], $DT['trade_pw']); $setting['admin_week'] = implode(',', $setting['admin_week']); $setting['check_week'] = implode(',', $setting['check_week']); if ($setting['logo'] != $DT['logo']) { clear_upload($setting['logo']); } if (!is_write(DT_ROOT . '/config.inc.php')) { msg('根目录config.inc.php无法写入,请设置可写权限'); } $tmp = file_get(DT_ROOT . '/config.inc.php'); foreach ($config as $k => $v) { $tmp = preg_replace("/[\$]CFG\\['{$k}'\\]\\s*\\=\\s*[\"'].*?[\"']/is", "\$CFG['{$k}'] = '{$v}'", $tmp); } file_put(DT_ROOT . '/config.inc.php', $tmp); update_setting($moduleid, $setting); cache_module(1); cache_module(); file_put(DT_ROOT . '/file/avatar/remote.html', $setting['ftp_remote'] && $setting['remote_url'] ? $setting['remote_url'] : 'URL'); $filename = DT_ROOT . '/' . $setting['index'] . '.' . $setting['file_ext']; if (!$setting['index_html'] && $setting['file_ext'] != 'php') { file_del($filename); }
file_copy($dfile, $bakfile); break; } } } file_put($nfile, template_safe($content)); if ($dfileid != $fileid) { file_del($dfile); } if ($name != $fileid) { template_name($fileid, $name); } dmsg('修改成功', '?file=' . $file . '&action=' . $action . '&fileid=' . $fileid . '&dir=' . $dir); } else { $fileid or msg(); if (!is_write($template_root . '/' . $fileid . '.htm')) { msg($fileid . '.htm不可写,请将其属性设置为可写'); } if ($dir) { $template_path = $template_path . '/'; } $name = isset($names[$fileid]) && $names[$fileid] ? $names[$fileid] : $fileid; $content = htmlspecialchars(file_get($template_root . '/' . $fileid . '.htm')); include tpl('template_edit'); } break; case 'preview': $db->halt = 0; require_once DT_ROOT . '/include/template.func.php'; $tpl_content = template_safe($content); unset($content);
include IN_ROOT . '/step_' . $step . '.tpl.php'; break; case '3': //属性 $ISWIN = strpos(strtoupper(PHP_OS), 'WIN') === false ? false : true; $files = file_get_contents(IN_ROOT . '/chmod.txt'); $files = explode("\n", $files); $files = array_map('trim', $files); $FILES = array(); $pass = true; foreach ($files as $k => $v) { $FILES[$k]['name'] = $v; if (!$ISWIN) { dir_chmod(DT_ROOT . '/' . $v, DT_CHMOD); } if (is_write(DT_ROOT . '/' . str_replace('*', 'index.html', $v))) { $FILES[$k]['write'] = true; if (strpos($v, 'index.html') !== false) { $c = file_get(DT_ROOT . '/' . $v) . '<!--WriteTest-->'; file_put(DT_ROOT . '/' . $v, $c); $c = file_get(DT_ROOT . '/' . $v); if (strpos($c, 'WriteTest') === false) { $FILES[$k]['write'] = $pass = false; } } if ($ISWIN && $v == 'config.inc.php') { $c = file_get(DT_ROOT . '/' . $v); $c = str_replace($CFG['authkey'], 'WriteTest', $c); file_put(DT_ROOT . '/' . $v, $c); $c = file_get(DT_ROOT . '/' . $v); if (strpos($c, 'WriteTest') === false) {
$i = 0; while (++$i) { $bakfile = $skin_root . $dfileid . '.' . $i . '.bak'; if (!is_file($bakfile)) { file_copy($dfile, $bakfile); break; } } } file_put($nfile, stripslashes($content)); if ($dfileid != $fileid) { file_del($dfile); } dmsg('风格修改成功', $forward); } else { if (!is_write($skin_root . $fileid . '.css')) { msg($fileid . '.css不可写,请将其属性设置为可写'); } $content = file_get($skin_root . $fileid . '.css'); include tpl('skin_edit'); } break; case 'import': if (!$fileid) { msg('文件名不能为空'); } if (!$bakid) { msg('Invalid Request'); } if (file_copy($skin_root . $fileid . '.' . $bakid . '.bak', $skin_root . $fileid . '.css')) { dmsg('备份文件恢复成功', $this_forward);