public static function sess_write($sid, $sess_data)
{
if (self::$skip || checkSign(2)) {
return true;
}
$sess_data = MyReq::sessDecode($sess_data);
$sess_data['ip'] = mysql_escape_string($sess_data['ip']);
$sess_data['userinfo'] = mysql_escape_string(serialize($sess_data['userinfo']));
extract($sess_data);
include ROOT_PATH . "/include/config.php";
$reflash = $_SERVER["REQUEST_TIME"];
if (empty($username)) {
$username = "******";
}
if (empty($usertype)) {
$usertype = 1;
}
if (empty($usergroup)) {
$usergroup = 0;
}
self::$cnt = mysql_connect($setting['db']['host'], $setting['db']['user'], $setting['db']['pass']);
mysql_query("SET NAMES '" . $setting['db']['charset'] . "'", self::$cnt);
mysql_select_db($setting['db']['name']);
$result = mysql_query("REPLACE INTO " . $setting['db']['pre'] . "user_online (sid, ip, username, usertype, usergroup, reflash, url, userinfo) VALUES ('{$sid}', '{$ip}', '{$username}', '{$usertype}', '{$usergroup}', '{$reflash}', '{$url}', '{$userinfo}')", self::$cnt);
return $result;
}
public static function page_end()
{
$agent = strtolower($_SERVER['HTTP_USER_AGENT']);
if (strpos($agent, "spider") !== false || strpos($agent, "bot") !== false) {
return;
}
$file = basename($_SERVER["PHP_SELF"]);
if (checkSign(1)) {
return;
}
$setting = self::setting();
if (!$setting['counter']) {
return;
}
global $db, $req;
include ROOT_PATH . "/include/config.php";
$ip = getIp();
$cnt_visitor = $req->getCookie('cnt_visitor');
$add_ip = 0;
$pv = 0;
$iv = 0;
if (empty($cnt_visitor) || $cnt_visitor != $ip) {
$req->setCookie("cnt_visitor", $ip, 60 * 60 * 24);
$add_ip = 1;
}
if ($add_ip == 1 && $db->result($setting['db']['pre'] . "user_online", "ip", array("ip", "=", $ip))) {
$add_ip = 0;
}
$count_online = $db->result($setting['db']['pre'] . "user_online", "count(distinct ip)");
if ($record = $db->record($setting['db']['pre'] . "counter", "pv, iv, online", array("date", "f=", "curdate()"))) {
$pv = $record['pv'] + 1;
$iv = $record['iv'] + $add_ip;
$online = max($record['online'], $count_online);
} else {
$pv = 1;
$iv = 1;
$online = 1;
}
return $db->replace($setting['db']['pre'] . "counter", array("curdate()", $pv, $iv, $online));
}
$data = array('openid' => trim($obj->OpenId), 'appid' => trim($obj->AppId), 'timestamp' => trim($obj->TimeStamp), 'msgtype' => trim($obj->MsgType), 'feedbackid' => trim($obj->FeedBackId), 'transid' => trim($obj->TransId), 'reason' => trim($obj->Reason), 'solution' => trim($obj->Solution), 'extinfo' => trim($obj->ExtInfo), 'appsignature' => trim($obj->AppSignature), 'signmethod' => trim($obj->SignMethod));
if (!empty($obj->PicInfo) && !empty($obj->PicInfo->item)) {
foreach ($obj->PicInfo->item as $item) {
$data['picinfo'][] = trim($item->PicUrl);
}
}
require '../../framework/bootstrap.inc.php';
WeUtility::logging('pay-rights', $input);
$_W['uniacid'] = pdo_fetchcolumn("SELECT uniacid FROM " . tablename('account_wechats') . " WHERE `key` = :key", array(':key' => $data['appid']));
$setting = uni_setting($_W['uniacid'], array('payment'));
$_W['weid'] = $_W['uniacid'];
if (empty($setting['payment'])) {
exit('failed');
}
$data['appkey'] = $setting['payment']['wechat']['signkey'];
if (!checkSign($data)) {
exit('failed');
}
if ($data['msgtype'] == 'request') {
$insert = array('weid' => $_W['weid'], 'openid' => $data['openid'], 'feedbackid' => $data['feedbackid'], 'transid' => $data['transid'], 'reason' => $data['reason'], 'solution' => $data['solution'], 'remark' => $data['extinfo'], 'createtime' => $data['timestamp'], 'status' => 0);
pdo_insert('shopping_feedback', $insert);
exit('success');
} elseif ($data['msgtype'] == 'confirm') {
pdo_update('shopping_feedback', array('status' => 1), array('feedbackid' => $data['feedbackid']));
exit('success');
} elseif ($data['msgtype'] == 'reject') {
pdo_update('shopping_feedback', array('status' => 2), array('feedbackid' => $data['feedbackid']));
exit('success');
} else {
exit('failed');
}
public function pageStart($setPlugin = false)
{
global $setting, $db, $req, $cache;
ob_start();
ob_implicit_flush(false);
$setting['cookie']['prefix'] .= substr(md5($_SERVER["USERNAME"] . $_SERVER["COMPUTERNAME"] . $_SERVER["OS"]), 0, 4) . "_";
if ($setting['session']['mode'] == "sess_file") {
$setting['session']['path'] = ROOT_PATH . "/" . $setting['path']['cache'] . "/session/" . date("Ymd") . "/";
}
$req = $this->getInstance("MyReq", $setting['cookie'], $setting['session']);
$db = $this->getInstance("MySQL", $setting['db']['host'], $setting['db']['user'], $setting['db']['pass'], $setting['db']['charset']);
$cache = $this->getInstance("MyCache", $setting['web']['cache_mode']);
includeCache("website");
includeCache("user_group");
includeCache("user_type");
$setting['info'] = array();
$setting['info']['time'] = $_SERVER['REQUEST_TIME'];
$setting['info']['time_start'] = GetMicrotime();
$setting['info']['self'] = strtolower(basename($req->getServer("PHP_SELF")));
$setting['info']['web'] = null;
$host = $req->getServer("HTTP_HOST");
for ($i = 0, $m = count($GLOBALS['website']); $i < $m; $i++) {
if (strpos("," . $GLOBALS['website'][$i]['host'] . ",", "," . $host . ",") !== false) {
$GLOBALS['website'][$i]['host'] = $host;
$setting['web']['url'] = "http://" . $host;
$setting['info']['web'] = $GLOBALS['website'][$i];
break;
}
}
if (is_null($setting['info']['web'])) {
$setting['info']['web'] = $GLOBALS['website'][0];
}
if ($setting['info']['web'] === false) {
$setting['info']['web'] = getParaInfo("website", "web_id", 1);
}
$setting_sub = getSubSetting($setting['info']['web']['web_id']);
$setting_sub['web']['url'] = $setting['web']['url'];
$setting['db_sub'] = $setting_sub['db'];
if ($setting['db']['name'] == $setting_sub['db']['name']) {
$setting['db']['pre_sub'] = $setting_sub['db']['pre'];
} else {
$setting['db']['pre_sub'] = $setting_sub['db']['name'] . "." . $setting_sub['db']['pre'];
}
unset($setting_sub['db']);
$setting = arrayMerge($setting, $setting_sub);
$req->init($setting['cookie'], $setting['session']);
if ($setPlugin) {
$this->setPlugin();
}
$this->getLanguage(ROOT_PATH . "/source/language/");
$setting['language'] = $this->language;
$req->SessionStart($GLOBALS['sess_handle']);
$max_count = count($this->func_start);
for ($i = 0; $i < $max_count; $i++) {
call_user_func($this->func_start[$i]);
}
if (checkSign(1)) {
return;
}
$username = $req->getSession("username");
if (empty($username) || $username == "Guest") {
$this->logcheck();
}
$req->setSession("url", "http://" . $req->getServer("HTTP_HOST") . $req->getServer("URL"));
$req->setSession("ip", GetIp());
$setting['info']['user'] = array();
$setting['info']['user']['name'] = $req->getSession("username");
$setting['info']['user']['group'] = getParaInfo("user_group", "group_id", $req->getSession('usergroup'));
$setting['info']['user']['type'] = getParaInfo("user_type", "type_id", $req->getSession('usertype'));
if ($setting['info']['user']['type'] === false) {
$setting['info']['user']['type'] = array('type_id' => '1', 'type_name' => 'Guest', 'view_lvl' => '0');
}
$this->regAjax("reset_psw", "MyStep::ajax_reset_psw");
}
* 支付通知验签demo
* 传输过程一律使用UTF-8编码
*/
define(LOG_FILE, './game.server.notify.log');
file_put_contents(LOG_FILE, "#" . date('Y-m-d H:i:s') . "\n#AnySDK支付通知HTTP原文:\n" . get_http_raw() . "\n");
checkAnySDKSever();
$privateKey = "696064B29E9A0B7DDBD6FCB88F34A555";
$enhancedKey = 'OGM3ODFkNDRhYjUzYjM4ZmUzZjk';
$params = $_POST;
//注意:$_POST数据如果服务器没有自动处理urldecode,请做一次urldecode(参考rfc1738标准)处理
//foreach ($params as $key => $value) {
// $params[$key] = urldecode($value);
//}
//注意:如果没有增强密钥的游戏只需要通用验签即可,即只需要checkSign
//if (checkSign($params, $privateKey)) {
if (checkSign($params, $privateKey) && checkEnhancedSign($params, $enhancedKey)) {
checkAmount($params);
// @todo 验证成功,游戏服务器处理逻辑
echo "ok";
} else {
//@todo
echo "Wrong signature.";
}
exit;
/**
* anysdk 支付通知白名单判断
*/
function checkAnySDKSever()
{
$AnySDKServerIps = array('211.151.20.126', '211.151.20.127');
$remoteIp = $_SERVER['REMOTE_ADDR'];
public static function page_start()
{
if (checkSign(255)) {
return;
}
global $db, $setting;
$plugin_setting = self::setting();
include dirname(__FILE__) . "/agent.php";
$agent_cur = strtolower($_SERVER['HTTP_USER_AGENT']);
$ip = getIp();
if (strpos($ip, ",") > 0) {
$ip = substr($ip, 0, strrpos($ip, ","));
}
$ip2 = substr($ip, 0, strrpos($ip, ".")) . ".*";
$GLOBALS['se_bot'] = "";
foreach ($agent as $key => $value) {
if (strpos($agent_cur, strtolower($value)) !== false) {
if ($record = $db->record($setting['db']['pre'] . "se_detect", "*", array(array("ip", "=", $ip), array("ip", "=", $ip2, "or")))) {
$record['count'] += 1;
} else {
$record = array();
$record['idx'] = $key;
$record['ip'] = $ip;
$record['count'] = 1;
}
$db->replace($setting['db']['pre'] . "se_detect", $record);
$theDate = date("Y-m-d");
if ($record = $db->record($setting['db']['pre'] . "se_count", "*", array("date", "=", $theDate))) {
$record[$key] += 1;
} else {
$record = array();
$record['date'] = $theDate;
$record[$key] = 1;
}
$db->replace($setting['db']['pre'] . "se_count", $record);
if (strpos($plugin_setting['ban'], $key) !== false) {
header("HTTP/1.1 404 Not Found");
exit;
}
$GLOBALS['se_bot'] = $key;
break;
}
}
if (empty($GLOBALS['se_bot']) && (strpos($agent_cur, "spider") !== false || strpos($agent_cur, "bot") !== false)) {
$theDate = date("Y-m-d");
if ($record = $db->record($setting['db']['pre'] . "se_count", "*", array("date", "=", $theDate))) {
if (isset($record[$setting['language']['etc']])) {
$record[$setting['language']['etc']] += 1;
}
} else {
$record = array();
$record['date'] = $theDate;
$record[$setting['language']['etc']] = 1;
}
$db->replace($setting['db']['pre'] . "se_count", $record);
WriteFile(dirname(__FILE__) . "/agent.txt", $agent_cur . "\n");
}
return;
}
$setting['gen']['minify'] = false;
$usergroup = $req->getSession("usergroup");
if ($usergroup === 0) {
$goto_url = $setting['web']['url'];
//debug("usergroup",$goto_url);
$mystep->pageEnd(false);
}
$group = getParaInfo("user_group", "group_id", $usergroup);
if (empty($group['power_func'])) {
$goto_url = "/" . $setting['path']['admin'] . "login.php";
//debug("power_func",$goto_url);
$req->setCookie("referer", $req->getServer("REQUEST_URI"), 1000);
$mystep->pageEnd(false);
}
$op_mode = $setting['info']['web']['web_id'] == 1 && ($group['power_func'] == "all" || strpos("," . $group['power_func'] . ",", ",1,") !== false);
includeCache("admin_cat");
$cat_info = getParaInfo("admin_cat_plat", "file", $setting['info']['self'], true);
$plugin_info = getParaInfo("plugin", "idx", basename($cat_info["path"]));
if ($plugin_info['active'] == 0) {
$cat_info = false;
}
if (!$op_mode) {
$admin_cat = $admin_cat_plat;
}
if ($cat_info === false && !checkSign(8) || $group['power_func'] != "all" && strpos("," . $group['power_func'] . ",", "," . $cat_info['id'] . ",") === false) {
echo showInfo($setting['language']['login_nopower'], false);
$mystep->pageEnd(false);
}
if (!$op_mode) {
$web_id = $setting['info']['web']['web_id'];
}
* 支付通知验签demo
*/
$data = $_POST;
/**
* 注意:$_POST数据如果服务器没有自动处理urldecode,请做一次urldecode(参考rfc1738标准)处理
*/
/**
foreach ($data as $key => $value) {
$data[$key] = urldecode($value);
}
* */
$privateKey = "481946CEC51BEDE79ED72391F42B4CAF";
$enhancedKey = 'OGM3ODFkNDRhYjUzYjM4ZmUzZjk';
//注意:如果没有增强密钥的游戏只需要通用验签即可,即只需要checkSign
//if (checkSign($data, $privateKey)) {
if (checkSign($data, $privateKey) && checkEnhancedSign($data, $enhancedKey)) {
// @todo 验证成功,游戏服务器处理逻辑
echo "ok";
} else {
//@todo
echo "failed";
}
/**
* 通用验签
* @param array $data 接收到的所有请求参数数组,通过$_POST可以获得。注意data数据如果服务器没有自动解析,请做一次urldecode(参考rfc1738标准)处理
* @param array $privateKey AnySDK分配的游戏privateKey
* @return bool
*/
function checkSign($data, $privateKey)
{
if (empty($data) || !isset($data['sign']) || empty($privateKey)) {
public static function referer_analysis()
{
if (checkSign(255)) {
return;
}
global $db, $setting, $req;
$referer = $req->getServer("HTTP_REFERER");
$agent = strtolower($req->getServer('HTTP_USER_AGENT'));
if (strpos($agent, "spider") !== false || strpos($agent, "bot") !== false) {
return;
}
$db->update($setting['db']['pre'] . "visit_analysis", array("count_month" => 0), array("month(FROM_UNIXTIME(chg_date))", "f!=", "month(now())"));
$db->update($setting['db']['pre'] . "visit_analysis", array("count_year" => 0), array("year(FROM_UNIXTIME(chg_date))", "f!=", "year(now())"));
if (strlen($referer) > 10) {
$url_info = parse_url($referer);
if (strpos($url_info['host'], $req->getServer("HTTP_HOST")) !== false) {
return;
}
if (preg_match("/^[\\w\\.\\-]+\$/", $url_info['host']) == false) {
return;
}
if ($record = $db->record($setting['db']['pre'] . "visit_analysis", "*", array("host", "=", $url_info['host']))) {
$db->update($setting['db']['pre'] . "visit_analysis", array("count" => "+1", "count_month" => "+1", "count_year" => "+1", "chg_date" => "UNIX_TIMESTAMP()"), array("host", "=", $url_info['host']));
} else {
$db->insert($setting['db']['pre'] . "visit_analysis", array(0, $url_info['host'], 1, 1, 1, "UNIX_TIMESTAMP()", "UNIX_TIMESTAMP()"));
}
unset($record);
if (!empty($url_info['query'])) {
parse_str($url_info['query'], $query);
if (is_numeric($query['w'])) {
$query['w'] = "";
}
$keyword = $query['k'] . $query['q'] . $query['wd'] . $query['w'] . $query['query'] . $query['keyword'];
if (strpos($url_info['host'], "google") > 0) {
$referer = "http://" . $url_info['host'] . "/search?q=" . urlencode($query['q']);
}
if (strpos($url_info['host'], "baidu") > 0) {
$referer = "http://" . $url_info['host'] . "/s?wd=" . urlencode($query['wd']);
}
if (strlen($referer) > 250) {
$referer = substrPro($referer, 0, 250);
}
if (!empty($keyword)) {
$keyword = safeEncoding($keyword, $setting['gen']['charset']);
if (strpos($keyword, $setting['web']['title']) !== false) {
return;
}
$keyword = substrPro($keyword, 0, 190);
$keyword = mysql_real_escape_string($keyword);
$url = "http://" . $req->getServer("HTTP_HOST") . safeEncoding($req->getServer("REQUEST_URI"), $setting['gen']['charset']);
if ($record = $db->record($setting['db']['pre'] . "visit_keyword", "*", array("keyword", "=", $keyword))) {
$db->update($setting['db']['pre'] . "visit_keyword", array("count" => "+1", "chg_date" => "UNIX_TIMESTAMP()", "url" => $url, "referer" => $referer), array("keyword", "=", $keyword));
} else {
$db->insert($setting['db']['pre'] . "visit_keyword", array(0, $keyword, 1, $url, $referer, "UNIX_TIMESTAMP()", "UNIX_TIMESTAMP()"));
}
}
}
} else {
$db->update($setting['db']['pre'] . "visit_analysis", array("count" => "+1", "count_month" => "+1", "count_year" => "+1", "chg_date" => "UNIX_TIMESTAMP()"), array("host", "=", "None"));
}
return;
}
<?php
include __DIR__ . '/baseRules.php';
$rules['summary'] = array('_method' => array('get' => array('appid', 'sign', 'timestamp', 'baby_id')), 'appid' => checkAppid(), 'sign' => checkSign(), 'timestamp' => checkTimestamp(), 'baby_id' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'));
$rules['index'] = array('_method' => array('get' => array('appid', 'sign', 'timestamp', 'baby_id', 'start', 'end')), 'appid' => checkAppid(), 'sign' => checkSign(), 'timestamp' => checkTimestamp(), 'baby_id' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'), 'start' => checkTimestamp(), 'end' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'));
return $rules;