Esempio n. 1
0
 public static function sess_write($sid, $sess_data)
 {
     if (self::$skip || checkSign(2)) {
         return true;
     }
     $sess_data = MyReq::sessDecode($sess_data);
     $sess_data['ip'] = mysql_escape_string($sess_data['ip']);
     $sess_data['userinfo'] = mysql_escape_string(serialize($sess_data['userinfo']));
     extract($sess_data);
     include ROOT_PATH . "/include/config.php";
     $reflash = $_SERVER["REQUEST_TIME"];
     if (empty($username)) {
         $username = "******";
     }
     if (empty($usertype)) {
         $usertype = 1;
     }
     if (empty($usergroup)) {
         $usergroup = 0;
     }
     self::$cnt = mysql_connect($setting['db']['host'], $setting['db']['user'], $setting['db']['pass']);
     mysql_query("SET NAMES '" . $setting['db']['charset'] . "'", self::$cnt);
     mysql_select_db($setting['db']['name']);
     $result = mysql_query("REPLACE INTO " . $setting['db']['pre'] . "user_online (sid, ip, username, usertype, usergroup, reflash, url, userinfo) VALUES ('{$sid}', '{$ip}', '{$username}', '{$usertype}', '{$usergroup}', '{$reflash}', '{$url}', '{$userinfo}')", self::$cnt);
     return $result;
 }
Esempio n. 2
0
 public static function page_end()
 {
     $agent = strtolower($_SERVER['HTTP_USER_AGENT']);
     if (strpos($agent, "spider") !== false || strpos($agent, "bot") !== false) {
         return;
     }
     $file = basename($_SERVER["PHP_SELF"]);
     if (checkSign(1)) {
         return;
     }
     $setting = self::setting();
     if (!$setting['counter']) {
         return;
     }
     global $db, $req;
     include ROOT_PATH . "/include/config.php";
     $ip = getIp();
     $cnt_visitor = $req->getCookie('cnt_visitor');
     $add_ip = 0;
     $pv = 0;
     $iv = 0;
     if (empty($cnt_visitor) || $cnt_visitor != $ip) {
         $req->setCookie("cnt_visitor", $ip, 60 * 60 * 24);
         $add_ip = 1;
     }
     if ($add_ip == 1 && $db->result($setting['db']['pre'] . "user_online", "ip", array("ip", "=", $ip))) {
         $add_ip = 0;
     }
     $count_online = $db->result($setting['db']['pre'] . "user_online", "count(distinct ip)");
     if ($record = $db->record($setting['db']['pre'] . "counter", "pv, iv, online", array("date", "f=", "curdate()"))) {
         $pv = $record['pv'] + 1;
         $iv = $record['iv'] + $add_ip;
         $online = max($record['online'], $count_online);
     } else {
         $pv = 1;
         $iv = 1;
         $online = 1;
     }
     return $db->replace($setting['db']['pre'] . "counter", array("curdate()", $pv, $iv, $online));
 }
Esempio n. 3
0
 $data = array('openid' => trim($obj->OpenId), 'appid' => trim($obj->AppId), 'timestamp' => trim($obj->TimeStamp), 'msgtype' => trim($obj->MsgType), 'feedbackid' => trim($obj->FeedBackId), 'transid' => trim($obj->TransId), 'reason' => trim($obj->Reason), 'solution' => trim($obj->Solution), 'extinfo' => trim($obj->ExtInfo), 'appsignature' => trim($obj->AppSignature), 'signmethod' => trim($obj->SignMethod));
 if (!empty($obj->PicInfo) && !empty($obj->PicInfo->item)) {
     foreach ($obj->PicInfo->item as $item) {
         $data['picinfo'][] = trim($item->PicUrl);
     }
 }
 require '../../framework/bootstrap.inc.php';
 WeUtility::logging('pay-rights', $input);
 $_W['uniacid'] = pdo_fetchcolumn("SELECT uniacid FROM " . tablename('account_wechats') . " WHERE `key` = :key", array(':key' => $data['appid']));
 $setting = uni_setting($_W['uniacid'], array('payment'));
 $_W['weid'] = $_W['uniacid'];
 if (empty($setting['payment'])) {
     exit('failed');
 }
 $data['appkey'] = $setting['payment']['wechat']['signkey'];
 if (!checkSign($data)) {
     exit('failed');
 }
 if ($data['msgtype'] == 'request') {
     $insert = array('weid' => $_W['weid'], 'openid' => $data['openid'], 'feedbackid' => $data['feedbackid'], 'transid' => $data['transid'], 'reason' => $data['reason'], 'solution' => $data['solution'], 'remark' => $data['extinfo'], 'createtime' => $data['timestamp'], 'status' => 0);
     pdo_insert('shopping_feedback', $insert);
     exit('success');
 } elseif ($data['msgtype'] == 'confirm') {
     pdo_update('shopping_feedback', array('status' => 1), array('feedbackid' => $data['feedbackid']));
     exit('success');
 } elseif ($data['msgtype'] == 'reject') {
     pdo_update('shopping_feedback', array('status' => 2), array('feedbackid' => $data['feedbackid']));
     exit('success');
 } else {
     exit('failed');
 }
Esempio n. 4
0
 public function pageStart($setPlugin = false)
 {
     global $setting, $db, $req, $cache;
     ob_start();
     ob_implicit_flush(false);
     $setting['cookie']['prefix'] .= substr(md5($_SERVER["USERNAME"] . $_SERVER["COMPUTERNAME"] . $_SERVER["OS"]), 0, 4) . "_";
     if ($setting['session']['mode'] == "sess_file") {
         $setting['session']['path'] = ROOT_PATH . "/" . $setting['path']['cache'] . "/session/" . date("Ymd") . "/";
     }
     $req = $this->getInstance("MyReq", $setting['cookie'], $setting['session']);
     $db = $this->getInstance("MySQL", $setting['db']['host'], $setting['db']['user'], $setting['db']['pass'], $setting['db']['charset']);
     $cache = $this->getInstance("MyCache", $setting['web']['cache_mode']);
     includeCache("website");
     includeCache("user_group");
     includeCache("user_type");
     $setting['info'] = array();
     $setting['info']['time'] = $_SERVER['REQUEST_TIME'];
     $setting['info']['time_start'] = GetMicrotime();
     $setting['info']['self'] = strtolower(basename($req->getServer("PHP_SELF")));
     $setting['info']['web'] = null;
     $host = $req->getServer("HTTP_HOST");
     for ($i = 0, $m = count($GLOBALS['website']); $i < $m; $i++) {
         if (strpos("," . $GLOBALS['website'][$i]['host'] . ",", "," . $host . ",") !== false) {
             $GLOBALS['website'][$i]['host'] = $host;
             $setting['web']['url'] = "http://" . $host;
             $setting['info']['web'] = $GLOBALS['website'][$i];
             break;
         }
     }
     if (is_null($setting['info']['web'])) {
         $setting['info']['web'] = $GLOBALS['website'][0];
     }
     if ($setting['info']['web'] === false) {
         $setting['info']['web'] = getParaInfo("website", "web_id", 1);
     }
     $setting_sub = getSubSetting($setting['info']['web']['web_id']);
     $setting_sub['web']['url'] = $setting['web']['url'];
     $setting['db_sub'] = $setting_sub['db'];
     if ($setting['db']['name'] == $setting_sub['db']['name']) {
         $setting['db']['pre_sub'] = $setting_sub['db']['pre'];
     } else {
         $setting['db']['pre_sub'] = $setting_sub['db']['name'] . "." . $setting_sub['db']['pre'];
     }
     unset($setting_sub['db']);
     $setting = arrayMerge($setting, $setting_sub);
     $req->init($setting['cookie'], $setting['session']);
     if ($setPlugin) {
         $this->setPlugin();
     }
     $this->getLanguage(ROOT_PATH . "/source/language/");
     $setting['language'] = $this->language;
     $req->SessionStart($GLOBALS['sess_handle']);
     $max_count = count($this->func_start);
     for ($i = 0; $i < $max_count; $i++) {
         call_user_func($this->func_start[$i]);
     }
     if (checkSign(1)) {
         return;
     }
     $username = $req->getSession("username");
     if (empty($username) || $username == "Guest") {
         $this->logcheck();
     }
     $req->setSession("url", "http://" . $req->getServer("HTTP_HOST") . $req->getServer("URL"));
     $req->setSession("ip", GetIp());
     $setting['info']['user'] = array();
     $setting['info']['user']['name'] = $req->getSession("username");
     $setting['info']['user']['group'] = getParaInfo("user_group", "group_id", $req->getSession('usergroup'));
     $setting['info']['user']['type'] = getParaInfo("user_type", "type_id", $req->getSession('usertype'));
     if ($setting['info']['user']['type'] === false) {
         $setting['info']['user']['type'] = array('type_id' => '1', 'type_name' => 'Guest', 'view_lvl' => '0');
     }
     $this->regAjax("reset_psw", "MyStep::ajax_reset_psw");
 }
Esempio n. 5
0
 * 支付通知验签demo
 * 传输过程一律使用UTF-8编码
 */
define(LOG_FILE, './game.server.notify.log');
file_put_contents(LOG_FILE, "#" . date('Y-m-d H:i:s') . "\n#AnySDK支付通知HTTP原文:\n" . get_http_raw() . "\n");
checkAnySDKSever();
$privateKey = "696064B29E9A0B7DDBD6FCB88F34A555";
$enhancedKey = 'OGM3ODFkNDRhYjUzYjM4ZmUzZjk';
$params = $_POST;
//注意:$_POST数据如果服务器没有自动处理urldecode,请做一次urldecode(参考rfc1738标准)处理
//foreach ($params as $key => $value) {
//        $params[$key] = urldecode($value);
//}
//注意:如果没有增强密钥的游戏只需要通用验签即可,即只需要checkSign
//if (checkSign($params, $privateKey)) {
if (checkSign($params, $privateKey) && checkEnhancedSign($params, $enhancedKey)) {
    checkAmount($params);
    // @todo 验证成功,游戏服务器处理逻辑
    echo "ok";
} else {
    //@todo
    echo "Wrong signature.";
}
exit;
/**
 * anysdk 支付通知白名单判断
 */
function checkAnySDKSever()
{
    $AnySDKServerIps = array('211.151.20.126', '211.151.20.127');
    $remoteIp = $_SERVER['REMOTE_ADDR'];
Esempio n. 6
0
 public static function page_start()
 {
     if (checkSign(255)) {
         return;
     }
     global $db, $setting;
     $plugin_setting = self::setting();
     include dirname(__FILE__) . "/agent.php";
     $agent_cur = strtolower($_SERVER['HTTP_USER_AGENT']);
     $ip = getIp();
     if (strpos($ip, ",") > 0) {
         $ip = substr($ip, 0, strrpos($ip, ","));
     }
     $ip2 = substr($ip, 0, strrpos($ip, ".")) . ".*";
     $GLOBALS['se_bot'] = "";
     foreach ($agent as $key => $value) {
         if (strpos($agent_cur, strtolower($value)) !== false) {
             if ($record = $db->record($setting['db']['pre'] . "se_detect", "*", array(array("ip", "=", $ip), array("ip", "=", $ip2, "or")))) {
                 $record['count'] += 1;
             } else {
                 $record = array();
                 $record['idx'] = $key;
                 $record['ip'] = $ip;
                 $record['count'] = 1;
             }
             $db->replace($setting['db']['pre'] . "se_detect", $record);
             $theDate = date("Y-m-d");
             if ($record = $db->record($setting['db']['pre'] . "se_count", "*", array("date", "=", $theDate))) {
                 $record[$key] += 1;
             } else {
                 $record = array();
                 $record['date'] = $theDate;
                 $record[$key] = 1;
             }
             $db->replace($setting['db']['pre'] . "se_count", $record);
             if (strpos($plugin_setting['ban'], $key) !== false) {
                 header("HTTP/1.1 404 Not Found");
                 exit;
             }
             $GLOBALS['se_bot'] = $key;
             break;
         }
     }
     if (empty($GLOBALS['se_bot']) && (strpos($agent_cur, "spider") !== false || strpos($agent_cur, "bot") !== false)) {
         $theDate = date("Y-m-d");
         if ($record = $db->record($setting['db']['pre'] . "se_count", "*", array("date", "=", $theDate))) {
             if (isset($record[$setting['language']['etc']])) {
                 $record[$setting['language']['etc']] += 1;
             }
         } else {
             $record = array();
             $record['date'] = $theDate;
             $record[$setting['language']['etc']] = 1;
         }
         $db->replace($setting['db']['pre'] . "se_count", $record);
         WriteFile(dirname(__FILE__) . "/agent.txt", $agent_cur . "\n");
     }
     return;
 }
Esempio n. 7
0
$setting['gen']['minify'] = false;
$usergroup = $req->getSession("usergroup");
if ($usergroup === 0) {
    $goto_url = $setting['web']['url'];
    //debug("usergroup",$goto_url);
    $mystep->pageEnd(false);
}
$group = getParaInfo("user_group", "group_id", $usergroup);
if (empty($group['power_func'])) {
    $goto_url = "/" . $setting['path']['admin'] . "login.php";
    //debug("power_func",$goto_url);
    $req->setCookie("referer", $req->getServer("REQUEST_URI"), 1000);
    $mystep->pageEnd(false);
}
$op_mode = $setting['info']['web']['web_id'] == 1 && ($group['power_func'] == "all" || strpos("," . $group['power_func'] . ",", ",1,") !== false);
includeCache("admin_cat");
$cat_info = getParaInfo("admin_cat_plat", "file", $setting['info']['self'], true);
$plugin_info = getParaInfo("plugin", "idx", basename($cat_info["path"]));
if ($plugin_info['active'] == 0) {
    $cat_info = false;
}
if (!$op_mode) {
    $admin_cat = $admin_cat_plat;
}
if ($cat_info === false && !checkSign(8) || $group['power_func'] != "all" && strpos("," . $group['power_func'] . ",", "," . $cat_info['id'] . ",") === false) {
    echo showInfo($setting['language']['login_nopower'], false);
    $mystep->pageEnd(false);
}
if (!$op_mode) {
    $web_id = $setting['info']['web']['web_id'];
}
Esempio n. 8
0
 * 支付通知验签demo
 */
$data = $_POST;
/**
 * 注意:$_POST数据如果服务器没有自动处理urldecode,请做一次urldecode(参考rfc1738标准)处理
 */
/**
  foreach ($data as $key => $value) {
  $data[$key] = urldecode($value);
  }
 * */
$privateKey = "481946CEC51BEDE79ED72391F42B4CAF";
$enhancedKey = 'OGM3ODFkNDRhYjUzYjM4ZmUzZjk';
//注意:如果没有增强密钥的游戏只需要通用验签即可,即只需要checkSign
//if (checkSign($data, $privateKey)) {
if (checkSign($data, $privateKey) && checkEnhancedSign($data, $enhancedKey)) {
    // @todo 验证成功,游戏服务器处理逻辑
    echo "ok";
} else {
    //@todo
    echo "failed";
}
/**
 * 通用验签
 * @param array $data 接收到的所有请求参数数组,通过$_POST可以获得。注意data数据如果服务器没有自动解析,请做一次urldecode(参考rfc1738标准)处理
 * @param array $privateKey AnySDK分配的游戏privateKey
 * @return bool
 */
function checkSign($data, $privateKey)
{
    if (empty($data) || !isset($data['sign']) || empty($privateKey)) {
Esempio n. 9
0
 public static function referer_analysis()
 {
     if (checkSign(255)) {
         return;
     }
     global $db, $setting, $req;
     $referer = $req->getServer("HTTP_REFERER");
     $agent = strtolower($req->getServer('HTTP_USER_AGENT'));
     if (strpos($agent, "spider") !== false || strpos($agent, "bot") !== false) {
         return;
     }
     $db->update($setting['db']['pre'] . "visit_analysis", array("count_month" => 0), array("month(FROM_UNIXTIME(chg_date))", "f!=", "month(now())"));
     $db->update($setting['db']['pre'] . "visit_analysis", array("count_year" => 0), array("year(FROM_UNIXTIME(chg_date))", "f!=", "year(now())"));
     if (strlen($referer) > 10) {
         $url_info = parse_url($referer);
         if (strpos($url_info['host'], $req->getServer("HTTP_HOST")) !== false) {
             return;
         }
         if (preg_match("/^[\\w\\.\\-]+\$/", $url_info['host']) == false) {
             return;
         }
         if ($record = $db->record($setting['db']['pre'] . "visit_analysis", "*", array("host", "=", $url_info['host']))) {
             $db->update($setting['db']['pre'] . "visit_analysis", array("count" => "+1", "count_month" => "+1", "count_year" => "+1", "chg_date" => "UNIX_TIMESTAMP()"), array("host", "=", $url_info['host']));
         } else {
             $db->insert($setting['db']['pre'] . "visit_analysis", array(0, $url_info['host'], 1, 1, 1, "UNIX_TIMESTAMP()", "UNIX_TIMESTAMP()"));
         }
         unset($record);
         if (!empty($url_info['query'])) {
             parse_str($url_info['query'], $query);
             if (is_numeric($query['w'])) {
                 $query['w'] = "";
             }
             $keyword = $query['k'] . $query['q'] . $query['wd'] . $query['w'] . $query['query'] . $query['keyword'];
             if (strpos($url_info['host'], "google") > 0) {
                 $referer = "http://" . $url_info['host'] . "/search?q=" . urlencode($query['q']);
             }
             if (strpos($url_info['host'], "baidu") > 0) {
                 $referer = "http://" . $url_info['host'] . "/s?wd=" . urlencode($query['wd']);
             }
             if (strlen($referer) > 250) {
                 $referer = substrPro($referer, 0, 250);
             }
             if (!empty($keyword)) {
                 $keyword = safeEncoding($keyword, $setting['gen']['charset']);
                 if (strpos($keyword, $setting['web']['title']) !== false) {
                     return;
                 }
                 $keyword = substrPro($keyword, 0, 190);
                 $keyword = mysql_real_escape_string($keyword);
                 $url = "http://" . $req->getServer("HTTP_HOST") . safeEncoding($req->getServer("REQUEST_URI"), $setting['gen']['charset']);
                 if ($record = $db->record($setting['db']['pre'] . "visit_keyword", "*", array("keyword", "=", $keyword))) {
                     $db->update($setting['db']['pre'] . "visit_keyword", array("count" => "+1", "chg_date" => "UNIX_TIMESTAMP()", "url" => $url, "referer" => $referer), array("keyword", "=", $keyword));
                 } else {
                     $db->insert($setting['db']['pre'] . "visit_keyword", array(0, $keyword, 1, $url, $referer, "UNIX_TIMESTAMP()", "UNIX_TIMESTAMP()"));
                 }
             }
         }
     } else {
         $db->update($setting['db']['pre'] . "visit_analysis", array("count" => "+1", "count_month" => "+1", "count_year" => "+1", "chg_date" => "UNIX_TIMESTAMP()"), array("host", "=", "None"));
     }
     return;
 }
Esempio n. 10
0
<?php

include __DIR__ . '/baseRules.php';
$rules['summary'] = array('_method' => array('get' => array('appid', 'sign', 'timestamp', 'baby_id')), 'appid' => checkAppid(), 'sign' => checkSign(), 'timestamp' => checkTimestamp(), 'baby_id' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'));
$rules['index'] = array('_method' => array('get' => array('appid', 'sign', 'timestamp', 'baby_id', 'start', 'end')), 'appid' => checkAppid(), 'sign' => checkSign(), 'timestamp' => checkTimestamp(), 'baby_id' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'), 'start' => checkTimestamp(), 'end' => array('required' => 1, 'filters' => 'trim', 'regex' => '/^\\d+$/', 'msg' => '10006'));
return $rules;