if (empty($_GET['keyword'])) {
cpmsg($toolslang['file_nokeyword'], "action=plugins&cp=file_search&pmod=safe&operation={$operation}&do={$do}&identifier={$identifier}", 'error');
exit;
}
if (empty($_GET['sdir'])) {
cpmsg($toolslang['file_nodir'], "action=plugins&cp=file_search&pmod=safe&operation={$operation}&do={$do}&identifier={$identifier}", 'error');
exit;
}
$_GET['keyword'] = str_replace('*', '(.*)', $_GET['keyword']);
$keyword = strtolower(dstripslashes($_GET['keyword']));
$dir = $_GET['sdir'];
$check = '';
$keyword2 = str_replace(array('.', '/', '$', '(', ')', '?', '{', '}', '|', '+', '[', ']', '^'), array('\\.', '\\/', '\\$', '\\(', '\\)', '\\?', '\\{', '\\}', '\\|', '\\+', '\\[', '\\]', '\\^'), $keyword);
foreach ($dir as $value) {
$sub = $value == '.' ? 0 : 1;
//echo $value;exit;
searchkeyword($keyword2, $value . '/', $sub);
}
if (is_array($check) && count($check) > 0) {
showtableheaders($toolslang['file_result'] . "<font color=red>{$keyword}</font>");
showsubtitle(array('', $toolslang['file_realpath'], $toolslang['file_keyrows']));
foreach ($check as $key => $value) {
if ($value) {
showtablerow('', array(), array('', $key, $value));
}
}
showtablefooter();
} else {
cpmsg($toolslang['nocheck'], "action=plugins&cp=file_search&pmod=safe&operation={$operation}&do={$do}&identifier={$identifier}", 'error');
}
}
function searchkeyword($keyword,$dir,$sub=0,$remove = array(),$hack = 0) {
global $check;
if($hack == 0) {
$filetype = '/(\.php|\.php3|\.php4|\.php5|\.htm|\.html|\.js|\.css)$/i';
} else {
$filetype = '/(\.php|\.php3|\.php4|\.php5)$/i';
}
$fp = opendir($dir);
while($filename = readdir($fp)){
if (in_array($filename,$remove)) {
continue;
}
$path = $dir.$filename;
if($filename!='.' && $filename!='..'){
$path = realpath($path);
if(is_dir($path)){
$sub && searchkeyword($keyword,$path.'/',$sub,$remove,$hack);
//搜索文件类型 大小限制 2M
} elseif(preg_match($filetype,$filename) && filesize($path) < 2097152){
$content = @file($path);
//echo $path.$sub.'<br>';
foreach($content as $key => $value){
$value = strtolower($value);
if($hack == 0){
if(preg_match('/'.$keyword.'/i',$value,$match)){
$check[$path][] = $key + 1;
}
} else {
if(preg_match($keyword,$value,$match)){
$check[$path][] = $key + 1;
}
}
}
$check[$path] && $check[$path] = implode(',',$check[$path]);
}
}
}
closedir($fp);
}
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: file_hack.inc.php 79 2012-04-16 10:06:12Z wangbin $
*/
(!defined('IN_DISCUZ') || !defined('IN_ADMINCP')) && exit('Access Denied');
if (submitcheck('firsthacksubmit') || submitcheck('sechacksubmit')) {
$check = '';
if ($_GET['firsthacksubmit']) {
$rule2 = $rule['first'];
searchkeyword($rule2, './', 1, array('attachment', 'template'), 1);
} elseif ($_GET['sechacksubmit']) {
$rule2 = $rule['sec'];
searchkeyword($rule2, './', 1, array('attachment', 'template'), 1);
}
if (is_array($check) && count($check) > 0) {
showtableheader($toolslang['file_result'] . "<font color=red>{$rule2}</font>");
showsubtitle(array('', $toolslang['file_realpath'], $toolslang['file_hackresult']));
foreach ($check as $key => $value) {
if ($value) {
showtablerow('', array(), array('', $key, $value));
}
}
showtablefooter();
} else {
cpmsg($toolslang['nocheck'], "action=plugins&cp=file_hack&pmod=safe&operation={$operation}&do={$do}&identifier={$identifier}", 'error');
}
}
showformheader("plugins&cp=file_hack&pmod=safe&operation={$operation}&do={$do}&identifier={$identifier}");