/** * 保存非法字符攻击日志 */ private static function save_attack_log($type, $val) { $cfg = App::get_config(); if ($cfg['SYS_ATTACK_LOG']) { if (SYS_DOMAIN) { $_SERVER['REQUEST_URI'] = str_replace('/' . SYS_DOMAIN, '', $_SERVER['REQUEST_URI']); } $data = array('url' => isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI'], 'ip' => client::get_user_ip(), 'uid' => get_cookie('member_id'), 'time' => time(), 'type' => $type, 'val' => $val, 'user' => $_SERVER['HTTP_USER_AGENT']); $dir = APP_ROOT . 'cache' . DIRECTORY_SEPARATOR . 'attack' . DIRECTORY_SEPARATOR; $file = $dir . date('Ymd') . '.log'; if (!is_dir($dir)) { mkdir($dir, 0777); } $body = file_exists($file) ? file_get_contents($file) : null; if ($body) { $fdata = explode(PHP_EOL, $body); $idata = 0; foreach ($fdata as $v) { if (empty($v)) { continue; } $t = unserialize($v); if ($data['ip'] == $t['ip']) { $idata++; } //若Ip出现10次以上,直接禁止不再保存提醒 //相同地址在20秒内都含有非法字符,直接禁止不再保存提醒 if ($idata >= 10 || $data['time'] - $t['time'] < 20 && $data['user'] == $t['user'] && $data['ip'] == $t['ip'] && $data['url'] == $t['url']) { if ($cfg['SYS_ILLEGAL_CHAR']) { App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1); } unset($cfg); return false; } } unset($fadta); } $body = serialize($data) . PHP_EOL . $body; file_put_contents($file, $body, LOCK_EX); if ($data['ip'] && $cfg['SYS_ATTACK_MAIL'] && check::is_email($cfg['SITE_SYSMAIL'])) { //发送邮件至管理员 mail::set($cfg); $body = '------------------------------------------------------------------------------------------<br>' . 'SITE: ' . SITE_URL . '<br>URL: ' . $data['url'] . '<br>TYPE: ' . $data['type'] . '<br>VALUE: ' . $data['val'] . '<br>IP: ' . $data['ip'] . '<br>TIME: ' . date(TIME_FORMAT, $data['time']) . '<br>USER: '******'user'] . '<br>------------------------------------------------------------------------------------------<br>' . lang('a-cfg-6') . '<br>'; mail::sendmail($cfg['SITE_SYSMAIL'], lang('a-cfg-5') . '-' . $cfg['SITE_NAME'], $body); } } if ($cfg['SYS_ILLEGAL_CHAR']) { App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1); } unset($cfg); }
/** * 登录验证 * @param $username * @param $password * @return boolean */ public function check_login($username, $password) { $row = $this->where('username=?', $username)->select(false); if ($row) { if (md5(md5($password) . $row['salt'] . md5($password)) != $row['password']) { return false; } $ip = client::get_user_ip(); if (empty($row['loginip']) || $row['loginip'] != $ip) { $update = array('lastloginip' => $row['loginip'], 'lastlogintime' => (int) $row['logintime'], 'loginip' => $ip, 'logintime' => time()); $this->update($update, 'userid=' . $row['userid']); } return $row; } return false; }
/** * 更新登录信息 */ public function update_login_info($data) { $userip = client::get_user_ip(); if (empty($data['loginip']) || $data['loginip'] != $userip) { //如果会员表中的登录ip不一致,则重新记录 $update = array('lastloginip' => $data['loginip'], 'lastlogintime' => $data['logintime'], 'loginip' => $ip, 'logintime' => time()); $this->member->update($update, 'id=' . $data['id']); } }
public function regAction() { if ($this->isPostForm()) { $addall = $this->post('addall'); $modelid = (int) $this->post('modelid'); if (!$modelid) { $this->adminMsg(lang('a-mem-5')); } if ($addall) { //批量 $data = $this->post('members'); if (empty($data)) { $this->adminMsg(lang('a-mem-6')); } $data = explode(chr(13), $data); $y = $n = 0; foreach ($data as $val) { list($username, $password, $email) = explode(' ', $val); $email = trim($email); $username = trim($username); $password = trim($password); if (empty($username) || empty($password) || empty($email)) { $n++; } elseif (!$this->is_username($username)) { $n++; } elseif (!check::is_email($email)) { $n++; } else { $row1 = $this->member->getOne('username=?', $username, 'id'); $row2 = $this->member->getOne('email=?', $email, 'id'); if (empty($row1) && empty($row2)) { $salt = substr(md5(rand(0, 999)), 0, 10); $insert = array('salt' => $salt, 'regip' => client::get_user_ip(), 'email' => $email, 'status' => $_POST['data']['status'], 'regdate' => time(), 'groupid' => 1, 'modelid' => $modelid, 'loginip' => '', 'logintime' => 0, 'lastloginip' => '', 'lastlogintime' => 0, 'nickname' => '', 'randcode' => 0, 'credits' => 0, 'username' => $username, 'password' => md5(md5($password) . $salt . md5($password))); if ($this->member->insert($insert)) { $y++; } else { $n++; } } else { $n++; } } } $this->adminMsg(lang('a-mem-7', array('1' => $y, '2' => $n)), url('admin/member/index'), 3, 1, 1); } else { //注册 $data = $this->post('data'); if (empty($data['username']) || empty($data['password']) || empty($data['email'])) { $this->adminMsg(lang('a-mem-8')); } if (!$this->is_username($data['username'])) { $this->adminMsg(lang('a-mem-9')); } if (!check::is_email($data['email'])) { $this->adminMsg(lang('a-mem-10')); } $row = $this->member->getOne('username=?', $data['username'], 'id'); if ($row) { $this->adminMsg(lang('a-mem-11')); } $row = $this->member->getOne('email=?', $data['email'], 'id'); if ($row) { $this->adminMsg(lang('a-mem-12')); } $salt = substr(md5(rand(0, 999)), 0, 10); $insert = array('salt' => $salt, 'email' => $data['email'], 'regip' => client::get_user_ip(), 'status' => $data['status'], 'regdate' => time(), 'groupid' => 1, 'modelid' => $modelid, 'randcode' => 0, 'credits' => 0, 'logintime' => 0, 'loginip' => '', 'lastlogintime' => 0, 'lastloginip' => '', 'nickname' => '', 'username' => $data['username'], 'password' => md5(md5($data['password']) . $salt . md5($data['password']))); if ($this->member->insert($insert)) { $this->adminMsg(lang('success'), url('admin/member'), 3, 1, 1); } else { $this->adminMsg(lang('a-mem-13')); } } } $count = array(); $count[0] = $this->member->count('member', null, '1'); $count[1] = $this->member->count('member', null, 'status=1'); $count[2] = $this->member->count('member', null, 'status=0'); if ($this->memberconfig['uc_use'] == 1) { include EXTENSION_DIR . 'ucenter' . DIRECTORY_SEPARATOR . 'config.inc.php'; } $this->view->assign(array('uc' => $this->memberconfig['uc_use'], 'model' => $this->membermodel, 'count' => $count)); $this->view->display('admin/member_reg'); }
/** * 后台操作日志记录 */ protected function adminLog() { if ($this->namespace != 'admin') { return false; } if (!isset($_POST) || empty($_POST)) { return false; } //跳过不要记录的操作 if ($this->site['SITE_ADMINLOG'] == false) { return false; } $skip = (require CONFIG_DIR . 'auth.skip.ini.php'); if (stripos($this->action, 'ajax') !== false) { return false; } $skip = $skip['admin']; $skip[] = 'index-log'; if (in_array($this->controller, $skip)) { return false; } elseif (in_array($this->controller . '-' . $this->action, $skip)) { return false; } //记录操作日志 $options = (require CONFIG_DIR . 'auth.option.ini.php'); $option = $options[$this->controller]; if (empty($option)) { return false; } $now = $option['option'][$this->action]; $ip = client::get_user_ip(); if (SYS_DOMAIN) { $_SERVER['REQUEST_URI'] = str_replace('/' . SYS_DOMAIN, '', $_SERVER['REQUEST_URI']); } $pathurl = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI']; $options = lang($option['name']) . ' - ' . lang($option['option'][$this->action]); if ($this->post('submit')) { $options .= ' - ' . lang('a-com-2'); } elseif ($this->post('submit_order')) { $options .= ' - ' . lang('a-com-3'); } elseif ($this->post('submit_del')) { $options .= ' - ' . lang('a-com-4'); } elseif ($this->post('submit_status_1')) { $options .= ' - ' . lang('a-com-5'); } elseif ($this->post('submit_status_0')) { $options .= ' - ' . lang('a-com-6'); } elseif ($this->post('submit_status_2')) { $options .= ' - ' . lang('a-com-7'); } elseif ($this->post('submit_status_3')) { $options .= ' - ' . lang('a-com-8'); } elseif ($this->post('submit_move')) { $options .= ' - ' . lang('a-com-9'); } elseif ($this->post('delete')) { $options .= ' - ' . lang('a-com-10'); } $data = array('ip' => $ip, 'param' => $pathurl, 'userid' => $this->userinfo['userid'], 'action' => $this->action, 'options' => $options, 'username' => $this->userinfo['username'], 'controller' => $this->controller, 'optiontime' => time()); $dir = APP_ROOT . 'cache' . DIRECTORY_SEPARATOR . 'logs' . DIRECTORY_SEPARATOR; $file = $dir . date('Ymd') . '.log'; if (!is_dir($dir)) { mkdir($dir, 0777); } $content = file_exists($file) ? file_get_contents($file) : ''; $content = serialize($data) . PHP_EOL . $content; file_put_contents($file, $content, LOCK_EX); }
/** * 游客投稿 */ public function postAction() { if ($this->post('select') && $this->isPostForm()) { $this->redirect(url('content/post', array('catid' => (int) $this->post('catid')))); } $catid = (int) $this->get('catid'); $tree = $this->instance('tree'); $tree->config(array('id' => 'catid', 'parent_id' => 'parentid', 'name' => 'catname')); if (empty($catid)) { $this->view->assign(array('select' => 1, 'category' => $tree->get_tree($this->cats, 0, null, ' |-', true, 0, 0, true), 'meta_title' => lang('a-cat-94') . '-' . $this->site['SITE_NAME'])); $this->view->display('post'); } else { if (!isset($this->cats[$catid])) { $this->msg(lang('m-con-9', array('1' => $catid)), null, 1); } $model = $this->get_model(); $modelid = $this->cats[$catid]['modelid']; if (!isset($model[$modelid])) { $this->msg(lang('m-con-10'), null, 1); } //投稿权限验证 if (isset($this->cats[$catid]['setting']['guestpost']) && $this->cats[$catid]['setting']['guestpost']) { //验证投稿数量 $where = 'userid=0 AND username="******" AND inputtime between ' . strtotime(date('Y-m-d 0:0:0')) . ' and ' . strtotime(date('Y-m-d 23:59:59')); $count = $this->content->_count(null, $where); if ($count >= $this->cats[$catid]['setting']['guestpost']) { $this->msg(lang('a-cat-95', array('1' => $this->cats[$catid]['setting']['guestpost'])), null, 1); } } else { $this->msg(lang('m-con-12'), null, 1); } $fields = $model[$modelid]['fields']; if ($this->cats[$catid]['child']) { $this->msg(lang('m-con-11'), null, 1); } if ($this->post('data') && $this->isPostForm()) { if (!$this->checkCode($this->post('code'))) { $this->msg(lang('for-4'), null, 1); } $data = $this->post('data'); $data['catid'] = $catid; $data['userid'] = 0; $data['sysadd'] = 0; $data['status'] = 3; $data['modelid'] = (int) $modelid; $data['username'] = client::get_user_ip(); $data['inputtime'] = $data['updatetime'] = time(); if (empty($data['title'])) { $this->msg(lang('m-con-13'), null, 1); } $this->checkFields($fields, $data, 3); $result = $this->content->member(0, $model[$modelid]['tablename'], $data); if (!is_numeric($result)) { $this->msg($result, null, 1); } $this->msg(lang('a-cat-96'), url('content/post'), 1, 5); } //自定义字段 $data_fields = $this->getFields($fields); $this->view->assign(array('model' => $model[$modelid], 'catid' => $catid, 'meta_title' => lang('a-cat-94') . '-' . $this->site['SITE_NAME'], 'data_fields' => $data_fields)); $this->view->display('post'); } }
/** * 激活Ucenter用户 */ public function activeAction() { list($username) = explode("\t", uc_authcode($this->get('auth'), 'DECODE')); if (empty($username)) { $this->memberMsg(lang('m-pms-13')); } if ($this->isPostForm()) { $uc_user_info = uc_get_user($username); $data['email'] = $uc_user_info[2]; $data['regip'] = client::get_user_ip(); $data['avatar'] = UC_API . '/avatar.php?uid=' . $uc_user_info[0] . '&size=middle'; $data['status'] = $this->memberconfig['status'] ? 0 : 1; $data['modelid'] = $this->post('modelid'); $data['modelid'] = !isset($data['modelid']) || empty($data['modelid']) ? $this->memberconfig['modelid'] : $data['modelid']; $data['groupid'] = 1; $data['regdate'] = time(); $data['username'] = $username; if (!isset($this->membermodel[$data['modelid']])) { $this->memberMsg(lang('m-reg-17')); } if ($member = $this->member->getOne('username=?', $username, 'id')) { $userid = $member['id']; } else { $userid = $this->member->insert($data); } if ($userid) { set_cookie('member_id', $userid, 24 * 3600); set_cookie('member_code', substr(md5(SITE_MEMBER_COOKIE . $userid), 5, 20), $time); $this->memberMsg(lang('m-reg-21'), $this->post('back') ? html_entity_decode(urldecode($this->post('back'))) : url('member/'), 1); } else { $this->memberMsg(lang('m-reg-22')); } } $this->view->assign(array('backurl' => urlencode($this->get('back')), 'username' => $username, 'meta_title' => lang('m-reg-23') . '-' . $this->site['SITE_NAME'], 'membermodel' => $this->membermodel)); $this->view->display('member/active'); }
private function check_ip($joindata, $cid) { $time = $this->model['setting']['form']['ip'] * 60; //秒 $select = $this->form->from(null, 'id,inputtime'); $select->where('ip=?', client::get_user_ip()); if ($joindata && $cid) { $select->where('cid=' . $cid); } $select->order('inputtime DESC'); $data = $select->select(false); if (empty($data)) { return false; } if (time() - $data['inputtime'] < $time) { return true; } return false; }
private function check_ip() { $time = $this->model['setting']['member']['ip'] * 60; //秒 $data = $this->table->from(null, 'id,inputtime')->where('ip=?', client::get_user_ip())->where('touserid=' . $this->touserid)->order('inputtime DESC')->select(false); if (empty($data)) { return false; } if (time() - $data['inputtime'] < $time) { return true; } return false; }
/** * 添加内容 */ public function addAction() { //模型投稿权限验证 if ($this->adminPost($this->model['setting']['auth'])) { $this->adminMsg(lang('a-cat-100', array('1' => $this->userinfo['rolename']))); } if ($this->isPostForm()) { $data = $this->post('data'); $cid = (int) $this->post('cid'); if ($this->join && empty($cid)) { $this->adminMsg(lang('a-for-17'), '', 1); } if ($this->join) { $table = $this->model($this->join['tablename']); $cdata = $table->find($cid, 'id'); if (empty($cdata)) { $this->adminMsg(lang('a-for-5', array('1' => $this->join['modelname'], '2' => $cid))); } } $this->checkFields($this->model['fields'], $data, 1); $data['ip'] = client::get_user_ip(); $data['cid'] = $cid; $data['userid'] = 0; $data['username'] = $this->userinfo['username']; $data['inputtime'] = $data['updatetime'] = time(); if ($data['id'] = $this->form->set(0, $data)) { if (isset($this->model['setting']['form']['url']['tohtml']) && $this->model['setting']['form']['url']['tohtml'] && $data['status'] == 1) { $this->createForm($this->modelid, $data); //生成静态 } $this->adminMsg(lang('success'), url('admin/form/list', array('modelid' => $this->modelid, 'cid' => $this->cid)), 3, 1, 1); } else { $this->adminMsg(lang('failure')); } } $count[1] = $this->content->count($this->table, null, 'status=1'); $count[0] = $this->content->count($this->table, null, 'status=0'); $count[3] = $this->content->count($this->table, null, 'status=3'); $this->view->assign(array('join' => empty($this->join) ? 0 : 1, 'count' => $count, 'fields' => $this->getFields($this->model['fields'], null, $this->model['setting']['form']['field']))); $this->view->display('admin/form_add'); }