/**
* 保存非法字符攻击日志
*/
private static function save_attack_log($type, $val)
{
$cfg = App::get_config();
if ($cfg['SYS_ATTACK_LOG']) {
if (SYS_DOMAIN) {
$_SERVER['REQUEST_URI'] = str_replace('/' . SYS_DOMAIN, '', $_SERVER['REQUEST_URI']);
}
$data = array('url' => isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI'], 'ip' => client::get_user_ip(), 'uid' => get_cookie('member_id'), 'time' => time(), 'type' => $type, 'val' => $val, 'user' => $_SERVER['HTTP_USER_AGENT']);
$dir = APP_ROOT . 'cache' . DIRECTORY_SEPARATOR . 'attack' . DIRECTORY_SEPARATOR;
$file = $dir . date('Ymd') . '.log';
if (!is_dir($dir)) {
mkdir($dir, 0777);
}
$body = file_exists($file) ? file_get_contents($file) : null;
if ($body) {
$fdata = explode(PHP_EOL, $body);
$idata = 0;
foreach ($fdata as $v) {
if (empty($v)) {
continue;
}
$t = unserialize($v);
if ($data['ip'] == $t['ip']) {
$idata++;
}
//若Ip出现10次以上,直接禁止不再保存提醒
//相同地址在20秒内都含有非法字符,直接禁止不再保存提醒
if ($idata >= 10 || $data['time'] - $t['time'] < 20 && $data['user'] == $t['user'] && $data['ip'] == $t['ip'] && $data['url'] == $t['url']) {
if ($cfg['SYS_ILLEGAL_CHAR']) {
App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1);
}
unset($cfg);
return false;
}
}
unset($fadta);
}
$body = serialize($data) . PHP_EOL . $body;
file_put_contents($file, $body, LOCK_EX);
if ($data['ip'] && $cfg['SYS_ATTACK_MAIL'] && check::is_email($cfg['SITE_SYSMAIL'])) {
//发送邮件至管理员
mail::set($cfg);
$body = '------------------------------------------------------------------------------------------<br>' . 'SITE: ' . SITE_URL . '<br>URL: ' . $data['url'] . '<br>TYPE: ' . $data['type'] . '<br>VALUE: ' . $data['val'] . '<br>IP: ' . $data['ip'] . '<br>TIME: ' . date(TIME_FORMAT, $data['time']) . '<br>USER: '******'user'] . '<br>------------------------------------------------------------------------------------------<br>' . lang('a-cfg-6') . '<br>';
mail::sendmail($cfg['SITE_SYSMAIL'], lang('a-cfg-5') . '-' . $cfg['SITE_NAME'], $body);
}
}
if ($cfg['SYS_ILLEGAL_CHAR']) {
App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1);
}
unset($cfg);
}
/**
* 登录验证
* @param $username
* @param $password
* @return boolean
*/
public function check_login($username, $password)
{
$row = $this->where('username=?', $username)->select(false);
if ($row) {
if (md5(md5($password) . $row['salt'] . md5($password)) != $row['password']) {
return false;
}
$ip = client::get_user_ip();
if (empty($row['loginip']) || $row['loginip'] != $ip) {
$update = array('lastloginip' => $row['loginip'], 'lastlogintime' => (int) $row['logintime'], 'loginip' => $ip, 'logintime' => time());
$this->update($update, 'userid=' . $row['userid']);
}
return $row;
}
return false;
}
/**
* 更新登录信息
*/
public function update_login_info($data)
{
$userip = client::get_user_ip();
if (empty($data['loginip']) || $data['loginip'] != $userip) {
//如果会员表中的登录ip不一致,则重新记录
$update = array('lastloginip' => $data['loginip'], 'lastlogintime' => $data['logintime'], 'loginip' => $ip, 'logintime' => time());
$this->member->update($update, 'id=' . $data['id']);
}
}
public function regAction()
{
if ($this->isPostForm()) {
$addall = $this->post('addall');
$modelid = (int) $this->post('modelid');
if (!$modelid) {
$this->adminMsg(lang('a-mem-5'));
}
if ($addall) {
//批量
$data = $this->post('members');
if (empty($data)) {
$this->adminMsg(lang('a-mem-6'));
}
$data = explode(chr(13), $data);
$y = $n = 0;
foreach ($data as $val) {
list($username, $password, $email) = explode(' ', $val);
$email = trim($email);
$username = trim($username);
$password = trim($password);
if (empty($username) || empty($password) || empty($email)) {
$n++;
} elseif (!$this->is_username($username)) {
$n++;
} elseif (!check::is_email($email)) {
$n++;
} else {
$row1 = $this->member->getOne('username=?', $username, 'id');
$row2 = $this->member->getOne('email=?', $email, 'id');
if (empty($row1) && empty($row2)) {
$salt = substr(md5(rand(0, 999)), 0, 10);
$insert = array('salt' => $salt, 'regip' => client::get_user_ip(), 'email' => $email, 'status' => $_POST['data']['status'], 'regdate' => time(), 'groupid' => 1, 'modelid' => $modelid, 'loginip' => '', 'logintime' => 0, 'lastloginip' => '', 'lastlogintime' => 0, 'nickname' => '', 'randcode' => 0, 'credits' => 0, 'username' => $username, 'password' => md5(md5($password) . $salt . md5($password)));
if ($this->member->insert($insert)) {
$y++;
} else {
$n++;
}
} else {
$n++;
}
}
}
$this->adminMsg(lang('a-mem-7', array('1' => $y, '2' => $n)), url('admin/member/index'), 3, 1, 1);
} else {
//注册
$data = $this->post('data');
if (empty($data['username']) || empty($data['password']) || empty($data['email'])) {
$this->adminMsg(lang('a-mem-8'));
}
if (!$this->is_username($data['username'])) {
$this->adminMsg(lang('a-mem-9'));
}
if (!check::is_email($data['email'])) {
$this->adminMsg(lang('a-mem-10'));
}
$row = $this->member->getOne('username=?', $data['username'], 'id');
if ($row) {
$this->adminMsg(lang('a-mem-11'));
}
$row = $this->member->getOne('email=?', $data['email'], 'id');
if ($row) {
$this->adminMsg(lang('a-mem-12'));
}
$salt = substr(md5(rand(0, 999)), 0, 10);
$insert = array('salt' => $salt, 'email' => $data['email'], 'regip' => client::get_user_ip(), 'status' => $data['status'], 'regdate' => time(), 'groupid' => 1, 'modelid' => $modelid, 'randcode' => 0, 'credits' => 0, 'logintime' => 0, 'loginip' => '', 'lastlogintime' => 0, 'lastloginip' => '', 'nickname' => '', 'username' => $data['username'], 'password' => md5(md5($data['password']) . $salt . md5($data['password'])));
if ($this->member->insert($insert)) {
$this->adminMsg(lang('success'), url('admin/member'), 3, 1, 1);
} else {
$this->adminMsg(lang('a-mem-13'));
}
}
}
$count = array();
$count[0] = $this->member->count('member', null, '1');
$count[1] = $this->member->count('member', null, 'status=1');
$count[2] = $this->member->count('member', null, 'status=0');
if ($this->memberconfig['uc_use'] == 1) {
include EXTENSION_DIR . 'ucenter' . DIRECTORY_SEPARATOR . 'config.inc.php';
}
$this->view->assign(array('uc' => $this->memberconfig['uc_use'], 'model' => $this->membermodel, 'count' => $count));
$this->view->display('admin/member_reg');
}
/**
* 后台操作日志记录
*/
protected function adminLog()
{
if ($this->namespace != 'admin') {
return false;
}
if (!isset($_POST) || empty($_POST)) {
return false;
}
//跳过不要记录的操作
if ($this->site['SITE_ADMINLOG'] == false) {
return false;
}
$skip = (require CONFIG_DIR . 'auth.skip.ini.php');
if (stripos($this->action, 'ajax') !== false) {
return false;
}
$skip = $skip['admin'];
$skip[] = 'index-log';
if (in_array($this->controller, $skip)) {
return false;
} elseif (in_array($this->controller . '-' . $this->action, $skip)) {
return false;
}
//记录操作日志
$options = (require CONFIG_DIR . 'auth.option.ini.php');
$option = $options[$this->controller];
if (empty($option)) {
return false;
}
$now = $option['option'][$this->action];
$ip = client::get_user_ip();
if (SYS_DOMAIN) {
$_SERVER['REQUEST_URI'] = str_replace('/' . SYS_DOMAIN, '', $_SERVER['REQUEST_URI']);
}
$pathurl = isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI'];
$options = lang($option['name']) . ' - ' . lang($option['option'][$this->action]);
if ($this->post('submit')) {
$options .= ' - ' . lang('a-com-2');
} elseif ($this->post('submit_order')) {
$options .= ' - ' . lang('a-com-3');
} elseif ($this->post('submit_del')) {
$options .= ' - ' . lang('a-com-4');
} elseif ($this->post('submit_status_1')) {
$options .= ' - ' . lang('a-com-5');
} elseif ($this->post('submit_status_0')) {
$options .= ' - ' . lang('a-com-6');
} elseif ($this->post('submit_status_2')) {
$options .= ' - ' . lang('a-com-7');
} elseif ($this->post('submit_status_3')) {
$options .= ' - ' . lang('a-com-8');
} elseif ($this->post('submit_move')) {
$options .= ' - ' . lang('a-com-9');
} elseif ($this->post('delete')) {
$options .= ' - ' . lang('a-com-10');
}
$data = array('ip' => $ip, 'param' => $pathurl, 'userid' => $this->userinfo['userid'], 'action' => $this->action, 'options' => $options, 'username' => $this->userinfo['username'], 'controller' => $this->controller, 'optiontime' => time());
$dir = APP_ROOT . 'cache' . DIRECTORY_SEPARATOR . 'logs' . DIRECTORY_SEPARATOR;
$file = $dir . date('Ymd') . '.log';
if (!is_dir($dir)) {
mkdir($dir, 0777);
}
$content = file_exists($file) ? file_get_contents($file) : '';
$content = serialize($data) . PHP_EOL . $content;
file_put_contents($file, $content, LOCK_EX);
}
/**
* 游客投稿
*/
public function postAction()
{
if ($this->post('select') && $this->isPostForm()) {
$this->redirect(url('content/post', array('catid' => (int) $this->post('catid'))));
}
$catid = (int) $this->get('catid');
$tree = $this->instance('tree');
$tree->config(array('id' => 'catid', 'parent_id' => 'parentid', 'name' => 'catname'));
if (empty($catid)) {
$this->view->assign(array('select' => 1, 'category' => $tree->get_tree($this->cats, 0, null, ' |-', true, 0, 0, true), 'meta_title' => lang('a-cat-94') . '-' . $this->site['SITE_NAME']));
$this->view->display('post');
} else {
if (!isset($this->cats[$catid])) {
$this->msg(lang('m-con-9', array('1' => $catid)), null, 1);
}
$model = $this->get_model();
$modelid = $this->cats[$catid]['modelid'];
if (!isset($model[$modelid])) {
$this->msg(lang('m-con-10'), null, 1);
}
//投稿权限验证
if (isset($this->cats[$catid]['setting']['guestpost']) && $this->cats[$catid]['setting']['guestpost']) {
//验证投稿数量
$where = 'userid=0 AND username="******" AND inputtime between ' . strtotime(date('Y-m-d 0:0:0')) . ' and ' . strtotime(date('Y-m-d 23:59:59'));
$count = $this->content->_count(null, $where);
if ($count >= $this->cats[$catid]['setting']['guestpost']) {
$this->msg(lang('a-cat-95', array('1' => $this->cats[$catid]['setting']['guestpost'])), null, 1);
}
} else {
$this->msg(lang('m-con-12'), null, 1);
}
$fields = $model[$modelid]['fields'];
if ($this->cats[$catid]['child']) {
$this->msg(lang('m-con-11'), null, 1);
}
if ($this->post('data') && $this->isPostForm()) {
if (!$this->checkCode($this->post('code'))) {
$this->msg(lang('for-4'), null, 1);
}
$data = $this->post('data');
$data['catid'] = $catid;
$data['userid'] = 0;
$data['sysadd'] = 0;
$data['status'] = 3;
$data['modelid'] = (int) $modelid;
$data['username'] = client::get_user_ip();
$data['inputtime'] = $data['updatetime'] = time();
if (empty($data['title'])) {
$this->msg(lang('m-con-13'), null, 1);
}
$this->checkFields($fields, $data, 3);
$result = $this->content->member(0, $model[$modelid]['tablename'], $data);
if (!is_numeric($result)) {
$this->msg($result, null, 1);
}
$this->msg(lang('a-cat-96'), url('content/post'), 1, 5);
}
//自定义字段
$data_fields = $this->getFields($fields);
$this->view->assign(array('model' => $model[$modelid], 'catid' => $catid, 'meta_title' => lang('a-cat-94') . '-' . $this->site['SITE_NAME'], 'data_fields' => $data_fields));
$this->view->display('post');
}
}
/**
* 激活Ucenter用户
*/
public function activeAction()
{
list($username) = explode("\t", uc_authcode($this->get('auth'), 'DECODE'));
if (empty($username)) {
$this->memberMsg(lang('m-pms-13'));
}
if ($this->isPostForm()) {
$uc_user_info = uc_get_user($username);
$data['email'] = $uc_user_info[2];
$data['regip'] = client::get_user_ip();
$data['avatar'] = UC_API . '/avatar.php?uid=' . $uc_user_info[0] . '&size=middle';
$data['status'] = $this->memberconfig['status'] ? 0 : 1;
$data['modelid'] = $this->post('modelid');
$data['modelid'] = !isset($data['modelid']) || empty($data['modelid']) ? $this->memberconfig['modelid'] : $data['modelid'];
$data['groupid'] = 1;
$data['regdate'] = time();
$data['username'] = $username;
if (!isset($this->membermodel[$data['modelid']])) {
$this->memberMsg(lang('m-reg-17'));
}
if ($member = $this->member->getOne('username=?', $username, 'id')) {
$userid = $member['id'];
} else {
$userid = $this->member->insert($data);
}
if ($userid) {
set_cookie('member_id', $userid, 24 * 3600);
set_cookie('member_code', substr(md5(SITE_MEMBER_COOKIE . $userid), 5, 20), $time);
$this->memberMsg(lang('m-reg-21'), $this->post('back') ? html_entity_decode(urldecode($this->post('back'))) : url('member/'), 1);
} else {
$this->memberMsg(lang('m-reg-22'));
}
}
$this->view->assign(array('backurl' => urlencode($this->get('back')), 'username' => $username, 'meta_title' => lang('m-reg-23') . '-' . $this->site['SITE_NAME'], 'membermodel' => $this->membermodel));
$this->view->display('member/active');
}
private function check_ip($joindata, $cid)
{
$time = $this->model['setting']['form']['ip'] * 60;
//秒
$select = $this->form->from(null, 'id,inputtime');
$select->where('ip=?', client::get_user_ip());
if ($joindata && $cid) {
$select->where('cid=' . $cid);
}
$select->order('inputtime DESC');
$data = $select->select(false);
if (empty($data)) {
return false;
}
if (time() - $data['inputtime'] < $time) {
return true;
}
return false;
}
private function check_ip()
{
$time = $this->model['setting']['member']['ip'] * 60;
//秒
$data = $this->table->from(null, 'id,inputtime')->where('ip=?', client::get_user_ip())->where('touserid=' . $this->touserid)->order('inputtime DESC')->select(false);
if (empty($data)) {
return false;
}
if (time() - $data['inputtime'] < $time) {
return true;
}
return false;
}
/**
* 添加内容
*/
public function addAction()
{
//模型投稿权限验证
if ($this->adminPost($this->model['setting']['auth'])) {
$this->adminMsg(lang('a-cat-100', array('1' => $this->userinfo['rolename'])));
}
if ($this->isPostForm()) {
$data = $this->post('data');
$cid = (int) $this->post('cid');
if ($this->join && empty($cid)) {
$this->adminMsg(lang('a-for-17'), '', 1);
}
if ($this->join) {
$table = $this->model($this->join['tablename']);
$cdata = $table->find($cid, 'id');
if (empty($cdata)) {
$this->adminMsg(lang('a-for-5', array('1' => $this->join['modelname'], '2' => $cid)));
}
}
$this->checkFields($this->model['fields'], $data, 1);
$data['ip'] = client::get_user_ip();
$data['cid'] = $cid;
$data['userid'] = 0;
$data['username'] = $this->userinfo['username'];
$data['inputtime'] = $data['updatetime'] = time();
if ($data['id'] = $this->form->set(0, $data)) {
if (isset($this->model['setting']['form']['url']['tohtml']) && $this->model['setting']['form']['url']['tohtml'] && $data['status'] == 1) {
$this->createForm($this->modelid, $data);
//生成静态
}
$this->adminMsg(lang('success'), url('admin/form/list', array('modelid' => $this->modelid, 'cid' => $this->cid)), 3, 1, 1);
} else {
$this->adminMsg(lang('failure'));
}
}
$count[1] = $this->content->count($this->table, null, 'status=1');
$count[0] = $this->content->count($this->table, null, 'status=0');
$count[3] = $this->content->count($this->table, null, 'status=3');
$this->view->assign(array('join' => empty($this->join) ? 0 : 1, 'count' => $count, 'fields' => $this->getFields($this->model['fields'], null, $this->model['setting']['form']['field'])));
$this->view->display('admin/form_add');
}
