function __construct() {
if(preg_match('/(\'|")/', $_POST['username']) || preg_match('/(\'|")/', $_GET['username']) || preg_match('/(\'|")/', $_COOKIE['login_username'])){
exit('非法参数');
}
self::$args=$_GET['args'];
unset($_GET['args']);
if($_GET['case'] == 'file'){@$_GET['admin_dir'] = config::get('admin_dir');}
if (@$_GET['admin_dir'] == config::get('admin_dir'))
$admin=1;
if (@$_GET['m'] &&is_numeric(@$_GET['m'])) {
header('location:?case=user&act=space&mid='.$_GET['m']);
}
if (@$_GET['g'] &&is_numeric(@$_GET['g'])) {
header('location: ?case=manage&act=guestadd&manage=archive&guest=1');
}
if (@$admin) {
include_once ROOT.'/'.config::get('admin_dir').'/init.php';
}
if (@$_GET['clean_login']) {
$event=new event();
$event->rec_delete("event='loginfalse'");
cookie::del('loginfalse');
}
self::$admin=defined('ADMIN');
self::$debug=defined('DEBUG');
if(is_mobile()) $_GET['t']='wap';
if (strtolower(config::get('template_dir')) == 'admin'||strtolower(config::get('template_dir')) == 'debug')
exit(__CLASS__.','.__LINE__);
if (!config::get('template_dir'))
config::set('template_dir','default');
if (isset($_SERVER['HTTP_REFERER']))
self::$from=$_SERVER['HTTP_REFERER'];
self::$host=isset($_SERVER['HTTP_X_FORWARDED_HOST']) ?$_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ?$_SERVER['HTTP_HOST'] : '');
preg_match('/[\w-]+(\.(org|net|com|gov))?\.(\w+)$/',self::$host,$match);
if (isset($match[0]))
self::$domain=$match[0];
else
self::$domain=self::$host;
self::$uri=$_SERVER['REQUEST_URI'];
self::route();
define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
exit('request_tainting');
}
if (!MAGIC_QUOTES_GPC) {
$_GET = daddslashes($_GET);
$_POST = daddslashes($_POST);
$_COOKIE = daddslashes($_COOKIE);
}
$dfile = htmlspecialchars($_GET['dfile']);
foreach ($_GET as $key=>$value) {
unset($_GET[$key]);
if ($key == 'host'||$key == 'ftpip'||$key == 'request'||$key == 'notify_id'||$key == 'real_name') {
$_GET[$key]=$value;
continue;
}
$key=preg_replace('/[^\w-].*/','',$key);
if ($key == 'tag'||$key == 'keyword') {
$value=strip_tags(urldecode($value));
$value=str_replace(' ','+',$value);
if(preg_match('/union/i',$value) || preg_match('/"/i',$value) ||preg_match('/\'/i',$value)){
exit('非法参数');
}
}
else
$value=preg_replace('/[^\w-].*/','',$value);
$_GET[$key]=$value;
}
self::$get=$_GET;
self::$post=$_POST;
self::$get['dfile'] = $dfile;
if (isset(self::$post['verify']))
self::$post['verify']=strtoupper(self::$post['verify']);
self::$case=isset(self::$get['case']) ?self::$get['case'] : (self::$admin ?'index': 'index');
self::$act=isset(self::$get['act']) ?self::$get['act'] : 'index';
if (preg_match("%".self::$host."%i",self::$from))
self::$from=preg_replace('%http://'.self::$host.'%','',self::$from);
if (!front::$admin ||front::$html ||self::$rewrite)
config::set('base_url',preg_replace('%/index.php%i','',$_SERVER['PHP_SELF']));
else {
$_url=preg_replace('/'.THIS_URL.'$/i','',rtrim(preg_replace('/(index\.php|\?).*/i','',self::$uri),'/'));
config::set('base_url',str_replace(ROOT,'',$_url));
}
new stsession(new sessionox());//初始化DB 存储SESSION
if (self::$admin)
$this->admin();
}