function doinstall()
{
$appid = $this->get[2];
if (is_numeric($appid)) {
$pluginurl = $this->setting['app_url'] . '/hdapp.php?action=download&type=plugin&install=1&id=' . $appid . '&url=' . urlencode(WIKI_URL);
$zipcontent = @util::hfopen($pluginurl);
if (empty($zipcontent)) {
$this->message($this->view->lang['msgConnectFailed']);
}
$tmpname = HDWIKI_ROOT . '/data/tmp/' . util::random(6) . '.zip';
file::writetofile($tmpname, $zipcontent);
if (function_exists('gzopen')) {
require HDWIKI_ROOT . "/lib/zip.class.php";
$zip = new zip();
if (!$zip->chk_zip) {
$this->message($this->view->lang['pluginInstallNoZlib'], '');
}
$ziplist = @$zip->get_List($tmpname);
if (!(bool) $ziplist) {
unlink($tmpname);
$this->message($this->view->lang['pluginAddr'] . $pluginurl . $this->view->lang['pluginAddrFail']);
}
$lastpos = strpos($ziplist[0]['filename'], '/');
$identifier = substr($ziplist[0]['filename'], 0, $lastpos);
@$zip->Extract($tmpname, HDWIKI_ROOT . '/plugins');
} else {
$this->message($this->view->lang['pluginInstallNoZlib']);
}
unlink($tmpname);
} else {
$identifier = $this->get[2];
}
$plugin = $this->db->fetch_by_field('plugin', 'identifier', $identifier);
if ($plugin) {
$this->message($this->view->lang['pluginAddrName'] . $identifier . $this->view->lang['pluginHasInstall'], 'index.php?admin_plugin-list');
}
$this->loadplugin($identifier);
$plugin = $_ENV["{$identifier}"]->install();
$_ENV['plugin']->add_plugin($plugin);
$this->cache->removecache('plugin');
$this->message($this->view->lang['pluginInstallSuccess'], 'index.php?admin_plugin-list');
}
function writecache($cachename, $arraydata)
{
$this->getfile($cachename);
$data = is_array($arraydata) ? var_export($arraydata, true) : "'" . $arraydata . "'";
$strdata = "<?php\nreturn " . $data . ";\n?>";
$bytes = file::writetofile($this->cachefile, $strdata);
return $bytes;
}
function download_package()
{
if (!is_dir(UPGRADE_PATH)) {
file::forcemkdir(UPGRADE_PATH);
}
if (file::iswriteable(UPGRADE_PATH)) {
$zip_file = UPGRADE_PATH . $this->package['release_code'] . '.zip';
file::writetofile($zip_file, @util::hfopen($this->package['url']));
return file_exists($zip_file);
} else {
return false;
}
}
function update_setting($setting)
{
foreach ($setting as $key => $value) {
if ($key == 'site_url' && $value != WIKI_URI) {
//site_url 存入 config.php 文件
$cfg = file::readfromfile(HDWIKI_ROOT . '/config.php');
$new_cfg = preg_replace("/WIKI_URL(['\"])\\s*,\\s*(['\"])(.*)\\1/", 'WIKI_URL${1}, ${2}' . $value . '${2}', $cfg);
file::writetofile(HDWIKI_ROOT . '/config.php', $new_cfg, 0);
} else {
if ($this->base->setting[$key] != $value) {
$this->db->query("REPLACE INTO " . DB_TABLEPRE . "setting (variable,value) VALUES ('{$key}','{$value}')");
}
}
}
return $this->db->insert_id();
}
function get($name, $expires = 0)
{
$file = $this->dir . $name . '.php';
if (!file_exists($file)) {
$data = util::hfopen($this->url_cache . rawurlencode($name) . '.php');
if ($data) {
file::forcemkdir($this->dir);
$flag = file::writetofile($this->dir . $name . '.php', $data);
} else {
return '';
}
}
if (file_exists($file)) {
$data = file::readfromfile($file);
$data = str_replace($this->phpexit, '', $data);
return unserialize(base64_decode($data));
} else {
return '';
}
}
function createaccessfile($path)
{
if (!file_exists($path . 'index.htm')) {
$content = ' ';
file::writetofile($path . 'index.htm', $content);
}
if (!file_exists($path . '.htaccess')) {
$content = 'Deny from all';
file::writetofile($path . '.htaccess', $content);
}
}
$fileUtil = new file();
$ipFile = $app_path . "/ipFile.ptp";
$content = $fileUtil->readfromfile($ipFile);
//echo isset($_COOKIE[$cip]) ;
//echo "<br>";
//echo stripos($content, $rip);
//echo "<br>";
//echo $rip;
// 判断用户是否重复提交
if (isset($_COOKIE[$cip]) || stripos($content, $rip)) {
echo "1";
} else {
echo 0;
//echo strnatcmp($backValue, "1004");
//echo "<br/>";
for ($i = 0; $i < 5; $i++) {
for ($j = 0; $j < 3; $j++) {
if ($vote_arr[$i][$j] == $backValue) {
$vote_arr[$i][2] = $vote_arr[$i][2] + 1;
}
}
}
$newFile = $app_path . "/vote_rslt.ptp";
$oldFile = $app_path . "/vote_rslt_old.ptp";
$fileUtil->copyFile($newFile, $oldFile);
$fileUtil->writetofile($newFile, json_encode($vote_arr));
$fileUtil->writetofile($ipFile, $content . $rip . ';', true);
$expire = time() + 86400 * 365;
// 设置24小时的有效期
setcookie($cip, true, $expire);
}
function doaddlang()
{
switch ($this->post['addlangtype']) {
case 0:
$langname = 'front.php';
break;
case 1:
$langname = 'back.php';
break;
}
$langcon = trim($this->post['langcon']);
$langvar = trim($this->post['langname']);
if (!$langcon || !$langvar) {
$this->message('语言变量内容不能为空!', 'index.php?admin_language');
}
if (is_file(HDWIKI_ROOT . '/lang/zh/' . $langname)) {
$filelang = substr($langname, 0, -4);
$this->view->setlang($this->setting['lang_name'], $filelang);
if (array_key_exists($langvar, $this->view->lang)) {
$this->message('模版变量名已存在,请重新填写!', 'index.php?admin_language');
}
if (copy(HDWIKI_ROOT . '/lang/zh/' . $langname, HDWIKI_ROOT . '/lang/zh/bak_' . $langname)) {
$data = file::readfromfile(HDWIKI_ROOT . '/lang/zh/' . $langname);
$con = '$lang[\'' . $langvar . "']='" . str_replace("'", "\\'", str_replace("\\", "\\\\", stripslashes($langcon))) . "';\r\n?>";
$content = str_replace('?>', $con, $data);
file::writetofile(HDWIKI_ROOT . '/lang/zh/' . $langname, $content);
}
}
$langtype = $this->post['addlangtype'];
$this->message('语言文件添加成功!', 'index.php?admin_language-default-' . $langtype);
}
function setfocusimg($img)
{
if ('' == $img) {
return '';
}
if (substr($img, 0, strlen(WIKI_URL)) == WIKI_URL) {
$img = substr($img, strlen(WIKI_URL) + 1);
}
if ("http://" == substr($img, 0, 7) && substr($img, 0, strlen(WIKI_URL)) != WIKI_URL) {
$tmpname = 'uploads/' . date("Ym") . "/" . util::random() . '.' . file::extname($img);
if ($pic_content = @util::hfopen($img)) {
file::forcemkdir(dirname($tmpname));
if (file::writetofile($tmpname, $pic_content)) {
$img = $tmpname;
}
}
}
$compress = util::image_compress($img, 's_f_', 100, 75);
if (!$compress['result']) {
return '';
}
util::image_compress($img, 'f_', 152, 114);
@unlink($tmpname);
return $compress['tempurl'];
}
function doldap()
{
$ldapfile = HDWIKI_ROOT . '/data/ldap.inc.php';
if (function_exists('ldap_connect')) {
$ldap_available = 1;
} else {
$ldap_available = 0;
}
if (1 == $ldap_available) {
if (isset($this->post['ldapsubmit'])) {
$ldapdata = "<?php\r\ndefine('LDAP_OPEN', '" . $this->post['ldap_open'] . "');\r\ndefine('LDAP_SERVER', '" . $this->post['ldap_server'] . "');\r\ndefine('LDAP_USER', '" . $this->post['ldap_user'] . "');\r\ndefine('LDAP_EMAIL', '" . $this->post['ldap_email'] . "');\r\n?>";
$byte = file::writetofile($ldapfile, $ldapdata);
if ($byte == 0) {
$this->message($this->view->lang['passportnotwrite'], 'BACK');
} else {
$this->message($this->view->lang['passportsucess'], 'index.php?admin_setting-ldap');
}
} else {
$ldap_error = 'LDAP服务未开启!';
if (file_exists($ldapfile)) {
include $ldapfile;
if (defined('LDAP_OPEN')) {
if (1 == LDAP_OPEN) {
$ldap_error = '';
}
if (isset($this->post['ldaptestsubmit']) && 1 == LDAP_OPEN) {
// 测试LDAP服务
$test_user = $this->post['test_user'];
$test_password = $this->post['test_password'];
if (!empty($test_user) && !empty($test_password)) {
$test_user = str_replace('LDAP_USER_NAME', $test_user, LDAP_USER);
$connect_id = ldap_connect(LDAP_SERVER);
if ($connect_id) {
$bind_id = ldap_bind($connect_id, $test_user, $test_password);
if ($bind_id) {
$ldap_error = 'LDAP 验证成功,可以正常使用!';
} else {
$ldap_error = 'LDAP 验证失败!<br /> 服务器地址:' . LDAP_SERVER . '<br /> RDN为:' . $test_user;
}
}
}
}
$this->view->assign('ldap_open', LDAP_OPEN);
$this->view->assign('ldap_server', LDAP_SERVER);
$this->view->assign('ldap_user', LDAP_USER);
$this->view->assign('ldap_email', LDAP_EMAIL);
}
}
}
}
$this->view->assign('ldap_available', $ldap_available);
$this->view->assign('ldap_error', $ldap_error);
$this->view->display("admin_ldap");
}
function dosavetemp()
{
//将参数写入临时文件,等待模板“保存修改”时调用参数,存入到数据库。
$iseidt = isset($this->post['bid']);
//编辑时
$bid = $iseidt ? $this->post['bid'] : uniqid('hd');
file_exists($this->tempfile) && (include $this->tempfile);
if (strtoupper(WIKI_CHARSET) == 'GBK' && isset($this->post['params'])) {
//ajax在gbk下传过来的值是utf8的,所以gbk下需要转码。
//array_walk($this->post['params'],string::hiconv());
foreach ($this->post['params'] as $key => $val) {
$this->post['params'][$key] = string::hiconv($val);
}
}
$this->post = string::hstripslashes($this->post);
if ($this->post['tplcontent']) {
$tplc = $this->post['tplcontent'];
unset($this->post['tplcontent']);
}
if ($iseidt) {
if (is_numeric($bid)) {
//如果是数字,则有可能是第一次编辑,临时表中,并没有他的数据。那么交给get_setting去处理。
$data = $_ENV['theme']->get_setting($bid);
$temp[$bid]['block'] = $data['block'];
$temp[$bid]['fun'] = $data['fun'];
}
$temp[$bid]['params'] = $this->post['params'];
$cls = $temp[$bid]['block'];
$fun = $temp[$bid]['fun'];
} else {
$cls = $this->post['block'];
$fun = $this->post['fun'];
$temp[$bid] = $this->post;
}
$contents = '<?php $temp=';
$contents .= var_export($temp, true) . ' ?>';
file::writetofile($this->tempfile, $contents);
$this->view->setlang($this->setting['lang_name'], 'front');
//得到数据
$blockfile = $_ENV['global']->block_file($GLOBALS['theme'], "/{$cls}/{$cls}.php");
if (is_file($blockfile)) {
include_once $blockfile;
$obj = new $cls($this);
if (method_exists($obj, $fun)) {
$blockdata = $obj->{$fun}($this->post['params']);
} else {
$blockdata = array();
}
}
//将数据赋值给模板。显示替换上数据的html代码。
$this->view->assign('bid', $bid);
$this->view->assign('data', $blockdata);
//2010-11-8模板代码编辑将文件内容写入临时文件,目的是给下面的预览时模板调用使用。
$tplfile = HDWIKI_ROOT . "/data/tmp/" . $GLOBALS['theme'] . ".{$cls}.{$fun}.htm";
isset($tplc) && file::writetofile($tplfile, $tplc);
if (file_exists($tplfile)) {
$tplfile = "file://data/tmp/" . $GLOBALS['theme'] . ".{$cls}.{$fun}";
} else {
if (!file_exists(HDWIKI_ROOT . '/block/' . $GLOBALS['theme'] . "/{$cls}/{$fun}.htm")) {
$tplfile = "file://block/default/{$cls}/{$fun}";
} else {
$tplfile = 'file://block/' . $GLOBALS['theme'] . "/{$cls}/{$fun}";
}
}
$this->view->display($tplfile);
}
<?php
require_once './api/OperatorFileText.php';
require_once './globalVar.php';
header('Content-Type:text/html; charset=utf-8');
//使用gb2312编码,使中文不会变成乱码
$cip = get_ip_place_md5();
$backValue = $_POST['trans_data'];
$fileUtil = new file();
$newFile = $app_path . "/vote_rslt.ptp";
$oldFile = $app_path . "/vote_rslt_old.ptp";
$fileUtil->copyFile($newFile, $oldFile);
$fileUtil->writetofile($newFile, $backValue);
$expire = time() + 86400 * 365;
// 设置24小时的有效期
setcookie($cip, true, $expire);
// 判断用户是否重复提交
if (isset($_COOKIE[$cip])) {
echo "1";
} else {
echo "0";
}
function block_query($post, $temp = '')
{
$temlist = array();
list($theme, $file) = explode('-', array_shift($post));
//得到 theme 和 file 值。
//删除操作
if (is_array($temp['del'])) {
$delid = implode(',', $temp['del']);
$this->db->query("DELETE FROM " . DB_TABLEPRE . "block WHERE id IN ({$delid})");
}
//添加和更新 block数据的操作。
$insertsql = "INSERT INTO " . DB_TABLEPRE . "block (theme,file,area,areaorder,block,fun,tpl,params) VALUES ";
$areas = '';
//用来保存页面区域的数组。供下面的删除页面没有区域使用。
foreach ($post as $key => $value) {
$areas .= "'" . $key . "',";
$value = explode('-', $value);
$num = count($value);
for ($i = 0; $i < $num; $i++) {
$id = $value[$i];
if (is_numeric($id)) {
//id是数字,表明是需要更新的。
$updatesql = "UPDATE " . DB_TABLEPRE . "block SET area='{$key}',areaorder={$i}";
if (isset($temp[$id]['params'])) {
$updatesql .= ",params='" . serialize($temp[$id]['params']) . "'";
$temlist[] = $id;
}
$updatesql .= " WHERE id = {$id}";
$this->db->query($updatesql);
} else {
//id非数字,表明是新加入的模块。
$temlist[] = $id;
if (is_array($temp[$id])) {
$block = $temp[$id];
$params = $block['params'] ? serialize($block['params']) : '';
$insertsql .= "('" . $block['theme'] . "','" . $block['file'] . "','{$key}',{$i},'" . $block['block'] . "','" . $block['fun'] . "','" . $block['fun'] . ".htm','{$params}'),";
}
}
}
}
if (isset($block)) {
$insertsql = substr($insertsql, 0, -1);
$this->db->query($insertsql);
}
foreach ($temlist as $id) {
$block = $temp[$id];
$fromfile = HDWIKI_ROOT . "/data/tmp/" . $theme . ".{$block['block']}.{$block['fun']}.htm";
if (file_exists($fromfile)) {
$tofile = HDWIKI_ROOT . '/block/' . $theme . '/' . $block['block'] . '/' . $block['fun'] . '.htm';
$tplcontent = file::readfromfile($fromfile);
file::writetofile($tofile, $tplcontent);
unlink($fromfile);
}
}
//删除页面中没有区域的元素。(比如页面只有一个right区域,但是数据库中却多了一个left区域,显然是需要删掉的。
//如果模板被修改的话,可能出现这种情况。)
$areas = substr($areas, 0, -1);
$delsql = 'DELETE FROM ' . DB_TABLEPRE . "block WHERE theme = '{$theme}' and file = '{$file}' and area NOT IN ({$areas})";
$this->db->query($delsql);
return 'ok';
}
<?php require_once './globalVar.php'; echo get_ip_place(); require_once './api/OperatorFileText.php'; $fileUtil = new file(); $ipFile = $app_path . "/ipFile.ptp"; $fileUtil->writetofile($ipFile, 'aaa;aaaaa' . ';', true);
function doeditcode()
{
if (isset($this->post['submit'])) {
if (file::writetofile($this->hdwiki_root . $this->post['file_path'], stripcslashes($this->post['code']))) {
$this->message('修改成功', 'index.php?admin_safe-list');
} else {
$this->message('修改失败', 'index.php?admin_safe-list');
}
} else {
$func = $code = array();
$file_path = $_ENV['filecheck']->urlcode($this->get[2], 1);
if (empty($file_path)) {
$this->message('请选择文件', 'index.php?admin_safe-list');
}
$file_list = $this->cache->getcache('safe_backdoor');
$html = file_get_contents($this->hdwiki_root . $file_path);
if ($file_list[$file_path]['func']) {
foreach ($file_list[$file_path]['func'] as $key => $val) {
$func[$key] = strtolower($val[1]);
}
}
if ($file_list[$file_path]['code']) {
foreach ($file_list[$file_path]['code'] as $key => $val) {
$code[$key] = strtolower($val[1]);
}
}
$func = $_ENV['filecheck']->getjscode($func);
$code = $_ENV['filecheck']->getjscode($code, 1);
$this->view->assign("code", $code);
$this->view->assign("func", $func);
$this->view->assign("html", $html);
$this->view->assign("isedit", 'true');
$this->view->assign("file_path", $file_path);
$this->view->display('admin_safelist');
}
}
function editionconvert($type, $number)
{
if ($type == 'txt') {
$changenum = 100;
$maxeid = $this->db->result_first("SELECT MAX(eid) FROM " . DB_TABLEPRE . "edition WHERE 1");
if ($maxeid < $number - $changenum) {
return true;
}
$query = $this->db->query("SELECT eid,content FROM " . DB_TABLEPRE . "edition WHERE eid >({$number}-{$changenum}) AND eid <= {$number}");
while ($edition = $this->db->fetch_array($query)) {
if ($edition['content']) {
$path = 'data/edition/' . ceil($edition['eid'] / $changenum) * $changenum;
file::forcemkdir($path);
file::writetofile($path . "/" . $edition['eid'] . ".txt", $edition['content']);
}
}
$this->db->query("UPDATE " . DB_TABLEPRE . "edition SET content='' WHERE eid >({$number}-{$changenum}) AND eid <= {$number}");
} else {
$dirlist = array();
if ($handle = opendir('data/edition')) {
while (false !== ($dir = readdir($handle))) {
$dirlist[] = $dir;
}
closedir($handle);
}
$maxeid = @max($dirlist);
if ($number > $maxeid) {
return true;
}
$path = "data/edition/{$number}";
$files = file::get_file_by_ext($path, array('txt'));
foreach ((array) $files as $file) {
$eid = substr($file, 0, -4);
$filename = $path . "/" . $file;
$content = string::haddslashes(file::readfromfile($filename), 1);
if ($content) {
$this->db->query("UPDATE " . DB_TABLEPRE . "edition SET content='{$content}' WHERE eid={$eid}");
@unlink($filename);
}
}
}
return false;
}
function share_plugin($plugin)
{
$identifier = $plugin['identifier'];
$descxml = "<?xml version=\"1.0\" encoding=\"" . WIKI_CHARSET . "\"?>\n" . "<theme>\n" . "<author><![CDATA[" . $plugin['author'] . "]]></author>\n" . "<authorurl><![CDATA[" . $plugin['authorurl'] . "]]></authorurl>\n" . "<name><![CDATA[" . $plugin['name'] . "]]></name>\n" . "<tag><![CDATA[" . $plugin['tag'] . "]]></tag>\n" . "<desc><![CDATA[" . $plugin['description'] . "]]></desc>\n" . "<weburl><![CDATA[" . $plugin['weburl'] . "]]></weburl>\n" . "<version><![CDATA[" . $plugin['version'] . "]]></version>\n" . "<hdversion><![CDATA[" . $plugin['hdversion'] . "]]></hdversion>\n" . "<copyright><![CDATA[" . $plugin['copyright'] . "]]></copyright>\n" . "<charset><![CDATA[" . WIKI_CHARSET . "]]></charset>\n" . "</theme>";
file::writetofile(HDWIKI_ROOT . '/plugins/' . $identifier . '/desc.xml', $descxml);
require_once HDWIKI_ROOT . '/lib/zip.class.php';
$zip = new zip();
$filedir = array('plugins/' . $identifier);
$zipdir = array($identifier);
$tmpname = HDWIKI_ROOT . '/data/tmp/' . util::random(6) . '.zip';
@$zip->zip_dir($filedir, $tmpname, $zipdir);
$zip_content = file::readfromfile($tmpname);
$upload_url = $this->base->setting['app_url'] . '/hdapp.php?action=upload&type=plugin';
$data = 'data=' . base64_encode($zip_content);
if ('1' == @util::hfopen($upload_url, 0, $data)) {
unlink($tmpname);
return true;
}
return false;
}