DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
946 Commits
3 Branches
85MB
Tree: 4b69eb36b7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b69eb36b7'
${ noResults }
DedeV6/src/admin/index_testenv.php

167 lines
4.9KB
Raw Blame History 

  1. <?php

  2. @set_time_limit(0);

  3. require_once(dirname(__FILE__)."/config.php");

  4. AjaxHead();

  5. if (!function_exists('TestWriteable')) {

  6. 	//检测是否可写

  7. 	function TestWriteable($d, $c = false)

  8. 	{

  9. 		$tfile = '_write_able.txt';

  10. 		$d = preg_replace("/\/$/", '', $d);

  11. 		$fp = @fopen($d.'/'.$tfile, 'w');

  12. 		if (!$fp) {

  13. 			if ($c == false) {

  14. 				@chmod($d, 0777);

  15. 				return false;

  16. 			} else return TestWriteable($d, true);

  17. 		} else {

  18. 			fclose($fp);

  19. 			return @unlink($d.'/'.$tfile) ? true : false;

  20. 		}

  21. 	}

  22. }

  23. if (!function_exists('TestExecuteable')) {

  24. 	//检查是否具目录可执行

  25. 	function TestExecuteable($d = '.', $siteuRL = '', $rootDir = '')

  26. 	{

  27. 		$testStr = '<'.chr(0x3F).'p'.chr(hexdec(68)).chr(112)."\n\r";

  28. 		$filename = md5($d).'.php';

  29. 		$testStr .= 'function test(){ echo md5(\''.$d.'\');}'."\n\rtest();\n\r";

  30. 		$testStr .= chr(0x3F).'>';

  31. 		$reval = false;

  32. 		if (empty($rootDir)) $rootDir = DEDEROOT;

  33. 		if (TestWriteable($d)) {

  34. 			@file_put_contents($d.'/'.$filename, $testStr);

  35. 			$remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/', realpath($d))).'/'.$filename;

  36. 			$tempStr = @PostHost($remoteUrl);

  37. 			$reval = (md5($d) == trim($tempStr)) ? true : false;

  38. 			unlink($d.'/'.$filename);

  39. 			return $reval;

  40. 		} else {

  41. 			return -1;

  42. 		}

  43. 	}

  44. }

  45. if (!function_exists('PostHost')) {

  46. 	function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)

  47. 	{

  48. 		$parse = @parse_url($host);

  49. 		if (empty($parse)) return false;

  50. 		if ((int)$port > 0) {

  51. 			$parse['port'] = $port;

  52. 		} elseif (!@$parse['port']) {

  53. 			$parse['port'] = '80';

  54. 		}

  55. 		$parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://").$parse['host'];

  56. 		if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {

  57. 			return false;

  58. 		}

  59. 		$method = strtoupper($method);

  60. 		$wlength = $wdata = $responseText = '';

  61. 		$parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path'])."?".@$parse['query'];

  62. 		if ($method == 'GET') {

  63. 			$separator = @$parse['query'] ? '&' : '';

  64. 			substr($data, 0, 1) == '&' && $data = substr($data, 1);

  65. 			$parse['path'] .= $separator.$data;

  66. 		} elseif ($method == 'POST') {

  67. 			$wlength = "Content-length: ".strlen($data)."\r\n";

  68. 			$wdata = $data;

  69. 		}

  70. 		$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";

  71. 		@fwrite($fp, $write);

  72. 		while ($data = @fread($fp, 4096)) {

  73. 			$responseText .= $data;

  74. 		}

  75. 		@fclose($fp);

  76. 		empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");

  77. 		return $responseText;

  78. 	}

  79. }

  80. if (!function_exists('TestAdminPWD')) {

  81. 	//返回结果,1.没有修改默认管理员名称,2.没有修改默认管理员用户名和密码,3.没有发现默认账号

  82. 	function TestAdminPWD()

  83. 	{

  84. 		global $dsql;

  85. 		//查询栏目表确定栏目所在的目录

  86. 		$sql = "SELECT usertype,userid,pwd FROM #@__admin WHERE `userid`='admin'";

  87. 		$row = $dsql->GetOne($sql);

  88. 		if (is_array($row)) {

  89. 			if ($row['pwd'] == 'f297a57a5a743894a0e4') {

  90. 				return -2;

  91. 			} else {

  92. 				return -1;

  93. 			}

  94. 		} else {

  95. 			return 0;

  96. 		}

  97. 	}

  98. }

  99. if (!function_exists('IsWritable')) {

  100. 	//检测是否可写

  101. 	function IsWritable($pathfile)

  102. 	{

  103. 		$isDir = substr($pathfile, -1) == '/' ? true : false;

  104. 		if ($isDir) {

  105. 			if (is_dir($pathfile)) {

  106. 				mt_srand((float)microtime() * 1000000);

  107. 				$pathfile = $pathfile.'biz_'.uniqid(mt_rand()).'.tmp';

  108. 			} elseif (@mkdir($pathfile)) {

  109. 				return IsWritable($pathfile);

  110. 			} else {

  111. 				return false;

  112. 			}

  113. 		}

  114. 		@chmod($pathfile, 0777);

  115. 		$fp = @fopen($pathfile, 'ab');

  116. 		if ($fp === false) return false;

  117. 		fclose($fp);

  118. 		$isDir && @unlink($pathfile);

  119. 		return true;

  120. 	}

  121. }

  122. //检测权限

  123. $safeMsg = array();

  124. $dirname = str_replace('index_body.php', '', strtolower($_SERVER['PHP_SELF']));

  125. if (preg_match("#[\\|/]admin[\\|/]#", $dirname)) {

  126. 	$safeMsg[] = '后台管理目录名称中包含默认名称admin,强烈建议您进行修改';

  127. }

  128. if (IsWritable(DEDEDATA.'/common.inc.php')) {

  129. 	$safeMsg[] = '数据安全data/common.inc.php文件,强烈建议以管理员级别设置为644或只读';

  130. }

  131. if (!IsSSL()) {

  132. 	$safeMsg[] = '当前站点尚未启用HTTPS,强烈建议您启用';

  133. }

  134. if (version_compare(PHP_VERSION, '5.3.0', '<')) {

  135. 	$safeMsg[] = "PHP请升级到5.3及以上版本,低版本PHP环境将无法正常使用本系统";

  136. }

  137. $rs = TestAdminPWD();

  138. if ($rs < 0) {

  139. 	$linkurl = "<a href='sys_admin_user.php' class='btn btn-success btn-sm'>修改</a>";

  140. 	switch ($rs) {

  141. 		case -1:

  142. 			$msg = "没有修改默认管理员名称admin,强烈建议您进行修改 {$linkurl}";

  143. 			break;

  144. 		case -2:

  145. 			$msg = "没有修改默认管理员名称和密码,强烈建议您进行修改 {$linkurl}";

  146. 			break;

  147. 	}

  148. 	$safeMsg[] = $msg;

  149. }

  150. ?>

  151. <?php

  152. if (count($safeMsg) > 0) {

  153. ?>

  154. 	<div class="alert alert-danger mt-3 mb-3">

  155. 		<?php

  156. 		$i = 1;

  157. 		foreach ($safeMsg as $key => $val) {

  158. 		?>

  159. 		<div class="py-1"><?php echo $i; ?>.<?php echo $val; ?></div>

  160. 		<?php

  161. 		$i++;

  162. 		}

  163. 		?>

  164. 	</div>

  165. <?php

  166. }

  167. ?>