DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
96MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/dede/config.php

222 lines
7.2KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * 管理目录配置文件

  5.  *

  6.  * @version        $Id: config.php 1 14:31 2010年7月12日Z tianya $

  7.  * @package        DedeBIZ.Administrator

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));

  13. require_once(DEDEADMIN . '/../include/common.inc.php');

  14. require_once(DEDEINC . '/userlogin.class.php');

  15. header('Cache-Control:private');

  16. $dsql->safeCheck = FALSE;

  17. $dsql->SetLongLink();

  18. $cfg_admin_skin = 1; // 后台管理风格

  19. 

  20. if (file_exists(DEDEDATA . '/admin/skin.txt')) {

  21.     $skin = file_get_contents(DEDEDATA . '/admin/skin.txt');

  22.     $cfg_admin_skin = !in_array($skin, array(1, 2, 3, 4)) ? 1 : $skin;

  23. }

  24. 

  25. // 检查CSRF

  26. function CheckCSRF()

  27. {

  28.     $cc_csrf_token_check = GetCookie("dede_csrf_token");

  29.     if (

  30.         !(isset($_POST['_csrf_token'], $cc_csrf_token_check)

  31.             && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)

  32.             && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))

  33.     ) {

  34.         ShowMsg('CSRF校验失败,请刷新页面重新提交', '-1');

  35.         exit();

  36.     }

  37. 

  38.     DropCookie("dede_csrf_token");

  39. }

  40. 

  41. // 生成CSRF校验token,在比较重要的表单中应该要加上这个token校验

  42. $cc_csrf_token = GetCookie("dede_csrf_token");

  43. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {

  44.     if (

  45.         isset($cc_csrf_token) && is_string($cc_csrf_token)

  46.         && preg_match('#^[0-9a-f]{32}$#iS', $cc_csrf_token) === 1

  47.     ) {

  48.         $GLOBALS['csrf_token'] = $cc_csrf_token;

  49.     } else {

  50.         $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));

  51.     }

  52. }

  53. 

  54. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {

  55.     PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');

  56. }

  57. 

  58. 

  59. //获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项

  60. $dedeNowurl = $s_scriptName = '';

  61. $isUrlOpen = @ini_get('allow_url_fopen');

  62. $dedeNowurl = GetCurUrl();

  63. $dedeNowurls = explode('?', $dedeNowurl);

  64. $s_scriptName = $dedeNowurls[0];

  65. $cfg_remote_site = empty($cfg_remote_site) ? 'N' : $cfg_remote_site;

  66. 

  67. //检验用户登录状态

  68. $cuserLogin = new userLogin();

  69. 

  70. if ($cuserLogin->getUserID() == -1) {

  71.     if (preg_match("#PHP (.*) Development Server#", $_SERVER['SERVER_SOFTWARE'])) {

  72.         $dirname = dirname($_SERVER['SCRIPT_NAME']);

  73.         header("location:{$dirname}/login.php?gotopage=" . urlencode($dedeNowurl));

  74.     } else {

  75.         header("location:login.php?gotopage=" . urlencode($dedeNowurl));

  76.     }

  77.     exit();

  78. }

  79. 

  80. function XSSClean($val)

  81. {

  82.     if (is_array($val)) {

  83.         foreach ($val as $key => $v) {

  84.             if (in_array($key, array('tags', 'body', 'dede_fields', 'dede_addonfields', 'dopost', 'introduce'))) continue;

  85.             $val[$key] = XSSClean($val[$key]);

  86.         }

  87.         return $val;

  88.     }

  89.     return RemoveXss($val);

  90. }

  91. 

  92. if ($cfg_dede_log == 'Y') {

  93.     $s_nologfile = '_main|_list';

  94.     $s_needlogfile = 'sys_|file_';

  95.     $s_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';

  96.     $s_query = isset($dedeNowurls[1]) ? $dedeNowurls[1] : '';

  97.     $s_scriptNames = explode('/', $s_scriptName);

  98.     $s_scriptNames = $s_scriptNames[count($s_scriptNames) - 1];

  99.     $s_userip = GetIP();

  100.     if ($s_method == 'POST' || (!preg_match("#" . $s_nologfile . "#i", $s_scriptNames) && $s_query != '') || preg_match("#" . $s_needlogfile . "#i", $s_scriptNames)) {

  101.         $inquery = "INSERT INTO `#@__log`(adminid,filename,method,query,cip,dtime)

  102.              VALUES ('" . $cuserLogin->getUserID() . "','{$s_scriptNames}','{$s_method}','" . addslashes($s_query) . "','{$s_userip}','" . time() . "');";

  103.         $dsql->ExecuteNoneQuery($inquery);

  104.     }

  105. }

  106. 

  107. //管理缓存、管理员频道缓存

  108. $cache1 = DEDEDATA . '/cache/inc_catalog_base.inc';

  109. if (!file_exists($cache1)) UpDateCatCache();

  110. $cacheFile = DEDEDATA . '/cache/admincat_' . $cuserLogin->userID . '.inc';

  111. if (file_exists($cacheFile)) require_once($cacheFile);

  112. 

  113. //更新服务器

  114. require_once(DEDEDATA . '/admin/config_update.php');

  115. 

  116. if (strlen($cfg_cookie_encode) <= 10) {

  117.     $chars = 'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789';

  118.     $hash = '';

  119.     $length = rand(28, 32);

  120.     $max = strlen($chars) - 1;

  121.     for ($i = 0; $i < $length; $i++) {

  122.         $hash .= $chars[mt_rand(0, $max)];

  123.     }

  124.     $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='{$hash}' WHERE varname='cfg_cookie_encode' ");

  125.     $configfile = DEDEDATA . '/config.cache.inc.php';

  126.     if (!is_writeable($configfile)) {

  127.         echo "配置文件'{$configfile}'不支持写入,无法修改系统配置参数!";

  128.         exit();

  129.     }

  130.     $fp = fopen($configfile, 'w');

  131.     flock($fp, 3);

  132.     fwrite($fp, "<" . "?php\r\n");

  133.     $dsql->SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC ");

  134.     $dsql->Execute();

  135.     while ($row = $dsql->GetArray()) {

  136.         if ($row['type'] == 'number') {

  137.             if ($row['value'] == '') $row['value'] = 0;

  138.             fwrite($fp, "\${$row['varname']} = " . $row['value'] . ";\r\n");

  139.         } else {

  140.             fwrite($fp, "\${$row['varname']} = '" . str_replace("'", '', $row['value']) . "';\r\n");

  141.         }

  142.     }

  143.     fwrite($fp, "?" . ">");

  144.     fclose($fp);

  145. }

  146. 

  147. /**

  148.  *  更新栏目缓存

  149.  *

  150.  * @access    public

  151.  * @return    void

  152.  */

  153. function UpDateCatCache()

  154. {

  155.     global $dsql, $cache1, $cuserLogin;

  156.     $cache2 = DEDEDATA . '/cache/channelsonlist.inc';

  157.     $cache3 = DEDEDATA . '/cache/channeltoplist.inc';

  158.     $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");

  159.     $dsql->Execute();

  160.     $fp1 = fopen($cache1, 'w');

  161.     $phph = '?';

  162.     $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";

  163.     fwrite($fp1, $fp1Header);

  164.     while ($row = $dsql->GetObject()) {

  165.         // 将typename缓存起来

  166.         $row->typename = base64_encode($row->typename);

  167.         fwrite($fp1, "\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");

  168.     }

  169.     fwrite($fp1, "{$phph}>");

  170.     fclose($fp1);

  171.     $cuserLogin->ReWriteAdminChannel();

  172.     @unlink($cache2);

  173.     @unlink($cache3);

  174. }

  175. 

  176. // 清空选项缓存

  177. function ClearOptCache()

  178. {

  179.     $tplCache = DEDEDATA . '/tplcache/';

  180.     $fileArray = glob($tplCache . "inc_option_*.inc");

  181.     if (count($fileArray) > 1) {

  182.         foreach ($fileArray as $key => $value) {

  183.             if (file_exists($value)) unlink($value);

  184.             else continue;

  185.         }

  186.         return TRUE;

  187.     }

  188.     return FALSE;

  189. }

  190. 

  191. /**

  192.  *  引入模板文件

  193.  *

  194.  * @access    public

  195.  * @param     string  $filename  文件名称

  196.  * @param     bool  $isabs  是否为管理目录

  197.  * @return    string

  198.  */

  199. function DedeInclude($filename, $isabs = FALSE)

  200. {

  201.     return $isabs ? $filename : DEDEADMIN . '/' . $filename;

  202. }

  203. 

  204. /**

  205.  *  根据用户mid获取用户名称

  206.  *

  207.  * @access    public

  208.  * @param     int  $mid   用户ID

  209.  * @return    string

  210.  */

  211. if (!function_exists('GetMemberName')) {

  212.     function GetMemberName($mid = 0)

  213.     {

  214.         global $dsql;

  215.         if (empty($mid)) {

  216.             return "管理员";

  217.         }

  218.         $rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");

  219.         return $rs['uname'];

  220.     }

  221. }