国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

171 lines
5.0KB

  1. <?php
  2. @set_time_limit(0);
  3. require_once(dirname(__FILE__) . "/config.php");
  4. AjaxHead();
  5. if (!function_exists('TestWriteable')) {
  6. // 检测是否可写
  7. function TestWriteable($d, $c = false)
  8. {
  9. $tfile = '_write_able.txt';
  10. $d = preg_replace("/\/$/", '', $d);
  11. $fp = @fopen($d . '/' . $tfile, 'w');
  12. if (!$fp) {
  13. if ($c == false) {
  14. @chmod($d, 0777);
  15. return false;
  16. } else return TestWriteable($d, true);
  17. } else {
  18. fclose($fp);
  19. return @unlink($d . '/' . $tfile) ? true : false;
  20. }
  21. }
  22. }
  23. if (!function_exists('TestExecuteable')) {
  24. // 检查是否具目录可执行
  25. function TestExecuteable($d = '.', $siteuRL = '', $rootDir = '')
  26. {
  27. $testStr = '<' . chr(0x3F) . 'p' . chr(hexdec(68)) . chr(112) . "\n\r";
  28. $filename = md5($d) . '.php';
  29. $testStr .= 'function test(){ echo md5(\'' . $d . '\');}' . "\n\rtest();\n\r";
  30. $testStr .= chr(0x3F) . '>';
  31. $reval = false;
  32. if (empty($rootDir)) $rootDir = DEDEROOT;
  33. if (TestWriteable($d)) {
  34. @file_put_contents($d . '/' . $filename, $testStr);
  35. $remoteUrl = $siteuRL . '/' . str_replace($rootDir, '', str_replace("\\", '/', realpath($d))) . '/' . $filename;
  36. $tempStr = @PostHost($remoteUrl);
  37. $reval = (md5($d) == trim($tempStr)) ? true : false;
  38. unlink($d . '/' . $filename);
  39. return $reval;
  40. } else {
  41. return -1;
  42. }
  43. }
  44. }
  45. if (!function_exists('PostHost')) {
  46. function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)
  47. {
  48. $parse = @parse_url($host);
  49. if (empty($parse)) return false;
  50. if ((int)$port > 0) {
  51. $parse['port'] = $port;
  52. } elseif (!@$parse['port']) {
  53. $parse['port'] = '80';
  54. }
  55. $parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://") . $parse['host'];
  56. if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {
  57. return false;
  58. }
  59. $method = strtoupper($method);
  60. $wlength = $wdata = $responseText = '';
  61. $parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path']) . "?" . @$parse['query'];
  62. if ($method == 'GET') {
  63. $separator = @$parse['query'] ? '&' : '';
  64. substr($data, 0, 1) == '&' && $data = substr($data, 1);
  65. $parse['path'] .= $separator . $data;
  66. } elseif ($method == 'POST') {
  67. $wlength = "Content-length: " . strlen($data) . "\r\n";
  68. $wdata = $data;
  69. }
  70. $write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";
  71. @fwrite($fp, $write);
  72. while ($data = @fread($fp, 4096)) {
  73. $responseText .= $data;
  74. }
  75. @fclose($fp);
  76. empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");
  77. return $responseText;
  78. }
  79. }
  80. if (!function_exists('TestAdminPWD')) {
  81. //返回结果,-1:没有更改默认管理员名称 -2:没有更改默认管理员用户名和密码 0:没有发现默认账号
  82. function TestAdminPWD()
  83. {
  84. global $dsql;
  85. // 查询栏目表确定栏目所在的目录
  86. $sql = "SELECT usertype,userid,pwd FROM #@__admin WHERE `userid`='admin'";
  87. $row = $dsql->GetOne($sql);
  88. if (is_array($row)) {
  89. if ($row['pwd'] == 'f297a57a5a743894a0e4') {
  90. return -2;
  91. } else {
  92. return -1;
  93. }
  94. } else {
  95. return 0;
  96. }
  97. }
  98. }
  99. if (!function_exists('IsWritable')) {
  100. // 检测是否可写
  101. function IsWritable($pathfile)
  102. {
  103. $isDir = substr($pathfile, -1) == '/' ? true : false;
  104. if ($isDir) {
  105. if (is_dir($pathfile)) {
  106. mt_srand((float)microtime() * 1000000);
  107. $pathfile = $pathfile . 'dede_' . uniqid(mt_rand()) . '.tmp';
  108. } elseif (@mkdir($pathfile)) {
  109. return IsWritable($pathfile);
  110. } else {
  111. return false;
  112. }
  113. }
  114. @chmod($pathfile, 0777);
  115. $fp = @fopen($pathfile, 'ab');
  116. if ($fp === false) return false;
  117. fclose($fp);
  118. $isDir && @unlink($pathfile);
  119. return true;
  120. }
  121. }
  122. // 检测权限
  123. $safeMsg = array();
  124. $dirname = str_replace('index_body.php', '', strtolower($_SERVER['PHP_SELF']));
  125. if (preg_match("#[\\|/]dede[\\|/]#", $dirname)) {
  126. $safeMsg[] = '默认管理目录为dede,需要立即将它更名;';
  127. }
  128. if (IsWritable(DEDEDATA . '/common.inc.php')) {
  129. $safeMsg[] = '强烈建议data/common.inc.php文件属性设置为644(Linux/Unix)或只读(NT);';
  130. }
  131. $rs = TestAdminPWD();
  132. if ($rs < 0) {
  133. $linkurl = "<a href='sys_admin_user.php' class='btn btn-secondary btn-sm'>马上修改</a>";
  134. switch ($rs) {
  135. case -1:
  136. $msg = "没有更改默认管理员名称admin,建议您修改为其他管理账号!{$linkurl}";
  137. break;
  138. case -2:
  139. $msg = "没有更改默认的管理员名称和密码,强烈建议您进行更改!{$linkurl}";
  140. break;
  141. }
  142. $safeMsg[] = $msg;
  143. }
  144. ?>
  145. <?php
  146. if (count($safeMsg) > 0) {
  147. ?>
  148. <div class="alert alert-danger" role="alert">
  149. <?php
  150. $i = 1;
  151. foreach ($safeMsg as $key => $val) {
  152. ?>
  153. <div class="py-1">
  154. <font color="black"><?php echo $i; ?>.</font><?php echo $val; ?>
  155. </div>
  156. <?php
  157. $i++;
  158. }
  159. ?>
  160. </div>
  161. <?php
  162. }
  163. ?>