DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
110MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/dede/testenv.php

398 lines
14KB
Raw Blame History 

  1. <?php

  2. @set_time_limit(0);

  3. /**

  4.  * 系统运行环境检测

  5.  *

  6.  * @version        $Id: testenv.php 13:57 2011/11/10 tianya $

  7.  * @package        DedeBIZ.Administrator

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__) . "/config.php");

  13. CheckPurview('sys_Edit');

  14. $action = isset($action) ? $action : '';

  15. ?>

  16. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

  17. <html xmlns="http://www.w3.org/1999/xhtml">

  18. 

  19. <head>

  20. 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $GLOBALS['cfg_soft_lang']; ?>">

  21. 	<title>系统运行目录权限检测</title>

  22. 	<link rel="stylesheet" type="text/css" href="css/base.css" />

  23. 	<link rel="stylesheet" type="text/css" href="css/indexbody.css" />

  24. 	<script type="text/javascript" src="../static/js/jquery.js"></script>

  25. </head>

  26. 

  27. <body leftmargin="8" topmargin='8' bgcolor="#FFFFFF" style="min-width:840px">

  28. 	<?php

  29. 	if (!function_exists('TestWriteable')) {

  30. 		// 检测是否可写

  31. 		function TestWriteable($d, $c = TRUE)

  32. 		{

  33. 			$tfile = '_write_able.txt';

  34. 			$d = preg_replace("/\/$/", '', $d);

  35. 			$fp = @fopen($d . '/' . $tfile, 'w');

  36. 			if (!$fp) {

  37. 				if ($c == false) {

  38. 					@chmod($d, 0777);

  39. 					return false;

  40. 				} else return TestWriteable($d, true);

  41. 			} else {

  42. 				fclose($fp);

  43. 				return @unlink($d . '/' . $tfile) ? true : false;

  44. 			}

  45. 		}

  46. 	}

  47. 

  48. 	if (!function_exists('TestExecuteable')) {

  49. 		// 检查是否具目录可执行

  50. 		function TestExecuteable($d = '.', $siteuRL = '', $rootDir = '')

  51. 		{

  52. 			$testStr = '<' . chr(0x3F) . 'p' . chr(hexdec(68)) . chr(112) . "\n\r";

  53. 			$filename = md5($d) . '.php';

  54. 			$testStr .= 'function test(){ echo md5(\'' . $d . '\');}' . "\n\rtest();\n\r";

  55. 			$testStr .= chr(0x3F) . '>';

  56. 			$reval = false;

  57. 			if (empty($rootDir)) $rootDir = DEDEROOT;

  58. 			if (TestWriteable($d)) {

  59. 				@file_put_contents($d . '/' . $filename, $testStr);

  60. 				$remoteUrl = $siteuRL . '/' . str_replace($rootDir, '', str_replace("\\", '/', realpath($d))) . '/' . $filename;

  61. 				$tempStr = @PostHost($remoteUrl);

  62. 

  63. 				$reval = (md5($d) == trim($tempStr)) ? true : false;

  64. 				unlink($d . '/' . $filename);

  65. 				return $reval;

  66. 			} else {

  67. 				return -1;

  68. 			}

  69. 		}

  70. 	}

  71. 

  72. 

  73. 	if (!function_exists('PostHost')) {

  74. 		function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)

  75. 		{

  76. 			$parse = @parse_url($host);

  77. 			if (empty($parse)) return false;

  78. 			if ((int)$port > 0) {

  79. 				$parse['port'] = $port;

  80. 			} elseif (!@$parse['port']) {

  81. 				$parse['port'] = '80';

  82. 			}

  83. 			$parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://") . $parse['host'];

  84. 			if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {

  85. 				return false;

  86. 			}

  87. 			$method = strtoupper($method);

  88. 			$wlength = $wdata = $responseText = '';

  89. 			$parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path']) . "?" . @$parse['query'];

  90. 			if ($method == 'GET') {

  91. 				$separator = @$parse['query'] ? '&' : '';

  92. 				substr($data, 0, 1) == '&' && $data = substr($data, 1);

  93. 				$parse['path'] .= $separator . $data;

  94. 			} elseif ($method == 'POST') {

  95. 				$wlength = "Content-length: " . strlen($data) . "\r\n";

  96. 				$wdata = $data;

  97. 			}

  98. 			$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";

  99. 			@fwrite($fp, $write);

  100. 			while ($data = @fread($fp, 4096)) {

  101. 				$responseText .= $data;

  102. 			}

  103. 			@fclose($fp);

  104. 			empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");

  105. 			return $responseText;

  106. 		}

  107. 	}

  108. 

  109. 	$allPath = array();

  110. 	$needDir = "$cfg_medias_dir|

  111. 	$cfg_image_dir|

  112. 	$ddcfg_image_dir|

  113. 	$cfg_user_dir|

  114. 	$cfg_soft_dir|

  115. 	$cfg_other_medias|

  116. 	$cfg_medias_dir/flink|

  117. 	$cfg_cmspath/data|

  118. 	$cfg_cmspath/data/$cfg_backup_dir|

  119. 	$cfg_cmspath/data/textdata|

  120. 	$cfg_cmspath/data/sessions|

  121. 	$cfg_cmspath/data/tplcache|

  122. 	$cfg_cmspath/data/admin|

  123. 	$cfg_cmspath/data/enums|

  124. 	$cfg_cmspath/data/mark|

  125. 	$cfg_cmspath/data/module|

  126. 	$cfg_cmspath/data/rss|

  127. 	$cfg_special|

  128. 	$cfg_cmspath$cfg_arcdir";

  129. 	$needDir = explode('|', $needDir);

  130. 	foreach ($needDir as $key => $val) {

  131. 		$allPath[trim($val)] = array(

  132. 			'read' => true,    // 读取

  133. 			'write' => true,   // 写入

  134. 			'execute' => false // 执行

  135. 		);

  136. 	}

  137. 

  138. 

  139. 	// 所有栏目目录

  140. 	$sql = "SELECT typedir FROM #@__arctype ORDER BY id DESC";

  141. 	$dsql->SetQuery($sql);

  142. 	$dsql->Execute('al', $sql);

  143. 	while ($row = $dsql->GetArray('al')) {

  144. 		$typedir = str_replace($cfg_basehost, '', $row['typedir']);

  145. 		if (preg_match("/^http:|^ftp:/i", $row['typedir'])) continue;

  146. 		$typedir = str_replace("{cmspath}", $cfg_cmspath, $row['typedir']);

  147. 		$allPath[trim($typedir)] = array(

  148. 			'read' => true,    // 读取

  149. 			'write' => true,   // 写入

  150. 			'execute' => false // 执行

  151. 		);

  152. 	}

  153. 

  154. 	// 只允许读取,不允许写入的目录

  155. 	$needDir = array(

  156. 		'include',

  157. 		'member',

  158. 		'plus',

  159. 	);

  160. 	// 获取子目录

  161. 	function GetSondir($d, &$dirname = array())

  162. 	{

  163. 		$dh = dir($d);

  164. 		while ($filename = $dh->read()) {

  165. 			if (

  166. 				substr($filename, 0, 1) == '.' || is_file($d . '/' . $filename) ||

  167. 				preg_match("#^(svn|bak-)#i", $filename)

  168. 			) {

  169. 				continue;

  170. 			}

  171. 			if (is_dir($d . '/' . $filename)) {

  172. 				$dirname[] = $d . '/' . $filename;

  173. 				GetSondir($d . '/' . $filename, $dirname);

  174. 			}

  175. 		}

  176. 		$dh->close();

  177. 		return $dirname;

  178. 	}

  179. 

  180. 	//获取所有文件列表

  181. 	function preg_ls($path = ".", $rec = FALSE, $pat = "/.*/", $ignoredir = '')

  182. 	{

  183. 		while (substr($path, -1, 1) == "/") {

  184. 			$path = substr($path, 0, -1);

  185. 		}

  186. 		if (!is_dir($path)) {

  187. 			$path = dirname($path);

  188. 		}

  189. 		if ($rec !== TRUE) {

  190. 			$rec = FALSE;

  191. 		}

  192. 		$d = dir($path);

  193. 		$ret = array();

  194. 		while (FALSE !== ($e = $d->read())) {

  195. 			if (($e == ".") || ($e == "..")) {

  196. 				continue;

  197. 			}

  198. 			if ($rec && is_dir($path . "/" . $e) && ($ignoredir == '' || strpos($ignoredir, $e) === FALSE)) {

  199. 				$ret = array_merge($ret, preg_ls($path . "/" . $e, $rec, $pat, $ignoredir));

  200. 				continue;

  201. 			}

  202. 			if (!preg_match($pat, $e)) {

  203. 				continue;

  204. 			}

  205. 			$ret[] = $path . "/" . $e;

  206. 		}

  207. 		return (empty($ret) && preg_match($pat, basename($path))) ? array($path . "/") : $ret;

  208. 	}

  209. 

  210. 	foreach ($needDir as $key => $val) {

  211. 		$allPath[trim('/' . $val)] = array(

  212. 			'read' => true,    // 读取

  213. 			'write' => false,   // 写入

  214. 			'execute' => true // 执行

  215. 		);

  216. 		$sonDir = GetSondir(DEDEROOT . '/' . $val);

  217. 		foreach ($sonDir as $kk => $vv) {

  218. 			$vv = trim(str_replace(DEDEROOT, '', $vv));

  219. 			$allPath[$vv] = array(

  220. 				'read' => true,    // 读取

  221. 				'write' => false,   // 写入

  222. 				'execute' => true // 执行

  223. 			);

  224. 		}

  225. 	}

  226. 

  227. 	// 不需要执行的

  228. 	$needDir = array(

  229. 		'/images',

  230. 		'/templets'

  231. 	);

  232. 	foreach ($needDir as $key => $val) {

  233. 		$allPath[trim('/' . $val)] = array(

  234. 			'read' => true,    // 读取

  235. 			'write' => false,   // 写入

  236. 			'execute' => false // 执行

  237. 		);

  238. 		$sonDir = GetSondir(DEDEROOT . '/' . $val);

  239. 		foreach ($sonDir as $kk => $vv) {

  240. 			$vv = trim(str_replace(DEDEROOT . '/', '', $vv));

  241. 			$allPath[$vv] = array(

  242. 				'read' => true,    // 读取

  243. 				'write' => false,   // 写入

  244. 				'execute' => false // 执行

  245. 			);

  246. 		}

  247. 	}

  248. 

  249. 	// 所有js建议只读

  250. 	$jsDir = array(

  251. 		'/images',

  252. 		'/templets',

  253. 		'/include'

  254. 	);

  255. 	foreach ($jsDir as $k => $v) {

  256. 		$jsfiles = preg_ls(DEDEROOT . $v, TRUE, "/.*\.(js)$/i");

  257. 		foreach ($jsfiles as $k => $v) {

  258. 			$vv = trim(str_replace(DEDEROOT . '/', '/', $v));

  259. 			$allPath[$vv] = array(

  260. 				'read' => true,    // 读取

  261. 				'write' => false,   // 写入

  262. 				'execute' => false // 执行

  263. 			);

  264. 		}

  265. 	}

  266. 	?>

  267. 	<div id="safemsg">

  268. 		<dl style="margin-left:0.5%;margin-right:0.5%; width:97%" id="item1" class="dbox">

  269. 			<dt class="lside"><span class="l" style="float:left">系统运行目录权限检测</span><span style="float:right; margin-right:20px"><a href="index_body.php">返回主页</a></span><span style="float:right; margin-right:20px"><a href="https://www.dedebiz.com/help" target="_blank">帮助说明</a></span></dt>

  270. 			<dd>

  271. 				<div style="padding:10px"> 说明:本程序用于检测DedeCMSV6站点所涉及的目录权限,并且提供一个全面的检测说明,您可以根据检测报告来配置站点以保证站点更为安全。</div>

  272. 				<div id="tableHeader" style="margin-left:10px">

  273. 					<table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  274. 						<thead>

  275. 							<tr>

  276. 								<td width="40%" height="25" align="center" bgcolor="#E3F1D1">目录</td>

  277. 								<td width="20%" height="25" align="center" bgcolor="#E3F1D1">执行</td>

  278. 								<td width="20%" height="25" align="center" bgcolor="#E3F1D1">读取</td>

  279. 								<td width="20%" height="25" align="center" bgcolor="#E3F1D1">写入</td>

  280. 							</tr>

  281. 						</thead>

  282. 					</table>

  283. 				</div>

  284. 				<div id="safelist" style="margin-left:10px">

  285. 					<div class="install" id="log" style="height: 260px; overflow: auto;">

  286. 						<table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  287. 							<tbody id="mainList">

  288. 							</tbody>

  289. 						</table>

  290. 					</div>

  291. 				</div>

  292. 			</dd>

  293. 		</dl>

  294. 	</div>

  295. 	<div style="margin: 0 auto; width:200px"><a href="javascript:startScan();"><img src="images/btn_scan.gif" width="154" height="46" /></a></div>

  296. 	<script type="text/javascript">

  297. 		$ = jQuery;

  298. 		var log = "<?php

  299. 					foreach ($allPath as $key => $val) {

  300. 						if (is_dir(DEDEROOT . $key)) {

  301. 					?><?php echo $key; ?>|<?php

  302. 											$rs = TestExecuteable(DEDEROOT . $key, $cfg_basehost, $cfg_cmspath);

  303. 

  304. 											if ($rs === -1) {

  305. 												echo "<font color='red'>无法判断</font>";

  306. 											} else {

  307. 												if ($val['execute'] == true)

  308. 													echo $rs != $val['execute'] ? "<font color='red'>错误(不可执行)</font>" : "<font color='green'>正常(可执行)</font>";

  309. 												else

  310. 													echo $rs != $val['execute'] ? "<font color='red'>错误(可执行)</font>" : "<font color='green'>正常(不可执行)</font>";

  311. 											}

  312. 											?>|<?php

  313. 												if ($val['read'] == true)

  314. 													echo is_readable(DEDEROOT . $key) != $val['read'] ? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";

  315. 												else

  316. 													echo is_readable(DEDEROOT . $key) != $val['read'] ? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";

  317. 												?>|<?php

  318. 												if ($val['write'] == true)

  319. 													echo TestWriteable(DEDEROOT . $key) != $val['write'] ? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";

  320. 												else

  321. 													echo TestWriteable(DEDEROOT . $key) != $val['write'] ? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";

  322. 												?><dedecms><?php

  323. 										} else {

  324. 											?><?php echo $key; ?>|无需判断|<?php

  325. 																if ($val['read'] == true)

  326. 																	echo is_readable(DEDEROOT . $key) != $val['read'] ? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";

  327. 																else

  328. 																	echo is_readable(DEDEROOT . $key) != $val['read'] ? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";

  329. 																?>|<?php

  330. 																	if ($val['write'] == true)

  331. 																		echo is_writable(DEDEROOT . $key) != $val['write'] ? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";

  332. 																	else

  333. 																		echo is_writable(DEDEROOT . $key) != $val['write'] ? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";

  334. 																	?><dedecms><?php

  335. 															}

  336. 														}

  337. 																?>";

  338. 		var n = 0;

  339. 		var timer = 0;

  340. 		log = log.split('<dedecms>');

  341. 

  342. 		function GoPlay() {

  343. 			if (n > log.length - 1) {

  344. 				n = -1;

  345. 				clearIntervals();

  346. 			}

  347. 			if (n > -1) {

  348. 				postcheck(n);

  349. 				n++;

  350. 			}

  351. 		}

  352. 

  353. 		function postcheck(n) {

  354. 			var item = log[n];

  355. 			item = item.split('|');

  356. 

  357. 			document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  358. 			if (item == '') {

  359. 				return false;

  360. 			}

  361. 			var tempvar = '<tr>\r				        <td width="40%" height="23" bgcolor="#FFFFFF">' + item[0] + '</td>\r		            <td width="20%" height="23" align="center" bgcolor="#FEF7C5">' + item[1] + '</td>\r				        <td width="20%" height="23" align="center" bgcolor="#FFFFFF">\r						' + item[2] + '</td>\r				        <td width="20%" height="23" align="center" bgcolor="#FFFFFF">\r						' + item[3] + '</td>\r			      </tr>  ';

  362. 

  363. 			//chiledelem.innerHTML = tempvar;

  364. 			//document.getElementById("mainList").appendChild(chiledelem);

  365. 			$("#mainList").append(tempvar);

  366. 			document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  367. 		}

  368. 

  369. 		function setIntervals() {

  370. 			timer = setInterval('GoPlay()', 50);

  371. 		}

  372. 

  373. 		function clearIntervals() {

  374. 			clearInterval(timer);

  375. 			//document.getElementById('install').submit();

  376. 			alert('全部检测完毕,您可以按照检测结果进行系统权限调整!');

  377. 		}

  378. 		//setTimeout(setIntervals, 100);

  379. 

  380. 

  381. 		function changeHeight() {

  382. 			var newheight = $(window).height() - 170;

  383. 			$("#safelist").css('height', newheight + 'px');

  384. 			var logheight = newheight;

  385. 			$("#log").css('height', logheight + 'px');

  386. 		}

  387. 		// 开始检测

  388. 		function startScan() {

  389. 			setTimeout(setIntervals, 100);

  390. 		}

  391. 		$.ready = function() {

  392. 			changeHeight();

  393. 			$(window).resize(function() {

  394. 				changeHeight();

  395. 			});

  396. 		};

  397. 	</script>

  398. </body>