国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

254 lines
9.5KB

  1. <?php
  2. /**
  3. * @version $Id: config.php 1 8:38 2010年7月9日Z tianya $
  4. * @package DedeCMS.Member
  5. * @copyright Copyright (c) 2020, DedeBIZ.COM
  6. * @license https://www.dedebiz.com/license
  7. * @link https://www.dedebiz.com
  8. */
  9. //针对会员中心操作进行XSS过滤
  10. function XSSClean($val) {
  11. global $cfg_soft_lang;
  12. if($cfg_soft_lang=='gb2312') gb2utf8($val);
  13. if (is_array($val))
  14. {
  15. // while (list($key) = each($val))
  16. foreach ($val as $key => $value)
  17. {
  18. if(in_array($key,array('tags','body','dede_fields','dede_addonfields','dopost','introduce'))) continue;
  19. $val[$key] = XSSClean($val[$key]);
  20. }
  21. return $val;
  22. }
  23. $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
  24. $search = 'abcdefghijklmnopqrstuvwxyz';
  25. $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  26. $search .= '1234567890!@#$%^&*()';
  27. $search .= '~`";:?+/={}[]-_|\'\\';
  28. for ($i = 0; $i < strlen($search); $i++) {
  29. $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
  30. $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
  31. }
  32. $val = str_replace("`","‘",$val);
  33. $val = str_replace("'","‘",$val);
  34. $val = str_replace("\"","“",$val);
  35. $val = str_replace(",",",",$val);
  36. $val = str_replace("(","(",$val);
  37. $val = str_replace(")",")",$val);
  38. $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
  39. $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
  40. $ra = array_merge($ra1, $ra2);
  41. $found = true;
  42. while ($found == true) {
  43. $val_before = $val;
  44. for ($i = 0; $i < sizeof($ra); $i++) {
  45. $pattern = '/';
  46. for ($j = 0; $j < strlen($ra[$i]); $j++) {
  47. if ($j > 0) {
  48. $pattern .= '(';
  49. $pattern .= '(&#[xX]0{0,8}([9ab]);)';
  50. $pattern .= '|';
  51. $pattern .= '|(&#0{0,8}([9|10|13]);)';
  52. $pattern .= ')*';
  53. }
  54. $pattern .= $ra[$i][$j];
  55. }
  56. $pattern .= '/i';
  57. $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
  58. $val = preg_replace($pattern, $replacement, $val);
  59. if ($val_before == $val) {
  60. $found = false;
  61. }
  62. }
  63. }
  64. if($cfg_soft_lang=='gb2312') utf82gb($val);
  65. return $val;
  66. }
  67. $_GET = XSSClean($_GET);
  68. $_POST = XSSClean($_POST);
  69. $_REQUEST = XSSClean($_REQUEST);
  70. $_COOKIE = XSSClean($_COOKIE);
  71. require_once(dirname(__FILE__).'/../include/common.inc.php');
  72. require_once(DEDEINC.'/filter.inc.php');
  73. require_once(DEDEINC.'/memberlogin.class.php');
  74. require_once(DEDEINC.'/dedetemplate.class.php');
  75. // 检查CSRF
  76. function CheckCSRF()
  77. {
  78. $cc_csrf_token_check = GetCookie("dede_csrf_token");
  79. if (
  80. !(isset($_POST['_csrf_token'], $cc_csrf_token_check)
  81. && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)
  82. && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))
  83. ) {
  84. ShowMsg('CSRF校验失败,请刷新页面重新提交', '-1');
  85. exit();
  86. }
  87. DropCookie("dede_csrf_token");
  88. }
  89. // 生成CSRF校验token,在比较重要的表单中应该要加上这个token校验
  90. $cc_csrf_token = GetCookie("dede_csrf_token");
  91. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
  92. if (isset($cc_csrf_token) && is_string($cc_csrf_token)
  93. && preg_match('#^[0-9a-f]{32}$#iS',$cc_csrf_token) === 1
  94. ) {
  95. $GLOBALS['csrf_token'] = $cc_csrf_token;
  96. } else {
  97. $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));
  98. }
  99. }
  100. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
  101. PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');
  102. }
  103. //获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项
  104. $dedeNowurl = $s_scriptName = '';
  105. $dedeNowurl = GetCurUrl();
  106. $dedeNowurls = explode('?', $dedeNowurl);
  107. $s_scriptName = $dedeNowurls[0];
  108. $menutype = '';
  109. $menutype_son = '';
  110. $gourl = empty($gourl)? "" : RemoveXSS($gourl);
  111. //检查是否开放会员功能
  112. if($cfg_mb_open=='N')
  113. {
  114. if ( defined( 'AJAXLOGIN' ) )
  115. {
  116. if ($format === 'json') {
  117. echo json_encode(array(
  118. "code" => -1,
  119. "msg" => "系统关闭了会员功能,因此你无法访问此页面",
  120. "data" => null,
  121. ));
  122. exit;
  123. } else {
  124. die('');
  125. }
  126. } else {
  127. ShowMsg("系统关闭了会员功能,因此你无法访问此页面!","javascript:;");
  128. exit();
  129. }
  130. }
  131. $keeptime = isset($keeptime) && is_numeric($keeptime) ? $keeptime : -1;
  132. $cfg_ml = new MemberLogin($keeptime);
  133. //判断用户是否登录
  134. $myurl = '';
  135. if($cfg_ml->IsLogin())
  136. {
  137. $myurl = $cfg_memberurl."/index.php?uid=".urlencode($cfg_ml->M_LoginID);
  138. if(!preg_match("#^http[s]?:#i", $myurl)) $myurl = $cfg_basehost.$myurl;
  139. if ($cfg_ml->fields['face'] =="") {
  140. $cfg_ml->fields['face'] = $cfg_cmsurl."/static/img/avatar.png";
  141. }
  142. }
  143. /** 有没新短信 **/
  144. $pms = $dsql->GetOne("SELECT COUNT(*) AS nums FROM #@__member_pms WHERE toid='{$cfg_ml->M_ID}' AND `hasview`=0 AND folder = 'inbox'");
  145. /**
  146. * 检查用户是否有权限进行某个操作
  147. *
  148. * @param int $rank 权限值
  149. * @param int $money 金币
  150. * @param bool $needinfo 是否需要填写详细信息
  151. * @return void
  152. */
  153. function CheckRank($rank=0, $money=0, $needinfo=TRUE)
  154. {
  155. global $cfg_ml,$cfg_memberurl,$cfg_mb_spacesta;
  156. if(!$cfg_ml->IsLogin())
  157. {
  158. header("Location:{$cfg_memberurl}/login.php?gourl=".urlencode(GetCurUrl()));
  159. exit();
  160. }
  161. else
  162. {
  163. if($cfg_mb_spacesta == '-10')
  164. {
  165. //如果启用注册邮件验证
  166. if($cfg_ml->fields['spacesta'] == '-10')
  167. {
  168. $msg="您尚未进行邮件验证,请到邮箱查阅...</br>重新发送邮件验证 <a href='/member/index_do.php?fmdo=sendMail'><font color='red'>点击此处</font></a>";
  169. ShowMsg($msg,"-1",0,5000);
  170. exit;
  171. }
  172. }
  173. if($cfg_ml->M_Rank < $rank)
  174. {
  175. $needname = "";
  176. if($cfg_ml->M_Rank==0)
  177. {
  178. $row = $dsql->GetOne("SELECT membername FROM #@__arcrank WHERE rank='$rank'");
  179. $myname = "普通会员";
  180. $needname = $row['membername'];
  181. }
  182. else
  183. {
  184. $dsql->SetQuery("SELECT membername From #@__arcrank WHERE rank='$rank' OR rank='".$cfg_ml->M_Rank."' ORDER BY rank DESC");
  185. $dsql->Execute();
  186. $row = $dsql->GetObject();
  187. $needname = $row->membername;
  188. if($row = $dsql->GetObject())
  189. {
  190. $myname = $row->membername;
  191. }
  192. else
  193. {
  194. $myname = "普通会员";
  195. }
  196. }
  197. ShowMsg("对不起,需要:<span style='font-size:11pt;color:red'>$needname</span> 才能访问本页面。<br>你目前的等级是:<span style='font-size:11pt;color:red'>$myname</span> 。","-1",0,5000);
  198. exit();
  199. }
  200. else if($cfg_ml->M_Money < $money)
  201. {
  202. ShowMsg("对不起,需要花费金币:<span style='font-size:11pt;color:red'>$money</span> 才能访问本页面。<br>你目前拥有的金币是:<span style='font-size:11pt;color:red'>".$cfg_ml->M_Money."</span> 。","-1",0,5000);
  203. exit();
  204. }
  205. }
  206. }
  207. /**
  208. * 更新文档统计
  209. *
  210. * @access public
  211. * @param int $channelid 频道模型id
  212. * @return string
  213. */
  214. function countArchives($channelid)
  215. {
  216. global $cfg_ml,$dsql;
  217. $id = (int)$channelid;
  218. if($cfg_ml->IsLogin())
  219. {
  220. $channeltype = array(1 => 'article',2 => 'album',3 => 'soft',-8 => 'infos');
  221. if(isset($channeltype[$id]))
  222. {
  223. $_field = $channeltype[$id];
  224. }
  225. else
  226. {
  227. $_field = 'articles';
  228. }
  229. $row = $dsql->GetOne("SELECT COUNT(*) AS nums FROM #@__archives WHERE channel='$id' AND mid='".$cfg_ml->M_ID."'");
  230. $dsql->ExecuteNoneQuery("UPDATE #@__member_tj SET ".$_field."='".$row['nums']."' WHERE mid='".$cfg_ml->M_ID."'");
  231. }
  232. else
  233. {
  234. return FALSE;
  235. }
  236. }