DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
193 Commits
3 Branches
110MB
Tree: fe23cd45e0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fe23cd45e0'
${ noResults }
DedeV6/src/dede/sys_verifies.php

470 lines
14KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 系统文件校验

  4.  *

  5.  * @version        $Id: sys_verifies.php 1 23:07 2010年7月20日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__)."/config.php");

  12. CheckPurview('sys_Edit');

  13. @set_time_limit(0);

  14. require(DEDEINC.'/dedehttpdown.class.php');

  15. 

  16. $action = isset($action) ? trim($action) : '';

  17. 

  18. //当前软件版本锁定文件

  19. $verLockFile = DEDEDATA.'/admin/ver.txt';

  20. //当前软件指纹码锁定文件

  21. $verifiesLockFile = DEDEDATA.'/admin/verifies.txt';

  22. 

  23. $fp = fopen($verLockFile,'r');

  24. $upTime = trim(fread($fp,64));

  25. fclose($fp);

  26. 

  27. $updateTime = substr($upTime,0,4).'-'.substr($upTime,4,2).'-'.substr($upTime,6,2);

  28. $verifiesTime = "未同步过指纹码";

  29. if(file_exists($verifiesLockFile))

  30. {

  31.     $fp = fopen($verifiesLockFile,'r');

  32.     $upTime = trim(fread($fp,64));

  33.     fclose($fp);

  34.     $verifiesTime = substr($upTime,0,4).'-'.substr($upTime,4,2).'-'.substr($upTime,6,2);

  35. }

  36. 

  37. $tmpdir = substr(md5($cfg_cookie_encode),0,16);

  38. 

  39. 

  40. //重定义file_get_contents来兼容不支持此函数的PHP

  41. //因为有个别地方用fgets读文件生成校验码不兼容

  42. if(!function_exists('file_get_contents'))

  43. {

  44.     function file_get_contents($fname)

  45.     {

  46.         if(!file_exists($fname) || is_dir($fname))

  47.         {

  48.             return '';

  49.         }

  50.         else

  51.         {

  52.             $fp = fopen($fname, 'r');

  53.             $ct = fread($fp, filesize($fname));

  54.             fclose($fp);

  55.             return $ct;

  56.         }

  57.     }

  58. }

  59. 

  60. if($action == '')

  61. {

  62.     include(DEDEADMIN.'/templets/sys_verifies.htm');

  63.     exit();

  64. }

  65. /*----------------

  66. 校验文件

  67. function _verify() { }

  68. ----------------*/

  69. else if($action == 'verify')

  70. {

  71.     $dsql->SetQuery("SELECT * FROM `#@__verifies` ");

  72.     $dsql->Execute();

  73.     $filelist = array();

  74.     while($row = $dsql->GetArray())

  75.     {

  76.         $turefile = str_replace('../dede', '.', $row['filename']);

  77.         //跳过不存在的文件

  78.         if(!file_exists($turefile)) {

  79.             continue;

  80.         }

  81.         if( filesize($turefile)==0 ) {

  82.             continue;

  83.         }

  84.         $ct = file_get_contents($turefile);

  85.         $ct = preg_replace("/\/\*\*[\r\n]{1,}(.*)[\r\n]{1,} \*\//sU", '', $ct);

  86.         $cthash = md5($ct);

  87.         if($cthash != $row['cthash']) 

  88.         {

  89.             $row['localhash'] = $cthash;

  90.             $row['mtime'] = MyDate('Y-m-d H:i:s', filemtime($turefile));

  91.             $row['turefile'] = $turefile;

  92.             $filelist[] = $row;

  93.         }

  94.     }

  95.     if(!isset($filelist[0]))

  96.     {

  97.         ShowMsg("所有文件都通过效验证,核心文件没有被改动过!","sys_verifies.php");

  98.     }

  99.     else

  100.     {

  101.         include(DEDEADMIN.'/templets/sys_verifies_verify.htm');

  102.     }

  103.     exit();

  104. }

  105. /*--------------------

  106. 查看单个本地文件

  107. function _view() { }

  108. ----------------------*/

  109. else if ($action == 'view')

  110. {

  111.     require_once(DEDEINC."/oxwindow.class.php");

  112.     

  113.     $filetxt = '';

  114.     if( !preg_match("#data(.*)common.inc.php#i", $filename) )

  115.     {

  116.         $fp = fopen($filename, 'r');

  117.         $filetxt = fread($fp, filesize($filename));

  118.         fclose($fp);

  119.     }

  120.     

  121.     $filetxt = str_replace('textarea', '!textarea', $filetxt);

  122.     

  123.     $wintitle = "文件效验::查看文件";

  124.     $wecome_info = "<a href='sys_verifies.php'><u>文件效验</u></a>::查看文件";

  125.     $win = new OxWindow();

  126.     $win->Init();

  127.     $win->AddTitle("以下为文件 $filename 的内容,请检查是否可疑:");

  128.     $winform = $win->GetWindow("hand","<textarea name='filetxt' style='width:100%;height:450px;word-wrap: break-word;word-break:break-all;'>".$filetxt."</textarea>");

  129.     $win->Display();

  130.     exit();

  131. }

  132. /*-----------------

  133. 管理指纹码

  134. function _manage() { }

  135. -------------------*/

  136. else if ($action == 'manage')

  137. {

  138.     $dsql->SetQuery("SELECT * FROM `#@__verifies` ");

  139.     $dsql->Execute();

  140.     $filelist = array();

  141.     while($row = $dsql->GetArray())

  142.     {

  143.         $filelist[] = $row;

  144.     }

  145.     include(DEDEADMIN.'/templets/sys_verifies_manage.htm');

  146.     exit();

  147. }

  148. /*-----------------------

  149. 下载文件

  150. function _getfiles()

  151. ------------------------*/

  152. else if ($action == 'getfiles')

  153. {

  154.     if(!isset($refiles))

  155.     {

  156.         ShowMsg("你没进行任何操作!","sys_verifies.php");

  157.         exit();

  158.     }

  159.     $cacheFiles = DEDEDATA.'/modifytmp.inc';

  160.     $fp = fopen($cacheFiles, 'w');

  161.     fwrite($fp, '<'.'?php'."\r\n");

  162.     fwrite($fp, '$tmpdir = "'.$tmpdir.'";'."\r\n");

  163.     $dirs = array();

  164.     $i = -1;

  165.     $adminDir = preg_replace("#(.*)[\/\\\\]#", "", dirname(__FILE__));

  166.     foreach($refiles as $filename)

  167.     {

  168.         $filename = substr($filename,3,strlen($filename)-3);

  169.         if(preg_match("#^dede/#i", $filename)) 

  170.         {

  171.             $curdir = GetDirName( preg_replace("#^dede/#i", $adminDir.'/', $filename) );

  172.         } else {

  173.             $curdir = GetDirName($filename);

  174.         }

  175.         if( !isset($dirs[$curdir]) ) 

  176.         {

  177.             $dirs[$curdir] = TestIsFileDir($curdir);

  178.         }

  179.         $i++;

  180.         fwrite($fp, '$files['.$i.'] = "'.$filename.'";'."\r\n");

  181.     }

  182.     fwrite($fp, '$fileConut = '.$i.';'."\r\n");

  183.     fwrite($fp, '?'.'>');

  184.     fclose($fp);

  185.     

  186.     $dirinfos = '';

  187.     if($i > -1)

  188.     {

  189.         $dirinfos = '<tr bgcolor="#ffffff"><td colspan="2">';

  190.         $dirinfos .= "本次升级需要在下面文件夹写入更新文件,请注意文件夹是否有写入权限:<br />\r\n";

  191.         foreach($dirs as $curdir)

  192.         {

  193.             $dirinfos .= $curdir['name']." 状态:".($curdir['writeable'] ? "[√正常]" : "<font color='red'>[×不可写]</font>")."<br />\r\n";

  194.         }

  195.         $dirinfos .= "</td></tr>\r\n";

  196.     }

  197.         

  198.     $doneStr = "<iframe name='stafrm' src='sys_verifies.php?action=down&curfile=0' frameborder='0' id='stafrm' width='100%' height='100%'></iframe>\r\n";

  199.     

  200.     include(DEDEADMIN.'/templets/sys_verifies_getfiles.htm');

  201.     

  202.     exit();

  203. }

  204. /*-----------------------

  205. 下载文件

  206. function _down()

  207. ------------------------*/

  208. else if($action=='down')

  209. {

  210.     $cacheFiles = DEDEDATA.'/modifytmp.inc';

  211.     require_once($cacheFiles);

  212.     

  213.     if($fileConut==-1 || $curfile > $fileConut)

  214.     {

  215.         ShowMsg("已下载所有文件<br /><a href='sys_verifies.php?action=apply'>[直接替换文件]</a> &nbsp; <a href='#'>[我自己手动替换文件]</a>","javascript:;");

  216.         exit();

  217.     }

  218.     

  219.     //检查临时文件保存目录是否可用

  220.     MkTmpDir($tmpdir, $files[$curfile]);

  221.         

  222.     $downfile = UPDATEHOST.$cfg_soft_lang.'/source/'.$files[$curfile];

  223.         

  224.     $dhd = new DedeHttpDown();

  225.     $dhd->OpenUrl($downfile);

  226.     $dhd->SaveToBin(DEDEDATA.'/'.$tmpdir.'/'.$files[$curfile]);

  227.     $dhd->Close();

  228.         

  229.     ShowMsg("成功下载文件:{$files[$curfile]}; 继续下载下一个文件。","sys_verifies.php?action=down&curfile=".($curfile+1));

  230.     exit();

  231. }

  232. /*-----------------------

  233. 修改效验方式

  234. function _modify()

  235. ------------------------*/

  236. else if($action=='modify')

  237. {

  238.     if(!isset($modifys))

  239.     {

  240.         ShowMsg("没选定要修改的文件!","-1");

  241.         exit();

  242.     }

  243.     else

  244.     {

  245.         foreach($modifys as $fname)

  246.         {

  247.             if($method=='local')

  248.             {

  249.                 $tureFilename = str_replace('../dede','./',$fname);

  250.                 if(file_exists($tureFilename))

  251.                 {

  252.                     $fp = fopen($tureFilename,'r');

  253.                     $ct = fread($fp,filesize($tureFilename));

  254.                     fclose($fp);

  255.                     $cthash = md5($ct);

  256.                     $dsql->ExecuteNoneQuery("UPDATE `#@__verifies` SET `method`='local',cthash='$cthash' WHERE filename='$fname' ");

  257.                 }

  258.             }

  259.             else

  260.             {

  261.                 $dsql->ExecuteNoneQuery("UPDATE `#@__verifies` SET `method`='offical' WHERE filename='$fname' ");

  262.             }

  263.         }

  264.     }

  265.     if($method=='local')

  266.     {

  267.         ShowMsg("成功修改指定文件的验证方式!","sys_verifies.php?action=manage");

  268.     }

  269.     else

  270.     {

  271.         ShowMsg("成功修改指定文件的验证方式!<br /> 由于你修改了文件为远程验证方式,因此需进行更新操作<br /> <a href='sys_verifies.php?action=update'>[更新]</a> &nbsp; <a href='sys_verifies.php?action=manage'>[返回]</a>","javascript:;");

  272.     }

  273.     exit();

  274. }

  275. /*-----------------------

  276. 还原文件

  277. function _applyRecover()

  278. ------------------------*/

  279. else if ($action == 'apply')

  280. {

  281.     $cacheFiles = DEDEDATA.'/modifytmp.inc';

  282.     require_once($cacheFiles);

  283.     $sDir = DEDEDATA."/$tmpdir";

  284.     $tDir = DEDEROOT;

  285.         

  286.     $badcp = 0;

  287.     $adminDir = preg_replace("#(.*)[\/\\\\]#", "", dirname(__FILE__));

  288.         

  289.     if(isset($files) && is_array($files))

  290.     {

  291.         foreach($files as $f)

  292.         {

  293.             if(preg_match("#^dede#", $f)) $tf = preg_replace("#^dede#", $adminDir, $f);

  294.             else $tf = $f;

  295. 

  296.             if(file_exists($sDir.'/'.$f))

  297.             {

  298.                 //还原文件前先进行文件效验

  299.                 $ct = file_get_contents($sDir.'/'.$f);

  300.                 $ct = preg_replace("/\/\*\*[\r\n]{1,}(.*)[\r\n]{1,} \*\//sU", '', $ct);

  301.                 $newhash = md5($ct);

  302.                 $row = $dsql->GetOne("SELECT * FROM `#@__verifies` WHERE filename='../{$f}' ");

  303.                 if(is_array($row) && $row['cthash'] != $newhash)

  304.                 {

  305.                     $badcp++;

  306.                 } else {

  307.                     $rs = @copy($sDir.'/'.$f, $tDir.'/'.$tf);

  308.                     if($rs) unlink($sDir.'/'.$f);

  309.                     else $badcp++;

  310.                 }

  311.             }

  312.         }

  313.     }

  314. 

  315.     $badmsg = '!';

  316.     if($badcp > 0)

  317.     {

  318.         $badmsg = ",其 {$badcp} 个文件效验码不正确或复制失败,<br />请从临时目录[../data/{$tmpdir}]中取出这几个文件手动还原。";

  319.     }

  320. 

  321.     ShowMsg("成功完成还原指定文件{$badmsg}", "javascript:;");

  322.     exit();

  323. }

  324. /*---------------

  325. 在线更新指纹码

  326. function _update()

  327. -----------------*/

  328. else if($action == 'update')

  329. {

  330.     $rmFile = UPDATEHOST.$cfg_soft_lang.'/verifys.txt';

  331.     $dhd = new DedeHttpDown();

  332.     $dhd->OpenUrl($rmFile);

  333.     $ct = $dhd->GetHtml();

  334.     $dhd->Close();

  335.     $cts = split("[\r\n]{1,}",$ct);

  336.     foreach($cts as $ct)

  337.     {

  338.         $ct = trim($ct);

  339.         if(empty($ct)) continue;

  340.         list($nameid, $cthash, $fname) = explode("\t", $ct);

  341.         $row = $dsql->GetOne("SELECT * FROM `#@__verifies` WHERE nameid='$nameid' ");

  342.         if(!is_array($row) || ($row['method']=='official' && $row['cthash']!=$cthash ))

  343.         {

  344.             $dsql->ExecuteNoneQuery("REPLACE INTO `#@__verifies`(nameid,cthash,method,filename) VALUES ('$nameid','$cthash','official','$fname'); ");

  345.         }

  346.     }

  347.     $fp = fopen($verifiesLockFile,'w');

  348.     fwrite($fp, MyDate('Ymd',time()));

  349.     fclose($fp);

  350.     ShowMsg("完成效验码更新,是否马上进行效验操作?<br /> <a href='sys_verifies.php?action=verify'>[开始效验]</a> &nbsp; <a href='sys_verifies.php?action=manage'>[管理]</a> &nbsp; <a href='sys_verifies.php'>[返回]</a>","javascript:;");

  351.     exit();

  352. }

  353. /*-----------------

  354. 生成指纹码

  355. function _make() { }

  356. -------------------*/

  357. else if ($action == 'make')

  358. {

  359.     $fp = fopen(DEDEROOT.'/../verifys.txt','w');

  360.     foreach (preg_ls ('../', TRUE, "/.*\.(php|htm|html|js)$/i", 'CVS,data,html,uploads,templets,special') as $onefile)

  361.     {

  362.         $nameid = md5($onefile);

  363.         $ctbody = file_get_contents(DEDEADMIN.'/'.$onefile);

  364.         $ctbody = preg_replace("/\/\*\*[\r\n]{1,}(.*)[\r\n]{1,} \*\//sU", '', $ctbody);

  365.         $cthash = md5($ctbody);

  366.         fwrite($fp,"{$nameid}\t{$cthash}\t{$onefile}\r\n");

  367.     }

  368.     fclose($fp);

  369.     ShowMsg("操作成功!","sys_verifies.php");

  370.     exit();

  371. }

  372. 

  373. //获取所有文件列表

  374. function preg_ls($path=".", $rec=FALSE, $pat="/.*/", $ignoredir='')

  375. {

  376.     while (substr ($path,-1,1) =="/")

  377.     {

  378.         $path=substr ($path,0,-1);

  379.     }

  380.     if (!is_dir ($path) )

  381.     {

  382.         $path=dirname ($path);

  383.     }

  384.     if ($rec!==TRUE)

  385.     {

  386.         $rec=FALSE;

  387.     }

  388.     $d=dir ($path);

  389.     $ret=Array ();

  390.     while (FALSE!== ($e=$d->read () ) )

  391.     {

  392.         if ( ($e==".") || ($e=="..") )

  393.         {

  394.             continue;

  395.         }

  396.         if ($rec && is_dir ($path."/".$e) && ($ignoredir == '' || strpos($ignoredir,$e ) === FALSE))

  397.         {

  398.             $ret = array_merge ($ret, preg_ls($path."/".$e, $rec, $pat, $ignoredir));

  399.             continue;

  400.         }

  401.         if (!preg_match ($pat, $e) )

  402.         {

  403.             continue;

  404.         }

  405.         $ret[] = $path."/".$e;

  406.     }

  407.     return (empty ($ret) && preg_match ($pat,basename($path))) ? Array ($path."/") : $ret;

  408. }

  409. 

  410. function TestWriteAble($d)

  411. {

  412.     $tfile = '_dedet.txt';

  413.     $fp = @fopen($d.$tfile, 'w');

  414.     if(!$fp) 

  415.     {

  416.         return FALSE;

  417.     }

  418.     else {

  419.         fclose($fp);

  420.         $rs = @unlink($d.'/'.$tfile);

  421.         return TRUE;

  422.     }

  423. }

  424. 

  425. function GetDirName($filename)

  426. {

  427.     $dirname = '../'.preg_replace("#[\\\\\/]{1,}#", '/', $filename);

  428.     $dirname = preg_replace("#([^\/]*)$#", '', $dirname);

  429.     return $dirname;

  430. }

  431. 

  432. function TestIsFileDir($dirname)

  433. {

  434.     $dirs = array('name'=>'','isdir'=>FALSE,'writeable'=>FALSE);

  435.     $dirs['name'] =  $dirname;

  436.     if(is_dir($dirname))

  437.     {

  438.         $dirs['isdir'] = TRUE;

  439.         $dirs['writeable'] = TestWriteAble($dirname);

  440.     }

  441.     return $dirs;

  442. }

  443. 

  444. function MkTmpDir($tmpdir,$filename)

  445. {

  446.     $basedir = DEDEDATA.'/'.$tmpdir;

  447.     $dirname = trim(preg_replace("#[\\\\\/]{1,}#", '/', $filename));

  448.     $dirname = preg_replace("#([^\/]*)$#", "", $dirname);

  449.     if(!is_dir($basedir)) 

  450.     {

  451.         mkdir($basedir, 0777);

  452.     }

  453.     if($dirname=='') 

  454.     {

  455.         return TRUE;

  456.     }

  457.     $dirs = explode('/', $dirname);

  458.     $curdir = $basedir;

  459.     foreach($dirs as $d)

  460.     {

  461.         $d = trim($d);

  462.         if(empty($d)) continue;

  463.         $curdir = $curdir.'/'.$d;

  464.         if(!is_dir($curdir)) 

  465.         {

  466.             mkdir($curdir,0777) or die($curdir);

  467.         }

  468.     }

  469.     return TRUE;

  470. }