';
$reval = false;
if (empty($rootDir)) $rootDir = DEDEROOT;
if (TestWriteable($d)) {
@file_put_contents($d.'/'.$filename, $testStr);
$remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/', realpath($d))).'/'.$filename;
$tempStr = @PostHost($remoteUrl);
$reval = (md5($d) == trim($tempStr)) ? true : false;
unlink($d.'/'.$filename);
return $reval;
} else {
return -1;
}
}
}
if (!function_exists('PostHost')) {
function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)
{
$parse = @parse_url($host);
if (empty($parse)) return false;
if ((int)$port > 0) {
$parse['port'] = $port;
} elseif (!@$parse['port']) {
$parse['port'] = '80';
}
$parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://").$parse['host'];
if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {
return false;
}
$method = strtoupper($method);
$wlength = $wdata = $responseText = '';
$parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path'])."?".@$parse['query'];
if ($method == 'GET') {
$separator = @$parse['query'] ? '&' : '';
substr($data, 0, 1) == '&' && $data = substr($data, 1);
$parse['path'] .= $separator.$data;
} elseif ($method == 'POST') {
$wlength = "Content-length: ".strlen($data)."\r\n";
$wdata = $data;
}
$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";
@fwrite($fp, $write);
while ($data = @fread($fp, 4096)) {
$responseText .= $data;
}
@fclose($fp);
empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");
return $responseText;
}
}
if (!function_exists('TestAdminPWD')) {
//返回结果,1.没有修改默认管理员名称,2.没有修改默认管理员用户名和密码,3.没有发现默认账号
function TestAdminPWD()
{
global $dsql;
//查询栏目表确定栏目所在的目录
$sql = "SELECT usertype,userid,pwd FROM #@__admin WHERE `userid`='admin'";
$row = $dsql->GetOne($sql);
if (is_array($row)) {
if ($row['pwd'] == 'f297a57a5a743894a0e4') {
return -2;
} else {
return -1;
}
} else {
return 0;
}
}
}
if (!function_exists('IsWritable')) {
//检测是否可写
function IsWritable($pathfile)
{
$isDir = substr($pathfile, -1) == '/' ? true : false;
if ($isDir) {
if (is_dir($pathfile)) {
mt_srand((float)microtime() * 1000000);
$pathfile = $pathfile.'biz_'.uniqid(mt_rand()).'.tmp';
} elseif (@mkdir($pathfile)) {
return IsWritable($pathfile);
} else {
return false;
}
}
@chmod($pathfile, 0777);
$fp = @fopen($pathfile, 'ab');
if ($fp === false) return false;
fclose($fp);
$isDir && @unlink($pathfile);
return true;
}
}
//检测权限
$safeMsg = array();
$dirname = str_replace('index_body.php', '', strtolower($_SERVER['PHP_SELF']));
if (preg_match("#[\\|/]admin[\\|/]#", $dirname)) {
$safeMsg[] = '后台管理名称包默认名称admin,强烈建议您进行修改';
}
if (IsWritable(DEDEDATA.'/common.inc.php')) {
$safeMsg[] = '数据配置data/common.inc.php文件,强烈建议以管理员权限设置禁止写入和执行';
}
if (!IsSSL()) {
$safeMsg[] = '站点尚未启用HTTPS,强烈建议您配置HTTPS证书';
}
if (version_compare(PHP_VERSION, '5.3.0', '<')) {
$safeMsg[] = 'PHP版本过低会无法正常使用系统,强烈建议升级到PHP7.X';
}
if (!DEDEBIZ_SAFE_MODE) {
$safeMsg[] = '系统运行环境为:非安全模式,强烈建议启用安全模式 [查看]';
}
$rs = TestAdminPWD();
if ($rs < 0) {
$linkurl = '[修改]';
switch ($rs) {
case -1:
$msg = "默认管理员名称admin没有修改,建议您修改 {$linkurl}";
break;
case -2:
$msg = "默认管理员名称和密码没有修改,建议您修改 {$linkurl}";
break;
}
$safeMsg[] = $msg;
}
?>
0) {
?>