'; $reval = false; if (empty($rootDir)) $rootDir = DEDEROOT; if (TestWriteable($d)) { @file_put_contents($d.'/'.$filename, $testStr); $remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/', realpath($d))).'/'.$filename; $tempStr = @PostHost($remoteUrl); $reval = (md5($d) == trim($tempStr)) ? true : false; unlink($d.'/'.$filename); return $reval; } else { return -1; } } } if (!function_exists('PostHost')) { function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30) { $parse = @parse_url($host); if (empty($parse)) return false; if ((int)$port > 0) { $parse['port'] = $port; } elseif (!@$parse['port']) { $parse['port'] = '80'; } $parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://").$parse['host']; if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) { return false; } $method = strtoupper($method); $wlength = $wdata = $responseText = ''; $parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path'])."?".@$parse['query']; if ($method == 'GET') { $separator = @$parse['query'] ? '&' : ''; substr($data, 0, 1) == '&' && $data = substr($data, 1); $parse['path'] .= $separator.$data; } elseif ($method == 'POST') { $wlength = "Content-length: ".strlen($data)."\r\n"; $wdata = $data; } $write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata"; @fwrite($fp, $write); while ($data = @fread($fp, 4096)) { $responseText .= $data; } @fclose($fp); empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n"); return $responseText; } } if (!function_exists('TestAdminPWD')) { //返回结果,1.没有修改默认管理员名称,2.没有修改默认管理员用户名和密码,3.没有发现默认账号 function TestAdminPWD() { global $dsql; //查询栏目表确定栏目所在的目录 $sql = "SELECT usertype,userid,pwd FROM `#@__admin` WHERE `userid`='admin'"; $row = $dsql->GetOne($sql); if (is_array($row)) { if ($row['pwd'] == 'f297a57a5a743894a0e4') { return -2; } else { return -1; } } else { return 0; } } } if (!function_exists('IsWritable')) { //检测是否可写 function IsWritable($pathfile) { $isDir = substr($pathfile, -1) == '/' ? true : false; if ($isDir) { if (is_dir($pathfile)) { mt_srand((float)microtime() * 1000000); $pathfile = $pathfile.'biz_'.uniqid(mt_rand()).'.tmp'; } elseif (@mkdir($pathfile)) { return IsWritable($pathfile); } else { return false; } } @chmod($pathfile, 0777); $fp = @fopen($pathfile, 'ab'); if ($fp === false) return false; fclose($fp); $isDir && @unlink($pathfile); return true; } } //检测权限 $safeMsg = array(); $dirname = str_replace('index_body.php', '', strtolower($_SERVER['PHP_SELF'])); if (preg_match("#[\\|/]admin[\\|/]#", $dirname)) { $safeMsg[] = '后台管理登录默认名称admin,建议您进行修改'; } if (IsWritable(DEDEDATA.'/common.inc.php')) { $safeMsg[] = '数据配置data/common.inc.php文件,需要以管理员权限设置禁止写入和执行'; } if (!IsSSL()) { $safeMsg[] = '站点尚未启用HTTPS,建议您配置HTTPS'; } if (version_compare(PHP_VERSION, '5.3.0', '<')) { $safeMsg[] = 'PHP版本过低会无法正常使用系统,需要升级到PHP7.X'; } if (!DEDEBIZ_SAFE_MODE) { $safeMsg[] = '系统运行环境为:开发模式,建议启用安全模式 [查看]'; } $rs = TestAdminPWD(); if ($rs < 0) { $linkurl = '[修改]'; switch ($rs) { case -1: $msg = "管理员默认名称admin没有修改,建议您修改 {$linkurl}"; break; case -2: $msg = "管理员默认名称和密码没有修改,建议您修改 {$linkurl}"; break; } $safeMsg[] = $msg; } ?> 0) { ?>
$val) { ?>