DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
187 Commits
3 Branches
110MB
Tree: 183d1ab45a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '183d1ab45a'
${ noResults }
DedeV6/src/dede/config.php

235 lines
7.0KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 管理目录配置文件

  4.  *

  5.  * @version        $Id: config.php 1 14:31 2010年7月12日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__) ) );

  12. require_once(DEDEADMIN.'/../include/common.inc.php');

  13. require_once(DEDEINC.'/userlogin.class.php');

  14. header('Cache-Control:private');

  15. $dsql->safeCheck = FALSE;

  16. $dsql->SetLongLink();

  17. $cfg_admin_skin = 1; // 后台管理风格

  18. 

  19. if(file_exists(DEDEDATA.'/admin/skin.txt'))

  20. {

  21. 	$skin = file_get_contents(DEDEDATA.'/admin/skin.txt');

  22. 	$cfg_admin_skin = !in_array($skin, array(1,2,3,4))? 1 : $skin;

  23. }

  24. 

  25. // 检查CSRF

  26. function CheckCSRF()

  27. {

  28.     $cc_csrf_token_check = GetCookie("dede_csrf_token");

  29.     if (

  30.         !(isset($_POST['_csrf_token'], $cc_csrf_token_check)

  31.     && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check)

  32.     && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))

  33.     ) {

  34.         ShowMsg('CSRF校验失败,请刷新页面重新提交', '-1');

  35.         exit();

  36.     }

  37.     

  38.     DropCookie("dede_csrf_token");

  39. }

  40. 

  41. // 生成CSRF校验token,在比较重要的表单中应该要加上这个token校验

  42. $cc_csrf_token = GetCookie("dede_csrf_token");

  43. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {

  44.     if (isset($cc_csrf_token) && is_string($cc_csrf_token)

  45.     && preg_match('#^[0-9a-f]{32}$#iS',$cc_csrf_token) === 1

  46.     ) {

  47.         $GLOBALS['csrf_token'] = $cc_csrf_token;

  48.     } else {

  49.         $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));

  50.     }

  51. }

  52. 

  53. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {

  54.     PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');

  55. }

  56. 

  57. 

  58. //获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项

  59. $dedeNowurl = $s_scriptName = '';

  60. $isUrlOpen = @ini_get('allow_url_fopen');

  61. $dedeNowurl = GetCurUrl();

  62. $dedeNowurls = explode('?', $dedeNowurl);

  63. $s_scriptName = $dedeNowurls[0];

  64. $cfg_remote_site = empty($cfg_remote_site)? 'N' : $cfg_remote_site;

  65. 

  66. //检验用户登录状态

  67. $cuserLogin = new userLogin();

  68. 

  69. if($cuserLogin->getUserID()==-1)

  70. {

  71.     if ( preg_match("#PHP (.*) Development Server#",$_SERVER['SERVER_SOFTWARE']) )

  72.     {

  73.         $dirname = dirname($_SERVER['SCRIPT_NAME']);

  74.         header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));

  75.     } else {

  76.         header("location:login.php?gotopage=".urlencode($dedeNowurl));

  77.     }

  78.     exit();

  79. }

  80. 

  81. function XSSClean($val)

  82. {

  83.     if (is_array($val))

  84.     {

  85.         foreach ($val as $key => $v) {

  86.             if(in_array($key,array('tags','body','dede_fields','dede_addonfields','dopost','introduce'))) continue;

  87.             $val[$key] = XSSClean($val[$key]);

  88.         }

  89.         return $val;

  90.     }

  91.     return RemoveXss($val);

  92. }

  93. 

  94. if($cfg_dede_log=='Y')

  95. {

  96.     $s_nologfile = '_main|_list';

  97.     $s_needlogfile = 'sys_|file_';

  98.     $s_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';

  99.     $s_query = isset($dedeNowurls[1]) ? $dedeNowurls[1] : '';

  100.     $s_scriptNames = explode('/', $s_scriptName);

  101.     $s_scriptNames = $s_scriptNames[count($s_scriptNames)-1];

  102.     $s_userip = GetIP();

  103.     if( $s_method=='POST' || (!preg_match("#".$s_nologfile."#i", $s_scriptNames) && $s_query!='') || preg_match("#".$s_needlogfile."#i",$s_scriptNames) )

  104.     {

  105.         $inquery = "INSERT INTO `#@__log`(adminid,filename,method,query,cip,dtime)

  106.              VALUES ('".$cuserLogin->getUserID()."','{$s_scriptNames}','{$s_method}','".addslashes($s_query)."','{$s_userip}','".time()."');";

  107.         $dsql->ExecuteNoneQuery($inquery);

  108.     }

  109. }

  110. 

  111. //管理缓存、管理员频道缓存

  112. $cache1 = DEDEDATA.'/cache/inc_catalog_base.inc';

  113. if(!file_exists($cache1)) UpDateCatCache();

  114. $cacheFile = DEDEDATA.'/cache/admincat_'.$cuserLogin->userID.'.inc';

  115. if(file_exists($cacheFile)) require_once($cacheFile);

  116. 

  117. //更新服务器

  118. require_once (DEDEDATA.'/admin/config_update.php');

  119. 

  120. if(strlen($cfg_cookie_encode)<=10)

  121. {

  122.     $chars='abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789';

  123.     $hash='';

  124.     $length = rand(28,32);

  125.     $max = strlen($chars) - 1;

  126.     for($i = 0; $i < $length; $i++) {

  127.         $hash .= $chars[mt_rand(0, $max)];

  128.     }

  129. 	$dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='{$hash}' WHERE varname='cfg_cookie_encode' ");

  130. 	$configfile = DEDEDATA.'/config.cache.inc.php';

  131.     if(!is_writeable($configfile))

  132.     {

  133.         echo "配置文件'{$configfile}'不支持写入,无法修改系统配置参数!";

  134.         exit();

  135.     }

  136.     $fp = fopen($configfile,'w');

  137.     flock($fp,3);

  138.     fwrite($fp,"<"."?php\r\n");

  139.     $dsql->SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC ");

  140.     $dsql->Execute();

  141.     while($row = $dsql->GetArray())

  142.     {

  143.         if($row['type']=='number')

  144.         {

  145.             if($row['value']=='') $row['value'] = 0;

  146.             fwrite($fp,"\${$row['varname']} = ".$row['value'].";\r\n");

  147.         }

  148.         else

  149.         {

  150.             fwrite($fp,"\${$row['varname']} = '".str_replace("'",'',$row['value'])."';\r\n");

  151.         }

  152.     }

  153.     fwrite($fp,"?".">");

  154.     fclose($fp);

  155. }

  156. 

  157. /**

  158.  *  更新栏目缓存

  159.  *

  160.  * @access    public

  161.  * @return    void

  162.  */

  163. function UpDateCatCache()

  164. {

  165.     global $dsql, $cache1, $cuserLogin;

  166.     $cache2 = DEDEDATA.'/cache/channelsonlist.inc';

  167.     $cache3 = DEDEDATA.'/cache/channeltoplist.inc';

  168.     $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");

  169.     $dsql->Execute();

  170.     $fp1 = fopen($cache1,'w');

  171.     $phph = '?';

  172.     $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";

  173.     fwrite($fp1,$fp1Header);

  174.     while($row=$dsql->GetObject())

  175.     {

  176.         // 将typename缓存起来

  177.         $row->typename = base64_encode($row->typename);

  178.         fwrite($fp1,"\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");

  179.     }

  180.     fwrite($fp1, "{$phph}>");

  181.     fclose($fp1);

  182.     $cuserLogin->ReWriteAdminChannel();

  183.     @unlink($cache2);

  184.     @unlink($cache3);

  185. }

  186. 

  187. // 清空选项缓存

  188. function ClearOptCache()

  189. {

  190.     $tplCache = DEDEDATA.'/tplcache/';

  191.     $fileArray = glob($tplCache."inc_option_*.inc");

  192.     if (count($fileArray) > 1)

  193.     {

  194.         foreach ($fileArray as $key => $value)

  195.         {

  196.             if (file_exists($value)) unlink($value);

  197.             else continue;

  198.         }

  199.         return TRUE;

  200.     }

  201.     return FALSE;

  202. }

  203. 

  204. /**

  205.  *  引入模板文件

  206.  *

  207.  * @access    public

  208.  * @param     string  $filename  文件名称

  209.  * @param     bool  $isabs  是否为管理目录

  210.  * @return    string

  211.  */

  212. function DedeInclude($filename, $isabs=FALSE)

  213. {

  214.     return $isabs ? $filename : DEDEADMIN.'/'.$filename;

  215. }

  216. 

  217. /**

  218.  *  根据用户mid获取用户名称

  219.  *

  220.  * @access    public

  221.  * @param     int  $mid   用户ID

  222.  * @return    string

  223.  */

  224. if(!function_exists('GetMemberName')){

  225. 	function GetMemberName($mid=0)

  226. 	{

  227.         global $dsql;

  228.         if (empty($mid)) {

  229.             return "管理员";

  230.         }

  231.         $rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");

  232. 		return $rs['uname'];

  233. 	}

  234. }