DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2422 Commits
3 Branches
110MB
Tree: 1b72d3843d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1b72d3843d'
${ noResults }
DedeV6/src/admin/config.php

162 lines
5.4KB
Raw Blame History 

  1. <?php

  2. /**

  3.  *

  4.  * @version        $id:config.php 14:31 2010年7月12日 tianya $

  5.  * @package        DedeBIZ.Administrator

  6.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  7.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  8.  * @link           https://www.dedebiz.com

  9.  */

  10. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));

  11. require_once(DEDEADMIN.'/../system/common.inc.php');

  12. if (!file_exists(DEDEDATA.'/common.inc.php')) {

  13.     header('Location:../install/index.php');

  14.     exit();

  15. }

  16. require_once(DEDEINC.'/userlogin.class.php');

  17. header('Cache-Control:private');

  18. $dsql->safeCheck = FALSE;

  19. $dsql->SetLongLink();

  20. //检查CSRF

  21. function CheckCSRF()

  22. {

  23.     $cc_csrf_token_check = GetCookie("dede_csrf_token");

  24.     DropCookie("dede_csrf_token");

  25. }

  26. //生成CSRF校验token,在比较重要的表单中应该要加上这个token校验

  27. $cc_csrf_token = GetCookie("dede_csrf_token");

  28. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {

  29.     if (

  30.         isset($cc_csrf_token) && is_string($cc_csrf_token)

  31.         && preg_match('#^[0-9a-f]{32}$#iS', $cc_csrf_token) === 1

  32.     ) {

  33.         $GLOBALS['csrf_token'] = $cc_csrf_token;

  34.     } else {

  35.         $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));

  36.     }

  37. }

  38. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {

  39.     PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');

  40. }

  41. //获得当前脚本名称,如果系统被禁用了$_SERVER变量,请自行修改这个选项

  42. $dedeNowurl = $s_scriptName = '';

  43. $isUrlOpen = @ini_get('allow_url_fopen');

  44. $dedeNowurl = GetCurUrl();

  45. $dedeNowurls = explode('?', $dedeNowurl);

  46. $s_scriptName = $dedeNowurls[0];

  47. //检验会员登录状态

  48. $cuserLogin = new userLogin();

  49. if ($cuserLogin->getUserID() == -1) {

  50.     if (preg_match("#PHP (.*) Development Server#", $_SERVER['SERVER_SOFTWARE'])) {

  51.         $dirname = dirname($_SERVER['SCRIPT_NAME']);

  52.         header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));

  53.     } else {

  54.         header("location:login.php?gotopage=".urlencode($dedeNowurl));

  55.     }

  56.     exit();

  57. }

  58. function XSSClean($val)

  59. {

  60.     if (is_array($val)) {

  61.         foreach ($val as $key => $v) {

  62.             if (in_array($key, array('tags', 'body', 'dede_fields', 'dede_addonfields', 'dopost', 'introduce', 'geturl'))) continue;

  63.             $val[$key] = XSSClean($val[$key]);

  64.         }

  65.         return $val;

  66.     }

  67.     return RemoveXss($val);

  68. }

  69. if ($cfg_dede_log == 'Y') {

  70.     $s_nologfile = '_main|_list';

  71.     $s_needlogfile = 'sys_|file_';

  72.     $s_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';

  73.     $s_query = isset($dedeNowurls[1]) ? $dedeNowurls[1] : '';

  74.     $s_scriptNames = explode('/', $s_scriptName);

  75.     $s_scriptNames = $s_scriptNames[count($s_scriptNames) - 1];

  76.     $s_userip = GetIP();

  77.     if ($s_method == 'POST' || (!preg_match("#".$s_nologfile."#i", $s_scriptNames) && $s_query != '') || preg_match("#".$s_needlogfile."#i", $s_scriptNames)) {

  78.         $inquery = "INSERT INTO `#@__log` (adminid,filename,method,query,cip,dtime) VALUES ('".$cuserLogin->getUserID()."','{$s_scriptNames}','{$s_method}','".addslashes($s_query)."','{$s_userip}','".time()."');";

  79.         $dsql->ExecuteNoneQuery($inquery);

  80.     }

  81. }

  82. if (file_exists(DEDEDATA."/downmix.data.php")) {

  83.     rename(DEDEDATA."/downmix.data.php",DEDEDATA."/downmix.data.inc");

  84. }

  85. //管理缓存管理员栏目缓存

  86. $cache1 = DEDEDATA.'/cache/inc_catalog_base.inc';

  87. if (!file_exists($cache1)) UpDateCatCache();

  88. $cacheFile = DEDEDATA.'/cache/admincat_'.$cuserLogin->userID.'.inc';

  89. if (file_exists($cacheFile)) require_once($cacheFile);

  90. /**

  91.  *  更新栏目缓存

  92.  *

  93.  * @access    public

  94.  * @return    void

  95.  */

  96. function UpDateCatCache()

  97. {

  98.     global $dsql, $cache1, $cuserLogin;

  99.     $cache2 = DEDEDATA.'/cache/channelsonlist.inc';

  100.     $cache3 = DEDEDATA.'/cache/channeltoplist.inc';

  101.     $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");

  102.     $dsql->Execute();

  103.     $fp1 = fopen($cache1, 'w');

  104.     $phph = '?';

  105.     $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";

  106.     fwrite($fp1, $fp1Header);

  107.     while ($row = $dsql->GetObject()) {

  108.         //typename缓存起来

  109.         $row->typename = base64_encode($row->typename);

  110.         fwrite($fp1, "\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");

  111.     }

  112.     fwrite($fp1, "{$phph}>");

  113.     fclose($fp1);

  114.     $cuserLogin->ReWriteAdminChannel();

  115.     @unlink($cache2);

  116.     @unlink($cache3);

  117. }

  118. //清空选项缓存

  119. function ClearOptCache()

  120. {

  121.     $tplCache = DEDEDATA.'/tplcache/';

  122.     $fileArray = glob($tplCache."inc_option_*.inc");

  123.     if (count($fileArray) > 1) {

  124.         foreach ($fileArray as $key => $value) {

  125.             if (file_exists($value)) unlink($value);

  126.             else continue;

  127.         }

  128.         return TRUE;

  129.     }

  130.     return FALSE;

  131. }

  132. /**

  133.  *  引入模板文件

  134.  *

  135.  * @access    public

  136.  * @param     string  $filename  文件名称

  137.  * @param     bool  $isabs  是否为管理目录

  138.  * @return    string

  139.  */

  140. function DedeInclude($filename, $isabs = FALSE)

  141. {

  142.     return $isabs ? $filename : DEDEADMIN.'/'.$filename;

  143. }

  144. /**

  145.  *  根据会员mid获取账号

  146.  *

  147.  * @access    public

  148.  * @param     int  $mid   会员id

  149.  * @return    string

  150.  */

  151. if (!function_exists('GetMemberName')) {

  152.     function GetMemberName($mid = 0)

  153.     {

  154.         global $dsql;

  155.         if (empty($mid)) {

  156.             return "管理员";

  157.         }

  158.         $rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");

  159.         return $rs['uname'];

  160.     }

  161. }

  162. ?>