DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
181 Commits
3 Branches
110MB
Tree: 4f686a4763
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f686a4763'
${ noResults }
DedeV6/src/dede/testenv.php

423 lines
13KB
Raw Blame History 

  1. <?php

  2. @set_time_limit(0);

  3. /**

  4.  * 系统运行环境检测

  5.  *

  6.  * @version        $Id: testenv.php 13:57 2011/11/10 tianya $

  7.  * @package        DedeCMS.Administrator

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__)."/config.php");

  13. CheckPurview('sys_Edit');

  14. $action = isset($action)? $action : '';

  15. ?>

  16. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

  17. <html xmlns="http://www.w3.org/1999/xhtml">

  18. <head>

  19. <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $GLOBALS['cfg_soft_lang']; ?>">

  20. <title>系统运行目录权限检测</title>

  21. <link rel="stylesheet" type="text/css" href="css/base.css" />

  22. <link rel="stylesheet" type="text/css" href="css/indexbody.css" />

  23. <script type="text/javascript" src="../static/js/jquery.js" ></script>

  24. </head>

  25. <body leftmargin="8" topmargin='8' bgcolor="#FFFFFF" style="min-width:840px">

  26. <?php

  27. if(!function_exists('TestWriteable'))

  28. {

  29. 	// 检测是否可写

  30. 	function TestWriteable($d, $c=TRUE)

  31. 	{

  32. 		$tfile = '_write_able.txt';

  33. 		$d = preg_replace("/\/$/", '', $d);

  34. 		$fp = @fopen($d.'/'.$tfile,'w');

  35. 		if(!$fp)

  36. 		{

  37. 			if( $c==false )

  38. 			{

  39. 				@chmod($d, 0777);

  40. 				return false;

  41. 			}

  42. 			else return TestWriteable($d, true);

  43. 		}

  44. 		else

  45. 		{

  46. 			fclose($fp);

  47. 			return @unlink($d.'/'.$tfile) ? true : false;

  48. 		}

  49. 	}

  50. }

  51. 

  52. if(!function_exists('TestExecuteable'))

  53. {

  54. 	// 检查是否具目录可执行

  55. 	function TestExecuteable($d='.', $siteuRL='', $rootDir='') {

  56. 		$testStr = '<'.chr(0x3F).'p'.chr(hexdec(68)).chr(112)."\n\r";

  57. 		$filename = md5($d).'.php';

  58. 		$testStr .= 'function test(){ echo md5(\''.$d.'\');}'."\n\rtest();\n\r";

  59. 		$testStr .= chr(0x3F).'>';

  60. 		$reval = false;

  61. 		if(empty($rootDir)) $rootDir = DEDEROOT;

  62. 		if (TestWriteable($d)) 

  63. 		{

  64. 			@file_put_contents($d.'/'.$filename, $testStr);

  65. 			$remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/',realpath($d))).'/'.$filename;

  66. 			$tempStr = @PostHost($remoteUrl);

  67. 

  68. 			$reval = (md5($d) == trim($tempStr))? true : false;

  69. 			unlink($d.'/'.$filename);

  70. 			return $reval;

  71. 		} else

  72. 		{

  73. 			return -1;

  74. 		}

  75. 	}

  76. }

  77. 

  78. 

  79. if(!function_exists('PostHost'))

  80. {

  81. 	function PostHost($host,$data='',$method='GET',$showagent=null,$port=null,$timeout=30){

  82. 		$parse = @parse_url($host);

  83. 		if (empty($parse)) return false;

  84. 		if ((int)$port>0) {

  85. 			$parse['port'] = $port;

  86. 		} elseif (!@$parse['port']) {

  87. 			$parse['port'] = '80';

  88. 		}

  89. 		$parse['host'] = str_replace(array('http://','https://'),array('','ssl://'),"$parse[scheme]://").$parse['host'];

  90. 		if (!$fp=@fsockopen($parse['host'],$parse['port'],$errnum,$errstr,$timeout)) {

  91. 			return false;

  92. 		}

  93. 		$method = strtoupper($method);

  94. 		$wlength = $wdata = $responseText = '';

  95. 		$parse['path'] = str_replace(array('\\','//'),'/',@$parse['path'])."?".@$parse['query'];

  96. 		if ($method=='GET') {

  97. 			$separator = @$parse['query'] ? '&' : '';

  98. 			substr($data,0,1)=='&' && $data = substr($data,1);

  99. 			$parse['path'] .= $separator.$data;

  100. 		} elseif ($method=='POST') {

  101. 			$wlength = "Content-length: ".strlen($data)."\r\n";

  102. 			$wdata = $data;

  103. 		}

  104. 		$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";

  105. 		@fwrite($fp,$write);

  106. 		while ($data = @fread($fp, 4096)) {

  107. 			$responseText .= $data;

  108. 		}

  109. 		@fclose($fp);

  110. 		empty($showagent) && $responseText = trim(stristr($responseText,"\r\n\r\n"),"\r\n");

  111. 		return $responseText;

  112. 	}

  113. }

  114. 

  115. 	$allPath = array();

  116. 	$needDir = "$cfg_medias_dir|

  117. 	$cfg_image_dir|

  118. 	$ddcfg_image_dir|

  119. 	$cfg_user_dir|

  120. 	$cfg_soft_dir|

  121. 	$cfg_other_medias|

  122. 	$cfg_medias_dir/flink|

  123. 	$cfg_cmspath/data|

  124. 	$cfg_cmspath/data/$cfg_backup_dir|

  125. 	$cfg_cmspath/data/textdata|

  126. 	$cfg_cmspath/data/sessions|

  127. 	$cfg_cmspath/data/tplcache|

  128. 	$cfg_cmspath/data/admin|

  129. 	$cfg_cmspath/data/enums|

  130. 	$cfg_cmspath/data/mark|

  131. 	$cfg_cmspath/data/module|

  132. 	$cfg_cmspath/data/rss|

  133. 	$cfg_special|

  134. 	$cfg_cmspath$cfg_arcdir";

  135. 	$needDir = explode('|', $needDir);

  136. 	foreach($needDir as $key => $val)

  137. 	{

  138. 		$allPath[trim($val)] = array(

  139. 			'read'=>true,    // 读取

  140. 			'write'=>true,   // 写入

  141. 			'execute'=>false // 执行

  142. 		);

  143. 	}

  144. 	

  145. 	

  146. 	// 所有栏目目录

  147. 	$sql = "SELECT typedir FROM #@__arctype ORDER BY id DESC";

  148. 	$dsql->SetQuery($sql);

  149. 	$dsql->Execute('al', $sql);

  150. 	while($row = $dsql->GetArray('al'))

  151. 	{

  152. 		$typedir = str_replace($cfg_basehost, '', $row['typedir']);

  153. 		if(preg_match("/^http:|^ftp:/i", $row['typedir'])) continue;

  154. 		$typedir = str_replace("{cmspath}", $cfg_cmspath, $row['typedir']);

  155. 		$allPath[trim($typedir)] = array(

  156. 			'read'=>true,    // 读取

  157. 			'write'=>true,   // 写入

  158. 			'execute'=>false // 执行

  159. 		);

  160. 	}

  161. 	

  162. 	// 只允许读取,不允许写入的目录

  163. 	$needDir = array(

  164. 		'include',

  165. 		'member',

  166. 		'plus',

  167. 	);

  168. 	// 获取子目录

  169. 	function GetSondir($d, &$dirname=array())

  170. 	{

  171. 		$dh = dir($d);

  172. 		while($filename = $dh->read() )

  173. 		{

  174. 			if(substr($filename, 0, 1)=='.' || is_file($d.'/'.$filename) ||

  175. 				  preg_match("#^(svn|bak-)#i", $filename) )

  176. 			{

  177. 				CONTINUE;

  178. 			}

  179. 			if(is_dir($d.'/'.$filename)) 

  180. 			{

  181. 				$dirname[] = $d.'/'.$filename;

  182. 				GetSondir($d.'/'.$filename,$dirname);

  183. 			}

  184. 		}

  185. 		$dh->close();

  186. 		return $dirname;

  187. 	}

  188. 	

  189. 	//获取所有文件列表

  190. 	function preg_ls($path=".", $rec=FALSE, $pat="/.*/", $ignoredir='')

  191. 	{

  192. 		while (substr ($path,-1,1) =="/")

  193. 		{

  194. 			$path=substr ($path,0,-1);

  195. 		}

  196. 		if (!is_dir ($path) )

  197. 		{

  198. 			$path=dirname ($path);

  199. 		}

  200. 		if ($rec!==TRUE)

  201. 		{

  202. 			$rec=FALSE;

  203. 		}

  204. 		$d=dir ($path);

  205. 		$ret=Array ();

  206. 		while (FALSE!== ($e=$d->read () ) )

  207. 		{

  208. 			if ( ($e==".") || ($e=="..") )

  209. 			{

  210. 				continue;

  211. 			}

  212. 			if ($rec && is_dir ($path."/".$e) && ($ignoredir == '' || strpos($ignoredir,$e ) === FALSE))

  213. 			{

  214. 				$ret = array_merge ($ret, preg_ls($path."/".$e, $rec, $pat, $ignoredir));

  215. 				continue;

  216. 			}

  217. 			if (!preg_match ($pat, $e) )

  218. 			{

  219. 				continue;

  220. 			}

  221. 			$ret[] = $path."/".$e;

  222. 		}

  223. 		return (empty ($ret) && preg_match ($pat,basename($path))) ? Array ($path."/") : $ret;

  224. 	}

  225. 	

  226. 	foreach($needDir as $key => $val)

  227. 	{

  228. 		$allPath[trim('/'.$val)] = array(

  229. 			'read'=>true,    // 读取

  230. 			'write'=>false,   // 写入

  231. 			'execute'=>true // 执行

  232. 		);

  233. 		$sonDir = GetSondir(DEDEROOT.'/'.$val);

  234. 		foreach($sonDir as $kk => $vv)

  235. 		{

  236. 			$vv = trim(str_replace(DEDEROOT, '', $vv));

  237. 			$allPath[$vv] = array(

  238. 				'read'=>true,    // 读取

  239. 				'write'=>false,   // 写入

  240. 				'execute'=>true // 执行

  241. 			);

  242. 		}

  243. 		

  244. 	}

  245. 	

  246. 	// 不需要执行的

  247. 	$needDir = array(

  248. 		'/images',

  249. 		'/templets'

  250. 	);

  251. 	foreach($needDir as $key => $val)

  252. 	{

  253. 		$allPath[trim('/'.$val)] = array(

  254. 			'read'=>true,    // 读取

  255. 			'write'=>false,   // 写入

  256. 			'execute'=>false // 执行

  257. 		);

  258. 		$sonDir = GetSondir(DEDEROOT.'/'.$val);

  259. 		foreach($sonDir as $kk => $vv)

  260. 		{

  261. 			$vv = trim(str_replace(DEDEROOT.'/', '', $vv));

  262. 			$allPath[$vv] = array(

  263. 				'read'=>true,    // 读取

  264. 				'write'=>false,   // 写入

  265. 				'execute'=>false // 执行

  266. 			);

  267. 		}

  268. 		

  269. 	}

  270. 	

  271. 	// 所有js建议只读

  272. 	$jsDir = array(

  273. 		'/images',

  274. 		'/templets',

  275. 		'/include'

  276. 	);

  277. 	foreach ($jsDir as $k => $v)

  278. 	{

  279. 		$jsfiles = preg_ls(DEDEROOT.$v, TRUE, "/.*\.(js)$/i");

  280. 		foreach ($jsfiles as $k => $v)

  281. 		{

  282. 			$vv = trim(str_replace(DEDEROOT.'/', '/', $v));

  283. 			$allPath[$vv] = array(

  284. 				'read'=>true,    // 读取

  285. 				'write'=>false,   // 写入

  286. 				'execute'=>false // 执行

  287. 			);

  288. 		}

  289. 	}

  290. ?>

  291. <div id="safemsg">

  292.   <dl style="margin-left:0.5%;margin-right:0.5%; width:97%" id="item1" class="dbox">

  293.     <dt class="lside"><span class="l" style="float:left">系统运行目录权限检测</span><span style="float:right; margin-right:20px"><a href="index_body.php">返回主页</a></span><span style="float:right; margin-right:20px"><a href="http://help.dedecms.com/install-use/apply/2011/1111/2131.html" target="_blank">帮助说明</a></span></dt>

  294.     <dd>

  295.       <div style="padding:10px"> 说明:本程序用于检测DedeCMS站点所涉及的目录权限,并且提供一个全面的检测说明,您可以根据检测报告来配置站点以保证站点更为安全。</div>

  296.       <div id="tableHeader" style="margin-left:10px">

  297.           <table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  298.             <thead>

  299.               <tr>

  300.                 <td width="40%" height="25" align="center" bgcolor="#E3F1D1">目录</td>

  301. 				<td width="20%" height="25" align="center" bgcolor="#E3F1D1">执行</td>

  302.                 <td width="20%" height="25" align="center" bgcolor="#E3F1D1">读取</td>

  303.                 <td width="20%" height="25" align="center" bgcolor="#E3F1D1">写入</td>

  304.               </tr>

  305.               </thead>

  306.           </table>

  307.       </div>

  308.       <div id="safelist" style="margin-left:10px">

  309.         <div class="install" id="log" style="height: 260px; overflow: auto;">

  310.           <table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  311.              <tbody id="mainList">

  312.             </tbody>

  313.           </table>

  314.         </div>

  315.       </div>

  316.     </dd>

  317.   </dl>

  318. </div>

  319. <div style="margin: 0 auto; width:200px"><a href="javascript:startScan();"><img src="images/btn_scan.gif" width="154" height="46" /></a></div>

  320. <script type="text/javascript">

  321. $ = jQuery;

  322. var log = "<?php

  323. 				foreach($allPath as $key => $val)

  324. 				{

  325. 					if(is_dir(DEDEROOT.$key))

  326. 					{

  327. 				?><?php echo $key;?>|<?php

  328. 						$rs = TestExecuteable(DEDEROOT.$key, $cfg_basehost, $cfg_cmspath);

  329. 						

  330. 						if($rs === -1)

  331. 						{

  332. 							echo "<font color='red'>无法判断</font>";

  333. 						} else {

  334. 							if($val['execute'] == true)

  335. 								echo $rs != $val['execute']? "<font color='red'>错误(不可执行)</font>" : "<font color='green'>正常(可执行)</font>";

  336. 							else

  337. 								echo $rs != $val['execute']? "<font color='red'>错误(可执行)</font>" : "<font color='green'>正常(不可执行)</font>";

  338. 						}

  339. 						?>|<?php 

  340. 					if($val['read'] == true)

  341. 						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";

  342. 					else 

  343. 						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";

  344. 					?>|<?php

  345. 						if($val['write'] == true)

  346. 							echo TestWriteable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";

  347. 						else 

  348. 							echo TestWriteable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";

  349. 						?><dedecms><?php

  350. 					} else {

  351. 					?><?php echo $key;?>|无需判断|<?php 

  352. 					if($val['read'] == true)

  353. 						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";

  354. 					else 

  355. 						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";

  356. 					?>|<?php 

  357. 					if($val['write'] == true)

  358. 						echo is_writable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";

  359. 					else 

  360. 						echo is_writable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";

  361. 					?><dedecms><?php

  362. 					}

  363. 				}

  364. 				?>";

  365. var n = 0;

  366. var timer = 0;

  367. log = log.split('<dedecms>');

  368. function GoPlay(){

  369. 	if (n > log.length-1) {

  370. 		n=-1;

  371. 		clearIntervals();

  372. 	}

  373. 	if (n > -1) {

  374. 		postcheck(n);

  375. 		n++;

  376. 	}

  377. }

  378. function postcheck(n){

  379. 	var item = log[n];

  380. 	item = item.split('|');

  381. 	

  382. 	document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  383. 	if(item == ''){return false;}

  384. 	var tempvar='<tr>\r				        <td width="40%" height="23" bgcolor="#FFFFFF">'+item[0]+'</td>\r		            <td width="20%" height="23" align="center" bgcolor="#FEF7C5">'+item[1]+'</td>\r				        <td width="20%" height="23" align="center" bgcolor="#FFFFFF">\r						'+item[2]+'</td>\r				        <td width="20%" height="23" align="center" bgcolor="#FFFFFF">\r						'+item[3]+'</td>\r			      </tr>  ';

  385. 	

  386. 	//chiledelem.innerHTML = tempvar;

  387. 	//document.getElementById("mainList").appendChild(chiledelem);

  388. 	$("#mainList").append(tempvar);

  389. 	document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  390. }

  391. function setIntervals(){

  392. 	timer = setInterval('GoPlay()',50);

  393. }

  394. function clearIntervals(){

  395. 	clearInterval(timer);

  396. 	//document.getElementById('install').submit();

  397. 	alert('全部检测完毕,您可以按照检测结果进行系统权限调整!');

  398. }

  399. //setTimeout(setIntervals, 100);

  400. 

  401. 

  402. function changeHeight()

  403. {

  404. 	var newheight =  $(window).height() - 170;

  405. 	$("#safelist").css('height', newheight + 'px');

  406. 	var logheight = newheight;

  407. 	$("#log").css('height', logheight + 'px');

  408. }

  409. // 开始检测

  410. function startScan()

  411. {

  412. 	setTimeout(setIntervals, 100);

  413. }

  414. $.ready = function(){

  415. 	changeHeight();

  416. 	$(window).resize(function()

  417.   {

  418. 	  changeHeight();

  419.   });

  420. };

  421. </script>

  422. </body>