DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
136 Commits
3 Branches
110MB
Tree: 8fadcb8ed2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8fadcb8ed2'
${ noResults }
DedeV6/src/dede/config.php

259 lines
7.5KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 管理目录配置文件

  4.  *

  5.  * @version        $Id: config.php 1 14:31 2010年7月12日Z tianya $

  6.  * @package        DedeCMS.Administrator

  7.  * @copyright      Copyright (c) 2007 - 2020, DesDev, Inc.

  8.  * @license        http://help.dedecms.com/usersguide/license.html

  9.  * @link           http://www.dedecms.com

  10.  */

  11. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__) ) );

  12. require_once(DEDEADMIN.'/../include/common.inc.php');

  13. require_once(DEDEINC.'/userlogin.class.php');

  14. header('Cache-Control:private');

  15. $dsql->safeCheck = FALSE;

  16. $dsql->SetLongLink();

  17. $cfg_admin_skin = 1; // 后台管理风格

  18. 

  19. if(file_exists(DEDEDATA.'/admin/skin.txt'))

  20. {

  21. 	$skin = file_get_contents(DEDEDATA.'/admin/skin.txt');

  22. 	$cfg_admin_skin = !in_array($skin, array(1,2,3,4))? 1 : $skin;

  23. }

  24. $_csrf_name = '_csrf_name_'.substr(md5(md5($cfg_cookie_encode)),0,8);

  25. $_csrf_hash =  GetCookie($_csrf_name);

  26. if ( empty($_csrf_hash) )

  27. {

  28.     $_csrf_hash = md5(uniqid(mt_rand(), TRUE));

  29.     if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')

  30.     {

  31.         PutCookie($_csrf_name, $_csrf_hash, 7200, '/');

  32.     }

  33. }

  34. 

  35. $_csrf =  array(

  36.     'name'  =>'_dede'.$_csrf_name,

  37.     'hash'  => $_csrf_hash,

  38. );

  39. 

  40. //获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项

  41. $dedeNowurl = $s_scriptName = '';

  42. $isUrlOpen = @ini_get('allow_url_fopen');

  43. $dedeNowurl = GetCurUrl();

  44. $dedeNowurls = explode('?', $dedeNowurl);

  45. $s_scriptName = $dedeNowurls[0];

  46. $cfg_remote_site = empty($cfg_remote_site)? 'N' : $cfg_remote_site;

  47. 

  48. //检验用户登录状态

  49. $cuserLogin = new userLogin();

  50. 

  51. if($cuserLogin->getUserID()==-1)

  52. {

  53.     if ( preg_match("#PHP (.*) Development Server#",$_SERVER['SERVER_SOFTWARE']) )

  54.     {

  55.         $dirname = dirname($_SERVER['SCRIPT_NAME']);

  56.         header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));

  57.     } else {

  58.         header("location:login.php?gotopage=".urlencode($dedeNowurl));

  59.     }

  60.     exit();

  61. }

  62. 

  63. function csrf_check()

  64. {

  65.     global $token;

  66. 

  67.     if(!isset($token) || strcasecmp($token, $_SESSION['token']) !== 0){

  68.         echo '<a href="http://bbs.dedecms.com/907721.html">DedeCMS:CSRF Token Check Failed!</a>';

  69.         exit;

  70.     }

  71. }

  72. 

  73. function XSSClean($val)

  74. {

  75.     if (is_array($val))

  76.     {

  77.         foreach ($val as $key => $v) {

  78.             if(in_array($key,array('tags','body','dede_fields','dede_addonfields','dopost','introduce'))) continue;

  79.             $val[$key] = XSSClean($val[$key]);

  80.         }

  81.         return $val;

  82.     }

  83.     return RemoveXss($val);

  84. }

  85. 

  86. if($cfg_dede_log=='Y')

  87. {

  88.     $s_nologfile = '_main|_list';

  89.     $s_needlogfile = 'sys_|file_';

  90.     $s_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';

  91.     $s_query = isset($dedeNowurls[1]) ? $dedeNowurls[1] : '';

  92.     $s_scriptNames = explode('/', $s_scriptName);

  93.     $s_scriptNames = $s_scriptNames[count($s_scriptNames)-1];

  94.     $s_userip = GetIP();

  95.     if( $s_method=='POST' || (!preg_match("#".$s_nologfile."#i", $s_scriptNames) && $s_query!='') || preg_match("#".$s_needlogfile."#i",$s_scriptNames) )

  96.     {

  97.         $inquery = "INSERT INTO `#@__log`(adminid,filename,method,query,cip,dtime)

  98.              VALUES ('".$cuserLogin->getUserID()."','{$s_scriptNames}','{$s_method}','".addslashes($s_query)."','{$s_userip}','".time()."');";

  99.         $dsql->ExecuteNoneQuery($inquery);

  100.     }

  101. }

  102. 

  103. //启用远程站点则创建FTP类

  104. if($cfg_remote_site=='Y')

  105. {

  106.     require_once(DEDEINC.'/ftp.class.php');

  107.     if(file_exists(DEDEDATA."/cache/inc_remote_config.php"))

  108.     {

  109.         require_once DEDEDATA."/cache/inc_remote_config.php";

  110.     }

  111.     if(empty($remoteuploads)) $remoteuploads = 0;

  112.     if(empty($remoteupUrl)) $remoteupUrl = '';

  113.     $config = array(

  114.       'hostname' => $GLOBALS['cfg_ftp_host'],

  115.       'username' => $GLOBALS['cfg_ftp_user'],

  116.       'password' => $GLOBALS['cfg_ftp_pwd'],

  117.       'debug' => 'TRUE'

  118.     );

  119.     $ftp = new FTP($config); 

  120. 

  121.     //初始化FTP配置

  122.     if($remoteuploads==1){

  123.         $ftpconfig = array(

  124.             'hostname'=>$rmhost, 

  125.             'port'=>$rmport,

  126.             'username'=>$rmname,

  127.             'password'=>$rmpwd

  128.         );

  129.     }

  130. }

  131. 

  132. //管理缓存、管理员频道缓存

  133. $cache1 = DEDEDATA.'/cache/inc_catalog_base.inc';

  134. if(!file_exists($cache1)) UpDateCatCache();

  135. $cacheFile = DEDEDATA.'/cache/admincat_'.$cuserLogin->userID.'.inc';

  136. if(file_exists($cacheFile)) require_once($cacheFile);

  137. 

  138. //更新服务器

  139. require_once (DEDEDATA.'/admin/config_update.php');

  140. 

  141. if(strlen($cfg_cookie_encode)<=10)

  142. {

  143.     $chars='abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789';

  144.     $hash='';

  145.     $length = rand(28,32);

  146.     $max = strlen($chars) - 1;

  147.     for($i = 0; $i < $length; $i++) {

  148.         $hash .= $chars[mt_rand(0, $max)];

  149.     }

  150. 	$dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='{$hash}' WHERE varname='cfg_cookie_encode' ");

  151. 	$configfile = DEDEDATA.'/config.cache.inc.php';

  152.     if(!is_writeable($configfile))

  153.     {

  154.         echo "配置文件'{$configfile}'不支持写入,无法修改系统配置参数!";

  155.         exit();

  156.     }

  157.     $fp = fopen($configfile,'w');

  158.     flock($fp,3);

  159.     fwrite($fp,"<"."?php\r\n");

  160.     $dsql->SetQuery("SELECT `varname`,`type`,`value`,`groupid` FROM `#@__sysconfig` ORDER BY aid ASC ");

  161.     $dsql->Execute();

  162.     while($row = $dsql->GetArray())

  163.     {

  164.         if($row['type']=='number')

  165.         {

  166.             if($row['value']=='') $row['value'] = 0;

  167.             fwrite($fp,"\${$row['varname']} = ".$row['value'].";\r\n");

  168.         }

  169.         else

  170.         {

  171.             fwrite($fp,"\${$row['varname']} = '".str_replace("'",'',$row['value'])."';\r\n");

  172.         }

  173.     }

  174.     fwrite($fp,"?".">");

  175.     fclose($fp);

  176. }

  177. 

  178. /**

  179.  *  更新栏目缓存

  180.  *

  181.  * @access    public

  182.  * @return    void

  183.  */

  184. function UpDateCatCache()

  185. {

  186.     global $dsql, $cfg_multi_site, $cache1, $cacheFile, $cuserLogin;

  187.     $cache2 = DEDEDATA.'/cache/channelsonlist.inc';

  188.     $cache3 = DEDEDATA.'/cache/channeltoplist.inc';

  189.     $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");

  190.     $dsql->Execute();

  191.     $fp1 = fopen($cache1,'w');

  192.     $phph = '?';

  193.     $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";

  194.     fwrite($fp1,$fp1Header);

  195.     while($row=$dsql->GetObject())

  196.     {

  197.         // 将typename缓存起来

  198.         $row->typename = base64_encode($row->typename);

  199.         fwrite($fp1,"\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");

  200.     }

  201.     fwrite($fp1, "{$phph}>");

  202.     fclose($fp1);

  203.     $cuserLogin->ReWriteAdminChannel();

  204.     @unlink($cache2);

  205.     @unlink($cache3);

  206. }

  207. 

  208. // 清空选项缓存

  209. function ClearOptCache()

  210. {

  211.     $tplCache = DEDEDATA.'/tplcache/';

  212.     $fileArray = glob($tplCache."inc_option_*.inc");

  213.     if (count($fileArray) > 1)

  214.     {

  215.         foreach ($fileArray as $key => $value)

  216.         {

  217.             if (file_exists($value)) unlink($value);

  218.             else continue;

  219.         }

  220.         return TRUE;

  221.     }

  222.     return FALSE;

  223. }

  224. 

  225. /**

  226.  *  引入模板文件

  227.  *

  228.  * @access    public

  229.  * @param     string  $filename  文件名称

  230.  * @param     bool  $isabs  是否为管理目录

  231.  * @return    string

  232.  */

  233. function DedeInclude($filename, $isabs=FALSE)

  234. {

  235.     return $isabs ? $filename : DEDEADMIN.'/'.$filename;

  236. }

  237. 

  238. helper('cache');

  239. /**

  240.  *  根据用户mid获取用户名称

  241.  *

  242.  * @access    public

  243.  * @param     int  $mid   用户ID

  244.  * @return    string

  245.  */

  246. if(!function_exists('GetMemberName')){

  247. 	function GetMemberName($mid=0)

  248. 	{

  249. 		global $dsql;

  250. 		$rs = GetCache('memberlogin', $mid);

  251. 		if( empty($rs) )

  252. 		{

  253. 			$rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");

  254. 			SetCache('memberlogin', $mid, $rs, 1800);

  255. 		}

  256. 		return $rs['uname'];

  257. 	}

  258. }