国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

172 lines
5.1KB

  1. <?php
  2. @set_time_limit(0);
  3. require_once(dirname(__FILE__)."/config.php");
  4. AjaxHead();
  5. if (!function_exists('TestWriteable')) {
  6. //检测是否可写
  7. function TestWriteable($d, $c = false)
  8. {
  9. $tfile = '_write_able.txt';
  10. $d = preg_replace("/\/$/", '', $d);
  11. $fp = @fopen($d.'/'.$tfile, 'w');
  12. if (!$fp) {
  13. if ($c == false) {
  14. @chmod($d, 0777);
  15. return false;
  16. } else return TestWriteable($d, true);
  17. } else {
  18. fclose($fp);
  19. return @unlink($d.'/'.$tfile) ? true : false;
  20. }
  21. }
  22. }
  23. if (!function_exists('TestExecuteable')) {
  24. //检查是否具目录可执行
  25. function TestExecuteable($d = '.', $siteuRL = '', $rootDir = '')
  26. {
  27. $testStr = '<'.chr(0x3F).'p'.chr(hexdec(68)).chr(112)."\n\r";
  28. $filename = md5($d).'.php';
  29. $testStr .= 'function test(){ echo md5(\''.$d.'\');}'."\n\rtest();\n\r";
  30. $testStr .= chr(0x3F).'>';
  31. $reval = false;
  32. if (empty($rootDir)) $rootDir = DEDEROOT;
  33. if (TestWriteable($d)) {
  34. @file_put_contents($d.'/'.$filename, $testStr);
  35. $remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/', realpath($d))).'/'.$filename;
  36. $tempStr = @PostHost($remoteUrl);
  37. $reval = (md5($d) == trim($tempStr)) ? true : false;
  38. unlink($d.'/'.$filename);
  39. return $reval;
  40. } else {
  41. return -1;
  42. }
  43. }
  44. }
  45. if (!function_exists('PostHost')) {
  46. function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)
  47. {
  48. $parse = @parse_url($host);
  49. if (empty($parse)) return false;
  50. if ((int)$port > 0) {
  51. $parse['port'] = $port;
  52. } elseif (!@$parse['port']) {
  53. $parse['port'] = '80';
  54. }
  55. $parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://").$parse['host'];
  56. if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {
  57. return false;
  58. }
  59. $method = strtoupper($method);
  60. $wlength = $wdata = $responseText = '';
  61. $parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path'])."?".@$parse['query'];
  62. if ($method == 'GET') {
  63. $separator = @$parse['query'] ? '&' : '';
  64. substr($data, 0, 1) == '&' && $data = substr($data, 1);
  65. $parse['path'] .= $separator.$data;
  66. } elseif ($method == 'POST') {
  67. $wlength = "Content-length: ".strlen($data)."\r\n";
  68. $wdata = $data;
  69. }
  70. $write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";
  71. @fwrite($fp, $write);
  72. while ($data = @fread($fp, 4096)) {
  73. $responseText .= $data;
  74. }
  75. @fclose($fp);
  76. empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");
  77. return $responseText;
  78. }
  79. }
  80. if (!function_exists('TestAdminPWD')) {
  81. //返回结果,1没有修改默认管理员名称,2没有修改默认管理员账号和密码,3没有发现默认账号
  82. function TestAdminPWD()
  83. {
  84. global $dsql;
  85. //查询栏目表确定栏目所在的目录
  86. $sql = "SELECT usertype,userid,pwd FROM `#@__admin` WHERE `userid`='admin'";
  87. $row = $dsql->GetOne($sql);
  88. if (is_array($row)) {
  89. if ($row['pwd'] == 'f297a57a5a743894a0e4') {
  90. return -2;
  91. } else {
  92. return -1;
  93. }
  94. } else {
  95. return 0;
  96. }
  97. }
  98. }
  99. if (!function_exists('IsWritable')) {
  100. //检测是否可写
  101. function IsWritable($pathfile)
  102. {
  103. $isDir = substr($pathfile, -1) == '/' ? true : false;
  104. if ($isDir) {
  105. if (is_dir($pathfile)) {
  106. mt_srand((float)microtime() * 1000000);
  107. $pathfile = $pathfile.'biz_'.uniqid(mt_rand()).'.tmp';
  108. } elseif (@mkdir($pathfile)) {
  109. return IsWritable($pathfile);
  110. } else {
  111. return false;
  112. }
  113. }
  114. @chmod($pathfile, 0777);
  115. $fp = @fopen($pathfile, 'ab');
  116. if ($fp === false) return false;
  117. fclose($fp);
  118. $isDir && @unlink($pathfile);
  119. return true;
  120. }
  121. }
  122. //检测权限
  123. $safeMsg = array();
  124. $dirname = str_replace('index_body.php', '', strtolower($_SERVER['PHP_SELF']));
  125. if (!DEDEBIZ_SAFE_MODE) {
  126. $safeMsg[] = '系统运行环境为开发模式,建议您启用安全模式 <a href="index_body.php?dopost=safe_mode" class="btn btn-success btn-xs">详情</a>';
  127. }
  128. if (!IsSSL()) {
  129. $safeMsg[] = '检测到网址非安全链接,建议您部署https';
  130. }
  131. if (IsWritable(DEDEDATA.'/common.inc.php')) {
  132. $safeMsg[] = '检测到data/common.inc.php数据库配置文件权限可以写入,建议您权限设置禁止写入和执行';
  133. }
  134. if (version_compare(PHP_VERSION, '5.3.0', '<')) {
  135. $safeMsg[] = '检测到php版本过低会无法正常使用后台,建议您升级到php8.x';
  136. }
  137. if (preg_match("#[\\|/]admin[\\|/]#", $dirname)) {
  138. $safeMsg[] = '检测到后台管理目录名称中包含admin,强烈建议后台管理目录修改为其它名称';
  139. }
  140. $rs = TestAdminPWD();
  141. if ($rs < 0) {
  142. $linkurl = ' <a href="sys_admin_user.php" class="btn btn-success btn-xs">修改</a>';
  143. switch ($rs) {
  144. case -1:
  145. $msg = "检测到默认账号没有修改,建议您修改{$linkurl}";
  146. break;
  147. case -2:
  148. $msg = "检测到默认账号和密码没有修改,建议您修改{$linkurl}";
  149. break;
  150. }
  151. $safeMsg[] = $msg;
  152. }
  153. ?>
  154. <?php
  155. if (count($safeMsg) > 0) {
  156. ?>
  157. <div class="alert alert-warning shadow-sm mt-3 mb-0">
  158. <ul>
  159. <?php
  160. $i = 1;
  161. foreach ($safeMsg as $key => $val) {
  162. ?>
  163. <li><?php echo $i;?>、<?php echo $val;?></li>
  164. <?php
  165. $i++;
  166. }
  167. ?>
  168. </ul>
  169. </div>
  170. <?php
  171. }
  172. ?>