国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

164 lines
5.6KB

  1. <?php
  2. /**
  3. * 管理目录配置文件
  4. *
  5. * @version $Id: config.php 1 14:31 2010年7月12日Z tianya $
  6. * @package DedeBIZ.Administrator
  7. * @copyright Copyright (c) 2022, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));
  12. require_once(DEDEADMIN.'/../system/common.inc.php');
  13. require_once(DEDEINC.'/userlogin.class.php');
  14. header('Cache-Control:private');
  15. $dsql->safeCheck = FALSE;
  16. $dsql->SetLongLink();
  17. $cfg_admin_skin = 1;//后台管理风格
  18. if (file_exists(DEDEDATA.'/admin/skin.txt')) {
  19. $skin = file_get_contents(DEDEDATA.'/admin/skin.txt');
  20. $cfg_admin_skin = !in_array($skin, array(1, 2, 3, 4)) ? 1 : $skin;
  21. }
  22. //检查CSRF
  23. function CheckCSRF()
  24. {
  25. $cc_csrf_token_check = GetCookie("dede_csrf_token");
  26. DropCookie("dede_csrf_token");
  27. }
  28. //生成CSRF校验token,在比较重要的表单中应该要加上这个token校验
  29. $cc_csrf_token = GetCookie("dede_csrf_token");
  30. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {
  31. if (
  32. isset($cc_csrf_token) && is_string($cc_csrf_token)
  33. && preg_match('#^[0-9a-f]{32}$#iS', $cc_csrf_token) === 1
  34. ) {
  35. $GLOBALS['csrf_token'] = $cc_csrf_token;
  36. } else {
  37. $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));
  38. }
  39. }
  40. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
  41. PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');
  42. }
  43. //获得当前脚本名称,如果您的系统被禁用了$_SERVER变量,请自行修改这个选项
  44. $dedeNowurl = $s_scriptName = '';
  45. $isUrlOpen = @ini_get('allow_url_fopen');
  46. $dedeNowurl = GetCurUrl();
  47. $dedeNowurls = explode('?', $dedeNowurl);
  48. $s_scriptName = $dedeNowurls[0];
  49. //检验用户登录状态
  50. $cuserLogin = new userLogin();
  51. if ($cuserLogin->getUserID() == -1) {
  52. if (preg_match("#PHP (.*) Development Server#", $_SERVER['SERVER_SOFTWARE'])) {
  53. $dirname = dirname($_SERVER['SCRIPT_NAME']);
  54. header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));
  55. } else {
  56. header("location:login.php?gotopage=".urlencode($dedeNowurl));
  57. }
  58. exit();
  59. }
  60. function XSSClean($val)
  61. {
  62. if (is_array($val)) {
  63. foreach ($val as $key => $v) {
  64. if (in_array($key, array('tags', 'body', 'dede_fields', 'dede_addonfields', 'dopost', 'introduce'))) continue;
  65. $val[$key] = XSSClean($val[$key]);
  66. }
  67. return $val;
  68. }
  69. return RemoveXss($val);
  70. }
  71. if ($cfg_dede_log == 'Y') {
  72. $s_nologfile = '_main|_list';
  73. $s_needlogfile = 'sys_|file_';
  74. $s_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
  75. $s_query = isset($dedeNowurls[1]) ? $dedeNowurls[1] : '';
  76. $s_scriptNames = explode('/', $s_scriptName);
  77. $s_scriptNames = $s_scriptNames[count($s_scriptNames) - 1];
  78. $s_userip = GetIP();
  79. if ($s_method == 'POST' || (!preg_match("#".$s_nologfile."#i", $s_scriptNames) && $s_query != '') || preg_match("#".$s_needlogfile."#i", $s_scriptNames)) {
  80. $inquery = "INSERT INTO `#@__log`(adminid,filename,method,query,cip,dtime)
  81. VALUES ('".$cuserLogin->getUserID()."','{$s_scriptNames}','{$s_method}','".addslashes($s_query)."','{$s_userip}','".time()."');";
  82. $dsql->ExecuteNoneQuery($inquery);
  83. }
  84. }
  85. if (file_exists(DEDEDATA."/downmix.data.php")) {
  86. rename(DEDEDATA."/downmix.data.php",DEDEDATA."/downmix.data.inc");
  87. }
  88. //管理缓存管理员频道缓存
  89. $cache1 = DEDEDATA.'/cache/inc_catalog_base.inc';
  90. if (!file_exists($cache1)) UpDateCatCache();
  91. $cacheFile = DEDEDATA.'/cache/admincat_'.$cuserLogin->userID.'.inc';
  92. if (file_exists($cacheFile)) require_once($cacheFile);
  93. /**
  94. * 更新栏目缓存
  95. *
  96. * @access public
  97. * @return void
  98. */
  99. function UpDateCatCache()
  100. {
  101. global $dsql, $cache1, $cuserLogin;
  102. $cache2 = DEDEDATA.'/cache/channelsonlist.inc';
  103. $cache3 = DEDEDATA.'/cache/channeltoplist.inc';
  104. $dsql->SetQuery("SELECT id,reid,channeltype,issend,typename FROM `#@__arctype`");
  105. $dsql->Execute();
  106. $fp1 = fopen($cache1, 'w');
  107. $phph = '?';
  108. $fp1Header = "<{$phph}php\r\nglobal \$cfg_Cs;\r\n\$cfg_Cs=array();\r\n";
  109. fwrite($fp1, $fp1Header);
  110. while ($row = $dsql->GetObject()) {
  111. //将typename缓存起来
  112. $row->typename = base64_encode($row->typename);
  113. fwrite($fp1, "\$cfg_Cs[{$row->id}]=array({$row->reid},{$row->channeltype},{$row->issend},'{$row->typename}');\r\n");
  114. }
  115. fwrite($fp1, "{$phph}>");
  116. fclose($fp1);
  117. $cuserLogin->ReWriteAdminChannel();
  118. @unlink($cache2);
  119. @unlink($cache3);
  120. }
  121. //清空选项缓存
  122. function ClearOptCache()
  123. {
  124. $tplCache = DEDEDATA.'/tplcache/';
  125. $fileArray = glob($tplCache."inc_option_*.inc");
  126. if (count($fileArray) > 1) {
  127. foreach ($fileArray as $key => $value) {
  128. if (file_exists($value)) unlink($value);
  129. else continue;
  130. }
  131. return TRUE;
  132. }
  133. return FALSE;
  134. }
  135. /**
  136. * 引入模板文件
  137. *
  138. * @access public
  139. * @param string $filename 文件名称
  140. * @param bool $isabs 是否为管理目录
  141. * @return string
  142. */
  143. function DedeInclude($filename, $isabs = FALSE)
  144. {
  145. return $isabs ? $filename : DEDEADMIN.'/'.$filename;
  146. }
  147. /**
  148. * 根据用户mid获取用户名称
  149. *
  150. * @access public
  151. * @param int $mid 用户ID
  152. * @return string
  153. */
  154. if (!function_exists('GetMemberName')) {
  155. function GetMemberName($mid = 0)
  156. {
  157. global $dsql;
  158. if (empty($mid)) {
  159. return "管理员";
  160. }
  161. $rs = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$mid}' ");
  162. return $rs['uname'];
  163. }
  164. }