📄 admincp.php
字号:
<?php
!defined('R_P') && exit('Forbidden');
$cookietime = $timestamp+31536000;
$REQUEST_URI=$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
unset($db_ckpath,$db_ckdomain);
if($_SERVER['HTTP_CLIENT_IP']){
$onlineip=$_SERVER['HTTP_CLIENT_IP'];
}elseif($_SERVER['HTTP_X_FORWARDED_FOR']){
$onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$onlineip=$_SERVER['REMOTE_ADDR'];
}
$onlineip =substrs($onlineip,16);
$wind_version="3.0.1";
unset($_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
if(!get_magic_quotes_gpc()){
Add_S($_POST);
Add_S($_GET);
Add_S($_SESSION);
}
if(!ini_get('register_globals')){
@extract($_FILES,EXTR_SKIP);
}
foreach($_POST as $_key=>$_value){
CheckVar($_POST[$_key]);
$$_key=$_POST[$_key];
}
foreach($_GET as $_key=>$_value){
CheckVar($_GET[$_key]);
$$_key=$_GET[$_key];
}
if(!is_writeable(R_P.'data/bbscache') && !chmod(R_P.'data/bbscache',0777)){
include_once PrintEot('unloginleft');
adminmsg('session_error');
}else{
session_set_cookie_params(0,$db_ckpath);
session_name('S');
session_save_path(R_P.'data/bbscache');
session_cache_limiter('private, must-revalidate');
session_start();
}
if($adminjob=='quit'){
session_unset();
session_destroy();
echo "<meta http-equiv='refresh' content='0;url=admin.php'>";
exit;
}
include_once(R_P.'data/bbscache/dbset.php');
if($db_cvtime!=0) $timestamp+=$db_cvtime*60;
!$ob_check && $db_obstart==1 ? ob_start('ob_gzhandler') : ob_start();
$db_http!='N' ? $imgpath=$db_http:$imgpath='./'.$picpath;
$onbbstime=$timestamp-$_COOKIE['lastvisit'];
if (!$_SESSION['_admin_name'] && $db_refreshtime!=0){
if('HR:'.$_SERVER['HTTP_REFERER']==$_COOKIE['lastpath'] && $onbbstime<$db_refreshtime){
die("Refresh limitted by $db_refreshtime seconds");
}
}
Cookie('lastvisit',$timestamp);
if(strpos($REQUEST_URI,'?adminjob')===false || $adminjob=='settings' || $adminjob=='creathtm') $ob_check=1;/*解决打开 ob_gzhandler 进后台出现下载问题*/
include_once(R_P."data/bbscache/level.php");
include_once(R_P.'data/sql_config.php');
include_once(R_P.'require/db_'.$database.'.php');
include_once('./admin/cache.php');
include_once(R_P.'data/bbscache/forum_cache.php');
$H_url=$db_wwwurl;
$B_url=$db_bbsurl;
$tplpath=$db_defaultstyle;
$bbsrecordfile=R_P."data/bbscache/admin_record.php";
$F_count=F_L_count($bbsrecordfile,2000);
$L_T=1200-($timestamp-@filemtime($bbsrecordfile));
$L_left=15-$F_count;
if($F_count>15 && $L_T>0){
require_once GetLang('cpmsg');
$msg=$lang['login_fail'];
include PrintEot('adminlogin');exit;
}
/**
* 数据库连接
*/
$db = new DB($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
if (file_exists("install.php")){
include_once PrintEot('unloginleft');
adminmsg('installfile_exists');
}
if(!$manager){
include_once PrintEot('unloginleft');
adminmsg('sql_config');
}
if($_POST['admin_pwd'] && $_POST['admin_name']){
$_SESSION['_admin_name']=$_POST['admin_name'];
$_SESSION['_admin_pwd']=md5($_POST['admin_pwd']);
}else{
$_SESSION['_admin_name']=$_SESSION['_admin_name'];//register again
$_SESSION['_admin_pwd']=$_SESSION['_admin_pwd'];
}
$admin_name=stripcslashes($_SESSION['_admin_name']);
$admin_pwd=$_SESSION['_admin_pwd'];
/*
* 管理员验证
*/
$rightset=checkpass($admin_name,$admin_pwd);
$admin_gid=$rightset['gid'];
if (!$rightset || strlen($admin_pwd)<16) {
if ($admin_name!=""){
session_unset();
$new_adminrecord="<?die;?>|".Char_cv($admin_name)."|".Char_cv($_POST['admin_pwd'])."|Logging Failed|$onlineip|$timestamp|\n";
writeover($bbsrecordfile,$new_adminrecord,"ab");
if($_POST['Login_f']==1){
require_once GetLang('cpmsg');
$msg=$lang['login_error'];
$basename.="?adminjob=$adminjob";
include PrintEot('adminlogin');exit;
}
}
strpos($REQUEST_URI,'?') && $admin_add=substr($REQUEST_URI,strpos($REQUEST_URI,'?')+1);
include PrintEot('adminlogin');exit;
} elseif($_POST['admin_name']){
echo "<meta http-equiv='refresh' content='0;url=admin.php?adminjob=$adminjob'>";
exit;
}
$new_adminrecord="<?die;?>|".Char_cv($admin_name)."||".str_replace('|','|',Char_cv($REQUEST_URI))."|$onlineip|$timestamp|\n";
writeover($bbsrecordfile,$new_adminrecord,"ab");
//日记结束
function Cookie($ck_Var,$ck_Value,$ck_Time='F'){
global $cookietime,$db_ckpath,$db_ckdomain;
if($ck_Time=='F') $ck_Time = $cookietime;
$S=$_SERVER['SERVER_PORT']=='443' ? 1:0;
!$db_ckpath && $db_ckpath='/';
setCookie($ck_Var,$ck_Value,$ck_Time,$db_ckpath,$db_ckdomain,$S);
}
function Add_S(&$array){
if($array){
foreach($array as $key=>$value){
if(!is_array($value)){
$array[$key]=addslashes($value);
}else{
Add_S($array[$key]);
}
}
}
}
function substrs($content,$length) {
if($length && strlen($content)>$length){
$num=0;
for($i=0;$i<$length-3;$i++) {
if(ord($content[$i])>127){
$num++;
}
}
$num%2==1 ? $content=substr($content,0,$length-4):$content=substr($content,0,$length-3);
$content.='..';
}
return $content;
}
function checkpass($admin_name,$admin_pwd){
global $db,$manager,$manager_pwd,$db_lgck,$lg_num;
if (!$admin_name || !$admin_pwd) return false;
if($_POST['Login_f']==1 && $db_lgck && function_exists('imagecreate') && (!$lg_num || md5($lg_num) != $_COOKIE['ck_num'])){
return false;
}
if(strtolower($admin_name)==strtolower($manager) && $admin_pwd==$manager_pwd){
$rightset=array(
'news'=>'1', 'atcadd'=> '1', 'atcsch'=>'1',
'settings'=>'1', 'updatecache'=> '1','postcache'=>'1', 'creathtm'=>'1', 'credit'=>'1',
'bakout'=> '1', 'bakin'=> '1', 'repair'=>'1', 'setforum'=>'1', 'uniteforum'=>'1',
'setstyles'=> '1', 'setuser'=>'1', 'userstats'=>'1', 'upgrade'=> '1', 'editgroup'=>'1',
'level'=>'1', 'announcement'=>'1','mailuser'=>'1', 'send_msg'=>'1', 'giveuser'=>'1',
'article'=>'1', 'member'=>'1', 'message'=>'1', 'attachment'=>'1', 'attachstats'=>'1',
'attachrenew'=>'1', 'tpccheck'=>'1', 'banuser'=>'1', 'viewban'=>'1', 'ipban'=>'1',
'setbwd'=>'1', 'adminlog'=>'1', 'forumlog'=>'1', 'creditlog'=>'1', 'userlog'=>'1',
'setads'=>'1', 'share'=>'1', 'viewtody'=>'1', 'postcheck'=>'1', 'checkemail'=>'1',
'checkreg'=>'1', 'addatc'=>'1', 'schatc'=>'1', 'report'=>'1'
);
return $rightset;
} else{
$admindb=$db->get_one("SELECT m.groupid,u.gptype,u.allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid WHERE username='".addslashes($admin_name)."' AND password='$admin_pwd'");
}
if(!$admindb) return false;
/*
* 通过设置权限控制是否允许进后台
*/
$rightset=array();
if(($admindb['gptype']=='system' || $admindb['gptype']=='special') && $admindb['allowadmincp']){
$rightset=$db->get_one("SELECT * FROM pw_adminset WHERE gid='$admindb[groupid]'");
if(!$rightset){
$rightset=array('gid'=>'$admindb[groupid]');
} else{
$rightset=unserialize($rightset['value']);
$rightset['gid']=$admindb['groupid'];
}
return $rightset;
} else{
return false;
}
}
function gets($filename,$value)
{
if($handle=@fopen($filename,"rb")){
flock($handle,LOCK_SH);
$getcontent=fread($handle,$value);//fgets调试
fclose($handle);
}
return $getcontent;
}
function readover($filename,$method="rb",$readsize="D")
{
$filesize=@filesize($filename);
if($readsize!="D") $filesize=min($filesize,$readsize);/*备份时解决list的负载控制*/
if($handle=@fopen($filename,$method)){
flock($handle,LOCK_SH);
$filedata=@fread($handle,$filesize);
fclose($handle);
}
return $filedata;
}
function writeover($filename,$data,$method="rb+",$iflock=1)
{
@touch($filename);/*文件不存在则创建之.可以采用file_exists验证并其他创建文件函数代替.测试结果效率相当*/
$handle=@fopen($filename,$method);
if($iflock){
flock($handle,LOCK_EX);
}
fputs($handle,$data);
if($method=="rb+") ftruncate($handle,strlen($data));
fclose($handle);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -