📄 admincp.php
字号:
<?php
/**
*
* Copyright (c) 2003-06 PHPWind.net. All rights reserved.
* Support : http://www.phpwind.net
* This software is the proprietary information of PHPWind.com.
*
*/
!defined('R_P') && exit('Forbidden');
unset($_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
if(!get_magic_quotes_gpc()){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
Add_S($_FILES);
if($_SERVER['HTTP_X_FORWARDED_FOR']){
$onlineip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$c_agentip=1;
}elseif($_SERVER['HTTP_CLIENT_IP']){
$onlineip = $_SERVER['HTTP_CLIENT_IP'];
$c_agentip=1;
}else{
$onlineip = $_SERVER['REMOTE_ADDR'];
$c_agentip=0;
}
$onlineip = substrs(str_replace("\n",'',addslashes($onlineip)),16);
$db_cp = '';
$timestamp = time();
require_once(R_P.'admin/defend.php');
$db_cvtime != 0 && $timestamp += $db_cvtime*60;
define('C_P',$db_cp);
$cookietime = $timestamp+31536000;
!$_SERVER['PHP_SELF'] && $_SERVER['PHP_SELF']=$_SERVER['SCRIPT_NAME'];
$REQUEST_URI = $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
//unset($db_ckpath,$db_ckdomain);
$wind_version = "4.3.2";
$wind_repair = '20061120';
$db_olsize = 96;
$htmdir = 'htm_data';
list($db_moneyname,$db_moneyunit,$db_rvrcname,$db_rvrcunit,$db_creditname,$db_creditunit)=explode("\t",$db_credits);
if($adminjob=='quit'){
Cookie('AdminUser','',0);
ObHeader($admin_file);
}
include_once(D_P.'data/bbscache/dbset.php');
$imgpath = $db_http != 'N' ? $db_http : "$db_bbsurl/$picpath";
$attachpath = $db_attachurl != 'N' ? $db_attachurl : "$db_bbsurl/$attachname";
$imgdir = R_P.$picpath;
$attachdir = R_P.$attachname;
if(D_P != R_P && $db_http != 'N'){
$R_url=substr($db_http,-1)=='/' ? substr($db_http,0,-1) : $db_http;
$R_url=substr($R_url,0,strrpos($R_url,'/'));
}else{
$R_url=$db_bbsurl;
}
if(!$adminjob || ($adminjob=='settings' && $type=='coreset') || $adminjob=='creathtm') $ob_check=1;/*解决打开 ob_gzhandler 进后台出现下载问题*/
!$ob_check && $db_obstart == 1 && function_exists('ob_gzhandler') ? ob_start('ob_gzhandler') : ob_start();
$skin=$db_defaultstyle;
$skinco = GetCookie('skinco');
$_GET['skinco'] && $skinco=$_GET['skinco'];
$_POST['skinco'] && $skinco=$_POST['skinco'];
if($skinco && file_exists(D_P."data/style/$skinco.php") && strpos($skinco,'..')===false){
$skin=$skinco;
Cookie('skinco',$skinco);
}
include_once(D_P."data/bbscache/level.php");
include_once(D_P."data/bbscache/forum_cache.php");
@include_once(D_P."data/style/$skin.php");
include_once(D_P."data/sql_config.php");
include_once(R_P.'require/db_'.$database.'.php');
include_once(R_P.'admin/cache.php');
$H_url=$db_wwwurl;
$B_url=$db_bbsurl;
$bbsrecordfile=D_P."data/bbscache/admin_record.php";
$F_count=F_L_count($bbsrecordfile,2000);
$L_T=1200-($timestamp-@filemtime($bbsrecordfile));
$L_left=15-$F_count;
if($F_count>15 && $L_T>0){
require_once GetLang('cpmsg');
$msg=$lang['login_fail'];
include PrintEot('adminlogin');exit;
}
/**
* 数据库连接
*/
$db = new DB($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
if (file_exists("install.php")){
adminmsg('installfile_exists');
}
if(!$manager){
include_once PrintEot('unloginleft');
adminmsg('sql_config');
}
if($_POST['admin_pwd'] && $_POST['admin_name']){
$pwuser = $_POST['admin_name'];
$AdminUser = StrCode($timestamp."\t".$pwuser."\t".md5(PwdCode(md5($_POST['admin_pwd'])).$timestamp));
Cookie('AdminUser',$AdminUser);
}elseif(GetCookie('AdminUser')){
$AdminUser = GetCookie('AdminUser');
}else{
$AdminUser = '';
}
list(,,,,,$admingd) = explode("\t",$db_gdcheck);
if($AdminUser){
$CK = explode("\t",StrCode($AdminUser,'DECODE'));
$admin_name = stripcslashes($CK[1]);
}else{
$CK = $admin_name = '';
}
$rightset = checkpass($CK);
$admin_gid = $rightset['gid'];
$admin_level = If_manager ? 'manager' : $ltitle[$admin_gid];
if(!If_manager){
Iplimit();
CheckVar($_POST);
CheckVar($_GET);
}
if (!$rightset) {
if ($_POST['admin_name'] && $_POST['admin_pwd']){
$record_name= str_replace('|','|',Char_cv($_POST['admin_name']));
$record_pwd = str_replace('|','|',Char_cv($_POST['admin_pwd']));
$new_record="<?die;?>|$record_name|$record_pwd|Logging Failed|$onlineip|$timestamp|\n";
writeover($bbsrecordfile,$new_record,"ab");
adminmsg('login_error');
}
include PrintEot('adminlogin');exit;
}elseif($_POST['admin_name']){
ObHeader($REQUEST_URI);
}
$_postdata = $_POST ? PostLog($_POST) : '';
$record_name = str_replace('|','|',Char_cv($admin_name));
$record_URI = str_replace('|','|',Char_cv($REQUEST_URI));
$new_record="<?die;?>|$record_name||$record_URI|$onlineip|$timestamp|$_postdata|\n";
writeover($bbsrecordfile,$new_record,"ab");
if ($_SERVER['REQUEST_METHOD']=='POST'){
$referer_a=parse_url($_SERVER['HTTP_REFERER']);
$s_host=$_SERVER['HTTP_HOST'];
strpos($s_host,':') && $s_host = substr($s_host,0,strpos($s_host,':'));
if($referer_a['host'] && $referer_a['host']!=$s_host){
adminmsg('undefined_action');
}
PostCheck($verify);
}
function Cookie($ck_Var,$ck_Value,$ck_Time='F'){
global $cookietime;
if($ck_Time=='F') $ck_Time = $cookietime;
$S=$_SERVER['SERVER_PORT']=='443' ? 1:0;
setCookie($ck_Var,$ck_Value,$ck_Time,'/','',$S);
}
function GetCookie($Var){
return $_COOKIE[$Var];
}
function Add_S(&$array){
if($array){
foreach($array as $key=>$value){
if(!is_array($value)){
$array[$key]=addslashes($value);
}else{
Add_S($array[$key]);
}
}
}
}
function HtmlConvert(&$array){
if(is_array($array)){
foreach($array as $key => $value){
if(!is_array($value)){
$array[$key]=htmlspecialchars($value);
}else{
HtmlConvert($array[$key]);
}
}
} else{
$array=htmlspecialchars($array);
}
}
function substrs($content,$length){
global $db_charset;
if($length && strlen($content)>$length){
if($db_charset!='utf-8'){
$retstr='';
for($i = 0; $i < $length - 2; $i++) {
$retstr .= ord($content[$i]) > 127 ? $content[$i].$content[++$i] : $content[$i];
}
return $retstr.' ..';
}else{
return utf8_trim(substr($content,0,$length)).' ..';
}
}
return $content;
}
function utf8_trim($str) {
$len = strlen($str);
for($i=strlen($str)-1;$i>=0;$i-=1){
$hex .= ' '.ord($str[$i]);
$ch = ord($str[$i]);
if(($ch & 128)==0) return substr($str,0,$i);
if(($ch & 192)==192)return substr($str,0,$i);
}
return($str.$hex);
}
function checkpass($CK){
global $db,$manager,$manager_pwd,$lg_num,$admingd,$onlineip;
if (!$CK){
return false;
}
Add_S($CK);
if($_POST['Login_f']==1 && $admingd){
if(!GdConfirm($lg_num)){
global $basename,$admin_file;
Cookie('AdminUser','',0);
$basename = $admin_file;
adminmsg('check_error');
}
}
if(strtolower($CK[1]) == strtolower($manager)){
if(!SafeCheck($CK,PwdCode($manager_pwd))){
$rt = $db->get_one("SELECT password FROM pw_members WHERE username='$CK[1]'");
if(!SafeCheck($CK,PwdCode($rt['password']))){
return false;
}
}
define('If_manager',1);
$rightset = array();
$rightset['gid'] = 3;
require GetLang('left');
@include GetLang('c_left');
foreach($lang as $key=>$left){
foreach($left as $key=>$value){
$rightset[$key] = '1';
}
}
return $rightset;
} else{
define('If_manager',0);
$admindb = $db->get_one("SELECT m.password,m.groupid,u.gptype,u.allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid WHERE username='$CK[1]'");
if(!SafeCheck($CK,PwdCode($admindb['password']))){
return false;
}
}
if(!$admindb){
return false;
}
$rightset = array();
if(($admindb['gptype']=='system' || $admindb['gptype']=='special') && $admindb['allowadmincp']){
$rightset = $db->get_one("SELECT * FROM pw_adminset WHERE gid='$admindb[groupid]'");
if(!$rightset){
$rightset = array('gid'=>'$admindb[groupid]');
} else{
$rightset = P_unserialize($rightset['value']);
$rightset['gid'] = $admindb['groupid'];
}
return $rightset;
} else{
return false;
}
}
function PwdCode($pwd){
return md5($_SERVER["HTTP_USER_AGENT"].$pwd.$GLOBALS['db_hash']);
}
function SafeCheck($CK,$PwdCode,$var='AdminUser',$expire=1800){
global $timestamp;
$t = $timestamp - $CK[0];
if($t > $expire || $CK[2] != md5($PwdCode.$CK[0])){
Cookie($var,'',0);
return false;
}else{
$CK[0] = $timestamp;
$CK[2] = md5($PwdCode.$timestamp);
$Value = implode("\t",$CK);
$$var = StrCode($Value);
Cookie($var,StrCode($Value));
return true;
}
}
function StrCode($string,$action='ENCODE'){
$key = substr(md5($_SERVER["HTTP_USER_AGENT"].$GLOBALS['db_hash']),8,18);
$string = $action == 'ENCODE' ? $string : base64_decode($string);
$len = strlen($key);
$code = '';
for($i=0; $i<strlen($string); $i++){
$k = $i % $len;
$code .= $string[$i] ^ $key[$k];
}
$code = $action == 'DECODE' ? $code : base64_encode($code);
return $code;
}
function gets($filename,$value)
{
if($handle=@fopen($filename,"rb")){
flock($handle,LOCK_SH);
$getcontent=fread($handle,$value);//fgets调试
fclose($handle);
}
return $getcontent;
}
function P_unlink($filename){
strpos($filename,'..')!==false && exit('Forbidden');
@unlink($filename);
}
function readover($filename,$method="rb"){
strpos($filename,'..')!==false && exit('Forbidden');
if($handle=@fopen($filename,$method)){
flock($handle,LOCK_SH);
$filedata=@fread($handle,filesize($filename));
fclose($handle);
}
return $filedata;
}
function writeover($filename,$data,$method="rb+",$iflock=1,$check=1,$chmod=1){
$check && strpos($filename,'..')!==false && exit('Forbidden');
touch($filename);
$handle=fopen($filename,$method);
if($iflock){
flock($handle,LOCK_EX);
}
fwrite($handle,$data);
if($method=="rb+") ftruncate($handle,strlen($data));
fclose($handle);
$chmod && @chmod($filename,0777);
}
function openfile($filename,$style='Y')
{
if($style=='Y'){
$filedata=readover($filename);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -