2015-03-22 20:54:54 +00:00
|
|
|
|
<?php
|
|
|
|
|
|
/*
|
|
|
|
|
|
* @link http://www.kalcaddle.com/
|
|
|
|
|
|
* @author warlee | e-mail:kalcaddle@qq.com
|
|
|
|
|
|
* @copyright warlee 2014.(Shanghai)Co.,Ltd
|
|
|
|
|
|
* @license http://kalcaddle.com/tools/licenses/license.txt
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
//处理成标准目录
|
|
|
|
|
|
function _DIR_CLEAR($path){
|
|
|
|
|
|
$path = htmlspecial_decode($path);
|
|
|
|
|
|
$path = str_replace('\\','/',trim($path));
|
|
|
|
|
|
if (strstr($path,'../')) {//preg耗性能
|
|
|
|
|
|
$path = preg_replace('/\.+\/+/', '/', $path);
|
|
|
|
|
|
}
|
|
|
|
|
|
$path = preg_replace('/\/+/', '/', $path);
|
|
|
|
|
|
return $path;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//处理成用户目录,并且不允许相对目录的请求操作
|
|
|
|
|
|
function _DIR($path){
|
|
|
|
|
|
$path = _DIR_CLEAR(rawurldecode($path));
|
|
|
|
|
|
$path = iconv_system($path);
|
|
|
|
|
|
if (substr($path,0,strlen('*recycle*/')) == '*recycle*/') {
|
|
|
|
|
|
return USER_RECYCLE.str_replace('*recycle*/','',$path);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (substr($path,0,strlen('*public*/')) == '*public*/') {
|
|
|
|
|
|
return PUBLIC_PATH.str_replace('*public*/','',$path);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (substr($path,0,strlen('*share*/')) == '*share*/') {
|
|
|
|
|
|
return "*share*/";
|
|
|
|
|
|
}
|
|
|
|
|
|
$path = HOME.$path;
|
|
|
|
|
|
if (is_dir($path)) $path = rtrim($path,'/').'/';
|
|
|
|
|
|
return $path;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//处理成用户目录输出
|
|
|
|
|
|
function _DIR_OUT(&$arr){
|
|
|
|
|
|
xxsClear($arr);
|
2015-10-25 15:39:11 +00:00
|
|
|
|
if (isset($GLOBALS['is_root'])&&$GLOBALS['is_root']) return;
|
2015-03-22 20:54:54 +00:00
|
|
|
|
if (is_array($arr)) {
|
|
|
|
|
|
foreach ($arr['filelist'] as $key => $value) {
|
|
|
|
|
|
$arr['filelist'][$key]['path'] = pre_clear($value['path']);
|
|
|
|
|
|
}
|
|
|
|
|
|
foreach ($arr['folderlist'] as $key => $value) {
|
|
|
|
|
|
$arr['folderlist'][$key]['path'] = pre_clear($value['path']);
|
|
|
|
|
|
}
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$arr = pre_clear($arr);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
//前缀处理 非root用户目录/从HOME开始
|
|
|
|
|
|
function pre_clear($path){
|
2015-03-24 09:31:30 +00:00
|
|
|
|
if (ST=='share') {
|
|
|
|
|
|
return str_replace(HOME,'',$path);
|
|
|
|
|
|
}
|
2015-03-22 20:54:54 +00:00
|
|
|
|
if (substr($path,0,strlen(PUBLIC_PATH)) == PUBLIC_PATH) {
|
|
|
|
|
|
return '*public*/'.str_replace(PUBLIC_PATH,'',$path);
|
|
|
|
|
|
}
|
2015-10-25 15:39:11 +00:00
|
|
|
|
if (substr($path,0,strlen(USER_RECYCLE)) == USER_RECYCLE) {
|
|
|
|
|
|
return '*recycle*/'.str_replace(USER_RECYCLE,'',$path);
|
|
|
|
|
|
}
|
2015-03-22 20:54:54 +00:00
|
|
|
|
return str_replace(HOME,'',$path);
|
|
|
|
|
|
}
|
|
|
|
|
|
function xxsClear(&$list){
|
|
|
|
|
|
if (is_array($list)) {
|
|
|
|
|
|
foreach ($list['filelist'] as $key => $value) {
|
|
|
|
|
|
$list['filelist'][$key]['ext'] = htmlspecial($value['ext']);
|
|
|
|
|
|
$list['filelist'][$key]['path'] = htmlspecial($value['path']);
|
|
|
|
|
|
$list['filelist'][$key]['name'] = htmlspecial($value['name']);
|
|
|
|
|
|
}
|
|
|
|
|
|
foreach ($list['folderlist'] as $key => $value) {
|
|
|
|
|
|
$list['folderlist'][$key]['path'] = htmlspecial($value['path']);
|
|
|
|
|
|
$list['folderlist'][$key]['name'] = htmlspecial($value['name']);
|
|
|
|
|
|
}
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$list = htmlspecial($list);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
function htmlspecial($str){
|
|
|
|
|
|
return str_replace(
|
|
|
|
|
|
array('<','>','"',"'"),
|
|
|
|
|
|
array('<','>','"',''','&'),
|
|
|
|
|
|
$str
|
|
|
|
|
|
);
|
|
|
|
|
|
}
|
|
|
|
|
|
function htmlspecial_decode($str){
|
|
|
|
|
|
return str_replace(
|
|
|
|
|
|
array('<','>','"','''),
|
|
|
|
|
|
array('<','>','"',"'"),
|
|
|
|
|
|
$str
|
|
|
|
|
|
);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//扩展名权限判断
|
|
|
|
|
|
function checkExtUnzip($s,$info){
|
|
|
|
|
|
return checkExt($info['stored_filename']);
|
|
|
|
|
|
}
|
|
|
|
|
|
//扩展名权限判断 有权限则返回1 不是true
|
|
|
|
|
|
function checkExt($file,$changExt=false){
|
|
|
|
|
|
if (strstr($file,'<') || strstr($file,'>') || $file=='') {
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
if ($GLOBALS['is_root'] == 1) return 1;
|
|
|
|
|
|
$not_allow = $GLOBALS['auth']['ext_not_allow'];
|
|
|
|
|
|
$ext_arr = explode('|',$not_allow);
|
|
|
|
|
|
foreach ($ext_arr as $current) {
|
2015-10-25 15:39:11 +00:00
|
|
|
|
if ($current !== '' && stristr($file,'.'.$current)){//含有扩展名
|
2015-03-22 20:54:54 +00:00
|
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-10-25 15:39:11 +00:00
|
|
|
|
|
|
|
|
|
|
function get_charset(&$str) {
|
|
|
|
|
|
if ($str == '') return 'utf-8';
|
|
|
|
|
|
//前面检测成功则,自动忽略后面
|
|
|
|
|
|
$charset=strtolower(mb_detect_encoding($str,$GLOBALS['config']['check_charset']));
|
|
|
|
|
|
if (substr($str,0,3)==chr(0xEF).chr(0xBB).chr(0xBF)){
|
|
|
|
|
|
$charset='utf-8';
|
|
|
|
|
|
}else if($charset=='cp936'){
|
|
|
|
|
|
$charset='gbk';
|
|
|
|
|
|
}
|
|
|
|
|
|
if ($charset == 'ascii') $charset = 'utf-8';
|
|
|
|
|
|
return strtolower($charset);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-03-22 20:54:54 +00:00
|
|
|
|
function php_env_check(){
|
|
|
|
|
|
$L = $GLOBALS['L'];
|
|
|
|
|
|
$error = '';
|
2015-03-24 09:31:30 +00:00
|
|
|
|
$base_path = get_path_this(BASIC_PATH).'/';
|
2015-03-22 20:54:54 +00:00
|
|
|
|
if(!function_exists('iconv')) $error.= '<li>'.$L['php_env_error_iconv'].'</li>';
|
|
|
|
|
|
if(!function_exists('mb_convert_encoding')) $error.= '<li>'.$L['php_env_error_mb_string'].'</li>';
|
|
|
|
|
|
if(!version_compare(PHP_VERSION,'5.0','>=')) $error.= '<li>'.$L['php_env_error_version'].'</li>';
|
|
|
|
|
|
if(!function_exists('file_get_contents')) $error.='<li>'.$L['php_env_error_file'].'</li>';
|
2015-03-24 09:31:30 +00:00
|
|
|
|
if(!path_writable(BASIC_PATH)) $error.= '<li>'.$base_path.' '.$L['php_env_error_path'].'</li>';
|
|
|
|
|
|
if(!path_writable(BASIC_PATH.'data')) $error.= '<li>'.$base_path.'data '.$L['php_env_error_path'].'</li>';
|
|
|
|
|
|
if(!path_writable(BASIC_PATH.'data/system')) $error.= '<li>'.$base_path.'data/system '.$L['php_env_error_path'].'</li>';
|
|
|
|
|
|
if(!path_writable(BASIC_PATH.'data/User')) $error.= '<li>'.$base_path.'data/User '.$L['php_env_error_path'].'</li>';
|
|
|
|
|
|
if(!path_writable(BASIC_PATH.'data/thumb')) $error.= '<li>'.$base_path.'data/thumb '.$L['php_env_error_path'].'</li>';
|
2015-03-22 20:54:54 +00:00
|
|
|
|
if( !function_exists('imagecreatefromjpeg')||
|
|
|
|
|
|
!function_exists('imagecreatefromgif')||
|
2015-03-24 09:31:30 +00:00
|
|
|
|
!function_exists('imagecreatefrompng')||
|
2015-03-22 20:54:54 +00:00
|
|
|
|
!function_exists('imagecolorallocate')){
|
|
|
|
|
|
$error.= '<li>'.$L['php_env_error_gd'].'</li>';
|
|
|
|
|
|
}
|
|
|
|
|
|
return $error;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//语言包加载:优先级:cookie获取>自动识别
|
|
|
|
|
|
//首次没有cookie则自动识别——存入cookie,过期时间无限
|
|
|
|
|
|
function init_lang(){
|
|
|
|
|
|
if (isset($_COOKIE['kod_user_language'])) {
|
|
|
|
|
|
$lang = $_COOKIE['kod_user_language'];
|
|
|
|
|
|
}else{//没有cookie
|
|
|
|
|
|
preg_match('/^([a-z\-]+)/i', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $matches);
|
|
|
|
|
|
$lang = $matches[1];
|
|
|
|
|
|
switch (substr($lang,0,2)) {
|
|
|
|
|
|
case 'zh':
|
|
|
|
|
|
if ($lang != 'zn-TW'){
|
|
|
|
|
|
$lang = 'zh-CN';
|
|
|
|
|
|
}
|
|
|
|
|
|
break;
|
|
|
|
|
|
case 'en':$lang = 'en';break;
|
|
|
|
|
|
default:$lang = 'en';break;
|
|
|
|
|
|
}
|
|
|
|
|
|
$lang = str_replace('-', '_',$lang);
|
|
|
|
|
|
setcookie('kod_user_language',$lang, time()+3600*24*365);
|
|
|
|
|
|
}
|
2015-03-24 09:31:30 +00:00
|
|
|
|
if ($lang == '') $lang = 'en';
|
2015-03-22 20:54:54 +00:00
|
|
|
|
|
2015-03-24 09:31:30 +00:00
|
|
|
|
$lang = str_replace(array('/','\\','..','.'),'',$lang);
|
2015-03-22 20:54:54 +00:00
|
|
|
|
define('LANGUAGE_TYPE', $lang);
|
|
|
|
|
|
include(LANGUAGE_PATH.$lang.'/main.php');
|
|
|
|
|
|
$GLOBALS['L'] = $L;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function init_setting(){
|
|
|
|
|
|
$setting_file = USER_SYSTEM.'system_setting.php';
|
|
|
|
|
|
if (!file_exists($setting_file)){//不存在则建立
|
|
|
|
|
|
$setting = $GLOBALS['config']['setting_system_default'];
|
|
|
|
|
|
$setting['menu'] = $GLOBALS['config']['setting_menu_default'];
|
|
|
|
|
|
fileCache::save($setting_file,$setting);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$setting = fileCache::load($setting_file);
|
2015-03-31 04:29:36 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!is_array($setting)) {
|
|
|
|
|
|
$setting = $GLOBALS['config']['setting_system_default'];
|
|
|
|
|
|
}
|
|
|
|
|
|
if (!is_array($setting['menu'])) {
|
|
|
|
|
|
$setting['menu'] = $GLOBALS['config']['setting_menu_default'];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-03-22 20:54:54 +00:00
|
|
|
|
$GLOBALS['app']->setDefaultController($setting['first_in']);//设置默认控制器
|
|
|
|
|
|
$GLOBALS['app']->setDefaultAction('index'); //设置默认控制器函数
|
|
|
|
|
|
|
|
|
|
|
|
$GLOBALS['config']['setting_system'] = $setting;//全局
|
|
|
|
|
|
$GLOBALS['L']['kod_name'] = $setting['system_name'];
|
|
|
|
|
|
$GLOBALS['L']['kod_name_desc'] = $setting['system_desc'];
|
|
|
|
|
|
if (isset($setting['powerby'])) {
|
|
|
|
|
|
$GLOBALS['L']['kod_power_by'] = $setting['powerby'];
|
|
|
|
|
|
}
|
2015-10-25 15:39:11 +00:00
|
|
|
|
|
|
|
|
|
|
//加载用户自定义配置
|
|
|
|
|
|
$setting_user = BASIC_PATH.'config/setting_user.php';
|
|
|
|
|
|
if (file_exists($setting_user)) {
|
|
|
|
|
|
include($setting_user);
|
|
|
|
|
|
}
|
2015-03-22 20:54:54 +00:00
|
|
|
|
}
|
2015-10-25 15:39:11 +00:00
|
|
|
|
|
|
|
|
|
|
//防止恶意请求
|
|
|
|
|
|
function check_post_many(){
|
|
|
|
|
|
$check_time = 4;
|
|
|
|
|
|
$maxt_num = 40;//5秒内最大请求次数。超过则自动退出
|
|
|
|
|
|
$total_time = 60;//10nmin
|
|
|
|
|
|
$total_time_num = 500;
|
|
|
|
|
|
|
|
|
|
|
|
//管理员不受限制
|
|
|
|
|
|
if( isset($_SESSION['kod_user']) &&
|
|
|
|
|
|
$_SESSION['kod_user']['role']=='root'){
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
//上传不受限制
|
|
|
|
|
|
$URI = $GLOBALS['in']['URLremote'];
|
|
|
|
|
|
if (isset($URI[1]) && $URI[1] =='fileUpload') {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
$session_key = 'check_post_many';
|
|
|
|
|
|
$_SESSION['check_session_has'] = 'kodexplorer';
|
|
|
|
|
|
if (!isset($_SESSION[$session_key])) {
|
|
|
|
|
|
$_SESSION[$session_key] = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$info = $_SESSION[$session_key];
|
|
|
|
|
|
//----短期内并发控制
|
|
|
|
|
|
if (time()-$info['last_time'] >=$check_time) {//大于时长s 则清空
|
|
|
|
|
|
$info = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
if ($info['total_num'] >=$maxt_num) {//大于100次则直接退出
|
|
|
|
|
|
user_logout();
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$info['total_num'] +=1;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
//----总量控制
|
|
|
|
|
|
if (time()-$info['max_time'] >=$total_time) {//大于时长s 则清空
|
|
|
|
|
|
$info = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
if ($info['total_num'] >=$total_time_num) {//大于100次则直接退出
|
|
|
|
|
|
user_logout();
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$info['max_num'] +=1;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
$_SESSION[$session_key] = $info;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
function is_wap(){
|
|
|
|
|
|
if(preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|iphone|ipad|ipod|android|xoom)/i',
|
|
|
|
|
|
strtolower($_SERVER['HTTP_USER_AGENT']))){
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
if((isset($_SERVER['HTTP_ACCEPT'])) &&
|
|
|
|
|
|
(strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') !== false)){
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
function user_logout(){
|
|
|
|
|
|
setcookie('PHPSESSID', '', time()-3600,'/');
|
|
|
|
|
|
setcookie('kod_name', '', time()-3600);
|
|
|
|
|
|
setcookie('kod_token', '', time()-3600);
|
|
|
|
|
|
setcookie('kod_user_language', '', time()-3600);
|
|
|
|
|
|
session_destroy();
|
|
|
|
|
|
header('location:./index.php?user/login');
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
