DedeBIZ
/
DedeV6
İzle 2
Yıldızla 0
Çatalla 0
Kod Değişiklik İstekleri 0 Sürümler 30 Aktivite
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
457 İşlemeler
3 Dallar
2.6GB
Ağaç: 2997f1ed6b
DedeV6/public/admin/testenv.php

385 satır
13KB
Ham Suçlama Geçmiş 

  1. <?php

  2. @set_time_limit(0);

  3. /**

  4.  * 系统运行环境检测

  5.  *

  6.  * @version        $Id: testenv.php 13:57 2011/11/10 tianya $

  7.  * @package        DedeBIZ.Administrator

  8.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__)."/config.php");

  13. CheckPurview('sys_Edit');

  14. $action = isset($action) ? $action : '';

  15. ?>

  16. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

  17. <html xmlns="http://www.w3.org/1999/xhtml">

  18. <head>

  19. 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $GLOBALS['cfg_soft_lang']; ?>">

  20. 	<title>系统运行目录权限检测</title>

  21. 	<link rel="stylesheet" type="text/css" href="css/base.css" />

  22. 	<link rel="stylesheet" type="text/css" href="css/indexbody.css" />

  23. 	<script type="text/javascript" src="../static/js/jquery.js"></script>

  24. </head>

  25. <body leftmargin="8" topmargin='8' bgcolor="#FFFFFF" style="min-width:840px">

  26. 	<?php

  27. 	if (!function_exists('TestWriteable')) {

  28. 		//检测是否可写

  29. 		function TestWriteable($d, $c = TRUE)

  30. 		{

  31. 			$tfile = '_write_able.txt';

  32. 			$d = preg_replace("/\/$/", '', $d);

  33. 			$fp = @fopen($d.'/'.$tfile, 'w');

  34. 			if (!$fp) {

  35. 				if ($c == false) {

  36. 					@chmod($d, 0777);

  37. 					return false;

  38. 				} else return TestWriteable($d, true);

  39. 			} else {

  40. 				fclose($fp);

  41. 				return @unlink($d.'/'.$tfile) ? true : false;

  42. 			}

  43. 		}

  44. 	}

  45. 	if (!function_exists('TestExecuteable')) {

  46. 		//检查是否具目录可执行

  47. 		function TestExecuteable($d = '.', $siteuRL = '', $rootDir = '')

  48. 		{

  49. 			$testStr = '<'.chr(0x3F).'p'.chr(hexdec(68)).chr(112)."\n\r";

  50. 			$filename = md5($d).'.php';

  51. 			$testStr .= 'function test(){ echo md5(\''.$d.'\');}'."\n\rtest();\n\r";

  52. 			$testStr .= chr(0x3F).'>';

  53. 			$reval = false;

  54. 			if (empty($rootDir)) $rootDir = DEDEROOT;

  55. 			if (TestWriteable($d)) {

  56. 				@file_put_contents($d.'/'.$filename, $testStr);

  57. 				$remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/', realpath($d))).'/'.$filename;

  58. 				$tempStr = @PostHost($remoteUrl);

  59. 

  60. 				$reval = (md5($d) == trim($tempStr)) ? true : false;

  61. 				unlink($d.'/'.$filename);

  62. 				return $reval;

  63. 			} else {

  64. 				return -1;

  65. 			}

  66. 		}

  67. 	}

  68. 	if (!function_exists('PostHost')) {

  69. 		function PostHost($host, $data = '', $method = 'GET', $showagent = null, $port = null, $timeout = 30)

  70. 		{

  71. 			$parse = @parse_url($host);

  72. 			if (empty($parse)) return false;

  73. 			if ((int)$port > 0) {

  74. 				$parse['port'] = $port;

  75. 			} elseif (!@$parse['port']) {

  76. 				$parse['port'] = '80';

  77. 			}

  78. 			$parse['host'] = str_replace(array('http://', 'https://'), array('', 'ssl://'), "$parse[scheme]://").$parse['host'];

  79. 			if (!$fp = @fsockopen($parse['host'], $parse['port'], $errnum, $errstr, $timeout)) {

  80. 				return false;

  81. 			}

  82. 			$method = strtoupper($method);

  83. 			$wlength = $wdata = $responseText = '';

  84. 			$parse['path'] = str_replace(array('\\', '//'), '/', @$parse['path'])."?".@$parse['query'];

  85. 			if ($method == 'GET') {

  86. 				$separator = @$parse['query'] ? '&' : '';

  87. 				substr($data, 0, 1) == '&' && $data = substr($data, 1);

  88. 				$parse['path'] .= $separator.$data;

  89. 			} elseif ($method == 'POST') {

  90. 				$wlength = "Content-length: ".strlen($data)."\r\n";

  91. 				$wdata = $data;

  92. 			}

  93. 			$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";

  94. 			@fwrite($fp, $write);

  95. 			while ($data = @fread($fp, 4096)) {

  96. 				$responseText .= $data;

  97. 			}

  98. 			@fclose($fp);

  99. 			empty($showagent) && $responseText = trim(stristr($responseText, "\r\n\r\n"), "\r\n");

  100. 			return $responseText;

  101. 		}

  102. 	}

  103. 	$allPath = array();

  104. 	$needDir = "$cfg_medias_dir|

  105. 	$cfg_image_dir|

  106. 	$ddcfg_image_dir|

  107. 	$cfg_user_dir|

  108. 	$cfg_soft_dir|

  109. 	$cfg_other_medias|

  110. 	$cfg_medias_dir/flink|

  111. 	$cfg_cmspath/data|

  112. 	$cfg_cmspath/data/$cfg_backup_dir|

  113. 	$cfg_cmspath/data/textdata|

  114. 	$cfg_cmspath/data/sessions|

  115. 	$cfg_cmspath/data/tplcache|

  116. 	$cfg_cmspath/data/admin|

  117. 	$cfg_cmspath/data/enums|

  118. 	$cfg_cmspath/data/mark|

  119. 	$cfg_cmspath/data/module|

  120. 	$cfg_cmspath/data/rss|

  121. 	$cfg_special|

  122. 	$cfg_cmspath$cfg_arcdir";

  123. 	$needDir = explode('|', $needDir);

  124. 	foreach ($needDir as $key => $val) {

  125. 		$allPath[trim($val)] = array(

  126. 			'read' => true,    //读取

  127. 			'write' => true,   //写入

  128. 			'execute' => false //执行

  129. 		);

  130. 	}

  131. 	//所有栏目目录

  132. 	$sql = "SELECT typedir FROM #@__arctype ORDER BY id DESC";

  133. 	$dsql->SetQuery($sql);

  134. 	$dsql->Execute('al', $sql);

  135. 	while ($row = $dsql->GetArray('al')) {

  136. 		$typedir = str_replace($cfg_basehost, '', $row['typedir']);

  137. 		if (preg_match("/^http:|^ftp:/i", $row['typedir'])) continue;

  138. 		$typedir = str_replace("{cmspath}", $cfg_cmspath, $row['typedir']);

  139. 		$allPath[trim($typedir)] = array(

  140. 			'read' => true,    //读取

  141. 			'write' => true,   //写入

  142. 			'execute' => false //执行

  143. 		);

  144. 	}

  145. 	//只允许读取,不允许写入的目录

  146. 	$needDir = array(

  147. 		'include',

  148. 		'member',

  149. 		'plus',

  150. 	);

  151. 	//获取子目录

  152. 	function GetSondir($d, &$dirname = array())

  153. 	{

  154. 		$dh = dir($d);

  155. 		while ($filename = $dh->read()) {

  156. 			if (

  157. 				substr($filename, 0, 1) == '.' || is_file($d.'/'.$filename) ||

  158. 				preg_match("#^(svn|bak-)#i", $filename)

  159. 			) {

  160. 				continue;

  161. 			}

  162. 			if (is_dir($d.'/'.$filename)) {

  163. 				$dirname[] = $d.'/'.$filename;

  164. 				GetSondir($d.'/'.$filename, $dirname);

  165. 			}

  166. 		}

  167. 		$dh->close();

  168. 		return $dirname;

  169. 	}

  170. 	//获取所有文件列表

  171. 	function preg_ls($path = ".", $rec = FALSE, $pat = "/.*/", $ignoredir = '')

  172. 	{

  173. 		while (substr($path, -1, 1) == "/") {

  174. 			$path = substr($path, 0, -1);

  175. 		}

  176. 		if (!is_dir($path)) {

  177. 			$path = dirname($path);

  178. 		}

  179. 		if ($rec !== TRUE) {

  180. 			$rec = FALSE;

  181. 		}

  182. 		$d = dir($path);

  183. 		$ret = array();

  184. 		while (FALSE !== ($e = $d->read())) {

  185. 			if (($e == ".") || ($e == "..")) {

  186. 				continue;

  187. 			}

  188. 			if ($rec && is_dir($path."/".$e) && ($ignoredir == '' || strpos($ignoredir, $e) === FALSE)) {

  189. 				$ret = array_merge($ret, preg_ls($path."/".$e, $rec, $pat, $ignoredir));

  190. 				continue;

  191. 			}

  192. 			if (!preg_match($pat, $e)) {

  193. 				continue;

  194. 			}

  195. 			$ret[] = $path."/".$e;

  196. 		}

  197. 		return (empty($ret) && preg_match($pat, basename($path))) ? array($path."/") : $ret;

  198. 	}

  199. 	foreach ($needDir as $key => $val) {

  200. 		$allPath[trim('/'.$val)] = array(

  201. 			'read' => true,    //读取

  202. 			'write' => false,   //写入

  203. 			'execute' => true //执行

  204. 		);

  205. 		$sonDir = GetSondir(DEDEROOT.'/'.$val);

  206. 		foreach ($sonDir as $kk => $vv) {

  207. 			$vv = trim(str_replace(DEDEROOT, '', $vv));

  208. 			$allPath[$vv] = array(

  209. 				'read' => true,    //读取

  210. 				'write' => false,   //写入

  211. 				'execute' => true //执行

  212. 			);

  213. 		}

  214. 	}

  215. 	//不需要执行的

  216. 	$needDir = array(

  217. 		'/images',

  218. 		'/templets'

  219. 	);

  220. 	foreach ($needDir as $key => $val) {

  221. 		$allPath[trim('/'.$val)] = array(

  222. 			'read' => true,    //读取

  223. 			'write' => false,   //写入

  224. 			'execute' => false //执行

  225. 		);

  226. 		$sonDir = GetSondir(DEDEROOT.'/'.$val);

  227. 		foreach ($sonDir as $kk => $vv) {

  228. 			$vv = trim(str_replace(DEDEROOT.'/', '', $vv));

  229. 			$allPath[$vv] = array(

  230. 				'read' => true,    //读取

  231. 				'write' => false,   //写入

  232. 				'execute' => false //执行

  233. 			);

  234. 		}

  235. 	}

  236. 	//所有js建议只读

  237. 	$jsDir = array(

  238. 		'/images',

  239. 		'/templets',

  240. 		'/include'

  241. 	);

  242. 	foreach ($jsDir as $k => $v) {

  243. 		$jsfiles = preg_ls(DEDEROOT.$v, TRUE, "/.*\.(js)$/i");

  244. 		foreach ($jsfiles as $k => $v) {

  245. 			$vv = trim(str_replace(DEDEROOT.'/', '/', $v));

  246. 			$allPath[$vv] = array(

  247. 				'read' => true,    //读取

  248. 				'write' => false,   //写入

  249. 				'execute' => false //执行

  250. 			);

  251. 		}

  252. 	}

  253. 	?>

  254. 	<div id="safemsg">

  255. 		<dl style="margin-left:0.5%;margin-right:0.5%; width:97%" id="item1" class="dbox">

  256. 			<dt class="lside"><span class="l" style="float:left">系统运行目录权限检测</span><span style="float:right; margin-right:20px"><a href="index_body.php">返回主页</a></span><span style="float:right; margin-right:20px"><a href="https://www.dedebiz.com/help" target="_blank">帮助说明</a></span></dt>

  257. 			<dd>

  258. 				<div style="padding:10px"> 说明:本程序用于检测DedeBIZ站点所涉及的目录权限,并且提供一个全面的检测说明,您可以根据检测报告来配置站点以保证站点更为安全</div>

  259. 				<div id="tableHeader" style="margin-left:10px">

  260. 					<table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  261. 						<thead>

  262. 							<tr>

  263. 								<td width="40%" height="26" align="center" bgcolor="#E3F1D1">目录</td>

  264. 								<td width="20%" height="26" align="center" bgcolor="#E3F1D1">执行</td>

  265. 								<td width="20%" height="26" align="center" bgcolor="#E3F1D1">读取</td>

  266. 								<td width="20%" height="26" align="center" bgcolor="#E3F1D1">写入</td>

  267. 							</tr>

  268. 						</thead>

  269. 					</table>

  270. 				</div>

  271. 				<div id="safelist" style="margin-left:10px">

  272. 					<div class="install" id="log" style="height: 260px; overflow: auto;">

  273. 						<table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">

  274. 							<tbody id="mainList">

  275. 							</tbody>

  276. 						</table>

  277. 					</div>

  278. 				</div>

  279. 			</dd>

  280. 		</dl>

  281. 	</div>

  282. 	<div style="margin: 0 auto; width:200px"><a href="javascript:startScan();"><img src="images/btn_scan.gif" width="154" height="36" /></a></div>

  283. 	<script type="text/javascript">

  284. 		$ = jQuery;

  285. 		var log = "<?php

  286. 					foreach ($allPath as $key => $val) {

  287. 						if (is_dir(DEDEROOT.$key)) {

  288. 					?><?php echo $key; ?>|<?php

  289. 											$rs = TestExecuteable(DEDEROOT.$key, $cfg_basehost, $cfg_cmspath);

  290. 

  291. 											if ($rs === -1) {

  292. 												echo "<span style='color:#dc3545'>无法判断</span>";

  293. 											} else {

  294. 												if ($val['execute'] == true)

  295. 													echo $rs != $val['execute'] ? "<span style='color:#dc3545'>错误(不可执行)</span>" : "<span style='color:#28a745'>正常(可执行)</span>";

  296. 												else

  297. 													echo $rs != $val['execute'] ? "<span style='color:#dc3545'>错误(可执行)</span>" : "<span style='color:#28a745'>正常(不可执行)</span>";

  298. 											}

  299. 											?>|<?php

  300. 												if ($val['read'] == true)

  301. 													echo is_readable(DEDEROOT.$key) != $val['read'] ? "<span style='color:#dc3545'>错误(不可读)</span>" : "<span style='color:#28a745'>正常(可读)</span>";

  302. 												else

  303. 													echo is_readable(DEDEROOT.$key) != $val['read'] ? "<span style='color:#dc3545'>错误(可读)</span>" : "<span style='color:#28a745'>正常(不可读)</span>";

  304. 												?>|<?php

  305. 												if ($val['write'] == true)

  306. 													echo TestWriteable(DEDEROOT.$key) != $val['write'] ? "<span style='color:#dc3545'>错误(不可写)</span>" : "<span style='color:#28a745'>正常(可写)</span>";

  307. 												else

  308. 													echo TestWriteable(DEDEROOT.$key) != $val['write'] ? "<span style='color:#dc3545'>错误(可写)</span>" : "<span style='color:#28a745'>正常(不可写)</span>";

  309. 												?><dedecms><?php

  310. 										} else {

  311. 											?><?php echo $key; ?>|无需判断|<?php

  312. 																if ($val['read'] == true)

  313. 																	echo is_readable(DEDEROOT.$key) != $val['read'] ? "<span style='color:#dc3545'>错误(不可读)</span>" : "<span style='color:#28a745'>正常(可读)</span>";

  314. 																else

  315. 																	echo is_readable(DEDEROOT.$key) != $val['read'] ? "<span style='color:#dc3545'>错误(可读)</span>" : "<span style='color:#28a745'>正常(不可读)</span>";

  316. 																?>|<?php

  317. 																	if ($val['write'] == true)

  318. 																		echo is_writable(DEDEROOT.$key) != $val['write'] ? "<span style='color:#dc3545'>错误(不可写)</span>" : "<span style='color:#28a745'>正常(可写)</span>";

  319. 																	else

  320. 																		echo is_writable(DEDEROOT.$key) != $val['write'] ? "<span style='color:#dc3545'>错误(可写)</span>" : "<span style='color:#28a745'>正常(不可写)</span>";

  321. 																	?><dedecms><?php

  322. 															}

  323. 														}

  324. 																?>";

  325. 		var n = 0;

  326. 		var timer = 0;

  327. 		log = log.split('<dedecms>');

  328. 

  329. 		function GoPlay() {

  330. 			if (n > log.length - 1) {

  331. 				n = -1;

  332. 				clearIntervals();

  333. 			}

  334. 			if (n > -1) {

  335. 				postcheck(n);

  336. 				n++;

  337. 			}

  338. 		}

  339. 

  340. 		function postcheck(n) {

  341. 			var item = log[n];

  342. 			item = item.split('|');

  343. 

  344. 			document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  345. 			if (item == '') {

  346. 				return false;

  347. 			}

  348. 			var tempvar = '<tr>\r				        <td width="40%" height="26" bgcolor="#FFFFFF">' + item[0] + '</td>\r		            <td width="20%" height="26" align="center" bgcolor="#FEF7C5">' + item[1] + '</td>\r				        <td width="20%" height="26" align="center" bgcolor="#FFFFFF">\r						' + item[2] + '</td>\r				        <td width="20%" height="26" align="center" bgcolor="#FFFFFF">\r						' + item[3] + '</td>\r			      </tr>  ';

  349. 

  350. 			//chiledelem.innerHTML = tempvar;

  351. 			//document.getElementById("mainList").appendChild(chiledelem);

  352. 			$("#mainList").append(tempvar);

  353. 			document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;

  354. 		}

  355. 

  356. 		function setIntervals() {

  357. 			timer = setInterval('GoPlay()', 50);

  358. 		}

  359. 

  360. 		function clearIntervals() {

  361. 			clearInterval(timer);

  362. 			//document.getElementById('install').submit();

  363. 			alert('全部检测完毕,您可以按照检测结果进行系统权限调整');

  364. 		}

  365. 		//setTimeout(setIntervals, 100);

  366. 

  367. 

  368. 		function changeHeight() {

  369. 			var newheight = $(window).height() - 170;

  370. 			$("#safelist").css('height', newheight + 'px');

  371. 			var logheight = newheight;

  372. 			$("#log").css('height', logheight + 'px');

  373. 		}

  374. 		//开始检测

  375. 		function startScan() {

  376. 			setTimeout(setIntervals, 100);

  377. 		}

  378. 		$.ready = function() {

  379. 			changeHeight();

  380. 			$(window).resize(function() {

  381. 				changeHeight();

  382. 			});

  383. 		};

  384. 	</script>

  385. </body>