00x1路径流向
如图
1入口文件
参数入口,控制get参数数据以控制文件流向
php
<?php
//字符替换
//把\\替换/,
//__FILE__当前路径,拼接
//检查install.link文件或目录是否存在
if(!file_exists(str_replace("\\",'/', dirname(__FILE__)).'/config/install.link'))
{//检查act是否为空,或不为空的但不等于public
//为空返回true
if((empty($_REQUEST['act'])||!empty($_REQUEST['act'])&&$_REQUEST['act']!='public'))
{//响应头
//重定向
header("location:install.php");
exit;
}
}
//defined检查某个名称的常量是否存在。
//常量存在且等于mobile
if(defined('SYSTEM_ACT')&&SYSTEM_ACT=='mobile')
{
//模式
$mod='mobile';
}else
{
//c不为空
if(!empty($_REQUEST['c']))
{
//检查c是否为空,或c=entry,ture返回mobile默认不是返回c里面的值
//$_REQUEST是PHP编程语言中的超级全局变量
$mod=(empty($_REQUEST['c'])||$_REQUEST['c']=='entry')?'mobile':$_REQUEST['c'];
}else
{
//检查mod是否为空,空默认
$mod=empty($_REQUEST['mod'])?'mobile':$_REQUEST['mod'];
}
}
if($mod=='mobile')
{//defined检查某个名称的常量是否存在。
defined('SYSTEM_ACT') or define('SYSTEM_ACT', 'mobile');
}else
{//检查某个名称的常量是否存在。
defined('SYSTEM_ACT') or define('SYSTEM_ACT', 'index');
}
//检查do是否为空
if(empty($_REQUEST['do']))
{
//是空默认
$_GET['do']="shopindex";
}
//act是否不为空
if(!empty($_REQUEST['act']))
{
//get存储输出
$_GET['act']=$_REQUEST['act'];
}else
{
//默认
$_GET['act']="shopwap";
}
//ob_start()函数创建一个输出缓冲区。
ob_start();
//
require 'includes/baijiacms.php';
ob_end_flush();
exit;2 常量定义
常量定义,路径拼接,以及检查路径是否存在,从而控制文件包含(流向)
php
(defined('SYSTEM_ACT') or defined('LOCK_TO_INSTALL')) or exit('Access Denied');
define('WEB_ROOT', str_replace("\\",'/', dirname(dirname(__FILE__))));
if(is_file(WEB_ROOT.'/config/version.php'))
{
require WEB_ROOT.'/config/version.php';
}
if(is_file(WEB_ROOT.'/config/debug.php'))
{
require WEB_ROOT.'/config/debug.php';
}
define('SAPP_NAME', 'baijiacms');
define('SAPP_VERSION', '4.1.4');
define('CORE_VERSION', 20170105);
header('Content-type: text/html; charset=UTF-8');
define('SYSTEM_WEBROOT', WEB_ROOT);
define('TIMESTAMP', time());
define('SYSTEM_IN', true);
defined('DATA_PROTECT') or define('DATA_PROTECT', false);
defined('CUSTOM_VERSION') or define('CUSTOM_VERSION', false);
date_default_timezone_set('PRC');
$document_root = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'));
$document_root =str_replace("//","/",$document_root);
if(empty($document_root)||substr($document_root, -1)!='/')
{
$document_root=$document_root. '/';
}
define('WEBSITE_FOOTER', $document_root);
define('SESSION_PREFIX', $_SERVER['HTTP_HOST']);
define('WEB_WEBSITE', $_SERVER['HTTP_HOST']);
define('WEBSITE_ROOT', 'http://'.$_SERVER['HTTP_HOST'].$document_root);
define('LOCAL_ATTACHMENT_WEBROOT', WEBSITE_ROOT.'attachment/');
define('RESOURCE_ROOT', WEBSITE_ROOT.'assets/');
define('SYSTEM_ROOT', WEB_ROOT.'/system/');
define('CUSTOM_ROOT', WEB_ROOT.'/custom/');
define('ADDONS_ROOT', WEB_ROOT.'/addons/');
defined('DEVELOPMENT') or define('DEVELOPMENT',0);
defined('SQL_DEBUG') or define('SQL_DEBUG', 0);
define('REGULAR_EMAIL', '/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i');
define('REGULAR_MOBILE', '/1\d{10}/');
define('REGULAR_USERNAME', '/^[\x{4e00}-\x{9fa5}a-z\d_\.]{3,15}$/iu');
define('WEIXIN_ROOT', 'https://mp.weixin.qq.com');
define('MAGIC_QUOTES_GPC', (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) || @ini_get('magic_quotes_sybase'));
define('MOBILE_SESSION_ACCOUNT', SESSION_PREFIX."mobile_sessionAccount");
define('MOBILE_ACCOUNT', SESSION_PREFIX."mobile_account");
define('MOBILE_WEIXIN_OPENID', SESSION_PREFIX."mobile_weixin_openid");
define('WEB_SESSION_ACCOUNT', SESSION_PREFIX."web_account");
if(!session_id())
{
session_start();
header("Cache-control:private");
}
if(DEVELOPMENT) {
ini_set('display_errors','1');
error_reporting(E_ALL ^ E_NOTICE);
//error_reporting(E_ERROR | E_PARSE);
} else {
error_reporting(0);
}
ob_start();
if(MAGIC_QUOTES_GPC) {
function stripslashes_deep($value){
$value=is_array($value)?array_map('stripslashes_deep',$value):stripslashes($value);
return $value;
}
$_POST=array_map('stripslashes_deep',$_POST);
$_GET=array_map('stripslashes_deep',$_GET);
$_COOKIE=array_map('stripslashes_deep',$_COOKIE);
$_REQUEST=array_map('stripslashes_deep',$_REQUEST);
}
$_GP = $_CMS = array();
$_GP = array_merge($_GET, $_POST, $_GP);
function irequestsplite($var) {
if (is_array($var)) {
foreach ($var as $key => $value) {
$var[htmlspecialchars($key)] = irequestsplite($value);
}
} else {
$var = str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES));
}
return $var;
}
$_GP = irequestsplite($_GP);
if(empty($_GP['m']))
{
$modulename = $_GP['act'];
}else
{
$modulename = $_GP['m'];
}
if(empty($_GP['do'])||empty($modulename))
{
exit("do or act is null");
}
$pdo = $_CMS['pdo'] = null;
$_CMS['module']=$modulename;
$_CMS['beid']=$_GP['beid'];
if(!empty($_GP['isaddons']))
{
$_CMS['isaddons']=true;
}
$bjconfigfile = WEB_ROOT."/config/config.php";
if(is_file($bjconfigfile))
{
require WEB_ROOT.'/includes/baijiacms/mysql.inc.php';
}
require WEB_ROOT.'/includes/baijiacms/common.inc.php';
require WEB_ROOT.'/includes/baijiacms/setting.inc.php';
require WEB_ROOT.'/includes/baijiacms/init.inc.php';
$_CMS[WEB_SESSION_ACCOUNT]=$_SESSION[WEB_SESSION_ACCOUNT];
require WEB_ROOT.'/includes/baijiacms/extends.inc.php';
require WEB_ROOT.'/includes/baijiacms/user.inc.php';
require WEB_ROOT.'/includes/baijiacms/auth.inc.php';
require WEB_ROOT.'/includes/baijiacms/weixin.inc.php';
require WEB_ROOT.'/includes/baijiacms/runner.inc.php';检查文件路径是否存在,并执行
php
//检查文件路径是否存在,并执行
if(is_file(WEB_ROOT.'/config/version.php'))
{
require WEB_ROOT.'/config/version.php';
}
if(is_file(WEB_ROOT.'/config/debug.php'))
{
require WEB_ROOT.'/config/debug.php';
}3 debug
php
<?php define('DEVELOPMENT',1);define('SQL_DEBUG', 1);?>这部分是
php
//是 PHP 语言中用于设置脚本运行时默认时区的函数,设置时间
date_default_timezone_set('PRC');
//PHP_SELF获取当前数据
// 注意:使用 $_SERVER['PHP_SELF'] 可能被用户输入污染,更推荐使用 __DIR__ 或 $_SERVER['SCRIPT_NAME']
//$_SERVER['PHP_SELF']根目录,例如 /admin/index.php
//strrpos是PHP中用于查找指定字符串在目标字符串中最后一次出现位置的函数,区分大小写
//截取至文件,只要前面目录部分
$document_root = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'));
//替换可识别路径
$document_root =str_replace("//","/",$document_root);
//最前面有没有/是不是正确路径或是空的
if(empty($document_root)||substr($document_root, -1)!='/')
{//拼接xxx/ 用于拼接文件
$document_root=$document_root. '/';
}这部分是检查并创建session_id,检查debug模式是否开启(若开启启动全报错报告),如果有魔术方法创建它,没有看配置开了没,并创建一个方法。
注:在 PHP 早期版本(< 5.4)中,有一个特性叫"魔术引号",它会自动对来自外部输入(如 _GET、_POST、$_COOKIE)的数据中的特殊字符(如单引号 '、双引号 "、反斜杠 \ 等)进行转义(加上反斜杠),目的是防止 SQL 注入。但这个特性有很多弊端(例如数据不一致、难以处理),最终在 PHP 5.4.0 中被彻底移除。
magic_quotes_gpc:控制是否对 GPC 数据自动转义。
magic_quotes_sybase:如果开启,则使用 Sybase 风格的转义(将单引号转义为 '' 而不是 \'),且它会覆盖 magic_quotes_gpc 的设置。
php
//session_id(),返回当前id值
//如果没有
if(!session_id())
{
//创建一个新的
session_start();
//Cache-Control 通过指定首部字段Cache-Control的指令,就能操作缓存的工作机制。
//表示响应内容只能被单个用户的浏览器缓存,不能被共享缓存(如CDN、代理服务器)缓存
header("Cache-control:private");
}
//如果有debug文件
//开模式
if(DEVELOPMENT) {
//ini_set临时修改配置选项的内置函数
//display_errors ,错误回显,一般常用与开发环境。
ini_set('display_errors','1');
//error_reporting是PHP中用于设置和返回错误报告级别的函数,它控制脚本运行时哪些类型的错误会被报告。
//设置报错
//E_ALL ^ E_NOTICE报告所有报错
error_reporting(E_ALL ^ E_NOTICE);
} else {
//error_reporting(0);禁用错误报告
error_reporting(0);
}
//打开缓冲区
ob_start();
//define('MAGIC_QUOTES_GPC', (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) || @ini_get('magic_quotes_sybase'));
//布尔
//function_exists 是 PHP 语言的内置函数,用于检测指定函数是否已定义。并运行它
//创建MAGIC_QUOTES_GPC,检查get_magic_quotes_gpc()是否存在并调用它,读取magic_quotes_sybase配置是否开启
//@ini_get('magic_quotes_sybase')读取配置是否开启
//开启参数转义,防注入
//如果有并开启
if(MAGIC_QUOTES_GPC) {
//定义方法
function stripslashes_deep($value){
//
$value=is_array($value)? array_map('stripslashes_deep',$value):stripslashes($value);
return $value;
$_POST=array_map('stripslashes_deep',$_POST);
$_GET=array_map('stripslashes_deep',$_GET);
$_COOKIE=array_map('stripslashes_deep',$_COOKIE);
$_REQUEST=array_map('stripslashes_deep',$_REQUEST);
} 数组赋值,数组过滤
$_GP,CMS
GP是可控的,CMS有些也是
获取_GET, _POST, 存储键值对覆盖值并覆盖
php
//创建数组
$_GP = $_CMS = array();
//获取$_GET, $_POST, 存储键值对覆盖值并覆盖
$_GP = array_merge($_GET, $_POST, $_GP);
//方法
function irequestsplite($var) {
//检查是不是数组
if (is_array($var)) {
//遍历键值对
foreach ($var as $key => $value) {
//htmlspecialchars,对键进行转义,键值过滤
$var[htmlspecialchars($key)] = irequestsplite($value);
}
} else {
//转义处理
$var = str_replace('&', '&', htmlspecialchars($var, ENT_QUOTES));
}
//返回
return $var;
}
//过滤
$_GP = irequestsplite($_GP);
//如果没有m建
if(empty($_GP['m']))
{
//赋值
$modulename= $_GP['act'];
}else
{
//取m
$modulename = $_GP['m'];
}
//如果没do或$modulename为空
if(empty($_GP['do'])||empty($modulename))
{
//停止
exit("do or act is null");
}
//赋值
$pdo = $_CMS['pdo'] = null;
//CMS
//赋值
$_CMS['module']=$modulename;
//赋值
$_CMS['beid']=$_GP['beid'];
//如果isaddons不为空,赋值
if(!empty($_GP['isaddons']))
{
$_CMS['isaddons']=true;
}数据库连接文件
php
<?php
defined('SYSTEM_IN') or exit('Access Denied');
$BJCMS_CONFIG = array();
$BJCMS_CONFIG['db']['host'] = '127.0.0.1';
$BJCMS_CONFIG['db']['username'] = 'root';
$BJCMS_CONFIG['db']['password'] = '123456';
$BJCMS_CONFIG['db']['port'] = '3306';
$BJCMS_CONFIG['db']['database'] = 'baijiacms';数据库连接文件是否存在,检查连接是否正确
php
$bjconfigfile = WEB_ROOT."/config/config.php";
if(is_file($bjconfigfile))
{
//进入
require WEB_ROOT.'/includes/baijiacms/mysql.inc.php';
}4 数据库
默认键值创建
php
//检查SYSTEM_IN是否存在
//默认define('SYSTEM_IN', true);
defined('SYSTEM_IN') or exit('Access Denied');
//创建数组
$BJCMS_CONFIG=array();
//包含数据库连接
require WEB_ROOT."/config/config.php";
//连接键值
$bjconfig=$BJCMS_CONFIG;
//如果是空给空数组默认建与空值
if(empty($bjconfig['db']['host']))
{
$bjconfig['db']['host'] = '';
}
if(empty($bjconfig['db']['username']))
{
$bjconfig['db']['username'] = '';
}
if(empty($bjconfig['db']['password']))
{
$bjconfig['db']['password'] = '';
}
if(empty($bjconfig['db']['port']))
{
$bjconfig['db']['port'] = '';
}
if(empty($bjconfig['db']['database']))
{
$bjconfig['db']['database'] = '';
}
//赋值
$bjconfig['db']['charset'] = 'utf8';
//dbconfig=上面所有键值
$_CMS['dbconfig'] = $bjconfig;5 各种功能
方法库
E:\baijiacms-master\includes\baijiacms\common.inc.php
E:\baijiacms-master\includes\baijiacms\setting.inc.php
这是
E:\baijiacms-master\includes\baijiacms\init.inc.php
初始化
php
defined('SYSTEM_IN') or exit('Access Denied');
$BJCMS_ISINSTALL=false;
//如果路径存在
if(is_file(WEB_ROOT."/config/install.link"))
{
//ture
$BJCMS_ISINSTALL=true;
}
if($BJCMS_ISINSTALL==true)
{
//beid赋值
//判断id以判断状况
$_CMS['beid']=getDomainBeid();
}
//路径存在
if($BJCMS_ISINSTALL==true)
{
//
$_CMS['system_globa_setting']=globaPriveteSystemSetting();
//判断是不是有system_globa_setting,['system_globa_setting']['system_isnetattach']
if(!empty($_CMS['system_globa_setting'])&&!empty($_CMS['system_globa_setting']['system_isnetattach']))
{
//如果=1
if($_CMS['system_globa_setting']['system_isnetattach']==1)
{
//创建常量
define('ATTACHMENT_WEBROOT', $_CMS['system_globa_setting']['system_ftp_attachurl']);
}
//=2
if($_CMS['system_globa_setting']['system_isnetattach']==2)
{
//创建常量
define('ATTACHMENT_WEBROOT', $_CMS['system_globa_setting']['system_oss_attachurl']);
}
}else
{
//如果['system_globa_setting']['system_base_attachurl']不为空
if(!empty($_CMS['system_globa_setting']['system_base_attachurl']))
{
//创建
define('ATTACHMENT_WEBROOT', $_CMS['system_globa_setting']['system_base_attachurl'].'attachment/');
}else
{
//创建常量
define('ATTACHMENT_WEBROOT', WEBSITE_ROOT.'attachment/');
}
}
}
php
function getDomainBeid()
{
//全局数组
global $_GP;
//连接
$system_store = mysqld_select('SELECT id,isclose FROM '.table('system_store')." where (`website`=:website1 or `website`=:website2) and `deleted`=0 ",array(":website1"=>WEB_WEBSITE,":website2"=>'www.'.WEB_WEBSITE));
//检查$system_store返回有没有id
//如果为空
if(empty($system_store['id']))
{//如果$_GP['beid']不为空
if(!empty($_GP['beid']))
{//返回数组
$system_store = mysqld_select('SELECT id,isclose FROM '.table('system_store')." where `id`=:id and `deleted`=0",array(":id"=>$_GP['beid']));
//如果 $system_store['id']为空
if(empty($system_store['id']))
{
message("未找到相关店铺");
}
//如果$system_store['isclose']不为空
if(!empty($system_store['isclose']))
{
message("店铺已关闭无法访问");
}
//返回$system_store['id']
return $system_store['id'];
}else
{
return "";
}
}else
{
//$system_store['isclose']不为空
if(!empty($system_store['isclose']))
{
message("店铺已关闭无法访问");
}
//返回
return $system_store['id'];
}
}
php
function globaPriveteSystemSetting()
{
//创建数组
$config=array();
//返回数组
$system_config_cache = mysqld_select('SELECT * FROM '.table('system_config')." where `name`='system_config_cache'");
//value是空
if(empty($system_config_cache['value']))
{
//
$configdata = mysqld_selectall('SELECT * FROM '.table('system_config'));
foreach ($configdata as $item) {
$config[$item['name']]=$item['value'];
}
if(!empty($system_config_cache['name']))
{
mysqld_update('system_config', array('value'=>serialize($config)), array('name'=>'system_config_cache'));
}else
{
mysqld_insert('system_config', array('name'=>'system_config_cache','value'=>serialize($config)));
}
return $config;
}else
{
return unserialize($system_config_cache['value']);
}
}6 mysqld_select(未分析完)
php
function mysqld_select($sql, $params = array()) {
return mysqldb()->fetch($sql, $params);
}
php
public function fetch($sql, $params = array()) {
//
$statement = $this->dbo->prepare($sql);
$result = $statement->execute($params);
if(SQL_DEBUG) {
$this->debug($statement->errorInfo(),$sql);
}
if (!$result) {
return false;
} else {
return $statement->fetch(pdo::FETCH_ASSOC);
}
}
php
function mysqldb() {
global $_CMS;
static $db;
//$db没有值
if(empty($db)) {
//实例化触发魔术方法
//$bjconfig['db']['charset'] = 'utf8';
//$_CMS['dbconfig'] = $bjconfig;
$db = new PdoUtil($_CMS['dbconfig']['db']);
}
//清空配置
$_CMS['dbconfig']['db']="";
//返回数据库对象
return $db;
}检查连接是否正确,new时触发
php
private $dbo;
private $cfg;
//魔术方法
//当使用 new 关键字实例化一个类时,PHP 会自动调用 __construct()
public function __construct($cfg) {
//调用全局变量
global $_CMS;
//cfg为空
if(empty($cfg)) {
//报错
exit('<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body>无法读取/config/config.php数据库配置项.</body></html>');
}
$mysqlurl = "mysql:dbname={$cfg['database']};host={$cfg['host']};port={$cfg['port']}";
try {
$this->dbo = new PDO($mysqlurl, $cfg['username'], $cfg['password']);
} catch (PDOException $e) {
exit('<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body>数据库连接失败,请检查数据库配置:/config/config.php</body></html>');
}
$sql = "SET NAMES '{$cfg['charset']}';";
$this->dbo->exec($sql);
$this->dbo->exec("SET sql_mode='';");
$this->cfg = $cfg;
if(SQL_DEBUG) {
$this->debug($this->dbo->errorInfo(),$sql);
}
}7剩下
php
//赋值
$_CMS[WEB_SESSION_ACCOUNT]=$_SESSION[WEB_SESSION_ACCOUNT];
require WEB_ROOT.'/includes/baijiacms/extends.inc.php';
require WEB_ROOT.'/includes/baijiacms/user.inc.php';
require WEB_ROOT.'/includes/baijiacms/auth.inc.php';
require WEB_ROOT.'/includes/baijiacms/weixin.inc.php';
require WEB_ROOT.'/includes/baijiacms/runner.inc.php';/includes/baijiacms/extends.inc.php';
赋值,拼接路径过滤
php
defined('SYSTEM_IN') or exit('Access Denied');
//创建常量
define('IN_IA', true);
define('STARTTIME', microtime());
define('IA_ROOT', WEB_ROOT);
define('ATTACHMENT_ROOT', ATTACHMENT_WEBROOT);
//赋值
$_CMS['module']=$modulename;
$_CMS['current_module']=$modulename;
$_CMS['siteroot']=WEBSITE_ROOT;
$_CMS['uid']=$_SESSION[WEB_SESSION_ACCOUNT]['id'];
//mode不为空
//$_CMS['control']=$_GP['mod'];
if(!empty($_GP['mod']))
{
//赋值
$_CMS['control']=$_GP['mod'];
}
//SERVER_PORT如果为443或$_SERVER['HTTPS']不为空并且$_SERVER['HTTPS']不等于off
//($_SERVER['SERVER_PORT'] == 443 || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off')ture,flase
//如果$_CMS['config']['setting']['https']不为空,就true,不然就判断
$_CMS['ishttps'] = !empty($_CMS['config']['setting']['https']) ? true : (strtolower(($_SERVER['SERVER_PORT'] == 443 || (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? true : false)));
//如果'HTTP_X_REQUESTED_WITH'为空,$_SERVER['HTTP_X_REQUESTED_WITH']=xmlhttprequest就赋值
$_CMS['isajax'] = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
//赋值
$_CMS['ispost'] = $_SERVER['REQUEST_METHOD'] == 'POST';
$_CMS['attachurl']=ATTACHMENT_WEBROOT;
$_CMS['module']=$modulename;
$_CMS['current_module']=$modulename;
$_CMS['siteroot']=WEBSITE_ROOT;
$_CMS['uid']=$_SESSION[WEB_SESSION_ACCOUNT]['id'];
//如果isajax是空
//file_get_contents是PHP的内置文件读取函数,用于将整个文件或网络资源内容读取为字符串。
if(!$_CMS['isajax']) {
//input读取
$input = file_get_contents("php://input");
//如果读取到了
if (!empty($input)) {
//json_decode是PHP语言内置函数,用于将JSON格式字符串解码为PHP变量
$__input = @json_decode($input, true);
//特定格式处理
if (!empty($__input)) {
$_GP['__input'] = $__input;
$_CMS['isajax'] = true;
}
}
//
unset($input, $__input);
}
//读取路径拼接
//define('WEBSITE_ROOT', 'http://'.$_SERVER['HTTP_HOST'].$document_root);
/*// 注意:使用 $_SERVER['PHP_SELF'] 可能被用户输入污染,更推荐使用 __DIR__ 或 $_SERVER['SCRIPT_NAME']
//截取最后
$document_root = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'));
//替换可识别路径
$document_root =str_replace("//","/",$document_root);
//最前面有没有/是不是正确路径或是空的
if(empty($document_root)||substr($document_root, -1)!='/')
{//拼接xxx/ 用于拼接文件
$document_root=$document_root. '/';
}*/
//检查url
if(substr($_CMS['siteroot'], -1) != '/') {
$_CMS['siteroot'] .= '/';
}
//parse_url() 是专门用来解析 url 而不是 uri 的。
//检查上面
//数组
$urls = parse_url($_CMS['siteroot']);
//str_replace() 是 PHP 中用于字符串替换的核心函数,把/web', '/app', '/payment/wechat', '/payment/alipay', '/api替换为空
$urls['path'] = str_replace(array('/web', '/app', '/payment/wechat', '/payment/alipay', '/api'), '', $urls['path']);
//拼接路径,检查端口
//有端口并不等于80,就自己的
$_CMS['siteroot'] = $urls['scheme'].'://'.$urls['host'].((!empty($urls['port']) && $urls['port']!='80') ? ':'.$urls['port'] : '').$urls['path'];
//
$_CMS['siteurl'] = $urls['scheme'].'://'.$urls['host'].((!empty($urls['port']) && $urls['port']!='80') ? ':'.$urls['port'] : '') . $_CMS['script_name'] . (empty($_SERVER['QUERY_STRING'])?'':'?') . $_SERVER['QUERY_STRING'];
//赋值
$_CMS['weid']=$_CMS['beid'];
$_CMS['uniacid']=$_CMS['beid'];
$_W=$_CMS;
$_GPC=$_GP;E:\baijiacms-master\includes\baijiacms\user.inc.php
php
defined('SYSTEM_IN') or exit('Access Denied');
define('MOBILE_TEMP_SESSION_ID', SESSION_PREFIX."mobile_sessionAccount");
define('MOBILE_SESSION_ID', SESSION_PREFIX."mobile_account");
define('MOBILE_WEIXIN_OPENID', SESSION_PREFIX."mobile_weixin_openid");
define('MOBILE_USER_SHAREID', SESSION_PREFIX."mobile_user_shareid");
define('TM_COMMISSION_AGENT_NEW', 'commission_agent_new');
define('TM_COMMISSION_ORDER_PAY', 'commission_order_pay');
define('TM_COMMISSION_ORDER_FINISH', 'commission_order_finish');
define('TM_COMMISSION_APPLY', 'commission_apply');
define('TM_COMMISSION_CHECK', 'commission_check');
define('TM_COMMISSION_PAY', 'commission_pay');
define('TM_COMMISSION_UPGRADE', 'commission_upgrade');
define('TM_COMMISSION_BECOME', 'commission_become');E:\baijiacms-master\includes\baijiacms\runner.inc.php
关键
php
$_GP = irequestsplite($_GP);
if(empty($_GP['m']))
{
$modulename = $_GP['act'];
}else
{
$modulename = $_GP['m'];
}
php
defined('SYSTEM_IN') or exit('Access Denied');
//$_CMS['beid']=$_GP['beid'];
//如果存在$_CMS['beid']并且SYSTEM_ACT==mobile并且$modulename=="shopwap"或$_CMS['isaddons']==true或$_GP['m']=='eshop'
if(!empty($_CMS['beid'])&&SYSTEM_ACT=='mobile'&&($modulename=="shopwap"||$_CMS['isaddons']==true||$_GP['m']=='eshop'))
{
//以$_CMS['beid'],'shop'读取配置判断,返回数组
$t_set_shop=globalSetting('shop');
//如果这两个建不是空
if(!empty($t_set_shop['close'])&&!empty($t_set_shop['closedetail']))
{
//不为空
if(!empty($t_set_shop['closeurl']))
{
//输出报错 message($t_set_shop['closedetail'],$t_set_shop['closeurl'],'error');
}else
{//输出
message($t_set_shop['closedetail']);
}
}
}
//拼接
$classname = $modulename."Addons";
//isaddons=true
if($_CMS['isaddons']==true)
{
//包含
//根据empty($_CMS['beid'])检查站点
require(WEB_ROOT.'/system/common/addons.php');
//检查
if(SYSTEM_ACT=='mobile')
{
require(WEB_ROOT.'/system/common/mobile.php');
//
$file = ADDONS_ROOT . $modulename."/mobile.php";
}else
{
$file = ADDONS_ROOT . $modulename."/web.php";
}
}else
{
if(SYSTEM_ACT=='mobile')
{
require(WEB_ROOT.'/system/common/mobile.php');
$file = SYSTEM_ROOT . $modulename."/mobile.php";
}else
{
require(WEB_ROOT.'/system/common/web.php');
$file = SYSTEM_ROOT . $modulename."/web.php";
}
}
//检查路径是否正确
if(!is_file($file)) {
exit('ModuleSite Definition File Not Found '.$file);
}
//检查m
if(!empty($_GP['m']))
{
require(WEB_ROOT.'/system/common/common.php');
}
//包含
require $file;
//class_exists是PHP中的函数,用于检查类是否定义
//如果不存在
if(!class_exists($classname)) {
exit('ModuleSite Definition Class Not Found');
}
//实例化
$class = new $classname();
//
$class->module = $modulename;
$class->inMobile = SYSTEM_ACT=='mobile';
//如果m=eshop
if($_GP['m']!='eshop')
{
//
if($_CMS['isaddons']==true)
{
if($class instanceof BjModule) {
//$class如果不为空
if(!empty($class)) {
if(isset($_GP['do'])) {
//
if(SYSTEM_ACT=='mobile')
{
//设置属性
$class->inMobile = true;
}else
{
//
$_W['isfounder']=true;
if($modulename=='manager')
{
check_managerlogin();
}else
{
check_login();
}
$class->inMobile = false;
}
$method = 'do_'.$_GP['do'];
}
$class->module = $modulename;
if (method_exists($class, $method)) {
exit($class->$method());
}else
{
exit($method." no this method");
}
}
}
exit('BjSystemModule Class Definition Error');
}else
{
if($class instanceof BjSystemModule) {
if(!empty($class)) {
if(isset($_GP['do'])) {
if(SYSTEM_ACT=='mobile')
{
$class->inMobile = true;
}else
{
$_W['isfounder']=true;
if($modulename=='manager')
{
check_managerlogin();
}else
{
check_login();
}
$class->inMobile = false;
}
$method = 'do_'.$_GP['do'];
}
$class->module = $modulename;
if (method_exists($class, $method)) {
exit($class->$method());
}else
{
exit($method." no this method");
}
}
}
}
}else
{
if($class instanceof BJexModule) {
$class->uniacid = $class->weid = $_W['uniacid'];
$class->modulename = $_W['module'];
$class->__define = $file;
$class->inMobile = defined('IN_MOBILE');
if(SYSTEM_ACT=='mobile')
{
define('IN_MOBILE', true);
$method = 'doMobile' . ucfirst($_GPC['do']);
if (method_exists($class, $method)) {
exit($class->$method());
}
exit();
}else
{
define('IN_SYS', true);
define('IN_MODULE', $_W['module']);
define('IN_IA', true);
$_W['isfounder']=true;
$method = 'doWeb' . ucfirst($_GPC['do']);
if (method_exists($class, $method)) {
check_login();
exit($class->$method());
}
exit("访问的方法 {$method} 不存在.");
}
}
exit('BjSystemModule Class Definition Error');
}
php
function globalSetting($groupkey)
{
global $_CMS;
return globalBeSetting($_CMS['beid'],$groupkey);
}
php
function globalBeSetting($beid,$groupkey)
{
global $_CMS;
if(empty($beid))
{
message('未找到站点id');
}
if(empty($groupkey))
{
message("读取配置失败");
}
if(!empty($_CMS[$_CMS['beid'].'_'.$groupkey.'_setting']))
{
return $_CMS[$_CMS['beid'].'_'.$groupkey.'_setting'];
}
$config=array();
$system_config_cache = mysqld_select('SELECT * FROM '.table('config')." where `name`='system_config_cache' and `beid`=:beid and `group`=:group",array(":beid"=>$beid,':group'=>$groupkey));
if(empty($system_config_cache['value']))
{
$configdata = mysqld_selectall('SELECT * FROM '.table('config')." where `beid`=:beid and `group`=:group",array(":beid"=>$beid,':group'=>$groupkey));
foreach ($configdata as $item) {
$config[$item['name']]=$item['value'];
}
if(!empty($system_config_cache['name']))
{
mysqld_update('config', array('value'=>serialize($config)), array('name'=>'system_config_cache','beid'=>$beid,'group'=>$groupkey));
}else
{
mysqld_insert('config', array('name'=>'system_config_cache','value'=>serialize($config),'beid'=>$beid,'group'=>$groupkey));
}
$_CMS[$_CMS['beid'].'_'.$groupkey.'_setting']=$config;
return $config;
}else
{
$_CMS[$_CMS['beid'].'_'.$groupkey.'_setting']=unserialize($system_config_cache['value']);
return unserialize($system_config_cache['value']);
}
}/system/common/addons.php
php
<?php
defined('SYSTEM_IN') or exit('Access Denied');
abstract class BjModule {
public function __web($f_name){
global $_CMS,$_GP,$modulename,$_W,$_GPC;
if(empty($_CMS['beid']))
{
message("未找到站点ID");
}
include_once ADDONS_ROOT.$modulename.'/class/web/'.strtolower(substr($f_name,3)).'.php';
}
public function __mobile($f_name){
global $_CMS,$_GP,$modulename,$_W,$_GPC;
if(empty($_CMS['beid']))
{
message("未找到站点ID");
}
include_once ADDONS_ROOT.$modulename.'/class/mobile/'.strtolower(substr($f_name,3)).'.php';
}
}
function addons_page($filename) {
global $modulename;
if(SYSTEM_ACT=='mobile') {
$source=ADDONS_ROOT .$modulename."/template/mobile/{$filename}.php";
}else
{
$source=ADDONS_ROOT . $modulename."/template/web/{$filename}.php";
}
return $source;
}/system/common/mobile.php
php
<?php
defined('SYSTEM_IN') or exit('Access Denied');
abstract class BjSystemModule {
public function __mobile($f_name){
global $_CMS,$_GP,$_W,$_GPC;
if(empty($_CMS['beid']))
{
message("未找到站点ID");
}
$filephp=$_CMS['module'].'/class/mobile/'.strtolower(substr($f_name,3)).'.php';
include_once SYSTEM_ROOT.$filephp;
}
public function __mobile2($f_name){
global $_CMS,$_GP,$_W,$_GPC;
$filephp=$_CMS['module'].'/class/mobile/'.strtolower(substr($f_name,3)).'.php';
include_once SYSTEM_ROOT.$filephp;
}
}
if(is_login_account()&&!empty($_CMS['beid'])&&($_GP['m']=='eshop'||$_GP['act']=='shopwap'))
{
$tg_openid=get_sysopenid(false);
$tg_member = pdo_fetch('select openid,isagent,status,isblack from ' . tablename('eshop_member') . ' where openid=:openid and uniacid=:uniacid limit 1', array(
':uniacid' =>$_CMS['beid'],
':openid' => $tg_openid));
if(!empty($tg_member['isblack']))
{
message("该账户已被管理员加入黑名单禁止访问。");
}
if(empty($tg_member['isagent']))
{
}
if(!empty($tg_member['isagent'])&&!empty($tg_member['status']))
{
$_CMS['shopwap_member_isagent']=true;
if(empty($_GP['shareid']))
{
if(!empty($_SERVER['QUERY_STRING']))
{
$url = WEBSITE_ROOT . 'index.php?' . $_SERVER['QUERY_STRING'].'&shareid='.$tg_member['openid'] ;
}else
{
$url = WEBSITE_ROOT . 'index.php?shareid='.$tg_member['openid'] ;
}
header("Location:".$url);
exit;
}
}
}
if(is_login_account()==false){
if(empty($_SESSION[MOBILE_USER_SHAREID])&&!empty($_GP['shareid']))
{
$_SESSION[MOBILE_USER_SHAREID]=$_GP['shareid'];
}
}E:\baijiacms-master\system\manager\mobile.php
php
<?php
defined('SYSTEM_IN') or exit('Access Denied');
class managerAddons extends BjSystemModule {
}