后台
http://127.0.0.1:855/dede/login.php?gotopage=%2Fdede%2F
因为像这个例子:
分组拆分
```regex
(a+)+$
```
输入:
```text
aaaaaaaab
```
字符串**明明有结尾**,最后那个 `b` 后面就是结尾。
真正的问题是:
-
模式要求:**整串到结尾为止都只能是 a**
-
实际输入:最后混进来一个 `b`
-
引擎就会怀疑:
**是不是前面的 `a` 分组方式不对?**
- 然后开始疯狂换分法重试
为什么会这样
看这个模式:
```regex
(a+)+$
```
它的意思不是简单的"找 `a` 的结尾"。
它的真实意思是:
-
`a+`:先匹配一段 `a`
-
`(a+)+`:这样的"a 段"可以重复很多次
-
`$`:一直要匹配到字符串结尾
也就是:
> **整串必须能被拆成若干段,每段都是一个或多个 `a`,而且最后刚好到字符串末尾。**
难点就在"怎么拆"
比如这串:
```text
aaaa
```
可以拆成:
-
`aaaa`
-
`aaa` + `a`
-
`aa` + `aa`
-
`aa` + `a` + `a`
-
`a` + `aaa`
-
`a` + `a` + `aa`
-
`a` + `a` + `a` + `a`
这些拆法对模式来说,前面都"看起来合法"。
所以当最后碰到 `b` 失败时,引擎不会立刻认输,它会想:
> "也许不是字符串错了,是我刚才拆法错了。"
于是它就换一种拆法再试。
所以它不是找不到结尾,而是:
**前面有太多种"可能的成功路径"**
最后一失败,就把这些路径反复回放。
这就是 **回溯爆炸**。
这本质是不是逻辑漏洞?
广义上,是的
如果你把"逻辑漏洞"理解成:
> 程序的处理逻辑在某些输入下出现了开发者没预料到的坏行为
index
php
<?php
/**
* 管理后台首页
*
* @version $Id: index.php 1 11:06 2010年7月13日Z tianya $
* @package DedeCMS.Administrator
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
//preg_match 是 PHP 中用来做正则表达式匹配的函数
//$_SERVER 是PHP编程语言中预定义的超全局数组,属于服务器变量类别,用于存储与服务器环境及HTTP请求相关的信息。
//本地服务识别
//$_server['server_software'] #服务器标识的字串,兼容环境
//如果服务器标识捕获到php+多个内容加上后面的Development Server
//贪婪匹配.单个字符,*重复0次或者多次
//先匹配php,后面所有的全部吃掉,再回退看后面的条件,如果吐完是空匹配失败
//
//php
//dos?$要求匹配
if ( preg_match("#PHP (.*) Development Server#",$_SERVER['SERVER_SOFTWARE']) )
{
// 是 PHP 中用于获取当前请求的完整 URI 路径及查询字符
//如果路径是对的就跳转
//dirname取目录部分
//一个客户端获取,一个获取服务器执行本身目录
//混合容器$_SERVER
if ( $_SERVER['REQUEST_URI'] == dirname($_SERVER['SCRIPT_NAME']) )
{
//跳转
header('HTTP/1.1 301 Moved Permanently');
//重定向到url
header('Location:'.$_SERVER['REQUEST_URI'].'/');
}
}
//包含配置目录
//D:/dedecms/include/拼接
require_once(DEDEINC.'/dedetag.class.php');
//D:/dedecms/deta/admin/quickmenu-用户id.txt
$myIcoFile = DEDEDATA.'/admin/quickmenu-'.$cuserLogin->getUserID().'.txt';
//拼接
$defaultIcoFile = DEDEDATA.'/admin/quickmenu.txt';
//如果路径存在且等于上面的
if(!file_exists($myIcoFile)) $myIcoFile = $defaultIcoFile;
//运行
require(DEDEADMIN.'/inc/inc_menu_map.php');
//包含
//这里xss可能可以命令执行
include(DEDEADMIN.'/templets/index2.htm');
exit();/dedetag.class.php
php
<?php if(!defined('DEDEINC')) exit("Request Error!");/inc/inc_menu_map.php
php
<?php
/**
* 菜单地图
*
* @version $Id: inc_menu_map.php 1 10:32 2010年7月21日Z tianya $
* @package DedeCMS.Administrator
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__)."/../config.php");
$maparray = array(1=>'文档相关',2=>'系统设置',3=>'必须辅助功能',4=>'网站更新操作',5=>'会员相关',6=>'基本模块插件');
//载入可发布频道
$addset = '';
//检测可用的内容模型
if($cfg_admin_channel = 'array' && count($admin_catalogs) > 0)
{
$admin_catalog = join(',', $admin_catalogs);
$dsql->SetQuery(" SELECT channeltype FROM `#@__arctype` WHERE id IN({$admin_catalog}) GROUP BY channeltype ");
}
else
{
$dsql->SetQuery(" SELECT channeltype FROM `#@__arctype` GROUP BY channeltype ");
}
$dsql->Execute();
$candoChannel = '';
while($row = $dsql->GetObject())
{
$candoChannel .= ($candoChannel=='' ? $row->channeltype : ','.$row->channeltype);
}
if(empty($candoChannel)) $candoChannel = 1;
$dsql->SetQuery("SELECT id,typename,addcon,mancon FROM `#@__channeltype` WHERE id IN({$candoChannel}) AND id<>-1 AND isshow=1 ORDER BY id ASC");
$dsql->Execute();
while($row = $dsql->GetObject())
{
$addset .= " <m:item name='{$row->typename}' ischannel='1' link='{$row->mancon}?channelid={$row->id}' linkadd='{$row->addcon}?channelid={$row->id}' channelid='{$row->id}' rank='' target='main' />\r\n";
}
//////////////////////////
$menusMain = "
-----------------------------------------------
<m:top mapitem='1' item='1_' name='常用操作' display='block'>
<m:item name='网站栏目管理' link='catalog_main.php' ischannel='1' addalt='创建栏目' linkadd='catalog_add.php?listtype=all' rank='t_List,t_AccList' target='main' />
<m:item name='所有档案列表' link='content_list.php' rank='a_List,a_AccList' target='main' />
<m:item name='等审核的档案' link='content_list.php?arcrank=-1' rank='a_Check,a_AccCheck' target='main' />
<m:item name='我发布的文档' link='content_list.php?mid=".$cuserLogin->getUserID()."' rank='a_List,a_AccList,a_MyList' target='main' />
<m:item name='评论管理' link='feedback_main.php' rank='sys_Feedback' target='main' />
<m:item name='内容回收站' link='recycling.php' ischannel='1' addalt='清空回收站' addico='img/gtk-del.png' linkadd='archives_do.php?dopost=clear&aid=no' rank='a_List' target='main' />
</m:top>
<m:top mapitem='1' item='1_' name='内容管理' display='block'>
$addset
<m:item name='专题管理' ischannel='1' link='content_s_list.php' linkadd='spec_add.php' channelid='-1' rank='spec_New' target='main' />
</m:top>
<m:top mapitem='1' item='1_' name='频道模型' display='block' rank='t_List,t_AccList,c_List,temp_One'>
<m:item name='内容模型管理' link='mychannel_main.php' rank='c_List' target='main' />
<m:item name='单页文档管理' link='templets_one.php' rank='temp_One' target='main'/>
<m:item name='联动类别管理' link='stepselect_main.php' rank='c_Stepseclect' target='main' />
<m:item name='自由列表管理' link='freelist_main.php' rank='c_List' target='main' />
<m:item name='自定义表单' link='diy_main.php' rank='c_List' target='main' />
</m:top>
<m:top mapitem='3' item='3_' name='采集管理' display='none' rank='co_NewRule,co_ListNote,co_ViewNote,co_Switch,co_GetOut'>
<m:item name='采集节点管理' link='co_main.php' rank='co_ListNote' target='main' />
<m:item name='临时内容管理' link='co_url.php' rank='co_ViewNote' target='main' />
<m:item name='导入采集规则' link='co_get_corule.php' rank='co_GetOut' target='main'/>
<m:item name='监控采集模式' link='co_gather_start.php' rank='co_GetOut' target='main'/>
<m:item name='采集未下载内容' link='co_do.php?dopost=coall' rank='co_GetOut' target='main'/>
</m:top>
<m:top mapitem='3' item='1_3_3' name='批量维护' display='block'>
<m:item name='更新系统缓存' link='sys_cache_up.php' rank='sys_ArcBatch' target='main' />
<m:item name='文档批量维护' link='content_batch_up.php' rank='sys_ArcBatch' target='main' />
<m:item name='搜索关键词维护' link='search_keywords_main.php' rank='sys_Keyword' target='main' />
<m:item name='文档关键词维护' link='article_keywords_main.php' rank='sys_Keyword' target='main' />
<m:item name='自动摘要|分页' link='article_description_main.php' rank='sys_Keyword' target='main' />
<m:item name='TAG标签管理' link='tags_main.php' rank='sys_Keyword' target='main' />
<m:item name='数据库内容替换' link='sys_data_replace.php' rank='sys_ArcBatch' target='main' />
</m:top>
<m:top mapitem='4' item='5_' name='自动任务' notshowall='1' display='block' rank='sys_MakeHtml'>
<m:item name='一键更新网站' link='makehtml_all.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新系统缓存' link='sys_cache_up.php' rank='sys_ArcBatch' target='main' />
</m:top>
<m:top mapitem='4' item='5_' name='HTML更新' notshowall='1' display='none' rank='sys_MakeHtml'>
<m:item name='更新主页HTML' link='makehtml_homepage.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新栏目HTML' link='makehtml_list.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新文档HTML' link='makehtml_archives.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新网站地图' link='makehtml_map_guide.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新RSS文件' link='makehtml_rss.php' rank='sys_MakeHtml' target='main' />
<m:item name='获取JS文件' link='makehtml_js.php' rank='sys_MakeHtml' target='main' />
<m:item name='更新专题HTML' link='makehtml_spec.php' rank='sys_MakeHtml' target='main' />
</m:top>
<m:top mapitem='3' item='1_6_' name='附件管理' display='none' rank='sys_Upload,sys_MyUpload,plus_文件管理器'>
<m:item name='上传新文件' link='media_add.php' rank='' target='main' />
<m:item name='附件数据管理' link='media_main.php' rank='sys_Upload,sys_MyUpload' target='main' />
<m:item name='文件式管理器' link='media_main.php?dopost=filemanager' rank='plus_文件管理器' target='main' />
</m:top>
<m:top mapitem='5' item='6_' name='会员管理' display='none' rank='member_List,member_Type'>
<m:item name='注册会员列表' link='member_main.php' rank='member_List' target='main' />
<m:item name='会员级别设置' link='member_rank.php' rank='member_Type' target='main' />
<m:item name='积分头衔设置' link='member_scores.php' rank='member_Type' target='main' />
<m:item name='会员模型管理' link='member_model_main.php' rank='member_Type' target='main' />
<m:item name='会员短信管理' link='member_pm.php' rank='member_Type' target='main' />
<m:item name='会员留言管理' link='member_guestbook.php' rank='member_Type' target='main' />
<m:item name='会员动态管理' link='member_info_main.php?type=feed' rank='member_Type' target='main' />
<m:item name='会员心情管理' link='member_info_main.php?type=mood' rank='member_Type' target='main' />
</m:top>
<m:top mapitem='2' item='10_' name='系统设置' display='none' rank='sys_User,sys_Group,sys_Edit,sys_Log,sys_Data'>
<m:item name='系统基本参数' link='sys_info.php' rank='sys_Edit' target='main' />
<m:item name='系统用户管理' link='sys_admin_user.php' rank='sys_User' target='main' />
<m:item name='用户组设定' link='sys_group.php' rank='sys_Group' target='main' />
<m:item name='服务器分布/远程' link='sys_multiserv.php' rank='sys_Group' target='main' />
<m:item name='系统日志管理' link='log_list.php' rank='sys_Log' target='main' />
<m:item name='验证安全设置' link='sys_safe.php' rank='sys_verify' target='main' />
<m:item name='图片水印设置' link='sys_info_mark.php' rank='sys_Edit' target='main' />
<m:item name='自定义文档属性' link='content_att.php' rank='sys_Att' target='main' />
<m:item name='软件频道设置' link='soft_config.php' rank='sys_SoftConfig' target='main' />
<m:item name='防采集串混淆' link='article_string_mix.php' rank='sys_StringMix' target='main' />
<m:item name='随机模板设置' link='article_template_rand.php' rank='sys_StringMix' target='main' />
<m:item name='计划任务管理' link='sys_task.php' rank='sys_Task' target='main' />
<m:item name='数据库备份/还原' link='sys_data.php' rank='sys_Data' target='main' />
<m:item name='SQL命令行工具' link='sys_sql_query.php' rank='sys_Data' target='main' />
<m:item name='文件校验[S]' link='sys_verifies.php' rank='sys_verify' target='main' />
<m:item name='病毒扫描[S]' link='sys_safetest.php' rank='sys_verify' target='main' />
<m:item name='系统错误修复[S]' link='sys_repair.php' rank='sys_verify' target='main' />
</m:top>
<m:top mapitem='5' item='10_6_' name='支付工具' display='none' rank='sys_Data'>
<m:item name='点卡产品分类' link='cards_type.php' rank='sys_Data' target='main' />
<m:item name='点卡产品管理' link='cards_manage.php' rank='sys_Data' target='main' />
<m:item name='会员产品分类' link='member_type.php' rank='sys_Data' target='main' />
<m:item name='会员消费记录' link='member_operations.php' rank='sys_Data' target='main' />
<m:item name='商店订单记录' link='shops_operations.php' rank='sys_Data' target='main' />
<m:item name='支付接口设置' link='sys_payment.php' .php' rank='sys_Data' target='main' />
<m:item name='配货方式设置' link='shops_delivery.php' rank='sys_Data' target='main' />
</m:top>
<m:top mapitem='2' item='10_7_' name='模板管理' display='none' rank='temp_One,temp_Other,temp_MyTag,temp_test,temp_All'>
<m:item name='默认模板管理' link='templets_main.php' rank='temp_All' target='main'/>
<m:item name='标签源码管理' link='templets_tagsource.php' rank='temp_All' target='main'/>
<m:item name='自定义宏标记' link='mytag_main.php' rank='temp_MyTag' target='main'/>
<m:item name='智能标记向导' link='mytag_tag_guide.php' rank='temp_Other' target='main'/>
<m:item name='全局标记测试' link='tag_test.php' rank='temp_Test' target='main'/>
</m:top>
";
//载入插件菜单
$plusset = '';
$dsql->SetQuery("SELECT * FROM `#@__plus` WHERE isshow=1 ORDER BY aid ASC");
$dsql->Execute();
while($row = $dsql->GetObject())
{
$plusset .= $row->menustring."\r\n";
}
$menusMain .= "
<m:top mapitem='6' name='模块管理' c='6,' display='block'>
<m:item name='模块管理' link='module_main.php' rank='sys_module' target='main' />
<m:item name='上传新模块' link='module_upload.php' rank='sys_module' target='main' />
<m:item name='模块生成向导' link='module_make.php' rank='sys_module' target='main' />
</m:top>
<m:top mapitem='6' item='7' name='辅助插件' display='block'>
<m:item name='插件管理器' link='plus_main.php' rank='10' target='main' />
$plusset
</m:top>
";
$mapstring = '';
$dtp = new DedeTagparse();
$dtp->SetNameSpace('m','<','>');
$dtp->LoadString($menusMain);
foreach($maparray as $k=>$bigname)
{
$mapstring .= "<dl class='maptop'>\r\n";
$mapstring .= "<dt class='bigitem'>$bigname</dt>\r\n";
$mapstring .= "<dd>\r\n";
foreach($dtp->CTags as $ctag)
{
if($ctag->GetAtt('mapitem') == $k)
{
$mapstring .= "<dl class='mapitem'>\r\n";
$mapstring .= "<dt>".$ctag->GetAtt('name')."</dt>\r\n";
$mapstring .= "<dd>\r\n<ul class='item'>\r\n";
$dtp2 = new DedeTagParse();
$dtp2->SetNameSpace('m', '<', '>');
$dtp2->LoadSource($ctag->InnerText);
foreach($dtp2->CTags as $j=>$ctag2)
{
$mapstring .= "<li><a href='".$ctag2->GetAtt('link')."' target='".$ctag2->GetAtt('target')."'>".$ctag2->GetAtt('name')."</a></li>\r\n";
}
$mapstring .= "</ul>\r\n</dd>\r\n</dl>\r\n";
}
}
$mapstring .= "</dd>\r\n</dl>\r\n";
}/../config.php
php
if(file_exists(DEDEDATA.'/admin/skin.txt'))
{
$skin = file_get_contents(DEDEDATA.'/admin/skin.txt');
$cfg_admin_skin = !in_array($skin, array(1,2,3,4))? 1 : $skin;
}
$_csrf_name = '_csrf_name_'.substr(md5(md5($cfg_cookie_encode)),0,8);
$_csrf_hash = GetCookie($_csrf_name);
if ( empty($_csrf_hash) )
{
$_csrf_hash = md5(uniqid(mt_rand(), TRUE));
if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
PutCookie($_csrf_name, $_csrf_hash, 7200, '/');
}
}
$_csrf = array(
'name' =>'_dede'.$_csrf_name,
'hash' => $_csrf_hash,
);
//检验用户登录状态
$cuserLogin = new userLogin();
if($cuserLogin->getUserID()==-1)
{
if ( preg_match("#PHP (.*) Development Server#",$_SERVER['SERVER_SOFTWARE']) )
{
$dirname = dirname($_SERVER['SCRIPT_NAME']);
header("location:{$dirname}/login.php?gotopage=".urlencode($dedeNowurl));
} else {
header("location:login.php?gotopage=".urlencode($dedeNowurl));
}
exit();
}/userlogin.class.php
php
<?php if(!defined('DEDEINC')) exit('Request Error!');
/**
* 管理员登陆类
*
* @version $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $
* @package DedeCMS.Libraries
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
session_start();/templets/index2.htm(高风险)
php
<!--This is IE DTD patch , Don't delete this line.-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $cfg_soft_lang; ?>">
<title><?php echo $cfg_webname; ?>-<?php echo $cfg_softname." ".$cfg_version; ?></title>
<link href="css/frame.css" rel="stylesheet" type="text/css" />
<script src="../include/js/jquery/jquery.js" language="javascript" type="text/javascript"></script>
<script src="js/frame.js" language="javascript" type="text/javascript"></script>
<link href="images/style<?php echo $cfg_admin_skin;?>/style.css" rel="stylesheet" type="text/css" />
<style type="text/css">
#skinlist {
display: block;
height: 11px;
margin-top: 10px;
overflow: hidden;
width: 86px;
}
#skin div {
float: left;
}
#skin li {
cursor: pointer;
float: left;
height: 11px;
width: 14px;
}
#def div, #s1 div, #s2 div, #s3 div, #s4 div{
background-image: url("images/skinbutton.png");
background-repeat: no-repeat;
}
#s1 div {
background-position: 0 0px;
}
#s2 div {
background-position: 0 -11px;
}
#s3 div {
background-position: 0 -22px;
}
#s4 div {
background-position: 0 -33px;
}
#s1 div.sel {
background: url("images/skinbutton.png") no-repeat scroll -14px top transparent;
}
#s2 div.sel {
background: url("images/skinbutton.png") no-repeat scroll -14px -11px transparent;
}
#s3 div.sel {
background: url("images/skinbutton.png") no-repeat scroll -14px -22px transparent;
}
#s4 div.sel {
background: url("images/skinbutton.png") no-repeat scroll -14px -33px transparent;
}
</style>
</head>
<body class="showmenu">
<div class="pagemask"></div>
<iframe class="iframemask"></iframe>
<div class="allmenu">
<div class="allmenu-box">
<?php
echo $mapstring;
?>
<br style='clear:both' />
</div>
</div>
<div class="head">
<div class="top">
<div class="top_logo"> <img src="images/style<?php echo $cfg_admin_skin;?>/admin_top_logo.gif" width="200" height="37" alt="DedeCms Logo" title="Welcome use DedeCms" id="topdedelogo" /> </div>
<div class="top_link">
<ul>
<li class="welcome">您好:<?php echo $cuserLogin->getUserName(); ?> ,欢迎使用DedeCMS!</li>
<li><a href="index_menu.php" target="menu">主菜单</a></li>
<li><a href="#" onclick="JumpFrame('catalog_menu.php','public_guide.php');">内容发布</a></li>
<li><a href="#" onclick="JumpFrame('index_menu.php','content_list.php');">内容维护</a></li>
<li><a href="#" onclick="JumpFrame('index_menu.php','index_body.php');">系统主页</a></li>
<li><a href="../index.php?upcache=1" target="_blank">网站主页</a></li>
<li><a href="../member" target="_blank">会员中心</a></li>
<li><a href="exit.php" target="_top">注销</a></li>
</ul>
<div class="quick"> <a href="#" class="ac_qucikmenu" id="ac_qucikmenu">快捷方式</a> <a href="#" class="ac_qucikadd" id="ac_qucikadd">
<!--ADD-->
</a> </div>
</div>
</div>
<div class="topnav">
<div class="menuact"> <a href="#" id="togglemenu">隐藏菜单</a>
<?php
if($cuserLogin->getUserType() >= 10) echo '<a href="#" id="allmenu">功能地图</a>';
?>
</div>
<div id="skin">
<div>
<ul id="skinlist">
<li id="s1">
<div<?php echo $cfg_admin_skin == 1? ' class="sel"' : '';?>><img alt="织梦绿" src="images/blank.gif"></div>
</li>
<li id="s2">
<div<?php echo $cfg_admin_skin == 2? ' class="sel"' : '';?>><img alt="淡蓝" src="images/blank.gif"></div>
</li>
<li id="s3">
<div<?php echo $cfg_admin_skin == 3? ' class="sel"' : '';?>><img alt="咖啡" src="images/blank.gif"></div>
</li>
<li id="s4">
<div<?php echo $cfg_admin_skin == 4? ' class="sel"' : '';?>><img alt="水墨" src="images/blank.gif"></div>
</li>
</ul>
</div>
</div>
<div class="nav" id="nav"> </div>
<div class="sysmsg">
<h3>滚动消息:</h3>
<div class="scroll">
<form action="action_search.php" target="main" method="post">
<input name="keyword" type="text" value="功能搜索" onfocus="if(this.value=='功能搜索'){this.value='';}" onblur="if(this.value==''){this.value='功能搜索';}" class="allsearch" style="width:150px;"/>
<input name="" type="submit" value="搜索" class="np"/>
<a href='http://bbs.dedecms.com' target='_blank'>官方论坛</a> <a href='http://help.dedecms.com' target='_blank'>在线帮助</a>
</form>
</div>
</div>
</div>
</div>
<div class="left">
<div class="menu" id="menu">
<iframe src="index_menu.php" id="menufra" name="menu" frameborder="0"></iframe>
</div>
</div>
<div class="right">
<div class="main">
<iframe id="main" name="main" frameborder="0" src="index_body.php"></iframe>
</div>
<!--<div id="help"><span id="content"><a href="#">栏目管理操作使用说明</a></span></div>-->
</div>
<div class="qucikmenu" id="qucikmenu">
<ul>
<?php
$dtp = new DedeTagparse();
$dtp->SetNameSpace('menu','<','>');
$dtp->LoadTemplet($myIcoFile);
if(is_array($dtp->CTags))
{
foreach($dtp->CTags as $ctag)
{
$title = $ctag->GetAtt('title');
$ico = $ctag->GetAtt('ico');
$link = $ctag->GetAtt('link');
echo "<li><a href='{$link}' target='main'>{$title}</a></li>\r\n";
}
}
?>
</ul>
</div>
<script language="javascript">
function JumpFrame(url1, url2){
jQuery('#menufra').get(0).src = url1;
jQuery('#main').get(0).src = url2;
}
(function($)
{
$("#skinlist>li").click(function()
{
var adminskin = $(this).index() + 1;
var csshref = "images/style"+adminskin+"/style.css";
$("#skinlist>li").each(function(){$(this).children('div').attr('class', '')});
$("#topdedelogo").attr('src', 'images/style'+adminskin+'/admin_top_logo.gif')
$('link').each(function()
{
if($(this).attr('href').match(/style.css$/))
{
$(this).attr('href',csshref);
}
});
$(this).children('div').attr('class', 'sel');
$(window.frames["menu"].document).find("link").each(function()
{
if($(this).attr('href').match(/style.css$/))
{
$(this).attr('href',csshref);
}
});
$(window.frames["main"].document).find("link").each(function()
{
if($(this).attr('href').match(/style.css$/))
{
$(this).attr('href',csshref);
}
});
$.get('index_body.php?dopost=setskin&cskin='+adminskin);
});
})(jQuery);
</script>
</body>
</html>getUserID
php
function getUserID()
{
//userID不是空
if($this->userID != '')
{
return $this->userID;
}
else
{
return -1;
}
}其它
config
php
<?php
/**
* @version $Id: common.inc.php 3 17:44 2010-11-23 tianya $
* @package DedeCMS.Libraries
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
// 生产环境使用production
define('DEDE_ENVIRONMENT', 'production');
//
if ( DEDE_ENVIRONMENT == 'production' )
{
error_reporting(E_ALL || ~E_NOTICE);
} else {
error_reporting(E_ALL);
}
//定义当前路径
//
define('DEDEINC', str_replace("\\", '/', dirname(__FILE__) ) );
//D:/dedecms,定义上级
define('DEDEROOT', str_replace("\\", '/', substr(DEDEINC,0,-8) ) );
//定义
define('DEDEDATA', DEDEROOT.'/data');
//定义
define('DEDEMEMBER', DEDEROOT.'/member');
//定义
define('DEDETEMPLATE', DEDEROOT.'/templets');
define('DEDEMODEL', './model');
define('DEDECONTROL', './control');
define('DEDEAPPTPL', './templates');
define('DEBUG_LEVEL', FALSE);
if (version_compare(PHP_VERSION, '5.3.0', '<'))
{
set_magic_quotes_runtime(0);
}
if (version_compare(PHP_VERSION, '5.4.0', '>='))
{
if (!function_exists('session_register'))
{
function session_register()
{
$args = func_get_args();
foreach ($args as $key){
$_SESSION[$key]=$GLOBALS[$key];
}
}
function session_is_registered($key)
{
return isset($_SESSION[$key]);
}
function session_unregister($key){
unset($_SESSION[$key]);
}
}
}
//是否启用mb_substr替换cn_substr来提高效率
$cfg_is_mb = $cfg_is_iconv = FALSE;
if(function_exists('mb_substr')) $cfg_is_mb = TRUE;
if(function_exists('iconv_substr')) $cfg_is_iconv = TRUE;login
php
<?php
/**
* 后台登陆
*
* @version $Id: login.php 1 8:48 2010年7月13日Z tianya $
* @package DedeCMS.Administrator
* @copyright Copyright (c) 2007 - 2010, DesDev, Inc.
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__).'/../include/common.inc.php');
require_once(DEDEINC.'/userlogin.class.php');
if(empty($dopost)) $dopost = '';
//检测安装目录安全性
if( is_dir(dirname(__FILE__).'/../install') )
{
if(!file_exists(dirname(__FILE__).'/../install/install_lock.txt') )
{
$fp = fopen(dirname(__FILE__).'/../install/install_lock.txt', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');
fwrite($fp,'ok');
fclose($fp);
}
//为了防止未知安全性问题,强制禁用安装程序的文件
if( file_exists("../install/index.php") ) {
@rename("../install/index.php", "../install/index.php.bak");
}
if( file_exists("../install/module-install.php") ) {
@rename("../install/module-install.php", "../install/module-install.php.bak");
}
$fileindex = "../install/index.html";
if( !file_exists($fileindex) ) {
$fp = @fopen($fileindex,'w');
fwrite($fp,'dir');
fclose($fp);
}
}
//更新服务器
require_once (DEDEDATA.'/admin/config_update.php');
if ($dopost=='showad')
{
include('templets/login_ad.htm');
exit;
}
//检测后台目录是否更名
$cururl = GetCurUrl();
if(preg_match('/dede\/login/i',$cururl))
{
$redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>';
}
else
{
$redmsg = '';
}
//登录检测
$admindirs = explode('/',str_replace("\\",'/',dirname(__FILE__)));
$admindir = $admindirs[count($admindirs)-1];
if($dopost=='login')
{
$validate = empty($validate) ? '' : strtolower(trim($validate));
$svali = strtolower(GetCkVdValue());
if(($validate=='' || $validate != $svali) && preg_match("/6/",$safe_gdopen)){
ResetVdValue();
ShowMsg('验证码不正确!','login.php',0,1000);
exit;
} else {
$cuserLogin = new userLogin($admindir);
if(!empty($userid) && !empty($pwd))
{
$res = $cuserLogin->checkUser($userid,$pwd);
//success
if($res==1)
{
$cuserLogin->keepUser();
if(!empty($gotopage))
{
ShowMsg('成功登录,正在转向管理管理主页!',$gotopage);
exit();
}
else
{
ShowMsg('成功登录,正在转向管理管理主页!',"index.php");
exit();
}
}
//error
else if($res==-1)
{
ResetVdValue();
ShowMsg('你的用户名不存在!','login.php',0,1000);
exit;
}
else
{
ResetVdValue();
ShowMsg('你的密码错误!','login.php',0,1000);
exit;
}
}
//password empty
else
{
ResetVdValue();
ShowMsg('用户和密码没填写完整!','login.php',0,1000);
exit;
}
}
}
include('templets/login.htm');