2007年6月24日 星期日

PHP 部落格架設 以系統管理者登入時的原碼

最近因為要考試。而且最近做的事情都被不太順利
所以,好幾天才發一個文章
這是之前有發過修改發文的那一個部落格
裡面管理者控制的原碼
< ? PHP
define('VALIDADMIN', 1);
require_once ("global.php");
include_once ("lang/{$langback}/backend.php");
include_once ("data/allmods.php");
include("data/cache_usergroup.php");
require_once ("admin/cache_func.php");

unset($blogplugin);
include_once("data/plugin_enabled.php");


acceptrequest('act,go,page');
if (!isset($page) || !is_numeric($page) || $page<=0) $page=1;
else $page=floor($page);
if ($go) @list($act, $job, $itemid)=@explode('_', basename($go));
if (!$act) $act='main';
else $act=basename($act);

if ($act=='upload') {
include ("admin/cp_upload.php");
exit();
}

$maxrecord=$blog->getsinglevalue("{$db_prefix}maxrec");

include_once("admin/admin_header.php");

if (file_exists("admin/cp_{$act}.php")) include ("admin/cp_{$act}.php");
else {
if (is_file("plugin/{$act}/admin.php")) {
$display_overall.=highlightadminitems('plugin', 'addon');
include ("plugin/{$act}/admin.php");
$display_overall=str_replace('', $plugin_header, $display_overall);
$display_overall=str_replace(' $display_overall.=$plugin_return;
}
else include ("admin/cp_main.php");
}
include_once("admin/admin_footer.php");

function highlightadminitems ($itemhighlight, $itemsrow) {
global $admin_item;
while (@list ($key, $value)=@each($admin_item[$itemsrow])) {
if ($itemhighlight==$key) $addclass='highlight';
else $addclass='normal';
$rollall.="
  • < a href=\"admin.php?go={$itemsrow}_{$key}\">{$value}
  • ";
    }
    return ("
    \n
      {$rollall}
    \n\n
    ");
    }

    function addpref ($pref_type, $pref_content) { //This will generate the complete config form body
    global $pref_leftchar, $pref_variable, $pref_result, $pref_quicksel, $prefseccounter;
    if ($pref_leftchar=='') $pref_leftchar=200;
    global $$pref_variable;
    $prefvalue=$$pref_variable;
    $prefs=@explode("|", $pref_content);
    switch ($pref_type) {
    case 't': //text input
    $output="< tr >< "td" class=\"prefleft\" valign=\"top\" width='$pref_leftchar'>{$prefs[1]} < 'td' class=\"prefright\"><" input type='text' name='prefconfig[{$prefs[0]}]' id='{$prefs[0]}' value=\"". "stripslashes($prefvalue[$prefs[0]])."\" size='40'> {$prefs[2]}< / td >< / tr >";
    break;
    case 'ta': //textarea
    $output="<'td' class=\"prefleft\" valign=\"top\" width='$pref_leftchar'>{$prefs[1]}<"textarea name='prefconfig[{$prefs[0]}]' id='{$prefs[0]}' cols='90' rows='6'>".stripslashes($prefvalue[$prefs[0]])." {$prefs[2]}";
    break;
    case 'r': //radio button
    $check1=($prefvalue[$prefs[0]]==1) ? " checked='checked' " : '';
    $check2=($prefvalue[$prefs[0]]==1) ? '' : " checked='checked' ";
    $output="{$prefs[1]}<"input type='radio' name='prefconfig[{$prefs[0]}]' id='{$prefs[0]}' value='1' {$check1}>{$prefs[3]} {$prefs[2]} {$prefs[4]}";
    break;
    case 'sel': //selection
    $tmp_sel="{$prefs[1]}<"select name='prefconfig[{$prefs[0]}]' id='{$prefs[0]}'>";
    $current_sel_all=@explode("<<", $prefs[2]);
    for ($i=0; $i $current_sel=@explode(">>", $current_sel_all[$i]);
    if ($current_sel[0]==$prefvalue[$prefs[0]]) $seled=" selected";
    else $seled='';
    $tmp_sel.="";
    }
    $tmp_sel.=" {$prefs[3]}";
    $output=$tmp_sel;
    unset($tmp_sel, $current_sel_all);
    break;
    case 'sec': //A separator
    $output="<"a "name=\"pref{$prefseccounter}\">{$prefs[0]} <"a href=\"#top\">[top]";
    if ($prefseccounter%5==0) $pref_quicksel.="";
    $pref_quicksel.="[<"a href=\"#pref{$prefseccounter}\">{$prefs[0]}]";
    if ($prefseccounter%5==4) $pref_quicksel.="";
    $prefseccounter+=1;
    break;
    }
    $pref_result[]=$output;
    }

    function changesingleconfig ($configname, $value, $configtype='mbcon', $configfile='data/mod_config.php') { // Change a single value for config
    global $$configtype, $lnc;
    $rar=$$configtype;
    $rar[$configname]=$value;
    $savetext=" while (@list ($key, $val) = @each ($rar)) {
    $savetext.="\${$configtype}['{$key}']='".safe_convert(stripslashes($val))."';\n";
    }
    if (writetofile ($configfile, $savetext)) {
    return true;
    } else {
    catcherror ($lnc[7].$configfile);
    }
    }

    function replaceblock ($filename, $blockidentifier, $newvalues) { //Partially change the content of a file
    $oldfilecontent=@readfromfile($filename);
    $inthebeginning="//[Start]{$blockidentifier}";
    $intheend="//[End]{$blockidentifier}";
    @list($thebeginningpart, $tobereplaced)=@explode($inthebeginning, $oldfilecontent);
    @list($tobereplaced, $theendpart)=@explode($intheend, $oldfilecontent);
    $newvalues=$inthebeginning."\r\n".$newvalues."\r\n".$intheend."\r\n";
    $newcontent=$thebeginningpart.$newvalues.$theendpart;
    $newcontent=str_replace("\r\n\r\n", "\r\n", $newcontent);
    return writetofile ($filename, $newcontent);
    }

    function mod_append ($value) {
    global $lnc;
    $filename="data/modules.php";
    $filecontent=@readfromfile($filename);
    $value="/*--APPENDAREA--*/\n".$value."\n";
    $filecontent=str_replace("/*--APPENDAREA--*/", $value, $filecontent);
    $filecontent=str_replace("\n\n", "\n", $filecontent);
    if (writetofile ($filename, $filecontent)) {
    return true;
    } else {
    catcherror ($lnc[7].$filename);
    }
    }


    function mod_replace ($name, $value) {
    global $lnc;
    $filename="data/modules.php";
    $filecontent=@file($filename);
    for ($i=0; $i if (strstr($filecontent[$i], "\$blogitem['{$name}']=")) {
    $filecontent[$i]=$value;
    break;
    }
    }
    $newfilecontent=@implode('', $filecontent);
    if (writetofile ($filename, $newfilecontent)) {
    return true;
    } else {
    catcherror ($lnc[7].$filename);
    }
    }

    function gen_page ($page, $numperline, $returnurl, $totalvolume, $perpagevolume) {
    global $lnc;
    $conxer=(strstr($returnurl, '?'))? '&' : '?';
    $total_pages=floor(($totalvolume-1)/$perpagevolume)+1;
    if (empty($total_pages)) return '';
    $firstindexpage=floor($page/$numperline)*$numperline+1;
    $lastindexpage=min(($firstindexpage+$numperline-1), $total_pages);
    $pagebar.=" {$lnc[8]} {$page}/{$total_pages} ";
    $pagebar.=" <"a href=\"{$returnurl}{$conxer}page=1\">\"{$lnc[9]}\" ";
    if ($page!=1) $pagebar.=" <"a href=\"{$returnurl}{$conxer}page=".($page-1)."\">\"{$lnc[10]}\" ";
    for ($i=$firstindexpage; $i<=$lastindexpage; $i++) {
    if ($i!=$page) $pagebar.=" <"a href=\"{$returnurl}{$conxer}page={$i}\">[{$i}] ";
    else $pagebar.=" [{$i}] ";
    }
    if ($page!=$total_pages) $pagebar.=" <"a href=\"{$returnurl}{$conxer}page=".($page+1)."\">\"{$lnc[11]}\" ";
    $pagebar.=" <"a href=\"{$returnurl}{$conxer}page={$total_pages}\">\"{$lnc[12]}\" ";
    return $pagebar;
    }

    function check_upload_file ($filename) { //Check if the file contains dangerous characters
    $danger=array ('fopen', 'fsockopen', 'writetofile', 'unlink', 'exec', 'eval');
    if (!file_exists($filename)) return true;
    $content=@readfromfile($filename);
    foreach ($danger as $checker) {
    if (stristr($content, $checker)) return false;
    }
    return $content;
    }

    function phpcode ($str) { //Convert HTML chars into entities for [CODE]
    $str=str_replace("\\\"", '"', $str);

    $str=htmlspecialchars($str, ENT_QUOTES);
    $str=str_replace('[', '[', $str);
    $str=str_replace(']', ']', $str);
    return "[code]{$str}[/code]";
    }

    function phpcode2 ($str) { //Convert HTML chars into entities for [CODE]
    $str=str_replace("\\\"", '"', $str);
    $str=str_replace('[', '[', $str);
    $str=str_replace(']', ']', $str);
    return "[code]{$str}[/code]";
    }

    function phpcode3 ($str) { //Encode the code for highlight purpose
    $str=str_replace("\\\"", '"', $str);
    $str=base64_encode($str);
    return "[php]{$str}[/php]";
    }

    function phpcode4 ($str) { //Encode the code for highlight purpose
    $str=base64_decode($str);
    $str=htmlspecialchars($str);
    return "[php]{$str}[/php]";
    }

    function admin_convert ($str) {
    global $mqgpc_status;
    $str=stripslashes($str);
    $str=str_replace("\r", '', $str);
    $str=str_replace("\n", '', $str);
    $str=str_replace("'", "\'", $str);
    return $str;
    }

    function confirmpsw() {
    global $logstat, $config, $ajax, $lna, $db_tmpdir, $userdetail, $db_defaultsessdir;
    if ($config['noadminsession']=='1') return;
    if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
    session_cache_limiter("private, must-revalidate");
    session_start();
    if ($_SESSION['admin_userid']!==$userdetail['userid'] || $_SESSION['admin_psw']!==$userdetail['userpsw']) {
    if ($ajax=='on') catcherror ($lna[951]);
    $loginjob=($logstat==1) ? 'adminlog' : '';
    header ("Location: login.php?job={$loginjob}");
    exit();
    }
    }

    function checksafe ($str) {
    $array_searches=array('fopen', 'eval', 'fsockopen', '_COOKIE', '_SESSION', 'writetofile', 'fwrite', 'fput', 'exec', 'Location', 'opendir', 'readdir', 'unlink', 'rmdir', 'mkdir', 'chmod', 'rename', 'mysql_', 'mysqli_', 'file_get_contents', 'file_put_contents', 'tmpfile', 'copy');
    return preg_search ($str, $array_searches);
    }

    function reArrayFiles($file_post) {
    $file_ary = array();
    $file_count = count($file_post['name']);
    $file_keys = array_keys($file_post);
    for ($i=0; $i<$file_count; $i++) {
    foreach ($file_keys as $key) {
    $file_ary[$i][$key] = $file_post[$key][$i];
    }
    }
    return $file_ary;
    }