www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/admin/safecheck.php
<?php
!function_exists('adminmsg') && exit('Forbidden');
$basename="$admin_file?adminjob=safecheck";
if(!$action){
$dirlist = '';
$fp = opendir('./');
while($filename = readdir($fp)){
if($filename!='.' && $filename!='..' && is_dir($filename)){
$dirlist .= "<option value=\"$filename\">/$filename</option>";
}
}
include PrintEot('safecheck');exit;
} elseif($action=='search'){
InitGP(array('dir','keyword'));
if(!$dir || !$keyword){
adminmsg('operate_error');
}
$check = $dirlist = array();
foreach($dir as $key=>$value){
$ifsub = $value == '.' ? 0 : 1;
checkfile($keyword,$value.'/',$ifsub);
}
if(empty($check)){
adminmsg('all_file_ok');
}
foreach($check as $file=>$value){
$dir = dirname($file);
$filename = basename($file);
$filemtime = get_date(filemtime($file));
$filesize = filesize($file);
$dirlist[$dir][] = array($filename,$filesize,$filemtime);
}
include PrintEot('safecheck');exit;
} elseif($action=='file'){
if(!$files = @file('admin/safefiles.md5')){
adminmsg('safefiles_not_exists');
}
$md5_a = $md5_c = $md5_m = $md5_d = $dirlist = array();
safefile('./','\.php',0);
safefile('require/','\.php');
safefile('admin/','\.php');
safefile('template/','\.php|\.htm');
safefile('wap/','\.php');
safefile('simple/','\.php');
safefile('hack/','\.php|\.htm');
safefile('js/','\.js',0);
foreach($files as $value){
list($md5key,$file) = explode("\t",$value);
$file = trim($file);
if(!isset($md5_a[$file])){
$md5_d[$file] = 1;
} elseif($md5key != $md5_a[$file]){
$md5_m[] = $file;
} else{
$md5_c[] = $file;
}
}
$cklog = array('1'=>0,'2'=>0,'3'=>0);
$md5_a = array_merge($md5_a,$md5_d);
foreach($md5_a as $file=>$value){
$dir = dirname($file);
$filename = basename($file);
if(isset($md5_d[$file])){
$cklog[2]++;
$dirlist[$dir][] = array($filename,'','','2');;
} else{
$filemtime = get_date(filemtime($file));
$filesize = filesize($file);
if(in_array($file,$md5_m)){
$cklog[3]++;
$dirlist[$dir][] = array($filename,$filesize,$filemtime,'3');
} elseif(!in_array($file,$md5_c)){
$cklog[1]++;
$dirlist[$dir][] = array($filename,$filesize,$filemtime,'1');
}
}
}
include PrintEot('safecheck');exit;
} elseif($action == 'cache'){
$check = $dirlist = array();
$cklog = array('1'=>0,'2'=>0,'3'=>0);
cachefile(D_P.'data/');
if(empty($check)){
adminmsg('all_file_ok');
}
foreach($check as $file=>$value){
$dir = dirname($file);
$filename = basename($file);
$filemtime = get_date(filemtime($file));
$filesize = filesize($file);
$dirlist[$dir][] = array($filename,$filesize,$filemtime,$value);
}
include PrintEot('safecheck');exit;
}
function checkfile($keyword,$dir,$sub){
global $check;
$fp = opendir($dir);
while($filename = readdir($fp)){
$path = $dir.$filename;
if($filename!='.' && $filename!='..'){
if(is_dir($path)){
$sub && checkfile($keyword,$path.'/',$sub);
} elseif(preg_match('/(\.php|\.php3|\.htm|\.js)$/i',$filename) && filesize($path)<1048576){
$a = strtolower(readover($path));
if(strpos($a,$keyword)!==false){
$check[$path] = 1;
}
}
}
}
closedir($fp);
}
function safefile($dir,$ext='',$sub=1){
global $md5_a;
$exts = '/('.$ext.')$/i';
$fp = opendir($dir);
while($filename = readdir($fp)){
$path = $dir.$filename;
if($filename!='.' && $filename!='..' && (preg_match($exts, $filename) || $sub && is_dir($path))){
if($sub && is_dir($path)){
safefile($path.'/',$ext);
} else{
$md5_a[$path] = md5_file($path);
}
}
}
closedir($fp);
}
function cachefile($dir){
global $check,$lang,$cklog;
$fp = opendir($dir);
while($filename = readdir($fp)){
$path = $dir.$filename;
if($filename!='.' && $filename!='..'){
if(is_dir($path)){
cachefile($path.'/');
} elseif(preg_match('/(\.php|\.php3|\.htm)$/i',$filename) && filesize($path)<1048576){
$a = strtolower(readover($path));
if(strpos($a,'shell_exec')!==false || strpos($a,'gzencode')!==false){
$check[$path] = 1;
$cklog[1]++;
} elseif(strpos($a,'eval(')!==false || strpos($a,'move_uploaded_file($')!==false || strpos($a,'copy($')!==false || strpos($a,'chr(')!==false || strpos($a,'fopen(')!==false || strpos($a,'writeover(')!==false){
$check[$path] = 2;
$cklog[2]++;
} elseif(preg_match("/\<iframe(.+?)\<\/iframe\>/is",$a)){
$check[$path] = 3;
$cklog[3]++;
}
}
}
}
closedir($fp);
}
?>