www.gusucode.com > DuomiCms多米影视管理系统php源程序 v1.21源码程序 > DuomiCms V1.21 UTF-8 20151109/upload/admin/admin_filecheck.php

    <?php
/**
 * 
 *
 * @version        2015年7月12日Z by 海东青
 * @package        DuomiCms.Administrator
 * @copyright      Copyright (c) 2015, SamFea, Inc.
 * @link           http://www.duomicms.net
 */
require_once(dirname(__FILE__)."/config.php");
AjaxHead();
CheckPurview();
if(empty($action))
{
	$action = '';
}

if(empty($message)) $message = '尚未进行检测……';

$safefile = "data/common.inc.php
admin/admin_collect.php
admin/admin_link.php
admin/admin_topic.php
admin/admin_type.php
admin/config.php
duomiphp/common.php
duomiphp/link.func.php
duomiphp/common.func.php
duomiphp/sql.class.php
duomiphp/editor/fckeditor_php4.php
duomiphp/editor/fckeditor_php5.php
duomiphp/editor/index.php
duomiphp/core.class.php
install/common.inc.php
install/index.php";

$adminDir = m_ereg_replace("(.*)[/\\\]","",dirname(__FILE__));
$safefile = trim(str_replace('admin/',$adminDir.'/',$safefile));
$safefiles = split("[\r\n]{1,}",$safefile);

function TestOneFile($f)
{
	global $message;
	$str = '';	

	if(NotCheckFile($f)) return -1;
	$fp = fopen($f,'r');
	while(!feof($fp)) { $str .= fgets($fp,1024); }
	fclose($fp);
	if(m_eregi("(eval|cmd|_GET|_POST)[ \r\n\t]{0,}([\[\(])",$str))
	{
		$trfile = m_ereg_replace('^'.duomi_ROOT,'',$f);
		$message .= "<div style='clear:both;border-bottom:1px dotted #B8E6A2;line-height:24px'>
		<div style='width:350px;float:left'>可疑文件:{$trfile}</div>
		<div style='float:left'>[请手工连接FTP查看删除]
		</div></div>\r\n";
		return 1;
	}
	return 0;
}

function NotCheckFile($f)
{
	global $safefiles, $safefile;
	if($safefile != '')
	{
	   foreach($safefiles as $v)
	   {
	      //if(empty($v)) continue;
	      if( m_eregi($v,$f) ) return true;
	   }
	}
	return false;
}

function TestSafe($tdir)
{
	 $dh = dir($tdir);
	 while($fname=$dh->read())
	 {
	 	  $fnamef = $tdir.'/'.$fname;
	 	  if(is_dir($fnamef) && $fname != '.' && $fname != '..')
	 	  {
	 	  	TestSafe($fnamef);
	 	  }
	 	  if(m_eregi("\.(php|inc)",$fnamef))
	 	  {
	 	  	TestOneFile($fnamef);
	 	  }
	 }
}

if($action=="test")
{
	 $message = '';
	 AjaxHead();
	 TestSafe(duomi_ROOT);
	 if($message=='') $message = "<font color='green' style='font-size:14px'>没发现可疑文件!</font>";
	 echo $message;
	 exit();
}
else
{
	include(duomi_ADMIN.'/html/admin_filecheck.htm');
	exit();
}
?>