首頁 探索 說明
註冊 登入
CQ_ADI
/
adicn
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 2552fd870a
分支列表 標籤列表
adicn
/
phpcms
/
modules
/
scan
/
index.php

index.php 6.5 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. <?php
    2. 

  2. defined('IN_PHPCMS') or exit('No permission resources.');
    3. 

  3. pc_base::load_app_class('admin', 'admin', 0);
    4. 

  4. class index extends admin {
    5. 

  5. 	
    6. 

  6. 	protected $safe = array ('file_type' => 'php|js','code' => '','func' => 'com|system|exec|eval|escapeshell|cmd|passthru|base64_decode|gzuncompress','dir' => '', 'md5_file'=>'');
    7. 

  7. 	
    8. 

  8. 	public function __construct() {
    9. 

  9. 		parent::__construct();
    10. 

  10. 	}
    11. 

  11. 	
    12. 

  12. 	public function init() {
    13. 

  13. 		$list = glob(PHPCMS_PATH.'*');
    14. 

  14. 		if (file_exists(CACHE_PATH.'caches_scan'.DIRECTORY_SEPARATOR.'caches_data')) {
    15. 

  15. 			$md5_file_list = glob(CACHE_PATH.'caches_scan'.DIRECTORY_SEPARATOR.'caches_data'.DIRECTORY_SEPARATOR.'md5_*.php');
    16. 

  16. 			if(is_array($md5_file_list)) {
    17. 

  17. 				foreach ($md5_file_list as $k=>$v) {
    18. 

  18. 					$md5_file_list[$v] = basename($v);
    19. 

  19. 					unset($md5_file_list[$k]);
    20. 

  20. 				}
    21. 

  21. 			}
    22. 

  22. 		}
    23. 

  23. 		$scan = getcache('scan_config', 'scan');
    24. 

  24. 		if (is_array($scan)) {
    25. 

  25. 			$scan = array_merge($this->safe, $scan);
    26. 

  26. 		} else {
    27. 

  27. 			$scan = $this->safe;
    28. 

  28. 		}
    29. 

  29. 		$scan['dir'] = string2array($scan['dir']);
    30. 

  30. 		pc_base::load_sys_class('form', '', 0);
    31. 

  31. 		include $this->admin_tpl('scan_index');
    32. 

  32. 	}
    33. 

  33. 	
    34. 

  34. 	//进行配置文件更新
    35. 

  35. 	public function public_update_config() {
    36. 

  36. 		$info = isset($_POST['info']) ? $_POST['info'] : showmessage(L('illegal_action'), HTTP_REFERER);
    37. 

  37. 		$dir = isset($_POST['dir']) ? new_stripslashes($_POST['dir']) : '';
    38. 

  38. 		if (empty($dir)) { 
    39. 

  39. 			showmessage(L('please_select_the_content'), '?m=scan&c=index&a=init');
    40. 

  40. 		}
    41. 

  41. 		$info['dir'] = var_export($dir, true);
    42. 

  42. 		setcache('scan_config', $info, 'scan');
    43. 

  43. 		showmessage(L('configuration_file_save_to_the'), '?m=scan&c=index&a=public_file_count');
    44. 

  44. 	}
    45. 

  45. 	
    46. 

  46. 	//对要进行扫描的文件进行统计
    47. 

  47. 	public function public_file_count() {
    48. 

  48. 		$scan = getcache('scan_config', 'scan');
    49. 

  49. 		pc_base::load_app_func('global');
    50. 

  50. 		set_time_limit(120);
    51. 

  51. 		$scan['dir'] = string2array($scan['dir']);
    52. 

  52. 		$scan['file_type'] = explode('|', $scan['file_type']);
    53. 

  53. 		$list = array();
    54. 

  54. 		foreach ($scan['dir'] as $v) {
    55. 

  55. 			if (is_dir($v)) {
    56. 

  56. 				foreach ($scan['file_type'] as $k ) {
    57. 

  57. 					$list = array_merge($list, scan_file_lists($v.DIRECTORY_SEPARATOR, 1, $k, 0, 1, 1));
    58. 

  58. 				}
    59. 

  59. 			} else {
    60. 

  60. 				$list = array_merge($list, array(str_replace(PHPCMS_PATH, '', $v)=>md5_file($v)));
    61. 

  61. 			}
    62. 

  62. 		}
    63. 

  63. 		setcache('scan_list', $list, 'scan');
    64. 

  64. 		showmessage(L('documents_to_file_the_statistics'), '?m=scan&c=index&a=public_file_filter');
    65. 

  65. 	}
    66. 

  66. 	
    67. 

  67. 	//对文件进行筛选
    68. 

  68. 	public function public_file_filter() {
    69. 

  69. 		$scan_list = getcache('scan_list', 'scan');
    70. 

  70. 		$scan = getcache('scan_config', 'scan');
    71. 

  71. 		if (file_exists($scan['md5_file'])) {
    72. 

  72. 			$old_md5 = include $scan['md5_file'];
    73. 

  73. 			foreach ($scan_list as $k=>$v) {
    74. 

  74. 				if ($v == $old_md5[$k]) {
    75. 

  75. 					unset($scan_list[$k]);
    76. 

  76. 				}
    77. 

  77. 			}
    78. 

  78. 		}
    79. 

  79. 		setcache('scan_list', $scan_list, 'scan');
    80. 

  80. 		showmessage(L('file_through_a_feature_the_function_is'), '?m=scan&c=index&a=public_file_func');
    81. 

  81. 	}
    82. 

  82. 	
    83. 

  83. 	//进行特征函数过滤
    84. 

  84. 	public function public_file_func() {
    85. 

  85. 		@set_time_limit(600);
    86. 

  86. 		$file_list = getcache('scan_list', 'scan');
    87. 

  87. 		$scan = getcache('scan_config', 'scan');
    88. 

  88. 		if (isset($scan['func']) && !empty($scan['func'])) {
    89. 

  89. 			foreach ($file_list as $key=>$val) {
    90. 

  90. 				$html = file_get_contents(PHPCMS_PATH.$key);
    91. 

  91. 				if(stristr($key,'.php.') != false || preg_match_all('/[^a-z]?('.$scan['func'].')\s*\(/i', $html, $state, PREG_SET_ORDER)) {
    92. 

  92. 					$badfiles[$key]['func'] = $state;
    93. 

  93. 	            }
    94. 

  94. 			}
    95. 

  95. 		}
    96. 

  96. 		if(!isset($badfiles)) $badfiles = array();
    97. 

  97. 		setcache('scan_bad_file', $badfiles, 'scan');
    98. 

  98. 		showmessage(L('feature_function_complete_a_code_used_by_filtration'), '?m=scan&c=index&a=public_file_code');
    99. 

  99. 	}
    100. 

  100. 	
    101. 

  101. 	//进行特征代码过滤
    102. 

  102. 	public function public_file_code() {
    103. 

  103. 		@set_time_limit(600);
    104. 

  104. 		$file_list = getcache('scan_list', 'scan');
    105. 

  105. 		$scan = getcache('scan_config', 'scan');
    106. 

  106. 		$badfiles = getcache('scan_bad_file', 'scan');
    107. 

  107. 		if (isset($scan['code']) && !empty($scan['code'])) {
    108. 

  108. 			foreach ($file_list as $key=>$val) {
    109. 

  109. 				$html = file_get_contents(PHPCMS_PATH.$key);
    110. 

  110. 				if(stristr($key, '.php.') != false || preg_match_all('/[^a-z]?('.$scan['code'].')/i', $html, $state, PREG_SET_ORDER)) {
    111. 

  111. 					$badfiles[$key]['code'] = $state;
    112. 

  112. 	            }
    113. 

  113. 	            if(strtolower(substr($key, -4)) == '.php' && function_exists('zend_loader_file_encoded') && zend_loader_file_encoded(PHPCMS_PATH.$key)) {
    114. 

  114. 	            	$badfiles[$key]['zend'] = 'zend encoded';
    115. 

  115. 	            }
    116. 

  116. 			}
    117. 

  117. 		}
    118. 

  118. 		setcache('scan_bad_file', $badfiles, 'scan');
    119. 

  119. 		showmessage(L('scan_completed'), '?m=scan&c=index&a=scan_report&menuid=1005');
    120. 

  120. 	}
    121. 

  121. 	
    122. 

  122. 	public function scan_report() {
    123. 

  123. 		$badfiles = getcache('scan_bad_file', 'scan');
    124. 

  124. 		if (empty($badfiles)) {
    125. 

  125. 			showmessage(L('scan_to_find_a_result_please_to_scan'), '?m=scan&c=index&a=init');
    126. 

  126. 		}
    127. 

  127. 		include $this->admin_tpl('scan_report');
    128. 

  128. 	}
    129. 

  129. 	
    130. 

  130. 	public function view() {
    131. 

  131. 		$url = isset($_GET['url']) && trim($_GET['url']) ? new_stripslashes(urldecode(trim($_GET['url']))) : showmessage(L('illegal_action'), HTTP_REFERER);
    132. 

  132. 		$url = str_replace("..","",$url);
    133. 

  133. 		
    134. 

  134. 		if (!file_exists(PHPCMS_PATH.$url)) {
    135. 

  135. 			showmessage(L('file_not_exists'));
    136. 

  136. 		}
    137. 

  137. 		$html = file_get_contents(PHPCMS_PATH.$url);
    138. 

  138. 		//判断文件名,如果是database.php 对里面的关键字符进行替换
    139. 

  139. 		$basename = basename($url);
    140. 

  140. 		if($basename == "database.php" || $basename == "system.php"){
    141. 

  141. 			//$html = str_replace();
    142. 

  142. 			showmessage(L('重要文件,不允许在线查看!'));
    143. 

  143. 		}
    144. 

  144. 		$file_list = getcache('scan_bad_file', 'scan');
    145. 

  145. 		if (isset($file_list[$url]['func']) && is_array($file_list[$url]['func']) && !empty($file_list[$url]['func'])) foreach ($file_list[$url]['func'] as $key=>$val)
    146. 

  146. 		{
    147. 

  147. 			$func[$key] = strtolower($val[1]);
    148. 

  148. 		}
    149. 

  149. 		if (isset($file_list[$url]['code']) && is_array($file_list[$url]['code']) && !empty($file_list[$url]['code'])) foreach ($file_list[$url]['code'] as $key=>$val)
    150. 

  150. 		{
    151. 

  151. 			$code[$key] = strtolower($val[1]);
    152. 

  152. 		}
    153. 

  153. 		if (isset($func)) $func = array_unique($func);
    154. 

  154. 		if (isset($code)) $code = array_unique($code);
    155. 

  155. 		$show_header = true;
    156. 

  156.  		include $this->admin_tpl('public_view');
    157. 

  157. 	}
    158. 

  158. 	
    159. 

  159. 	public function md5_creat() {
    160. 

  160. 		set_time_limit(120);
    161. 

  161. 		$pro = isset($_GET['pro']) && intval($_GET['pro']) ? intval($_GET['pro']) : 1;
    162. 

  162. 		pc_base::load_app_func('global');
    163. 

  163. 		switch ($pro) {
    164. 

  164. 			case '1'://统计文件
    165. 

  165. 				$msg = L('please_wait');
    166. 

  166. 				ob_start();
    167. 

  167. 				include $this->admin_tpl('md5_creat');
    168. 

  168. 				ob_flush();
    169. 

  169. 				ob_clean();
    170. 

  170. 				$list = scan_file_lists(PHPCMS_PATH, 1, 'php', 0, 1);
    171. 

  171. 				setcache('md5_'.date('Y-m-d'), $list, 'scan');
    172. 

  172. 				echo '<script type="text/javascript">location.href="?m=scan&c=index&a=md5_creat&pro=2&pc_hash='.$_SESSION['pc_hash'].'"</script>';
    173. 

  173. 				break;
    174. 

  174. 				
    175. 

  175. 			case '2':
    176. 

  176. 				showmessage(L('viewreporttrue'),'?m=scan&c=index&a=init');
    177. 

  177. 				break;
    178. 

  178. 		}
    179. 

  179. 	}
    180. 

  180. }
    181.