final class cmstop extends object
{
public $app;
public $controller;
public $action;
public $args;
public $client;
public $app_dir;
public $class;
public $userid;
public $username;
public $groupid;
public $roleid;
public $departmentid;
public static $cacheid;
public static $cachettl;
public static $expire_license;
public function __construct($client = 'frontend')
{
$this->client = $client;
$this->cache();
}
public function __destruct()
{
if (!is_null(self::$cachettl)) {
cmstop::cache_end();
}
}
public function set_app($app)
{
if (!preg_match('/^[0-9a-z_]+$/i', $app)) {
$app = strip_tags($app);
$this->showmessage($app . ' 非法参数');
}
$this->app_dir = app_dir($app);
if (!is_dir($this->app_dir)) {
$this->showmessage($app . ' 应用不存在');
}
$r = table('app', $app);
if (!$r) {
$this->showmessage($app . ' 应用未安装');
}
if ($r['disabled']) {
$this->showmessage($app . ' 应用已禁用');
}
$this->app = $app;
loader::set_app($this->app);
}
public function set_controller($controller)
{
if (!preg_match('/^[0-9a-z_]+$/i', $controller)) {
$controller = strip_tags($controller);
$this->showmessage($controller . ' 非法参数');
}
if ($this->client === 'admin') {
$this->class = 'controller_admin_' . $controller;
$file = $this->app_dir . 'controller' . DS . 'admin' . DS . $controller . '.php';
} else {
if ($this->client == 'api') {
$this->class = 'controller_api_' . $controller;
$file = $this->app_dir . 'controller' . DS . 'api' . DS . $controller . '.php';
} else {
$this->class = 'controller_' . $controller;
$file = $this->app_dir . 'controller' . DS . $controller . '.php';
}
}
if (!file_exists($file)) {
$this->showmessage($controller . ' 控制器不存在');
}
$abstract = $this->app_dir . 'controller' . DS . 'abstract.php';
if (is_file($abstract)) {
require_once $abstract;
}
require_once $file;
if (!class_exists($this->class, false)) {
$this->class = $this->app . '_' . $this->class;
}
$this->controller = $controller;
}
public function set_action($action)
{
if (!preg_match('/^[0-9a-z_]+$/i', $action)) {
$action = strip_tags($action);
$this->showmessage($action . ' 非法参数');
}
$this->action = $action;
}
public function set_args($args)
{
$this->args = $args;
}
public function execute($app = NULL, $controller = NULL, $action = NULL, $args = array())
{
$router = factory::router();
if ($this->client == 'admin') {
$router->set_mode('standard');
}
$router->execute();
if (empty($app)) {
$app = $router->app;
}
if (empty($controller)) {
$controller = $router->controller;
}
if (empty($action)) {
$action = $router->action;
}
if (empty($args)) {
$args = $router->args;
}
$this->set_app($app);
$this->set_controller($controller);
$this->set_action($action);
$this->set_args($args);
$this->_before_execute();
$obj = new $this->class($this);
$response = $obj->execute();
$this->_after_execute($response);
return $response;
}
protected function _before_execute()
{
if (defined('INTERNAL')) {
$login = online();
if (!empty($login)) {
$this->userid = $login['userid'];
$this->username = $login['username'];
$this->groupid = $login['groupid'];
}
return true;
}
$setting = setting('system');
if ($setting['ipbanned']) {
$ipbanned = str_replace(array('*', '.'), array('[0-9]{1,3}', '\\.'), $setting['ipbanned']);
$ipbanned = array_map('trim', explode("\n", $ipbanned));
foreach ($ipbanned as $ip) {
if (preg_match('/^' . $ip . '$/', IP)) {
$this->showmessage('Access Denied');
}
}
}
if ($this->client == 'admin') {
if ($setting['ipaccess']) {
$access = false;
$ipaccess = str_replace(array('*', '.'), array('[0-9]{1,3}', '\\.'), $setting['ipaccess']);
$ipaccess = array_map('trim', explode("\n", $ipaccess));
foreach ($ipaccess as $ip) {
if (preg_match('/^' . $ip . '$/', IP)) {
$access = true;
}
}
if (!$access) {
$this->showmessage('Access Denied');
}
}
} else {
if ($setting['closed']) {
$this->showmessage($setting['closedreason']);
}
if ($setting['minrefreshsecond'] && !$this->cc($setting['minrefreshsecond'])) {
exit('Please not refresh too often');
}
}
if (stristr($_SERVER['HTTP_USER_AGENT'], ' flash')) {
foreach ($_REQUEST as $key => $val) {
if (preg_match('/^HTTP(?:_[A-Z]+)+$/', $key)) {
$_SERVER[$key] = $val;
}
}
$cookie = empty($_SERVER['HTTP_COOKIE']) ? empty($_REQUEST['Auth-Cookie']) ? NULL : $_REQUEST['Auth-Cookie'] : $_SERVER['HTTP_COOKIE'];
if ($cookie) {
foreach (explode(';', $cookie) as $pair) {
$pair = explode('=', $pair, 2);
$_COOKIE[trim($pair[0])] = urldecode(trim($pair[1]));
}
}
}
$login = online();
$this->userid = $login['userid'];
$this->username = $login['username'];
$this->groupid = $login['groupid'];
if ($this->client == 'admin') {
if (config('safemode', 'status')) {
$aca = $this->app . '/' . $this->controller . '/' . $this->action;
$safemode_aca = config('safemode', 'aca');
if (array_key_exists($aca, $safemode_aca)) {
$aca_config = $safemode_aca[$aca];
if ($aca_config === '*' || strtolower(value($_SERVER, 'REQUEST_METHOD', '')) === $aca_config) {
$this->showmessage(config('safemode', 'message'));
}
}
}
$aca = $this->app . '/' . $this->controller . '/' . $this->action;
if (in_array($aca, array('system/admin/login', 'system/seccode/image', 'system/seccode/valid'))) {
if (!empty($login)) {
header('Location:' . ADMIN_URL);
exit;
}
return true;
} else {
if (in_array($aca, array('system/admin/timeout'))) {
return true;
} else {
if (empty($login)) {
loader::model('member', 'member')->logout();
$refer = 'http://' . $_SERVER['HTTP_HOST'] . '/?' . $_SERVER['QUERY_STRING'];
header('Location:?app=system&controller=admin&action=login&refer=' . urlencode($refer));
exit;
}
}
}
if ($setting['enableadminlog']) {
register_shutdown_function('admin_log', $this->app, $this->controller, $this->action);
}
$this->roleid = $login['roleid'];
$this->departmentid = $login['departmentid'];
$this->priv();
}
return true;
}
protected function _after_execute(&$response)
{
if (extension_loaded('xhprof') && defined('XHPROF_DEBUG') && XHPROF_DEBUG) {
import('xhprof.xhprof_files');
$xhprof_data = xhprof_disable();
$xhprof_runs = new xhprof_files();
$run_id = ucfirst($this->app) . ucfirst($this->controller) . ucfirst($this->action) . '-' . str_replace('.', '', (string) microtime(true));
$xhprof_runs->save_run($xhprof_data, 'CmsTop', $run_id);
}
}
protected function priv()
{
require_once CMSTOP_PATH . 'apps/system/lib/priv.php';
priv::init($this->userid, $this->roleid);
if (!priv::aca($this->app, $this->controller, $this->action)) {
$this->showmessage('您没有操作“' . $this->app . '/' . $this->controller . '/' . $this->action . '”的权限!如有需要请联系管理员!');
}
}
public function cache()
{
if (!is_dir(CACHE_PATH)) {
if (!mkdir(CACHE_PATH, 511)) {
exit('data cache dir is not exists!');
}
@mkdir(CACHE_PATH . 'setting', 511);
@mkdir(CACHE_PATH . 'table', 511);
@mkdir(CACHE_PATH . 'templates', 511);
$setting = factory::setting();
$setting->cache();
}
$cache = factory::cache();
if (!$cache->get('cmstop_cache')) {
table_cache();
}
}
public static function cache_start($ttl, $id = NULL)
{
if (!$id) {
$id = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : (isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : preg_replace('/(.*)\\.php(.*)/i', '\\1.php', $_SERVER['PHP_SELF'])) . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : $_SERVER['PATH_INFO']);
$id = md5($id);
}
self::$cacheid = $id;
$cache = factory::cache();
$contents = $cache->get(self::$cacheid);
if ($contents == true) {
echo $contents;
exit;
} else {
ob_start();
self::$cachettl = $ttl;
return true;
}
}
public static function cache_end()
{
if (is_null(self::$cachettl)) {
return false;
}
$cache = factory::cache();
return $cache->set(self::$cacheid, ob_get_contents(), self::$cachettl);
}
public function showmessage($message, $url = NULL, $ms = 2000, $success = false)
{
$accept = value($_SERVER, 'HTTP_ACCEPT', '');
$is_ajax = defined('IS_AJAX') ? IS_AJAX : false;
if ($is_ajax || stripos($accept, 'application/json') !== false || stripos($accept, 'text/javascript') !== false) {
$result = array('state' => $success);
$result[$success ? 'message' : 'error'] = $message;
$json = factory::json();
$result = $json->encode($result);
exit(isset($_GET['jsoncallback']) ? $_GET['jsoncallback'] . '(' . $result . ');' : $result);
}
$template = factory::template('system');
$template->assign('CONFIG', config::get('config'));
$template->assign('message', $message);
$template->assign('url', $url);
$template->assign('ms', $ms);
$template->assign('success', $success);
$template->display('system/showmessage.html');
exit;
}
public function cc($ttl)
{
if (!$ttl) {
return NULL;
}
$cache = factory::cache();
$ccid = 'cc_' . IP;
$lastvisit = $cache->get($ccid);
$time = microtime(true);
if ($lastvisit && $time - $lastvisit <= $ttl) {
return false;
} else {
$cache->set($ccid, $time, 60);
return true;
}
}
public static function encode($data, $key)
{
import('helper.aes');
$aes = new Aes();
$aes->requirePkcs5();
$aes->setKey($key);
return $aes->encrypt($data);
}
public static function decode($data, $key)
{
import('helper.aes');
$aes = new Aes();
$aes->requirePkcs5();
$aes->setKey($key);
return $aes->decrypt($data);
}
}
define('DS', '/');
define('CMSTOP_PATH', str_replace('\\', '/', dirname(__FILE__)) . DS);
define('ROOT_PATH', CMSTOP_PATH);
require CMSTOP_PATH . 'config/define.php';
require FW_PATH . 'framework.php';
一键复制
编辑
Web IDE
原始数据
按行查看
历史