PageRenderTime 49ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/controller/util.php

https://gitlab.com/imxieke/XCloud
PHP | 280 lines | 258 code | 9 blank | 13 comment | 17 complexity | def5703c2cbb47b4d227c65586840b97 MD5 | raw file
    

  1. <?php

    2. 

  2. /*

    3. 

  3. * @link http://www.kalcaddle.com/

    4. 

  4. * @author warlee | e-mail:kalcaddle@qq.com

    5. 

  5. * @copyright warlee 2014.(Shanghai)Co.,Ltd

    6. 

  6. * @license http://kalcaddle.com/tools/licenses/license.txt

    7. 

  7. */

    8. 

  8. 

    9. 

  9. //处理成标准目录

    10. 

  10. function _DIR_CLEAR($path){

    11. 

  11.     $path = htmlspecial_decode($path);

    12. 

  12.     $path = str_replace('\\','/',trim($path));

    13. 

  13.     if (strstr($path,'../')) {//preg耗性能

    14. 

  14.         $path = preg_replace('/\.+\/+/', '/', $path);

    15. 

  15.     }

    16. 

  16.     $path = preg_replace('/\/+/', '/', $path);

    17. 

  17.     return $path;

    18. 

  18. }

    19. 

  19. 

    20. 

  20. //处理成用户目录,并且不允许相对目录的请求操作

    21. 

  21. function _DIR($path){

    22. 

  22.     $path = _DIR_CLEAR(rawurldecode($path));

    23. 

  23.     $path = iconv_system($path);

    24. 

  24.     if (substr($path,0,strlen('*recycle*/')) == '*recycle*/') {

    25. 

  25.         return USER_RECYCLE.str_replace('*recycle*/','',$path);

    26. 

  26.     }

    27. 

  27.     if (substr($path,0,strlen('*public*/')) == '*public*/') {

    28. 

  28.         return PUBLIC_PATH.str_replace('*public*/','',$path);

    29. 

  29.     }

    30. 

  30.     if (substr($path,0,strlen('*share*/')) == '*share*/') {

    31. 

  31.         return "*share*/";

    32. 

  32.     }

    33. 

  33.     $path = HOME.$path;

    34. 

  34.     if (is_dir($path)) $path = rtrim($path,'/').'/';

    35. 

  35.     return $path;

    36. 

  36. }

    37. 

  37. 

    38. 

  38. //处理成用户目录输出

    39. 

  39. function _DIR_OUT(&$arr){

    40. 

  40.     xxsClear($arr);

    41. 

  41.     if (isset($GLOBALS['is_root'])&&$GLOBALS['is_root']) return;

    42. 

  42.     if (is_array($arr)) {

    43. 

  43.         foreach ($arr['filelist'] as $key => $value) {

    44. 

  44.             $arr['filelist'][$key]['path'] = pre_clear($value['path']);

    45. 

  45.         }

    46. 

  46.         foreach ($arr['folderlist'] as $key => $value) {

    47. 

  47.             $arr['folderlist'][$key]['path'] = pre_clear($value['path']);

    48. 

  48.         }

    49. 

  49.     }else{

    50. 

  50.         $arr = pre_clear($arr);

    51. 

  51.     }

    52. 

  52. }

    53. 

  53. //前缀处理 非root用户目录/从HOME开始

    54. 

  54. function pre_clear($path){

    55. 

  55.     if (ST=='share') {

    56. 

  56.         return str_replace(HOME,'',$path);

    57. 

  57.     }

    58. 

  58.     if (substr($path,0,strlen(PUBLIC_PATH)) == PUBLIC_PATH) {

    59. 

  59.         return '*public*/'.str_replace(PUBLIC_PATH,'',$path);

    60. 

  60.     }

    61. 

  61.     if (substr($path,0,strlen(USER_RECYCLE)) == USER_RECYCLE) {

    62. 

  62.         return '*recycle*/'.str_replace(USER_RECYCLE,'',$path);

    63. 

  63.     }

    64. 

  64.     return str_replace(HOME,'',$path);

    65. 

  65. }

    66. 

  66. function xxsClear(&$list){

    67. 

  67.     if (is_array($list)) {

    68. 

  68.         foreach ($list['filelist'] as $key => $value) {

    69. 

  69.             $list['filelist'][$key]['ext'] = htmlspecial($value['ext']);

    70. 

  70.             $list['filelist'][$key]['path'] = htmlspecial($value['path']);

    71. 

  71.             $list['filelist'][$key]['name'] = htmlspecial($value['name']);

    72. 

  72.         }

    73. 

  73.         foreach ($list['folderlist'] as $key => $value) {

    74. 

  74.             $list['folderlist'][$key]['path'] = htmlspecial($value['path']);

    75. 

  75.             $list['folderlist'][$key]['name'] = htmlspecial($value['name']);

    76. 

  76.         }

    77. 

  77.     }else{

    78. 

  78.         $list = htmlspecial($list);

    79. 

  79.     }

    80. 

  80. }

    81. 

  81. function htmlspecial($str){

    82. 

  82.     return str_replace(

    83. 

  83.         array('<','>','"',"'"),

    84. 

  84.         array('&lt;','&gt;','&quot;','&#039;','&amp;'),

    85. 

  85.         $str

    86. 

  86.     );

    87. 

  87. }

    88. 

  88. function htmlspecial_decode($str){

    89. 

  89.     return str_replace(        

    90. 

  90.         array('&lt;','&gt;','&quot;','&#039;'),

    91. 

  91.         array('<','>','"',"'"),

    92. 

  92.         $str

    93. 

  93.     );

    94. 

  94. }

    95. 

  95. 

    96. 

  96. //扩展名权限判断

    97. 

  97. function checkExtUnzip($s,$info){

    98. 

  98.     return checkExt($info['stored_filename']);

    99. 

  99. }

    100. 

  100. //扩展名权限判断 有权限则返回1 不是true

    101. 

  101. function checkExt($file,$changExt=false){

    102. 

  102.     if (strstr($file,'<') || strstr($file,'>') || $file=='') {

    103. 

  103.         return 0;

    104. 

  104.     }

    105. 

  105.     if ($GLOBALS['is_root'] == 1) return 1;

    106. 

  106.     $not_allow = $GLOBALS['auth']['ext_not_allow'];

    107. 

  107.     $ext_arr = explode('|',$not_allow);

    108. 

  108.     foreach ($ext_arr as $current) {

    109. 

  109.         if ($current !== '' && stristr($file,'.'.$current)){//含有扩展名

    110. 

  110.             return 0;

    111. 

  111.         }

    112. 

  112.     }

    113. 

  113.     return 1;

    114. 

  114. }

    115. 

  115. 

    116. 

  116. 

    117. 

  117. function get_charset(&$str) {

    118. 

  118.     if ($str == '') return 'utf-8';

    119. 

  119.     //前面检测成功则,自动忽略后面

    120. 

  120.     $charset=strtolower(mb_detect_encoding($str,$GLOBALS['config']['check_charset']));

    121. 

  121.     if (substr($str,0,3)==chr(0xEF).chr(0xBB).chr(0xBF)){

    122. 

  122.         $charset='utf-8';

    123. 

  123.     }else if($charset=='cp936'){

    124. 

  124.         $charset='gbk';

    125. 

  125.     }

    126. 

  126.     if ($charset == 'ascii') $charset = 'utf-8';

    127. 

  127.     return strtolower($charset);

    128. 

  128. }

    129. 

  129. 

    130. 

  130. function php_env_check(){

    131. 

  131.     $L = $GLOBALS['L'];

    132. 

  132.     $error = '';

    133. 

  133.     $base_path = get_path_this(BASIC_PATH).'/'; 

    134. 

  134.     if(!function_exists('iconv')) $error.= '<li>'.$L['php_env_error_iconv'].'</li>';

    135. 

  135.     if(!function_exists('mb_convert_encoding')) $error.= '<li>'.$L['php_env_error_mb_string'].'</li>';

    136. 

  136.     if(!version_compare(PHP_VERSION,'5.0','>=')) $error.= '<li>'.$L['php_env_error_version'].'</li>';

    137. 

  137.     if(!function_exists('file_get_contents')) $error.='<li>'.$L['php_env_error_file'].'</li>';

    138. 

  138.     if(!path_writable(BASIC_PATH)) $error.= '<li>'.$base_path.'	'.$L['php_env_error_path'].'</li>';

    139. 

  139.     if(!path_writable(BASIC_PATH.'data')) $error.= '<li>'.$base_path.'data	'.$L['php_env_error_path'].'</li>';

    140. 

  140.     if(!path_writable(BASIC_PATH.'data/system')) $error.= '<li>'.$base_path.'data/system	'.$L['php_env_error_path'].'</li>';

    141. 

  141.     if(!path_writable(BASIC_PATH.'data/User')) $error.= '<li>'.$base_path.'data/User	'.$L['php_env_error_path'].'</li>';

    142. 

  142.     if(!path_writable(BASIC_PATH.'data/thumb')) $error.= '<li>'.$base_path.'data/thumb	'.$L['php_env_error_path'].'</li>';

    143. 

  143.     if( !function_exists('imagecreatefromjpeg')||

    144. 

  144.         !function_exists('imagecreatefromgif')||

    145. 

  145.         !function_exists('imagecreatefrompng')||	

    146. 

  146.         !function_exists('imagecolorallocate')){

    147. 

  147.         $error.= '<li>'.$L['php_env_error_gd'].'</li>';

    148. 

  148.     }

    149. 

  149.     return $error;

    150. 

  150. }

    151. 

  151. 

    152. 

  152. //语言包加载:优先级:cookie获取>自动识别

    153. 

  153. //首次没有cookie则自动识别——存入cookie,过期时间无限

    154. 

  154. function init_lang(){

    155. 

  155.     if (isset($_COOKIE['kod_user_language'])) {

    156. 

  156.         $lang = $_COOKIE['kod_user_language'];

    157. 

  157.     }else{//没有cookie

    158. 

  158.         preg_match('/^([a-z\-]+)/i', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $matches);

    159. 

  159.         $lang = $matches[1];

    160. 

  160.         switch (substr($lang,0,2)) {

    161. 

  161.             case 'zh':

    162. 

  162.                 if ($lang != 'zn-TW'){

    163. 

  163.                     $lang = 'zh-CN';

    164. 

  164.                 }

    165. 

  165.                 break;

    166. 

  166.             case 'en':$lang = 'en';break;

    167. 

  167.             default:$lang = 'en';break;

    168. 

  168.         }

    169. 

  169.         $lang = str_replace('-', '_',$lang);

    170. 

  170.         setcookie('kod_user_language',$lang, time()+3600*24*365);

    171. 

  171.     }

    172. 

  172.     if ($lang == '') $lang = 'en';

    173. 

  173.     

    174. 

  174.     $lang = str_replace(array('/','\\','..','.'),'',$lang);

    175. 

  175.     define('LANGUAGE_TYPE', $lang);

    176. 

  176.     include(LANGUAGE_PATH.$lang.'/main.php');

    177. 

  177.     $GLOBALS['L'] = $L;

    178. 

  178. }

    179. 

  179. 

    180. 

  180. function init_setting(){

    181. 

  181.     $setting_file = USER_SYSTEM.'system_setting.php';

    182. 

  182.     if (!file_exists($setting_file)){//不存在则建立

    183. 

  183.         $setting = $GLOBALS['config']['setting_system_default'];

    184. 

  184.         $setting['menu'] = $GLOBALS['config']['setting_menu_default'];

    185. 

  185.         fileCache::save($setting_file,$setting);

    186. 

  186.     }else{

    187. 

  187.         $setting = fileCache::load($setting_file);   

    188. 

  188.     }

    189. 

  189.     if (!is_array($setting)) {

    190. 

  190.         $setting = $GLOBALS['config']['setting_system_default'];

    191. 

  191.     }

    192. 

  192.     if (!is_array($setting['menu'])) {

    193. 

  193.         $setting['menu'] = $GLOBALS['config']['setting_menu_default'];

    194. 

  194.     }

    195. 

  195. 

    196. 

  196.     $GLOBALS['app']->setDefaultController($setting['first_in']);//设置默认控制器

    197. 

  197.     $GLOBALS['app']->setDefaultAction('index');    //设置默认控制器函数

    198. 

  198. 

    199. 

  199.     $GLOBALS['config']['setting_system'] = $setting;//全局

    200. 

  200.     $GLOBALS['L']['kod_name'] = $setting['system_name'];

    201. 

  201.     $GLOBALS['L']['kod_name_desc'] = $setting['system_desc'];

    202. 

  202.     if (isset($setting['powerby'])) {

    203. 

  203.         $GLOBALS['L']['kod_power_by'] = $setting['powerby'];

    204. 

  204.     }

    205. 

  205. 

    206. 

  206.     //加载用户自定义配置

    207. 

  207.     $setting_user = BASIC_PATH.'config/setting_user.php';

    208. 

  208.     if (file_exists($setting_user)) {

    209. 

  209.         include($setting_user);

    210. 

  210.     }

    211. 

  211. }

    212. 

  212. 

    213. 

  213. //防止恶意请求

    214. 

  214. function check_post_many(){

    215. 

  215.     $check_time = 4;

    216. 

  216.     $maxt_num   = 40;//5秒内最大请求次数。超过则自动退出

    217. 

  217.     $total_time = 60;//10nmin

    218. 

  218.     $total_time_num = 500;

    219. 

  219.     

    220. 

  220.     //管理员不受限制

    221. 

  221.     if( isset($_SESSION['kod_user']) && 

    222. 

  222.         $_SESSION['kod_user']['role']=='root'){

    223. 

  223.         return;

    224. 

  224.     }

    225. 

  225.     //上传不受限制

    226. 

  226.     $URI = $GLOBALS['in']['URLremote'];

    227. 

  227.     if (isset($URI[1]) && $URI[1] =='fileUpload') {

    228. 

  228.         return;

    229. 

  229.     }

    230. 

  230.     $session_key = 'check_post_many';

    231. 

  231.     $_SESSION['check_session_has'] = 'kodexplorer';

    232. 

  232.     if (!isset($_SESSION[$session_key])) {

    233. 

  233.         $_SESSION[$session_key] = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);

    234. 

  234.     }else{

    235. 

  235.         $info = $_SESSION[$session_key]; 

    236. 

  236.         //----短期内并发控制       

    237. 

  237.         if (time()-$info['last_time'] >=$check_time) {//大于时长s 则清空

    238. 

  238.             $info = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);

    239. 

  239.         }else{

    240. 

  240.             if ($info['total_num'] >=$maxt_num) {//大于100次则直接退出

    241. 

  241.                 user_logout();

    242. 

  242.             }else{

    243. 

  243.                 $info['total_num'] +=1;

    244. 

  244.             }

    245. 

  245.         }

    246. 

  246.         //----总量控制

    247. 

  247.         if (time()-$info['max_time'] >=$total_time) {//大于时长s 则清空

    248. 

  248.             $info = array('last_time'=>time(),'total_num'=>0,'max_time'=>time(),'max_num'=>0);

    249. 

  249.         }else{

    250. 

  250.             if ($info['total_num'] >=$total_time_num) {//大于100次则直接退出

    251. 

  251.                 user_logout();

    252. 

  252.             }else{

    253. 

  253.                 $info['max_num'] +=1;

    254. 

  254.             }

    255. 

  255.         }

    256. 

  256.         $_SESSION[$session_key] = $info;

    257. 

  257.     }

    258. 

  258. }

    259. 

  259. function is_wap(){    

    260. 

  260.     if(preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|iphone|ipad|ipod|android|xoom)/i', 

    261. 

  261.         strtolower($_SERVER['HTTP_USER_AGENT']))){

    262. 

  262.         return true;

    263. 

  263.     }    

    264. 

  264.     if((isset($_SERVER['HTTP_ACCEPT'])) && 

    265. 

  265.         (strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') !== false)){

    266. 

  266.         return true;

    267. 

  267.     }

    268. 

  268.     return false;

    269. 

  269. }

    270. 

  270. function user_logout(){

    271. 

  271.     setcookie('PHPSESSID', '', time()-3600,'/'); 

    272. 

  272.     setcookie('kod_name', '', time()-3600); 

    273. 

  273.     setcookie('kod_token', '', time()-3600);

    274. 

  274.     setcookie('kod_user_language', '', time()-3600);

    275. 

  275.     session_destroy();

    276. 

  276.     header('location:./index.php?user/login');

    277. 

  277.     exit;

    278. 

  278. }

    279. 

  279. 

    280. 

  280. 

    281. 

  281.