daxi20/Epay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2020.02新版

Browse Source
This commit is contained in:
Blokura
2020-02-21 16:20:55 +08:00
parent 45e2415d71
commit a2f29a310b
755 changed files with 95144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
includes/.htaccess Normal file
View File

@@ -0,0 +1 @@
deny from all

152
includes/360safe/360webscan.php Normal file
View File

@@ -0,0 +1,152 @@
<?php
webscan_error();
//引用配置文件
require_once('webscan_cache.php');
//get拦截规则
$getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|<.*(iframe|frame|style|embed|object|frameset|meta|xml)";
//post拦截规则
$postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|<.*(iframe|frame|style|embed|object|frameset|meta|xml)";
//cookie拦截规则
$cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);
/**
* 关闭用户错误提示
*/
function webscan_error() {
if (ini_get('display_errors')) {
ini_set('display_errors', '0');
}
}
/**
* 数据统计回传
*/
function webscan_slog($logs) {
//日志记录
return true;
}
/**
* 参数拆分
*/
function webscan_arr_foreach($arr) {
static $str;
static $keystr;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val ) {
$keystr=$keystr.$key;
if (is_array($val)) {
webscan_arr_foreach($val);
} else {
$str[] = $val.$keystr;
}
}
return implode($str);
}
/**
* 防护提示页
*/
function webscan_pape(){
$pape=<<<HTML
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8"/>
<title>输入内容存在危险字符,安全起见,已被本站拦截</title>
<style>
body, h1, h2, p,dl,dd,dt{margin: 0;padding: 0;font: 12px/1.5 微软雅黑,tahoma,arial;}
body{background:#efefef;}
h1, h2, h3, h4, h5, h6 {font-size: 100%;cursor:default;}
ul, ol {list-style: none outside none;}
a {text-decoration: none;color:#447BC4}
a:hover {text-decoration: underline;}
.ip-attack{width:600px; margin:200px auto 0;}
.ip-attack dl{ background:#fff; padding:30px; border-radius:10px;border: 1px solid #CDCDCD;-webkit-box-shadow: 0 0 8px #CDCDCD;-moz-box-shadow: 0 0 8px #cdcdcd;box-shadow: 0 0 8px #CDCDCD;}
.ip-attack dt{text-align:center;}
.ip-attack dd{font-size:16px; color:#333; text-align:center;}
.tips{text-align:center; font-size:14px; line-height:50px; color:#999;}
</style>
</head>
<body>
<div class="ip-attack">
<dl>
<dt><img src='http://p2.qhimg.com/t016dd70ac04d942b1b.png' /></dt>
<dt><a href="javascript:history.go(-1)">返回上一页</a></dt>
</dl>
</div>
</body>
</html>
HTML;
echo $pape;
}
/**
* 攻击检查拦截
*/
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) {
$StrFiltValue=webscan_arr_foreach($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));
exit(webscan_pape());
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
webscan_slog(array('ip' => $_SERVER["REMOTE_ADDR"],'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));
exit(webscan_pape());
}
}
/**
* 拦截目录白名单
*/
function webscan_white($webscan_white_name,$webscan_white_url=array()) {
$url_path=$_SERVER['SCRIPT_NAME'];
$url_var=$_SERVER['QUERY_STRING'];
if (preg_match("/".$webscan_white_name."/is",$url_path)==1&&!empty($webscan_white_name)) {
return false;
}
foreach ($webscan_white_url as $key => $value) {
if(!empty($url_var)&&!empty($value)){
if (stristr($url_path,$key)&&stristr($url_var,$value)) {
return false;
}
}
elseif (empty($url_var)&&empty($value)) {
if (stristr($url_path,$key)) {
return false;
}
}
}
return true;
}
if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) {
if ($webscan_get) {
foreach($_GET as $key=>$value) {
webscan_StopAttack($key,$value,$getfilter,"GET");
}
}
if ($webscan_post) {
foreach($_POST as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter,"POST");
}
}
if ($webscan_cookie) {
foreach($_COOKIE as $key=>$value) {
webscan_StopAttack($key,$value,$cookiefilter,"COOKIE");
}
}
if ($webscan_referre) {
foreach($webscan_referer as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter,"REFERRER");
}
}
}
?>

14
includes/360safe/webscan_cache.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
//拦截开关(1为开启0关闭)
$webscan_switch=1;
//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)
$webscan_post=1;
$webscan_get=1;
$webscan_cookie=1;
$webscan_referre=1;
//后台白名单,后台操作将不会拦截,添加"|"隔开白名单目录下面默认是网址带 admin /dede/ 放行
$webscan_white_directory='';
//url白名单,可以自定义添加url白名单,默认是对phpcms的后台url放行
//写法比如phpcms 后台操作url index.php?m=admin php168的文章提交链接post.php?job=postnew&step=post ,dedecms 空间设置edit_space_info.php
$webscan_white_url = array('index.php' => 'mod=admin-set');
?>

75
includes/ValidateCode.class.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
//验证码类
class ValidateCode {
private $charset = 'abcdefghkmnprstuvwxyzABCDEFGHKMNPRSTUVWXYZ23456789'; //随机因子
private $code; //验证码
private $codelen = 4; //验证码长度
private $width = 130; //宽度
private $height = 50; //高度
private $img; //图形资源句柄
private $font; //指定的字体
private $fontsize = 20; //指定字体大小
private $fontcolor; //指定字体颜色
//构造方法初始化
public function __construct() {
$this->font = ROOT_PATH.'/../assets/font/elephant.ttf';
}
//生成随机码
private function createCode() {
$_len = strlen($this->charset)-1;
for ($i=0;$i<$this->codelen;$i++) {
$this->code .= $this->charset[mt_rand(0,$_len)];
}
}
//生成背景
private function createBg() {
$this->img = imagecreatetruecolor($this->width, $this->height);
$color = imagecolorallocate($this->img, mt_rand(157,255), mt_rand(157,255), mt_rand(157,255));
imagefilledrectangle($this->img,0,$this->height,$this->width,0,$color);
}
//生成文字
private function createFont() {
$_x = $this->width / $this->codelen;
for ($i=0;$i<$this->codelen;$i++) {
$this->fontcolor = imagecolorallocate($this->img,mt_rand(0,156),mt_rand(0,156),mt_rand(0,156));
imagettftext($this->img,$this->fontsize,mt_rand(-30,30),$_x*$i+mt_rand(1,5),$this->height / 1.4,$this->fontcolor,$this->font,$this->code[$i]);
}
}
//生成线条、雪花
private function createLine() {
for ($i=0;$i<6;$i++) {
$color = imagecolorallocate($this->img,mt_rand(0,156),mt_rand(0,156),mt_rand(0,156));
imageline($this->img,mt_rand(0,$this->width),mt_rand(0,$this->height),mt_rand(0,$this->width),mt_rand(0,$this->height),$color);
}
for ($i=0;$i<100;$i++) {
$color = imagecolorallocate($this->img,mt_rand(200,255),mt_rand(200,255),mt_rand(200,255));
imagestring($this->img,mt_rand(1,5),mt_rand(0,$this->width),mt_rand(0,$this->height),'*',$color);
}
}
//输出
private function outPut() {
header('Content-type:image/png');
imagepng($this->img);
imagedestroy($this->img);
}
//对外生成
public function doimg() {
$this->createBg();
$this->createCode();
$this->createLine();
$this->createFont();
$this->outPut();
}
//获取验证码
public function getCode() {
return strtolower($this->code);
}
}

37
includes/autoloader.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
/**
*
* 自动载入函数
*/
class Autoloader
{
/**
* 向PHP注册在自动载入函数
*/
public static function register()
{
spl_autoload_register(array(new self, 'autoload'));
}
/**
* 根据类名载入所在文件
*/
public static function autoload($className)
{
// DIRECTORY_SEPARATOR目录分隔符linux上就是/ windows上是\
$filePath = __DIR__ . DIRECTORY_SEPARATOR . $className;
$filePath = str_replace('\\', DIRECTORY_SEPARATOR, $filePath) . '.php';
if (file_exists($filePath)) {
require_once $filePath;
return;
// if(method_exists($className, "init")) {
// call_user_func(array($className, "init"), $params);
// }
} else {
echo "无法加载" . $filePath;
}
}
}

57
includes/common.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
if(defined('IN_CRONLITE'))return;
define('IN_CRONLITE', true);
define('SYSTEM_ROOT', dirname(__FILE__).'/');
define('ROOT', dirname(SYSTEM_ROOT).'/');
define('TEMPLATE_ROOT', ROOT.'template/');
define('PLUGIN_ROOT', ROOT.'plugins/');
date_default_timezone_set('Asia/Shanghai');
$date = date("Y-m-d H:i:s");
if(!$nosession)session_start();
$siteurl = ($_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/';
if(is_file(SYSTEM_ROOT.'360safe/360webscan.php')){//360网站卫士
// require_once(SYSTEM_ROOT.'360safe/360webscan.php');
}
include_once(SYSTEM_ROOT."autoloader.php");
Autoloader::register();
include_once(SYSTEM_ROOT."security.php");
require ROOT.'config.php';
define('DBQZ', $dbconfig['dbqz']);
if(!$dbconfig['user']||!$dbconfig['pwd']||!$dbconfig['dbname'])//检测安装1
{
header('Content-type:text/html;charset=utf-8');
echo '你还没安装!<a href="/install/">点此安装</a>';
exit();
}
$DB = new \lib\PdoHelper($dbconfig);
if($DB->query("select * from pre_config where 1")==FALSE)//检测安装2
{
header('Content-type:text/html;charset=utf-8');
echo '你还没安装!<a href="/install/">点此安装</a>';
exit();
}
$CACHE=new \lib\Cache();
$conf=$CACHE->pre_fetch();
define('SYS_KEY', $conf['syskey']);
if(!$conf['localurl'])$conf['localurl'] = $siteurl;
$password_hash='!@#%!s!0';
include_once(SYSTEM_ROOT."functions.php");
include_once(SYSTEM_ROOT."member.php");
if (!file_exists(ROOT.'install/install.lock') && file_exists(ROOT.'install/index.php')) {
sysmsg('<h2>检测到无 install.lock 文件</h2><ul><li><font size="4">如果您尚未安装本程序,请<a href="./install/">前往安装</a></font></li><li><font size="4">如果您已经安装本程序,请手动放置一个空的 install.lock 文件到 /install 文件夹下,<b>为了您站点安全,在您完成它之前我们不会工作。</b></font></li></ul><br/><h4>为什么必须建立 install.lock 文件?</h4>它是安装保护文件,如果检测不到它,就会认为站点还没安装,此时任何人都可以安装/重装你的网站。<br/><br/>');exit;
}
?>

763
includes/functions.php Normal file
View File

@@ -0,0 +1,763 @@
<?php
function curl_get($url)
{
$ch=curl_init($url);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Linux; U; Android 4.4.1; zh-cn; R815T Build/JOP40D) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/4.5 Mobile Safari/533.1');
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$content=curl_exec($ch);
curl_close($ch);
return($content);
}
function get_curl($url, $post=0, $referer=0, $cookie=0, $header=0, $ua=0, $nobaody=0)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$httpheader[] = "Accept: */*";
$httpheader[] = "Accept-Encoding: gzip,deflate,sdch";
$httpheader[] = "Accept-Language: zh-CN,zh;q=0.8";
$httpheader[] = "Connection: close";
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheader);
if ($post) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
}
if ($header) {
curl_setopt($ch, CURLOPT_HEADER, true);
}
if ($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
if($referer){
if($referer==1){
curl_setopt($ch, CURLOPT_REFERER, 'http://m.qzone.com/infocenter?g_f=');
}else{
curl_setopt($ch, CURLOPT_REFERER, $referer);
}
}
if ($ua) {
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
}
else {
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Linux; U; Android 4.0.4; es-mx; HTC_One_X Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0");
}
if ($nobaody) {
curl_setopt($ch, CURLOPT_NOBODY, 1);
}
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
function real_ip($type=0){
$ip = $_SERVER['REMOTE_ADDR'];
if($type<=0 && isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {
foreach ($matches[0] AS $xip) {
if (filter_var($xip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$ip = $xip;
break;
}
}
} elseif ($type<=0 && isset($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif ($type<=1 && isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif ($type<=1 && isset($_SERVER['HTTP_X_REAL_IP']) && filter_var($_SERVER['HTTP_X_REAL_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$ip = $_SERVER['HTTP_X_REAL_IP'];
}
return $ip;
}
function get_ip_city($ip)
{
$url = 'http://whois.pconline.com.cn/ipJson.jsp?json=true&ip=';
$city = get_curl($url . $ip);
$city = mb_convert_encoding($city, "UTF-8", "GB2312");
$city = json_decode($city, true);
if ($city['city']) {
$location = $city['pro'].$city['city'];
} else {
$location = $city['pro'];
}
if($location){
return $location;
}else{
return false;
}
}
function send_mail($to, $sub, $msg) {
global $conf;
if($conf['mail_cloud']==1){
$mail = new \lib\mail\Sendcloud($conf['mail_apiuser'], $conf['mail_apikey']);
return $mail->send($to, $sub, $msg, $conf['mail_name2'], $conf['sitename']);
}elseif($conf['mail_cloud']==2){
$mail = new \lib\mail\Aliyun($conf['mail_apiuser'], $conf['mail_apikey']);
return $mail->send($to, $sub, $msg, $conf['mail_name2'], $conf['sitename']);
}else{
if(!$conf['mail_name'] || !$conf['mail_smtp'] || !$conf['mail_pwd'])return false;
$From = $conf['mail_name'];
$Host = $conf['mail_smtp'];
$Port = $conf['mail_port'];
$SMTPAuth = 1;
$Username = $conf['mail_name'];
$Password = $conf['mail_pwd'];
$Nickname = $conf['sitename'];
$SSL = $conf['mail_port']==465?1:0;
$mail = new \lib\mail\SMTP($Host , $Port , $SMTPAuth , $Username , $Password , $SSL);
$mail->att = array();
if($mail->send($to , $From , $sub , $msg, $Nickname)) {
return true;
} else {
return $mail->log;
}
}
}
function send_sms($phone, $code, $scope='reg'){
global $conf;
if($scope == 'reg'){
$moban = $conf['sms_tpl_reg'];
}elseif($scope == 'login'){
$moban = $conf['sms_tpl_login'];
}elseif($scope == 'find'){
$moban = $conf['sms_tpl_find'];
}elseif($scope == 'edit'){
$moban = $conf['sms_tpl_edit'];
}
if($conf['sms_api']==1){
$ssender = new \lib\sms\TencentSms($conf['sms_appid'], $conf['sms_appkey']);
$params = array($code, $conf['sitename']);
$smsSign = $conf['sms_sign'];
$result = $ssender->sendWithParam("86", $phone, $moban, $params, $smsSign, "", "");
$arr = json_decode($result,true);
if(array_key_exists('result',$arr) && $arr['result']==0){
return true;
}else{
return $arr['errmsg'];
}
}elseif($conf['sms_api']==2){
$sms = new \lib\sms\Aliyun($conf['sms_appid'], $conf['sms_appkey']);
$arr = $sms->send($phone, $code, $moban, $conf['sms_sign'], $conf['sitename']);
if(array_key_exists('Code',$arr) && $arr['Code']=='OK'){
return true;
}else{
return $arr['Message'];
}
}else{
$app=$conf['sitename'];
$url = 'http://api.978w.cn/yzmsms/index/appkey/'.$conf['sms_appkey'].'/phone/'.$phone.'/moban/'.$moban.'/app/'.$app.'/code/'.$code;
$data=get_curl($url);
$arr=json_decode($data,true);
if($arr['status']=='200'){
return true;
}else{
return $arr['error_msg_zh'];
}
}
}
function daddslashes($string, $force = 0, $strip = FALSE) {
!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
if(!MAGIC_QUOTES_GPC || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force, $strip);
}
} else {
$string = addslashes($strip ? stripslashes($string) : $string);
}
}
return $string;
}
function strexists($string, $find) {
return !(strpos($string, $find) === FALSE);
}
function dstrpos($string, $arr) {
if(empty($string)) return false;
foreach((array)$arr as $v) {
if(strpos($string, $v) !== false) {
return true;
}
}
return false;
}
function checkmobile() {
$useragent = strtolower($_SERVER['HTTP_USER_AGENT']);
$ualist = array('android', 'midp', 'nokia', 'mobile', 'iphone', 'ipod', 'blackberry', 'windows phone');
if((dstrpos($useragent, $ualist) || strexists($_SERVER['HTTP_ACCEPT'], "VND.WAP") || strexists($_SERVER['HTTP_VIA'],"wap")))
return true;
else
return false;
}
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 4;
$key = md5($key ? $key : ENCRYPT_KEY);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc.str_replace('=', '', base64_encode($result));
}
}
function random($length, $numeric = 0) {
$seed = base_convert(md5(microtime().$_SERVER['DOCUMENT_ROOT']), 16, $numeric ? 10 : 35);
$seed = $numeric ? (str_replace('0', '', $seed).'012340567890') : ($seed.'zZ'.strtoupper($seed));
$hash = '';
$max = strlen($seed) - 1;
for($i = 0; $i < $length; $i++) {
$hash .= $seed{mt_rand(0, $max)};
}
return $hash;
}
function showmsg($content = '未知的异常',$type = 4,$back = false)
{
switch($type)
{
case 1:
$panel="success";
break;
case 2:
$panel="info";
break;
case 3:
$panel="warning";
break;
case 4:
$panel="danger";
break;
}
echo '<div class="panel panel-'.$panel.'">
<div class="panel-heading">
<h3 class="panel-title">提示信息</h3>
</div>
<div class="panel-body">';
echo $content;
if ($back) {
echo '<hr/><a href="'.$back.'"><< 返回上一页</a>';
}
else
echo '<hr/><a href="javascript:history.back(-1)"><< 返回上一页</a>';
echo '</div>
</div>';
exit;
}
function sysmsg($msg = '未知的异常',$title = '站点提示信息') {
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="zh-CN">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo $title?></title>
<style type="text/css">
html{background:#eee}body{background:#fff;color:#333;font-family:"微软雅黑","Microsoft YaHei",sans-serif;margin:2em auto;padding:1em 2em;max-width:700px;-webkit-box-shadow:10px 10px 10px rgba(0,0,0,.13);box-shadow:10px 10px 10px rgba(0,0,0,.13);opacity:.8}h1{border-bottom:1px solid #dadada;clear:both;color:#666;font:24px "微软雅黑","Microsoft YaHei",,sans-serif;margin:30px 0 0 0;padding:0;padding-bottom:7px}#error-page{margin-top:50px}h3{text-align:center}#error-page p{font-size:9px;line-height:1.5;margin:25px 0 20px}#error-page code{font-family:Consolas,Monaco,monospace}ul li{margin-bottom:10px;font-size:9px}a{color:#21759B;text-decoration:none;margin-top:-10px}a:hover{color:#D54E21}.button{background:#f7f7f7;border:1px solid #ccc;color:#555;display:inline-block;text-decoration:none;font-size:9px;line-height:26px;height:28px;margin:0;padding:0 10px 1px;cursor:pointer;-webkit-border-radius:3px;-webkit-appearance:none;border-radius:3px;white-space:nowrap;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-box-shadow:inset 0 1px 0 #fff,0 1px 0 rgba(0,0,0,.08);box-shadow:inset 0 1px 0 #fff,0 1px 0 rgba(0,0,0,.08);vertical-align:top}.button.button-large{height:29px;line-height:28px;padding:0 12px}.button:focus,.button:hover{background:#fafafa;border-color:#999;color:#222}.button:focus{-webkit-box-shadow:1px 1px 1px rgba(0,0,0,.2);box-shadow:1px 1px 1px rgba(0,0,0,.2)}.button:active{background:#eee;border-color:#999;color:#333;-webkit-box-shadow:inset 0 2px 5px -3px rgba(0,0,0,.5);box-shadow:inset 0 2px 5px -3px rgba(0,0,0,.5)}table{table-layout:auto;border:1px solid #333;empty-cells:show;border-collapse:collapse}th{padding:4px;border:1px solid #333;overflow:hidden;color:#333;background:#eee}td{padding:4px;border:1px solid #333;overflow:hidden;color:#333}
</style>
</head>
<body id="error-page">
<?php echo '<h3>'.$title.'</h3>';
echo $msg; ?>
</body>
</html>
<?php
exit;
}
function getSid() {
return md5(uniqid(mt_rand(), true) . microtime());
}
function getMd5Pwd($pwd, $salt=null) {
return md5(md5($pwd) . md5('1277180438'.$salt));
}
function getSetting($k, $force = false){
global $DB,$CACHE;
if($force) return $DB->getColumn("SELECT v FROM pre_config WHERE k=:k LIMIT 1", [':k'=>$k]);
$cache = $CACHE->get($k);
return $cache[$k];
}
function saveSetting($k, $v){
global $DB;
return $DB->exec("REPLACE INTO pre_config SET v=:v,k=:k", [':v'=>$v, ':k'=>$k]);
}
function creat_callback($data){
global $DB;
$key=$DB->getColumn("SELECT `key` FROM pre_user WHERE uid='{$data['uid']}' LIMIT 1");
$type=$DB->getColumn("SELECT name FROM pre_type WHERE id='{$data['type']}' LIMIT 1");
$array=array('pid'=>$data['uid'],'trade_no'=>$data['trade_no'],'out_trade_no'=>$data['out_trade_no'],'type'=>$type,'name'=>$data['name'],'money'=>$data['money'],'money'=>$data['money'],'trade_status'=>'TRADE_SUCCESS');
$arg=\lib\PayUtils::argSort(\lib\PayUtils::paraFilter($array));
$prestr=\lib\PayUtils::createLinkstring($arg);
$urlstr=\lib\PayUtils::createLinkstringUrlencode($arg);
$sign=\lib\PayUtils::md5Sign($prestr, $key);
if(strpos($data['notify_url'],'?'))
$url['notify']=$data['notify_url'].'&'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
else
$url['notify']=$data['notify_url'].'?'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
if(strpos($data['return_url'],'?'))
$url['return']=$data['return_url'].'&'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
else
$url['return']=$data['return_url'].'?'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
if($data['tid']>0){
$url['return']=$data['return_url'];
}
return $url;
}
function creat_callback_user($data, $key=null){
global $DB;
if(!$key)$key=$DB->getColumn("SELECT `key` FROM pre_user WHERE uid='{$data['uid']}' LIMIT 1");
$type=$DB->getColumn("SELECT name FROM pre_type WHERE id='{$data['type']}' LIMIT 1");
$array=array('pid'=>$data['uid'],'trade_no'=>$data['trade_no'],'out_trade_no'=>$data['out_trade_no'],'type'=>$type,'name'=>$data['name'],'money'=>$data['money'],'money'=>$data['money'],'trade_status'=>$data['type']>0?'TRADE_SUCCESS':'TRADE_CLOSED');
$arg=\lib\PayUtils::argSort(\lib\PayUtils::paraFilter($array));
$prestr=\lib\PayUtils::createLinkstring($arg);
$urlstr=\lib\PayUtils::createLinkstringUrlencode($arg);
$sign=\lib\PayUtils::md5Sign($prestr, $key);
if(strpos($data['notify_url'],'?'))
$url['notify']=$data['notify_url'].'&'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
else
$url['notify']=$data['notify_url'].'?'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
if(strpos($data['return_url'],'?'))
$url['return']=$data['return_url'].'&'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
else
$url['return']=$data['return_url'].'?'.$urlstr.'&sign='.$sign.'&sign_type=MD5';
if($data['tid']>0){
$url['return']=$data['return_url'];
}
return $url;
}
function getdomain($url){
$arr=parse_url($url);
return $arr['host'];
}
function do_notify($url){
$return = curl_get($url);
if(strpos($return,'success')!==false || strpos($return,'SUCCESS')!==false || strpos($return,'Success')!==false){
return true;
}else{
return false;
}
}
function processOrder($srow,$notify=true){
global $DB,$CACHE,$conf;
$addmoney = $srow['getmoney'];
if($srow['tid']==1){ //商户注册
changeUserMoney($srow['uid'], $addmoney, true, '订单收入', $srow['trade_no']);
$info = unserialize($CACHE->read('reg_'.$srow['trade_no']));
if($info){
$DB->exec("UPDATE `pre_regcode` SET `status` ='1' WHERE `id`=:codeid", [':codeid'=>$info['codeid']]);
$key = random(32);
$sds=$DB->exec("INSERT INTO `pre_user` (`key`, `money`, `email`, `phone`, `addtime`, `pay`, `settle`, `keylogin`, `apply`, `status`) VALUES (:key, '0.00', :email, :phone, :addtime, 1, 1, 0, 0, 1)", [':key'=>$key, ':email'=>$info['email'], ':phone'=>$info['phone'], ':addtime'=>$info['addtime']]);
$uid=$DB->lastInsertId();
$pwd = getMd5Pwd($info['pwd'], $uid);
$DB->exec("UPDATE `pre_user` SET `pwd` ='{$pwd}' WHERE `uid`='$uid'");
if($sds && !empty($info['email'])){
$sub = $conf['sitename'].' - 注册成功通知';
$msg = '<h2>商户注册成功通知</h2>感谢您注册'.$conf['sitename'].'<br/>您的登录账号:'.$info['email'].'<br/>您的商户ID'.$uid.'<br/>您的商户秘钥:'.$key.'<br/>'.$conf['sitename'].'官网:<a href="http://'.$_SERVER['HTTP_HOST'].'/" target="_blank">'.$_SERVER['HTTP_HOST'].'</a><br/>【<a href="http://'.$_SERVER['HTTP_HOST'].'/user/" target="_blank">商户管理后台</a>】';
$result = send_mail($info['email'], $sub, $msg);
}
}
}else if($srow['tid']==2){ //充值余额
changeUserMoney($srow['uid'], $addmoney, true, '余额充值', $srow['trade_no']);
}else if($srow['tid']==3){ //一码支付
changeUserMoney($srow['uid'], $addmoney, true, '在线收款', $srow['trade_no']);
}else if($srow['tid']==4){ //购买用户组
$start = strpos($srow['name'],'#')+1;
$end = strrpos($srow['name'],'#');
$gid=intval(substr($srow['name'],$start,$end-$start));
changeUserGroup($srow['uid'],$gid);
}else{
changeUserMoney($srow['uid'], $addmoney, true, '订单收入', $srow['trade_no']);
if($notify==true){
$url=creat_callback($srow);
if(do_notify($url['notify'])){
$DB->exec("UPDATE pre_order SET notify=0 WHERE trade_no='{$srow['trade_no']}'");
}else{
$DB->exec("UPDATE pre_order SET notify=1 WHERE trade_no='{$srow['trade_no']}'");
}
}
}
}
function changeUserMoney($uid, $money, $add=true, $type=null, $orderid=null){
global $DB;
if($money<=0)return;
if($type=='订单退款'){
$isrefund = $DB->getColumn("SELECT id FROM pre_record WHERE type='订单退款' AND trade_no='{$orderid}' LIMIT 1");
if($isrefund)return;
}
$oldmoney = $DB->getColumn("SELECT money FROM pre_user WHERE uid='{$uid}' LIMIT 1");
if($add == true){
$action = 1;
$newmoney = round($oldmoney+$money, 2);
}else{
$action = 2;
$newmoney = round($oldmoney-$money, 2);
}
$res = $DB->exec("UPDATE pre_user SET money='{$newmoney}' WHERE uid='{$uid}'");
$DB->exec("INSERT INTO `pre_record` (`uid`, `action`, `money`, `oldmoney`, `newmoney`, `type`, `trade_no`, `date`) VALUES (:uid, :action, :money, :oldmoney, :newmoney, :type, :orderid, NOW())", [':uid'=>$uid, ':action'=>$action, ':money'=>$money, ':oldmoney'=>$oldmoney, ':newmoney'=>$newmoney, ':type'=>$type, ':orderid'=>$orderid]);
return $res;
}
function changeUserGroup($uid, $gid){
global $DB;
return $DB->exec("UPDATE pre_user SET gid='{$gid}' WHERE uid='{$uid}'");
}
function checkIfActive($string) {
$array=explode(',',$string);
$php_self=substr($_SERVER['REQUEST_URI'],strrpos($_SERVER['REQUEST_URI'],'/')+1,strrpos($_SERVER['REQUEST_URI'],'.')-strrpos($_SERVER['REQUEST_URI'],'/')-1);
if (in_array($php_self,$array)){
return 'active';
}else
return null;
}
function api_refund($trade_no, &$message){
global $DB,$conf;
$order = $DB->getRow("SELECT * FROM pre_order WHERE trade_no='$trade_no' LIMIT 1");
if(!$order){
$message = '该订单号不存在';
return false;
}
$channel = \lib\Channel::get($order['channel']);
if(!$channel){
$message = '当前支付通道信息不存在';
return false;
}
$loadfile = \lib\Plugin::refund($channel['plugin'], $trade_no);
if(!$loadfile){
$message = '当前支付通道不支持API退款';
return false;
}
$result = include($loadfile);
if($result && $result['code']==0){
return true;
}else{
$message = $result['msg'];
return false;
}
}
function transferToAlipay($channel, $out_trade_no, $payee_account, $payee_real_name, $money){
global $conf;
define("IN_PLUGIN", true);
define("PAY_ROOT", PLUGIN_ROOT.'alipay/');
require_once PAY_ROOT."inc/lib/AopClient.php";
require_once PAY_ROOT."inc/model/request/AlipayFundTransToaccountTransferRequest.php";
if(is_numeric($payee_account) && substr($payee_account,0,4)=='2088' && strlen($payee_account)==16)$payee_type = 'ALIPAY_USERID';
else $payee_type = 'ALIPAY_LOGONID';
$BizContent = array(
'out_biz_no' => $out_trade_no, //商户转账唯一订单号
'payee_type' => $payee_type, //收款方账户类型
'payee_account' => $payee_account, //收款方账户
'amount' => $money, //转账金额
'payer_show_name' => $conf['transfer_name'], //付款方显示姓名
);
if(!empty($payee_real_name))$BizContent['payee_real_name'] = $payee_real_name; //收款方真实姓名
$aop = new AopClient ();
$aop->gatewayUrl = 'https://openapi.alipay.com/gateway.do';
$aop->appId = $channel['appid'];
$aop->rsaPrivateKey = $channel['appsecret'];
$aop->alipayrsaPublicKey = $channel['appkey'];
$aop->apiVersion = '1.0';
$aop->signType = 'RSA2';
$aop->postCharset='UTF-8';
$aop->format='json';
$request = new AlipayFundTransToaccountTransferRequest ();
$request->setBizContent(json_encode($BizContent));
$result = $aop->execute ( $request);
$data = array();
$responseNode = str_replace(".", "_", $request->getApiMethodName()) . "_response";
$resultCode = $result->$responseNode->code;
if(!empty($resultCode)&&$resultCode == 10000){
$data['code']=0;
$data['ret']=1;
$data['msg']='success';
$data['orderid']=$result->$responseNode->order_id;
$data['paydate']=$result->$responseNode->pay_date;
} elseif($resultCode == 40004) {
$data['code']=0;
$data['ret']=0;
$data['msg']='['.$result->$responseNode->sub_code.']'.$result->$responseNode->sub_msg;
$data['sub_code']=$result->$responseNode->sub_code;
$data['sub_msg']=$result->$responseNode->sub_msg;
} elseif(!empty($resultCode)){
$data['code']=-1;
$data['msg']='['.$result->$responseNode->sub_code.']'.$result->$responseNode->sub_msg;
$data['sub_code']=$result->$responseNode->sub_code;
$data['sub_msg']=$result->$responseNode->sub_msg;
} else {
$data['code']=-1;
$data['msg']='未知错误';
}
return $data;
}
function transferToWeixin($channel, $out_trade_no, $payee_account, $payee_real_name, $money){
global $conf;
define("IN_PLUGIN", true);
define("PAY_ROOT", PLUGIN_ROOT.'wxpay/');
require_once PAY_ROOT."inc/WxPay.Api.php";
$input = new WxPayTransfer();
$input->SetPartner_trade_no($out_trade_no);
$input->SetOpenid($payee_account);
if(!empty($payee_real_name)){
$input->SetCheck_name('FORCE_CHECK');
$input->SetRe_user_name($payee_real_name);
}else{
$input->SetCheck_name('NO_CHECK');
}
$input->SetAmount($money*100);
$input->SetDesc($conf['transfer_desc']);
$input->SetSpbill_create_ip($_SERVER['SERVER_ADDR']);
$result = WxPayApi::transfer($input);
$data = array();
if($result["result_code"]=='SUCCESS'){
$data['code']=0;
$data['ret']=1;
$data['msg']='success';
$data['orderid']=$result["payment_no"];
$data['paydate']=$result["payment_time"];
} elseif($result["result_code"]=='FAIL' && ($result["err_code"]=='OPENID_ERROR'||$result["err_code"]=='NAME_MISMATCH'||$result["err_code"]=='MONEY_LIMIT'||$result["err_code"]=='V2_ACCOUNT_SIMPLE_BAN')) {
$data['code']=0;
$data['ret']=0;
$data['msg']='['.$result["err_code"].']'.$result["err_code_des"];
$data['sub_code']=$result["err_code"];
$data['sub_msg']=$result["err_code_des"];
} elseif(!empty($result["result_code"])){
$data['code']=-1;
$data['msg']='['.$result["err_code"].']'.$result["err_code_des"];
$data['sub_code']=$result["err_code"];
$data['sub_msg']=$result["err_code_des"];
} else {
$data['code']=-1;
$data['msg']='未知错误 '.$result["return_msg"];
}
return $data;
}
function transferToQQ($channel, $out_trade_no, $payee_account, $payee_real_name, $money){
global $conf;
define("IN_PLUGIN", true);
define("PAY_ROOT", PLUGIN_ROOT.'qqpay/');
require_once (PAY_ROOT.'inc/qpayMchAPI.class.php');
//入参
$params = array();
$params["input_charset"] = 'UTF-8';
$params["uin"] = $payee_account;
$params["out_trade_no"] = $out_trade_no;
$params["fee_type"] = "CNY";
$params["total_fee"] = $money*100;
$params["memo"] = $conf['transfer_desc']; //付款备注
if(!empty($payee_real_name)){
$params["check_name"] = 'FORCE_CHECK'; //校验用户姓名,"FORCE_CHECK"校验实名
}else{
$params["check_name"] = 'false'; //校验用户姓名,"FORCE_CHECK"校验实名
}
$params["re_user_name"] = $payee_real_name; //收款用户真实姓名
$params["check_real_name"] = "0"; //校验用户是否实名
$params["op_user_id"] = QpayMchConf::OP_USERID;
$params["op_user_passwd"] = md5(QpayMchConf::OP_USERPWD);
$params["spbill_create_ip"] = $_SERVER['SERVER_ADDR'];
//api调用
$qpayApi = new QpayMchAPI('https://api.qpay.qq.com/cgi-bin/epay/qpay_epay_b2c.cgi', true, 10);
$ret = $qpayApi->reqQpay($params);
$result = QpayMchUtil::xmlToArray($ret);
$data = array();
if ($result['return_code']=='SUCCESS' && $result['result_code']=='SUCCESS') {
$data['code']=0;
$data['ret']=1;
$data['msg']='success';
$data['orderid']=$result["transaction_id"];
$data['paydate']=date('Y-m-d H:i:s',time());
}elseif ($result['err_code']=='TRANSFER_FEE_LIMIT_ERROR' || $result['err_code']=='TRANSFER_FAIL' || $result['err_code']=='NOTENOUGH' || $result['err_code']=='APPID_OR_OPENID_ERR' || $result['err_code']=='TOTAL_FEE_OUT_OF_LIMIT' || $result['err_code']=='REALNAME_CHECK_ERROR' || $result['err_code']=='RE_USER_NAME_CHECK_ERROR') {
$data['code']=0;
$data['ret']=0;
$data['msg']='['.$result["err_code"].']'.$result["err_code_des"];
$data['sub_code']=$result["err_code"];
$data['sub_msg']=$result["err_code_des"];
}elseif(isset($result['result_code'])){
$data['code']=-1;
$data['msg']='['.$result["err_code"].']'.$result["err_code_des"];
$data['sub_code']=$result["err_code"];
$data['sub_msg']=$result["err_code_des"];
}else{
$data['code']=-1;
$data['msg']='未知错误 '.$result["return_msg"];
}
return $data;
}
function ordername_replace($name,$oldname,$uid){
global $DB;
if(strpos($name,'[name]')!==false){
$name = str_replace('[name]', $oldname, $name);
}
if(strpos($name,'[qq]')!==false){
$qq = $DB->getColumn("SELECT qq FROM pre_user WHERE uid='{$uid}' limit 1");
$name = str_replace('[qq]', $qq, $name);
}
if(strpos($name,'[time]')!==false){
$name = str_replace('[time]', time(), $name);
}
return $name;
}
function is_idcard( $id )
{
$id = strtoupper($id);
$regx = "/(^\d{17}([0-9]|X)$)/";
$arr_split = array();
if(strlen($id)!=18 || !preg_match($regx, $id))
{
return false;
}
$regx = "/^(\d{6})+(\d{4})+(\d{2})+(\d{2})+(\d{3})([0-9]|X)$/";
@preg_match($regx, $id, $arr_split);
$dtm_birth = $arr_split[2] . '/' . $arr_split[3]. '/' .$arr_split[4];
if(!strtotime($dtm_birth)) //检查生日日期是否正确
{
return false;
}
else
{
//检验18位身份证的校验码是否正确。
//校验位按照ISO 7064:1983.MOD 11-2的规定生成X可以认为是数字10。
$arr_int = array(7, 9, 10, 5, 8, 4, 2, 1, 6, 3, 7, 9, 10, 5, 8, 4, 2);
$arr_ch = array('1', '0', 'X', '9', '8', '7', '6', '5', '4', '3', '2');
$sign = 0;
for ( $i = 0; $i < 17; $i++ )
{
$b = (int) $id{$i};
$w = $arr_int[$i];
$sign += $b * $w;
}
$n = $sign % 11;
$val_num = $arr_ch[$n];
if ($val_num != substr($id,17, 1))
{
return false;
}
else
{
return true;
}
}
}
function getwxdwz($channel,$longurl) {
$id = $channel['appid'];
$secret = $channel['appsecret'];
$url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=".$id."&secret=".$secret;
$token = getAccessToken($url);
$arr = array('action'=>'long2short', 'long_url'=>$longurl);
$post = json_encode($arr);
$url = "https://api.weixin.qq.com/cgi-bin/shorturl?access_token=".$token."";
$result = get_curl($url, $post);
$arr = json_decode($result, true);
if(@array_key_exists('errcode',$arr) && $arr['errcode']==0){
return $arr['short_url'];
}else{
return false;
}
}
function getAccessToken($url) {
// access_token 应该全局存储与更新,以下代码以写入到文件中做示例
$data = json_decode(@file_get_contents(SYSTEM_ROOT."access_token.json"), true);
if ($data['expire_time'] < time()) {
// 如果是企业号用以下URL获取access_token
$output = get_curl($url);
$res = json_decode($output, true);
$access_token = $res['access_token'];
if ($access_token) {
$data['expire_time'] = time() + 600;
$data['access_token'] = $access_token;
file_put_contents(SYSTEM_ROOT."access_token.json", $data);
}
} else {
$access_token = $data['access_token'];
}
return $access_token;
}
function getdwz($longurl){
$url = preg_replace('/^(http|https|thunder|qqdl|ed2k|Flashget|qbrowser):\/\//i', '', $longurl);
$url = 'https://buluo.qq.com/cgi-bin/bar/extra/gen_short_url?urls=[%22'.urlencode($url).'%22]&r=0.9179819480050355';
$cookie = 'BULUO_TICKET=VcvoIeiMSTp1KfAJmdHdrhk87ypMYF3oykq9YIxprKLZBFoZtsNFkbm-LePkqkL1hKRqtUpBTV-eqF_4hSqOpBO3sB0; BL_ID=o3ztss1vi1w-QaMZ2MTlJveJZjNA';
$data = get_curl($url,0,'https://buluo.qq.com/',$cookie);
$arr = json_decode($data,true);
$short = $arr['result']['ls'][0]['url_code'];
if(!$short){
return false;
}else{
return($short);
}
}
function qrcodelogin($image){
$url='http://api.cccyun.cc/api/qrcode_noauth.php';
$post='image='.urlencode($image);
$data = get_curl($url,$post);
$arr=json_decode($data,true);
if(array_key_exists('code',$arr) && $arr['code']==1){
$result=array("code"=>0,"msg"=>"succ","url"=>$arr['url']);
}elseif(array_key_exists('msg',$arr)){
$result=array("code"=>-1,"msg"=>$arr['msg']);
}else{
$result=array("code"=>-1,"msg"=>$data);
}
return $result;
}
?>

45
includes/lib/Cache.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
namespace lib;
class Cache {
public function get($key) {
global $_CACHE;
return $_CACHE[$key];
}
public function read($key = 'config') {
global $DB;
$value = $DB->getColumn("SELECT v FROM pre_cache WHERE k=:key LIMIT 1", [':key'=>$key]);
return $value;
}
public function save($key ,$value, $expire=0) {
if (is_array($value)) $value = serialize($value);
global $DB;
return $DB->exec("REPLACE INTO pre_cache VALUES (:key, :value, :expire)", [':key'=>$key, ':value'=>$value, ':expire'=>$expire]);
}
public function pre_fetch(){
global $_CACHE;
$_CACHE=array();
$cache = $this->read('config');
$_CACHE = @unserialize($cache);
if(empty($_CACHE['version']))$_CACHE = $this->update();
return $_CACHE;
}
public function update() {
global $DB;
$cache = array();
$result = $DB->getAll("SELECT * FROM pre_config");
foreach($result as $row){
$cache[ $row['k'] ] = $row['v'];
}
$this->save('config', $cache);
return $cache;
}
public function clear($key = 'config') {
global $DB;
return $DB->exec("UPDATE pre_cache SET v='' WHERE k=:key", [':key'=>$key]);
}
public function clean() {
global $DB;
return $DB->exec("DELETE FROM pre_cache WHERE expire>0 AND expire<'".time()."'");
}
}

191
includes/lib/Channel.php Normal file
View File

@@ -0,0 +1,191 @@
<?php
namespace lib;
class Channel {
static public function get($id){
global $DB;
$value=$DB->getRow("SELECT * FROM pre_channel WHERE id='$id' LIMIT 1");
return $value;
}
// 支付提交处理(输入支付方式名称)
static public function submit($type, $gid=0){
global $DB;
if(checkmobile()==true){
$sqls = " AND (device=0 OR device=2)";
}else{
$sqls = " AND (device=0 OR device=1)";
}
$paytype=$DB->getRow("SELECT id,name,status FROM pre_type WHERE name='$type'{$sqls} LIMIT 1");
if(!$paytype || $paytype['status']==0)sysmsg('支付方式(type)不存在');
$typeid = $paytype['id'];
$typename = $paytype['name'];
return self::getSubmitInfo($typeid, $typename, $gid);
}
// 支付提交处理2输入支付方式ID
static public function submit2($typeid, $gid=0){
global $DB;
$paytype=$DB->getRow("SELECT id,name,status FROM pre_type WHERE id='$typeid' LIMIT 1");
if(!$paytype || $paytype['status']==0)sysmsg('支付方式(type)不存在');
$typename = $paytype['name'];
return self::getSubmitInfo($typeid, $typename, $gid);
}
//获取通道、插件、费率信息
static public function getSubmitInfo($typeid, $typename, $gid){
global $DB;
if($gid>0)$groupinfo=$DB->getColumn("SELECT info FROM pre_group WHERE gid='$gid' LIMIT 1");
if(!$groupinfo)$groupinfo=$DB->getColumn("SELECT info FROM pre_group WHERE gid=0 LIMIT 1");
if($groupinfo){
$info = json_decode($groupinfo,true);
$groupinfo = $info[$typeid];
if(is_array($groupinfo)){
$channel = $groupinfo['channel'];
$money_rate = $groupinfo['rate'];
}
else{
$channel = -1;
$money_rate = null;
}
if($channel==0){ //当前商户关闭该通道
return false;
}
elseif($channel==-1){ //随机可用通道
$row=$DB->getRow("SELECT id,plugin,status,rate,apptype FROM pre_channel WHERE type='$typeid' AND status=1 ORDER BY rand() LIMIT 1");
if($row){
$channel = $row['id'];
$plugin = $row['plugin'];
$apptype = $row['apptype'];
if(empty($money_rate))$money_rate = $row['rate'];
}
}
else{
if($groupinfo['type']=='roll'){ //解析轮询组
$channel = self::getChannelFromRoll($channel);
if($channel==0){ //当前轮询组未开启
return false;
}
}
$row=$DB->getRow("SELECT plugin,status,rate,apptype FROM pre_channel WHERE id='$channel' LIMIT 1");
if($row['status']==1){
$plugin = $row['plugin'];
$apptype = $row['apptype'];
if(empty($money_rate))$money_rate = $row['rate'];
}
}
}else{
$row=$DB->getRow("SELECT id,plugin,status,rate,apptype FROM pre_channel WHERE type='$typeid' AND status=1 ORDER BY rand() LIMIT 1");
if($row){
$channel = $row['id'];
$plugin = $row['plugin'];
$apptype = $row['apptype'];
$money_rate = $row['rate'];
}
}
if(!$plugin || !$channel){ //通道已关闭
return false;
}
return ['typeid'=>$typeid, 'typename'=>$typename, 'plugin'=>$plugin, 'channel'=>$channel, 'rate'=>$money_rate, 'apptype'=>$apptype];
}
// 获取当前商户可用支付方式
static public function getTypes($gid=0){
global $DB;
if(checkmobile()==true){
$sqls = " AND (device=0 OR device=2)";
}else{
$sqls = " AND (device=0 OR device=1)";
}
$rows = $DB->getAll("SELECT * FROM pre_type WHERE status=1{$sqls}");
$paytype = [];
foreach($rows as $row){
$paytype[$row['id']] = $row;
}
if($gid>0)$groupinfo=$DB->getColumn("SELECT info FROM pre_group WHERE gid='$gid' LIMIT 1");
if(!$groupinfo)$groupinfo=$DB->getColumn("SELECT info FROM pre_group WHERE gid=0 LIMIT 1");
if($groupinfo){
$info = json_decode($groupinfo,true);
foreach($info as $id=>$row){
if(!isset($paytype[$id]))continue;
if($row['channel']==0){
unset($paytype[$id]);
}elseif($row['channel']==-1){
$status=$DB->getColumn("SELECT status FROM pre_channel WHERE type='$id' AND status=1 LIMIT 1");
if(!$status || $status==0){
unset($paytype[$id]);
}elseif(empty($row['rate'])){
$paytype[$id]['rate']=$DB->getColumn("SELECT rate FROM pre_channel WHERE type='$id' AND status=1 LIMIT 1");
}else{
$paytype[$id]['rate']=$row['rate'];
}
}else{
if($row['type']=='roll'){
$status=$DB->getColumn("SELECT status FROM pre_roll WHERE id='{$row['channel']}' LIMIT 1");
}else{
$status=$DB->getColumn("SELECT status FROM pre_channel WHERE id='{$row['channel']}' LIMIT 1");
}
if(!$status || $status==0)unset($paytype[$id]);
else $paytype[$id]['rate']=$row['rate'];
}
}
}else{
foreach($paytype as $id=>$row){
$status=$DB->getColumn("SELECT status FROM pre_channel WHERE type='$id' AND status=1 limit 1");
if(!$status || $status==0)unset($paytype[$id]);
else{
$paytype[$id]['rate']=$DB->getColumn("SELECT rate FROM pre_channel WHERE type='$id' AND status=1 limit 1");
}
}
}
return $paytype;
}
//根据轮询组ID获取支付通道ID
static private function getChannelFromRoll($channel){
global $DB;
$row=$DB->getRow("SELECT * FROM pre_roll WHERE id='$channel' LIMIT 1");
if($row['status']==1){
$info = self::rollinfo_decode($row['info'],true);
if($row['kind']==1){
$channel = self::random_weight($info);
}else{
$channel = $info[$row['index']]['name'];
$index = ($row['index'] + 1) % count($info);
$DB->exec("UPDATE pre_roll SET `index`='$index' WHERE id='{$row['id']}'");
}
return $channel;
}
return false;
}
//解析轮询组info
static private function rollinfo_decode($content){
$result = [];
$arr = explode(',',$content);
foreach($arr as $row){
$a = explode(':',$row);
$result[] = ['name'=>$a[0], 'weight'=>$a[1]];
}
return $result;
}
//加权随机
static private function random_weight($arr){
$weightSum = 0;
foreach ($arr as $value) {
$weightSum += $value['weight'];
}
if($weightSum<=0)return false;
$randNum = rand(1, $weightSum);
foreach ($arr as $k => $v) {
if ($randNum <= $v['weight']) {
return $v['name'];
}
$randNum -=$v['weight'];
}
}
}

273
includes/lib/GeetestLib.php Normal file
View File

@@ -0,0 +1,273 @@
<?php
namespace lib;
/**
* 极验行为式验证安全平台php 网站主后台包含的库文件
*
* @author Tanxu
*/
class GeetestLib {
const GT_SDK_VERSION = 'php_3.0.0';
public static $connectTimeout = 1;
public static $socketTimeout = 1;
private $response;
private $captcha_id;
private $private_key;
public function __construct($captcha_id, $private_key) {
$this->captcha_id = $captcha_id;
$this->private_key = $private_key;
}
/**
* 判断极验服务器是否down机
*
* @param array $data
* @return int
*/
public function pre_process($param, $new_captcha=1) {
if(!empty($this->captcha_id) && !empty($this->private_key)){
$data = array('gt'=>$this->captcha_id,
'new_captcha'=>$new_captcha
);
$data = array_merge($data,$param);
$query = http_build_query($data);
$url = "http://api.geetest.com/register.php?" . $query;
$challenge = $this->send_request($url);
if (strlen($challenge) != 32) {
$this->failback_process();
return 0;
}
$this->success_process($challenge);
return 1;
}else{
$url = "https://www.geetest.com/demo/gt/register-slide?t=" . time() . "123";
$data = get_curl($url,0,'https://www.geetest.com/demo/slide-popup.html');
$this->response = json_decode($data, true);
return 1;
}
}
/**
* @param $challenge
*/
private function success_process($challenge) {
$challenge = md5($challenge . $this->private_key);
$result = array(
'success' => 1,
'gt' => $this->captcha_id,
'challenge' => $challenge,
'new_captcha'=>1
);
$this->response = $result;
}
/**
*
*/
private function failback_process() {
$rnd1 = md5(rand(0, 100));
$rnd2 = md5(rand(0, 100));
$challenge = $rnd1 . substr($rnd2, 0, 2);
$result = array(
'success' => 0,
'gt' => $this->captcha_id,
'challenge' => $challenge,
'new_captcha'=>1
);
$this->response = $result;
}
/**
* @return mixed
*/
public function get_response_str() {
return json_encode($this->response);
}
/**
* 返回数组方便扩展
*
* @return mixed
*/
public function get_response() {
return $this->response;
}
/**
* 正常模式获取验证结果
*
* @param string $challenge
* @param string $validate
* @param string $seccode
* @param array $param
* @return int
*/
public function success_validate($challenge, $validate, $seccode,$param, $json_format=1) {
if(!empty($this->captcha_id) && !empty($this->private_key)){
if (!$this->check_validate($challenge, $validate)) {
return 0;
}
$query = array(
"seccode" => $seccode,
"timestamp"=>time(),
"challenge"=>$challenge,
"captchaid"=>$this->captcha_id,
"json_format"=>$json_format,
"sdk" => self::GT_SDK_VERSION
);
$query = array_merge($query,$param);
$url = "http://api.geetest.com/validate.php";
$codevalidate = $this->post_request($url, $query);
$obj = json_decode($codevalidate,true);
if ($obj === false){
return 0;
}
if ($obj['seccode'] == md5($seccode)) {
return 1;
} else {
return 0;
}
}else{
$url = "https://www.geetest.com/demo/gt/validate-slide";
$post = "geetest_challenge=".$challenge."&geetest_validate=".$validate."&geetest_seccode=".$seccode;
$data = get_curl($url,$post,'https://www.geetest.com/demo/slide-popup.html');
$arr = json_decode($data, true);
if($arr['status'] == 'success')return 1;
else return 0;
}
}
/**
* 宕机模式获取验证结果
*
* @param $challenge
* @param $validate
* @param $seccode
* @return int
*/
public function fail_validate($challenge, $validate, $seccode) {
if(md5($challenge) == $validate){
return 1;
}else{
return 0;
}
}
/**
* @param $challenge
* @param $validate
* @return bool
*/
private function check_validate($challenge, $validate) {
if (strlen($validate) != 32) {
return false;
}
if (md5($this->private_key . 'geetest' . $challenge) != $validate) {
return false;
}
return true;
}
/**
* GET 请求
*
* @param $url
* @return mixed|string
*/
private function send_request($url) {
if (function_exists('curl_exec')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, self::$connectTimeout);
curl_setopt($ch, CURLOPT_TIMEOUT, self::$socketTimeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$curl_errno = curl_errno($ch);
$data = curl_exec($ch);
curl_close($ch);
if ($curl_errno >0) {
return 0;
}else{
return $data;
}
} else {
$opts = array(
'http' => array(
'method' => "GET",
'timeout' => self::$connectTimeout + self::$socketTimeout,
)
);
$context = stream_context_create($opts);
$data = @file_get_contents($url, false, $context);
if($data){
return $data;
}else{
return 0;
}
}
}
/**
*
* @param $url
* @param array $postdata
* @return mixed|string
*/
private function post_request($url, $postdata = '') {
if (!$postdata) {
return false;
}
$data = http_build_query($postdata);
if (function_exists('curl_exec')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, self::$connectTimeout);
curl_setopt($ch, CURLOPT_TIMEOUT, self::$socketTimeout);
//不可能执行到的代码
if (!$postdata) {
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
} else {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
}
$data = curl_exec($ch);
if (curl_errno($ch)) {
$err = sprintf("curl[%s] error[%s]", $url, curl_errno($ch) . ':' . curl_error($ch));
$this->triggerError($err);
}
curl_close($ch);
} else {
if ($postdata) {
$opts = array(
'http' => array(
'method' => 'POST',
'header' => "Content-type: application/x-www-form-urlencoded\r\n" . "Content-Length: " . strlen($data) . "\r\n",
'content' => $data,
'timeout' => self::$connectTimeout + self::$socketTimeout
)
);
$context = stream_context_create($opts);
$data = file_get_contents($url, false, $context);
}
}
return $data;
}
/**
* @param $err
*/
private function triggerError($err) {
trigger_error($err);
}
}

88
includes/lib/PayUtils.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
namespace lib;
class PayUtils {
/**
* 把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串
* @param $para 需要拼接的数组
* return 拼接完成以后的字符串
*/
static public function createLinkstring($para) {
$arg = "";
foreach ($para as $key=>$val) {
$arg.=$key."=".$val."&";
}
//去掉最后一个&字符
$arg = substr($arg,0,-1);
return $arg;
}
/**
* 把数组所有元素,按照“参数=参数值”的模式用“&”字符拼接成字符串并对字符串做urlencode编码
* @param $para 需要拼接的数组
* return 拼接完成以后的字符串
*/
static public function createLinkstringUrlencode($para) {
$arg = "";
foreach ($para as $key=>$val) {
$arg.=$key."=".urlencode($val)."&";
}
//去掉最后一个&字符
$arg = substr($arg,0,-1);
return $arg;
}
/**
* 除去数组中的空值和签名参数
* @param $para 签名参数组
* return 去掉空值与签名参数后的新签名参数组
*/
static public function paraFilter($para) {
$para_filter = array();
foreach ($para as $key=>$val) {
if($key == "sign" || $key == "sign_type" || $val == "")continue;
else $para_filter[$key] = $para[$key];
}
return $para_filter;
}
/**
* 对数组排序
* @param $para 排序前的数组
* return 排序后的数组
*/
static public function argSort($para) {
ksort($para);
reset($para);
return $para;
}
/**
* 签名字符串
* @param $prestr 需要签名的字符串
* @param $key 私钥
* return 签名结果
*/
static public function md5Sign($prestr, $key) {
$prestr = $prestr . $key;
return md5($prestr);
}
/**
* 验证签名
* @param $prestr 需要签名的字符串
* @param $sign 签名结果
* @param $key 私钥
* return 签名结果
*/
static public function md5Verify($prestr, $sign, $key) {
$prestr = $prestr . $key;
$mysgin = md5($prestr);
if($mysgin == $sign) {
return true;
}
else {
return false;
}
}
}

211
includes/lib/PdoHelper.php Normal file
View File

@@ -0,0 +1,211 @@
<?php
namespace lib;
class PdoHelper
{
private $sqlPrefix = "pre_";//SQL数据表前缀识别字符
private $db;
private $fetchStyle = \PDO::FETCH_ASSOC;
private $prefix;
/**
* PdoHelper constructor.
*
* @param array $dbconfig 数据库信息
*/
function __construct($dbconfig)
{
$this->prefix = $dbconfig['dbqz'].'_';
try {
$this->db = new \PDO("mysql:host={$dbconfig['host']};dbname={$dbconfig['dbname']};port={$dbconfig['port']}",$dbconfig['user'],$dbconfig['pwd']);
} catch (Exception $e) {
exit('链接数据库失败:' . $e->getMessage());
}
$this->db->exec("set sql_mode = ''");
$this->db->exec("set names utf8");
}
/**
* 设置结果集方式
*
* @param string $_style
*/
public function setFetchStyle($_style)
{
$this->fetchStyle = $_style;
}
/**
* 替换数据表前缀
* @param $_sql
*
* @return mixed
*/
private function dealPrefix($_sql){
return str_replace($this->sqlPrefix,$this->prefix,$_sql);
}
/**
* 获取PDOStatement
* @param string $_sql
* @param array $_array
*
* @return \PDOStatement
*/
public function query($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
if (is_array($_array)) {
$stmt = $this->db->prepare($_sql);
if($stmt) $stmt->execute($_array);
} else {
$stmt = $this->db->query($_sql);
}
return $stmt;
}
/**
* 查询一条结果
*
* @param string $_sql string
* @param array $_array array
*
* @return mixed
*/
public function getRow($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
if (is_array($_array)) {
$stmt = $this->db->prepare($_sql);
if($stmt) $stmt->execute($_array);
} else {
$stmt = $this->db->query($_sql);
}
if($stmt) {
return $stmt->fetch($this->fetchStyle);
}else{
return false;
}
}
/**
* 获取所有结果
*
* @param string $_sql
* @param array $_array
*
* @return array
*/
public function getAll($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
if (is_array($_array)) {
$stmt = $this->db->prepare($_sql);
if($stmt) $stmt->execute($_array);
} else {
$stmt = $this->db->query($_sql);
}
if($stmt) {
return $stmt->fetchAll($this->fetchStyle);
}else{
return false;
}
}
/**
* 获取结果数
* @param string $_sql
* @param array $_array
*
* @return int
*/
public function getCount($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
$stmt = $this->db->prepare($_sql);
if($stmt) {
$stmt->execute($_array);
return $stmt->rowCount();
}else{
return false;
}
}
/**
* 获取一个字段值
* @param string $_sql
* @param array $_array
*
* @return int
*/
public function getColumn($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
if (is_array($_array)) {
$stmt = $this->db->prepare($_sql);
if($stmt) $stmt->execute($_array);
} else {
$stmt = $this->db->query($_sql);
}
if($stmt) {
return $stmt->fetchColumn();
}else{
return false;
}
}
/**
* 执行语句
* @param string $_sql
* @param array $_array
*
* @return int|\PDOStatement
*/
public function exec($_sql, $_array = null)
{
$_sql = $this->dealPrefix($_sql);
if (is_array($_array)) {
$stmt = $this->db->prepare($_sql);
if($stmt) {
return $stmt->execute($_array);
}else{
return false;
}
} else {
return $this->db->exec($_sql);
}
}
/**
* 返回最后插入行的ID
*
* @return int|\PDOStatement
*/
public function lastInsertId()
{
return $this->db->lastInsertId();
}
/**
* 返回错误信息
*
* @return string|\PDOStatement
*/
public function error()
{
$error = $this->db->errorInfo();
return '['.$error[1].']'.$error[2];
}
function __get($name)
{
return $this->$name;
}
function __destruct()
{
$this->db = null;
}
}

124
includes/lib/Plugin.php Normal file
View File

@@ -0,0 +1,124 @@
<?php
namespace lib;
class Plugin {
static public function getList(){
$dir = PLUGIN_ROOT;
$dirArray[] = NULL;
if (false != ($handle = opendir($dir))) {
$i = 0;
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && strpos($file, ".")===false) {
$dirArray[$i] = $file;
$i++;
}
}
closedir($handle);
}
return $dirArray;
}
static public function getConfig($name){
$filename = PLUGIN_ROOT.$name.'/config.ini';
if(file_exists($filename)){
return parse_ini_file($filename);
}else{
return false;
}
}
static public function load($s){
if(preg_match('/^(.[a-zA-Z0-9]+)\/(.[a-zA-Z0-9]+)\/(.[0-9]+)\/$/',$s, $matchs)){
$filename = PLUGIN_ROOT.$matchs[1].'/'.$matchs[2].'.php';
if(file_exists($filename)){
define("IN_PLUGIN", true);
define("PAY_ROOT", PLUGIN_ROOT.$matchs[1].'/');
define("TRADE_NO", $matchs[3]);
define("PAY_PLUGIN", $matchs[1]);
return $filename;
}else{
exit('Pay file not found');
}
}else{
exit('error');
}
}
static public function load2($plugin, $page, $trade_no){
if(preg_match('/^(.[a-zA-Z0-9]+)$/',$plugin) && preg_match('/^(.[a-zA-Z0-9]+)$/',$page) && preg_match('/^(.[0-9]+)$/',$trade_no)){
$filename = PLUGIN_ROOT.$plugin.'/'.$page.'.php';
if(file_exists($filename)){
define("IN_PLUGIN", true);
define("PAY_ROOT", PLUGIN_ROOT.$plugin.'/');
define("TRADE_NO", $trade_no);
define("PAY_PLUGIN", $plugin);
return $filename;
}else{
exit('Pay file not found');
}
}else{
exit('error');
}
}
static public function exists($name){
$filename = PLUGIN_ROOT.$name.'/config.ini';
if(file_exists($filename)){
return true;
}else{
return false;
}
}
static public function isrefund($name){
$filename = PLUGIN_ROOT.$name.'/refund.php';
if(file_exists($filename)){
return true;
}else{
return false;
}
}
static public function refund($plugin, $trade_no){
if(preg_match('/^(.[a-zA-Z0-9]+)$/',$plugin) && preg_match('/^(.[0-9]+)$/',$trade_no)){
$filename = PLUGIN_ROOT.$plugin.'/refund.php';
if(file_exists($filename)){
define("IN_REFUND", true);
define("PAY_ROOT", PLUGIN_ROOT.$plugin.'/');
define("TRADE_NO", $trade_no);
define("PAY_PLUGIN", $plugin);
return $filename;
}else{
return false;
}
}else{
return false;
}
}
static public function updateAll(){
global $DB;
$DB->exec("TRUNCATE TABLE pre_plugin");
$list = self::getList();
foreach($list as $name){
if($config = self::getConfig($name)){
if($config['name']!=$name)continue;
$DB->exec("INSERT INTO pre_plugin VALUES (:name, :showname, :author, :link, :types, :inputs, :select)", [':name'=>$config['name'], ':showname'=>$config['showname'], ':author'=>$config['author'], ':link'=>$config['link'], ':types'=>$config['types'], ':inputs'=>$config['inputs'], ':select'=>$config['select']]);
}
}
return true;
}
static public function get($name){
global $DB;
$result = $DB->getRow("SELECT * FROM pre_plugin WHERE name='$name'");
return $result;
}
static public function getAll(){
global $DB;
$result = $DB->getAll("SELECT * FROM pre_plugin");
return $result;
}
}

117
includes/lib/QC.php Normal file
View File

@@ -0,0 +1,117 @@
<?php
namespace lib;
/* PHP SDK
* @version 2.0.0
* @author connect@qq.com
* @copyright © 2013, Tencent Corporation. All rights reserved.
*/
/*
* @brief QC类api外部对象调用接口全部依赖于此对象
* */
class QC{
const VERSION = "2.0";
const GET_AUTH_CODE_URL = "https://graph.qq.com/oauth2.0/authorize";
const GET_ACCESS_TOKEN_URL = "https://graph.qq.com/oauth2.0/token";
const GET_OPENID_URL = "https://graph.qq.com/oauth2.0/me";
function __construct($QC_config){
$this->appid = $QC_config["appid"];
$this->appkey = $QC_config["appkey"];
$this->callback = $QC_config['callback'];
}
public function qq_login(){
$state = md5(uniqid(rand(), TRUE));
$_SESSION['Oauth_state'] = $state;
//-------构造请求参数列表
$keysArr = array(
"response_type" => "code",
"client_id" => $this->appid,
"redirect_uri" => $this->callback,
"state" => $state
);
$login_url = self::GET_AUTH_CODE_URL.'?'.http_build_query($keysArr);
header("Location:$login_url");
}
public function qq_callback(){
if($_GET['state'] != $_SESSION['Oauth_state']){
sysmsg("<h2>The state does not match. You may be a victim of CSRF.</h2>");
}
//-------请求参数列表
$keysArr = array(
"grant_type" => "authorization_code",
"client_id" => $this->appid,
"redirect_uri" => $this->callback,
"client_secret" => $this->appkey,
"code" => $_GET['code']
);
//------构造请求access_token的url
$token_url = self::GET_ACCESS_TOKEN_URL.'?'.http_build_query($keysArr);
$response = $this->get_curl($token_url);
if(strpos($response, "callback") !== false){
$lpos = strpos($response, "(");
$rpos = strrpos($response, ")");
$response = substr($response, $lpos + 1, $rpos - $lpos -1);
$msg = json_decode($response);
if(isset($msg->error)){
sysmsg('<h3>error:</h3>'.$msg->error.'<h3>msg :</h3>'.$msg->error_description);
}
}
$params = array();
parse_str($response, $params);
return $params["access_token"];
}
public function get_openid($access_token){
//-------请求参数列表
$keysArr = array(
"access_token" => $access_token
);
$graph_url = self::GET_OPENID_URL.'?'.http_build_query($keysArr);
$response = $this->get_curl($graph_url);
//--------检测错误是否发生
if(strpos($response, "callback") !== false){
$lpos = strpos($response, "(");
$rpos = strrpos($response, ")");
$response = substr($response, $lpos + 1, $rpos - $lpos -1);
}
$user = json_decode($response);
if(isset($user->error)){
sysmsg('<h3>error:</h3>'.$msg->error.'<h3>msg :</h3>'.$msg->error_description);
}
//------记录openid
return $user->openid;
}
public function get_curl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (Linux; U; Android 4.4.1; zh-cn) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.5 Mobile Safari/533.1');
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}
}

49
includes/lib/Template.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
namespace lib;
class Template {
static public function getList(){
$dir = TEMPLATE_ROOT;
$dirArray[] = NULL;
if (false != ($handle = opendir($dir))) {
$i = 0;
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && strpos($file, ".")===false) {
$dirArray[$i] = $file;
$i++;
}
}
closedir($handle);
}
return $dirArray;
}
static public function load($name = 'index'){
global $conf;
$template = $conf['template']?$conf['template']:'default';
if(!preg_match('/^[a-zA-Z0-9]+$/',$name))exit('error');
$filename = TEMPLATE_ROOT.$template.'/'.$name.'.php';
$filename_default = TEMPLATE_ROOT.'default/'.$name.'.php';
if(file_exists($filename)){
define("INDEX_ROOT",TEMPLATE_ROOT.$template.'/');
define("STATIC_ROOT",'/template/'.$template.'/assets/');
return $filename;
}elseif(file_exists($filename_default)){
define("INDEX_ROOT",TEMPLATE_ROOT.'default/');
define("STATIC_ROOT",'/template/default/assets/');
return $filename_default;
}else{
exit('Template file not found');
}
}
static public function exists($template){
$filename = TEMPLATE_ROOT.$template.'/index.php';
if(file_exists($filename)){
return true;
}else{
return false;
}
}
}

171
includes/lib/hieroglyphy.php Normal file
View File

@@ -0,0 +1,171 @@
<?php
namespace lib;
class hieroglyphy{
private $characters;
private $numbers;
private $unescape;
private $functionConstructor;
public function __construct(){
$this->precharacters();
}
private function precharacters(){
$this->numbers = array(
"+[]",
"+!![]",
"!+[]+!![]",
"!+[]+!![]+!![]",
"!+[]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]"
);
$this->characters = array(
"0" => "(" . $this->numbers[0] . "+[])",
"1" => "(" . $this->numbers[1] . "+[])",
"2" => "(" . $this->numbers[2] . "+[])",
"3" => "(" . $this->numbers[3] . "+[])",
"4" => "(" . $this->numbers[4] . "+[])",
"5" => "(" . $this->numbers[5] . "+[])",
"6" => "(" . $this->numbers[6] . "+[])",
"7" => "(" . $this->numbers[7] . "+[])",
"8" => "(" . $this->numbers[8] . "+[])",
"9" => "(" . $this->numbers[9] . "+[])"
);
$_object_Object = "[]+{}";
$_NaN = "+{}+[]";
$_true = "!![]+[]";
$_false = "![]+[]";
$_undefined = "[][[]]+[]";
$this->characters[" "] = "(" . $_object_Object . ")[" . $this->numbers[7] . "]";
$this->characters["["] = "(" . $_object_Object . ")[" . $this->numbers[0] . "]";
$this->characters["]"] = "(" . $_object_Object . ")[" . $this->characters[1] . "+" . $this->characters[4] . "]";
$this->characters["a"] = "(" . $_NaN . ")[" . $this->numbers[1] . "]";
$this->characters["b"] = "(" . $_object_Object . ")[" . $this->numbers[2] . "]";
$this->characters["c"] = "(" . $_object_Object . ")[" . $this->numbers[5] . "]";
$this->characters["d"] = "(" . $_undefined . ")[" . $this->numbers[2] . "]";
$this->characters["e"] = "(" . $_undefined . ")[" . $this->numbers[3] . "]";
$this->characters["f"] = "(" . $_false . ")[" . $this->numbers[0] . "]";
$this->characters["i"] = "(" . $_undefined . ")[" . $this->numbers[5] . "]";
$this->characters["j"] = "(" . $_object_Object . ")[" . $this->numbers[3] . "]";
$this->characters["l"] = "(" . $_false . ")[" . $this->numbers[2] . "]";
$this->characters["n"] = "(" . $_undefined . ")[" . $this->numbers[1] . "]";
$this->characters["o"] = "(" . $_object_Object . ")[" . $this->numbers[1] . "]";
$this->characters["r"] = "(" . $_true . ")[" . $this->numbers[1] . "]";
$this->characters["s"] = "(" . $_false . ")[" . $this->numbers[3] . "]";
$this->characters["t"] = "(" . $_true . ")[" . $this->numbers[0] . "]";
$this->characters["u"] = "(" . $_undefined . ")[" . $this->numbers[0] ."]";
$this->characters["N"] = "(" . $_NaN . ")[" . $this->numbers[0] . "]";
$this->characters["O"] = "(" . $_object_Object . ")[" . $this->numbers[8] . "]";
$_Infinity = "+(" . $this->numbers[1] . "+" . $this->characters["e"] . "+" . $this->characters[1] . "+" . $this->characters[0] . "+" . $this->characters[0] . "+" . $this->characters[0] . ")+[]";
$this->characters["y"] = "(" . $_Infinity . ")[" . $this->numbers[7] . "]";
$this->characters["I"] = "(" . $_Infinity . ")[" . $this->numbers[0] . "]";
$_1e100 = "+(" . $this->numbers[1] . "+" . $this->characters["e"] . "+" . $this->characters[1] . "+" . $this->characters[0] . "+" . $this->characters[0] . ")+[]";
$this->characters["+"] = "(" . $_1e100 . ")[" . $this->numbers[2] . "]";
$this->functionConstructor = "[][" . $this->hieroglyphyString("sort") . "][" . $this->hieroglyphyString("constructor") . "]";
//Below $this->characters need target http(s) pages
$locationString = "[]+" . $this->hieroglyphyScript("return location");
$this->characters["h"] = "(" . $locationString . ")" . "[" . $this->numbers[0] . "]";
$this->characters["p"] = "(" . $locationString . ")" . "[" . $this->numbers[3] . "]";
$this->characters["/"] = "(" . $locationString . ")" . "[" . $this->numbers[6] . "]";
$this->unescape = $this->hieroglyphyScript("return unescape");
$escape = $this->hieroglyphyScript("return escape");
$this->characters["%"] = $escape . "(" . $this->hieroglyphyString("[") . ")[" . $this->numbers[0] . "]";
}
private function getHexaString ($number, $digits) {
$string = bin2hex($number);
while (strlen($string) < $digits) {
$string = "0" . $string;
}
return $string;
}
private function getUnescapeSequence ($charCode) {
return $this->unescape . "(" .
$this->hieroglyphyString("%" . $this->getHexaString($charCode, 2)) . ")";
}
private function getHexaSequence ($charCode) {
return $this->hieroglyphyString("\\x" . $this->getHexaString($charCode, 2));
}
private function getUnicodeSequence ($charCode) {
return $this->hieroglyphyString("\\u" . $this->getHexaString($charCode, 4));
}
private function hieroglyphyCharacter ($char) {
$charCode = ord($char);
if (isset($this->characters[$char])) {
return $this->characters[$char];
}
if (($char == "\\") || ($char == "x")) {
//These chars must be handled appart becuase the others need them
$this->characters[$char] = $this->getUnescapeSequence($charCode);
return $this->characters[$char];
}
$shortestSequence = $this->getUnicodeSequence($charCode);
//ASCII $characters can be obtained with hexa and unscape sequences
if ($charCode < 128) {
$unescapeSequence = $this->getUnescapeSequence($charCode);
if (strlen($shortestSequence) > strlen($unescapeSequence)) {
$shortestSequence = $unescapeSequence;
}
$hexaSequence = $this->getHexaSequence($charCode);
if (strlen($shortestSequence) > strlen($hexaSequence)) {
$shortestSequence = $hexaSequence;
}
}
$this->characters[$char] = $shortestSequence;
return $shortestSequence;
}
public function hieroglyphyString ($str) {
$hieroglyphiedStr = "";
for ($i = 0; $i < strlen($str); $i++) {
$hieroglyphiedStr .= ($i > 0) ? "+" : "";
$hieroglyphiedStr .= $this->hieroglyphyCharacter($str[$i]);
}
return $hieroglyphiedStr;
}
public function hieroglyphyNumber ($n) {
$n = +$n;
if ($n <= 9) {
return $this->numbers[$n];
}
return "+(" . $this->hieroglyphyString(ord($n[10])) . ")";
}
public function hieroglyphyScript ($src) {
return $this->functionConstructor . "(" . $this->hieroglyphyString($src) . ")()";
}
}

69
includes/lib/mail/Aliyun.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace lib\mail;
class Aliyun {
private $AccessKeyId;
private $AccessKeySecret;
function __construct($AccessKeyId, $AccessKeySecret){
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
}
private function aliyunSignature($parameters, $accessKeySecret, $method)
{
ksort($parameters);
$canonicalizedQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalizedQueryString .= '&' . $this->percentEncode($key). '=' . $this->percentEncode($value);
}
$stringToSign = $method . '&%2F&' . $this->percentencode(substr($canonicalizedQueryString, 1));
$signature = base64_encode(hash_hmac("sha1", $stringToSign, $accessKeySecret."&", true));
return $signature;
}
private function percentEncode($str)
{
$res = urlencode($str);
$res = preg_replace('/\+/', '%20', $res);
$res = preg_replace('/\*/', '%2A', $res);
$res = preg_replace('/%7E/', '~', $res);
return $res;
}
public function send($to, $sub, $msg, $from, $from_name){
if(empty($this->AccessKeyId)||empty($this->AccessKeySecret))return false;
$url='https://dm.aliyuncs.com/';
$data=array(
'Action' => 'SingleSendMail',
'AccountName' => $from,
'ReplyToAddress' => 'false',
'AddressType' => 1,
'ToAddress' => $to,
'FromAlias' => $from_name,
'Subject' => $sub,
'HtmlBody' => $msg,
'Format' => 'JSON',
'Version' => '2015-11-23',
'AccessKeyId' => $this->AccessKeyId,
'SignatureMethod' => 'HMAC-SHA1',
'Timestamp' => gmdate('Y-m-d\TH:i:s\Z'),
'SignatureVersion' => '1.0',
'SignatureNonce' => random(8));
$data['Signature'] = $this->aliyunSignature($data, $this->AccessKeySecret, 'POST');
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$json=curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr=json_decode($json,true);
if($httpCode==200){
return true;
}else{
return $arr['Message'];
}
}
}

236
includes/lib/mail/SMTP.php Normal file
View File

@@ -0,0 +1,236 @@
<?php
/* SMTP Class
* Example:
* $x = new SMTP('smtp.qq.com',25,true,'kenvix@qq.com','*************');
* $x->send('God.Kenvix <kenvix@vip.qq.com>','God.Kenvix <kenvix@qq.com>','f','fff');
*/
namespace lib\mail;
class SMTP {
public $smtp_port;
public $time_out;
public $host_name;
public $log_file;
public $part_boundary = '--PART-BOUNDARY-ID-WRG11-Y4RD1-5AS1D-RE4D1-AF1EG---';
public $relay_host;
public $debug;
public $auth;
public $user;
public $pass;
public $sock;
public $log;
public $error;
public $att = array(); //附件内容
public $ssl = false;
public function __construct($relay_host = '', $smtp_port = 25, $auth = false, $user, $pass , $ssl = false) {
$this ->debug = false;
$this ->smtp_port = $smtp_port;
if ($ssl == true) {
$this->ssl = true;
$relay_host = 'ssl://' . $relay_host;
}
$this ->relay_host = $relay_host;
$this ->time_out = 30;
$this ->auth = $auth;
$this ->user = $user;
$this ->pass = $pass;
$this ->host_name = "localhost";
$this ->log_file = "";
}
/**
* 添加一个附件
* @param string $name 文件名
* @param string $value 文件内容
*/
public function addatt($name , $value = '') {
$this->att[$name] = $value;
}
public function send($to, $from, $subject = "", $body = "", $fromname = "彩虹云任务", $reply = '', $cc = "", $bcc = "", $additional_headers = "") {
if (empty($reply)) {
$reply = $from;
}
$header = "";
$mail_from = $this ->get_address($this ->strip_comment($from));
$from = "=?UTF-8?B?".base64_encode($fromname)."?= " . "<$from>";
$body = mb_ereg_replace("(^|(\r\n))(\\.)", "\\1.\\3", $body);
$header .= "MIME-Version:1.0\r\n";
$header .= 'Content-Type: multipart/mixed; boundary="'.$this->part_boundary.'"' . "\r\n";
$header .= "To: " . $to . "\r\n";
if ($cc!="") $header .= "Cc: " . $cc . "\r\n";
$header .= "From: " . $from . "\r\n";
$header .= "Subject: " . $subject . "\r\n";
$header .= $additional_headers;
$header .= "Date: " . date("r") . "\r\n";
$header .= 'Reply-To: ' . $reply . "\r\n";
$header .= "Content-Transfer-Encoding: base64\r\n";
list($msec, $sec) = explode(" ", microtime());
$header .= "Message-ID: <" . date("YmdHis", $sec) . "." . ($msec*1000000) . "." . $mail_from . ">\r\n";
$TO = explode(",", $this ->strip_comment($to));
if ($cc!="") $TO = array_merge($TO, explode(",", $this ->strip_comment($cc)));
if ($bcc!="") $TO = array_merge($TO, explode(",", $this ->strip_comment($bcc)));
$sent = true;
foreach ($TO as $rcpt_to) {
$rcpt_to = $this ->get_address($rcpt_to);
if (!$this ->smtp_sockopen($rcpt_to)) {
$this ->log_write("Error: Cannot send email to [ " . $rcpt_to . " ] (Step 1)<br/>" . $this->error);
$sent = false;
continue;
}
if ($this ->smtp_send($this ->host_name, $mail_from, $rcpt_to, $header, $body)) {
$this ->log_write("邮件已成功发送到 [" . $rcpt_to . "]\n");
} else {
$this ->log_write("Error: Cannot send email to [ " . $rcpt_to . " ] (Step 2)<br/>" . $this->error);
$sent = false;
}
fclose($this ->sock);
}
return $sent;
}
private function smtp_send($helo, $from, $to, $header, $body = "") {
if (!$this ->smtp_putcmd("HELO", $helo)) return $this ->smtp_error("sending HELO command");
if ($this ->auth) {
if (!$this ->smtp_putcmd("AUTH LOGIN", base64_encode($this ->user))) return $this ->smtp_error("sending HELO command");
if (!$this ->smtp_putcmd("", base64_encode($this ->pass))) return $this ->smtp_error("sending HELO command");
}
if (!$this ->smtp_putcmd("MAIL", "FROM:<" . $from . ">")) return $this ->smtp_error("sending MAIL FROM command");
if (!$this ->smtp_putcmd("RCPT", "TO:<" . $to . ">")) return $this ->smtp_error("sending RCPT TO command");
if (!$this ->smtp_putcmd("DATA")) return $this ->smtp_error("sending DATA command");
if (!$this ->smtp_message($header)) return $this ->smtp_error("sending head message");
if (!$this ->smtp_sendbody($body)) return $this ->smtp_error("sending body message");
if (!$this ->smtp_sendatt()) return $this ->smtp_error("sending attachments message");
if (!$this ->smtp_sendend()) return $this ->smtp_error("sending end message");
if (!$this ->smtp_eom()) return $this ->smtp_error("sending <CR><LF>.<CR><LF> [EOM]");
if (!$this ->smtp_putcmd("QUIT")) return $this ->smtp_error("sending QUIT command");
return true;
}
private function smtp_sockopen($address) {
if ($this ->relay_host=="") return $this ->smtp_sockopen_mx($address); else return $this ->smtp_sockopen_relay();
}
private function smtp_sockopen_relay() {
$this ->log_write("Trying to " . $this ->relay_host . ":" . $this ->smtp_port . "\n");
$this ->sock = @fsockopen($this ->relay_host, $this ->smtp_port, $errno, $errstr, $this ->time_out);
if (!($this ->sock && $this ->smtp_ok())) {
$this ->log_write("Error: Cannot connenct to relay host " . $this ->relay_host . "\n");
$this ->log_write("Error: " . $errstr . " (" . $errno . ")\n");
return false;
}
$this ->log_write("Connected to relay host " . $this ->relay_host . "\n");
return true;;
}
private function smtp_sockopen_mx($address) {
$domain = ereg_replace("^.+@([^@]+)$", "\\1", $address);
if (!@getmxrr($domain, $MXHOSTS)) {
$this ->log_write("Error: Cannot resolve MX \"" . $domain . "\"\n");
return false;
}
foreach ($MXHOSTS as $host) {
$this ->log_write("Trying to " . $host . ":" . $this ->smtp_port . "\n");
$this ->sock = @fsockopen($host, $this ->smtp_port, $errno, $errstr, $this ->time_out);
if (!($this ->sock && $this ->smtp_ok())) {
$this ->log_write("Warning: Cannot connect to mx host " . $host . "\n");
$this ->log_write("Error: " . $errstr . " (" . $errno . ")\n");
continue;
}
$this ->log_write("Connected to mx host " . $host . "\n");
return true;
}
$this ->log_write("Error: Cannot connect to any mx hosts (" . implode(", ", $MXHOSTS) . ")\n");
return false;
}
private function smtp_message($header) {
fputs($this ->sock, $header . "\r\n");
$this ->smtp_debug("> " . str_replace("\r\n", "\n" . "> ", $header . "\n>"));
return true;
}
private function smtp_sendbody($body) {
$head = "\r\n\r\n" . '--' . $this->part_boundary;
$head .= "\r\n" . 'Content-Type: text/html; charset="utf-8"';
$head .= "\r\n" . 'Content-Transfer-Encoding: base64';
$head .= "\r\n\r\n" . base64_encode($body);
return fputs($this ->sock, $head . "\r\n");
}
private function smtp_sendatt() {
$head = '';
foreach ($this->att as $n => $v) {
$head .= "\r\n\r\n" . '--' . $this->part_boundary;
$head .= "\r\n" . 'Content-Type: ' . get_mime(get_extname($n)) . '; charset="utf-8"; name="'.$n.'"';
$head .= "\r\n" . 'Content-Disposition: attachment; filename="'.$n.'"';
$head .= "\r\n" . 'Content-Transfer-Encoding: base64';
$head .= "\r\n\r\n" . base64_encode($v);
}
return fputs($this ->sock, $head . "\r\n");
}
private function smtp_sendend() {
return fputs($this ->sock, "\r\n\r\n" . '--' . $this->part_boundary . '--');
}
private function smtp_eom() {
fputs($this ->sock, "\r\n.\r\n");
$this ->smtp_debug(". [EOM]\n");
return $this ->smtp_ok();
}
private function smtp_ok() {
$response = str_replace("\r\n", "", fgets($this ->sock, 512));
$this ->smtp_debug($response . "\n");
if (!mb_ereg("^[23]", $response)) {
fputs($this ->sock, "QUIT\r\n");
fgets($this ->sock, 512);
$this ->log_write("Error: Remote host returned \"" . $response . "\"\n");
return false;
}
return true;
}
private function smtp_putcmd($cmd, $arg = "") {
if ($arg!="") {
if ($cmd=="") $cmd = $arg; else
$cmd = $cmd . " " . $arg;
}
fputs($this ->sock, $cmd . "\r\n");
$this ->smtp_debug("> " . $cmd . "\n");
return $this ->smtp_ok();
}
private function smtp_error($string) {
$this ->error .= "<br/>Error: Error occurred while " . $string . ".<br/>";
return false;
}
private function log_write($message) {
$this->log .= '<br/>'.$message.'<br/>';
return true;
}
private function strip_comment($address) {
$comment = "\\([^()]*\\)";
while (mb_ereg($comment, $address)) {
$address = mb_ereg_replace($comment, "", $address);
}
return $address;
}
private function get_address($address) {
$address = mb_ereg_replace("([ \t\r\n])+", "", $address);
$address = mb_ereg_replace("^.*<(.+)>.*$", "\\1", $address);
return $address;
}
public function smtp_debug($message) {
if ($this ->debug) {
return $message . "<br>";
}
}
}

37
includes/lib/mail/Sendcloud.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
namespace lib\mail;
class Sendcloud {
private $apiUser;
private $apiKey;
function __construct($apiUser, $apiKey){
$this->apiUser = $apiUser;
$this->apiKey = $apiKey;
}
public function send($to, $sub, $msg, $from, $from_name){
if(empty($this->apiUser)||empty($this->apiKey))return false;
$url='http://api.sendcloud.net/apiv2/mail/send';
$data=array(
'apiUser' => $this->apiUser,
'apiKey' => $this->apiKey,
'from' => $from,
'fromName' => $from_name,
'to' => $to,
'subject' => $sub,
'html' => $msg);
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$json=curl_exec($ch);
curl_close($ch);
$arr=json_decode($json,true);
if($arr['statusCode']==200){
return true;
}else{
return implode("\n",$arr['message']);
}
}
}

64
includes/lib/sms/Aliyun.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
namespace lib\sms;
class Aliyun {
private $AccessKeyId;
private $AccessKeySecret;
function __construct($AccessKeyId, $AccessKeySecret){
$this->AccessKeyId = $AccessKeyId;
$this->AccessKeySecret = $AccessKeySecret;
}
private function aliyunSignature($parameters, $accessKeySecret, $method)
{
ksort($parameters);
$canonicalizedQueryString = '';
foreach ($parameters as $key => $value) {
$canonicalizedQueryString .= '&' . $this->percentEncode($key). '=' . $this->percentEncode($value);
}
$stringToSign = $method . '&%2F&' . $this->percentencode(substr($canonicalizedQueryString, 1));
$signature = base64_encode(hash_hmac("sha1", $stringToSign, $accessKeySecret."&", true));
return $signature;
}
private function percentEncode($str)
{
$res = urlencode($str);
$res = preg_replace('/\+/', '%20', $res);
$res = preg_replace('/\*/', '%2A', $res);
$res = preg_replace('/%7E/', '~', $res);
return $res;
}
public function send($phone, $code, $moban, $sign, $sitename){
if(empty($this->AccessKeyId)||empty($this->AccessKeySecret))return false;
$url='https://dysmsapi.aliyuncs.com/';
$TemplateParam = json_encode(['code'=>$code]);
$data=array(
'Action' => 'SendSms',
'PhoneNumbers' => $phone,
'SignName' => $sign,
'TemplateCode' => $moban,
'TemplateParam' => $TemplateParam,
'Format' => 'JSON',
'RegionId' => 'cn-hangzhou',
'Version' => '2017-05-25',
'AccessKeyId' => $this->AccessKeyId,
'SignatureMethod' => 'HMAC-SHA1',
'Timestamp' => gmdate('Y-m-d\TH:i:s\Z'),
'SignatureVersion' => '1.0',
'SignatureNonce' => random(8));
$data['Signature'] = $this->aliyunSignature($data, $this->AccessKeySecret, 'POST');
$ch=curl_init($url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$json=curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
$arr=json_decode($json,true);
return $arr;
}
}

104
includes/lib/sms/TencentSms.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
/**
* 单发短信类
*
*/
namespace lib\sms;
class TencentSms
{
private $url;
private $appid;
private $appkey;
private $util;
/**
* 构造函数
*
* @param string $appid sdkappid
* @param string $appkey sdkappid对应的appkey
*/
public function __construct($appid, $appkey)
{
$this->url = "https://yun.tim.qq.com/v5/tlssmssvr/sendsms";
$this->appid = $appid;
$this->appkey = $appkey;
$this->util = new TencentSmsUtil();
}
/**
* 普通单发
*
* 普通单发需明确指定内容,如果有多个签名,请在内容中以【】的方式添加到信息内容中,否则系统将使用默认签名。
*
* @param int $type 短信类型0 为普通短信1 营销短信
* @param string $nationCode 国家码,如 86 为中国
* @param string $phoneNumber 不带国家码的手机号
* @param string $msg 信息内容,必须与申请的模板格式一致,否则将返回错误
* @param string $extend 扩展码,可填空串
* @param string $ext 服务端原样返回的参数,可填空串
* @return string 应答json字符串详细内容参见腾讯云协议文档
*/
public function send($type, $nationCode, $phoneNumber, $msg, $extend = "", $ext = "")
{
$random = $this->util->getRandom();
$curTime = time();
$wholeUrl = $this->url . "?sdkappid=" . $this->appid . "&random=" . $random;
// 按照协议组织 post 包体
$data = new stdClass();
$tel = new stdClass();
$tel->nationcode = "".$nationCode;
$tel->mobile = "".$phoneNumber;
$data->tel = $tel;
$data->type = (int)$type;
$data->msg = $msg;
$data->sig = hash("sha256",
"appkey=".$this->appkey."&random=".$random."&time="
.$curTime."&mobile=".$phoneNumber, FALSE);
$data->time = $curTime;
$data->extend = $extend;
$data->ext = $ext;
return $this->util->sendCurlPost($wholeUrl, $data);
}
/**
* 指定模板单发
*
* @param string $nationCode 国家码,如 86 为中国
* @param string $phoneNumber 不带国家码的手机号
* @param int $templId 模板 id
* @param array $params 模板参数列表,如模板 {1}...{2}...{3},那么需要带三个参数
* @param string $sign 签名,如果填空串,系统会使用默认签名
* @param string $extend 扩展码,可填空串
* @param string $ext 服务端原样返回的参数,可填空串
* @return string 应答json字符串详细内容参见腾讯云协议文档
*/
public function sendWithParam($nationCode, $phoneNumber, $templId = 0, $params,
$sign = "", $extend = "", $ext = "")
{
$random = $this->util->getRandom();
$curTime = time();
$wholeUrl = $this->url . "?sdkappid=" . $this->appid . "&random=" . $random;
// 按照协议组织 post 包体
$data = new stdClass();
$tel = new stdClass();
$tel->nationcode = "".$nationCode;
$tel->mobile = "".$phoneNumber;
$data->tel = $tel;
$data->sig = $this->util->calculateSigForTempl($this->appkey, $random,
$curTime, $phoneNumber);
$data->tpl_id = $templId;
$data->params = $params;
$data->sign = $sign;
$data->time = $curTime;
$data->extend = $extend;
$data->ext = $ext;
return $this->util->sendCurlPost($wholeUrl, $data);
}
}

206
includes/lib/sms/TencentSmsUtil.php Normal file
View File

@@ -0,0 +1,206 @@
<?php
/**
* 发送Util类
*
*/
namespace lib\sms;
class SmsSenderUtil
{
/**
* 生成随机数
*
* @return int 随机数结果
*/
public function getRandom()
{
return rand(100000, 999999);
}
/**
* 生成签名
*
* @param string $appkey sdkappid对应的appkey
* @param string $random 随机正整数
* @param string $curTime 当前时间
* @param array $phoneNumbers 手机号码
* @return string 签名结果
*/
public function calculateSig($appkey, $random, $curTime, $phoneNumbers)
{
$phoneNumbersString = $phoneNumbers[0];
for ($i = 1; $i < count($phoneNumbers); $i++) {
$phoneNumbersString .= ("," . $phoneNumbers[$i]);
}
return hash("sha256", "appkey=".$appkey."&random=".$random
."&time=".$curTime."&mobile=".$phoneNumbersString);
}
/**
* 生成签名
*
* @param string $appkey sdkappid对应的appkey
* @param string $random 随机正整数
* @param string $curTime 当前时间
* @param array $phoneNumbers 手机号码
* @return string 签名结果
*/
public function calculateSigForTemplAndPhoneNumbers($appkey, $random,
$curTime, $phoneNumbers)
{
$phoneNumbersString = $phoneNumbers[0];
for ($i = 1; $i < count($phoneNumbers); $i++) {
$phoneNumbersString .= ("," . $phoneNumbers[$i]);
}
return hash("sha256", "appkey=".$appkey."&random=".$random
."&time=".$curTime."&mobile=".$phoneNumbersString);
}
public function phoneNumbersToArray($nationCode, $phoneNumbers)
{
$i = 0;
$tel = array();
do {
$telElement = new stdClass();
$telElement->nationcode = $nationCode;
$telElement->mobile = $phoneNumbers[$i];
array_push($tel, $telElement);
} while (++$i < count($phoneNumbers));
return $tel;
}
/**
* 生成签名
*
* @param string $appkey sdkappid对应的appkey
* @param string $random 随机正整数
* @param string $curTime 当前时间
* @param array $phoneNumber 手机号码
* @return string 签名结果
*/
public function calculateSigForTempl($appkey, $random, $curTime, $phoneNumber)
{
$phoneNumbers = array($phoneNumber);
return $this->calculateSigForTemplAndPhoneNumbers($appkey, $random,
$curTime, $phoneNumbers);
}
/**
* 生成签名
*
* @param string $appkey sdkappid对应的appkey
* @param string $random 随机正整数
* @param string $curTime 当前时间
* @return string 签名结果
*/
public function calculateSigForPuller($appkey, $random, $curTime)
{
return hash("sha256", "appkey=".$appkey."&random=".$random
."&time=".$curTime);
}
/**
* 生成上传文件授权
*
* @param string $appkey sdkappid对应的appkey
* @param string $random 随机正整数
* @param string $curTime 当前时间
* @param array $fileSha1Sum 文件sha1sum
* @return string 授权结果
*/
public function calculateAuth($appkey, $random, $curTime, $fileSha1Sum)
{
return hash("sha256", "appkey=".$appkey."&random=".$random
."&time=".$curTime."&content-sha1=".$fileSha1Sum);
}
/**
* 生成sha1sum
*
* @param string $content 内容
* @return string 内容sha1散列值
*/
public function sha1sum($content)
{
return hash("sha1", $content);
}
/**
* 发送请求
*
* @param string $url 请求地址
* @param array $dataObj 请求内容
* @return string 应答json字符串
*/
public function sendCurlPost($url, $dataObj)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($dataObj));
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
$ret = curl_exec($curl);
if (false == $ret) {
// curl_exec failed
$result = "{ \"result\":" . -2 . ",\"errmsg\":\"" . curl_error($curl) . "\"}";
} else {
$rsp = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if (200 != $rsp) {
$result = "{ \"result\":" . -1 . ",\"errmsg\":\"". $rsp
. " " . curl_error($curl) ."\"}";
} else {
$result = $ret;
}
}
curl_close($curl);
return $result;
}
/**
* 发送请求
*
* @param string $req 请求对象
* @return string 应答json字符串
*/
public function fetch($req)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $req->url);
curl_setopt($curl, CURLOPT_HTTPHEADER, $req->headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $req->body);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
$result = curl_exec($curl);
if (false == $result) {
// curl_exec failed
$result = "{ \"result\":" . -2 . ",\"errmsg\":\"" . curl_error($curl) . "\"}";
} else {
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if (200 != $code) {
$result = "{ \"result\":" . -1 . ",\"errmsg\":\"". $code
. " " . curl_error($curl) ."\"}";
}
}
curl_close($curl);
return $result;
}
}

24
includes/member.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
$clientip=real_ip($conf['ip_type']?$conf['ip_type']:0);
if(isset($_COOKIE["admin_token"]))
{
$token=authcode(daddslashes($_COOKIE['admin_token']), 'DECODE', SYS_KEY);
list($user, $sid, $expiretime) = explode("\t", $token);
$session=md5($conf['admin_user'].$conf['admin_pwd'].$password_hash);
if($session==$sid && $expiretime>time()) {
$islogin=1;
}
}
if(isset($_COOKIE["user_token"]))
{
$token=authcode(daddslashes($_COOKIE['user_token']), 'DECODE', SYS_KEY);
list($uid, $sid, $expiretime) = explode("\t", $token);
$uid = intval($uid);
$userrow=$DB->getRow("SELECT * FROM pay_user WHERE uid='{$uid}' limit 1");
$session=md5($userrow['uid'].$userrow['key'].$password_hash);
if($session==$sid && $expiretime>time()) {
$islogin2=1;
}
}
?>

52
includes/pages/wxopen.php Normal file
View File

File diff suppressed because one or more lines are too long

43
includes/security.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
function x_real_ip(){
$ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {
foreach ($matches[0] AS $xip) {
if (!preg_match('#^(10|172\.16|192\.168)\.#', $xip)) {
$ip = $xip;
break;
}
}
} elseif (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CF_CONNECTING_IP'])) {
$ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif (isset($_SERVER['HTTP_X_REAL_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_REAL_IP'])) {
$ip = $_SERVER['HTTP_X_REAL_IP'];
}
return $ip;
}
function cc_defender(){
$iptoken = md5(x_real_ip().date('Ymd')).md5(time().rand(11111,99999));
if(!isset($_COOKIE['sec_defend']) || substr($_COOKIE['sec_defend'],0,32)!==substr($iptoken,0,32)){
if(!$_COOKIE['sec_defend_time'])$_COOKIE['sec_defend_time']=0;
$sec_defend_time=$_COOKIE['sec_defend_time']+1;
$x = new \lib\hieroglyphy();
$setCookie = $x->hieroglyphyString($iptoken);
header('Content-type:text/html;charset=utf-8');
if($sec_defend_time>=10)exit('浏览器不支持COOKIE或者不正常访问');
echo '<html><head><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="content-type" content="text/html;charset=utf-8"><title>正在加载中</title><script>function setCookie(name,value){var exp = new Date();exp.setTime(exp.getTime() + 60*60*1000);document.cookie = name + "="+ escape (value).replace(/\+/g, \'%2B\') + ";expires=" + exp.toGMTString() + ";path=/";}function getCookie(name){var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");if(arr=document.cookie.match(reg))return unescape(arr[2]);else return null;}var sec_defend_time=getCookie(\'sec_defend_time\')||0;sec_defend_time++;setCookie(\'sec_defend\','.$setCookie.');setCookie(\'sec_defend_time\',sec_defend_time);if(sec_defend_time>1)window.location.href="./index.php";else window.location.reload();</script></head><body></body></html>';
exit;
}elseif(isset($_COOKIE['sec_defend_time'])){
setcookie("sec_defend_time", "", time() - 604800, '/');
}
}
@header("Cache-Control: no-store, no-cache, must-revalidate");
@header("Pragma: no-cache");
if($is_defend==true){
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')include_once(SYSTEM_ROOT."txprotect.php");
cc_defender();
}
?>

26
includes/txprotect.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/*
反腾讯网址安全检测系统
Description:屏蔽腾讯电脑管家网址安全检测
Author:消失的彩虹海
*/
if($nosecu==true)return;
//IP屏蔽
$iptables='236000768~236001023|992312699|3419245824~3419246079|1728519168~1728520191';
$remoteiplong=bindec(decbin(ip2long(x_real_ip())));
foreach(explode('|',$iptables) as $iprows){
if($remoteiplong==$iprows)exit('欢迎使用!');
$ipbanrange=explode('~',$iprows);
if($remoteiplong>=$ipbanrange[0] && $remoteiplong<=$ipbanrange[1])
exit('欢迎使用!');
}
if(strpos($_SERVER['HTTP_REFERER'], 'urls.tr.com')!==false||strpos($_SERVER['HTTP_REFERER'], 'sc.wsd.com')!==false){
$_SESSION['txprotectblock']=true;
}
//HEADER特征屏蔽
if(!isset($_SERVER['HTTP_ACCEPT']) || preg_match("/manager/", strtolower($_SERVER['HTTP_USER_AGENT'])) || isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=='' || strpos($_SERVER['HTTP_USER_AGENT'], 'ozilla')!==false && strpos($_SERVER['HTTP_USER_AGENT'], 'Mozilla')===false || preg_match("/Windows NT 6.1/", $_SERVER['HTTP_USER_AGENT']) && $_SERVER['HTTP_ACCEPT']=='*/*' || preg_match("/Windows NT 5.1/", $_SERVER['HTTP_USER_AGENT']) && $_SERVER['HTTP_ACCEPT']=='*/*' || preg_match("/vnd.wap.wml/", $_SERVER['HTTP_ACCEPT']) && preg_match("/Windows NT 5.1/", $_SERVER['HTTP_USER_AGENT']) || strpos($_SERVER['HTTP_REFERER'], 'urls.tr.com')!==false || strpos($_SERVER['HTTP_REFERER'], 'sc.wsd.com')!==false || strpos($_SERVER['HTTP_REFERER'], '/membercomprehensive/')!==false || strpos($_SERVER['HTTP_REFERER'], '111.202.27.196')!==false || isset($_COOKIE['ASPSESSIONIDQASBQDRC']) || empty($_SERVER['HTTP_USER_AGENT']) || preg_match("/Alibaba.Security.Heimdall/", $_SERVER['HTTP_USER_AGENT']) || strpos($_SERVER['HTTP_USER_AGENT'], 'wechatdevtools/')!==false || strpos($_SERVER['HTTP_USER_AGENT'], 'libcurl/')!==false || strpos($_SERVER['HTTP_USER_AGENT'], 'python')!==false || strpos($_SERVER['HTTP_USER_AGENT'], 'Go-http-client')!==false || $_SESSION['txprotectblock']==true) {
exit('欢迎使用!');
}
if(strpos($_SERVER['HTTP_USER_AGENT'], 'Coolpad Y82-520')!==false && $_SERVER['HTTP_ACCEPT']=='*/*' || strpos($_SERVER['HTTP_USER_AGENT'], 'Mac OS X 10_12_4')!==false && $_SERVER['HTTP_ACCEPT']=='*/*' || strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone OS')!==false && strpos($_SERVER['HTTP_USER_AGENT'], 'Baiduspider/')===false && $_SERVER['HTTP_ACCEPT']=='*/*' || strpos($_SERVER['HTTP_USER_AGENT'], 'Android')!==false && strpos($_SERVER['HTTP_USER_AGENT'], 'Baiduspider/')===false && $_SERVER['HTTP_ACCEPT']=='*/*' || strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], 'en')!==false && strpos($_SERVER['HTTP_ACCEPT_LANGUAGE'], 'zh')===false || strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone')!==false && strpos($_SERVER['HTTP_USER_AGENT'], 'en-')!==false && strpos($_SERVER['HTTP_USER_AGENT'], 'zh')===false || strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone OS 9_1')!==false && $_SERVER['HTTP_CONNECTION']=='close') {
exit('您当前浏览器不支持或操作系统语言设置非中文,无法访问本站!');
}