DZ的UC分析(admin.php)~~~业余~~~(首发:www.5aiwen.cn)
时间:2008-07-22
来源:互联网
DZ的UC分析~~~业余~~~如有不对的~~
多多指点~~~
(首发:www.5aiwen.cn)
admin.php
(前面一段不懂请看index的分析~~~)
更新慢点哦~~~
[ 本帖最后由 wepeng 于 2008-7-22 10:13 编辑 ]
多多指点~~~
(首发:www.5aiwen.cn)
admin.php
(前面一段不懂请看index的分析~~~)
复制PHP内容到剪贴板
<?php
/*
[UCenter] (C)2001-2008 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: index.php 12117 2008-01-11 06:25:08Z heyond $
*/
define('UC_VERSION', '1.0.0');
define('UC_RELEASE', '20080429');
error_reporting(7);
set_magic_quotes_runtime(0);
//note 开始时间
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('IN_UC', TRUE);
define('UC_ROOT', substr(__FILE__, 0, -9));
define('UC_API', strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, strpos($_SERVER['SERVER_PROTOCOL'], '/'))).'://'.$_SERVER['HTTP_HOST'].substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')));
define('UC_DATADIR', UC_ROOT.'/data/');
define('UC_DATAURL', UC_API.'/data');
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
//note 清除变量
unset($GLOBALS, $_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS);
$_GET = daddslashes($_GET, 1, TRUE);
$_POST = daddslashes($_POST, 1, TRUE);
$_COOKIE = daddslashes($_COOKIE, 1, TRUE);
$_SERVER = daddslashes($_SERVER);
$_FILES = daddslashes($_FILES);
$_REQUEST = daddslashes($_REQUEST, 1, TRUE);
require UC_DATADIR.'config.inc.php';
require UC_ROOT.'model/base.php';
require UC_ROOT.'model/admin.php';
//admin中的class adminbase extends base 说明了adminbase是继承base的类~~但又有一些改变~~~
//我们假设是登录
$m = empty($_REQUEST['m']) ? 'frame' : $_REQUEST['m'];//m=user
$a = empty($_REQUEST['a']) ? 'index' : $_REQUEST['a'];//a=login
if(in_array($m, array('admin', 'app', 'badword', 'pm', 'cache', 'db', 'domain', 'frame', 'log', 'note', 'setting', 'user', 'credit', 'seccode'))) {
include UC_ROOT."control/admin/$m.php";
/*
define('UC_USER_CHECK_USERNAME_FAILED', -1);
define('UC_USER_USERNAME_BADWORD', -2);
define('UC_USER_USERNAME_EXISTS', -3);
define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
define('UC_USER_EMAIL_EXISTS', -6);
define('UC_LOGIN_SUCCEED', 0);
define('UC_LOGIN_ERROR_FOUNDER_PW', -1);
define('UC_LOGIN_ERROR_ADMIN_PW', -2);
define('UC_LOGIN_ERROR_ADMIN_NOT_EXISTS', -3);
define('UC_LOGIN_ERROR_SECCODE', -4);
define('UC_LOGIN_ERROR_FAILEDLOGIN', -5);
class control extends adminbase //又多了一个类
*/
$control = new control();
//note 不允许访问私有方法
$method = 'on'.$a;
//function onlogin存在~~~
if(method_exists($control, $method) && $method{0} != '_') {
$control->$method();
/*
好长呀!!!!
不要怕哦
function onlogin() {
$this->load('user');
//这个涵数我的水平无法解释~~~不好意思~~~
function load($model, $base = NULL) {
$base = $base ? $base : $this;晕~~~这里我也不知道这个$this从哪里跑来了~~
望高手指点一二
if(empty($_ENV[$model])) {//$_ENV[$model]这里我不理解~~~正在努力中~~~
require_once UC_ROOT."model/$model.php";
eval('$_ENV[$model] = new '.$model.'model($base);');
}
return $_ENV[$model];
}
//下面的一段很简单~~~大部分都说过了~~
$username = getgpc('username', 'P');
$password = getgpc('password', 'P');
$seccode = strtoupper(getgpc('seccode', 'P'));//这里把字符串变大~~
$isfounder = intval(getgpc('isfounder', 'P'));//这里去整
if($this->submitcheck()) // 按钮检查~~~
//function submitcheck() {
return @getgpc('formhash', 'P') == FORMHASH ? true : false;
}
{
$failedlogin = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."failedlogins WHERE ip='$this->onlineip'");
//function fetch_first($sql) {
$query = $this->query($sql);
return $this->fetch_array($query);
}
/function fetch_array($query, $result_type = MYSQL_ASSOC) {
return mysql_fetch_array($query, $result_type);
}
if($failedlogin['count'] > 4) {
if($this->time - $failedlogin['lastupdate'] < 15 * 60) {
$errorcode = UC_LOGIN_ERROR_FAILEDLOGIN;
} else {
$expiration = $this->time - 15 * 60;
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."failedlogins WHERE lastupdate<'$expiration'");
}
} else {
include_once UC_ROOT.'lib/seccode.class.php';
list($checkseccode, $expiration) = explode("\t", $this->authcode($_COOKIE['uc_secc'], 'DECODE'));
$code = new seccode();
$code->seccodeconvert($checkseccode);
if($this->time - $expiration > 600) {
exit('Access Denied');
}
if($checkseccode != $seccode) {
$errorcode = UC_LOGIN_ERROR_SECCODE;//note 验证码错误
} else {
$errorcode = UC_LOGIN_SUCCEED;
$this->user['username'] = $username;
if($isfounder == 1) {
$this->user['username'] = 'UCenterAdministrator';
$md5password = md5(md5($password).UC_FOUNDERSALT);
if($md5password == UC_FOUNDERPW) {
$this->setcookie('uc_founderauth', @$this->authcode("|$md5password|".md5($_SERVER['HTTP_USER_AGENT'])."|1", 'ENCODE', UC_KEY));
} else {
$errorcode = UC_LOGIN_ERROR_FOUNDER_PW;//note 创始人密码错误
}
} else {
//note 查询 uc_admins 表
$admin = $this->db->fetch_first("SELECT a.uid,m.salt,m.password FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
if(!empty($admin)) {
$md5password = md5(md5($password).$admin['salt']);
if($admin['password'] == $md5password) {
$this->setcookie('uc_founderauth', @$this->authcode("$username|$md5password|".md5($_SERVER['HTTP_USER_AGENT'])."|0", 'ENCODE', UC_KEY));
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_PW;//note 管理员密码错误
}
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS;//note 该管理员不存在
}
}
//note 登陆成功
if($errorcode == 0) {
$this->setcookie('uc_secc', '', -86400 * 365);
$pwlen = strlen($password);
$this->user['admin'] = 1;
$this->writelog('login', 'succeed');
header('location: admin.php');
exit;
} else {
$this->writelog('login', 'error: user='.$this->user['username'].'; password='.($pwlen > 2 ? preg_replace("/^(.{".round($pwlen / 4)."})(.+?)(.{".round($pwlen / 6)."})$/s", "\\1***\\3", $password) : $password));
if(empty($failedlogin)) {
$expiration = $this->time - 15 * 60;
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."failedlogins WHERE lastupdate<'$expiration'");
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."failedlogins SET ip='$this->onlineip', count=1, lastupdate='$this->time'");
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE."failedlogins SET count=count+1,lastupdate='$this->time' WHERE ip='$this->onlineip'");
}
}
}
}
}
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$this->view->assign('username', $username);
$this->view->assign('password', $password);
$this->view->assign('isfounder', $isfounder);
$this->view->assign('errorcode', $errorcode);
$this->view->display('admin_login');
}
//note public 管理员退出
function onlogout() {
$this->check_priv();
$this->writelog('logout');
$this->setcookie('uc_founderauth', '');
header('location: admin.php');
}
*/
} elseif(method_exists($control, '_call')) {
$control->_call('on'.$a, '');
} else {
exit('Action not found!');
}
} else {
exit('Module not found!');
}
时间有限~~~PHP代码:
<?php
/*
[UCenter] (C)2001-2008 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: index.php 12117 2008-01-11 06:25:08Z heyond $
*/
define('UC_VERSION', '1.0.0');
define('UC_RELEASE', '20080429');
error_reporting(7);
set_magic_quotes_runtime(0);
//note 开始时间
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
define('IN_UC', TRUE);
define('UC_ROOT', substr(__FILE__, 0, -9));
define('UC_API', strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, strpos($_SERVER['SERVER_PROTOCOL'], '/'))).'://'.$_SERVER['HTTP_HOST'].substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')));
define('UC_DATADIR', UC_ROOT.'/data/');
define('UC_DATAURL', UC_API.'/data');
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
//note 清除变量
unset($GLOBALS, $_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS);
$_GET = daddslashes($_GET, 1, TRUE);
$_POST = daddslashes($_POST, 1, TRUE);
$_COOKIE = daddslashes($_COOKIE, 1, TRUE);
$_SERVER = daddslashes($_SERVER);
$_FILES = daddslashes($_FILES);
$_REQUEST = daddslashes($_REQUEST, 1, TRUE);
require UC_DATADIR.'config.inc.php';
require UC_ROOT.'model/base.php';
require UC_ROOT.'model/admin.php';
//admin中的class adminbase extends base 说明了adminbase是继承base的类~~但又有一些改变~~~
//我们假设是登录
$m = empty($_REQUEST['m']) ? 'frame' : $_REQUEST['m'];//m=user
$a = empty($_REQUEST['a']) ? 'index' : $_REQUEST['a'];//a=login
if(in_array($m, array('admin', 'app', 'badword', 'pm', 'cache', 'db', 'domain', 'frame', 'log', 'note', 'setting', 'user', 'credit', 'seccode'))) {
include UC_ROOT."control/admin/$m.php";
/*
define('UC_USER_CHECK_USERNAME_FAILED', -1);
define('UC_USER_USERNAME_BADWORD', -2);
define('UC_USER_USERNAME_EXISTS', -3);
define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
define('UC_USER_EMAIL_EXISTS', -6);
define('UC_LOGIN_SUCCEED', 0);
define('UC_LOGIN_ERROR_FOUNDER_PW', -1);
define('UC_LOGIN_ERROR_ADMIN_PW', -2);
define('UC_LOGIN_ERROR_ADMIN_NOT_EXISTS', -3);
define('UC_LOGIN_ERROR_SECCODE', -4);
define('UC_LOGIN_ERROR_FAILEDLOGIN', -5);
class control extends adminbase //又多了一个类
*/
$control = new control();
//note 不允许访问私有方法
$method = 'on'.$a;
//function onlogin存在~~~
if(method_exists($control, $method) && $method{0} != '_') {
$control->$method();
/*
好长呀!!!!
不要怕哦
function onlogin() {
$this->load('user');
//这个涵数我的水平无法解释~~~不好意思~~~
function load($model, $base = NULL) {
$base = $base ? $base : $this;晕~~~这里我也不知道这个$this从哪里跑来了~~
望高手指点一二
if(empty($_ENV[$model])) {//$_ENV[$model]这里我不理解~~~正在努力中~~~
require_once UC_ROOT."model/$model.php";
eval('$_ENV[$model] = new '.$model.'model($base);');
}
return $_ENV[$model];
}
//下面的一段很简单~~~大部分都说过了~~
$username = getgpc('username', 'P');
$password = getgpc('password', 'P');
$seccode = strtoupper(getgpc('seccode', 'P'));//这里把字符串变大~~
$isfounder = intval(getgpc('isfounder', 'P'));//这里去整
if($this->submitcheck()) // 按钮检查~~~
//function submitcheck() {
return @getgpc('formhash', 'P') == FORMHASH ? true : false;
}
{
$failedlogin = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."failedlogins WHERE ip='$this->onlineip'");
//function fetch_first($sql) {
$query = $this->query($sql);
return $this->fetch_array($query);
}
/function fetch_array($query, $result_type = MYSQL_ASSOC) {
return mysql_fetch_array($query, $result_type);
}
if($failedlogin['count'] > 4) {
if($this->time - $failedlogin['lastupdate'] < 15 * 60) {
$errorcode = UC_LOGIN_ERROR_FAILEDLOGIN;
} else {
$expiration = $this->time - 15 * 60;
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."failedlogins WHERE lastupdate<'$expiration'");
}
} else {
include_once UC_ROOT.'lib/seccode.class.php';
list($checkseccode, $expiration) = explode("\t", $this->authcode($_COOKIE['uc_secc'], 'DECODE'));
$code = new seccode();
$code->seccodeconvert($checkseccode);
if($this->time - $expiration > 600) {
exit('Access Denied');
}
if($checkseccode != $seccode) {
$errorcode = UC_LOGIN_ERROR_SECCODE;//note 验证码错误
} else {
$errorcode = UC_LOGIN_SUCCEED;
$this->user['username'] = $username;
if($isfounder == 1) {
$this->user['username'] = 'UCenterAdministrator';
$md5password = md5(md5($password).UC_FOUNDERSALT);
if($md5password == UC_FOUNDERPW) {
$this->setcookie('uc_founderauth', @$this->authcode("|$md5password|".md5($_SERVER['HTTP_USER_AGENT'])."|1", 'ENCODE', UC_KEY));
} else {
$errorcode = UC_LOGIN_ERROR_FOUNDER_PW;//note 创始人密码错误
}
} else {
//note 查询 uc_admins 表
$admin = $this->db->fetch_first("SELECT a.uid,m.salt,m.password FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
if(!empty($admin)) {
$md5password = md5(md5($password).$admin['salt']);
if($admin['password'] == $md5password) {
$this->setcookie('uc_founderauth', @$this->authcode("$username|$md5password|".md5($_SERVER['HTTP_USER_AGENT'])."|0", 'ENCODE', UC_KEY));
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_PW;//note 管理员密码错误
}
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS;//note 该管理员不存在
}
}
//note 登陆成功
if($errorcode == 0) {
$this->setcookie('uc_secc', '', -86400 * 365);
$pwlen = strlen($password);
$this->user['admin'] = 1;
$this->writelog('login', 'succeed');
header('location: admin.php');
exit;
} else {
$this->writelog('login', 'error: user='.$this->user['username'].'; password='.($pwlen > 2 ? preg_replace("/^(.{".round($pwlen / 4)."})(.+?)(.{".round($pwlen / 6)."})$/s", "\\1***\\3", $password) : $password));
if(empty($failedlogin)) {
$expiration = $this->time - 15 * 60;
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."failedlogins WHERE lastupdate<'$expiration'");
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."failedlogins SET ip='$this->onlineip', count=1, lastupdate='$this->time'");
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE."failedlogins SET count=count+1,lastupdate='$this->time' WHERE ip='$this->onlineip'");
}
}
}
}
}
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$this->view->assign('username', $username);
$this->view->assign('password', $password);
$this->view->assign('isfounder', $isfounder);
$this->view->assign('errorcode', $errorcode);
$this->view->display('admin_login');
}
//note public 管理员退出
function onlogout() {
$this->check_priv();
$this->writelog('logout');
$this->setcookie('uc_founderauth', '');
header('location: admin.php');
}
*/
} elseif(method_exists($control, '_call')) {
$control->_call('on'.$a, '');
} else {
exit('Action not found!');
}
} else {
exit('Module not found!');
}
更新慢点哦~~~
[ 本帖最后由 wepeng 于 2008-7-22 10:13 编辑 ]
作者: wepeng 发布时间: 2008-07-22
人过留名,雁过留声。
看帖回帖,占位顶贴!
看帖回帖,占位顶贴!
作者: edushitxt 发布时间: 2008-07-23
支持。再将详细点就更好了。呵呵
作者: 逆雪寒 发布时间: 2008-07-23
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
