e_key] != md5($token))) return FALSE; $useragent = _SERVER('HTTP_USER_AGENT'); if ($uid) { $user = user_read_cache($uid); if (empty($user)) return FALSE; $pwd = md5($user['password']); } else { if (empty($useragent)) return FALSE; $pwd = md5($useragent); } return well_token_decrypt($token, $uid, $pwd, $safe_key, $life); } // 生成token / salt 混淆码用于加解密 function well_token_gen($uid, $salt = '') { $token_key = md5(xn_key() . $salt); $useragent = _SERVER('HTTP_USER_AGENT'); $ua_md5 = md5($useragent); $ip = ip(); $time = time(); $token = xn_encrypt("$ip $uid $time $ua_md5", $token_key); return $token; } // 解密token 正确则返回新token 错误返回FALSE function well_token_decrypt($token, $uid, $salt = '', $safe_key = '', $life = 3600) { $ip = ip(); $time = time(); $useragent = _SERVER('HTTP_USER_AGENT'); $token_key = md5(xn_key() . $salt); $s = xn_decrypt($token, $token_key); if (empty($s)) return FALSE; $arr = explode("\t", $s); if (count($arr) != 4) return FALSE; list($_ip, $_uid, $_time, $ua_md5) = $arr; $life < 10 and $life = 1800; if ($ua_md5 != md5($useragent) || $time - $_time > $life || $uid != $_uid || $ip != $_ip) return FALSE; $new_token = well_token_gen($uid, $salt); if ($safe_key) $_SESSION[$safe_key] = $new_token; return $new_token; } // 清理token function well_token_clear($token = 0) { global $uid, $conf, $time; $key = md5($conf['auth_key'] . '_safe_token_' . $uid); setcookie($key, '', $time - 1, '/', $conf['cookie_domain'], '', TRUE); $token and setcookie(md5($token), 0, $time - 1, '/', $conf['cookie_domain'], '', TRUE); } // 格式化数字 1k function format_number($number) { $number = intval($number); if ($number < 1000) return $number; if ($number > 1000 && $number < 1000000) { // 千 $return = number_format($number / 1000, 1) . 'K+'; } elseif ($number > 1000000 && $number < 1000000000) { // 百万 $return = number_format($number / 1000000, 1) . 'M+'; } elseif ($number > 1000000000) { // 10亿 $return = number_format($number / 1000000000, 1) . 'B+'; } return $return; } //---------------表单安全过滤--------------- /* * 专门处理表单多维数组安全过滤 指定最终级一维数组key为字符串安全处理 $filter 为需要按照字符串处理的key数组 array('key1','key2') 如需按照int型处理时 $filter 数组为空或省略 $filter = array('name','message','brief'); well_param(1, array(), $filter); well_param('warm_up', array(), array('name','message','brief')); */ function well_param($key, $defval = '', $filter = array(), $htmlspecialchars = TRUE, $addslashes = FALSE) { if (!isset($_REQUEST[$key]) || (0 == $key && empty($_REQUEST[$key]))) { if (is_array($defval)) { return array(); } else { return $defval; } } $val = $_REQUEST[$key]; $val = well_param_force($val, $filter, $htmlspecialchars, $addslashes); return $val; } function well_param_force($val, $filter, $htmlspecialchars, $addslashes) { if (empty($val)) return array(); foreach ($val as $k => &$v) { if (is_array($v)) { $v = well_mulit_array_safe($v, array(), $filter, $htmlspecialchars, $addslashes); } else { $defval = well_safe_defval($k, $filter); $v = well_safe($v, $defval, $htmlspecialchars, $addslashes); } } return $val; } // 遍历多维数组安全过滤 $filter一维数组中能找到的一律按照字符处理 function well_mulit_array_safe($array, $arr, $filter, $htmlspecialchars, $addslashes) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) { well_mulit_array_safe($value, $arr[$key], $filter, $htmlspecialchars, $addslashes); } else { $defval = well_safe_defval($key, $filter); $arr[$key] = well_safe($value, $defval, $htmlspecialchars, $addslashes); } } } return $arr; } // 返回1则按照字符串处理 function well_safe_defval($key, $filter) { $defval = 0; if (is_array($filter)) { // 限定的 key值 按照字符串处理 $defval = in_array($key, $filter) ? 1 : 0; } return $defval; } // 参数安全处理 function well_safe($val, $defval, $htmlspecialchars, $addslashes) { $get_magic_quotes_gpc = _SERVER('get_magic_quotes_gpc'); // 处理字符串 if (1 == $defval) { //$val = trim($val); $addslashes and empty($get_magic_quotes_gpc) && $val = addslashes($val); empty($addslashes) and $get_magic_quotes_gpc && $val = stripslashes($val); $htmlspecialchars and $val = htmlspecialchars($val, ENT_QUOTES); } else { $val = intval($val); } return $val; } // 专门处理表单多维数组安全过滤 哪些表单限定数字 // well_mulit_array_int(array(), array('id','fid')); function well_mulit_array_int($array = array(), $filter = array()) { if (empty($array)) return; foreach ($array as $key => $value) { if (is_array($value)) { well_mulit_array_int($value, $filter); } else { if (in_array($key, $filter) && !is_numeric($value)) message(1, lang('type_error')); } } } //---------------表单安全过滤结束--------------- /* * @param $str 转换字符串 * @param string $charset 转换编码 * @param string $original 字符串原始编码 * @return string */ function code_conversion($str, $charset = 'utf-8', $original = '') { if ($original) return iconv($original, $charset . '//IGNORE', $str); $list = array('gb2312', 'big5', 'ascii', 'gbk', 'utf-16', 'ucs-2', 'utf-8'); $encoding_list = $charset == 'utf-8' ? $list : array('utf-8', 'utf-16', 'ascii', 'gb2312', 'gbk'); $encoding = mb_detect_encoding($str, $encoding_list); // 强制转换 $encoding = in_array($encoding, $list) ? $encoding : $charset; return mb_convert_encoding($str, $charset, $encoding); } // 过滤用户昵称里面的特殊字符 function filter_username($username) { $username = preg_replace_callback('/./u', "filter_emoji", $username); return $username; } // emoji过滤 function filter_emoji($match) { return strlen($match[0]) >= 4 ? '' : $match[0]; } // check plugin installation / $dir插件目录名 function check_plugin($dir, $file = NULL, $return = FALSE) { $r = pull_plugin_info($dir); if (empty($r)) return FALSE; $destpath = APP_PATH . 'plugin/' . $dir . '/'; if ($file) { $getfile = $destpath . $file; $str = file_get_contents($getfile); return $return ? htmlspecialchars($str) : $str; } else { if ($r['installed'] && $r['enable']) { return TRUE; } else { return FALSE; } } } // pull plugin info function pull_plugin_info($dir) { $destpath = APP_PATH . 'plugin/' . $dir . '/'; if (!file_exists($destpath)) return FALSE; $conffile = $destpath . 'conf.json'; $r = xn_json_decode(file_get_contents($conffile)); return $r; } // 0:pc 1:wechat 2:pad 3:mobile function get_device() { $agent = _SERVER('HTTP_USER_AGENT'); static $cache = array(); $md5 = md5($agent); if (isset($cache[$md5])) return $cache[$md5]; if (FALSE !== strpos($agent, 'MicroMessenger')) { $cache[$md5] = 1; // 微信 } elseif (strpos($agent, 'pad') || strpos($agent, 'Pad')) { $cache[$md5] = 2; // pad } elseif (isset($_SERVER['HTTP_X_WAP_PROFILE']) || (isset($_SERVER['HTTP_VIA']) && stristr($_SERVER['HTTP_VIA'], "wap") || stripos($agent, 'phone') || stripos($agent, 'mobile') || strpos($agent, 'ipod'))) { $cache[$md5] = 3; // 手机 } else { $cache[$md5] = 0; } return $cache[$md5]; } // random string, no number function rand_str($length) { $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; return substr(str_shuffle($str), 26, $length); } // html换行转换为\r\n function br_to_chars($data) { //$data = htmlspecialchars_decode($data); return str_replace("
", "\r\n", $data); } // 直接传message 也可以传数组$arr = array('message' => message, 'doctype' => 1, 'gid' => $gid) // 格式转换: 类型,0: html, 1: txt; 2: markdown; 3: ubb // 入库时进行转换,编辑时再转码 function code_safe($arr) { if (empty($arr)) return array(); // 如果没有传doctype变量 默认为 0 安全格式 $doctype = isset($arr['doctype']) ? intval($arr['doctype']) : 0; $gid = empty($arr['gid']) ? 0 : intval($arr['gid']); $message = isset($arr['message']) ? $arr['message'] : $arr; if ($message) { // 格式转换: 类型,0: html, 1: txt; 2: markdown; 3: ubb $message = htmlspecialchars($message, ENT_QUOTES); // html格式过滤不安全代码 管理员html格式时不转换 0 == $doctype && $message = group_access($gid, 'managecontent') ? $message : xn_html_safe($message); // text转html格式\r\n会被转换html代码 1 == $doctype && $message = xn_txt_to_html($message); } return $message; } // 过滤所有html标签 function filter_all_html($text) { $text = trim($text); $text = stripslashes($text); $text = strip_tags($text); $text = str_replace(array(' ', '/', "\t", "\r\n", "\r", "\n", ' ', ' ', ' ', ' '), '', $text); //$text = htmlspecialchars($text, ENT_QUOTES); // 入库前保留干净,入库时转码 输出时无需htmlspecialchars_decode() return $text; } function filter_html($text) { global $config; $filter = array_value($config, 'filter'); $arr = array_value($filter, 'content'); $html_enable = array_value($arr, 'html_enable'); $html_tag = array_value($arr, 'html_tag'); if (0 == $html_enable || empty($html_tag)) return TRUE; $html_tag = htmlspecialchars_decode($html_tag); $text = trim($text); $text = stripslashes($text); $text = strip_tags($text, "$html_tag"); // 需要保留的字符在后台设置 $text = str_replace(array("\r\n", "\r", "\n", ' ', ' ', ' ', ' '), '', $text); //$text = preg_replace('#\s+#', '', $text);//空白区域 会过滤图片等 //$text = preg_replace("#<(.*?)>#is", "", $text); // 过滤所有的style $text = preg_replace("#style=.+?['|\"]#i", '', $text); // 过滤所有的class $text = preg_replace("#class=.+?['|\"]#i", '', $text); // 获取img= 过滤标签中其他属性 $text = preg_replace('#('; search_directory($sub_path); } else { //echo ' 最底层文件: ' . $path . '/' . $val . '
'; $ext = strtolower(file_ext($sub_path)); if (in_array($ext, array('php', 'asp', 'jsp', 'cgi', 'exe', 'dll'), TRUE)) { echo '异常文件:' . $sub_path . '
'; } } } } } // 一维数组转字符串 $sign待签名字符串 $url为urlencode转码GET参数字符串 function array_to_string($arr, &$sign = '', &$url = '') { if (count($arr) != count($arr, 1)) throw new Exception('Does not support multi-dimensional array to string'); // 注销签名 unset($arr['sign']); // 排序 ksort($arr); reset($arr); // 转字符串做签名 $url = ''; $sign = ''; foreach ($arr as $key => $val) { if (empty($val) || is_array($val)) continue; $url .= $key . '=' . urlencode($val) . '&'; $sign .= $key . '=' . $val . '&'; } $url = substr($url, 0, -1); $url = htmlspecialchars($url); $sign = substr($sign, 0, -1); } // 私钥生成签名 function rsa_create_sign($data, $key, $sign_type = 'RSA') { if (!function_exists('openssl_sign')) throw new Exception('OpenSSL extension is not enabled'); if (!defined('OPENSSL_ALGO_SHA256')) throw new Exception('Only versions above PHP 5.4.8 support SHA256'); $key = wordwrap($key, 64, "\n", true); if (FALSE === $key) throw new Exception('Private Key Error'); $key = "-----BEGIN RSA PRIVATE KEY-----\n$key\n-----END RSA PRIVATE KEY-----"; if ('RSA2' == $sign_type) { openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA256); } else { openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA1); } // 加密 return base64_encode($sign); } // 公钥验证签名 function rsa_verify_sign($data, $sign, $key, $sign_type = 'RSA') { $key = wordwrap($key, 64, "\n", true); if (FALSE === $key) throw new Exception('Public Key Error'); $key = "-----BEGIN PUBLIC KEY-----\n$key\n-----END PUBLIC KEY-----"; // 签名正确返回1 签名不正确返回0 错误-1 if ('RSA2' == $sign_type) { $result = openssl_verify($data, base64_decode($sign), $key, OPENSSL_ALGO_SHA256); } else { $result = openssl_verify($data, base64_decode($sign), $key, OPENSSL_ALGO_SHA1); } return $result === 1; } // Array to xml array('appid' => 'appid', 'code' => 'success') function array_to_xml($arr) { if (!is_array($arr) || empty($arr)) throw new Exception('Array Error'); $xml = ""; foreach ($arr as $key => $val) { if (is_numeric($val)) { $xml .= "<" . $key . ">" . $val . ""; } else { $xml .= "<" . $key . ">"; } } $xml .= ""; return $xml; } // Xml to array function xml_to_array($xml) { if (!$xml) throw new Exception('XML error'); $old = libxml_disable_entity_loader(true); // xml解析 $result = (array)simplexml_load_string($xml, null, LIBXML_NOCDATA | LIBXML_COMPACT); // 恢复旧值 if (FALSE === $old) libxml_disable_entity_loader(false); return $result; } // 逐行读取 function well_import($file) { if ($handle = fopen($file, 'r')) { while (!feof($handle)) { yield trim(fgets($handle)); } fclose($handle); } } // 计算总行数 function well_import_total($file, $key = 'well_import_total') { static $cache = array(); if (isset($cache[$key])) return $cache[$key]; $count = cache_get($key); if (NULL === $count) { $count = 0; $globs = well_import($file); while ($globs->valid()) { ++$count; $globs->next(); // 指向下一个 } $count and cache_set($key, $count, 300); } return $cache[$key] = $count; } $g_dir_file = FALSE; function well_search_dir($path) { global $g_dir_file; FALSE === $g_dir_file and $g_dir_file = array(); if (is_dir($path)) { $paths = scandir($path); foreach ($paths as $val) { $sub_path = $path . '/' . $val; if ('.' == $val || '..' == $val) { continue; } else if (is_dir($sub_path)) { well_search_dir($sub_path); } else { $g_dir_file[] = $sub_path; } } } return $g_dir_file; } ?>
ParseError: syntax error, unexpected end of file, expecting '(' in /www/wwwroot/roclinux.cn/tmp/model_flag_thread.func.php:315 Stack trace: #0 /www/wwwroot/roclinux.cn/index.php(28): include() #1 {main}