HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /www/wwwroot/bs.kntsleep.com/system/basic/class/
Upload Files
File: /www/wwwroot//bs.kntsleep.com/system/basic/class/web.class.php
<?php
/*
 * Copyright (c) Huyin Information Technology Co., Ltd. All Rights Reserved.
 * BOSSCMS Content Management System (https://www.bosscms.net/)
 */
defined('IS_OK') or exit('Access Forbidden');

into::basic_class('origin');
into::basic_class('cache');
into::basic_class('seo');

class web extends origin
{	
	public function init()
	{
		global $G;
		if(!$G['config']['domain'] && !$G['config']['domain_mobile']){
			die('未设置访问域名');  // 如果未设置访问域名网站将无法访问
		}
		$ht = parse_url($G['path']['site']);
		$mdn = parse_url($G['config']['domain_mobile']);
		if($G['config']['domain_mobile'] && isMobile() && $ht['host']!=$mdn['host']){
			location($G['config']['domain_mobile'], 301);
		}
		$dn = $G['config']['domain']?parse_url($G['config']['domain']):$mdn;
		if(rootDomain($ht['host']) != rootDomain($dn['host'])){
			die('当前域名非后台填写站点域名');  // 判断当前访问域名是否为所填站点域名,是则可以访问
		}
		
		$this->authorize();
		
		if(arrExist($G['config'],'state_open')){
			if($G['path']['home']){
				echo url::upload(load::page('close'));
				die();
			}else{
				url::page404();
			}
		}
		$G['member'] = $this->member();
		$G['home'] = page::items_one(88888);
	}
	
	/* 获得会员信息 */
	public function member()
	{
		global $G;
		if($G['config']['member_open'] && $member=session::get('member')){
			$mbr = explode(P,$member);
			$result = page::member_one($mbr[0]);
			if($result['etime']>0 && $result['etime']<TIME){
				mysql::update(array('etime'=>0,'weight'=>setDefault($G['config']['member_grade_default'],0)),'member',"id='{$result['id']}'");
				$result = page::member_one($mbr[0]);
			}
			if($result['username']==$mbr[1] && $result['password']==$mbr[2] && $result['ltime']==$mbr[3]){
				$result['grade'] = page::grade_one($result['weight']);
				$result['ranks'] = page::ranks_one($result['points']);
				return $result;
			}
		}
		return false;
	}

	public function theme($name)
	{
		global $G;
		$html = $this->replace(load::page('html/'.$name, null, false, 'web'));
		if($G['view']){
			/* 站点编辑模式添加必要css和js * boss-cms */
			session::set("view{$G['language']['id']}", $G['path']['link']);
			$html .= html::link(load::common('css/edit.css','admin',true));
			$html .= "\n<script>\nwindow.webpost=".($G['post']['vpost_vals']?'true':'false').";";
			$html .= "\nwindow.webcss='".$G['path']['relative']."cache/css/".md5(session::get('manager')).".css';";
			$html .= "\nwindow.webitems=".json::encode(array('items'=>$G['items']['id'],'type'=>$G['items']['type'],'lang'=>$G['language']['id'],'id'=>$G['group']['id'],'relative'=>$G['path']['relative'])).";";
			$html .= "\nwindow.webcores=".setDefault(json::encode($G['webcores']),'{}').";\n</script>";
			$html .= html::script(load::common('js/edit.js','admin',true));
		}
		return $html;
	}
	
	public function replace($html)
	{
		global $G;
		/* 锚文本替换 */
		if($G['items']['type']!=11 && $anchor=mysql::select_all('*,RAND('.substr(preg_replace('/[A-Za-z]/','',md5($G['path']['link'])),0,7).') AS rand','anchor',"open='1'",'rand,id ASC')){
			preg_match("/<body[\S\s]+<\/body>/", $html, $body);
			if($body[0]){
				$G['arep'] = array();
				$old_body = $new_body = $body[0];
				$new_body = preg_replace_callback("/<a\W[^>]+?>[\S\s]+?<\/a>|<\w+[^>]+?>/",function($match){
					global $G;
					$rep = 'alink_'.count($G['arep']).'_'.P;
					$G['arep'][$rep] = $match[0];
					return $rep;
				},$new_body);
				$i=0;
				foreach($anchor as $v){
					if($i<$G['config']['anchor_show_number']){
						$replace = '<a href="'.$v['link'].'" title="'.($v['title']?$v['title']:$v['new']).'"'.($v['target']?' target="_blank"':'').($v['nofollow']?' rel="nofollow"':'').'>'.$v['new'].'</a>';
						preg_match_all('/'.preg_quote($v['old']).'/', $new_body, $match, PREG_OFFSET_CAPTURE);
						if($match[0]){
							$new_body = substr_replace($new_body, $replace, $match[0][round(substr($v['rand'],8+$i,6)/1000000*(count($match[0])-1))][1], strlen($v['old']));
							$i++;
						}
					}else{
						break;
					}
				}
				foreach($G['arep'] as $k=>$v){
					$new_body = str_replace($k, $v, $new_body);
				}
				$html = str_replace($old_body, $new_body, $html);
			}
		}
		/* 城市分站列表 */
		if($G['area_foot_insert'] && $G['config']['area_open'] && $G['config']['area_foot_open'] && $G['config']['area_foot_insert'] && preg_match('/"'.$G['items']['type'].'"/',$G['config']['area_foot_type'])){
			$html = preg_replace('#'.preg_quote($G['config']['area_foot_insert']).'#',$G['area_foot_insert'].$G['config']['area_foot_insert'],$html,1);
		}
		/* 城市分站添加独立页面内容 */
		if($G['config']['area_open'] && isset($G['area']) && $G['area']['content'] && !isset($G['group']) && preg_match('/"'.$G['items']['id'].'"/',$G['config']['area_items'])){
			$html = preg_replace('#'.preg_quote($G['config']['area_insert']).'#',"<article {$G['area']['_content']}>{$G['area']['content']}</article>{$G['config']['area_insert']}",$html,1);
		}
		/* 网页描述判断 */
		$html = seo::replace($html);
		/* 给没有图片地址的img标签添加默认图片 */
		$html = preg_replace('/(<img [^>]*?src=)("\s*"|\'\s*\'|\s)/',"\\1\"{$G['config']['image']}\"",$html);
		/* 替换图片地址相对路径 BOSS_CMS */
		$html = url::upload($html);
		/* 网页去除标签 */
		$html = preg_replace('/<!--[\W]*?-->/','',$html);
		if(!$G['view']){
			/* 编辑模式去除标签 */
			$html = preg_replace_callback('/<[a-zA-Z0-9][^>]*?\sbosscms\=([\'"]{0,1})[\s\w]*?\\1[^>]*?>/',function($match){
				return preg_replace('/\s(?:bosscms|items|groups|group|link|feedback|consult|menu|banner|content|layers|complex|area|plugin)(?:\s*=([\'"]{0,1})([\s\w]*?)\\1){0,1}/','',$match[0]);				
			},preg_replace('/\s\sthemectrl="\w+\-\w+"\s\s/','',$html));
		}
		/* 首页替换掉地址头部带 ../ 的地址 */
		if($G['path']['home'] && !$G['path']['relative']){
			$html = preg_replace('/(=["\'\s]*)\.\.\/(\w)/',"\\1\\2",$html);
		} /* 内页当相对地址带有两个以上../时,替换掉地址头部带 ../ 的地址 */
		else if(strstr($G['path']['relative'],'../../')){
			$html = preg_replace('/(=["\'\s]*)\.\.\/(\w)/',"\\1{$G['path']['relative']}\\2",$html);
		}
		/* 违禁词替换操作 */
		if($G['config']['violation_open'] && $violation=json::decode($G['config']['violation_table'])){
			foreach($violation as $v){
				$html = str_replace($v,$G['config']['violation_replace'],$html);
			}
		}
		return $html;
	}
	
	public function authorize()
	{
		global $G;
		$path = ROOT_PATH.'cache/authorize/';
		$config = load::config();
		if(preg_match('/^RJUI\d+$/i',$config['serial'])){
			$file = $path.md5(rootDomain($G['path']['host']).'template'.$config['serial']);
			if(is_file($file) && TIME-filemtime($file)<604800){
				$res = file_get_contents($file);
			}else{
				into::basic_class('curl');
				if(curl::code('https://api.bosscms.net/rest/authorize/template.php')==200){
					$res = curl::request('https://api.bosscms.net/rest/authorize/template.php?serial='.$config['serial']);
					dir::create($file, $res);
				}else{
					$res = 1;
				}
			}
			if(!$res) die('当前域名未授权商业模板'.$config['serial'].',禁止访问');
		}
		
	}
}
?>
@ Telegram