SecWiki/AwvScan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source 
update
This commit is contained in:
Copy Bugscan Web Vulnerability Scaner Online System
2015-08-11 23:09:09 +08:00
parent 82796b437a
commit ba835fef0e
45 changed files with 6280 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
Dns/dns.py Normal file
View File

@@ -0,0 +1,176 @@
#!/usr/bin/python
#coding=utf-8
DEF_LOCAL_HOST = ''
DEF_REMOTE_SERVER = '114.114.114.114'
DEF_PORT = 53
DEF_CONF_FILE = 'dnsserver.conf'
DEF_TIMEOUT = 0.4
from SocketServer import *
from socket import *
import sys, os ,re, threading
from ConfigParser import ConfigParser
from multiprocessing import Pool
gl_remote_server = None
gl_conf_host = None
mutex = threading.Lock()
class LocalDNSHandler(BaseRequestHandler):
#<23><>̬<EFBFBD><CCAC>ȡhost<73><74>Ӧ<EFBFBD><D3A6>ip<69><70>ַ
def get_host(self):
global gl_conf_host
cf = ConfigParser()
cf.read(DEF_CONF_FILE)
if cf.has_section('host'):
gl_conf_host = {}
for opt in cf.options('host'):
optv = cf.get('host' , opt).strip()
opt = opt.replace('.' , r'\.')
m = re.search('[?*]', opt)
if m:
opt = opt.replace('*', r'\w+').replace('?', r'.')
gl_conf_host[opt] = optv
def setup(self):
global gl_conf_host
self.get_host()
self.hosts = gl_conf_host
def handle(self):
global mutex
data, socket = self.request
domain = self.getDomain(data)
configIp = None
#<23>Ӹ<EFBFBD><D3B8><EFBFBD>,<2C>Է<EFBFBD>ֹ<EFBFBD>ڸ<EFBFBD>hosts<74><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ,<2C><><EFBFBD><EFBFBD> RuntimeError: dictionary changed size during iteration
mutex.acquire()
if '.in-addr.arpa' == domain[-13:]:
configIp = '0.0.0.0'
elif domain in self.hosts:
configIp = self.hosts[domain]
else:
for k,v in self.hosts.iteritems():
try:
m = re.search('^' + k + '$' , domain);
if m:
configIp = v
#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>hosts<74><73>,<2C>Ա<EFBFBD><D4B1>´<EFBFBD><C2B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱֱ<CAB1><D6B1>ͨ<EFBFBD><CDA8> self.hosts[domain] <20><><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
self.hosts[domain] = v
break
except Exception as err:
configIp = None
print 'error' , err, k ,v
mutex.release()
if configIp != None:
print '[%s] --> [%s] from [%s]' % (domain, configIp, self.client_address[0])
rspdata = self.respuesta(configIp, data);
else:
rspdata = self._getResponse(domain, data)
#<23><>ȡ<EFBFBD><C8A1><EFBFBD>ݳ<EFBFBD><DDB3><EFBFBD>ʱ,<2C><><EFBFBD><EFBFBD> 0.0.0.0 <20><>IP
if rspdata == 1:
rspdata = self.respuesta('0.0.0.0', data);
socket.sendto(rspdata, self.client_address)
def _getResponse(self, domain, data):
"Send client's DNS request (data) to remote DNS server, and return its response."
remote_server = None
global gl_remote_server
if gl_remote_server != None:
#<23><>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,ʹ<>ò<EFBFBD>ͬ<EFBFBD><CDAC>DNS<4E><53><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȥ<EFBFBD><C8A5><EFBFBD>н<EFBFBD><D0BD><EFBFBD>
for k,v in gl_remote_server.iteritems():
m = re.search(k + '$' , domain);
if m:
remote_server = v
break
if remote_server == None:
remote_server = DEF_REMOTE_SERVER
dnsserver = (remote_server, DEF_PORT)
sock = socket(AF_INET, SOCK_DGRAM) # socket for the remote DNS server
sock.connect(dnsserver)
sock.sendall(data)
sock.settimeout(5)
try:
rspdata = sock.recv(65535)
except Exception, e:
print e, 'ignored.'
sock.close()
return 1
# "delicious food" for GFW:
while 1:
sock.settimeout(DEF_TIMEOUT)
try:
rspdata = sock.recv(65535)
except timeout:
#rspdata = self.respuesta('0.0.0.0' , data);
break
sock.close()
return rspdata
def getDomain(self , data):
tipo = (ord(data[2]) >> 3) & 15 # Opcode bits
dominio = ''
if tipo == 0: # Standard query
ini=12
lon=ord(data[ini])
while lon != 0:
dominio+=data[ini+1:ini+lon+1]+'.'
ini+=lon+1
lon=ord(data[ini])
return dominio[:-1]
def respuesta(self, ip , data):
packet=''
packet+=data[:2] + "\x81\x80"
packet+=data[4:6] + data[4:6] + '\x00\x00\x00\x00' # Questions and Answers Counts
packet+=data[12:] # Original Domain Name Question
packet+='\xc0\x0c' # Pointer to domain name
packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04' # Response type, ttl and resource data length -> 4 bytes
packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.'))) # 4bytes of IP
return packet
class LocalDNSServer(ThreadingUDPServer):
pass
def main():
global gl_remote_server, gl_conf_host
cf = ConfigParser()
cf.read(DEF_CONF_FILE)
if cf.has_section('dns'):
gl_remote_server = {}
for opt in cf.options('dns'):
optv = cf.get('dns', opt).strip()
cfg = optv.split('/')
if len(cfg) > 1:
gl_remote_server[cfg[0]] = cfg[1]
else:
DEF_REMOTE_SERVER = optv
#if cf.has_section('host'):
# gl_conf_host = {}
# for opt in cf.options('host'):
# optv = cf.get('host' , opt).strip()
# opt = opt.replace('.' , r'\.')
# m = re.search('[?*]', opt)
# if m:
# opt = opt.replace('*', r'\w+').replace('?', r'.')
# gl_conf_host[opt] = optv
# #print gl_conf_host
LocalDNSServer((DEF_LOCAL_HOST, DEF_PORT), LocalDNSHandler).serve_forever()
if __name__ == '__main__':
main()

8
Dns/dnsserver.conf Normal file
View File

@@ -0,0 +1,8 @@
[dns]
default = 114.114.114.114
google = google.com/8.8.8.8
[host]
activate.adobe.com = 0.0.0.0
www.baidu.com = 10.0.13.59
testphp.vulnweb.com = 10.0.13.58

BIN
Dns/dns动态读取host.zip Normal file
View File

Binary file not shown.

8
README.md
View File

@@ -1,4 +1,10 @@
AwvScan
By: Mr.x
Email:coolxia@foxmial.com
==============
==============
AwvScan<EFBFBD>ǻ<EFBFBD><EFBFBD><EFBFBD>Awvs+python+nginx+php+mysql<71><6C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɵ<EFBFBD><C9B5><EFBFBD><EFBFBD>߷ֲ<DFB7>ʽɨ<CABD><EFBFBD>ߣ<EFBFBD><DFA3><EFBFBD><EFBFBD><EFBFBD>ͼ<EFBFBD>ɲ鿴scan.jpg<70><67><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>v1.0<EFBFBD><EFBFBD><EFBFBD>
ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊawvs console<6C><65><EFBFBD><EFBFBD>nginx<6E><78><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+DNSsever<65><72><EFBFBD><EFBFBD><EFBFBD>ˣ<EFBFBD><CBA3><EFBFBD>¼<EFBFBD><C2BC>֤<EFBFBD><D6A4><EFBFBD><EFBFBD>󲿷<EFBFBD><F3B2BFB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>ڹ<EFBFBD><EFBFBD><EFBFBD>æ<EFBFBD><EFBFBD>æ<EFBFBD>ŰѰ<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD>ɷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ʒ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˾<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ţ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ÷<EFBFBD>һ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2015.8.11

15
ReportWeb/file.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
function ld_Checkpath($str)
{
$arr = array("\\","/","..",":");
foreach ($arr as $k)
{
if(stristr("$str","$k")) exit();
}
return $str;
}
$hash = ld_Checkpath($_GET['p']);
$path = "E:/wwwroot/report/$hash/export.xml";
//echo $path;
echo file_get_contents($path);
?>

72
TaskPython/run2.py Normal file
View File

@@ -0,0 +1,72 @@
# coding=utf-8
import urllib,time,os,base64,json
import _winreg
wvs_path = ""
def get_html(url):
url=url.strip()
html=urllib.urlopen(url).read()
return html
def writefile(logname,cmd):
try:
fp = open(logname,'a')
fp.write(cmd+"\n")
fp.close()
except:
return False
def regedit(re_root,re_path,re_key):
try:
key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE,re_path)
value,type = _winreg.QueryValueEx(key,re_key)
return value
except:
return False
def get_console(url):
now = time.strftime('%Y-%m-%d %X', time.localtime(time.time()))
date = time.strftime('%Y-%m-%d', time.localtime(time.time()))
try:
a = get_html(url)
#print a
if len(a) > 50:
base = base64.b64decode(a)
#print base
json_arr = json.loads(base)
target_url = json_arr['target_url']
user = json_arr['siteuser']
pwd = json_arr['sitepwd']
scan_rule = json_arr['scan_rule']
hash = json_arr['hash']
print json_arr
console = '"%s\\wvs_console.exe" /Scan %s --HtmlAuthUser=%s --HtmlAuthPass=%s --EnablePortScanning=True /Verbose /ExportXML /SaveLogs /SaveFolder E:\\wwwroot\\report\\%s\\' %(wvs_path,target_url,user,pwd,hash)
#console = console + '\ndel %0'
scantime = time.strftime('%Y-%m-%d %X', time.localtime(time.time()))
print "%s\n%s\n" %(scantime,console)
writefile('bat\\%s.bat'%hash,console)
cmd = 'cmd /c bat\\%s.bat' %hash
print "%s\n%s\n%s\n" %(now,target_url,cmd)
os.system(cmd)
except Exception , e:
info = '%s\nError: %s' %(now,e)
writefile('logs\\%s-Error.log'%date,info)
print info
wvs_path = regedit(0,"SOFTWARE\Acunetix\WVS9","Path")
#exit()
url = 'http://10.118.44.8/scan/tasklist.php'
i = 0
while 1:
now = time.strftime('%Y-%m-%d %X', time.localtime(time.time()))
try:
a = get_console(url)
i +=1
time.sleep(5)
except Exception , e:
info = '%s\nError: %s' %(now,e)
writefile('Error.log',info)
print info
time.sleep(1)

11
ajax.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
require(dirname(__FILE__).'/include/config.inc.php');
$m_arr = array('cpasswd','del','rescan','export');
$mode = $_GET['m'];
if(in_array($mode,$m_arr)){
call_user_func($mode);
}
?>

873
css/bootstrap-combined.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

BIN
css/img/glyphicons-halflings-white.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.6 KiB

BIN
css/img/glyphicons-halflings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

200
css/layoutit.css Normal file
View File

@@ -0,0 +1,200 @@
body {
padding-top:10px;
padding-bottom: 40px;
margin-left:0px;
-webkit-transition: margin 500ms ease;
-moz-transition: margin 500ms ease;
-ms-transition: margin 500ms ease;
-o-transition: margin 500ms ease;
transition: margin 500ms ease;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
@media (max-width: 979px) {
.navbar-fixed-top { position:fixed; }
}
.navbar-inverse .brand {width:180px; color:#fff; }
.brand img {float:left; margin:2px 10px 0 0; }
.brand .label {
position:relative;
left:10px;
top:-3px;
font-weight:normal;
font-size:9px;
background:#666;
-webkit-box-shadow: inset 1px 1px 3px rgba(0, 0, 0, 0.7);
-moz-box-shadow: inset 1px 1px 3px rgba(0, 0, 0, 0.7);
box-shadow: inset 1px 1px 3px rgba(0, 0, 0, 0.7);
}
.edit .demo { margin-left:0px; margin-top:10px; padding:30px 15px 15px; border: 1px solid #DDDDDD; border-radius: 4px; position:relative; word-wrap: break-word;}
.edit .demo:after {
background-color: #F5F5F5;
border: 1px solid #DDDDDD;
border-radius: 4px 0 4px 0;
color: #9DA0A4;
content: "Container";
font-size: 12px;
font-weight: bold;
left: -1px;
padding: 3px 7px;
position: absolute;
top: -1px;
}
.sidebar-nav {
position:fixed;
width:200px;
left:0px;
bottom:0;
top:44px;
background:#ccc;
padding: 9px 0; z-index:10;
-webkit-transition: all 500ms ease;
-moz-transition: all 500ms ease;
-ms-transition: all 500ms ease;
-o-transition: all 500ms ease;
transition: all 500ms ease;
}
.sidebar-nav .nav-header { cursor:pointer; font-size:14px; color:#fff; text-shadow:0 1px 0 rgba(0, 0, 0, 0.3);}
.sidebar-nav .nav-header span.label { font-size:10px; /*padding-bottom:0;*/ position:relative; top:-1px;}
.sidebar-nav .nav-header i.icon-plus {}
.sidebar-nav .nav-header .popover {color:#999; text-shadow:none;}
.popover-info {position:relative;}
.popover-info .popover {display:none; top: -12.5px; left:15px; }
.popover-info:hover .popover {display:block; opacity:1; width:400px;}
.popover-info:hover .popover .arrow {top:23px;}
.sidebar-nav .accordion-group { border:none; }
.boxes {}
.sidebar-nav li { line-height:25px; }
.sidebar-nav .box { line-height:25px; width:170px; height:25px; }
.sidebar-nav .preview { display: block; color:#666; font-size:12px; line-height:22px;}
.sidebar-nav .preview input { width:90px; padding:0 10px; background:#bbb; font-size:10px; color:#999; line-height:20px; height:20px; position:relative; top:-1px; }
.sidebar-nav .view { display: none; }
.sidebar-nav .remove,
.sidebar-nav .configuration { display: none; }
.sidebar-nav .boxes { display:none;}
.demo .preview { display: none; }
.demo .box .view { display: block; padding-top:30px;}
.ui-draggable-dragging .view { display:block;}
/*.demo .ui-sortable-placeholder { outline: 5px dotted #ddd; visibility: visible!Important; border-radius: 4px; }*/
.ui-sortable-placeholder { outline: 1px dashed #ddd;visibility: visible!Important; border-radius: 4px;}
.edit .drag { position: absolute; top: 0;right: 0; cursor: pointer; }
.box,.lyrow { position:relative;}
.edit .demo .lyrow .drag { top:5px; right:80px; z-index:10; }
.edit .demo .column .box .drag { top:5px; }
.edit .demo .column .box .configuration {position: absolute; top: 3px; right: 140px;white-space:nowrap; }
.edit .demo .remove { position: absolute; top: 5px; right: 5px; z-index:10; }
.demo .configuration {
filter: alpha(opacity=0);
opacity: 0;
-webkit-transition: all 500ms ease;
-moz-transition: all 500ms ease;
-ms-transition: all 500ms ease;
-o-transition: all 500ms ease;
transition: all 500ms ease;
}
.demo .drag, .demo .remove {
filter: alpha(opacity=20); opacity: 0.2;
-webkit-transition: all 500ms ease;
-moz-transition: all 500ms ease;
-ms-transition: all 500ms ease;
-o-transition: all 500ms ease;
transition: all 500ms ease;
}
.demo .lyrow:hover > .drag,
.demo .lyrow:hover > .configuration,
.demo .lyrow:hover > .remove,
.demo .box:hover .drag,
.demo .box:hover .configuration,
.demo .box:hover .remove { filter: alpha(opacity=100); opacity: 1; }
.edit .demo .row-fluid:before {
background-color: #F5F5F5;
border: 1px solid #DDDDDD;
border-radius: 4px 0 4px 0;
color: #9DA0A4;
content: "Row";
font-size: 12px;
font-weight: bold;
left: -1px;
line-height:2;
padding: 3px 7px;
position: absolute;
top: -1px;
}
.demo .row-fluid {
background-color: #F5F5F5;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
-webkit-box-shadow: inset 0 1px 13px rgba(0, 0, 0, 0.1);
-moz-box-shadow: inset 0 1px 13px rgba(0, 0, 0, 0.1);
box-shadow: inset 0 1px 13px rgba(0, 0, 0, 0.1);
border: 1px solid #DDDDDD;
border-radius: 4px 4px 4px 4px;
margin: 15px 0;
position: relative;
padding: 25px 14px 0;
}
.edit .column:after {
background-color: #F5F5F5;
border: 1px solid #DDDDDD;
border-radius: 4px 0 4px 0;
color: #9DA0A4;
content: "Column";
font-size: 12px;
font-weight: bold;
left: -1px;
padding: 3px 7px;
position: absolute;
top: -1px;
}
.column {
background-color: #FFFFFF;
border: 1px solid #DDDDDD;
border-radius: 4px 4px 4px 4px;
margin: 15px 0;
padding: 39px 19px 24px;
position: relative;
}
/* preview */
body.devpreview { margin-left:0px;}
.devpreview .sidebar-nav {
left:-200px;
-webkit-transition: all 0ms ease;
-moz-transition: all 0ms ease;
-ms-transition: all 0ms ease;
-o-transition: all 0ms ease;
transition: all 0ms ease;
}
.devpreview .drag, .devpreview .configuration, .devpreview .remove { display:none !Important; }
.sourcepreview .column, .sourcepreview .row-fluid, .sourcepreview .demo .box {
margin:0px 0;
padding:0px;
background:none;
border:none;
-webkit-box-shadow: inset 0 0px 0px rgba(0, 0, 0, 0.00);
-moz-box-shadow: inset 0 0px 0px rgba(0, 0, 0, 0.00);
box-shadow: inset 0 0px 0px rgba(0, 0, 0, 0.00);
}
.devpreview .demo .box, .devpreview .demo .row-fluid { padding-top:0; background:none; }
.devpreview .demo .column { padding-top:19px; padding-bottom:19px; }
#download-layout { display: none }
#editorModal textarea,
#downloadModal textarea { width:100%;height:280px;resize: none;-moz-box-sizing: border-box;-webkit-box-sizing: border-box;box-sizing: border-box; }
#editorModal {width:640px;}
a.language-selected { font-style: italic; font-weight: bold; }

159
html/edit.html Normal file
View File

@@ -0,0 +1,159 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li>
<a href="?m=index">概况</a>
</li>
<li class="active">
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li>
<a href="?m=point">节点管理</a>
</li>
<li>
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">新建WEB扫描</a>
</li>
<!--
<li>
<a href="#panel-910581" data-toggle="tab">筛选</a>
</li>
-->
</ul>
<div class="tab-content">
<div class="tab-pane active" id="panel-941070">
<form action="?m=scan" method="POST">
<fieldset>
<label>URL</label><input type="text" value="<?php echo $html_str['url'];?>" style="width:500px" name="url"/>
<label>账号</label><input type="text" value="<?php echo $html_str['siteuser'];?>" name="user"/>
<label>密码</label><input type="text" value="<?php echo $html_str['sitepwd'];?>" name="pwd"/>
<label>COOKIE</label><textarea rows="5" cols="200" style="width:500px" name="cookie"><?php echo $html_str['cookie'];?></textarea>
<label>扫描策略</label>
<select name="rule">
<option value="4">default</option>
<option value ="1">SQL</option>
<option value ="2">XSS</option>
<option value="3">CSRF</option>
</select>
<label class="checkbox"><input type="checkbox" name="auth" /> 认证扫描 </label> <button type="submit" class="btn">提交扫描</button>
<button type="submit" class="btn">取消</button>
</fieldset>
</form>
</div>
<div class="tab-pane" id="panel-910581">
<p>
第二部分内容.
</p>
</div>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<form action="" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>

184
html/index.html Normal file
View File

@@ -0,0 +1,184 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li class="active">
<a href="?m=index">概况</a>
</li>
<li>
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li>
<a href="?m=point">节点管理</a>
</li>
<li>
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">功能选项</a>
</li>
<li>
<a href="#panel-910581" data-toggle="tab">筛选</a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="panel-941070">
<!--
<button class="btn btn-primary" type="button">启动定时任务</button> <button class="btn btn-primary" type="button">手动刷新</button>
-->
<table class="table">
<thead>
<tr>
<th>
Id
</th>
<th>
URL
</th>
<th>
User
</th>
<th>
Status
</th>
<th>
节点IP
</th>
<th>
High
</th>
<th>
Middle
</th>
<th>
Low
</th>
<th>
Banner
</th>
<th>
OS
</th>
<th>
Finishtime
</th>
<th>
操作
</th>
</tr>
</thead>
<tbody>
<?php echo $html_str;?>
</tbody>
</table>
</div>
<div class="tab-pane" id="panel-910581">
<p>
第二部分内容.
</p>
</div>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd" id="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd" id="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd" id="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</div>
</div>
</div>
</div>
</div>
</div>

208
html/info.html Normal file
View File

@@ -0,0 +1,208 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li class="active">
<a href="?m=index">概况</a>
</li>
<li>
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li>
<a href="?m=point">节点管理</a>
</li>
<li>
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">功能选项</a>
</li>
<li>
<a href="#panel-910581" data-toggle="tab">筛选</a>
</li>
</ul>
<div class="tab-content">
<!--
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<dl>
<dt>
Rolex
</dt>
<dd>
劳力士创始人为汉斯.威尔斯多夫1908年他在瑞士将劳力士注册为商标。
</dd>
<dt>
Vacheron Constantin
</dt>
<dd>
始创于1775年的江诗丹顿已有250年历史
</dd>
<dd>
是世界上历史最悠久、延续时间最长的名表之一。
</dd>
<dt>
IWC
</dt>
<dd>
创立于1868年的万国表有“机械表专家”之称。
</dd>
<dt>
Cartier
</dt>
<dd>
卡地亚拥有150多年历史是法国珠宝金银首饰的制造名家。
</dd>
</dl>
</div>
</div>
</div>
-->
<div class="tab-pane active" id="panel-941070">
<!--
<button class="btn btn-primary" type="button">启动定时任务</button> <button class="btn btn-primary" type="button">手动刷新</button>
-->
<table class="table">
<thead>
<tr>
<th>
Id
</th>
<th>
Type
</th>
<th>
Level
</th>
<th>
Webpath
</th>
<th>
Param
</th>
<th>
details
</th>
<th>
HTTP Request
</th>
</tr>
</thead>
<tbody>
<?php echo $html_str;?>
</tbody>
</table>
</div>
<div class="tab-pane" id="panel-910581">
<p>
第二部分内容.
</p>
</div>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<form action="" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>

89
html/login.html Normal file
View File

@@ -0,0 +1,89 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="一个简洁而又专业的分布式在线WEB漏洞扫描系统">
<meta name="description" content="域名扫描,域名安全扫描,网站在线扫描,漏洞扫描,网站安全,漏洞播报,网站扫描,在线监测">
<meta name="keywords" content="网站安全检测、安全漏洞、网站漏洞检测、网站漏洞修复、网站在线扫描、分布式漏洞扫描">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
</head>
<body>
<div class="navbar">
<div class="navbar-inner">
<div class="container">
<a class="brand" href="?m=index"><?php echo soft_name?></a>
</div>
</div>
</div>
<div class="container">
<div class="col-lg-4 col-lg-offset-4 col-sm-6 col-sm-offset-3 col-xs-8 col-xs-offset-2" id="logindev">
<form class="form" action="?m=login" method="POST">
<h2>Please sign in</h2>
<label for="inputEmail" class="sr-only">Username</label>
<input type="username" name="username" class="form-control" placeholder="username" required="" autofocus="">
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" class="form-control" placeholder="Password" required="">
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
<button class="btn" type="submit">Sign in</button>
</form>
</div>
</div>
<div class="navbar">
<div class="navbar-inner">
<div class="container">
<ul class="breadcrumb">
<li>
关于我们
</li>
</ul>
<p>
xxx.com是一个简洁而又专业的分布式WEB漏洞扫描工具。
</p>
<p>
服务多么强大。。。。
</p>
<p>
站长联系方式admin@scan.com
</p>
</div>
</div>
</div>
</body></html>

182
html/point.html Normal file
View File

@@ -0,0 +1,182 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li>
<a href="?m=index">概况</a>
</li>
<li>
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li class="active">
<a href="?m=point">节点管理</a>
</li>
<li>
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">节点列表</a>
</li>
<li>
<a href="#panel-910581" data-toggle="tab">添加节点</a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="panel-941070">
<table class="table">
<thead>
<tr>
<th>
序号
</th>
<th>
节点IP
</th>
<th>
端口
</th>
<th>
任务状态
</th>
<th>
启用状态
</th>
<th>
操作
</th>
</tr>
</thead>
<tbody>
<?php echo $html_str;?>
</tbody>
</table>
</div>
<div class="tab-pane" id="panel-910581">
<form action="?m=point&c=new" method="POST">
<fieldset>
<label>节点IP</label><input type="text" name="ip"/>
<label>节点端口</label><input type="text" name="port"/>
<label>状态</label>
<select name="status">
<option value="1">启用</option>
<option value ="0">禁用</option>
</select>
<label class="checkbox"></label>
<button type="submit" class="btn">添加节点</button>
<button type="submit" class="btn" data-dismiss="modal">取消</button>
</fieldset>
</form>
</div>
<?php echo point_display();?>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<form action="" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>

160
html/scan.html Normal file
View File

@@ -0,0 +1,160 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li>
<a href="?m=index">概况</a>
</li>
<li class="active">
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li>
<a href="?m=point">节点管理</a>
</li>
<li>
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">新建WEB扫描</a>
</li>
<!--
<li>
<a href="#panel-910581" data-toggle="tab">筛选</a>
</li>
-->
</ul>
<div class="tab-content">
<div class="tab-pane active" id="panel-941070">
<form action="<?php echo $_SERVER['REQUEST_URI'];?>" method="POST">
<fieldset>
<label>URL</label><input type="text" style="width:500px" name="url"/>
<label>账号</label><input type="text" name="user"/>
<label>密码</label><input type="text" name="pwd"/>
<label>COOKIE</label><textarea rows="5" cols="200" style="width:500px" name="cookie"></textarea>
<label>扫描策略</label>
<select name="rule">
<option value="4">default</option>
<option value ="1">SQL</option>
<option value ="2">XSS</option>
<option value="3">CSRF</option>
</select>
<label class="checkbox"><input type="checkbox" name="auth" /> 认证扫描 </label> <button type="submit" class="btn">提交扫描</button>
<button type="submit" class="btn">取消</button>
</fieldset>
</form>
</div>
<div class="tab-pane" id="panel-910581">
<p>
第二部分内容.
</p>
</div>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<form action="" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>

189
html/set.html Normal file
View File

@@ -0,0 +1,189 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="title" content="">
<meta name="description" content="">
<meta name="keywords" content="">
<title><?php echo soft_name?></title>
<!-- Le styles -->
<link href="css/bootstrap-combined.min.css" rel="stylesheet">
<link href="css/layoutit.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<![endif]-->
<!-- Fav and touch icons -->
<link rel="shortcut icon" href="img/favicon.png">
<script type="text/javascript" src="js/jquery-2.0.0.min.js"></script>
<!--[if lt IE 9]>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<![endif]-->
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jquery.ui.touch-punch.min.js"></script>
<script type="text/javascript" src="js/jquery.htmlClean.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript" src="js/action.js"></script>
</head>
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-target=".navbar-responsive-collapse" data-toggle="collapse"></a> <a class="brand" href="?m=index"><?php echo soft_name?></a>
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav">
<li>
<a href="?m=index">概况</a>
</li>
<li>
<a href="?m=scan">WEB扫描</a>
</li>
<!--
<li>
<a href="#">端口扫描</a>
</li>
-->
<li>
<a href="?m=point">节点管理</a>
</li>
<li class="active">
<a href="?m=set">系统管理</a>
</li>
</ul>
<ul class="nav pull-right">
<li class="active">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"><?php echo $_SESSION['username'];?></a>
<ul class="dropdown-menu">
<!--
<li>
<a href="#">下拉导航1</a>
</li>
-->
<li>
<a id="modal-978241" href="#cpasswd-<?php echo $_SESSION['username']?>" data-toggle="modal">修改密码</a>
</li>
<li>
<a href="?m=logout">退出</a>
</li>
<!--
<li class="divider">
</li>
<li>
<a href="#">链接3</a>
</li>
-->
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="tabbable" id="tabs-25550">
<ul class="nav nav-tabs">
<li class="active">
<a href="#panel-941070" data-toggle="tab">用户列表</a>
</li>
<li>
<a href="#panel-910581" data-toggle="tab">添加用户</a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="panel-941070">
<table class="table">
<thead>
<tr>
<th>
序号
</th>
<th>
用户名
</th>
<th>
邮箱
</th>
<th>
手机
</th>
<th>
状态
</th>
<th>
操作
</th>
</tr>
</thead>
<tbody>
<?php echo $html_str;?>
</tbody>
</table>
</div>
<div class="tab-pane" id="panel-910581">
<form action="?m=set&c=new" method="POST">
<fieldset>
<label>用户名</label><input type="text" name="username"/>
<label>密码</label><input type="text" name="passwd"/>
<label>邮箱</label><input type="text" name="mail"/>
<label>手机</label><input type="text" name="phone"/>
<label>状态</label>
<select name="status">
<option value="1">启用</option>
<option value ="0">禁用</option>
</select>
<label>角色</label>
<select name="group">
<option value="1">admin</option>
<option value ="0">user</option>
</select>
<label class="checkbox"></label>
<button type="submit" class="btn">添加</button>
<button type="submit" class="btn">取消</button>
</fieldset>
</form>
</div>
<?php echo set_display();?>
<div id="cpasswd-<?php echo $_SESSION['username']?>" class="modal hide fade" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true" >
<form action="" method="POST">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">
<?php echo $_SESSION['username']?>的密码修改
</h3>
</div>
<div class="modal-body">
<fieldset>
<label>旧 密 码</label><input type="text" value="" name="oldpasswd"/>
<label>新 密 码</label><input type="text" value="" name="newpasswd"/>
<label>重新输入</label><input type="text" value="" name="repasswd"/>
</fieldset>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">关闭</button> <button class="btn btn-primary" onclick="cpasswd()">保存设置</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>

21
include/IExcel.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**
* @desc excel<65>ӿ<EFBFBD>
* @author mengdejun
*/
interface IExcel
{
//<2F><><EFBFBD><EFBFBD>excel
public function import($fileName,$convert_callback_function=null);
//<2F><><EFBFBD><EFBFBD>excel
public function export($fileName="excel");
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
public function addRow(array $array,$sheet="sheet1");
//<2F><><EFBFBD>ӱ<EFBFBD>ͷ
public function addHead(array $array,$sheet="sheet1");
//<2F><><EFBFBD>ӹ<EFBFBD><D3B9><EFBFBD><EFBFBD><EFBFBD>
public function addSheet($sheet);
//<2F>ͷ<EFBFBD><CDB7><EFBFBD>Դ
public function release();
}
?>

441
include/XmlExcel.php Normal file
View File

@@ -0,0 +1,441 @@
<?php
include_once ('IExcel.php');
/**
* @desc php<68><70><EFBFBD><EFBFBD>excel<65><EFBFBD><E0BAAF> ֧<>ֵ<EFBFBD><D6B5><EFBFBD> <20><><EFBFBD><EFBFBD> <20><EFBFBD><E0B9A4><EFBFBD><EFBFBD>(<28><><EFBFBD>ݷ־<DDB7><D6BE><EFBFBD><EFBFBD><EFBFBD>)
* @filesource XmlExcel.php
* @author mengdejun
* @date 20100801
* @version 1.8.1
*/
if(!defined("CHARSET")):define("CHARSET","UTF-8");endif;
if(!defined("VERSION")):define("VERSION","12.00");endif;
if(!defined("THIS_VERSION")):define("THIS_VERSION","1.8.1");endif;
if(!defined("NULL")):define("NULL",null);endif;
class XmlExcel implements IExcel
{
private $header = "<?xml version=\"1.0\" encoding=\"%s\"?>\n<Workbook xmlns=\"urn:schemas-microsoft-com:office:spreadsheet\" xmlns:x=\"urn:schemas-microsoft-com:office:excel\" xmlns:ss=\"urn:schemas-microsoft-com:office:spreadsheet\" xmlns:html=\"http://www.w3.org/TR/REC-html40\">";
private $documentInfo="<DocumentProperties xmlns=\"urn:schemas-microsoft-com:office:office\"><Author>{author}</Author><Created>{time}</Created><Company>{company}</Company><Version>{version}</Version></DocumentProperties>";
private $footer = "</Workbook>";
private $align_left="<Style ss:ID=\"s62\"><Alignment ss:Horizontal=\"Left\" ss:Vertical=\"Center\"/></Style>";
private $align_center="<Style ss:ID=\"s63\"><Alignment ss:Horizontal=\"Center\" ss:Vertical=\"Center\"/></Style>";
private $align_right="<Style ss:ID=\"s64\"><Alignment ss:Horizontal=\"Right\" ss:Vertical=\"Center\"/></Style>";
private $align_bold="<Style ss:ID=\"s65\"><Alignment ss:Horizontal=\"Center\" ss:Vertical=\"Center\"/><Font ss:FontName=\"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>\" x:CharSet=\"134\" ss:Size=\"12\" ss:Color=\"#000000\" ss:Bold=\"1\"/></Style>";
private $align_default="<Style ss:ID=\"Default\" ss:Name=\"Normal\"><Alignment ss:Horizontal=\"%s\" ss:Vertical=\"Center\"/><Borders/><Font ss:FontName=\"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>\" x:CharSet=\"134\" ss:Size=\"11\" ss:Color=\"#000000\"/><Interior/><NumberFormat/><Protection/></Style>";
private $charset=CHARSET;
private $convert="convert";
private static $pre_workBook=NULL;
private $_line=NULL;
private $_column=NULL;
private $_columnType=NULL;
private $_styles=NULL;
private $_style=NULL;
private $_title=NULL;
private $_align="Left";
private $defaultHeight=13.5;
private $defaultWidth=54;
private $_sheets=NULL;
private $_heads=NULL;
/**
* @desc <20><><EFBFBD><EFBFBD><ECB7BD> PHP5.X
* @param string $charset <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>
*/
public function __construct($charset = 'UTF-8')
{
$this->charset=$charset;
}
/**
* @desc <20><><EFBFBD><EFBFBD><ECB7BD> PHP4.X
* @param string $charset <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>
*/
public function XmlExcel($charset = 'UTF-8')
{
$this->charset=$charset;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function __destruct(){}
/**
* @desc <20>ͷſ<CDB7><C5BF><EFBFBD><EFBFBD><EFBFBD>Դ
* @return null
*/
public function release()
{
unset($this->_line,$this->_column,$this->_heads,$this->_sheets,$this->_styles,$this->_style,$this->_title,self::$pre_workBook);
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param array $array
*/
protected function getLine(array $array)
{
$_temp="<Row ss:AutoFitHeight=\"0\">";
foreach($array as $key=>$val):
#<23><>ȡָ<C8A1><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><C4AC>String
$_type=!empty($this->_columnType)&&isset($this->_columnType)?!empty($this->_columnType[$key])&&isset($this->_columnType)?$this->_columnType[$key]:"String":"String";
$_temp.="<Cell><Data ss:Type=\"{$_type}\">{$this->convert($val)}</Data></Cell>";
endforeach;
$_temp.="</Row>";
return $_temp;
}
/**
* @desc <20><><EFBFBD>ӱ<EFBFBD><D3B1><EFBFBD>ͷ,Ĭ<>ϵĵ<CFB5>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E9BDAB>Ϊ<EFBFBD><CEAA>ͷ
* @param array $array
* @param string $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @exception $array <20><><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA>
*/
public function addHead(array $array, $sheet = "sheet1")
{
$this->_line[$sheet][0]=$this->getLine($array);
$this->_title[$sheet]['width']=count($array)-1;
$this->_sheets[]=$sheet;
$this->_heads[$sheet][0]=$array;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param array $array
* @param string $sheet
*/
public function addRow(array $array, $sheet = "sheet1",$isErrorReport=true)
{
if($isErrorReport):
if(empty($array)||!isset($array)||count($array)==0):
exit("data can't null'");
else:
$this->_line[$sheet][]=$this->getLine($array);
endif;
else:
$this->_line[$sheet][]=$this->getLine($array);
endif;
}
/**
* @desc <20><><EFBFBD>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD>
* @param $head <20><>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD>
* @param $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function setSheetHead(array $head,$sheet="Sheet1")
{
$this->_line[$sheet][]=$this->getLine($head);
}
/**
* @desc <20><><EFBFBD>Ӷ<EFBFBD><D3B6><EFBFBD> ֧<><D6A7>Ƕ<EFBFBD><C7B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param array $array
* @param unknown_type $sheet
*/
public function addRows(array $array,$sheet = "Sheet1")
{
foreach($array as $value):
if(is_array($value)):
$this->addRow($value,$sheet);
else:
$this->addRow($array,$sheet);
endif;
endforeach;
}
/**
* @desc <20><>ȡ<EFBFBD>ƶ<EFBFBD><C6B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><D0BF><EFBFBD>
* @param @sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function getColumnLength($sheet="Sheet1")
{
return $this->_title[$sheet]['width'];
}
/**
* @desc <20><><EFBFBD>ӹ<EFBFBD><D3B9><EFBFBD><EFBFBD><EFBFBD>
* @param unknown_type unknown_type $sheet
*/
public function addSheet($sheet,$array=array())
{
$this->_line[$sheet][]=$array;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӱ<EFBFBD><D3B1><EFBFBD>
* @param string $str <20><><EFBFBD><EFBFBD>
* @param string $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function addTitle($str,$sheet="Sheet1")
{
$str=$this->convert($str);
$this->_title[$sheet]['title']="<Row ss:AutoFitHeight=\"0\" ss:StyleID=\"s65\"><Cell ss:MergeAcross=\"{num}\"><Data ss:Type=\"String\">{$str}</Data></Cell></Row>";
}
/**
* @desc excel<65><6C><EFBFBD><EFBFBD>
* @param string $fileName <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD>
*/
public function export($fileName = "excel",$isConvert=false)
{
if($isConvert):
$fileName=$this->getConvertString($fileName);
endif;
header("Content-Type: application/vnd.ms-excel; charset=" . $this->charset);
header("Content-Disposition:attachment; filename=\"{$fileName}.xls\"");
echo stripslashes(sprintf($this->header, $this->charset));
echo str_replace("{company}","sf-express",str_replace("{time}",date("Y-m-dH:i:s",time()),str_replace("{author}","Mr.x",str_replace("{version}",VERSION,$this->documentInfo))));
echo "<Styles>";
echo stripslashes(sprintf($this->align_default, $this->_align));
echo $this->align_left;
echo $this->align_right;
echo $this->align_center;
echo $this->align_bold;
echo "</Styles>";
$_hasData=count($this->_line)==0?false:true;
if($_hasData):
#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>excel<65><6C><EFBFBD><EFBFBD>
foreach($this->_line as $key=>$value):
echo "<Worksheet ss:Name=\"{$this->convert($key)}\"><Table ss:DefaultColumnWidth=\"{$this->defaultWidth}\" ss:DefaultRowHeight=\"{$this->defaultHeight}\">";
#<23><><EFBFBD><EFBFBD>ʽ<EFBFBD>Ϳ<EFBFBD><CDBF><EFBFBD>
if(isset($this->_column[$key]['style_width'])):
foreach($this->_column[$key]['style_width'] as $s_key=>$s_value):
echo "<Column ss:Index=\"{$s_key}\" ss:AutoFitWidth=\"1\" ss:Width=\"$s_value\"/>";
endforeach;
endif;
#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
if(!empty($this->_title[$key]['title'])):
echo str_replace("{num}",$this->_title[$key]['width'],$this->_title[$key]['title']);
endif;
#<23><>Ԫ<EFBFBD><D4AA>
foreach($value as $_v):
echo $_v;
endforeach;
echo "</Table></Worksheet>";
endforeach;
#<23><><EFBFBD>ر<EFBFBD>׼<EFBFBD><D7BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><C4AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
$length=count($this->_line);
while($length<3):
$length++;
echo "<Worksheet ss:Name=\"Sheet{$length}\"><Table></Table></Worksheet>";
endwhile;
else:
#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD>Ĭ<EFBFBD>Ϲ<EFBFBD><CFB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><D6A7>(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:<3A>ļ<EFBFBD><C4BC><EFBFBD>ȡʧ<C8A1><CAA7>)
for($index=1;$index<=3;$index++):
echo "<Worksheet ss:Name=\"Sheet{$index}\"><Table></Table></Worksheet>";
endfor;
endif;
echo $this->footer;
}
/**
* @desc excel<65><6C><EFBFBD><EFBFBD><EBBAAF><>ú<EFBFBD><C3BA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD>
* @param unknown_type $fileName <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>
* @param unknown_type $convert_callback_function <20>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD> ֧<>ֱ<EFBFBD><D6B1><EFBFBD>ת<EFBFBD><D7AA>,<2C><EFBFBD><E8B7B5>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>
* @return <20><>ά<EFBFBD><CEAC><EFBFBD><EFBFBD>,<2C>ֱ<EFBFBD><D6B1><EFBFBD>Ӧ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><>/<2F><>Ԫ<EFBFBD><D4AA>
*/
public function import($fileName,$convert_callback_function=null)
{
$xls=simplexml_load_file($fileName);
$is_convert=!empty($convert_callback_function)&&function_exists($convert_callback_function);
$index=0;
$_ra=array();
foreach($xls->Worksheet as $worksheet):<><D1AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
$index_i=1;
foreach($worksheet->Table->Row as $cells):<><D1AD><EFBFBD><EFBFBD>
if($index_i!==1):
foreach($cells as $cell):<><D1AD><EFBFBD><EFBFBD>Ԫ<EFBFBD><D4AA>
$_ra[$index][$index_i][]=$is_convert?call_user_func($convert_callback_function,$cell->Data):$cell->Data;
endforeach;
endif;
$index_i++;
endforeach;
$index++;
endforeach;
return $_ra;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>
* @param string $charset <20><><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC>ı<EFBFBD><C4B1><EFBFBD>
*/
public function setCharset($charset="GBK")
{
$this->charset = $charset;
}
/**
* <20><><EFBFBD>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еĿ<D0B5><C4BF><EFBFBD> array(1=>10,2=>23,3=>23,4=>213,5=>asd) <20>ظ<EFBFBD><D8B8><EFBFBD><EFBFBD>ø<EFBFBD>ֵ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰһ<C7B0>β<EFBFBD><CEB2><EFBFBD><EFBFBD>Ľ<EFBFBD><C4BD><EFBFBD>
* @param string $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param array $array <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function setColumnWidth($sheet="sheet1",$array)
{
if(!empty($this->_column[$sheet]['style_width'])&&isset($this->_column[$sheet]['style_width'])):
unset($this->_column[$sheet]['style_width']);
endif;
$this->_column[$sheet]['style_width']=$array;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>п<EFBFBD><D0BF><EFBFBD>
* @param array $array <20>п<EFBFBD><D0BF><EFBFBD>
*/
public function setAllColumnWidth(array $array)
{
$_temp=$this->getAllSheetNames();
foreach($_temp as $value):
$this->setColumnWidth($value,$array);
endforeach;
}
/**
* @desc <20><><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC><EFBFBD>и<EFBFBD>
* @param integer $height
*/
public function setDefaultRowHeight($height="54")
{
$this->defaultHeight=$height;
}
/**
* <20><><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(<28>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD>)
* @param string $convert <20><><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Ĭ<><C4AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊconvert
*/
public function addConvert($convert="convert")
{
$this->convert = $convert;
}
/**
* @desc <20>ڲ<EFBFBD><DAB2>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>
* @param unknown_type $str
*/
protected function convert($str)
{
if(function_exists($this->convert)):
return call_user_func($this->convert,$str);
else:
return $str;
endif;
}
/**
* <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param int $sheet <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD>
* @return integer
*/
public function getSheets()
{
return sizeof($this->_line);
}
/**
* <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param String $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @return integer
*/
public function getRows($sheet)
{
return sizeof($this->_line[$sheet]);
}
/**
* @desc <20><>ȡָ<C8A1><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD>ͷ<EFBFBD><CDB7>Ϣ
* @param string $sheet <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function getHead($sheet)
{
return $this->_heads[$sheet][0];
}
/**
* @desc <20><><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC><EFBFBD>и߶<D0B8>
* @param integer $defaultHeight <20>е<EFBFBD>Ĭ<EFBFBD>ϸ߶<CFB8> <20><>Ĭ<EFBFBD><C4AC>ֵ
*/
public function setDefaultHeight($defaultHeight) {
$this->defaultHeight = $defaultHeight;
}
/**
* @desc <20><><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϵ<EFBFBD><CFB5>п<EFBFBD><D0BF><EFBFBD>
* @param integer $defaultWidth <20>е<EFBFBD>Ĭ<EFBFBD>Ͽ<EFBFBD><CFBF><EFBFBD> <20><>Ĭ<EFBFBD><C4AC>ֵ
*/
public function setDefaultWidth($defaultWidth) {
$this->defaultWidth = $defaultWidth;
}
/**
* @desc <20><>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function currentSheetsLength()
{
return sizeof($this->_line)+1;
}
/**
* @desc <20><><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϵľ<CFB5><C4BE>з<EFBFBD>ʽ
* @param string $_align <20><>ѡֵ Left(left),Center(center),Right(right)
*/
public function setDefaultAlign($_align)
{
$this->_align = ucfirst($_align);
}
/**
* @desc <20>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><><D6A7><EFBFBD>Զ<EFBFBD><D4B6>־<EFBFBD><D6BE><EFBFBD><EFBFBD><EFBFBD>,<2C>÷<EFBFBD><C3B7><EFBFBD><EFBFBD><EFBFBD>addHead<61><64>ͻ,ʹ<>ø÷<C3B8><C3B7><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>addHead,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>հ׵Ĺ<D7B5><C4B9><EFBFBD><EFBFBD><EFBFBD>
* @param array $head <20><>ͷ
* @param array $data <20><><EFBFBD><EFBFBD>
* @param int $pageSize ҳ<><D2B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Ĭ<><C4AC>60000,excel<65><6C><EFBFBD><EFBFBD>֧<EFBFBD><D6A7>65536
* @param string $defaultName <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function addPageRow(array $head,array $data,$pageSize=60000,$defaultName="Sheet")
{
if(!isset($defaultName)||$defaultName=="Sheet")$defaultName="Sheet".($this->getSheets()+1);
if(empty(self::$pre_workBook)):
self::$pre_workBook=$defaultName;
if(!isset($this->_heads[self::$pre_workBook][0]))
$this->addHead($head,self::$pre_workBook);
$this->addRow($data,self::$pre_workBook);
else:
if($this->getRows(self::$pre_workBook)>=($pageSize+1)):
$this->addHead($head,$defaultName);
$this->addRow($data,$defaultName);
self::$pre_workBook=$defaultName;
else:
$this->addRow($data,self::$pre_workBook);
endif;
endif;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param null
*/
public function getAllSheetNames()
{
return $this->_sheets;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(<28>־<EFBFBD>) Ĭ<><C4AC>Ϊ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ(<28><><EFBFBD><EFBFBD>) <20>÷<EFBFBD><C3B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڹ<EFBFBD><DAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڵ<EFBFBD><DAB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>.
* @param string $title <20><><EFBFBD><EFBFBD>
*/
public function setAllTitle($title)
{
$_temp=$this->getAllSheetNames();
foreach($_temp as $value):
$this->addTitle($title,$value);
endforeach;
}
/**
* @desc <20><><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param string $str ת<><D7AA><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>
* @param string $source_code ԭ<><D4AD><EFBFBD><EFBFBD> Ĭ<><C4AC>UTF-8
* @param string $target_code Ŀ<><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Ĭ<><C4AC>GBK
*/
protected function getConvertString($str,$source_code='UTF-8',$target_code='GBK')
{
return !empty($str)&&is_string($str)?iconv($source_code,$target_code,$str):$str;
}
/**
* @desc <20><>ӡ<EFBFBD><D3A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
* @param null
*/
public function debug($out=true)
{
if($out):
var_dump($this->_line);
else:
return $this->_line;
endif;
}
/**
* @desc <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>׺ <20><><EFBFBD>ô˷<C3B4><CBB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><C8AB>Ψһ<CEA8><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
* @param $name <20>Զ<EFBFBD><D4B6><EFBFBD><E5B9A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function uniqueName($name)
{
$size=$this->getSheets();
if($size==0)return $name;
else return $name.$size;
}
/**<2A><><EFBFBD>õ<EFBFBD>λ<EFBFBD><CEBB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C>÷<EFBFBD><C3B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ͳ<EFBFBD><CDB2><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><E6B1BE>excel
* @param $_columnType the $_columnType to set array ָ<><D6B8><EFBFBD>ļ<EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*/
public function set_columnType($_columnType)
{
$this->_columnType = $_columnType;
}
}
?>

876
include/common.fun.php Normal file
View File

@@ -0,0 +1,876 @@
<?php
//自动加载类库处理
function __autoload($classname)
{
$classname = preg_replace("/[^0-9a-z_]/i", '', $classname);
if(class_exists ( $classname ) )
{
return TRUE;
}
$classfile = $classname.'.php';
$libclassfile = $classname.'.class.php';
require LDINC.'/'.$libclassfile;
}
foreach(Array('_GET','_POST','_COOKIE') as $_request){
foreach($$_request as $_k => $_v) ${$_k} = _runmagicquotes($_v);
}
function _runmagicquotes(&$svar){
if(!get_magic_quotes_gpc()){
if( is_array($svar) ){
foreach($svar as $_k => $_v) $svar[$_k] = _runmagicquotes($_v);
}else{
$svar = addslashes($svar);
}
}
return $svar;
}
function Ajaxmsg($msg)
{
echo $msg;
exit();
}
function AjaxJsonMsg($arr)
{
foreach ($arr as $k=>$v)
{
$arr[$k] = iconv("GB2312","UTF-8",$v);
}
echo json_encode($arr);
exit();
}
/***弹出信息*/
function Message($msg,$gourl=0,$onlymsg=0,$limittime=1000){
global $sitename,$includeurl;
$htmlhead = "<html>\r\n<head>\r\n<title>{$sitename}提示信息</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n";
$htmlhead .= "<base target='_self'/>\r\n<style>div{line-height:160%;}</style></head>\r\n<body leftmargin='0' topmargin='0' bgcolor='#FFFFFF'>\r\n<center>\r\n<script>\r\n";
$htmlfoot = "</script>\r\n</center>\r\n</body>\r\n</html>\r\n";
$litime = ($limittime==0 ? 1000 : $limittime);
$func = '';
if($gourl=='-1'){
if($limittime==0) $litime = 1000;
$gourl = "javascript:history.go(-1);";
}
if($gourl=='0'){
if($limittime==0) $litime = 1000;
$gourl = "javascript:history.back();";
}
if($gourl=='' || $onlymsg==1){
$msg = "<script>alert(\"".str_replace("\"","",$msg)."\");</script>";
}else{
if(preg_match('/close::/i',$gourl)){
$tgobj = trim(eregi_replace('close::', '', $gourl));
$gourl = 'javascript:;';
$func .= "window.parent.document.getElementById('{$tgobj}').style.display='none';\r\n";
}
$func .= " var pgo=0;
function JumpUrl(){
if(pgo==0){ location='$gourl'; pgo=1; }
}\r\n";
$rmsg = $func;
$rmsg .= "document.write(\"<br /><div style='width:450px;padding:0px;border:1px solid #DADADA;'>";
$rmsg .= "<div style='padding:6px;font-size:12px;border-bottom:1px solid #DADADA;background:#DBEEBD url({$includeurl}/images/wbg.gif)';'><b>{$sitename} 提示信息!</b></div>\");\r\n";
$rmsg .= "document.write(\"<div style='padding-bottom:20px;font-size:10pt;background:#ffffff'><br />\");\r\n";
$rmsg .= "document.write(\"".str_replace("\"","",$msg)."\");\r\n";
$rmsg .= "document.write(\"";
if($onlymsg==0){
if( $gourl != 'javascript:;' && $gourl != ''){
$rmsg .= "<br /><a href='{$gourl}'>如果你的浏览器没反应,请点击这里...</a>";
$rmsg .= "</div>\");\r\n";
$rmsg .= "setTimeout('JumpUrl()',$litime);";
}else{
$rmsg .= "</div>\");\r\n";
}
}else{
$rmsg .= "<br/></div>\");\r\n";
}
$msg = $htmlhead.$rmsg.$htmlfoot;
}
echo $msg;
exit();
}
/**
* 弹出JS对话框 $msg指弹出内容,$url是跳转页面如果为0的情况则返回上一级目录
*/
function Alert($msg,$url="0")
{
if ($url =="0") {
$url = "history.go(-1)";
}
else{
$url = "window.location.href = '$url'";
}
echo "<script language='javascript'>alert('$msg');$url;</script>";
exit();
}
/**获取IP地址*/
function ld_ipaddress()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
/**
* 数字分页
* */
function Page($num = '',$url = '',$pagesize = 20,$ishtml=0)
{
global $page,$pagesql,$pagenav,$includeurl,$cfg; //定义三个全局变量,$page是页码$pagesql是SQL语句里面的imit,$pagenav是分页的连接
$lastpage = ceil(($num/$pagesize)); //末页
if($page >= $lastpage) $page = $lastpage;//如果页码大于等于总共页数,那么页码就等于总共页数
if($page =="" or $page<=0) $page =1; //如果page为空又或者page小于等于0时则page等于1
$prepg=$page-1; //上一页
$nextpg=$page+1; //下一页
$pagesql = ($page-1)*$pagesize; //计算SQL语句
$GLOBALS["pagesize"]=$pagesize; //为使函数外部可以访问这里的“$displaypg”将它也设为全局变量。注意一个变量重新定义为全局变量后原值被覆盖所以这里给它重新赋值。
$pagenum = 10; //每个显示多少条
if($ishtml==0)
{
$pagenavurl = "{$url}page=1";
$pageurl1 = "{$url}page=$prepg";
$nextpageurl = "{$url}page=$nextpg";
$lastpageurl = "{$url}page=$lastpage";
}else
{
$pagenavurl = "{$url}-1.html";
$pageurl1 = "{$url}-$prepg.html";
$nextpageurl = "{$url}-$nextpg.html";
$lastpageurl = "{$url}-$lastpage.html";
}
$pagenav = "<div class='page'><ul>";
if ($page > 1)
{
$pagenav .= "<li><a href='{$pagenavurl}'>首页</a></li>";
$pagenav .= "<li><a href='{$pageurl1}'>上一页</a></li>";
}
$dqpage = floor($page / $pagenum); //当前多少页,除以10
$beginpage = $dqpage * $pagenum;
$endpage = ($dqpage + 1) * $pagenum; //结束的页号
for ($i=$beginpage;$i<=$endpage;$i++)
{
if($i==0) continue;
$ss = $i == $page ? " class='selected'" : "";
$iurl = $ishtml==0 ? "{$url}page=$i" : "{$url}-$i.html";
$pagenav .= "<li $ss><a href='{$iurl}'>{$i}</a></li>";
if($i >= $lastpage) break;
}
if($page < $lastpage)
{
//$pagenav .= "<li style='border:none;margin-left:0px'>...</li>";
//$pagenav .= "<li style='margin-left:0px'><a href='{$lastpageurl}'>{$lastpage}</a></li>";
$pagenav .= "<li><a href='{$nextpageurl}'>下一页</a></li>";
}
$pagenav .= "</ul></div>";
}
/**
* 获取某个表中的某个最大的值
*/
function ld_gettablemax($table,$field="ord")
{
global $db;
$i = $db->listtablezd($table,"max({$field})");
return $i+1;
}
/**
* 选择时间格式
*
* 1返回Y-m-d H:i:s
* 2返回Y-m-d
*/
function ld_select_date($date,$type=1)
{
if(!empty($date))
{
if($type==1)
return date('Y-m-d H:i:s',$date);
else if($type==2)
return date('Y-m-d',$date);
else if($type==3)
return date('Y-m',$date);
else if($type==4)
return date('Y年m月d日',$date);
else if($type==5)
return date('m-d',$date);
}
else {
return "";
}
}
/**
* 清除所有HTML
*/
function ld_clearhtml($str,$len) {
$str=eregi_replace("<\/*[^<>]*>", '', $str);
$str=str_replace(" ", '', $str);
$str=str_replace("::", ':', $str);
$str=str_replace(" ", '', $str);
$str=str_replace("#p#", '', $str);
$str=str_replace(" ", '', $str);
$str=str_replace(" ", '', $str);
$str=str_replace("&nbsp;", '', $str);
$str=str_replace("&ldquo;", '"', $str);
$str=str_replace("&rdquo;", '"', $str);
$str=str_replace("&mdash;", '-', $str);
$str = ereg_replace("\t","",$str);
$str = ereg_replace("\r\n","",$str);
$str = ereg_replace("\r","",$str);
$str = ereg_replace("\n","",$str);
$str = ereg_replace(" "," ",$str);
$str = ereg_replace("&hellip;","",$str);
$str = GBsubstr($str,0,$len);
return $str;
}
/*
*P中文字串截取无乱码
*/
function GBsubstr($str, $start, $len) { // $str指字符串,$start指字符串的起始位置$len指字符串长度
$strlen = $start + $len; // 用$strlen存储字符串的总长度即从字符串的起始位置到字符串的总长度
for($i = $start; $i < $strlen;) {
if (ord ( substr ( $str, $i, 1 ) ) > 0xa0) { // 如果字符串中首个字节的ASCII序数值大于0xa0,则表示汉字
$tmpstr .= substr ( $str, $i, 3 ); // 每次取出三位字符赋给变量$tmpstr即等于一个汉字
$i=$i+3; // 变量自加3
} else{
$tmpstr .= substr ( $str, $i, 1 ); // 如果不是汉字,则每次取出一位字符赋给变量$tmpstr
$i++;
}
}
return $tmpstr; // 返回字符串
}
/**
*获取表单复选框
*/
function ld_Getbox($str,$split=",")
{
for ($i=0;$_POST[$str][$i]!="";$i++)//通过for循环取值
{
$checkbox .= $_POST[$str][$i].$split;
}
return $checkbox;
}
function ld_listip($ip)
{
//IP数据文件路径
$ipaddress = $ip;
$dat_path = dirname(__FILE__).'/QQWry.Dat'; //检查IP地址
if(!preg_match("/^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$/", $ip)){
return 'IP 地址错误!';
}
//打开IP数据文件
if(!$fd = @fopen($dat_path, 'rb')){
return 'IP数据文件无法读取请确保是正确的纯真IP库';
} //分解IP进行运算得出整形数
$ip = explode('.', $ip);
$ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3]; //获取IP数据索引开始和结束位置
$DataBegin = fread($fd, 4);
$DataEnd = fread($fd, 4);
$ipbegin = implode('', unpack('L', $DataBegin)); //unpack() 函数从二进制字符串对数据进行解包。unpack(format,data) L - unsigned long (always 32 bit, machine byte order)
#$ipbegin 值如5386001
if($ipbegin < 0) $ipbegin += pow(2, 32);
$ipend = implode('', unpack('L', $DataEnd));
if($ipend < 0) $ipend += pow(2, 32);
$ipAllNum = ($ipend - $ipbegin) / 7 + 1;
$BeginNum = 0;
$EndNum = $ipAllNum; //使用二分查找法从索引记录中搜索匹配的IP记录
$ip1num=''; $ip2num=''; $ipAddr1=''; $ipAddr2='';
while($ip1num>$ipNum || $ip2num<$ipNum) {
$Middle= intval(($EndNum + $BeginNum) / 2); //偏移指针到索引位置读取4个字节
fseek($fd, $ipbegin + 7 * $Middle);
$ipData1 = fread($fd, 4);
if(strlen($ipData1) < 4) {
fclose($fd);
return 'System Error';
}
//提取出来的数据转换成长整形如果数据是负数则加上2的32次幂
$ip1num = implode('', unpack('L', $ipData1));
if($ip1num < 0) $ip1num += pow(2, 32);
//提取的长整型数大于我们IP地址则修改结束位置进行下一次循环
if($ip1num > $ipNum) {
$EndNum = $Middle;
continue;
}
//取完上一个索引后取下一个索引
$DataSeek = fread($fd, 3);
if(strlen($DataSeek) < 3) {
fclose($fd);
return 'System Error';
}
$DataSeek = implode('', unpack('L', $DataSeek.chr(0)));
fseek($fd, $DataSeek);
$ipData2 = fread($fd, 4);
if(strlen($ipData2) < 4) {
fclose($fd);
return 'System Error';
}
$ip2num = implode('', unpack('L', $ipData2));
if($ip2num < 0) $ip2num += pow(2, 32); //没找到提示未知
if($ip2num < $ipNum) {
if($Middle == $BeginNum) {
fclose($fd);
return 'Unknown';
}
$BeginNum = $Middle;
}
} //下面的代码读晕了,没读明白,有兴趣的慢慢读
$ipFlag = fread($fd, 1);
if($ipFlag == chr(1)) {
$ipSeek = fread($fd, 3);
if(strlen($ipSeek) < 3) {
fclose($fd);
return 'System Error';
}
$ipSeek = implode('', unpack('L', $ipSeek.chr(0)));
fseek($fd, $ipSeek);
$ipFlag = fread($fd, 1);
} if($ipFlag == chr(2)) {
$AddrSeek = fread($fd, 3);
if(strlen($AddrSeek) < 3) {
fclose($fd);
return 'System Error';
}
$ipFlag = fread($fd, 1);
if($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if(strlen($AddrSeek2) < 3) {
fclose($fd);
return 'System Error';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
} while(($char = fread($fd, 1)) != chr(0))
$ipAddr2 .= $char; $AddrSeek = implode('', unpack('L', $AddrSeek.chr(0)));
fseek($fd, $AddrSeek); while(($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char;
} else {
fseek($fd, -1, SEEK_CUR);
while(($char = fread($fd, 1)) != chr(0))
$ipAddr1 .= $char; $ipFlag = fread($fd, 1);
if($ipFlag == chr(2)) {
$AddrSeek2 = fread($fd, 3);
if(strlen($AddrSeek2) < 3) {
fclose($fd);
return 'System Error';
}
$AddrSeek2 = implode('', unpack('L', $AddrSeek2.chr(0)));
fseek($fd, $AddrSeek2);
} else {
fseek($fd, -1, SEEK_CUR);
}
while(($char = fread($fd, 1)) != chr(0)){
$ipAddr2 .= $char;
}
}
fclose($fd); //最后做相应的替换操作后返回结果
if(preg_match('/http/i', $ipAddr2)) {
$ipAddr2 = '';
}
$ipaddr = "$ipAddr1 $ipAddr2";
$ipaddr = preg_replace('/CZ88.Net/is', '', $ipaddr);
$ipaddr = preg_replace('/^s*/is', '', $ipaddr);
$ipaddr = preg_replace('/s*$/is', '', $ipaddr);
//var_dump($ipaddr);
if(preg_match('/http/i', $ipaddr) || $ipaddr == '') {
$ipaddr = 'Unknown';
}
return $ipaddress." ".iconv("GB2312","UTF-8",$ipaddr);
}
/**
* 获取Select表单
*/
function ld_GetSelect($sql,$select="",$split)
{
global $db;
$query = $db->query($sql);
while ($rs = $db->fetch_array($query))
{
$ss = $select==$rs[0] ? "selected" : "";
$str .= "<option value='{$rs[0]}' $ss title='{$rs[1]}'>{$rs[1]}{$split}</option>";
}
return $str;
}
/**
* 获取Select表单数组
*/
function ld_GetSelectArr($arr,$select="",$stype=0)
{
global $db;
foreach ($arr as $k=>$v)
{
$temp = $stype==0 ? $v : $k;
$ss = "{$select}"=="{$temp}" ? "selected" : "";
$str .= "<option value='{$temp}' $ss title='{$v}'>{$v}</option>";
}
return $str;
}
function ld_GetLang()
{
$Lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4);
if (preg_match('/zh-c/i',$Lang))
{
$Lang = '简体中文';
}
elseif (preg_match('/zh/i',$Lang))
{
$Lang = '繁體中文';
}
else{
$Lang = 'English';
}
return $Lang;
}
function ld_GetBrowser()
{
$Browser = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/MSIE/i',$Browser))
{
$Browser = 'MSIE';
}
elseif (preg_match('/Firefox/i',$Browser))
{
$Browser = 'Firefox';
}
elseif (preg_match('/Chrome/i',$Browser))
{
$Browser = 'Chrome';
}
elseif (preg_match('/Safari/i',$Browser))
{
$Browser = 'Safari';
}
elseif (preg_match('/Opera/i',$Browser))
{
$Browser = 'Opera';
}
else
{
$Browser = 'Other';
}
return $Browser;
}
/**
* 判断ID
*/
function ld_CheckID($id,$tablename,$msg="非法提交")
{
global $db,$path;
if(empty($id))
{
Alert($msg);
}
if(!is_numeric($id))
{
Alert($msg);
}
ld_CheckInput($id);
if(!$db->checknumsql("select * from $tablename"))
{
Alert($msg);
}
return $id;
unset($db);
}
function ld_CheckInput($str)
{
// 如果不是数字则加引号
$arr = array("\\","&gt","&lt","script","select","join","or","=","union","where","insert","delete","update","like","drop","create","modify","alert","cast","show tables");
foreach ($arr as $k)
{
if(stristr("$str","$k")) Alert("非法提交");
}
return $str;
}
/**正则判断目录**/
function ld_Checkpath($str)
{
$arr = array("\\","/","..",":");
foreach ($arr as $k)
{
if(stristr("$str","$k")) Alert("非法提交");
}
return $str;
}
/**正则判断手机**/
function ld_is_mobile($str){
return preg_match("/(^[1][3][0-9]{9}$)|(^[1][5][0-9]{9}$)|(^[1][8][0-9]{9}$)|(^[0][1-9]{1}[0-9]{9}$)/", $str);
}
/**正则判断邮箱地址**/
function ld_is_email($str){
return preg_match("/^\w+((-\w+)|(\.\w+))*\@[A-Za-z0-9]+((\.|-)[A-Za-z0-9]+)*\.[A-Za-z0-9]+$/", $str);
}
/**正则判断正整数**/
function ld_is_zzs($str){
return preg_match("/^[0-9]*[1-9][0-9]*$/", $str);
}
/**正则判断整数**/
function ld_is_zs($str){
return preg_match("/-?\\d+$/", $str);
}
/**正则判断网址**/
function ld_is_url($str){
return preg_match("/^http:\/\/[A-Za-z0-9]+\.[A-Za-z0-9]+[\/=\?%\-&_~`@[\]\':+!]*([^<>\"])*$/", $str);
}
function get_severity($hash,$severity) {
global $db;
$sql = "SELECT * FROM target_vul where hash='{$hash}' and Severity='{$severity}' order by Severity";
$results = $db->query($sql);
return mysql_num_rows($results);
}
function specify_server() {
global $db;
$sql = "SELECT * FROM point_server order by level";
$results = $db->fetch_assoc($sql);
$hash = $results['hash'];
$str = $results['pointip'].' '.$results['pointport'].' '.$results['level'];
$up_arr['level'] = $results['level'] + 1;
$update = $db->update("point_server",$up_arr,"hash='{$hash}'");
return $results['pointip'];
}
function point_display() {
global $db;
$sql = "SELECT * FROM point_server";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
while ($fs = $db->fetch_array($results))
{
$ip = $fs["pointip"];
$port = $fs["pointport"];
$level = $fs["level"];
$status = $fs["status"];
$hash = $fs["hash"];
$html_str .= "
<div id=\"$hash\" class=\"modal hide fade\" role=\"dialog\" aria-labelledby=\"myModalLabel\" aria-hidden=\"true\" >
<form action=\"?m=point&c=update&p=$hash\" method=\"POST\">
<div class=\"modal-header\">
<button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-hidden=\"true\">×</button>
<h3 id=\"myModalLabel\">
节点信息修改
</h3>
</div>
<div class=\"modal-body\">
<fieldset>
<label>节点IP</label><input type=\"text\" value=\"$ip\" name=\"ip\"/>
<label>节点端口</label><input type=\"text\" value=\"$port\" name=\"port\"/>
<label>状态</label>
<select name=\"status\">
<option value=\"1\">启用</option>
<option value =\"0\">禁用</option>
</select>
</fieldset>
</div>
<div class=\"modal-footer\">
<button class=\"btn\" data-dismiss=\"modal\" aria-hidden=\"true\">关闭</button> <button class=\"btn btn-primary\">保存设置</button>
</div>
</form>
</div>\r\n";
}
return $html_str;
}
}
function set_display() {
global $db;
$sql = "SELECT * FROM user";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
while ($fs = $db->fetch_array($results))
{
$username = $fs["username"];
$email = $fs["email"];
$phone = $fs["phone"];
$status = $fs["status"];
$hash = md5($username);
$html_str .= "
<div id=\"$hash\" class=\"modal hide fade\" role=\"dialog\" aria-labelledby=\"myModalLabel\" aria-hidden=\"true\" >
<form action=\"?m=set&c=update&p=$hash\" method=\"POST\">
<div class=\"modal-header\">
<button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-hidden=\"true\">×</button>
<h3 id=\"myModalLabel\">
用户信息修改
</h3>
</div>
<div class=\"modal-body\">
<fieldset>
<label>用户名</label><input type=\"text\" value=\"$username\" name=\"username\"/>
<!--<label>密码</label><input type=\"text\" value=\"$ip\" name=\"passwd\"/> -->
<label>邮箱</label><input type=\"text\" value=\"$email\" name=\"mail\"/>
<label>手机</label><input type=\"text\" value=\"$phone\" name=\"phone\"/>
<label>状态</label>
<select name=\"status\">
<option value=\"1\">启用</option>
<option value =\"0\">禁用</option>
</select>
</fieldset>
</div>
<div class=\"modal-footer\">
<button class=\"btn\" data-dismiss=\"modal\" aria-hidden=\"true\">关闭</button> <button class=\"btn btn-primary\">保存设置</button>
</div>
</form>
</div>\r\n";
}
return $html_str;
}
}
function Checklogin($mode)
{
if ($mode != 'login'){
if(empty($_SESSION['username'])){
header("Location: ?m=login");
exit();
}elseif( $_SESSION['r_ip'] != $_SERVER['REMOTE_ADDR'] ) {
header("Location: ?m=login");
exit();
}
}
}
function cpasswd()
{
global $db;
$username = $_SESSION['username'];
$oldpasswd = $_POST['oldpasswd'];
$up_arr['passwd'] = $_POST['newpasswd'];
$update = $db->update("user",$up_arr,"username='{$username}' and passwd='{$oldpasswd}'");
Ajaxmsg("密码修改成功");
}
function del()
{
global $db;
$hash = $_POST['hash'];
$delete = $db->delete("scan_list where hash='{$hash}'");
$delete = $db->delete("target_info where hash='{$hash}'");
$delete = $db->delete("target_vul where hash='{$hash}'");
Ajaxmsg("删除成功");
}
function export()
{
global $db;
require LDINC.'/XmlExcel.php';
$title1 = array(
'URL',
'User',
'Status',
'节点IP',
'High',
'Middle',
'Low',
'Banner',
'OS',
'Finishtime'
);
$title2 = array(
'Id',
'Type',
'Level',
'Webpath',
'Param',
'details',
'Request'
);
if ( !empty($_GET['hash']) ) {
$hash = $_GET['hash'];
$xls = new XmlExcel;
$xls -> setDefaultWidth(80);
$xls -> setDefaultAlign("center");
$xls -> setDefaultHeight(30);
$xls -> addHead($title1,'info');
$sql = "SELECT a.url,a.user,a.pointserver,b.finishtime,b.banner,b.os,b.responsive FROM scan_list as a,target_info as b where a.hash = b.hash and a.hash = '{$hash}'";
$results = $db->fetch_assoc($sql);
$url = $results['url'];
$user = $results['user'];
$pointserver = $results['pointserver'];
$finishtime = $results['finishtime'];
$banner = $results['banner'];
$os = $results['os'];
$status = $results['responsive'];
$high = get_severity($hash,'high');
$middle = get_severity($hash,'middle');
$low = get_severity($hash,'low');
$data_arr = array(
$url,
$user,
$status,
$pointserver,
$high,
$middle,
$low,
$banner,
$os,
$finishtime
);
$xls -> addRow($data_arr,'info');
$xls -> addHead($title2,'vulnerability');
$sql = "SELECT * FROM target_vul where hash='{$hash}' order by Severity";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
$i = 1;
while ($fs = $db->fetch_array($results))
{
$id = $i;
$Name = $fs["name"];
$Affects = $fs["affects"];
$Parameter = $fs["parameter"];
$Severity = $fs["severity"];
$details = $fs["details"];
$Request = str_replace("\r\n",'&#10;',urldecode($fs["request"]));
//$Response = str_replace("\r\n",'&#10;',urldecode($fs["response"]));
if (strtolower($Severity) == 'high'){
$class = 'error';
}else if(strtolower($Severity) == 'middle'){
$class = 'warning';
}else if(strtolower($Severity) == 'low' or strtolower($Severity) == 'info'){
$class = 'info';
}
if ($Parameter == 'Array'){
$Parameter = '';
}
if ($Request == 'Array'){
$Request = '';
}
/*
if ($Response == 'Array'){
$Response = '';
}
*/
$vul_arr = array(
$id,
$Name,
$Severity,
$Affects,
$Parameter,
$details,
$Request
);
$xls -> addRow($vul_arr,'vulnerability');
}
}
$xls -> export($hash);
}
}
function nginx_vhost($url,$cookie)
{
//读demo.conf内容替换。
$demo_conf_path = LDINC.'/vhost-demo.conf';
//echo $demo_conf_path;
$tmp_arr = explode("/",$url);
$host_str = $tmp_arr[2];
$host_arr = explode(":",$host_str);
$host = $host_arr[0];
$ngx_path = nginx_path;
dns_config($host);
$tmp_str = file_get_contents($demo_conf_path);
$tmp_str = str_replace("#host#",$host,$tmp_str);
$tmp_str = str_replace("#url#",$url,$tmp_str);
$tmp_str = str_replace("#cookie#",$cookie,$tmp_str);
//echo $tmp_str;
//写配置
$filename = "$ngx_path/conf/vhost-$host.conf";
//echo $filename;
$fh = fopen($filename, "w");
fwrite($fh, $tmp_str);
fclose($fh);
//执行reload
$cmd = '"'.$ngx_path.'/restart_ngx.bat"';
//echo $cmd;
$a = exec($cmd);
}
function dns_config($domain)
{
$ip = nginx_ip;
$str = "$domain = $ip\r\n";
#print $str;
$ip_conf = LDINC.'/ip.conf';
$all_str = file_get_contents($ip_conf);
$tmp_arr = explode("|",$all_str);
if (in_array($domain,$tmp_arr) == FALSE){
//写配置
$fh = fopen(dns_conf, "a+");
fwrite($fh, $str);
fclose($fh);
//写配置
$f = fopen($ip_conf, "a+");
fwrite($f, "$all_str|$domain");
fclose($f);
}
}
?>

42
include/config.inc.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
// 保存一天
$lifeTime = 1 * 3600;
session_set_cookie_params($lifeTime);
session_start();
//error_reporting(0);
error_reporting(E_ALL || ~E_NOTICE);
//error_reporting(E_ALL);
$cfg['soft_name'] = 'Web分布扫描系统';
$cfg['soft_version'] = '';
$cfg['soft_lang'] = 'UTF-8';
header("Content-Type: text/html; charset={$cfg['soft_lang']}");
$cfg['db_host'] = 'localhost'; // 数据库服务器
$cfg['db_name'] = 'wvs_scan'; // 数据库名
$cfg['db_user'] = 'root'; // 数据库用户名
$cfg['db_pass'] = 'root'; // 数据库密码
$cfg['db_charset'] = 'utf-8'; //数据库编码
$cfg['db_pre'] = ''; //表前缀
$cfg['file_mod'] = 0777;
$cfg['authkey'] = 'MseNQAWd5Y';
$cfg['nginx_path'] = 'E:/nginx-1.5.3';
$cfg['nginx_ip'] = '10.0.13.58';
$cfg['dns_conf'] = 'E:/WWW/scan/dns/dnsserver.conf';
//配置结束
define('nginx_ip', $cfg['nginx_ip']);
define('nginx_path', $cfg['nginx_path']);
define('dns_conf', $cfg['dns_conf']);
define('authkey', $cfg['authkey']);
define('soft_name', $cfg['soft_name']);
define('LDINC', str_replace("\\", '/', dirname(__FILE__) ) );
define('LDROOT', str_replace("\\", '/', substr(LDINC,0,-8) ) );
define('LDFMOD', $cfg['file_mod'] ? $cfg['file_mod'] : ''); //文件写入模式
date_default_timezone_set("Asia/Shanghai"); //设置默认时区
require_once("sqlsafe.php");
$sql = new sqlsafe(); //防SQL注入
require_once(LDINC."/common.fun.php"); //引用全局函数
$db = new Mysql($cfg['db_host'],$cfg['db_user'],$cfg['db_pass'],$cfg['db_name'],$cfg['db_charset'],$cfg['db_charset'],$cfg['db_pre']);
$sitename = $cfg['sitename'];
require_once("xml.class.php");
require_once("xml.action.php");
require_once("index.action.php");

421
include/index.action.php Normal file
View File

@@ -0,0 +1,421 @@
<?php
function index() {
global $db;
#$sql = "SELECT * FROM scan_list as a,target_info as b where a.hash = b.hash";
$sql = "SELECT * FROM scan_list LEFT JOIN target_info ON scan_list.hash = target_info.hash order by createtime desc";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
$i = 1;
while ($fs = $db->fetch_array($results))
{
$id = $i;
$url = $fs["1"];
$user = $fs["3"];
$pointserver = $fs["4"];
$hash = $fs["11"];
$finishtime = $fs["16"];
$banner = $fs["17"];
$responsive = $fs["18"];
$technologies = $fs["20"];
$os = $fs["19"];
$high = get_severity($hash,'high');
$middle = get_severity($hash,'middle');
$low = get_severity($hash,'low');
if (strtolower($responsive) == 'true'){
$class = 'success';
$responsive = "正常";
}else if (strtolower($responsive) == 'false'){
$class = 'error';
$responsive = "错误";
}else{
$class = '';
}
$html_str .= "
<tr class=\"$class\">
<td>
$id
</td>
<td style=\"word-break:break-all; word-wrap:break-word;\">
<a href=\"?m=info&p={$hash}\">$url</a>
</td>
<td>
$user
</td>
<td>
$responsive
</td>
<td>
$pointserver
</td>
<td>
<a href=\"?m=info&p={$hash}&c=high\"><font color=\"red\">$high</font></a>
</td>
<td>
<a href=\"?m=info&p={$hash}&c=middle\"><font color=\"orange\">$middle</font></a>
</td>
<td>
<a href=\"?m=info&p={$hash}&c=low\"><font color=\"green\">$low</font></a>
</td>
<td>
$banner
</td>
<td>
$os
</td>
<td>
$finishtime
</td>
<td>
<a href=\"?m=info&p={$hash}\">详情</a>|<a href=\"?m=edit&p={$hash}\">编辑</a>|<a href=\"javascript:del('{$hash}')\">删除</a>|<a href=\"javascript:exportexcel('{$hash}')\">报告</a>
</td>
</tr>\r\n";
$i ++;
}
return $html_str;
}else{
return "";
}
}
function scan() {
global $db;
//print_r($_POST);
if(!empty($_POST['url'])){
$pointserver = specify_server();
if (!empty($pointserver)){
$in_arr['url'] = $_POST['url'];
$in_arr['createtime'] = date('Y-m-d');
$in_arr['user'] = $_SESSION['username'];//当前session用户
$in_arr['pointserver'] = specify_server();//分配节点服务器ip
$in_arr['group'] = "";//项目组名称
$in_arr['siteuser'] = $_POST['user'];
$in_arr['sitepwd'] = $_POST['pwd'];
$in_arr['cookie'] = $_POST['cookie'];
$in_arr['rule'] = $_POST['rule'];
$in_arr['status'] = 'new';
$in_arr['hash'] = md5($in_arr['url'].time().authkey);
if ( $_POST['auth'] == 'on' ) nginx_vhost( $in_arr['url'] , $in_arr['cookie'] );
$insert = $db->insert_into("scan_list",$in_arr);
}else{
Message(" 请配置节点服务器 ","?m=point",0,3000);
}
}
}
function info() {
global $db;
$action = $_GET['c'];
$hash = $_GET['p'];
if (empty($action)){
$sql = "SELECT * FROM target_vul where hash='{$hash}' order by Severity";
}else if ($action == 'high'){
$sql = "SELECT * FROM target_vul where hash='{$hash}' and Severity='high' order by Severity";
}else if ($action == 'middle'){
$sql = "SELECT * FROM target_vul where hash='{$hash}' and Severity='middle' order by Severity";
}else if ($action == 'low'){
$sql = "SELECT * FROM target_vul where hash='{$hash}' and Severity='low' order by Severity";
}
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
$i = 1;
while ($fs = $db->fetch_array($results))
{
$id = $i;
$Name = $fs["name"];
$Affects = $fs["affects"];
$Parameter = $fs["parameter"];
$Severity = $fs["severity"];
$details = $fs["details"];
$Request = str_replace("\n",'<br>',$fs["request"]);
//$Response = str_replace("\n",'<br>',$fs["response"]);
if (strtolower($Severity) == 'high'){
$class = 'error';
}else if(strtolower($Severity) == 'middle'){
$class = 'warning';
}else if(strtolower($Severity) == 'low' or strtolower($Severity) == 'info'){
$class = 'info';
}
if ($Parameter == 'Array'){
$Parameter = '';
}
if ($Request == 'Array'){
$Request = '';
}
if ($Response == 'Array'){
$Response = '';
}
$html_str .= "
<tr class=\"$class\">
<td>
$id
</td>
<td>
$Name
</td>
<td>
$Severity
</td>
<td>
$Affects
</td>
<td>
$Parameter
</td>
<td>
$details
</td>
<td>
$Request
</td>
</tr>\r\n";
$i ++;
}
return $html_str;
}else{
return "";
}
}
function edit() {
global $db;
$hash = $_GET['p'];
if (!empty($hash)){
$sql = "SELECT * FROM scan_list where hash='{$hash}'";
$results = $db->fetch_assoc($sql);
return $results;
}
}
function point() {
global $db;
$action = $_GET['c'];
if ($action == 'new'){
//新添加
//print_r($_POST);
if(!empty($_POST['ip'])){
$in_arr['pointip'] = $_POST['ip'];
$in_arr['pointport'] = $_POST['port'];
$in_arr['status'] = $_POST['status'];
$in_arr['hash'] = md5($in_arr['pointip'].$in_arr['pointport']);
$insert = $db->insert_into("point_server",$in_arr);
}
}else if ($action == 'update'){
//更新
//print_r($_POST);
$key = $_GET['p'];
if(!empty($_POST['ip']) and !empty($key)){
$in_arr['pointip'] = $_POST['ip'];
$in_arr['pointport'] = $_POST['port'];
$in_arr['status'] = $_POST['status'];
$update = $db->update("point_server",$in_arr,"hash='{$key}'");
}
}
$sql = "SELECT * FROM point_server";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
$i = 1;
while ($fs = $db->fetch_array($results))
{
$id = $i;
$ip = $fs["pointip"];
$port = $fs["pointport"];
$level = $fs["level"];
$status = $fs["status"];
$hash = $fs["hash"];
if ($status == '1'){
$class = 'success';
$status = '启用';
}else{
$class = 'warning';
$status = '禁用';
}
$html_str .= "
<tr class=\"$class\">
<td>
$id
</td>
<td>
$ip
</td>
<td>
$port
</td>
<td>
$level
</td>
<td>
$status
</td>
<td>
<a id=\"modal-978241\" href=\"#$hash\" role=\"button\" class=\"btn\" data-toggle=\"modal\">修改</a>
</td>
</tr>\r\n";
$i ++;
}
return $html_str;
}else{
return "";
}
}
function set() {
global $db;
$action = $_GET['c'];
if ($action == 'new'){
//新添加
//print_r($_POST);
if(!empty($_POST['username']) and !empty($_POST['passwd'])){
$in_arr['username'] = $_POST['username'];
$in_arr['passwd'] = $_POST['passwd'];
$in_arr['phone'] = $_POST['phone'];
$in_arr['email'] = $_POST['mail'];
$in_arr['status'] = $_POST['status'];
$in_arr['ctime'] = time();
$insert = $db->insert_into("user",$in_arr);
}
}else if ($action == 'update'){
//更新
//print_r($_POST);
if(!empty($_POST['username'])){
$in_arr['username'] = $_POST['username'];
//$in_arr['passwd'] = $_POST['passwd'];
$in_arr['phone'] = $_POST['phone'];
$in_arr['email'] = $_POST['mail'];
$in_arr['status'] = $_POST['status'];
$update = $db->update("user",$in_arr,"username='{$in_arr['username']}'");
}
}
$sql = "SELECT * FROM user";
$results = $db->query($sql);
if (mysql_num_rows($results) > 0){
$i = 1;
while ($fs = $db->fetch_array($results))
{
$id = $i;
$username = $fs["username"];
$email = $fs["email"];
$phone = $fs["phone"];
$status = $fs["status"];
$hash = md5($username);
if ($status == '1'){
$class = 'success';
$status = '启用';
}else{
$class = 'warning';
$status = '禁用';
}
$html_str .= "
<tr class=\"$class\">
<td>
$id
</td>
<td>
$username
</td>
<td>
$email
</td>
<td>
$phone
</td>
<td>
$status
</td>
<td>
<a id=\"modal-978241\" href=\"#$hash\" role=\"button\" class=\"btn\" data-toggle=\"modal\">修改</a>
</td>
</tr>\r\n";
$i ++;
}
return $html_str;
}else{
return "";
}
}
function login() {
global $db;
$username = $_POST['username'];
$password = $_POST['password'];
//print_r($_POST);
if (!empty($username) and !empty($password)){
$sql = "SELECT * FROM `user` where username='{$username}' and passwd='{$password}'";
$results = $db->fetch_assoc($sql);
$rows = $db->db_num_rows($sql);
if ($rows > 0 and $results['status'] == 1){
$_SESSION['username'] = $results['username'];
$_SESSION['r_ip'] = $_SERVER['REMOTE_ADDR'];
$up_arr['lasttime'] = time();
$update = $db->update("user",$up_arr,"username='{$username}'");
Message(" $username 登录成功! 正在跳转... ","?m=index",0,3000);
}else if ($rows > 0 and $results['status'] == 0){
Message(" 账号被禁用,请联系管理员 ","?m=login",0,3000);
}
}
}
function logout() {
unset($_SESSION['username']);
header("Location: ?m=login");
}
?>

1
include/ip.conf Normal file
View File

@@ -0,0 +1 @@
|testphp.vulnweb.com

189
include/mysql.class.php Normal file
View File

@@ -0,0 +1,189 @@
<?php
class mysql{
private $db_host; //数据库主机
private $db_user; //数据库用户名
private $db_pass; //数据库密码
private $db_database; //数据库名字
private $db_charset; //数据库编码
private $conn; //数据库连接标识
private $result; //执行query命令的结果资源标识
private $db_pre; //表前缀
function __construct($db_host,$db_user,$db_pass,$db_databbse,$db_charset,$conn,$db_pre)
{
$this->db_host = $db_host;
$this->db_user = $db_user;
$this->db_pass = $db_pass;
$this->db_database = $db_databbse;
$this->conn = $conn;
$this->db_charset = $db_charset;
$this->connect();
$this->db_pre = $db_pre;
}
//数据库连接
private function connect()
{
$this->conn = mysql_connect($this->db_host,$this->db_user,$this->db_pass) or die("数据库连接错误");
MySQL_query("SET NAMES 'UTF8'");
mysql_select_db($this->db_database,$this->conn) or die("没有找到".$this->db_database."这个数据库");
}
//数据库执行语句可执行查询添加修改删除等任何SQL语句
function query($sql)
{
$sql = str_replace("##_",$this->db_pre,$sql);
$result = mysql_query($sql,$this->conn);
if (!$result) {
//调用中使用SQL语句出错时会自动打印出来
//echo "<font color=red>SQL语句错误$sql</font><br>";
$k=fopen(LDINC."/data/mysqllog.txt","a+");
fwrite($k,date("Y-m-d H:i:s")."执行{$sql}出错,来源于".$_SERVER['REQUEST_URI']."\r\n");
fclose($k);
// echo "<font color=red>SQL语句错误</font><br>";
}
return $result;
}
function fetch_array($result = null)
{
$result = $result == null ? $this->result : $result;
return mysql_fetch_array($result);
}
function fetch_row($result = null)
{
$result = $result == null ? $this->result : $result;
return mysql_fetch_row($result);//mysql_fetch_array($result);
}
/**
*根据select查询结果计算结果集条数
*/
function db_num_rows($sql)
{
$result=$this->query($sql);
if(empty($result)) $result=0;
return mysql_num_rows($result);
}
//查询一个表下所有的字段
function findall($table)
{
$result = $this->query("select * from $table");
return $result;
}
//添加数据到数据库
function insert_into($table,$array_value)
{
foreach ($array_value as $key=>$value)
{
$filed .= "`$key`,";
$val .= "'$value',";
}
$filed = substr($filed,0,(strlen($filed)-1)); //替换最后一个逗号
$val= substr($val,0,(strlen($val)-1)); //替换最后一个逗号
$sql="INSERT INTO ".$table." ($filed) VALUES ($val)";//拼成SQL语句
$this->query($sql);
return mysql_insert_id();
}
/**
*函数从结果集中取得一行作为关联数组。返回根据从结果集取得的行生成的关联数组,如果没有更多行,则返回 false。
*/
function fetch_assoc($sql)
{
$res = $this->query ( $sql );
if ($res !== false) {
return mysql_fetch_assoc ( $res );
} else {
return false;
}
}
function fetch_assoc1($sql)
{
$res = $this->query ( $sql );
if ($res !== false) {
return mysql_fetch_assoc ( $res );
} else {
return false;
}
}
/**
*更新数据库,$table代表着更新的表,$array_value更新的数组,$where条件
*/
function update($table,$array_value,$where)
{
foreach ($array_value as $key=>$value)
{
$upvalue .= "`$key`='$value',";
}
$upvalue = substr($upvalue,0,(strlen($upvalue)-1)); //替换最后一个逗号
$sql="update $table set $upvalue where $where"; //拼成SQL语句
return $this->query($sql);
}
//获得错误描述
function GetError()
{
$str = mysql_error();
return $str;
}
function free_result($query) {
return @mysql_free_result($query);
}
function escape_string($str){
return mysql_escape_string($str);
}
//获取字段数
function num_fields($query) {
return mysql_num_fields($query);
}
//获取数据库版本
function version() {
return mysql_get_server_info($this->conn);
}
//删除数据库
function delete($where)
{
$sql = "DELETE from $where";
return $this->query($sql);
}
//判断此条数据库语句是否存在记录
function checknumsql($sql)
{
if($this->db_num_rows($sql) > 0)
return true;
else
return false;
}
//查询一个表返回的值
function listtablezd($table,$zd)
{
//echo "select $zd from $table <br />";
$arr = $this->fetch_array($this->query("select $zd from $table"));
$str = $arr[$zd];
return $str;
}
//获取受影响的行数
function Getaffected($sql)
{
$this->query($sql);
$rc = mysql_affected_rows();
return $rc;
}
/**
* 获取设置表某个字段
*/
function GetConfig($field)
{
return $this->listtablezd("##_config where id=1",$field);
}
}
?>

37
include/sqlsafe.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
class sqlsafe {
private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
/**
* 构造函数
*/
public function __construct() {
//echo "hi";
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
/**
* 参数检查并写日志
*/
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
echo('您提交的参数非法,系统已记录您的本次操作!');
exit();
}
}
/**
* SQL注入日志
*/
public function writeslog($log){
$log_path = dirname(__FILE__).'\data\sqlinject_log.txt';
//echo $log_path;
$ts = fopen($log_path,"a+");
fputs($ts,$log."\r\n");
fclose($ts);
}
}
?>

17
include/vhost-demo.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
listen 8000;
server_name #host#;
location / {
root html;
index index.html index.htm;
proxy_pass #url#;
proxy_redirect off;
proxy_set_header Host #host#;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie "#cookie#";
}
}

82
include/xml.action.php Normal file
View File

@@ -0,0 +1,82 @@
<?php
function get_xml($url) {
global $db;
$xml_str = file_get_contents($url);
if (strlen($xml_str) > 300){
$xml = xml2array($xml_str);
$tmp_arr = explode("=",$url);
$hash = $tmp_arr[1];
$site = $xml['ScanGroup']['Scan']['StartURL'];
$FinishTime = $xml['ScanGroup']['Scan']['FinishTime'];
$ScanTime = $xml['ScanGroup']['Scan']['ScanTime'];
$Banner = $xml['ScanGroup']['Scan']['Banner'];
$Responsive = $xml['ScanGroup']['Scan']['Responsive']; //Trueɨ<65><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><CDA8>Falseɨ<65><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB>Ӧerror
$Os = $xml['ScanGroup']['Scan']['Os'];
$Technologies = $xml['ScanGroup']['Scan']['Technologies'];
$in_target_info_arr['url'] = $site;
$in_target_info_arr['FinishTime'] = $FinishTime;
$in_target_info_arr['ScanTime'] = $ScanTime;
$in_target_info_arr['Banner'] = $Banner;
$in_target_info_arr['Responsive'] = $Responsive;
$in_target_info_arr['Os'] = $Os;
$in_target_info_arr['Technologies'] = $Technologies;
$in_target_info_arr['hash'] = $hash;
$insert = $db->insert_into("target_info",$in_target_info_arr);
$ReportItems = $xml['ScanGroup']['Scan']['ReportItems']['ReportItem'];
for ($i = 1; $i <= count($ReportItems); $i++) {
######## ©<><C2A9><EFBFBD><EFBFBD><EFBFBD><EFBFBD> #########
$ld_Name = $ReportItems[$i]['Name'];
if ( !empty($ld_Name) ){
$ld_ModuleName = $ReportItems[$i]['ModuleName'];
$ld_Details = $ReportItems[$i]['Details'];
//$ld_Details = "";
$ld_Affects = $ReportItems[$i]['Affects'];
$ld_Parameter = $ReportItems[$i]['Parameter'];
$ld_Severity = $ReportItems[$i]['Severity'];
$ld_Request = str_replace("\n","<br>",$ReportItems[$i]['TechnicalDetails']['Request']);
$ld_Response = str_replace("\n","<br>",$ReportItems[$i]['TechnicalDetails']['Response']);
###########################
$in_target_vul_arr['Name'] = $ld_Name;
$in_target_vul_arr['ModuleName'] = $ld_ModuleName;
$in_target_vul_arr['Details'] = $ld_Details;
$in_target_vul_arr['Affects'] = $ld_Affects;
$in_target_vul_arr['Parameter'] = $ld_Parameter;
$in_target_vul_arr['Severity'] = $ld_Severity;
$in_target_vul_arr['Request'] = $ReportItems[$i]['TechnicalDetails']['Request'];
$in_target_vul_arr['Response'] = $ReportItems[$i]['TechnicalDetails']['Response'];
$in_target_vul_arr['hash'] = $hash;
$in_target_vul_arr['unique'] = MD5($in_target_vul_arr['Request'].$hash);
if ($ld_Severity != 'info'){
//$info = "$site <br> $FinishTime <br> $ScanTime <br> $Responsive <br> $Banner <br> $Os <br> $Technologies <br> $ld_Name <br> $ld_ModuleName <br> $ld_Details <br> $ld_Affects <br> $ld_Parameter <br> $ld_Severity <p> $ld_Request <p> $ld_Response";
//echo $info;
$insert = $db->insert_into("target_vul",$in_target_vul_arr);
}
}
}
$up_arr['status'] = 'ok';
$update = $db->update('scan_list',$up_arr,"status='ing' and hash='{$hash}'");
$sql = "SELECT point_server.hash,point_server.level FROM `scan_list` LEFT JOIN `point_server` ON scan_list.pointserver = point_server.pointip where scan_list.hash='{$hash}'";
$results = $db->fetch_assoc($sql);
$iphash = $results['hash'];
$up_arr1['level'] = $results['level'] - 1;
if ( $up_arr1['level'] > 0 ){
$update = $db->update("point_server",$up_arr1,"hash='{$iphash}'");
}
}
}
?>

126
include/xml.class.php Normal file
View File

@@ -0,0 +1,126 @@
<?php
function xml2array($contents, $get_attributes=1, $priority = 'tag')
{
if(!$contents) return array();
if(!function_exists('xml_parser_create')) {
//print "'xml_parser_create()' function not found!";
return array();
}
//Get the XML parser of PHP - PHP must have this module for the parser to work
$parser = xml_parser_create('');
xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, "UTF-8"); # http://minutillo.com/steve/weblog/2004/6/17/php-xml-and-character-encodings-a-tale-of-sadness-rage-and-data-loss
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, trim($contents), $xml_values);
xml_parser_free($parser);
if(!$xml_values) return;//Hmm...
//Initializations
$xml_array = array();
$parents = array();
$opened_tags = array();
$arr = array();
$current = &$xml_array; //Refference
//Go through the tags.
$repeated_tag_index = array();//Multiple tags with same name will be turned into an array
foreach($xml_values as $data) {
unset($attributes,$value);//Remove existing values, or there will be trouble
//This command will extract these variables into the foreach scope
// tag(string), type(string), level(int), attributes(array).
extract($data);//We could use the array by itself, but this cooler.
$result = array();
$attributes_data = array();
if(isset($value)) {
if($priority == 'tag') $result = $value;
else $result['value'] = $value; //Put the value in a assoc array if we are in the 'Attribute' mode
}
//Set the attributes too.
if(isset($attributes) and $get_attributes) {
foreach($attributes as $attr => $val) {
if($priority == 'tag') $attributes_data[$attr] = $val;
else $result['attr'][$attr] = $val; //Set all the attributes in a array called 'attr'
}
}
//See tag status and do the needed.
if($type == "open") {//The starting of the tag '<tag>'
$parent[$level-1] = &$current;
if(!is_array($current) or (!in_array($tag, array_keys($current)))) { //Insert New tag
$current[$tag] = $result;
if($attributes_data) $current[$tag. '_attr'] = $attributes_data;
$repeated_tag_index[$tag.'_'.$level] = 1;
$current = &$current[$tag];
} else { //There was another element with the same tag name
if(isset($current[$tag][0])) {//If there is a 0th element it is already an array
$current[$tag][$repeated_tag_index[$tag.'_'.$level]] = $result;
$repeated_tag_index[$tag.'_'.$level]++;
} else {//This section will make the value an array if multiple tags with the same name appear together
$current[$tag] = array($current[$tag],$result);//This will combine the existing item and the new item together to make an array
$repeated_tag_index[$tag.'_'.$level] = 2;
if(isset($current[$tag.'_attr'])) { //The attribute of the last(0th) tag must be moved as well
$current[$tag]['0_attr'] = $current[$tag.'_attr'];
unset($current[$tag.'_attr']);
}
}
$last_item_index = $repeated_tag_index[$tag.'_'.$level]-1;
$current = &$current[$tag][$last_item_index];
}
} elseif($type == "complete") { //Tags that ends in 1 line '<tag />'
//See if the key is already taken.
if(!isset($current[$tag])) { //New Key
$current[$tag] = $result;
$repeated_tag_index[$tag.'_'.$level] = 1;
if($priority == 'tag' and $attributes_data) $current[$tag. '_attr'] = $attributes_data;
} else { //If taken, put all things inside a list(array)
if(isset($current[$tag][0]) and is_array($current[$tag])) {//If it is already an array...
// ...push the new element into that array.
$current[$tag][$repeated_tag_index[$tag.'_'.$level]] = $result;
if($priority == 'tag' and $get_attributes and $attributes_data) {
$current[$tag][$repeated_tag_index[$tag.'_'.$level] . '_attr'] = $attributes_data;
}
$repeated_tag_index[$tag.'_'.$level]++;
} else { //If it is not an array...
$current[$tag] = array($current[$tag],$result); //...Make it an array using using the existing value and the new value
$repeated_tag_index[$tag.'_'.$level] = 1;
if($priority == 'tag' and $get_attributes) {
if(isset($current[$tag.'_attr'])) { //The attribute of the last(0th) tag must be moved as well
$current[$tag]['0_attr'] = $current[$tag.'_attr'];
unset($current[$tag.'_attr']);
}
if($attributes_data) {
$current[$tag][$repeated_tag_index[$tag.'_'.$level] . '_attr'] = $attributes_data;
}
}
$repeated_tag_index[$tag.'_'.$level]++; //0 and 1 index is already taken
}
}
} elseif($type == 'close') { //End of tag '</tag>'
$current = &$parent[$level-1];
}
}
return($xml_array);
}
?>

18
index.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
require(dirname(__FILE__).'/include/config.inc.php');
$m_arr = array('index','scan','login','point','set','info','edit','logout');
$mode = $_GET['m'];
Checklogin($mode);
if(in_array($mode,$m_arr)){
$html_str = call_user_func($mode);
include("html/$mode.html");
}else{
$html_str = index();
include('html/index.html');
}
?>

31
js/action.js Normal file
View File

@@ -0,0 +1,31 @@
function cpasswd(){
if ( $('#newpasswd').val() == $('#repasswd').val() ) {
//alert( $('#newpasswd').val() + $('#oldpasswd').val());
$.ajax({
type: "POST",
url: "ajax.php?m=cpasswd",
data: { oldpasswd: $('#oldpasswd').val() , newpasswd: $('#newpasswd').val() },
success: function(data) { alert(data); }
});
}
}
function del(p){
//alert( p );
$.ajax({
type: "POST",
url: "ajax.php?m=del",
data: { hash : p },
success: function(data) {
alert(data);
window.location.reload();
}
});
}
function exportexcel(p){
window.location.href = 'ajax.php?m=export&hash=' + p;
}

7
js/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

8
js/html5shiv.js vendored Normal file
View File

@@ -0,0 +1,8 @@
/*
HTML5 Shiv v3.6.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed
*/
(function(l,f){function m(){var a=e.elements;return"string"==typeof a?a.split(" "):a}function i(a){var b=n[a[o]];b||(b={},h++,a[o]=h,n[h]=b);return b}function p(a,b,c){b||(b=f);if(g)return b.createElement(a);c||(c=i(b));b=c.cache[a]?c.cache[a].cloneNode():r.test(a)?(c.cache[a]=c.createElem(a)).cloneNode():c.createElem(a);return b.canHaveChildren&&!s.test(a)?c.frag.appendChild(b):b}function t(a,b){if(!b.cache)b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag();
a.createElement=function(c){return!e.shivMethods?b.createElem(c):p(c,a,b)};a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+m().join().replace(/\w+/g,function(a){b.createElem(a);b.frag.createElement(a);return'c("'+a+'")'})+");return n}")(e,b.frag)}function q(a){a||(a=f);var b=i(a);if(e.shivCSS&&!j&&!b.hasCSS){var c,d=a;c=d.createElement("p");d=d.getElementsByTagName("head")[0]||d.documentElement;c.innerHTML="x<style>article,aside,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}mark{background:#FF0;color:#000}</style>";
c=d.insertBefore(c.lastChild,d.firstChild);b.hasCSS=!!c}g||t(a,b);return a}var k=l.html5||{},s=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,r=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,j,o="_html5shiv",h=0,n={},g;(function(){try{var a=f.createElement("a");a.innerHTML="<xyz></xyz>";j="hidden"in a;var b;if(!(b=1==a.childNodes.length)){f.createElement("a");var c=f.createDocumentFragment();b="undefined"==typeof c.cloneNode||
"undefined"==typeof c.createDocumentFragment||"undefined"==typeof c.createElement}g=b}catch(d){g=j=!0}})();var e={elements:k.elements||"abbr article aside audio bdi canvas data datalist details figcaption figure footer header hgroup main mark meter nav output progress section summary time video",version:"3.6.2",shivCSS:!1!==k.shivCSS,supportsUnknownElements:g,shivMethods:!1!==k.shivMethods,type:"default",shivDocument:q,createElement:p,createDocumentFragment:function(a,b){a||(a=f);if(g)return a.createDocumentFragment();
for(var b=b||i(a),c=b.frag.cloneNode(),d=0,e=m(),h=e.length;d<h;d++)c.createElement(e[d]);return c}};l.html5=e;q(f)})(this,document);

6
js/jquery-2.0.0.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

12
js/jquery-ui.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

576
js/jquery.htmlClean.js Normal file
View File

@@ -0,0 +1,576 @@
/*
HTML Clean for jQuery
Anthony Johnston
http://www.antix.co.uk
version 1.3.1
$Revision$
requires jQuery http://jquery.com
Use and distibution http://www.opensource.org/licenses/bsd-license.php
2010-04-02 allowedTags/removeTags added (white/black list) thanks to David Wartian (Dwartian)
2010-06-30 replaceStyles added for replacement of bold, italic, super and sub styles on a tag
2012-04-30 allowedAttributes added, an array of attributed allowed on the elements
2013-02-25 now will push non-inline elements up the stack if nested in an inline element
2013-02-25 comment element support added, removed by default, see AllowComments in options
*/
(function ($) {
$.fn.htmlClean = function (options) {
// iterate and html clean each matched element
return this.each(function () {
var $this = $(this);
if (this.value) {
this.value = $.htmlClean(this.value, options);
} else {
this.innerHTML = $.htmlClean(this.innerHTML, options);
}
});
};
// clean the passed html
$.htmlClean = function (html, options) {
options = $.extend({}, $.htmlClean.defaults, options);
var tagsRE = /(<(\/)?(\w+:)?([\w]+)([^>]*)>)|<!--(.*?--)>/gi;
var attrsRE = /([\w\-]+)=(".*?"|'.*?'|[^\s>]*)/gi;
var tagMatch;
var root = new Element();
var stack = [root];
var container = root;
var protect = false;
if (options.bodyOnly) {
// check for body tag
if (tagMatch = /<body[^>]*>((\n|.)*)<\/body>/i.exec(html)) {
html = tagMatch[1];
}
}
html = html.concat("<xxx>"); // ensure last element/text is found
var lastIndex;
while (tagMatch = tagsRE.exec(html)) {
var tag = tagMatch[6]
? new Tag("--", null, tagMatch[6], options)
: new Tag(tagMatch[4], tagMatch[2], tagMatch[5], options);
// add the text
var text = html.substring(lastIndex, tagMatch.index);
if (text.length > 0) {
var child = container.children[container.children.length - 1];
if (container.children.length > 0
&& isText(child = container.children[container.children.length - 1])) {
// merge text
container.children[container.children.length - 1] = child.concat(text);
} else {
container.children.push(text);
}
}
lastIndex = tagsRE.lastIndex;
if (tag.isClosing) {
// find matching container
if (popToTagName(stack, [tag.name])) {
stack.pop();
container = stack[stack.length - 1];
}
} else {
// create a new element
var element = new Element(tag);
// add attributes
var attrMatch;
while (attrMatch = attrsRE.exec(tag.rawAttributes)) {
// check style attribute and do replacements
if (attrMatch[1].toLowerCase() == "style"
&& options.replaceStyles) {
var renderParent = !tag.isInline;
for (var i = 0; i < options.replaceStyles.length; i++) {
if (options.replaceStyles[i][0].test(attrMatch[2])) {
if (!renderParent) {
tag.render = false;
renderParent = true;
}
container.children.push(element); // assumes not replaced
stack.push(element);
container = element; // assumes replacement is a container
// create new tag and element
tag = new Tag(options.replaceStyles[i][1], "", "", options);
element = new Element(tag);
}
}
}
if (tag.allowedAttributes != null
&& (tag.allowedAttributes.length == 0
|| $.inArray(attrMatch[1], tag.allowedAttributes) > -1)) {
element.attributes.push(new Attribute(attrMatch[1], attrMatch[2]));
}
}
// add required empty ones
$.each(tag.requiredAttributes, function () {
var name = this.toString();
if (!element.hasAttribute(name)) element.attributes.push(new Attribute(name, ""));
});
// check for replacements
for (var repIndex = 0; repIndex < options.replace.length; repIndex++) {
for (var tagIndex = 0; tagIndex < options.replace[repIndex][0].length; tagIndex++) {
var byName = typeof (options.replace[repIndex][0][tagIndex]) == "string";
if ((byName && options.replace[repIndex][0][tagIndex] == tag.name)
|| (!byName && options.replace[repIndex][0][tagIndex].test(tagMatch))) {
// set the name to the replacement
tag.rename(options.replace[repIndex][1]);
repIndex = options.replace.length; // break out of both loops
break;
}
}
}
// check container rules
var add = true;
if (!container.isRoot) {
if (container.tag.isInline && !tag.isInline) {
if (add = popToContainer(stack)) {
container = stack[stack.length - 1];
}
} else if (container.tag.disallowNest && tag.disallowNest
&& !tag.requiredParent) {
add = false;
} else if (tag.requiredParent) {
if (add = popToTagName(stack, tag.requiredParent)) {
container = stack[stack.length - 1];
}
}
}
if (add) {
container.children.push(element);
if (tag.toProtect) {
// skip to closing tag
while (tagMatch2 = tagsRE.exec(html)) {
var tag2 = new Tag(tagMatch2[3], tagMatch2[1], tagMatch2[4], options);
if (tag2.isClosing && tag2.name == tag.name) {
element.children.push(RegExp.leftContext.substring(lastIndex));
lastIndex = tagsRE.lastIndex;
break;
}
}
} else {
// set as current container element
if (!tag.isSelfClosing && !tag.isNonClosing) {
stack.push(element);
container = element;
}
}
}
}
}
// render doc
return $.htmlClean.trim(render(root, options).join(""));
};
// defaults
$.htmlClean.defaults = {
// only clean the body tagbody
bodyOnly: true,
// only allow tags in this array, (white list), contents still rendered
allowedTags: [],
// remove tags in this array, (black list), contents still rendered
removeTags: ["basefont", "center", "dir", "font", "frame", "frameset", "iframe", "isindex", "menu", "noframes", "s", "strike", "u"],
// array of [attributeName], [optional array of allowed on elements] e.g. [["id"], ["style", ["p", "dl"]]] // allow all elements to have id and allow style on 'p' and 'dl'
allowedAttributes: [],
// array of attribute names to remove on all elements in addition to those not in tagAttributes e.g ["width", "height"]
removeAttrs: [],
// array of [className], [optional array of allowed on elements] e.g. [["aClass"], ["anotherClass", ["p", "dl"]]]
allowedClasses: [],
// format the result
format: false,
// format indent to start on
formatIndent: 0,
// tags to replace, and what to replace with, tag name or regex to match the tag and attributes
replace: [
[["b", "big"], "strong"],
[["i"], "em"]
],
// styles to replace with tags, multiple style matches supported, inline tags are replaced by the first match blocks are retained
replaceStyles: [
[/font-weight:\s*bold/i, "strong"],
[/font-style:\s*italic/i, "em"],
[/vertical-align:\s*super/i, "sup"],
[/vertical-align:\s*sub/i, "sub"]
],
allowComments: false
};
function applyFormat(element, options, output, indent) {
if (!element.tag.isInline && output.length > 0) {
output.push("\n");
for (i = 0; i < indent; i++) output.push("\t");
}
}
function render(element, options) {
var output = [], empty = element.attributes.length == 0, indent;
if (element.tag.isComment) {
if (options.allowComments) {
output.push("<!--");
output.push(element.tag.rawAttributes);
output.push(">");
if (options.format) applyFormat(element, options, output, indent - 1);
}
} else {
var openingTag = this.name.concat(element.tag.rawAttributes == undefined ? "" : element.tag.rawAttributes);
// don't render if not in allowedTags or in removeTags
var renderTag
= element.tag.render
&& (options.allowedTags.length == 0 || $.inArray(element.tag.name, options.allowedTags) > -1)
&& (options.removeTags.length == 0 || $.inArray(element.tag.name, options.removeTags) == -1);
if (!element.isRoot && renderTag) {
// render opening tag
output.push("<");
output.push(element.tag.name);
$.each(element.attributes, function () {
if ($.inArray(this.name, options.removeAttrs) == -1) {
var m = RegExp(/^(['"]?)(.*?)['"]?$/).exec(this.value);
var value = m[2];
var valueQuote = m[1] || "'";
// check for classes allowed
if (this.name == "class" && options.allowedClasses.length > 0) {
value =
$.grep(value.split(" "), function (c) {
return $.grep(options.allowedClasses, function (a) {
return a == c
|| (a[0] == c && (a.length == 1 || $.inArray(element.tag.name, a[1]) > -1));
}).length > 0;
})
.join(" ");
}
if (value != null && (value.length > 0 || $.inArray(this.name, element.tag.requiredAttributes) > -1)) {
output.push(" ");
output.push(this.name);
output.push("=");
output.push(valueQuote);
output.push(value);
output.push(valueQuote);
}
}
});
}
if (element.tag.isSelfClosing) {
// self closing
if (renderTag) output.push(" />");
empty = false;
} else if (element.tag.isNonClosing) {
empty = false;
} else {
if (!element.isRoot && renderTag) {
// close
output.push(">");
}
var indent = options.formatIndent++;
// render children
if (element.tag.toProtect) {
var outputChildren = $.htmlClean.trim(element.children.join("")).replace(/<br>/ig, "\n");
output.push(outputChildren);
empty = outputChildren.length == 0;
} else {
var outputChildren = [];
for (var i = 0; i < element.children.length; i++) {
var child = element.children[i];
var text = $.htmlClean.trim(textClean(isText(child) ? child : child.childrenToString()));
if (isInline(child)) {
if (i > 0 && text.length > 0
&& (startsWithWhitespace(child) || endsWithWhitespace(element.children[i - 1]))) {
outputChildren.push(" ");
}
}
if (isText(child)) {
if (text.length > 0) {
outputChildren.push(text);
}
} else {
// don't allow a break to be the last child
if (i != element.children.length - 1 || child.tag.name != "br") {
if (options.format) applyFormat(child, options, outputChildren, indent);
outputChildren = outputChildren.concat(render(child, options));
}
}
}
options.formatIndent--;
if (outputChildren.length > 0) {
if (options.format && outputChildren[0] != "\n") applyFormat(element, options, output, indent);
output = output.concat(outputChildren);
empty = false;
}
}
if (!element.isRoot && renderTag) {
// render the closing tag
if (options.format) applyFormat(element, options, output, indent - 1);
output.push("</");
output.push(element.tag.name);
output.push(">");
}
}
// check for empty tags
if (!element.tag.allowEmpty && empty) { return []; }
}
return output;
}
// find a matching tag, and pop to it, if not do nothing
function popToTagName(stack, tagNameArray) {
return pop(
stack,
function (element) {
return $.inArray(element.tag.nameOriginal, tagNameArray) > -1
});
}
function popToContainer(stack) {
return pop(
stack,
function (element) {
return element.isRoot || !element.tag.isInline;
});
}
function pop(stack, test, index) {
index = index || 1;
var element = stack[stack.length - index];
if (test(element)) {
return true;
} else if (stack.length - index > 0
&& pop(stack, test, index + 1)) {
stack.pop();
return true;
}
return false;
}
// Element Object
function Element(tag) {
if (tag) {
this.tag = tag;
this.isRoot = false;
} else {
this.tag = new Tag("root");
this.isRoot = true;
}
this.attributes = [];
this.children = [];
this.hasAttribute = function (name) {
for (var i = 0; i < this.attributes.length; i++) {
if (this.attributes[i].name == name) return true;
}
return false;
};
this.childrenToString = function () {
return this.children.join("");
};
return this;
}
// Attribute Object
function Attribute(name, value) {
this.name = name;
this.value = value;
return this;
}
// Tag object
function Tag(name, close, rawAttributes, options) {
this.name = name.toLowerCase();
this.nameOriginal = this.name;
this.render = true;
this.init = function () {
if (this.name == "--") {
this.isComment = true;
this.isSelfClosing = true;
} else {
this.isComment = false;
this.isSelfClosing = $.inArray(this.name, tagSelfClosing) > -1;
this.isNonClosing = $.inArray(this.name, tagNonClosing) > -1;
this.isClosing = (close != undefined && close.length > 0);
this.isInline = $.inArray(this.name, tagInline) > -1;
this.disallowNest = $.inArray(this.name, tagDisallowNest) > -1;
this.requiredParent = tagRequiredParent[$.inArray(this.name, tagRequiredParent) + 1];
this.allowEmpty = $.inArray(this.name, tagAllowEmpty) > -1;
this.toProtect = $.inArray(this.name, tagProtect) > -1;
}
this.rawAttributes = rawAttributes;
this.requiredAttributes = tagAttributesRequired[$.inArray(this.name, tagAttributesRequired) + 1];
if (options) {
if (!options.tagAttributesCache) options.tagAttributesCache = [];
if ($.inArray(this.name, options.tagAttributesCache) == -1) {
var cacheItem = tagAttributes[$.inArray(this.name, tagAttributes) + 1].slice(0);
// add extra ones from options
for (var i = 0; i < options.allowedAttributes.length; i++) {
var attrName = options.allowedAttributes[i][0];
if ((
options.allowedAttributes[i].length == 1
|| $.inArray(this.name, options.allowedAttributes[i][1]) > -1
) && $.inArray(attrName, cacheItem) == -1) {
cacheItem.push(attrName);
}
}
options.tagAttributesCache.push(this.name);
options.tagAttributesCache.push(cacheItem);
}
this.allowedAttributes = options.tagAttributesCache[$.inArray(this.name, options.tagAttributesCache) + 1];
}
}
this.init();
this.rename = function (newName) {
this.name = newName;
this.init();
};
return this;
}
function startsWithWhitespace(item) {
while (isElement(item) && item.children.length > 0) { item = item.children[0] }
if (!isText(item)) return false;
var text = textClean(item);
return text.length > 0 && $.htmlClean.isWhitespace(text.charAt(0));
}
function endsWithWhitespace(item) {
while (isElement(item) && item.children.length > 0) { item = item.children[item.children.length - 1] }
if (!isText(item)) return false;
var text = textClean(item);
return text.length > 0 && $.htmlClean.isWhitespace(text.charAt(text.length - 1));
}
function isText(item) { return item.constructor == String; }
function isInline(item) { return isText(item) || item.tag.isInline; }
function isElement(item) { return item.constructor == Element; }
function textClean(text) {
return text
.replace(/&nbsp;|\n/g, " ")
.replace(/\s\s+/g, " ");
}
// trim off white space, doesn't use regex
$.htmlClean.trim = function (text) {
return $.htmlClean.trimStart($.htmlClean.trimEnd(text));
};
$.htmlClean.trimStart = function (text) {
return text.substring($.htmlClean.trimStartIndex(text));
};
$.htmlClean.trimStartIndex = function (text) {
for (var start = 0; start < text.length - 1 && $.htmlClean.isWhitespace(text.charAt(start)); start++);
return start;
};
$.htmlClean.trimEnd = function (text) {
return text.substring(0, $.htmlClean.trimEndIndex(text));
};
$.htmlClean.trimEndIndex = function (text) {
for (var end = text.length - 1; end >= 0 && $.htmlClean.isWhitespace(text.charAt(end)); end--);
return end + 1;
};
// checks a char is white space or not
$.htmlClean.isWhitespace = function (c) { return $.inArray(c, whitespace) != -1; };
// tags which are inline
var tagInline = [
"a", "abbr", "acronym", "address", "b", "big", "br", "button",
"caption", "cite", "code", "del", "em", "font",
"hr", "i", "input", "img", "ins", "label", "legend", "map", "q",
"s", "samp", "select", "option", "param", "small", "span", "strike", "strong", "sub", "sup",
"tt", "u", "var"];
var tagDisallowNest = ["h1", "h2", "h3", "h4", "h5", "h6", "p", "th", "td", "object"];
var tagAllowEmpty = ["th", "td"];
var tagRequiredParent = [
null,
"li", ["ul", "ol"],
"dt", ["dl"],
"dd", ["dl"],
"td", ["tr"],
"th", ["tr"],
"tr", ["table", "thead", "tbody", "tfoot"],
"thead", ["table"],
"tbody", ["table"],
"tfoot", ["table"],
"param", ["object"]
];
var tagProtect = ["script", "style", "pre", "code"];
// tags which self close e.g. <br />
var tagSelfClosing = ["area", "base", "br", "col", "command", "embed", "hr", "img", "input", "keygen", "link", "meta", "param", "source", "track", "wbr"];
// tags which do not close
var tagNonClosing = ["!doctype", "?xml"];
// attributes allowed on tags
var tagAttributes = [
["class"], // default, for all tags not mentioned
"?xml", [],
"!doctype", [],
"a", ["accesskey", "class", "href", "name", "title", "rel", "rev", "type", "tabindex"],
"abbr", ["class", "title"],
"acronym", ["class", "title"],
"blockquote", ["cite", "class"],
"button", ["class", "disabled", "name", "type", "value"],
"del", ["cite", "class", "datetime"],
"form", ["accept", "action", "class", "enctype", "method", "name"],
"input", ["accept", "accesskey", "alt", "checked", "class", "disabled", "ismap", "maxlength", "name", "size", "readonly", "src", "tabindex", "type", "usemap", "value"],
"img", ["alt", "class", "height", "src", "width"],
"ins", ["cite", "class", "datetime"],
"label", ["accesskey", "class", "for"],
"legend", ["accesskey", "class"],
"link", ["href", "rel", "type"],
"meta", ["content", "http-equiv", "name", "scheme", "charset"],
"map", ["name"],
"optgroup", ["class", "disabled", "label"],
"option", ["class", "disabled", "label", "selected", "value"],
"q", ["class", "cite"],
"script", ["src", "type"],
"select", ["class", "disabled", "multiple", "name", "size", "tabindex"],
"style", ["type"],
"table", ["class", "summary"],
"th", ["class", "colspan", "rowspan"],
"td", ["class", "colspan", "rowspan"],
"textarea", ["accesskey", "class", "cols", "disabled", "name", "readonly", "rows", "tabindex"],
"param", ["name", "value"],
"embed", ["height", "src", "type", "width"]
];
var tagAttributesRequired = [[], "img", ["alt"]];
// white space chars
var whitespace = [" ", " ", "\t", "\n", "\r", "\f"];
})(jQuery);

11
js/jquery.ui.touch-punch.min.js vendored Normal file
View File

@@ -0,0 +1,11 @@
/*
* jQuery UI Touch Punch 0.2.2
*
* Copyright 2011, Dave Furfero
* Dual licensed under the MIT or GPL Version 2 licenses.
*
* Depends:
* jquery.ui.widget.js
* jquery.ui.mouse.js
*/
(function(b){b.support.touch="ontouchend" in document;if(!b.support.touch){return;}var c=b.ui.mouse.prototype,e=c._mouseInit,a;function d(g,h){if(g.originalEvent.touches.length>1){return;}g.preventDefault();var i=g.originalEvent.changedTouches[0],f=document.createEvent("MouseEvents");f.initMouseEvent(h,true,true,window,1,i.screenX,i.screenY,i.clientX,i.clientY,false,false,false,false,0,null);g.target.dispatchEvent(f);}c._touchStart=function(g){var f=this;if(a||!f._mouseCapture(g.originalEvent.changedTouches[0])){return;}a=true;f._touchMoved=false;d(g,"mouseover");d(g,"mousemove");d(g,"mousedown");};c._touchMove=function(f){if(!a){return;}this._touchMoved=true;d(f,"mousemove");};c._touchEnd=function(f){if(!a){return;}d(f,"mouseup");d(f,"mouseout");if(!this._touchMoved){d(f,"click");}a=false;};c._mouseInit=function(){var f=this;f.element.bind("touchstart",b.proxy(f,"_touchStart")).bind("touchmove",b.proxy(f,"_touchMove")).bind("touchend",b.proxy(f,"_touchEnd"));e.call(f);};})(jQuery);

467
js/scripts.js Normal file
View File

@@ -0,0 +1,467 @@
function supportstorage() {
if (typeof window.localStorage=='object')
return true;
else
return false;
}
function handleSaveLayout() {
var e = $(".demo").html();
if (!stopsave && e != window.demoHtml) {
stopsave++;
window.demoHtml = e;
saveLayout();
stopsave--;
}
}
var layouthistory;
function saveLayout(){
var data = layouthistory;
if (!data) {
data={};
data.count = 0;
data.list = [];
}
if (data.list.length>data.count) {
for (i=data.count;i<data.list.length;i++)
data.list[i]=null;
}
data.list[data.count] = window.demoHtml;
data.count++;
if (supportstorage()) {
localStorage.setItem("layoutdata",JSON.stringify(data));
}
layouthistory = data;
//console.log(data);
/*$.ajax({
type: "POST",
url: "/build/saveLayout",
data: { layout: $('.demo').html() },
success: function(data) {
//updateButtonsVisibility();
}
});*/
}
function downloadLayout(){
$.ajax({
type: "POST",
url: "/build/downloadLayout",
data: { layout: $('#download-layout').html() },
success: function(data) { window.location.href = '/build/download'; }
});
}
function downloadHtmlLayout(){
$.ajax({
type: "POST",
url: "/build/downloadLayout",
data: { layout: $('#download-layout').html() },
success: function(data) { window.location.href = '/build/downloadHtml'; }
});
}
function undoLayout() {
var data = layouthistory;
//console.log(data);
if (data) {
if (data.count<2) return false;
window.demoHtml = data.list[data.count-2];
data.count--;
$('.demo').html(window.demoHtml);
if (supportstorage()) {
localStorage.setItem("layoutdata",JSON.stringify(data));
}
return true;
}
return false;
/*$.ajax({
type: "POST",
url: "/build/getPreviousLayout",
data: { },
success: function(data) {
undoOperation(data);
}
});*/
}
function redoLayout() {
var data = layouthistory;
if (data) {
if (data.list[data.count]) {
window.demoHtml = data.list[data.count];
data.count++;
$('.demo').html(window.demoHtml);
if (supportstorage()) {
localStorage.setItem("layoutdata",JSON.stringify(data));
}
return true;
}
}
return false;
/*
$.ajax({
type: "POST",
url: "/build/getPreviousLayout",
data: { },
success: function(data) {
redoOperation(data);
}
});*/
}
function handleJsIds() {
handleModalIds();
handleAccordionIds();
handleCarouselIds();
handleTabsIds()
}
function handleAccordionIds() {
var e = $(".demo #myAccordion");
var t = randomNumber();
var n = "accordion-" + t;
var r;
e.attr("id", n);
e.find(".accordion-group").each(function(e, t) {
r = "accordion-element-" + randomNumber();
$(t).find(".accordion-toggle").each(function(e, t) {
$(t).attr("data-parent", "#" + n);
$(t).attr("href", "#" + r)
});
$(t).find(".accordion-body").each(function(e, t) {
$(t).attr("id", r)
})
})
}
function handleCarouselIds() {
var e = $(".demo #myCarousel");
var t = randomNumber();
var n = "carousel-" + t;
e.attr("id", n);
e.find(".carousel-indicators li").each(function(e, t) {
$(t).attr("data-target", "#" + n)
});
e.find(".left").attr("href", "#" + n);
e.find(".right").attr("href", "#" + n)
}
function handleModalIds() {
var e = $(".demo #myModalLink");
var t = randomNumber();
var n = "modal-container-" + t;
var r = "modal-" + t;
e.attr("id", r);
e.attr("href", "#" + n);
e.next().attr("id", n)
}
function handleTabsIds() {
var e = $(".demo #myTabs");
var t = randomNumber();
var n = "tabs-" + t;
e.attr("id", n);
e.find(".tab-pane").each(function(e, t) {
var n = $(t).attr("id");
var r = "panel-" + randomNumber();
$(t).attr("id", r);
$(t).parent().parent().find("a[href=#" + n + "]").attr("href", "#" + r)
})
}
function randomNumber() {
return randomFromInterval(1, 1e6)
}
function randomFromInterval(e, t) {
return Math.floor(Math.random() * (t - e + 1) + e)
}
function gridSystemGenerator() {
$(".lyrow .preview input").bind("keyup", function() {
var e = 0;
var t = "";
var n = $(this).val().split(" ", 12);
$.each(n, function(n, r) {
e = e + parseInt(r);
t += '<div class="span' + r + ' column"></div>'
});
if (e == 12) {
$(this).parent().next().children().html(t);
$(this).parent().prev().show()
} else {
$(this).parent().prev().hide()
}
})
}
function configurationElm(e, t) {
$(".demo").delegate(".configuration > a", "click", function(e) {
e.preventDefault();
var t = $(this).parent().next().next().children();
$(this).toggleClass("active");
t.toggleClass($(this).attr("rel"))
});
$(".demo").delegate(".configuration .dropdown-menu a", "click", function(e) {
e.preventDefault();
var t = $(this).parent().parent();
var n = t.parent().parent().next().next().children();
t.find("li").removeClass("active");
$(this).parent().addClass("active");
var r = "";
t.find("a").each(function() {
r += $(this).attr("rel") + " "
});
t.parent().removeClass("open");
n.removeClass(r);
n.addClass($(this).attr("rel"))
})
}
function removeElm() {
$(".demo").delegate(".remove", "click", function(e) {
e.preventDefault();
$(this).parent().remove();
if (!$(".demo .lyrow").length > 0) {
clearDemo()
}
})
}
function clearDemo() {
$(".demo").empty();
layouthistory = null;
if (supportstorage())
localStorage.removeItem("layoutdata");
}
function removeMenuClasses() {
$("#menu-layoutit li button").removeClass("active")
}
function changeStructure(e, t) {
$("#download-layout ." + e).removeClass(e).addClass(t)
}
function cleanHtml(e) {
$(e).parent().append($(e).children().html())
}
function downloadLayoutSrc() {
var e = "";
$("#download-layout").children().html($(".demo").html());
var t = $("#download-layout").children();
t.find(".preview, .configuration, .drag, .remove").remove();
t.find(".lyrow").addClass("removeClean");
t.find(".box-element").addClass("removeClean");
t.find(".lyrow .lyrow .lyrow .lyrow .lyrow .removeClean").each(function() {
cleanHtml(this)
});
t.find(".lyrow .lyrow .lyrow .lyrow .removeClean").each(function() {
cleanHtml(this)
});
t.find(".lyrow .lyrow .lyrow .removeClean").each(function() {
cleanHtml(this)
});
t.find(".lyrow .lyrow .removeClean").each(function() {
cleanHtml(this)
});
t.find(".lyrow .removeClean").each(function() {
cleanHtml(this)
});
t.find(".removeClean").each(function() {
cleanHtml(this)
});
t.find(".removeClean").remove();
$("#download-layout .column").removeClass("ui-sortable");
$("#download-layout .row-fluid").removeClass("clearfix").children().removeClass("column");
if ($("#download-layout .container").length > 0) {
changeStructure("row-fluid", "row")
}
formatSrc = $.htmlClean($("#download-layout").html(), {
format: true,
allowedAttributes: [
["id"],
["class"],
["data-toggle"],
["data-target"],
["data-parent"],
["role"],
["data-dismiss"],
["aria-labelledby"],
["aria-hidden"],
["data-slide-to"],
["data-slide"]
]
});
$("#download-layout").html(formatSrc);
$("#downloadModal textarea").empty();
$("#downloadModal textarea").val(formatSrc)
}
var currentDocument = null;
var timerSave = 1000;
var stopsave = 0;
var startdrag = 0;
var demoHtml = $(".demo").html();
var currenteditor = null;
$(window).resize(function() {
$("body").css("min-height", $(window).height() - 90);
$(".demo").css("min-height", $(window).height() - 160)
});
function restoreData(){
if (supportstorage()) {
layouthistory = JSON.parse(localStorage.getItem("layoutdata"));
if (!layouthistory) return false;
window.demoHtml = layouthistory.list[layouthistory.count-1];
if (window.demoHtml) $(".demo").html(window.demoHtml);
}
}
function initContainer(){
$(".demo, .demo .column").sortable({
connectWith: ".column",
opacity: .35,
handle: ".drag",
start: function(e,t) {
if (!startdrag) stopsave++;
startdrag = 1;
},
stop: function(e,t) {
if(stopsave>0) stopsave--;
startdrag = 0;
}
});
configurationElm();
}
$(document).ready(function() {
CKEDITOR.disableAutoInline = true;
restoreData();
var contenthandle = CKEDITOR.replace( 'contenteditor' ,{
language: 'zh-cn',
contentsCss: ['css/bootstrap-combined.min.css'],
allowedContent: true
});
$("body").css("min-height", $(window).height() - 90);
$(".demo").css("min-height", $(window).height() - 160);
$(".sidebar-nav .lyrow").draggable({
connectToSortable: ".demo",
helper: "clone",
handle: ".drag",
start: function(e,t) {
if (!startdrag) stopsave++;
startdrag = 1;
},
drag: function(e, t) {
t.helper.width(400)
},
stop: function(e, t) {
$(".demo .column").sortable({
opacity: .35,
connectWith: ".column",
start: function(e,t) {
if (!startdrag) stopsave++;
startdrag = 1;
},
stop: function(e,t) {
if(stopsave>0) stopsave--;
startdrag = 0;
}
});
if(stopsave>0) stopsave--;
startdrag = 0;
}
});
$(".sidebar-nav .box").draggable({
connectToSortable: ".column",
helper: "clone",
handle: ".drag",
start: function(e,t) {
if (!startdrag) stopsave++;
startdrag = 1;
},
drag: function(e, t) {
t.helper.width(400)
},
stop: function() {
handleJsIds();
if(stopsave>0) stopsave--;
startdrag = 0;
}
});
initContainer();
$('body.edit .demo').on("click","[data-target=#editorModal]",function(e) {
e.preventDefault();
currenteditor = $(this).parent().parent().find('.view');
var eText = currenteditor.html();
contenthandle.setData(eText);
});
$("#savecontent").click(function(e) {
e.preventDefault();
currenteditor.html(contenthandle.getData());
});
$("[data-target=#downloadModal]").click(function(e) {
e.preventDefault();
downloadLayoutSrc();
});
$("[data-target=#shareModal]").click(function(e) {
e.preventDefault();
handleSaveLayout();
});
$("#download").click(function() {
downloadLayout();
return false
});
$("#downloadhtml").click(function() {
downloadHtmlLayout();
return false
});
$("#edit").click(function() {
$("body").removeClass("devpreview sourcepreview");
$("body").addClass("edit");
removeMenuClasses();
$(this).addClass("active");
return false
});
$("#clear").click(function(e) {
e.preventDefault();
clearDemo()
});
$("#devpreview").click(function() {
$("body").removeClass("edit sourcepreview");
$("body").addClass("devpreview");
removeMenuClasses();
$(this).addClass("active");
return false
});
$("#sourcepreview").click(function() {
$("body").removeClass("edit");
$("body").addClass("devpreview sourcepreview");
removeMenuClasses();
$(this).addClass("active");
return false
});
$("#fluidPage").click(function(e) {
e.preventDefault();
changeStructure("container", "container-fluid");
$("#fixedPage").removeClass("active");
$(this).addClass("active");
downloadLayoutSrc()
});
$("#fixedPage").click(function(e) {
e.preventDefault();
changeStructure("container-fluid", "container");
$("#fluidPage").removeClass("active");
$(this).addClass("active");
downloadLayoutSrc()
});
$(".nav-header").click(function() {
$(".sidebar-nav .boxes, .sidebar-nav .rows").hide();
$(this).next().slideDown()
});
$('#undo').click(function(){
stopsave++;
if (undoLayout()) initContainer();
stopsave--;
});
$('#redo').click(function(){
stopsave++;
if (redoLayout()) initContainer();
stopsave--;
});
removeElm();
gridSystemGenerator();
setInterval(function() {
handleSaveLayout()
}, timerSave)
})

38
nginx_conf/nginx.conf Normal file
View File

@@ -0,0 +1,38 @@
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#vhosts settings
include vhost.conf;
}

2
nginx_conf/restart_ngx.bat Normal file
View File

@@ -0,0 +1,2 @@
cd /d E:\nginx-1.5.3\
E:\nginx-1.5.3\nginx.exe -s reload

1
nginx_conf/vhost.conf Normal file
View File

@@ -0,0 +1 @@
include vhost-*.conf;

BIN
scan.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

44
tasklist.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
require(dirname(__FILE__).'/include/config.inc.php');
$sql = "select * from scan_list where status='new'";
$results = $db->fetch_assoc($sql);
$url = $results['url'];
$pointserver = $results['pointserver'];
$rule = $results['rule'];
$siteuser = $results['siteuser'];
$sitepwd = $results['sitepwd'];
$cookie = $results['cookie'];
$hash = $results['hash'];
if ( $db->db_num_rows($sql) > 0 ){
if ( $pointserver == $_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_ADDR'] == '127.0.0.1' or $_SERVER['REMOTE_ADDR'] == '::1' ){
$up_arr['status'] = 'ing';
//echo "$url|$pointserver|$rule|$siteuser|$sitepwd|$cookie|$hash";
$scan_arr['target_url'] = $url;
$scan_arr['scan_rule'] = $rule;
$scan_arr['siteuser'] = $siteuser;
$scan_arr['sitepwd'] = $sitepwd;
$scan_arr['sitecookie'] = $cookie;
$scan_arr['hash'] = $hash;
echo base64_encode(json_encode($scan_arr));
$update = $db->update('scan_list',$up_arr,"status='new' and hash='{$hash}'");
}
}else{
$sql = "select * from `scan_list` where status='ing'";
$sf = $db->fetch_assoc($sql);
$get_hash = $sf['hash'];
if (!empty($get_hash)){
$url = "http://10.0.13.58/file.php?p=$get_hash";
//echo $url;
get_xml($url);
}
}
?>

130
wvs_scan.sql Normal file
View File

@@ -0,0 +1,130 @@
/*
Navicat MySQL Data Transfer
Source Server : localhost
Source Server Version : 50704
Source Host : localhost:3306
Source Database : wvs_scan
Target Server Type : MYSQL
Target Server Version : 50704
File Encoding : 65001
Date: 2015-05-30 21:58:10
*/
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `point_server`
-- ----------------------------
DROP TABLE IF EXISTS `point_server`;
CREATE TABLE `point_server` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`pointip` varchar(15) DEFAULT NULL,
`pointport` int(5) DEFAULT '80',
`level` int(2) DEFAULT '0',
`status` varchar(10) DEFAULT NULL,
`hash` varchar(32) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of point_server
-- ----------------------------
-- ----------------------------
-- Table structure for `scan_list`
-- ----------------------------
DROP TABLE IF EXISTS `scan_list`;
CREATE TABLE `scan_list` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) DEFAULT NULL,
`createtime` varchar(50) DEFAULT NULL,
`user` varchar(10) DEFAULT NULL,
`pointserver` varchar(15) DEFAULT NULL,
`group` varchar(20) DEFAULT NULL,
`rule` varchar(10) DEFAULT NULL,
`siteuser` varchar(50) DEFAULT NULL,
`sitepwd` varchar(50) DEFAULT NULL,
`cookie` text,
`status` varchar(10) DEFAULT NULL,
`hash` varchar(32) NOT NULL,
PRIMARY KEY (`id`,`hash`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of scan_list
-- ----------------------------
-- ----------------------------
-- Table structure for `target_info`
-- ----------------------------
DROP TABLE IF EXISTS `target_info`;
CREATE TABLE `target_info` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) DEFAULT NULL,
`user` varchar(10) DEFAULT NULL,
`scantime` varchar(50) DEFAULT NULL,
`finishtime` varchar(50) DEFAULT NULL,
`banner` varchar(50) DEFAULT NULL,
`responsive` varchar(10) DEFAULT NULL,
`os` varchar(50) DEFAULT NULL,
`technologies` varchar(50) DEFAULT NULL,
`hash` varchar(32) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of target_info
-- ----------------------------
-- ----------------------------
-- Table structure for `target_vul`
-- ----------------------------
DROP TABLE IF EXISTS `target_vul`;
CREATE TABLE `target_vul` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(50) DEFAULT NULL,
`modulename` varchar(100) DEFAULT NULL,
`details` text,
`affects` varchar(255) DEFAULT NULL,
`parameter` varchar(50) DEFAULT NULL,
`severity` varchar(10) DEFAULT NULL,
`request` text,
`response` text,
`hash` varchar(32) DEFAULT NULL,
`unique` varchar(32) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `unique` (`unique`),
KEY `hash` (`hash`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of target_vul
-- ----------------------------
-- ----------------------------
-- Table structure for `user`
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(10) DEFAULT NULL,
`passwd` varchar(32) DEFAULT NULL,
`email` varchar(30) DEFAULT NULL,
`phone` varchar(11) DEFAULT NULL,
`ctime` varchar(50) DEFAULT NULL,
`lasttime` varchar(50) DEFAULT NULL,
`group` varchar(10) DEFAULT NULL,
`status` varchar(10) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('1', 'x', '123456', 'admin@scan.com', '10086', '1432882109', null, null, '1');

143
wvs_scan.test.data.sql Normal file
View File

@@ -0,0 +1,143 @@
# Host: localhost (Version: 5.5.38)
# Date: 2015-06-10 08:08:04
# Generator: MySQL-Front 5.3 (Build 4.120)
/*!40101 SET NAMES utf8 */;
#
# Structure for table "point_server"
#
DROP TABLE IF EXISTS `point_server`;
CREATE TABLE `point_server` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`pointip` varchar(15) DEFAULT NULL,
`pointport` int(5) DEFAULT '80',
`level` int(2) DEFAULT '0',
`status` varchar(10) DEFAULT NULL,
`hash` varchar(32) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
#
# Data for table "point_server"
#
/*!40000 ALTER TABLE `point_server` DISABLE KEYS */;
INSERT INTO `point_server` VALUES (1,'10.0.13.58',80,2,'1','10ce467d32964f07039320e3bc4f42d7');
/*!40000 ALTER TABLE `point_server` ENABLE KEYS */;
#
# Structure for table "scan_list"
#
DROP TABLE IF EXISTS `scan_list`;
CREATE TABLE `scan_list` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) DEFAULT NULL,
`createtime` varchar(50) DEFAULT NULL,
`user` varchar(10) DEFAULT NULL,
`pointserver` varchar(15) DEFAULT NULL,
`group` varchar(20) DEFAULT NULL,
`rule` varchar(10) DEFAULT NULL,
`siteuser` varchar(50) DEFAULT NULL,
`sitepwd` varchar(50) DEFAULT NULL,
`cookie` text,
`status` varchar(10) DEFAULT NULL,
`hash` varchar(32) NOT NULL,
PRIMARY KEY (`id`,`hash`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
#
# Data for table "scan_list"
#
/*!40000 ALTER TABLE `scan_list` DISABLE KEYS */;
INSERT INTO `scan_list` VALUES (1,'http://10.0.140.148:8080/eomp/loginmgmt/frame.action','2015-06-09','x','10.0.13.58','','4','aa','aa','a','ok','4e2311c9ea164ce9fe2f15f000b97d14');
/*!40000 ALTER TABLE `scan_list` ENABLE KEYS */;
#
# Structure for table "target_info"
#
DROP TABLE IF EXISTS `target_info`;
CREATE TABLE `target_info` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`url` varchar(255) DEFAULT NULL,
`user` varchar(10) DEFAULT NULL,
`scantime` varchar(50) DEFAULT NULL,
`finishtime` varchar(50) DEFAULT NULL,
`banner` varchar(50) DEFAULT NULL,
`responsive` varchar(10) DEFAULT NULL,
`os` varchar(50) DEFAULT NULL,
`technologies` varchar(50) DEFAULT NULL,
`hash` varchar(32) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hash` (`hash`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
#
# Data for table "target_info"
#
/*!40000 ALTER TABLE `target_info` DISABLE KEYS */;
INSERT INTO `target_info` VALUES (1,'http://10.0.140.148:8080/eomp/loginmgmt/frame.action',NULL,'2 minutes, 53 seconds','9/6/2015, 17:06:53','Apache-Coyote/1.1','True','Unknown','Array','4e2311c9ea164ce9fe2f15f000b97d14');
/*!40000 ALTER TABLE `target_info` ENABLE KEYS */;
#
# Structure for table "target_vul"
#
DROP TABLE IF EXISTS `target_vul`;
CREATE TABLE `target_vul` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(50) DEFAULT NULL,
`modulename` varchar(100) DEFAULT NULL,
`details` text,
`affects` varchar(255) DEFAULT NULL,
`parameter` varchar(50) DEFAULT NULL,
`severity` varchar(10) DEFAULT NULL,
`request` text,
`response` text,
`hash` varchar(32) DEFAULT NULL,
`unique` varchar(32) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `unique` (`unique`),
KEY `hash` (`hash`)
) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
#
# Data for table "target_vul"
#
/*!40000 ALTER TABLE `target_vul` DISABLE KEYS */;
INSERT INTO `target_vul` VALUES (1,'Cookie without HttpOnly flag set','Crawler','Cookie name: <font color=\"dark\">&quot;JSESSIONID&quot;</font><br/>Cookie domain: <font color=\"dark\">&quot;10.0.140.148&quot;</font><br/>','/','Array','low','GET / HTTP/1.1\r\n\r\n',' \r\n','4e2311c9ea164ce9fe2f15f000b97d14','41a0e3c92680909af0a7a49b97158467'),(2,'OPTIONS method is enabled','Scripting (Options_Server_Method.script)','Methods allowed: <font color=\"dark\"><b>GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS</b></font>','Web Server','Array','low','OPTIONS / HTTP/1.1\r\nCookie: JSESSIONID=9D7EFED10AFF7E4359B84B843457869C\r\nHost: 10.0.140.148:8080\r\nConnection: Keep-alive\r\nAccept-Encoding: gzip,deflate\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36\r\nAccept: */*\r\n\r\n','HTTP/1.1 200 OK\r\nServer: Apache-Coyote/1.1\r\nAllow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS\r\nContent-Length: 0\r\nDate: Tue, 09 Jun 2015 09:04:00 GMT\r\n','4e2311c9ea164ce9fe2f15f000b97d14','055bf03fcaa50607e124302f9e6f1e58'),(3,'Java Debug Wire Protocol remote code execution','Scripting (Java_Debug_Wire_Protocol_Audit.script)','Server responded on port <b>8787</b> with JDWP handshake magic string: <font color=\"dark\">JDWP-Handshake</font>','Web Server','Array','high','Array','Array','4e2311c9ea164ce9fe2f15f000b97d14','2da48c3aab05efb2ec50410490efa232');
/*!40000 ALTER TABLE `target_vul` ENABLE KEYS */;
#
# Structure for table "user"
#
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(10) DEFAULT NULL,
`passwd` varchar(32) DEFAULT NULL,
`email` varchar(30) DEFAULT NULL,
`phone` varchar(11) DEFAULT NULL,
`ctime` varchar(50) DEFAULT NULL,
`lasttime` varchar(50) DEFAULT NULL,
`group` varchar(10) DEFAULT NULL,
`status` varchar(10) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
#
# Data for table "user"
#
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES (1,'x','123456','admin@scan.com','10086','1432882109','1433894653',NULL,'1');
/*!40000 ALTER TABLE `user` ENABLE KEYS */;