From 4534a9b56754d17302c74a734b97e39b722f12c5 Mon Sep 17 00:00:00 2001
From: firesun <firesun.cn@gmail.com>
Date: Sat, 31 Oct 2015 13:46:47 +0800
Subject: [PATCH] =?UTF-8?q?Version=202.3=20=E5=AE=9E=E7=8E=B0keepsession?=
 =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=E6=96=B0=E6=B6=88=E6=81=AF=E6=97=B6?=
 =?UTF-8?q?=E6=A0=87=E9=A2=98=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                 | 16 ++++++-
 admin.php                 |  2 +-
 auth.php                  |  1 +
 functions.php             | 28 ++++++++----
 keepsession.php           | 95 ++++++++++++++++++++++++++++++++++++++-
 login.php                 |  4 +-
 static/js/notification.js |  3 +-
 7 files changed, 134 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 0d3a2cf..f4c2acc 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,16 @@ define('ENCRYPT_PASS', "bluelotus");
 * 挑战应答式的登录校验，session绑定ip与useragent
 * 密码输错三次封IP，误封请删除`DATA_PATH`/forbiddenIPList.dat文件
 
+## keepsession功能
+* 需要在config.php开启
+* 如果请求的get或post或cookie中带有keepsession=1，则这条记录会被keepsession
+* 请设置脚本或者网站监控定期访问keepsession.php
+* 请将cookie存在cookie参数，url存在location参数（传递方法可get可post可cookie），如`index.php?keepsession=1&cookie=aaa&location=bbb`,keepsession.php将会定期使用cookie aaa去访问bbb
+* cookie和location参数支持base64编码，keepsession.php会自动判断，自动解码
+* 如果不设置location，将会使用HTTP Referer作为url
+* keepsession.php使用`flock($pid, LOCK_EX|LOCK_NB)`实现单例运行（由于windows下不支持无阻塞锁定，所以最好删除keepsession.php里的`set_time_limit(0)`），可自行加上sleep防止keepsession.php被恶意频繁访问
+
 ## TODO
-* keepsession
 * 完全启用CSP
 * 我的js
 * js模板
@@ -52,3 +60,9 @@ define('ENCRYPT_PASS', "bluelotus");
 * 为方便开发与调试，未合并压缩js与css，待最终版发布后合并
 * 使用纯真ip库的函数基于Discuz X3.1 function_misc.php上修改而来, 判断客户端操作系统与浏览器的脚本基于原作者@author  Jea杨写的php版本修改而来，后台整体布局借鉴Kendo UI 的demo NORTHWIND DASH
 * Warning: 本工具仅允许使用在CTF比赛等学习、研究场景，严禁用于非法用途
+
+## 意见与建议
+
+欢迎大家在体验过程中提出各种宝贵的意见和建议，以及各种bug！
+
+反馈邮箱firesun.cn`at`gmail.com
diff --git a/admin.php b/admin.php
index 012c94a..b5cee73 100644
--- a/admin.php
+++ b/admin.php
@@ -80,7 +80,7 @@ require("auth.php");
 										
 							
                     </ul>
-                    <span id="rights">Copyright © 2015-2016<br>Powered by <a href="https://github.com/firesunCN" target="_blank">Firesun</a></span>
+                    <span id="rights">Copyright © 2015-2016<br>Powered by <a href="http://firesun.me" target="_blank">Firesun</a></span>
                 </div>
             </div>
 			
diff --git a/auth.php b/auth.php
index e57d073..9092e42 100644
--- a/auth.php
+++ b/auth.php
@@ -23,4 +23,5 @@ if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSI
 header("Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
 header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
 header("X-WebKit-CSP: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
+
 ?>
\ No newline at end of file
diff --git a/functions.php b/functions.php
index d78da81..40d5190 100644
--- a/functions.php
+++ b/functions.php
@@ -19,17 +19,29 @@ if (!function_exists('getallheaders')) {
 //判断该记录是否
 function isKeepSession($info){
 	$keepsession=false;
-	foreach($info['cookie_data'] as $k => $v) {
-		if($k==="keepsession")
-			$keepsession=($v==="1"?true:false);
-	}
-	foreach($info['post_data'] as $k => $v) {
-		if($k==="keepsession")
-			$keepsession=($v==="1"?true:false);
-	}
+	
 	foreach($info['get_data'] as $k => $v) {
 		if($k==="keepsession")
+		{
 			$keepsession=($v==="1"?true:false);
+			return $keepsession;
+		}
+	}
+	
+	foreach($info['post_data'] as $k => $v) {
+		if($k==="keepsession")
+		{
+			$keepsession=($v==="1"?true:false);
+			return $keepsession;
+		}
+	}
+	
+	foreach($info['cookie_data'] as $k => $v) {
+		if($k==="keepsession")
+		{
+			$keepsession=($v==="1"?true:false);
+			return $keepsession;
+		}	
 	}
 	return $keepsession;
 }
diff --git a/keepsession.php b/keepsession.php
index 9c4971f..9f0525a 100644
--- a/keepsession.php
+++ b/keepsession.php
@@ -1,9 +1,102 @@
 <?php
 define("IN_XSS_PLATFORM",true);
 
+ignore_user_abort();
+//Windows平台最好别设成0，因为windows上lock没法实现非阻塞
+set_time_limit(0);
+
 require_once("config.php");
 require_once("functions.php");
 require_once("dio.php");
-//to do
+
+if(KEEP_SESSION)
+{
+	//利用非阻塞的flock实现单例运行
+	$pid = fopen(DATA_PATH. '/check.pid', "w");
+	if(!$pid)
+		exit();
 	
+	if(flock($pid, LOCK_EX|LOCK_NB))
+	{
+		$files = glob(DATA_PATH . '/*.php');
+		foreach ($files as $file) {
+			$filename=basename($file,".php");
+			$info=loadInfo($filename);
+			if($info['keepsession']===true)
+			{
+				$url=getLocation($info);
+				$cookie=getCookie($info);
+				
+				$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2535.0 Safari/537.36";
+				if(isset($info['headers_data']['User-Agent']))
+					$useragent=$info['headers_data']['User-Agent'];
+
+				if($url!="" && $cookie!="")
+				{
+					$ch = curl_init(); 
+					$header[]= 'User-Agent: '.$useragent;
+					$header[]= 'Cookie: '.$cookie;
+					curl_setopt($ch,CURLOPT_URL,$url);
+					curl_setopt($ch,CURLOPT_HTTPHEADER,$header);
+					curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
+					curl_setopt($ch, CURLOPT_TIMEOUT,10);  
+					//https不校验证书，按需开启吧
+					//curl_setopt ( $curl_handle, CURLOPT_SSL_VERIFYHOST, 0 );
+					curl_exec($ch);
+					curl_close($ch);
+				}	
+			}
+				
+		} 	
+		
+		//可加上sleep来防止keepsession被ddos	
+		//sleep(10);
+		flock($pid, LOCK_UN);
+	}	
+	
+	fclose($pid);
+
+}
+
+function getCookie($info){
+	$cookie="";
+	
+	if(isset($info['decoded_get_data']['cookie'])&&$info['decoded_get_data']['cookie']!="")
+		$cookie=$info['decoded_get_data']['cookie'];
+	else if(isset($info['get_data']['cookie'])&&$info['get_data']['cookie']!="")
+		$cookie=$info['get_data']['cookie'];
+	else if(isset($info['decoded_post_data']['cookie'])&&$info['decoded_post_data']['cookie']!="")
+		$cookie=$info['decoded_post_data']['cookie'];
+	else if(isset($info['post_data']['cookie'])&&$info['post_data']['cookie']!="")
+		$cookie=$info['post_data']['cookie'];
+	else if(isset($info['decoded_cookie_data']['cookie'])&&$info['decoded_cookie_data']['cookie']!="")
+		$cookie=$info['decoded_cookie_data']['cookie'];
+	else if(isset($info['cookie_data']['cookie'])&&$info['cookie_data']['cookie']!="")
+		$cookie=$info['cookie_data']['cookie'];
+	
+	return htmlspecialchars_decode(stripslashes($cookie),ENT_QUOTES);
+
+}
+
+function getLocation($info){
+	$location="";
+	
+	if(isset($info['decoded_get_data']['location'])&&$info['decoded_get_data']['location']!="")
+		$location=$info['decoded_get_data']['location'];
+	else if(isset($info['get_data']['location'])&&$info['get_data']['location']!="")
+		$location=$info['get_data']['location'];
+	else if(isset($info['decoded_post_data']['location'])&&$info['decoded_post_data']['location']!="")
+		$location=$info['decoded_post_data']['location'];
+	else if(isset($info['post_data']['location'])&&$info['post_data']['location']!="")
+		$location=$info['post_data']['location'];
+	else if(isset($info['decoded_cookie_data']['location'])&&$info['decoded_cookie_data']['location']!="")
+		$location=$info['decoded_cookie_data']['location'];
+	else if(isset($info['cookie_data']['location'])&&$info['cookie_data']['location']!="")
+		$location=$info['cookie_data']['location'];
+	else if(isset($info['headers_data']['Referer'])&&$info['headers_data']['Referer']!="")
+		$location=$info['headers_data']['Referer'];
+
+	return htmlspecialchars_decode(stripslashes($location),ENT_QUOTES);
+}
+
 ?>
\ No newline at end of file
diff --git a/login.php b/login.php
index e74c3ea..7a27b69 100644
--- a/login.php
+++ b/login.php
@@ -23,7 +23,7 @@ $forbiddenIPList=loadForbiddenIPList();
 $ip=$_SERVER['REMOTE_ADDR'];
 if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<3)
 {
-	if(isset($_POST['password']) && $_POST['password']!='' )
+	if(isset($_POST['password']) && $_POST['password']!="")
 	{
 		if(checkPassword($_POST['password']))
 		{
@@ -85,7 +85,7 @@ php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt
 */
 function checkPassword($p)
 {
-	if(isset($_SESSION['firesunCheck'])&&isset($_POST['firesunCheck'])&&$_SESSION['firesunCheck']!=""&&$_POST['firesunCheck']===$_SESSION['firesunCheck'])
+	if(isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck']!="" && $_POST['firesunCheck']===$_SESSION['firesunCheck'])
 	{
 		//改了这个盐记得改login.js里的，两个要一致
 		$salt="!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
diff --git a/static/js/notification.js b/static/js/notification.js
index 1036b1e..ed19df1 100644
--- a/static/js/notification.js
+++ b/static/js/notification.js
@@ -9,7 +9,6 @@ function readNotification(){
 	$(this).parent().fadeOut(200);
 	//reload data
 	$('#panelGrid').jqxGrid('updatebounddata');
-	//$("#panelGrid").jqxGrid({ source: getAdapter() });
 
 }
 
@@ -23,7 +22,7 @@ function showNotification(newUnreadNum,lastedID,interval){
 		{
 			
 			if(document.title)
-				document.title='【收到'+unreadNum+"份消息】"+document.title;
+				document.title='【收到'+unreadNum+"封消息】"+oldTitle;
 
 			var notificationHTML='<div id="webpushtipcontainer" class="webpushtipoutter" ><div class="webpushtipinner"><div id="webpushtip1" style="visibility: visible; bottom: 0px;" class="newmailNotifyItem notify_mail"><div class="newmailNotify" id="newNotification"><a nocheck="true" id="webpushtip1close" class="notify_close"title="关闭"></a><div class="notify_type"><span></span><label><em id="unreadNum">1</em></label></div><div class="notify_content"><p class="notify_location">未知</p><p class="notify_title">0.0.0.0</p><p class="notify_digest">GET:0个 POST:0个 Cookie:0个</p></div></div></div></div></div>';
 			$("#webpushtipcontainer").remove();