From 8f507e8ea1c1bb2476ffeadc47872bd0695f94bb Mon Sep 17 00:00:00 2001 From: firesun Date: Sat, 30 Jan 2016 16:36:36 +0800 Subject: [PATCH] =?UTF-8?q?Version=203.3.5=20=E9=99=A4=E4=BA=86install?= =?UTF-8?q?=E4=B8=8Echange=5Fencrypt=5Fpass=E6=93=8D=E4=BD=9C=E4=BB=A5?= =?UTF-8?q?=E5=A4=96=EF=BC=8C=E6=89=80=E6=9C=89io=E6=93=8D=E4=BD=9C?= =?UTF-8?q?=E7=A7=BB=E8=87=B3dio.php?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api.php | 239 ++++++++++++++++--------------------------------- dio.php | 259 ++++++++++++++++++++++++++++++++++++++++-------------- login.php | 29 +----- 3 files changed, 271 insertions(+), 256 deletions(-) diff --git a/api.php b/api.php index 55f80c3..d8b06de 100644 --- a/api.php +++ b/api.php @@ -6,254 +6,169 @@ require_once("functions.php"); require_once("dio.php"); header('Content-Type: application/json'); -//时间戳的正则表达式 -define('ID_REGEX', '/^[0-9]{10}$/'); -//合法文件名的正则表达式 -define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/'); - //与xss记录相关api -if (isset($_GET['cmd'])) { - switch ($_GET['cmd']) { +if ( isset( $_GET['cmd'] ) ) { + switch ( $_GET['cmd'] ) { //获取所有记录包括详细信息 case 'list': - echo json_encode(xss_record_detail_list()); + echo json_encode( list_xss_record_detail() ); break; //只获取时间戳(索引id) case 'id_list': - echo json_encode(xss_record_id_list()); + echo json_encode( list_xss_record_id() ); break; //根据时间戳(索引id)获得单条信息 case 'get': - if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id'])) - echo json_encode(load_xss_record($_GET['id'])); + if ( isset( $_GET['id'] ) ) + echo json_encode( load_xss_record( $_GET['id'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //根据时间戳(索引id)删除单条信息 case 'del': - if (isset($_GET['id']) && preg_match(ID_REGEX, $_GET['id'])) - echo json_encode(delete_xss_record($_GET['id'])); + if ( isset( $_GET['id'] ) ) + echo json_encode( delete_xss_record( $_GET['id'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //清空记录 case 'clear': - echo json_encode(clear_xss_record()); + echo json_encode( clear_xss_record() ); break; default: - echo json_encode(false); + echo json_encode( false ); } } //与js模板相关api -else if (isset($_GET['js_template_cmd'])) { - switch ($_GET['js_template_cmd']) { +else if ( isset( $_GET['js_template_cmd'] ) ) { + switch ( $_GET['js_template_cmd'] ) { //获取所有js模板的名字与描述 case 'list': - echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH)); + echo json_encode( list_js_name_and_desc( JS_TEMPLATE_PATH ) ); break; - + //添加js模板 case 'add': - if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) { - if (!is_writable(JS_TEMPLATE_PATH)) - echo json_encode(false); - else { - save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']); - save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); - echo json_encode(true); - } - } else - echo json_encode(false); + if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { + $result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] ) + && save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] ); + echo json_encode( $result ); + } + else + echo json_encode( false ); break; //修改js模板 case 'modify': - if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) { - if (!is_writable(JS_TEMPLATE_PATH)) - echo json_encode(false); - else { - if ($_POST['old_name'] != $_POST['name']) - delete_js(JS_TEMPLATE_PATH, $_POST['old_name']); - - save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']); - save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); - echo json_encode(true); + if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { + $result = true; + if ( $_POST['old_name'] != $_POST['name'] ) + $result = delete_js( JS_TEMPLATE_PATH, $_POST['old_name'] ); + + if( $result ) { + $result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] ) + && save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] ); } - } else - echo json_encode(false); + echo json_encode( $result ); + + } + else + echo json_encode( false ); break; - //获取某一js模板的内容 + //获取某一js模板的内容 case 'get': - if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) - echo json_encode(load_js_content(JS_TEMPLATE_PATH, $_GET['name'])); + if ( isset( $_GET['name'] ) ) + echo json_encode( load_js_content( JS_TEMPLATE_PATH, $_GET['name'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //删除js模板 case 'del': - if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) - echo json_encode(delete_js(JS_TEMPLATE_PATH, $_GET['name'])); + if ( isset( $_GET['name'] ) ) + echo json_encode( delete_js( JS_TEMPLATE_PATH, $_GET['name'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //清空js模板 case 'clear': - echo json_encode(clear_js(JS_TEMPLATE_PATH)); + echo json_encode( clear_js( JS_TEMPLATE_PATH ) ); break; default: - echo json_encode(false); + echo json_encode( false ); } } //与我的js相关api -else if (isset($_GET['my_js_cmd'])) { - switch ($_GET['my_js_cmd']) { +else if ( isset( $_GET['my_js_cmd'] ) ) { + switch ( $_GET['my_js_cmd'] ) { //获取所有我的js的名字与描述 case 'list': - echo json_encode(js_name_and_desc_list(MY_JS_PATH)); + echo json_encode( list_js_name_and_desc( MY_JS_PATH ) ); break; //添加js模板 case 'add': - if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) { - if (!is_writable(MY_JS_PATH)) - echo json_encode(false); - else { - save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']); - save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); - echo json_encode(true); - } - - } else - echo json_encode(false); + if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { + $result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] ) + && save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] ); + echo json_encode( $result ); + } + else + echo json_encode( false ); break; //修改js模板 case 'modify': - if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) { - if (!is_writable(MY_JS_PATH)) - echo json_encode(false); - else { - if ($_POST['old_name'] != $_POST['name']) - delete_js(MY_JS_PATH, $_POST['old_name']); - - save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']); - save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); - echo json_encode(true); + if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { + $result = true; + if ( $_POST['old_name'] != $_POST['name'] ) + $result = delete_js( MY_JS_PATH, $_POST['old_name'] ); + if( $result ) { + $result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] ) + && save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] ); } - } else - echo json_encode(false); + echo json_encode( $result ); + } + else + echo json_encode( false ); break; - //获取某一js模板的内容 + //获取某一js模板的内容 case 'get': - if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) - echo json_encode(load_js_content(MY_JS_PATH, $_GET['name'])); + if ( isset( $_GET['name'] ) ) + echo json_encode( load_js_content( MY_JS_PATH, $_GET['name'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //删除js模板 case 'del': - if (isset($_GET['name']) && preg_match(FILE_REGEX, $_GET['name'])) - echo json_encode(delete_js(MY_JS_PATH, $_GET['name'])); + if ( isset( $_GET['name'] ) ) + echo json_encode( delete_js( MY_JS_PATH, $_GET['name'] ) ); else - echo json_encode(false); + echo json_encode( false ); break; //清空js模板 case 'clear': - echo json_encode(clear_js(MY_JS_PATH)); + echo json_encode( clear_js( MY_JS_PATH ) ); break; default: - echo json_encode(false); + echo json_encode( false ); } -} else - echo json_encode(false); - - -function xss_record_id_list() { - $files = glob(DATA_PATH . '/*.php'); - $list = array(); - foreach ($files as $file) { - $filename = basename($file, ".php"); - if (preg_match(ID_REGEX, $filename)) - $list[] = $filename; - } - return $list; } - -function xss_record_detail_list() { - $list = array(); - $files = glob(DATA_PATH . '/*.php'); - arsort($files); - - foreach ($files as $file) { - $filename = basename($file, ".php"); - if (preg_match(ID_REGEX, $filename)) { - $info = load_xss_record($filename); - if ($info === false) - continue; - - $isChange = false; - //如果没有设置location,就查询qqwry.dat判断location - if (!isset($info['location'])) { - $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); - $isChange = true; - } - - if ($isChange) - save_xss_record(json_encode($info), $filename); - $list[] = $info; - } - } - return $list; -} - -//获取js的名字与描述列表 -function js_name_and_desc_list($path) { - $list = array(); - $files = glob($path . '/*.js'); - arsort($files); - - foreach ($files as $file) { - //由于可能有中文名,故使用正则来提取文件名 - $item = array(); - $item['js_uri'] = $file; - - $filename = preg_replace('/^.+[\\\\\\/]/', '', $file); - $filename = substr($filename, 0, strlen($filename) - 3); - $item['js_name'] = $filename; - $item['js_name_abbr'] = stripStr($filename); - - $result = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'); - $result = $result ? $result : ""; - - - $result = decrypt($result); - - if (json_encode($result) === false) - $result = "加密密码不符,无法获得描述"; - - $item['js_description'] = $result; - $item['js_description_abbr'] = stripStr($result); - - //特别注意:只有js_name_abbr,js_description_abbr经过stripStr处理 - $list[] = $item; - - } - return $list; -} \ No newline at end of file +else + echo json_encode( false ); diff --git a/dio.php b/dio.php index 850ae53..9a2339c 100644 --- a/dio.php +++ b/dio.php @@ -1,140 +1,267 @@ \|]{1,255}$)/'); + //对记录的读写操作,无数据库,采用读写文件的方式,文件名即请求时的时间戳,同时也是记录的id -function save_xss_record($info, $filename) { - $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; - !file_exists($logFile) && @touch($logFile); +function save_xss_record( $info, $id ) { + $xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php'; - $info = encrypt($info); + $info = encrypt( $info ); - if (file_put_contents($logFile, '' . $info) === false) + if ( file_put_contents( $xss_record_file, '' . $info ) === false ) return false; else return true; } -function load_xss_record($filename) { - if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { - $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; - if (!file_exists($logFile)) +//读取某一时间戳的xss记录 +function load_xss_record( $id ) { + if ( preg_match( ID_REGEX, $id ) ) { + $xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php'; + if ( !file_exists( $xss_record_file ) ) return false; - $info = @file_get_contents($logFile); - if ($info === false) + $info = @file_get_contents( $xss_record_file ); + if ( $info === false ) return false; - if (strncmp($info, '', 15) != 0) + if ( strncmp( $info, '', 15 ) != 0 ) return false; - $info = substr($info, 15); - $info = decrypt($info); + $info = substr( $info, 15 ); + $info = decrypt( $info ); //只会出现在加密密码错误的时候 - if (!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info)) + if ( !preg_match( '/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info ) ) return false; - $info = json_decode($info, true); + $info = json_decode( $info, true ); //只会出现在加密密码错误的时候 - if ($info === false) + if ( $info === false ) return false; $isChange = false; - if (!isset($info['location'])) { - $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); + if ( !isset( $info['location'] ) ) { + $info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) ); $isChange = true; } //只会出现在加密密码错误的时候 - if (!isset($info['request_time'])) { + if ( !isset( $info['request_time'] ) ) { return false; } - if ($isChange) - save_xss_record(json_encode($info), $filename); + if ( $isChange ) + save_xss_record( json_encode( $info ), $id ); return $info; - } else + } + else return false; } -function delete_xss_record($filename) { - if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { - $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; - return unlink($logFile); - } else +//删除某一时间戳的xss记录 +function delete_xss_record( $id ) { + if ( preg_match( ID_REGEX, $_GET['id'] ) ) { + $xss_record_file = dirname(__FILE__) . '/' . DATA_PATH . '/' . $id . '.php'; + return unlink( $xss_record_file ); + } + else return false; } +//清空xss记录 function clear_xss_record() { - $files = glob(DATA_PATH . '/*.php'); + $files = glob( DATA_PATH . '/*.php' ); - foreach ($files as $file) { - unlink($file); + foreach ( $files as $file ) { + unlink( $file ); } return true; } -function load_js_content($path, $filename) { - if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { +//获取xss记录时间戳列表 +function list_xss_record_id() { + $files = glob( DATA_PATH . '/*.php' ); + $list = array(); + foreach ( $files as $file ) { + $filename = basename( $file, ".php" ); + if ( preg_match( ID_REGEX, $filename ) ) + $list[] = $filename; + } + return $list; +} + +//获取所有xss记录 +function list_xss_record_detail() { + $list = array(); + $files = glob( DATA_PATH . '/*.php' ); + arsort( $files ); + + foreach ( $files as $file ) { + $filename = basename( $file, ".php" ); + + $info = load_xss_record( $filename ); + if ( $info === false ) + continue; + + $isChange = false; + //如果没有设置location,就查询qqwry.dat判断location + if ( !isset( $info['location'] ) ) { + $info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) ); + $isChange = true; + } + + if ( $isChange ) + save_xss_record( json_encode( $info ), $filename ); + $list[] = $info; + + } + return $list; +} + +//读取名为$filename的js文件内容 +function load_js_content( $path, $filename ) { + if ( preg_match( FILE_REGEX, $filename ) ) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; - if (!file_exists($file)) + if ( !file_exists( $file ) ) return false; - $info = @file_get_contents($file); - if ($info === false) + $info = @file_get_contents( $file ); + if ( $info === false ) $info = ""; return $info; - } else + } + else return false; } -function delete_js($path, $filename) { - if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { +//删除名为$filename的js +function delete_js( $path, $filename ) { + if ( preg_match( FILE_REGEX, $filename ) ) { $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; - unlink($file); + unlink( $file ); $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; - return unlink($file); - } else + return unlink( $file ); + } + else return false; } -function clear_js($path) { - $files = glob($path . '/*.desc'); - foreach ($files as $file) { - unlink($file); +//清空js +function clear_js( $path ) { + $files = glob( $path . '/*.desc' ); + foreach ( $files as $file ) { + unlink( $file ); } - $files = glob($path . '/*.js'); - foreach ($files as $file) { - unlink($file); + $files = glob( $path . '/*.js' ); + foreach ( $files as $file ) { + unlink( $file ); } return true; } -function save_js_content($path, $content, $filename) { - $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; - !file_exists($file) && @touch($file); - - if (file_put_contents($file, $content) === false) - return false; +//保存名为$filename的js文件内容 +function save_js_content( $path, $content, $filename ) { + if( preg_match( FILE_REGEX, $filename ) ) { + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; + + if ( file_put_contents( $file, $content ) === false ) + return false; + else + return true; + } else - return true; + return false; } -function save_js_desc($path, $desc, $filename) { - $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; - !file_exists($file) && @touch($file); - - $desc = encrypt($desc); - - if (file_put_contents($file, $desc) === false) - return false; +//保存名为$filename的js文件描述 +function save_js_desc( $path, $desc, $filename ) { + if( preg_match( FILE_REGEX, $filename ) ) { + $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; + + $desc = encrypt( $desc ); + + if ( file_put_contents($file, $desc) === false ) + return false; + else + return true; + } else - return true; + return false; + +} + +//获取js的名字与描述列表 +function list_js_name_and_desc( $path ) { + $list = array(); + $files = glob( $path . '/*.js' ); + arsort( $files ); + + foreach ( $files as $file ) { + //由于可能有中文名,故使用正则来提取文件名 + $item = array(); + $item['js_uri'] = $file; + + $filename = preg_replace( '/^.+[\\\\\\/]/', '', $file ); + $filename = substr( $filename, 0, strlen( $filename ) - 3 ); + $item['js_name'] = $filename; + $item['js_name_abbr'] = stripStr( $filename ); + + $result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' ); + $result = $result ? $result : ""; + + + $result = decrypt( $result ); + + if ( json_encode( $result ) === false ) + $result = "加密密码不符,无法获得描述"; + + $item['js_description'] = $result; + $item['js_description_abbr'] = stripStr( $result ); + + //特别注意:只有js_name_abbr,js_description_abbr经过stripStr处理 + $list[] = $item; + + } + return $list; +} + +//载入封禁的ip +function loadForbiddenIPList() { + $forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat'; + !file_exists( $forbidden_IP_list_file ) && @touch( $forbidden_IP_list_file ); + $str = @file_get_contents( $forbidden_IP_list_file ); + if ( $str === false ) + return array(); + + $str = decrypt($str); + + if ( $str != '' ) { + $result = json_decode( $str, true ); + if ( $result != null ) + return $result; + else + return array(); + } + else + return array(); +} + +//保存封禁ip +function saveForbiddenIPList( $forbiddenIPList ) { + $forbidden_IP_list_file = DATA_PATH . '/forbiddenIPList.dat'; + $str = json_encode( $forbiddenIPList ); + $str = encrypt( $str ); + @file_put_contents( $forbidden_IP_list_file, $str ); } \ No newline at end of file diff --git a/login.php b/login.php index 7ad9596..d679603 100644 --- a/login.php +++ b/login.php @@ -3,6 +3,7 @@ define("IN_XSS_PLATFORM", true); require_once("load.php"); require_once("functions.php"); +require_once("dio.php"); //CSP开启 header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'"); @@ -48,34 +49,6 @@ if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) { } else $is_pass_wrong = true; -function loadForbiddenIPList() { - $logfile = DATA_PATH . '/forbiddenIPList.dat'; - !file_exists($logfile) && @touch($logfile); - $str = @file_get_contents($logfile); - if ($str === false) - return array(); - - $str = decrypt($str); - - - if ($str != '') { - $result = json_decode($str, true); - if ($result != null) - return $result; - else - return array(); - } else - return array(); -} - -function saveForbiddenIPList($forbiddenIPList) { - $logfile = DATA_PATH . '/forbiddenIPList.dat'; - !file_exists($logfile) && @touch($logfile); - $str = json_encode($forbiddenIPList); - $str = encrypt($str); - @file_put_contents($logfile, $str); -} - /* 生成密码 php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);$key=md5($salt.$key.$salt);echo $key;"