bnbweb/back/includes/init.php

355 lines
9.3 KiB
PHP
Raw Permalink Normal View History

2022-11-14 15:49:28 +00:00
<?php
if (!defined('IN_ECS'))
{
die('Hacking attempt');
}
define('ECS_ADMIN', true);
error_reporting(E_ALL);
if (__FILE__ == '')
{
die('Fatal error code: 0');
}
/* 初始化设置 */
@ini_set('memory_limit', '-1');
@ini_set('session.cache_expire', 86400);
@ini_set('session.use_trans_sid', 0);
@ini_set('session.use_cookies', 1);
@ini_set('session.auto_start', 1);
@ini_set('display_errors', 1);
//echo ini_get("session.gc_maxlifetime");
if (DIRECTORY_SEPARATOR == '\\')
{
@ini_set('include_path', '.;' . ROOT_PATH);
}
else
{
@ini_set('include_path', '.:' . ROOT_PATH);
}
/* 取得当前supplier所在的根目录 */
if(!defined('ADMIN_PATH'))
{
define('ADMIN_PATH','back');
}
if (file_exists('../data/config.php'))
{
include('../data/config.php');
}
else
{
include('../includes/config.php');
}
define('ROOT_PATH', str_replace(ADMIN_PATH . '/includes/init.php', '', str_replace('\\', '/', __FILE__)));
if (defined('DEBUG_MODE') == false)
{
define('DEBUG_MODE', 0);
}
if (PHP_VERSION >= '5.1' && !empty($timezone))
{
date_default_timezone_set($timezone);
}
if (isset($_SERVER['PHP_SELF']))
{
define('PHP_SELF', $_SERVER['PHP_SELF']);
}
else
{
define('PHP_SELF', $_SERVER['SCRIPT_NAME']);
}
require(ROOT_PATH . 'includes/inc_constant.php');
require(ROOT_PATH . 'includes/cls_ecshop.php');
require(ROOT_PATH . 'includes/cls_error.php');
require(ROOT_PATH . 'includes/lib_time.php');
require(ROOT_PATH . 'includes/lib_base.php');
require(ROOT_PATH . 'includes/lib_common.php');
require(ROOT_PATH . 'includes/lib_supplier_common.php');
require(ROOT_PATH . ADMIN_PATH . '/includes/lib_main.php');
require(ROOT_PATH . ADMIN_PATH . '/includes/cls_exchange.php');
/* 对用户传入的变量进行转义操作。*/
if (!get_magic_quotes_gpc())
{
if (!empty($_GET))
{
$_GET = addslashes_deep($_GET);
}
if (!empty($_POST))
{
$_POST = addslashes_deep($_POST);
}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
/* 对路径进行安全处理 */
if (strpos(PHP_SELF, '.php/') !== false)
{
ecs_header("Location:" . substr(PHP_SELF, 0, strpos(PHP_SELF, '.php/') + 4) . "\n");
exit();
}
/* 创建 ECSHOP 对象 */
$ecs = new ECS($db_name, $prefix);
define('DATA_DIR', $ecs->data_dir());
define('IMAGE_DIR', $ecs->image_dir());
/* 初始化数据库类 */
require(ROOT_PATH . 'includes/cls_mysql.php');
$db = new cls_mysql($db_host, $db_user, $db_pass, $db_name);
$db_host = $db_user = $db_pass = $db_name = NULL;
/* 创建错误处理对象 */
$err = new ecs_error('message.htm');
/* 初始化session */
//require(ROOT_PATH . 'includes/cls_session.php');
//$sess = new cls_session($db, $ecs->table('sessions'), $ecs->table('sessions_data'), 'ECSCP_ID');
session_start();
/* 初始化 action */
if (!isset($_REQUEST['act']))
{
$_REQUEST['act'] = '';
}
elseif (($_REQUEST['act'] == 'login' || $_REQUEST['act'] == 'logout' || $_REQUEST['act'] == 'signin' || $_REQUEST['act'] == 'rsignin') &&
strpos(PHP_SELF, '/privilege.php') === false)
{
$_REQUEST['act'] = '';
}
elseif (($_REQUEST['act'] == 'forget_pwd' || $_REQUEST['act'] == 'reset_pwd' || $_REQUEST['act'] == 'get_pwd') &&
strpos(PHP_SELF, '/get_password.php') === false)
{
$_REQUEST['act'] = '';
}
/* 载入系统参数 */
$_CFG = array_merge(load_config(),load_config_supplier());
// TODO : 登录部分准备拿出去做,到时候把以下操作一起挪过去
if ($_REQUEST['act'] == 'captcha')
{
include(ROOT_PATH . 'includes/cls_captcha.php');
$img = new captcha('../data/captcha/');
@ob_end_clean(); //清除之前出现的多余输入
$img->generate_image();
exit;
}
require(ROOT_PATH . 'languages/' .$_CFG['lang']. '/back/common.php');
require(ROOT_PATH . 'languages/' .$_CFG['lang']. '/back/log_action.php');
if (file_exists(ROOT_PATH . 'languages/' . $_CFG['lang'] . '/back/' . basename(PHP_SELF)))
{
include(ROOT_PATH . 'languages/' . $_CFG['lang'] . '/back/' . basename(PHP_SELF));
}
if (!file_exists('../temp/caches'))
{
@mkdir('../temp/caches', 0777);
@chmod('../temp/caches', 0777);
}
if (!file_exists('../temp/compiled/agent'))
{
@mkdir('../temp/compiled/agent', 0777);
@chmod('../temp/compiled/agent', 0777);
}
clearstatcache();
/* 如果有新版本,升级 */
if (!isset($_CFG['ecs_version']))
{
$_CFG['ecs_version'] = 'v2.0.5';
}
/* 创建 Smarty 对象。*/
require(ROOT_PATH . 'includes/cls_template.php');
$smarty = new cls_template;
$smarty->template_dir = ROOT_PATH . ADMIN_PATH . '/templates';
$smarty->compile_dir = ROOT_PATH . 'temp/compiled/agent';
if ((DEBUG_MODE & 2) == 2)
{
$smarty->force_compile = true;
}
$smarty->assign('lang', $_LANG);
if(isset($_CFG['enable_order_check'])) // 为了从旧版本顺利升级到2.5.0
{
$smarty->assign('enable_order_check', $_CFG['enable_order_check']);
}
else
{
$smarty->assign('enable_order_check', 0);
}
/* 验证管理员身份 */
if ((!isset($_SESSION['user_id']) || intval($_SESSION['user_id']) <= 0) &&
$_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'rsignin')
{
/* session 不存在检查cookie */
if (!empty($_COOKIE['ECSCP']['user_id']) && !empty($_COOKIE['ECSCP']['user_pass']))
{
$sql = 'SELECT * ' .
' FROM ' .$ecs->table('users') .
" WHERE user_id = '" . intval($_COOKIE['ECSCP']['user_id']) . "'";
$row = $db->GetRow($sql);
if (!$row)
{
// 没有找到这个记录
setcookie($_COOKIE['ECSCP']['user_id'], '', 1);
setcookie($_COOKIE['ECSCP']['user_pass'], '', 1);
if (!empty($_REQUEST['is_ajax']))
{
make_json_error($_LANG['priv_error']);
}
else
{
// echo '231';
// exit;
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
else
{
// 检查密码是否正确
if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['user_pass'])
{
!isset($row['last_time']) && $row['last_time'] = '';
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
// set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time']);
// 更新最后登录时间和IP
$db->query('UPDATE ' . $ecs->table('users') .
" SET last_login = '" . gmtime() . "', last_ip = '" . real_ip() . "'" .
" WHERE user_id = '" . $_SESSION['user_id'] . "'");
}
else
{
setcookie($_COOKIE['ECSCP']['agent_id'], '', 1);
setcookie($_COOKIE['ECSCP']['agent_pass'], '', 1);
if (!empty($_REQUEST['is_ajax']))
{
make_json_error($_LANG['priv_error']);
}
else
{
//echo '266';
//exit;
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
}
else
{
if (!empty($_REQUEST['is_ajax']))
{
make_json_error($_LANG['priv_error']);
}
else
{
// echo '283';
// exit;
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
//$smarty->assign('token', $_CFG['token']);
/*
if ($_REQUEST['act'] != 'login' && $_REQUEST['act'] != 'signin' && $_REQUEST['act'] != 'rsignin' &&
$_REQUEST['act'] != 'forget_pwd' && $_REQUEST['act'] != 'reset_pwd' && $_REQUEST['act'] != 'check_order')
{
$admin_path = preg_replace('/:\d+/', '', $ecs->url()) . ADMIN_PATH;
if (!empty($_SERVER['HTTP_REFERER']) &&
strpos(preg_replace('/:\d+/', '', $_SERVER['HTTP_REFERER']), $admin_path) === false)
{
if (!empty($_REQUEST['is_ajax']))
{
make_json_error($_LANG['priv_error']);
}
else
{
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
*/
/* 管理员登录后可在任何页面使用 act=phpinfo 显示 phpinfo() 信息 */
if ($_REQUEST['act'] == 'phpinfo' && function_exists('phpinfo'))
{
phpinfo();
exit;
}
//header('Cache-control: private');
header('content-type: text/html; charset=' . EC_CHARSET);
header('Expires: Fri, 14 Mar 1980 20:53:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
if ((DEBUG_MODE & 1) == 1)
{
error_reporting(E_ALL);
}
else
{
error_reporting(E_ALL ^ E_NOTICE);
}
if ((DEBUG_MODE & 4) == 4)
{
include(ROOT_PATH . 'includes/lib.debug.php');
}
/* 判断是否支持gzip模式 */
if (gzip_enabled())
{
ob_start('ob_gzhandler');
}
else
{
ob_start();
}
create_shop_settiongs();
?>