资源描述
?phperror_reporting(E_ALL|E_STRICT); date_default_timezone_set(Asia/Shanghai); set_magic_quotes_runtime(0);$mtime = explode( , microtime(); $pic_starttime = $mtime1 + $mtime0; /定义一些常量 define(SYS_DEBUG, FALSE); define(IN_PIC, TRUE);define(PIC_ROOT, substr(ereg_replace(/1, /, dirname(_ FILE_) ), 0, -3);define(IMG,PIC_ROOT.public/images/); define(JS,PIC_ROOT.public/js/); define(CSS,PIC_ROOT.public/css/); define(INC,PIC_ROOT.include/); include_once(INC.global.func.php); define(PICDATA, PIC_ROOT.data); define(MAGIC_QUOTES_GPC, get_magic_quotes_gpc(); if(!defined(CURSCRIPT) define(CURSCRIPT, defined(BINDDOMAIN) ? BINDDOMAIN : BINDDOMAIN);if(PHP_VERSION $_v) $svar$_k = _RunMagicQuote s($_v);else$svar = addslashes($svar);return $svar;foreach(Array(_GET,_POST,_COOKIE) as $_request)foreach($_request as $_k = $_v) $_k = _RunMagicQuote s($_v);foreach ($_REQUEST as $k=$Parameters)if(eregi(select|insert|update|delete|/*|*|./|./|union|into|load_f ile|outfile, $Parameters) & strlen($_k)0)exit(Request var not allow!);else$str = daddslashes(ereg_replace(% , % ,$Parameters);$str = daddslashes(ereg_replace(_ , _ ,$Parameters);$str = dhtmlspecialchars(nl2br($str);if (!MAGIC_QUOTES_GPC & $_FILES) $_FILES = daddslashes($_FILES);/禁止恶意 url 访问include_once(config.inc.php);if($urlxssdefend & !empty($_SERVERREQUEST_URI) $temp = urldecode($_SERVERREQUEST_URI);if(strpos($temp, $val) if(substr($key, 0, $prelength) = $cookiepre) $_DCOOKIE(substr($key, $prelength) = MAGIC_QUOTES_G PC ? $val : addslashes($val);unset($prelength, $_request, $_key, $_value);/获取访问 url 地址$PHP_SELF = htmlspecialchars($_SERVERPHP_SELF ? $_ SERVERPHP_SELF : $_SERVERSCRIPT_NAME);$BASESCRIPT = basename($PHP_SELF);list($BASEFILENAME) = explode(., $BASESCRIPT);$boardurl = htmlspecialchars(http:/.$_SERVERHTTP_HOST. preg_replace(/+(api|archiver|wap)?/*$/i, , substr($PHP_SELF,0, strrpos($PHP_SELF, /)./);define(URLNAME ,$boardurl);/获取访问 ipif(getenv(HTTP_CLIENT_IP) & strcasecmp(getenv(HTTP_CLIENT_IP), unknown) $onlineip = getenv(HTTP_CLIENT_IP); elseif(getenv(HTTP_X_FORWARDED_FOR) & strcasecmp(g etenv(HTTP_X_FORWARDED_FOR), unknown) $onlineip = getenv(HTTP_X_FORWARDED_FOR); elseif(getenv(REMOTE_ADDR) & strcasecmp(getenv(REMOTE_ADDR), unknown) $onlineip = getenv(REMOTE_ADDR); elseif(isset($_SERVERREMOTE_ADDR) & $_SERVERRE MOTE_ADDR & strcasecmp($_SERVERREMOTE_ADDR, unknown) $onlineip = $_SERVERREMOTE_ADDR;preg_match(/d.7,15/, $onlineip, $onlineipmatches);$onlineip = $onlineipmatches0 ? $onlineipmatches0 : unkno wn;unset($onlineipmatches);/更新缓冲 if(function_exists(ob_gzhandler) & !in_array(CURSCRIPT, arra y(BINDDOMAIN, wap) ob_start(ob_gzhandler); else $gzipcompress = 0;ob_start();/Session 保存路径$sessSavePath = PICDATA./sessions/; if(is_writeable($sessSavePath) & is_readable($sessSavePath) session_save_path($sessSavePath);session_start();include_once(smarty_inc.php);include_once(config.inc.php); include(db_$database.class.php);/防止蜘蛛程序getrobot();if(defined(NOROBOT) & IS_ROBOT) exit(header(HTTP/1.1 403 Forbidden);$db = new dbstuff();$db-connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);$dbuser = $dbpw = $pconnect = $sdb = NULL; include_once(INC.Stores_fun_inc.php);$arr = $db-fetch_array($db-query(SELECT * FROM smain_ web_settings WHERE 1);$arrurl = explode(?, $_SERVERHTTP_REFERER);$url = $arrurl0;?
展开阅读全文