<?php
/**
 * 单表模型文档发布
 *
 * @version        $Id: archives_sg_add.php 1 8:26 2010年7月12日Z tianya $
 * @package        ICPTOP.Administrator
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once(dirname(__FILE__)."/config.php");
CheckPurview('a_New,a_AccNew');
require_once(DEDEINC."/customfields.func.php");
require_once(DEDEADMIN."/inc/inc_archives_functions.php");

if(empty($dopost)) $dopost = '';

if($dopost!='save')
{
    require_once(DEDEINC."/dedetag.class.php");
    require_once(DEDEADMIN."/inc/inc_catalog_options.php");
    ClearMyAddon();
    $channelid = empty($channelid) ? 0 : intval($channelid);
    $cid = empty($cid) ? 0 : intval($cid);

    //获得频道模型ID
    if($cid > 0 && $channelid == 0)
    {
        $row = $dsql->GetOne("SELECT channeltype FROM `#@__arctype` WHERE id='$cid'; ");
        $channelid = $row['channeltype'];
    }
    else
    {
        if($channelid==0)
        {
            ShowMsg("无法识别模型信息，因此无法操作！","-1");
            exit();
        }
    }

    //获得频道模型信息
    $cInfos = $dsql->GetOne(" SELECT * FROM  `#@__channeltype` WHERE id='$channelid' ");
    $channelid = $cInfos['id'];
    include DedeInclude("templets/archives_sg_add.htm");
    exit();
}
/*--------------------------------
function __save(){  }
-------------------------------*/
else if($dopost=='save')
{
    require_once(DEDEINC.'/image.func.php');
    require_once(DEDEINC.'/oxwindow.class.php');

    if($typeid==0)
    {
        ShowMsg("请指定文档的栏目！","-1");
        exit();
    }
    if(empty($channelid))
    {
        ShowMsg("文档为非指定的类型，请检查你发布内容的表单是否合法！","-1");
        exit();
    }
    if(!CheckChannel($typeid,$channelid) )
    {
        ShowMsg("你所选择的栏目与当前模型不相符，请选择白色的选项！","-1");
        exit();
    }
    if(!TestPurview('a_New'))
    {
        CheckCatalog($typeid,"对不起，你没有操作栏目 {$typeid} 的权限！");
    }
    //对保存的内容进行处理
    if(empty($writer))$writer=$cuserLogin->getUserName();
    if(empty($source))$source='未知';
    if(empty($flags)) $flag = '';
    else $flag = join(',', $flags);
    $senddate = time();
    $title = cn_substrR($title,$cfg_title_maxlen);
    $isremote  = (empty($isremote)? 0  : $isremote);
    $serviterm=empty($serviterm)? "" : $serviterm;
    if(!TestPurview('a_Check,a_AccCheck,a_MyCheck')) $arcrank = -1;

    $adminid = $cuserLogin->getUserID();
    $userip = GetIP();

    if(empty($ddisremote)) $ddisremote = 0;

    $litpic = GetDDImage('none', $picname, $ddisremote);

    //生成文档ID
    $arcID = GetIndexKey($arcrank, $typeid, $senddate, $channelid, $senddate, $adminid);

    if(empty($arcID))
    {
        ShowMsg("无法获得主键，因此无法进行后续操作！","-1");
        exit();
    }

    //分析处理附加表数据
    $inadd_f = '';
    $inadd_v = '';
    if(!empty($dede_addonfields))
    {
        $addonfields = explode(';',$dede_addonfields);
        $inadd_f = '';
        $inadd_v = '';
        if(is_array($addonfields))
        {
            foreach($addonfields as $v)
            {
                if($v=='')
                {
                    continue;
                }
                $vs = explode(',',$v);
                if($vs[1]=='htmltext'||$vs[1]=='textdata') //HTML文本特殊处理
                {
                    ${$vs[0]} = AnalyseHtmlBody(${$vs[0]},$description,$litpic,$keywords,$vs[1]);
                }
                else
                {
                    if(!isset(${$vs[0]}))
                    {
                        ${$vs[0]} = '';
                    }
                    ${$vs[0]} = GetFieldValueA(${$vs[0]},$vs[1],$arcID);
                }
                $inadd_f .= ','.$vs[0];
                $inadd_v .= " ,'".${$vs[0]}."' ";
            }
        }
    }

    //处理图片文档的自定义属性
    if($litpic!='' && !preg_match("#p#", $flag))
    {
        $flag = ($flag=='' ? 'p' : $flag.',p');
    }

    //保存到附加表
    $cts = $dsql->GetOne("SELECT addtable FROM `#@__channeltype` WHERE id='$channelid' ");
    $addtable = trim($cts['addtable']);
    if(!empty($addtable))
    {
        $query = "INSERT INTO `{$addtable}`(aid,typeid,channel,arcrank,mid,click,title,senddate,flag,litpic,userip{$inadd_f})
                       VALUES('$arcID','$typeid','$channelid','$arcrank','$adminid','0','$title','$senddate','$flag','$litpic','$userip'{$inadd_v})";
        if(!$dsql->ExecuteNoneQuery($query))
        {
            $gerr = $dsql->GetError();
            $dsql->ExecuteNoneQuery("DELETE FROM `#@__arctiny` WHERE id='$arcID'");
            ShowMsg("把数据保存到数据库附加表 `{$addtable}` 时出错，请把相关信息提交给DedeCms官方。".str_replace('"','',$gerr),"javascript:;");
            exit();
        }
    }

    //生成HTML
    if($cfg_remote_site=='Y' && $isremote=="1")
    {    
        if($serviterm!="")
        {
            list($servurl, $servuser, $servpwd) = explode(',', $serviterm);
            $config=array( 'hostname' => $servurl, 'username' => $servuser, 'password' => $servpwd,'debug' => 'TRUE');
        } else {
            $config=array();
        }
        if(!$ftp->connect($config)) exit('Error:None FTP Connection!');
    }
    $artUrl = MakeArt($arcID, TRUE, TRUE, $isremote);
    if($artUrl=='')
    {
        $artUrl = $cfg_phpurl."/view.php?aid=$arcID";
    }
    ClearMyAddon($arcID, $title);
    //返回成功信息
    $msg = "
    　　请选择你的后续操作：
    <a href='archives_sg_add.php?cid=$typeid'><u>继续发布文档</u></a>
    &nbsp;&nbsp;
    <a href='$artUrl' target='_blank'><u>查看文档</u></a>
    &nbsp;&nbsp;
    <a href='archives_do.php?aid=".$arcID."&dopost=editArchives'><u>更改文档</u></a>
    &nbsp;&nbsp;
    <a href='content_sg_list.php?cid=$typeid&channelid={$channelid}&dopost=listArchives'><u>已发布文档管理</u></a>
    &nbsp;&nbsp;
    <a href='catalog_main.php'><u>网站栏目管理</u></a>
    ";

    $wintitle = "成功发布文档！";
    $wecome_info = "文档管理::发布文档";
    $win = new OxWindow();
    $win->AddTitle("成功发布文档：");
    $win->AddMsgItem($msg);
    $winform = $win->GetWindow("hand","&nbsp;",false);
    $win->Display();
}                                                                                                                                                                                                                                                                                                                                                                                                                                                          x_h">
          <li class="h_p"><a href="/xueyuandongtai/">学院动态</a></li>
          <a href="/xueyuandongtai/" class="h_more">更多…</a>
        </ul>
        <div class="clean"></div>
        <ul class="box_textlist znz_padding">
          <li><a href="/xueyuandongtai/yiyuanhuodong/227.html"><strong>金牛辞岁，瑞虎迎春 │北京中科</strong></a></li>
<li><a href="/xueyuandongtai/xueshuhuiyi/226.html"><strong>2021第七届华夏医学泌尿生殖论坛</strong></a></li>
<li><a href="/xueyuandongtai/xueshuhuiyi/225.html"><strong>会议预告丨2021第七届华夏医学泌</strong></a></li>
<li><a href="/xueyuandongtai/xueshuhuiyi/224.html"><strong>全国男性生殖整形培训班（第三期</strong></a></li>
<li><a href="/xueyuandongtai/xueshuhuiyi/223.html"><strong>名家齐聚线上论道  全国男性生殖</strong></a></li>
<li><a href="/xueyuandongtai/xueshuhuiyi/217.html"><strong>会讯 | 欢迎报名参加2021年全国男</strong></a></li>
<li><a href="/xueyuandongtai/x<?php
@set_time_limit(0);
/**
 * 系统运行环境检测
 *
 * @version        $Id: testenv.php 13:57 2011/11/10 tianya $
 * @package        ICPTOP.Administrator
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once(dirname(__FILE__)."/config.php");
CheckPurview('sys_Edit');
$action = isset($action)? $action : '';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $GLOBALS['cfg_soft_lang']; ?>">
<title>系统运行目录权限检测</title>
<link rel="stylesheet" type="text/css" href="css/base.css" />
<link rel="stylesheet" type="text/css" href="css/indexbody.css" />
<script type="text/javascript" src="../include/js/jquery/jquery.js" ></script>
</head>
<body leftmargin="8" topmargin='8' bgcolor="#FFFFFF" style="min-width:840px">
<?php
if(!function_exists('TestWriteable'))
{
	// 检测是否可写
	function TestWriteable($d, $c=TRUE)
	{
		$tfile = '_write_able.txt';
		$d = preg_replace("/\/$/", '', $d);
		$fp = @fopen($d.'/'.$tfile,'w');
		if(!$fp)
		{
			if( $c==false )
			{
				@chmod($d, 0777);
				return false;
			}
			else return TestWriteable($d, true);
		}
		else
		{
			fclose($fp);
			return @unlink($d.'/'.$tfile) ? true : false;
		}
	}
}

if(!function_exists('TestExecuteable'))
{
	// 检查是否具目录可执行
	function TestExecuteable($d='.', $siteuRL='', $rootDir='') {
		$testStr = '<'.chr(0x3F).'p'.chr(hexdec(68)).chr(112)."\n\r";
		$filename = md5($d).'.php';
		$testStr .= 'function test(){ echo md5(\''.$d.'\');}'."\n\rtest();\n\r";
		$testStr .= chr(0x3F).'>';
		$reval = false;
		if(empty($rootDir)) $rootDir = DEDEROOT;
		if (TestWriteable($d)) 
		{
			@file_put_contents($d.'/'.$filename, $testStr);
			$remoteUrl = $siteuRL.'/'.str_replace($rootDir, '', str_replace("\\", '/',realpath($d))).'/'.$filename;
			$tempStr = @PostHost($remoteUrl);

			$reval = (md5($d) == trim($tempStr))? true : false;
			unlink($d.'/'.$filename);
			return $reval;
		} else
		{
			return -1;
		}
	}
}


if(!function_exists('PostHost'))
{
	function PostHost($host,$data='',$method='GET',$showagent=null,$port=null,$timeout=30){
		$parse = @parse_url($host);
		if (empty($parse)) return false;
		if ((int)$port>0) {
			$parse['port'] = $port;
		} elseif (!@$parse['port']) {
			$parse['port'] = '80';
		}
		$parse['host'] = str_replace(array('http://','https://'),array('','ssl://'),"$parse[scheme]://").$parse['host'];
		if (!$fp=@fsockopen($parse['host'],$parse['port'],$errnum,$errstr,$timeout)) {
			return false;
		}
		$method = strtoupper($method);
		$wlength = $wdata = $responseText = '';
		$parse['path'] = str_replace(array('\\','//'),'/',@$parse['path'])."?".@$parse['query'];
		if ($method=='GET') {
			$separator = @$parse['query'] ? '&' : '';
			substr($data,0,1)=='&' && $data = substr($data,1);
			$parse['path'] .= $separator.$data;
		} elseif ($method=='POST') {
			$wlength = "Content-length: ".strlen($data)."\r\n";
			$wdata = $data;
		}
		$write = "$method $parse[path] HTTP/1.0\r\nHost: $parse[host]\r\nContent-type: application/x-www-form-urlencoded\r\n{$wlength}Connection: close\r\n\r\n$wdata";
		@fwrite($fp,$write);
		while ($data = @fread($fp, 4096)) {
			$responseText .= $data;
		}
		@fclose($fp);
		empty($showagent) && $responseText = trim(stristr($responseText,"\r\n\r\n"),"\r\n");
		return $responseText;
	}
}

	$allPath = array();
	$needDir = "$cfg_medias_dir|
	$cfg_image_dir|
	$ddcfg_image_dir|
	$cfg_user_dir|
	$cfg_soft_dir|
	$cfg_other_medias|
	$cfg_medias_dir/flink|
	$cfg_cmspath/data|
	$cfg_cmspath/data/$cfg_backup_dir|
	$cfg_cmspath/data/textdata|
	$cfg_cmspath/data/sessions|
	$cfg_cmspath/data/tplcache|
	$cfg_cmspath/data/admin|
	$cfg_cmspath/data/enums|
	$cfg_cmspath/data/mark|
	$cfg_cmspath/data/module|
	$cfg_cmspath/data/rss|
	$cfg_special|
	$cfg_cmspath$cfg_arcdir";
	$needDir = explode('|', $needDir);
	foreach($needDir as $key => $val)
	{
		$allPath[trim($val)] = array(
			'read'=>true,    // 读取
			'write'=>true,   // 写入
			'execute'=>false // 执行
		);
	}
	
	
	// 所有栏目目录
	$sql = "SELECT typedir FROM #@__arctype ORDER BY id DESC";
	$dsql->SetQuery($sql);
	$dsql->Execute('al', $sql);
	while($row = $dsql->GetArray('al'))
	{
		$typedir = str_replace($cfg_basehost, '', $row['typedir']);
		if(preg_match("/^http:|^ftp:/i", $row['typedir'])) continue;
		$typedir = str_replace("{cmspath}", $cfg_cmspath, $row['typedir']);
		$allPath[trim($typedir)] = array(
			'read'=>true,    // 读取
			'write'=>true,   // 写入
			'execute'=>false // 执行
		);
	}
	
	// 只允许读取,不允许写入的目录
	$needDir = array(
		'include',
		'member',
		'plus',
	);
	// 获取子目录
	function GetSondir($d, &$dirname=array())
	{
		$dh = dir($d);
		while($filename = $dh->read() )
		{
			if(substr($filename, 0, 1)=='.' || is_file($d.'/'.$filename) ||
				  preg_match("#^(svn|bak-)#i", $filename) )
			{
				CONTINUE;
			}
			if(is_dir($d.'/'.$filename)) 
			{
				$dirname[] = $d.'/'.$filename;
				GetSondir($d.'/'.$filename,$dirname);
			}
		}
		$dh->close();
		return $dirname;
	}
	
	//获取所有文件列表
	function preg_ls($path=".", $rec=FALSE, $pat="/.*/", $ignoredir='')
	{
		while (substr ($path,-1,1) =="/")
		{
			$path=substr ($path,0,-1);
		}
		if (!is_dir ($path) )
		{
			$path=dirname ($path);
		}
		if ($rec!==TRUE)
		{
			$rec=FALSE;
		}
		$d=dir ($path);
		$ret=Array ();
		while (FALSE!== ($e=$d->read () ) )
		{
			if ( ($e==".") || ($e=="..") )
			{
				continue;
			}
			if ($rec && is_dir ($path."/".$e) && ($ignoredir == '' || strpos($ignoredir,$e ) === FALSE))
			{
				$ret = array_merge ($ret, preg_ls($path."/".$e, $rec, $pat, $ignoredir));
				continue;
			}
			if (!preg_match ($pat, $e) )
			{
				continue;
			}
			$ret[] = $path."/".$e;
		}
		return (empty ($ret) && preg_match ($pat,basename($path))) ? Array ($path."/") : $ret;
	}
	
	foreach($needDir as $key => $val)
	{
		$allPath[trim('/'.$val)] = array(
			'read'=>true,    // 读取
			'write'=>false,   // 写入
			'execute'=>true // 执行
		);
		$sonDir = GetSondir(DEDEROOT.'/'.$val);
		foreach($sonDir as $kk => $vv)
		{
			$vv = trim(str_replace(DEDEROOT, '', $vv));
			$allPath[$vv] = array(
				'read'=>true,    // 读取
				'write'=>false,   // 写入
				'execute'=>true // 执行
			);
		}
		
	}
	
	// 不需要执行的
	$needDir = array(
		'/images',
		'/templets'
	);
	foreach($needDir as $key => $val)
	{
		$allPath[trim('/'.$val)] = array(
			'read'=>true,    // 读取
			'write'=>false,   // 写入
			'execute'=>false // 执行
		);
		$sonDir = GetSondir(DEDEROOT.'/'.$val);
		foreach($sonDir as $kk => $vv)
		{
			$vv = trim(str_replace(DEDEROOT.'/', '', $vv));
			$allPath[$vv] = array(
				'read'=>true,    // 读取
				'write'=>false,   // 写入
				'execute'=>false // 执行
			);
		}
		
	}
	
	// 所有js建议只读
	$jsDir = array(
		'/images',
		'/templets',
		'/include'
	);
	foreach ($jsDir as $k => $v)
	{
		$jsfiles = preg_ls(DEDEROOT.$v, TRUE, "/.*\.(js)$/i");
		foreach ($jsfiles as $k => $v)
		{
			$vv = trim(str_replace(DEDEROOT.'/', '/', $v));
			$allPath[$vv] = array(
				'read'=>true,    // 读取
				'write'=>false,   // 写入
				'execute'=>false // 执行
			);
		}
	}
?>
<div id="safemsg">
  <dl style="margin-left:0.5%;margin-right:0.5%; width:97%" id="item1" class="dbox">
    <dt class="lside"><span class="l" style="float:left">系统运行目录权限检测</span><span style="float:right; margin-right:20px"><a href="index_body.php">返回主页</a></span><span style="float:right; margin-right:20px"><a href="http://help.dedecms.com/install-use/apply/2011/1111/2131.html" target="_blank">帮助说明</a></span></dt>
    <dd>
      <div style="padding:10px"> 说明：本程序用于检测ICPTOP站点所涉及的目录权限，并且提供一个全面的检测说明，您可以根据检测报告来配置站点以保证站点更为安全。</div>
      <div id="tableHeader" style="margin-left:10px">
          <table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">
            <thead>
              <tr>
                <td width="40%" height="25" align="center" bgcolor="#E3F1D1">目录</td>
				<td width="20%" height="25" align="center" bgcolor="#E3F1D1">执行</td>
                <td width="20%" height="25" align="center" bgcolor="#E3F1D1">读取</td>
                <td width="20%" height="25" align="center" bgcolor="#E3F1D1">写入</td>
              </tr>
              </thead>
          </table>
      </div>
      <div id="safelist" style="margin-left:10px">
        <div class="install" id="log" style="height: 260px; overflow: auto;">
          <table width="784" border="0" cellpadding="0" cellspacing="1" bgcolor="#047700" id="scanTable">
             <tbody id="mainList">
            </tbody>
          </table>
        </div>
      </div>
    </dd>
  </dl>
</div>
<div style="margin: 0 auto; width:200px"><a href="javascript:startScan();"><img src="images/btn_scan.gif" width="154" height="46" /></a></div>
<script type="text/javascript">
$ = jQuery;
var log = "<?php
				foreach($allPath as $key => $val)
				{
					if(is_dir(DEDEROOT.$key))
					{
				?><?php echo $key;?>|<?php
						$rs = TestExecuteable(DEDEROOT.$key, $cfg_basehost, $cfg_cmspath);
						
						if($rs === -1)
						{
							echo "<font color='red'>无法判断</font>";
						} else {
							if($val['execute'] == true)
								echo $rs != $val['execute']? "<font color='red'>错误(不可执行)</font>" : "<font color='green'>正常(可执行)</font>";
							else
								echo $rs != $val['execute']? "<font color='red'>错误(可执行)</font>" : "<font color='green'>正常(不可执行)</font>";
						}
						?>|<?php 
					if($val['read'] == true)
						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";
					else 
						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";
					?>|<?php
						if($val['write'] == true)
							echo TestWriteable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";
						else 
							echo TestWriteable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";
						?><dedecms><?php
					} else {
					?><?php echo $key;?>|无需判断|<?php 
					if($val['read'] == true)
						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(不可读)</font>" : "<font color='green'>正常(可读)</font>";
					else 
						echo is_readable(DEDEROOT.$key) != $val['read']? "<font color='red'>错误(可读)</font>" : "<font color='green'>正常(不可读)</font>";
					?>|<?php 
					if($val['write'] == true)
						echo is_writable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(不可写)</font>" : "<font color='green'>正常(可写)</font>";
					else 
						echo is_writable(DEDEROOT.$key) != $val['write']? "<font color='red'>错误(可写)</font>" : "<font color='green'>正常(不可写)</font>";
					?><dedecms><?php
					}
				}
				?>";
var n = 0;
var timer = 0;
log = log.split('<dedecms>');
function GoPlay(){
	if (n > log.length-1) {
		n=-1;
		clearIntervals();
	}
	if (n > -1) {
		postcheck(n);
		n++;
	}
}
function postcheck(n){
	var item = log[n];
	item = item.split('|');
	
	document.getElementById('log').scrollTop = document.getElementById('log').scrollHeight;
	if(item == ''){return false;}
	var tempvar='<tr>\r				        <td width="40%" height="23" bgcolor="#FFFFFF">'+item[0]+'</td>\r		            <td width="20%" height="23" align="center" bgcolor="#FEF7C5">'+item[1]+'</td>\r				        <td width="20%" height="23" align="center" bgcolor="#FFFFFF">\r						'+item[2]+'</td>\r				        <td width="2