DiscuzX/upload/source/admincp/cloud/cloud_security.php

471 lines
18 KiB
PHP

<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: cloud_security.php 36284 2016-12-12 00:47:50Z nemohou $
*/
if(!defined('IN_DISCUZ') || !defined('IN_ADMINCP')) {
exit('Access Denied');
}
$op = trim($_GET['op']);
$_GET['anchor'] = in_array($_GET['anchor'], array('index', 'setting', 'thread', 'post', 'member', 'reportOperation', 'reopen')) ? $_GET['anchor'] : 'index';
$pt = in_array($_GET['anchor'], array('thread', 'post')) ? $_GET['anchor'] : 'thread';
$current = array($_GET['anchor'] => 1);
$operateresultmap = array(
'0' => 1,
'-1' => 0,
'-5' => 0
);
$securitynav = array();
$securitynav[0] = array('security_index', 'cloud&operation=security&anchor=index', $current['index']);
$securitynav[1] = array('security_blanklist', 'cloud&operation=security&anchor=setting', $current['setting']);
$securitynav[2] = array('security_thread_list', 'cloud&operation=security&anchor=thread', $current['thread']);
$securitynav[3] = array('security_post_list', 'cloud&operation=security&anchor=post', $current['post']);
$securitynav[4] = array('security_member_list', 'cloud&operation=security&anchor=member', $current['member']);
if (!$_G['inajax']) {
cpheader();
shownav('safe', 'menu_cloud_security', 'security_'.$_GET['anchor'].'_list');
showsubmenu('menu_cloud_security', $securitynav);
}
$tpp = !empty($_GET['tpp']) ? $_GET['tpp'] : '20';
$start_limit = ($page - 1) * $tpp;
require_once libfile('function/discuzcode');
require_once libfile('function/core');
$datas = $data = $eviluids = $evilPids = $evilTids = $members = $thread = $post = '';
if($_GET['anchor'] != 'reopen') {
$apps = $appService->getCloudApps();
if(empty($apps) || empty($apps[$operation]) || $apps[$operation]['status'] == 'close') {
cpmsg('security_reopen', '', 'succeed');
}
}
if ($_GET['anchor'] == 'index') {
$utilService = Cloud::loadClass('Service_Util');
$signUrl = $utilService->generateSiteSignUrl(array('v' => 2));
$utilService->redirect($cloudDomain.'/security/stats/list/?' . $signUrl);
} elseif ($_GET['anchor'] == 'setting') {
if (!submitcheck('settingsubmit')) {
loadcache('setting');
$evilthreads = C::t('common_setting')->fetch('cloud_security_stats_thread');
$evilposts = C::t('common_setting')->fetch('cloud_security_stats_post');
$evilmembers = C::t('common_setting')->fetch('cloud_security_stats_member');
$usergroupswhitelist = $_G['setting']['security_usergroups_white_list'];
$groupselect = array();
foreach (C::t('common_usergroup')->fetch_all_not(array('6','7')) as $group) {
$group['type'] = $group['type'] == 'special' && $group['radminid'] ? 'specialadmin' : $group['type'];
$groupselect[$group['type']] .= "<option value=\"$group[groupid]\" ".(in_array($group['groupid'], $usergroupswhitelist) ? 'selected' : '').">$group[grouptitle]</option>\n";
}
$groupselect = '<optgroup label="'.$lang['usergroups_member'].'">'.$groupselect['member'].'</optgroup>'.
($groupselect['special'] ? '<optgroup label="'.$lang['usergroups_special'].'">'.$groupselect['special'].'</optgroup>' : '').
($groupselect['specialadmin'] ? '<optgroup label="'.$lang['usergroups_specialadmin'].'">'.$groupselect['specialadmin'].'</optgroup>' : '').
'<optgroup label="'.$lang['usergroups_system'].'">'.$groupselect['system'].'</optgroup>';
$forumswhitelist = $_G['setting']['security_forums_white_list'];
require_once libfile('function/forumlist');
loadcache('forums');
$forumselect = str_replace('%', '%%', forumselect(FALSE, 0, $forumswhitelist, TRUE));
showformheader('cloud&operation=security&anchor=setting');
showtableheader('security_white_list_setting', '', '', 2);
showsetting('security_usergroup_white_list', '', '', '<select name="groupid[]" multiple="multiple" size="10">'.$groupselect.'</select>');
showsetting('security_forum_white_list', '', '', '<select name="fid[]" multiple="multiple" size="10">'.$forumselect.'</select>');
showsubmit('settingsubmit');
showtablefooter();
showformfooter();
} else {
$usergroups = $_POST['groupid'];
$forums = $_POST['fid'];
$updateData = array(
'security_usergroups_white_list' => serialize($usergroups),
'security_forums_white_list' => serialize($forums)
);
C::t('common_setting')->update_batch($updateData);
updatecache('setting');
cpmsg('setting_update_succeed', 'action=cloud&operation=security&anchor='.$_GET['anchor'], 'succeed');
}
} elseif ($_GET['anchor'] == 'thread') {
$count = C::t('#security#security_evilpost')->count_by_type('1');
$multipage = multi($count, $tpp, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=thread');
list($datas, $evilTids) = getEvilList('thread', $start_limit, $tpp);
echo "<p><a href='###' onclick='$(\"recyclebinform\").submit();'>{$lang['security_recyclebin_thread']}</a></p>";
showformheader('recyclebin&operation=search', 'style="display: none;"', 'recyclebinform');
showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
showformfooter();
showtableheader('', '', 'id = "security_list"');
showsubtitle(array('security_subject', 'security_forum', 'security_author', 'security_thread_status'));
foreach($datas as $key => $value) {
if(!$value['message']) {
$subjectstyle = 'class = "threadopt"';
} else {
$subjectstyle = '';
}
$value['message'] = convertMessage($value);
$modthreadkey = modauthkey($value['tid']);
$viewlink = $value['message'] ? '<a href="forum.php?mod=redirect&goto=findpost&ptid='.$value['tid'].'&pid='.$value['pid'].'&modthreadkey='.$modthreadkey.'" target="_blank" title="'.$lang['security_view_thread'].'">'.$value['subject'].'</a>' : '';
$thread = array(convertSubjectandIP($value, $viewlink), getNamebyFid($value['fid']), convertAuthorAndDate($value), //convertIdtoStr($value['eviltype']),
convertIdtoStr($value['invisible'], 'adminoperate'));
showtagheader('tbody', '', true, 'hover');
showtablerow($subjectstyle, array('width = "400px"'), $thread);
$value['message'] ? showtablerow('class="threadopt" style = "display: none;" id = "mod_'.$value['tid'].'_row_'.$key.'"', 'colspan = "6"', $value['message']) : '';
showtagfooter('tbody');
}
if ($multipage) {
showtablerow('', 'colspan = "6"', $multipage);
}
showtablefooter();
} elseif($_GET['anchor'] == 'post') {
$count = C::t('#security#security_evilpost')->count_by_type('0');
$multipage = multi($count, $tpp, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=post');
list($datas, $evilPids) = getEvilList('post', $start_limit, $tpp);
echo "<p><a href='###' onclick='$(\"recyclebinpostform\").submit();'>{$lang['security_recyclebin_post']}</a></p>";
showformheader('recyclebinpost&operation=search', 'style="display: none;"', 'recyclebinpostform');
showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
showformfooter();
showtableheader('', '', 'id = "security_list"');
showsubtitle(array('security_subject', 'security_forum', 'security_author', 'security_post_status'));
foreach($datas as $key => $value) {
if(!$value['message']) {
$subjectstyle = 'class = "threadopt"';
} else {
$subjectstyle = '';
}
$value['message'] = convertMessage($value);
$modthreadkey = modauthkey($value['tid']);
$thread = array(convertSubjectandIP($value), getNamebyFid($value['fid']), convertAuthorAndDate($value), //convertIdtoStr($value['eviltype']),
convertIdtoStr($value['invisible'], 'adminoperate'), $viewlink);
showtagheader('tbody', '', true, 'hover');
showtablerow($subjectstyle,array('width = "400px"'), $thread);
$value['message'] ? showtablerow('class="threadopt" style="display: none;" id = "mod_'.$value['tid'].'_row_'.$key.'"', 'colspan = "6"', $value['message']) : '';
showtagfooter('tbody');
}
if ($multipage) {
showtablerow('', 'colspan = "6"', $multipage);
}
showtablefooter();
} elseif($_GET['anchor'] == 'member') {
showtips('security_member_tips');
if($_GET['ignoreuid']) {
C::t('#security#security_eviluser')->delete(intval($_GET['ignoreuid']));
}
$memberperpage = $_G['setting']['memberperpage'];
$start_limit = ($page - 1) * $memberperpage;
$count = C::t('#security#security_eviluser')->count();
$multipage = multi($count, $memberperpage, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=member');
list($datas, $eviluids) = getEvilList('user', $start_limit, $memberperpage);
showformheader('recyclebinpost&operation=search', 'style="display: none;"', 'recyclebinmember');
showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
echo "\n<input type=\"hidden\" name=\"authors\" id=\"authors\" value=\"\">";
showformfooter();
showformheader("members&operation=clean", '');
showtableheader();
showsubtitle(array('','security_members_name', 'members_edit_info', 'security_thread_member_group', 'security_createtime', '', '', ''));
foreach($datas as $value) {
if ($value['username']) {
$username = '<a href="home.php?mod=space&uid='.$value['uid'].'&do=profile" target="_blank" title="'.$title.'">'.$value['username'].'</a>';
} else {
$username = $lang['security_userdeleted']."(uid:{$value['uid']})";
}
$del = '<input type="checkbox" name="uidarray[]" value="'.$value['uid'].'"'.($value['adminid'] == 1 ? 'disabled' : '').' class="checkbox">';
$optmember = '<a href="'.ADMINSCRIPT.'?action=members&operation=ban&uid='.$value['uid'].'" target="_blank">'.cplang('members_ban').'</a>';
$ignorethis = '<a href="'.ADMINSCRIPT.'?action=cloud&operation=security&anchor=member&ignoreuid='.$value['uid'].'&page='.$page.'">'.cplang('security_member_ignore_this').'</a>';
$createtime = date('Y-m-d', $value['createtime']);
$evilthreads = '<a href="javascript:void(0);" onclick="searchevilpost_member(\''.$value['username'].'\', 1);return false;">'.cplang('security_thread_list').'</a>';
$evilposts = '<a href="javascript:void(0);" onclick="searchevilpost_member(\''.$value['username'].'\', 2);return false;">'.cplang('security_post_list').'</a>';
$member = array($del, $username, convertMemberInfo($value), $value['grouptitle'], $createtime, $evilthreads, $evilposts, $optmember, $ignorethis);
showtablerow('',array('class="td25"'),$member);
}
showsubmit('deletesubmit', cplang('delete'), '', '', $multipage);
showtablefooter();
showformfooter();
} elseif($_GET['anchor'] == 'reopen') {
Cloud::loadFile('Service_Client_Cloud');
$Cloud_Service_Client_Cloud = new Cloud_Service_Client_Cloud;
$return = $Cloud_Service_Client_Cloud->appOpenWithRegister('security');
if($return['errCode']) {
cpmsg($return['errMessage'], 'action=cloud&operation=security&anchor=index', 'error');
} else {
dheader('location: '.ADMINSCRIPT.'?action=cloud&operation=security&anchor=index');
}
}
echo "
<script type='text/javascript'>
function searchevilpost_member(username, type) {
$('recyclebinmember').action= '".ADMINSCRIPT."?'+(type == 1 ? 'action=recyclebin&operation=search' : 'action=recyclebinpost&operation=search');
$('authors').value=username;
$('recyclebinmember').submit();
return false;
}
</script>";
$jsScript = <<<EOF
<script type='text/javascript'>
function toggle_mod(id) {
if($(id).style.display == 'none') {
$(id).style.display = '';
} else {
$(id).style.display = 'none';
}
return false;
}
function security_foldall() {
var trs = $('security_list').getElementsByTagName('TR');
for(var i in trs) {
if(trs[i].id && trs[i].id.match(/mod_(\d+)_row_(\d+)/) != null) {
trs[i].style.display = "none";
}
}
}
function security_exfoldall() {
var trs = $('security_list').getElementsByTagName('TR');
for(var i in trs) {
if(trs[i].id && trs[i].id.match(/mod_(\d+)_row_(\d+)/) != null) {
trs[i].style.display = "";
}
}
}
</script>
EOF;
echo $jsScript;
function convertIdtoStr($id, $type = 'security_type', $subtype = 'thread') {
global $lang;
if ($type == 'security_type') {
$id = min(6, $id);
$result = $lang['security_type_'.$id];
} elseif($type == 'checkreported') {
$result = $id ? $lang['security_isreported_yes'] : $lang['security_isreported_no'];
} elseif($type == 'adminoperate') {
if ($id === null) {
return $lang['security_opreateresult_2'];
}
if (in_array($subtype, array('thread', 'post'))) {
global $operateresultmap;
$result = $lang['security_opreateresult_'.$operateresultmap[$id]];
} elseif ($subtype == 'member') {
global $nooperategroup;
if (in_array($id, $nooperategroup)) {
$result = $lang['security_opreateresult_0'];
} else {
$result = $lang['security_opreateresult_1'];
}
}
}
return $result;
}
function convertMemberInfo($value) {
global $lang;
$result = '';
if ($value['username']) {
$result = $lang['members_edit_regdate'] . ': ' . dgmdate($value['regdate']) . '<br/>';
$result .= $lang['members_edit_regip'] . ': ' . $value['regip'] . ' ' . convertip($value['regip']) . '<br/>';
$result .= 'Email: ' . $value['email'];
} else {
$result = '<p style="margin:14px 0;">' . $lang['security_userdeleted'] . '</p>';
}
return $result;
}
function convertOperate($id = 0) {
$ids = array('1' => 'delete',
'2' => 'restore');
if (!$ids[$id]) {
return false;
}
return $ids[$id];
}
function getEvilList($type, $start, $ppp) {
$datas = $data = '';
$evilids = array();
if ($type == 'member') {
$type = 'user';
}
if ($type == 'user') {
$query = C::t('#security#security_eviluser')->fetch_range($start, $ppp);
$idtype = 'uid';
} elseif($type == 'thread') {
$query = C::t('#security#security_evilpost')->fetch_range_by_type('1', $start, $ppp);
$idtype = 'pid';
} elseif($type == 'post') {
$query = C::t('#security#security_evilpost')->fetch_range_by_type('0', $start, $ppp);
$idtype = 'pid';
}
foreach ($query as $data) {
$datas[$data[$idtype]] = $data;
$evilids[] = $data[$idtype];
if ($data['tid']) {
$evilTids[] = $data['tid'];
$threadPid[$data['tid']][] = $data['pid'];
}
}
if (is_array($evilTids)) {
$evilTids = array_unique($evilTids);
}
if (!$evilids) {
return false;
}
if ($type == 'user') {
$usergroups = array();
foreach (C::t('common_usergroup')->range() as $group) {
$usergroups[$group['groupid']] = $group['grouptitle'];
}
$regips = C::t('common_member_status')->fetch_all($evilids);
$query = C::t('common_member')->fetch_all($evilids);
foreach ($query as $key => $user) {
if(!empty($user) && !in_array($user['groupid'], array(4,5,6))) {
$query[$key]['regip'] = $regips[$key]['regip'];
}
}
if(count($evilids) != count($query)) {
$deleviluids = array();
foreach($evilids as $key => $eviluid) {
if(empty($query[$eviluid])) {
$deleviluids[] = $eviluid;
unset($evilids[$key]);
}
}
C::t('#security#security_eviluser')->delete($deleviluids);
}
} elseif($type == 'thread' || $type == 'post') {
$query = C::t('forum_thread')->fetch_all_by_tid($evilTids);
}
foreach ($query as $data) {
if ($type == 'thread' || $type == 'post') {
foreach($threadPid[$data['tid']] as $pid) {
$isFirst = ($type == 'thread') ? 1 : 0;
$postData = C::t('forum_post')->fetch($data['posttableid'], $pid);
if ($postData['pid']) {
$datas[$postData['pid']] = array_merge($datas[$postData['pid']], $postData);
if ($type == 'post') {
$datas[$postData['pid']]['subject'] = $data['subject'];
}
}
}
} else {
$data['grouptitle'] = $usergroups[$data['groupid']];
$datas[$data[$idtype]] = array_merge($datas[$data[$idtype]], $data);
}
}
return array($datas, $evilids);
}
function getNamebyFid($fid) {
global $_G;
if (!$fid) {
return false;
}
$forumInfo = C::t('forum_forum')->fetch_all_name_by_fid($fid);
$name = $forumInfo[$fid]['name'];
$name = "<a href='forum.php?mod=forumdisplay&fid=$fid' target='_blank'>".$name."</a>";
return $name;
}
function convertSubjectandIP($value, $viewlink = '') {
global $lang;
if ($viewlink) {
$result = '<h3>'.$viewlink.'</h3>';
} else {
$result = '<h3><a title="'.$lang['security_clicktotoggle'].'" href="javascript:;" onclick="return toggle_mod(\'mod_'.$value['tid'].'_row_'.$value['pid'].'\');" target="_blank">'.$value['subject'].'</a></h3>';
}
$result .= '<p>'.$value['useip'].' '.convertip($value['useip']).' ( pid : '.$value['pid'].' ) </p>';
if (!$value['message']) {
return $lang['security_postdeleted']."(tid:{$value['tid']} pid:{$value['pid']})";
}
return $result;
}
function convertMessage($value) {
global $lang;
if (!$value['message']) {
return false;
}
$value['message'] = discuzcode($value['message'], 0, 0, sprintf('%00b', $value['htmlon']), 1, 1, 1, 0);
$value['message'] = '<div style="overflow: auto; overflow-x: hidden; max-height:120px; height:auto !important; height:100px; word-break: break-all;">'.$value['message'].'</div>';
return $value['message'];
}
function convertAuthorAndDate($value) {
if (!$value['author']) {
return false;
}
$result = "<a href='home.php?mod=space&uid={$value[authorid]}&do=profile' target='_blank'>" . $value['author'] . "</a>" . '<p>';
$result .= dgmdate($value['dateline']);
$result .= '</a>';
return $result;
}
function getDataToReport($operateType, $datatosync, $datas) {
$datatoreport = array();
foreach($datatosync as $operateresult => $ids) {
foreach($ids as $id) {
if(!$datas[$id]['isreported']) {
$data = array(
'operateType' => $operateType,
'operate' => $operateresult == 'validate' ? 'restore' : 'delete',
'operateId' => $id,
'uid' => $datas[$id]['authorid'] ? $datas[$id]['authorid'] : $datas[$id]['uid'],
);
$data['openId'] = getOpenId($data['uid']);
$data['clientIp'] = $datas[$id]['userip'] ? $datas[$id]['userip'] : getMemberIp($data['uid']);
if ($operateType != 'member') {
$data['tid'] = $datas[$id]['tid'];
$data['pid'] = $datas[$id]['pid'];
$data['fid'] = $datas[$id]['fid'];
}
array_push($datatoreport, $data);
}
}
}
return $datatoreport;
}