-
Notifications
You must be signed in to change notification settings - Fork 1
/
api.php~
162 lines (146 loc) · 4.07 KB
/
api.php~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php
//某些函数直接带参数进去是否会导致安全问题?
function json_out($status = 0, $msg = "", $data = ""){
$json = array(
"status" => $status, /**< 0.出现错误 1.正常 */
"msg" => $msg, /**< 提示信息 */
"data" => $data /**< 参数信息 */
);
echo json_encode($json);
if($GLOBALS['open301'] == 1){
if($json['status'] == 0){
if(trim($GLOBALS['errurl']) != ""){
header('location:'.$GLOBALS['errurl']); /**< 请注意php版本, 低版本可能出现HTTP头注入漏洞 */
}else{
echo "提交出错";
}
}else{
if(trim($GLOBALS['reurl']) != ""){
header('location:'.$GLOBALS['reurl']); /**< 请注意php版本, 低版本可能出现HTTP头注入漏洞 */
}else{
echo "保存成功";
}
}
}
exit;
}
header('Content-type: application/json');
include("./init.php");
$open301 = isset($_REQUEST['open301'])?1:0; /**< 0.不开启跳转 1.开启跳转 */
$pid = isset($_REQUEST['id'])?intval($_REQUEST['id']):null;
/**
* 项目id是否为空
*/
if($pid == null){
json_out(0, "项目id为空");
}
$proj = new Proj("", "", "", "");
/**
* 项目是否存在
*/
if(!$proj->isExist($pid)){
json_out(0, "项目id无效");
}
$reurl = $proj->getReurl($pid);
$errurl = $proj->getErrurl($pid);
/**
* 项目是否已停止
*/
if($proj->getStatus($pid) == 0){
json_out(0, "项目已停止");
}
$setting = $proj->getSetting($pid);
$params = $proj->getParams($pid);
$continue = 0;
/**
* 项目是否需要验证码, 并校验验证码
* (如果密钥为错误也会导致验证码错误)
*/
if($setting['recaptcha_status'] == 1){
if(isset($_REQUEST["recaptcha_response_field"])){
$resp = recaptcha_check_answer($setting['recaptcha_privkey'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($resp->is_valid){
$continue = 1;
}else{
json_out(0, "验证码错误");
}
}else{
json_out(0, "未输入验证码");
}
}else{
$continue = 1;
}
if($continue != 1){
json_out(0, "验证码错误");
}
/**
* 记录参数信息
*/
$params_data = array();
if(is_array($params) && count($params) > 0){
foreach($params as $param){ /**< 遍厉记录并校验所有需要参数 */
if(strcasecmp($param['method'],"request") == 0){
$value = isset($_REQUEST[$param['name']])?$_REQUEST[$param['name']]:"";
}else if(strcasecmp($param['method'],"post") == 0){
$value = isset($_POST[$param['name']])?$_POST[$param['name']]:"";
}else if(strcasecmp($param['method'],"get") == 0){
$value = isset($_GET[$param['name']])?$_GET[$param['name']]:"";
}else{
$value = "";
}
if(strcasecmp($param['allow_null'],"n") == 0){ /**< 参数不准为空时执行 */
if(!isset($value) || trim($value) == ""){
json_out(0, htmlspecialchars($param['label'])."不准为空");
}
}
if(strcasecmp($param['type'],"checkbox") == 0){
$value = json_encode($value);
}
if(trim($param['regex']) != ""){ /**< 参数正则表达式校验格式 */
if(!preg_match('/'.$param['regex'].'/', $value)){
json_out(0, htmlspecialchars($param['label'])."出错");
}
}
$params_data[] = array(
"name" => $param['name'],
"value" => $value
);
//echo $param['name'].":".$value."<br>";
}
}
$ei = array( /**< 数据提交者的信息 */
"ip" => $_SERVER["REMOTE_ADDR"],
"time" => func_TIME(),
"HTTP_ACCEPT" => @$_SERVER["HTTP_ACCEPT"],
"HTTP_HOST" => @$_SERVER["HTTP_HOST"],
"HTTP_REFERER" => @$_SERVER["HTTP_REFERER"],
"HTTP_USER_AGENT" => @$_SERVER["HTTP_USER_AGENT"]
);
$params_data[] = array(
"name" => "ei",
"value" => json_encode($ei)
);
/**
* 添加记录
*/
$item = new Item($pid, $params_data);
if($item->add()){
json_out(1, "操作成功", $params_data);
}else{
json_out(0, "操作失败", $params_data);
}
/**
* 邮件通知
*/
if($setting['mail_status'] == 1 && trim($setting['mails']) != ""){
$mails = split(';', $setting['mails']);
$title = "项目 ".$proj->getName($pid)." 收到新信息";
$body = "{$title}<br>到管理平台查看:<a href=\"".URL_ROOT."\">".URL_ROOT."</a>";
foreach($mails as $mail){
func_mail($mail, $title, $body);
}
}
exit;