联系官方销售客服
1835022288
028-61286886
开发框架
版主:迅睿框架研发组
云服务器提示木马
云服务器提示木马
【腾讯云】尊敬的用户,您的服务器xxxxx检测到存在未处理的/www/wwwroot/xxxx/dayrui/Fcms/Control/Member/Form.php木马文件。您的服务器疑似被黑客入侵,请及时登录主机安全控制台 (https://tencentcs.com/GGxotbf6 )处理相关安全事件,并开通主机安全专业版防护。
请问这个是误判还是中马了?
下面是这个Form.php的源代码
<?php namespace Phpcmf\Member;
/**
* http://www.xunruicms.com
* 本文件是框架系统文件,二次开发时不可以修改本文件,可以通过继承类方法来重写此文件
**/
// 网站表单操作类 基于 Ftable
class Form extends \Phpcmf\Table
{
protected $form;
protected $_is_post;
protected $_is_edit;
protected $_is_delete;
// 上级公共类
public function __construct(...$params) {
parent::__construct(...$params);
$this->_Extend_Init();
}
// 继承类初始化
protected function _Extend_Init() {
// 判断表单是否操作
$cache = \Phpcmf\Service::L('cache')->get('form-'.SITE_ID);
$this->form = $cache[\Phpcmf\Service::L('Router')->class];
if (!$this->form) {
$this->_admin_msg(0, dr_lang('网站表单【%s】不存在', \Phpcmf\Service::L('Router')->class));
} elseif (!$this->form['setting']['is_member']) {
$this->_msg(0, dr_lang('网站表单【%s】没有开启管理内容功能', \Phpcmf\Service::L('Router')->class));
}
// 支持附表存储
$this->is_data = 1;
// 模板前缀(避免混淆)
$this->tpl_prefix = 'form_';
// 单独模板命名
$this->tpl_name = $this->form['table'];
// 表单显示名称
$this->name = dr_lang('网站表单(%s)', $this->form['name']);
// 初始化数据表
$this->_init([
'table' => SITE_ID.'_form_'.$this->form['table'],
'field' => $this->form['field'],
'date_field' => 'inputtime',
'show_field' => 'title',
'list_field' => $this->form['setting']['list_field'],
'order_by' => 'displayorder DESC,inputtime DESC',
'where_list' => 'uid='.$this->uid,
]);
$this->edit_where = $this->delete_where = 'uid='.$this->uid;
// 无权限发布表单
if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'add', $this->member)) {
$this->_is_post = 0;
} else {
$this->_is_post = 1;
}
// 修改权限
if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'edit', $this->member)) {
$this->_is_edit = 0;
} else {
$this->_is_edit = 1;
}
// 删除权限
if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'del', $this->member)) {
$this->_is_delete = 0;
} else {
$this->_is_delete = 1;
}
// 是否有验证码
$this->is_post_code = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'code', $this->member);
\Phpcmf\Service::V()->assign([
'field' => $this->init['field'],
'form_list' => $cache,
'form_name' => $this->form['name'],
'form_table' => $this->form['table'],
'is_delete' => $this->_is_delete,
'is_post' => $this->_is_post,
'is_edit' => $this->_is_edit,
'is_post_code' => $this->is_post_code,
]);
}
// 添加表单内容
protected function _Member_Add() {
list($tpl) = $this->_Post(0);
\Phpcmf\Service::V()->display($tpl);
}
// 修改表单内容
protected function _Member_Edit() {
$id = intval(\Phpcmf\Service::L('input')->get('id'));
list($tpl, $data) = $this->_Post($id);
!$data && $this->_msg(0, dr_lang('数据不存在: '.$id));
\Phpcmf\Service::V()->display($tpl);
}
// 查看表单列表
protected function _Member_List() {
list($tpl) = $this->_List();
return \Phpcmf\Service::V()->display($tpl);
}
// 删除表单内容
protected function _Member_Del() {
$this->_Del(
\Phpcmf\Service::L('input')->get_post_ids(),
null,
function ($rows) {
// 对应删除提醒
foreach ($rows as $t) {
\Phpcmf\Service::M('member')->delete_admin_notice('form/'.$this->form['table'].'_verify/edit:id/'.$t['id'], SITE_ID);
\Phpcmf\Service::M('member')->delete_admin_notice('form/'.$this->form['table'].'/edit:id/'.$t['id'], SITE_ID);
\Phpcmf\Service::L('cache')->clear('from_'.$this->form['table'].'_show_id_'.$t['id']);
}
},
\Phpcmf\Service::M()->dbprefix($this->init['table'])
);
}
// 后台批量保存排序值
protected function _Member_Order() {
$this->_Display_Order(
intval(\Phpcmf\Service::L('input')->get('id')),
intval(\Phpcmf\Service::L('input')->get('value'))
);
}
/**
* 获取内容
* $id 内容id,新增为0
* */
protected function _Data($id = 0) {
$data = parent::_Data($id);
if ($data && $data['uid'] != $this->uid) {
return [];
}
return $data;
}
// 格式化保存数据 保存之前
protected function _Format_Data($id, $data, $old) {
// 新增数据
if (!$old) {
if ($this->uid) {
// 判断日发布量
$day_post = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'day_post', $this->member);
if ($day_post && \Phpcmf\Service::M()->db
->table($this->init['table'])
->where('uid', $this->uid)
->where('DATEDIFF(from_unixtime(inputtime),now())=0')
->countAllResults() >= $day_post) {
$this->_json(0, dr_lang('每天发布数量不能超过%s个', $day_post));
}
// 判断发布总量
$total_post = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'total_post', $this->member);
if ($total_post && \Phpcmf\Service::M()->db
->table($this->init['table'])
->where('uid', $this->uid)
->countAllResults() >= $total_post) {
$this->_json(0, dr_lang('发布数量不能超过%s个', $total_post));
}
}
// 审核状态
$data[1]['status'] = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'verify', $this->member) ? 0 : 1;
// 默认数据
$data[0]['uid'] = $data[1]['uid'] = (int)$this->member['uid'];
$data[1]['author'] = $this->member['username'] ? $this->member['username'] : 'guest';
$data[1]['inputip'] = \Phpcmf\Service::L('input')->ip_address();
$data[1]['inputtime'] = SYS_TIME;
$data[1]['tableid'] = $data[1]['displayorder'] = 0;
} else {
// 修改时
// 审核状态
$data[1]['status'] = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'verify2', $this->member) ? 0 : 1;
}
return $data;
}
/**
* 保存内容
* $id 内容id,新增为0
* $data 提交内容数组,留空为自动获取
* $func 格式化提交的数据
* */
protected function _Save($id = 0, $data = [], $old = [], $func = null, $func2 = null) {
return parent::_Save($id, $data, $old, null,
function ($id, $data, $old) {
if (!$old) {
// 首次 发布
// 提醒通知
if ($this->form['setting']['notice']['use']) {
if ($this->form['setting']['notice']['username']) {
$arr = explode(',', $this->form['setting']['notice']['username']);
foreach ($arr as $username) {
$user = dr_member_username_info($username);
if (!$user) {
log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但通知人用户名['.$username.']有误');
} else {
\Phpcmf\Service::L('Notice')->send_notice_user('form_'.$this->form['table'].'_post', $user['id'], dr_array2array($data[1], $data[0]), $this->form['setting']['notice']);
}
}
} else {
log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但未设置通知人');
}
}
}
if (!$data[1]['status']) {
// 审核
\Phpcmf\Service::M('member')->admin_notice(SITE_ID, 'content', $this->member, dr_lang('%s提交审核', $this->form['name']), 'form/'.$this->form['table'].'_verify/edit:id/'.$data[1]['id'], SITE_ID);
$data['url'] = $this->form['setting']['rt_url'];
$this->_json($data[1]['id'], dr_lang('操作成功,等待管理员审核'), $data);
}
// 挂钩点
\Phpcmf\Hooks::trigger('form_post_after', dr_array2array($data[1], $data[0]));
$this->_json($data[1]['id'], dr_lang('操作成功'), $data);
}
);
}
}
log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但通知人用户名['.$username.']有误');把这一行去掉就不会报了