zijia/source/admincp/cloud/cloud_security.php

<?php

/**
 *		[Discuz!] (C)2001-2099 Comsenz Inc.
 *		This is NOT a freeware, use is subject to license terms
 *
 *		$Id: cloud_security.php 36284 2016-12-12 00:47:50Z nemohou $
 */
if(!defined('IN_DISCUZ') || !defined('IN_ADMINCP')) {
	exit('Access Denied');
}

$op = trim($_GET['op']);

$_GET['anchor'] = in_array($_GET['anchor'], array('index', 'setting', 'thread', 'post', 'member', 'reportOperation', 'reopen')) ? $_GET['anchor'] : 'index';
$pt = in_array($_GET['anchor'], array('thread', 'post')) ? $_GET['anchor'] : 'thread';

$current = array($_GET['anchor'] => 1);

$operateresultmap = array(
	'0' => 1,
	'-1' => 0,
	'-5' => 0
);

$securitynav = array();

$securitynav[0] = array('security_index', 'cloud&operation=security&anchor=index', $current['index']);
$securitynav[1] = array('security_blanklist', 'cloud&operation=security&anchor=setting', $current['setting']);
$securitynav[2] = array('security_thread_list', 'cloud&operation=security&anchor=thread', $current['thread']);
$securitynav[3] = array('security_post_list', 'cloud&operation=security&anchor=post', $current['post']);
$securitynav[4] = array('security_member_list', 'cloud&operation=security&anchor=member', $current['member']);

if (!$_G['inajax']) {
	cpheader();
	shownav('safe', 'menu_cloud_security', 'security_'.$_GET['anchor'].'_list');
	showsubmenu('menu_cloud_security', $securitynav);
}

$tpp = !empty($_GET['tpp']) ? $_GET['tpp'] : '20';
$start_limit = ($page - 1) * $tpp;
require_once libfile('function/discuzcode');
require_once libfile('function/core');
$datas = $data = $eviluids = $evilPids = $evilTids = $members = $thread = $post = '';

if($_GET['anchor'] != 'reopen') {
	$apps = $appService->getCloudApps();
	if(empty($apps) || empty($apps[$operation]) || $apps[$operation]['status'] == 'close') {
		cpmsg('security_reopen', '', 'succeed');
	}
}

if ($_GET['anchor'] == 'index') {
	$utilService = Cloud::loadClass('Service_Util');
	$signUrl = $utilService->generateSiteSignUrl(array('v' => 2));
	$utilService->redirect($cloudDomain.'/security/stats/list/?' . $signUrl);
} elseif ($_GET['anchor'] == 'setting') {

	if (!submitcheck('settingsubmit')) {
		loadcache('setting');

		$evilthreads = C::t('common_setting')->fetch('cloud_security_stats_thread');
		$evilposts = C::t('common_setting')->fetch('cloud_security_stats_post');
		$evilmembers = C::t('common_setting')->fetch('cloud_security_stats_member');

		$usergroupswhitelist = $_G['setting']['security_usergroups_white_list'];
		$groupselect = array();

		foreach (C::t('common_usergroup')->fetch_all_not(array('6','7')) as $group) {
			$group['type'] = $group['type'] == 'special' && $group['radminid'] ? 'specialadmin' : $group['type'];
			$groupselect[$group['type']] .= "<option value=\"$group[groupid]\" ".(in_array($group['groupid'], $usergroupswhitelist) ? 'selected' : '').">$group[grouptitle]</option>\n";
		}

		$groupselect = '<optgroup label="'.$lang['usergroups_member'].'">'.$groupselect['member'].'</optgroup>'.
			($groupselect['special'] ? '<optgroup label="'.$lang['usergroups_special'].'">'.$groupselect['special'].'</optgroup>' : '').
			($groupselect['specialadmin'] ? '<optgroup label="'.$lang['usergroups_specialadmin'].'">'.$groupselect['specialadmin'].'</optgroup>' : '').
			'<optgroup label="'.$lang['usergroups_system'].'">'.$groupselect['system'].'</optgroup>';

		$forumswhitelist = $_G['setting']['security_forums_white_list'];
		require_once libfile('function/forumlist');
		loadcache('forums');
		$forumselect = str_replace('%', '%%', forumselect(FALSE, 0, $forumswhitelist, TRUE));

		showformheader('cloud&operation=security&anchor=setting');
		showtableheader('security_white_list_setting', '', '', 2);
		showsetting('security_usergroup_white_list', '', '', '<select name="groupid[]" multiple="multiple" size="10">'.$groupselect.'</select>');
		showsetting('security_forum_white_list', '', '', '<select name="fid[]" multiple="multiple" size="10">'.$forumselect.'</select>');
		showsubmit('settingsubmit');
		showtablefooter();
		showformfooter();

	} else {

		$usergroups = $_POST['groupid'];
		$forums = $_POST['fid'];

		$updateData = array(
							'security_usergroups_white_list' => serialize($usergroups),
							'security_forums_white_list' => serialize($forums)
						);

		C::t('common_setting')->update_batch($updateData);
		updatecache('setting');

		cpmsg('setting_update_succeed', 'action=cloud&operation=security&anchor='.$_GET['anchor'], 'succeed');
	}

} elseif ($_GET['anchor'] == 'thread') {
	$count = C::t('#security#security_evilpost')->count_by_type('1');
	$multipage = multi($count, $tpp, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=thread');
	list($datas, $evilTids) = getEvilList('thread', $start_limit, $tpp);
	echo "<p><a href='###' onclick='$(\"recyclebinform\").submit();'>{$lang['security_recyclebin_thread']}</a></p>";
	showformheader('recyclebin&operation=search', 'style="display: none;"', 'recyclebinform');
	showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
	showformfooter();
	showtableheader('', '', 'id = "security_list"');
	showsubtitle(array('security_subject', 'security_forum', 'security_author', 'security_thread_status'));

	foreach($datas as $key => $value) {

		if(!$value['message']) {
			$subjectstyle = 'class = "threadopt"';
		} else {
			$subjectstyle = '';
		}
		$value['message'] = convertMessage($value);
		$modthreadkey = modauthkey($value['tid']);
		$viewlink = $value['message'] ? '<a href="forum.php?mod=redirect&goto=findpost&ptid='.$value['tid'].'&pid='.$value['pid'].'&modthreadkey='.$modthreadkey.'" target="_blank" title="'.$lang['security_view_thread'].'">'.$value['subject'].'</a>' : '';

		$thread = array(convertSubjectandIP($value, $viewlink), getNamebyFid($value['fid']), convertAuthorAndDate($value), //convertIdtoStr($value['eviltype']),
		convertIdtoStr($value['invisible'], 'adminoperate'));
		showtagheader('tbody', '', true, 'hover');
		showtablerow($subjectstyle, array('width = "400px"'), $thread);
		$value['message'] ? showtablerow('class="threadopt" style = "display: none;" id = "mod_'.$value['tid'].'_row_'.$key.'"', 'colspan = "6"', $value['message']) : '';
		showtagfooter('tbody');
	}
	if ($multipage) {
		showtablerow('', 'colspan = "6"', $multipage);
	}
	showtablefooter();

} elseif($_GET['anchor'] == 'post') {

	$count = C::t('#security#security_evilpost')->count_by_type('0');
	$multipage = multi($count, $tpp, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=post');
	list($datas, $evilPids) = getEvilList('post', $start_limit, $tpp);
	echo "<p><a href='###' onclick='$(\"recyclebinpostform\").submit();'>{$lang['security_recyclebin_post']}</a></p>";
	showformheader('recyclebinpost&operation=search', 'style="display: none;"', 'recyclebinpostform');
	showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
	showformfooter();
	showtableheader('', '', 'id = "security_list"');
	showsubtitle(array('security_subject', 'security_forum', 'security_author', 'security_post_status'));

	foreach($datas as $key => $value) {

		if(!$value['message']) {
			$subjectstyle = 'class = "threadopt"';
		} else {
			$subjectstyle = '';
		}
		$value['message'] = convertMessage($value);
		$modthreadkey = modauthkey($value['tid']);
		$thread = array(convertSubjectandIP($value), getNamebyFid($value['fid']), convertAuthorAndDate($value), //convertIdtoStr($value['eviltype']),
		convertIdtoStr($value['invisible'], 'adminoperate'), $viewlink);
		showtagheader('tbody', '', true, 'hover');
		showtablerow($subjectstyle,array('width = "400px"'), $thread);
		$value['message'] ? showtablerow('class="threadopt" style="display: none;" id = "mod_'.$value['tid'].'_row_'.$key.'"', 'colspan = "6"', $value['message']) : '';
		showtagfooter('tbody');
	}
	if ($multipage) {
		showtablerow('', 'colspan = "6"', $multipage);
	}
	showtablefooter();

} elseif($_GET['anchor'] == 'member') {
	showtips('security_member_tips');
	if($_GET['ignoreuid']) {
		C::t('#security#security_eviluser')->delete(intval($_GET['ignoreuid']));
	}
	$memberperpage = $_G['setting']['memberperpage'];
	$start_limit = ($page - 1) * $memberperpage;
	$count = C::t('#security#security_eviluser')->count();
	$multipage = multi($count, $memberperpage, $page, ADMINSCRIPT.'?action=cloud&operation=security&anchor=member');

	list($datas, $eviluids) = getEvilList('user', $start_limit, $memberperpage);

	showformheader('recyclebinpost&operation=search', 'style="display: none;"', 'recyclebinmember');
	showhiddenfields(array('security' => 1, 'searchsubmit' => 1));
	echo "\n<input type=\"hidden\" name=\"authors\" id=\"authors\" value=\"\">";
	showformfooter();
	showformheader("members&operation=clean", '');
	showtableheader();
	showsubtitle(array('','security_members_name', 'members_edit_info', 'security_thread_member_group', 'security_createtime', '', '', ''));

	foreach($datas as $value) {
		if ($value['username']) {
			$username = '<a href="home.php?mod=space&uid='.$value['uid'].'&do=profile" target="_blank" title="'.$title.'">'.$value['username'].'</a>';
		} else {
			$username = $lang['security_userdeleted']."(uid:{$value['uid']})";
		}
		$del = '<input type="checkbox" name="uidarray[]" value="'.$value['uid'].'"'.($value['adminid'] == 1 ? 'disabled' : '').' class="checkbox">';
		$optmember = '<a href="'.ADMINSCRIPT.'?action=members&operation=ban&uid='.$value['uid'].'" target="_blank">'.cplang('members_ban').'</a>';
		$ignorethis = '<a href="'.ADMINSCRIPT.'?action=cloud&operation=security&anchor=member&ignoreuid='.$value['uid'].'&page='.$page.'">'.cplang('security_member_ignore_this').'</a>';
		$createtime = date('Y-m-d', $value['createtime']);
		$evilthreads = '<a href="javascript:void(0);" onclick="searchevilpost_member(\''.$value['username'].'\', 1);return false;">'.cplang('security_thread_list').'</a>';
		$evilposts = '<a href="javascript:void(0);" onclick="searchevilpost_member(\''.$value['username'].'\', 2);return false;">'.cplang('security_post_list').'</a>';
		$member = array($del, $username, convertMemberInfo($value), $value['grouptitle'], $createtime, $evilthreads, $evilposts, $optmember, $ignorethis);
		showtablerow('',array('class="td25"'),$member);
	}
	showsubmit('deletesubmit', cplang('delete'), '', '', $multipage);

	showtablefooter();
	showformfooter();
} elseif($_GET['anchor'] == 'reopen') {
	Cloud::loadFile('Service_Client_Cloud');
	$Cloud_Service_Client_Cloud = new Cloud_Service_Client_Cloud;
	$return = $Cloud_Service_Client_Cloud->appOpenWithRegister('security');
	if($return['errCode']) {
		cpmsg($return['errMessage'], 'action=cloud&operation=security&anchor=index', 'error');
	} else {
		dheader('location: '.ADMINSCRIPT.'?action=cloud&operation=security&anchor=index');
	}
}
echo "
		<script type='text/javascript'>
			function searchevilpost_member(username, type) {
				$('recyclebinmember').action= '".ADMINSCRIPT."?'+(type == 1 ? 'action=recyclebin&operation=search' : 'action=recyclebinpost&operation=search');
				$('authors').value=username;
				$('recyclebinmember').submit();
				return false;
			}
			</script>";
$jsScript = <<<EOF
		<script type='text/javascript'>
			function toggle_mod(id) {
				if($(id).style.display == 'none') {
					$(id).style.display = '';
				} else {
					$(id).style.display = 'none';
				}
				return false;
			}
			function security_foldall() {
				var trs = $('security_list').getElementsByTagName('TR');

				for(var i in trs) {
					if(trs[i].id && trs[i].id.match(/mod_(\d+)_row_(\d+)/) != null) {
						trs[i].style.display = "none";
					}
				}
			}
			function security_exfoldall() {
				var trs = $('security_list').getElementsByTagName('TR');

				for(var i in trs) {
					if(trs[i].id && trs[i].id.match(/mod_(\d+)_row_(\d+)/) != null) {
						trs[i].style.display = "";
					}
				}
			}
		</script>
EOF;
echo $jsScript;

function convertIdtoStr($id, $type = 'security_type', $subtype = 'thread') {
	global $lang;
	if ($type == 'security_type') {
		$id = min(6, $id);
		$result = $lang['security_type_'.$id];
	} elseif($type == 'checkreported') {
		$result = $id ? $lang['security_isreported_yes'] : $lang['security_isreported_no'];
	} elseif($type == 'adminoperate') {

		if ($id === null) {
			return $lang['security_opreateresult_2'];
		}

		if (in_array($subtype, array('thread', 'post'))) {
			global $operateresultmap;

			$result = $lang['security_opreateresult_'.$operateresultmap[$id]];
		} elseif ($subtype == 'member') {

			global $nooperategroup;
			if (in_array($id, $nooperategroup)) {
				$result = $lang['security_opreateresult_0'];
			} else {
				$result = $lang['security_opreateresult_1'];
			}
		}
	}
	return $result;
}

function convertMemberInfo($value) {
	global $lang;
	$result = '';
	if ($value['username']) {
		$result = $lang['members_edit_regdate'] . ': ' . dgmdate($value['regdate']) . '<br/>';
		$result .= $lang['members_edit_regip'] . ': ' . $value['regip'] . ' ' . convertip($value['regip']) . '<br/>';
		$result .= 'Email: ' . $value['email'];
	} else {
		$result = '<p style="margin:14px 0;">' . $lang['security_userdeleted'] . '</p>';
	}
	return $result;
}

function convertOperate($id = 0) {
	$ids = array('1' => 'delete',
				 '2' => 'restore');
	if (!$ids[$id]) {
		return false;
	}
	return $ids[$id];
}

function getEvilList($type, $start, $ppp) {
	$datas = $data = array();
	$evilids = array();

	if ($type == 'member') {
		$type = 'user';
	}

	if ($type == 'user') {
		$query = C::t('#security#security_eviluser')->fetch_range($start, $ppp);
		$idtype = 'uid';
	} elseif($type == 'thread') {
		$query = C::t('#security#security_evilpost')->fetch_range_by_type('1', $start, $ppp);
		$idtype = 'pid';
	} elseif($type == 'post') {
		$query = C::t('#security#security_evilpost')->fetch_range_by_type('0', $start, $ppp);
		$idtype = 'pid';
	}

	foreach ($query as $data) {
		$datas[$data[$idtype]] = $data;
		$evilids[] = $data[$idtype];
		if ($data['tid']) {
			$evilTids[] = $data['tid'];
			$threadPid[$data['tid']][] = $data['pid'];
		}
	}

	if (is_array($evilTids)) {
		$evilTids = array_unique($evilTids);
	}

	if (!$evilids) {
		return false;
	}
	if ($type == 'user') {
		$usergroups = array();
		foreach (C::t('common_usergroup')->range() as $group) {
			$usergroups[$group['groupid']] = $group['grouptitle'];
		}

		$regips = C::t('common_member_status')->fetch_all($evilids);

		$query = C::t('common_member')->fetch_all($evilids);
		foreach ($query as $key => $user) {
			if(!empty($user) && !in_array($user['groupid'], array(4,5,6))) {
				$query[$key]['regip'] = $regips[$key]['regip'];
			}
		}
		if(count($evilids) != count($query)) {
			$deleviluids = array();
			foreach($evilids as $key => $eviluid) {
				if(empty($query[$eviluid])) {
					$deleviluids[] = $eviluid;
					unset($evilids[$key]);
				}
			}
			C::t('#security#security_eviluser')->delete($deleviluids);
		}
	} elseif($type == 'thread' || $type == 'post') {

		$query = C::t('forum_thread')->fetch_all_by_tid($evilTids);
	}

	foreach ($query as $data) {

		if ($type == 'thread' || $type == 'post') {
			foreach($threadPid[$data['tid']] as $pid) {
				$isFirst = ($type == 'thread') ? 1 : 0;
				$postData = C::t('forum_post')->fetch($data['posttableid'], $pid);
				if ($postData['pid']) {
					$datas[$postData['pid']] = array_merge($datas[$postData['pid']], $postData);
					if ($type == 'post') {
						$datas[$postData['pid']]['subject'] = $data['subject'];
					}
				}
			}
		} else {
			$data['grouptitle'] = $usergroups[$data['groupid']];
			$datas[$data[$idtype]] = array_merge($datas[$data[$idtype]], $data);
		}
	}
	return array($datas, $evilids);
}

function getNamebyFid($fid) {
	global $_G;
	if (!$fid) {
		return false;
	}
	$forumInfo = C::t('forum_forum')->fetch_all_name_by_fid($fid);
	$name = $forumInfo[$fid]['name'];
	$name = "<a href='forum.php?mod=forumdisplay&fid=$fid' target='_blank'>".$name."</a>";
	return $name;
}

function convertSubjectandIP($value, $viewlink = '') {
	global $lang;
	if ($viewlink) {
		$result = '<h3>'.$viewlink.'</h3>';
	} else {
		$result = '<h3><a title="'.$lang['security_clicktotoggle'].'" href="javascript:;" onclick="return toggle_mod(\'mod_'.$value['tid'].'_row_'.$value['pid'].'\');" target="_blank">'.$value['subject'].'</a></h3>';
	}

	$result .= '<p>'.$value['useip'].' '.convertip($value['useip']).' ( pid : '.$value['pid'].' ) </p>';
	if (!$value['message']) {
		return $lang['security_postdeleted']."(tid:{$value['tid']} pid:{$value['pid']})";
	}
	return $result;
}

function convertMessage($value) {
	global $lang;
	if (!$value['message']) {
		return false;
	}
	$value['message'] = discuzcode($value['message'], 0, 0, sprintf('%00b', $value['htmlon']), 1, 1, 1, 0);
	$value['message'] = '<div style="overflow: auto; overflow-x: hidden; max-height:120px; height:auto !important; height:100px; word-break: break-all;">'.$value['message'].'</div>';
	return $value['message'];
}

function convertAuthorAndDate($value) {
	if (!$value['author']) {
		return false;
	}
	$result = "<a href='home.php?mod=space&uid={$value[authorid]}&do=profile' target='_blank'>" . $value['author'] . "</a>" . '<p>';
	$result .= dgmdate($value['dateline']);
	$result .= '</a>';
	return $result;
}

function getDataToReport($operateType, $datatosync, $datas) {
	$datatoreport = array();
	foreach($datatosync as $operateresult => $ids) {
		foreach($ids as $id) {
			if(!$datas[$id]['isreported']) {
				$data = array(
						'operateType' => $operateType,
						'operate' => $operateresult == 'validate' ? 'restore' : 'delete',
						'operateId' => $id,
						'uid' => $datas[$id]['authorid'] ? $datas[$id]['authorid'] : $datas[$id]['uid'],
						);
				$data['openId'] = getOpenId($data['uid']);
				$data['clientIp'] = $datas[$id]['userip'] ? $datas[$id]['userip'] : getMemberIp($data['uid']);
				if ($operateType != 'member') {
					$data['tid'] = $datas[$id]['tid'];
					$data['pid'] = $datas[$id]['pid'];
					$data['fid'] = $datas[$id]['fid'];
				}
				array_push($datatoreport, $data);
			}
		}
	}
	return $datatoreport;
}