分类归档 dedecms开发

通过清心醉

dedecms-PHP5.3+版本后台无法注销解决方法

和登录一样,其实很简单,都是因为使用了废弃函数

利用$_SESSION重写exitUser()方法即可

/include/user/login.class.php

    function exitUser()
    {
        ClearMyAddon();
        /**
        @session_unregister($this->keepUserIDTag);
        @session_unregister($this->keepUserTypeTag);
        @session_unregister($this->keepUserChannelTag);
        @session_unregister($this->keepUserNameTag);
        @session_unregister($this->keepUserPurviewTag);
        */
        $_SESSION[$this->keepUserIDTag]=null;
        $_SESSION[$this->keepUserTypeTag]=null;
        $_SESSION[$this->keepUserChannelTag]=null;
        $_SESSION[$this->keepUserNameTag]=null;
        $_SESSION[$this->keepUserPurviewTag]=null;
        DropCookie(‘dedeAdmindir’);
        DropCookie(‘DedeUserID’);
        DropCookie(‘DedeLoginTime’);
        $_SESSION = array();
    }

通过清心醉

dedecms-PHP5.3+版本后台登录空白解决方法

首先我们看看请求的URL:

/admin/login.php

在$admindirs = explode(‘/’,str_replace(“\\”,’/’,dirname(__FILE__)));之前,打印下POST参数:

array(7) { [“gotopage”]=> string(0) “” [“dopost”]=> string(5) “login” [“adminstyle”]=> string(10) “newdedecms” [“userid”]=> string(5) “admin” [“pwd”]=> string(5) “admin” [“validate”]=> string(4) “DTCT” [“sm1”]=> string(6) “登录” }

接下来就有判断if($dopost==’login’),执行的是登录方法

$cuserLogin = new userLogin($admindir);

在这里进行了实例化userLogin,并且带个管理的目录参数

真郁闷,居然直接是构造方法来实现:

var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;

 

function __construct($admindir=”)
{
global $admin_path;
if(isset($_SESSION[$this->keepUserIDTag]))
{
$this->userID = $_SESSION[$this->keepUserIDTag];
$this->userType = $_SESSION[$this->keepUserTypeTag];
$this->userChannel = $_SESSION[$this->keepUserChannelTag];
$this->userName = $_SESSION[$this->keepUserNameTag];
$this->userPurview = $_SESSION[$this->keepUserPurviewTag];
$this->adminStyle = $_SESSION[$this->keepAdminStyleTag];
}

if($admindir!=”)
{
$this->adminDir = $admindir;
}
else
{
$this->adminDir = $admin_path;
}
}

 

我们在来看看数据成员:

 

var $userName = ”;
var $userPwd = ”;
var $userID = ”;
var $adminDir = ”;
var $userType = ”;
var $userChannel = ”;
var $userPurview = ”;
var $keepUserIDTag = ‘dede_admin_id’;
var $keepUserTypeTag = ‘dede_admin_type’;
var $keepUserChannelTag = ‘dede_admin_channel’;
var $keepUserNameTag = ‘dede_admin_name’;
var $keepUserPurviewTag = ‘dede_admin_purview’;
var $keepAdminStyleTag = ‘dede_admin_style’;
var $adminStyle = ‘dedecms’;

好吧,PHP5.3以前的语句真心难懂

写入了参数之后

$res = $cuserLogin->checkUser($userid,$pwd);

在这里有点好奇$userid,$pwd的参数原型,应该是/group/global.inc.php里定义的全局变量,没有去详细查看核心。

 

看看原型:

function checkUser($username,$userpwd)
{
global $dsql;

//只允许用户名和密码用0-9,a-z,A-Z,’@’,’_’,’.’,’-‘这些字符
$this->userName = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$username);
$this->userPwd = ereg_replace(“[^0-9a-zA-Z_@!\.-]”,”,$userpwd);
$pwd = substr(md5($this->userPwd),5,20);
$dsql->SetQuery(“Select admin.*,atype.purviews From `#@__admin` admin left join `#@__admintype` atype on atype.rank=admin.usertype where admin.userid like ‘”.$this->userName.”‘ limit 0,1″);
$dsql->Execute();
$row = $dsql->GetObject();
if(!isset($row->pwd))
{
return -1;
}
else if($pwd!=$row->pwd)
{
return -2;
}
else
{
$loginip = GetIP();
$this->userID = $row->id;
$this->userType = $row->usertype;
$this->userChannel = $row->typeid;
$this->userName = $row->uname;
$this->userPurview = $row->purviews;
$inquery = “update `#@__admin` set loginip=’$loginip’,logintime='”.time().”‘ where id='”.$row->id.”‘”;
$dsql->ExecuteNoneQuery($inquery);
$sql = “update #@__member set logintime=”.time().”, loginip=’$loginip’ where mid=”.$row->id;
$dsql->ExecuteNoneQuery($sql);
return 1;
}
}

通过正则方法判断帐号密码,然后执行SQL判断和更新登录信息

如果返回1

$cuserLogin->keepUser();

function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) $adminstyle = ‘dedecms’;

@session_register($this->keepUserIDTag);
$_SESSION[$this->keepUserIDTag] = $this->userID;

@session_register($this->keepUserTypeTag);
$_SESSION[$this->keepUserTypeTag] = $this->userType;

@session_register($this->keepUserChannelTag);
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;

@session_register($this->keepUserNameTag);
$_SESSION[$this->keepUserNameTag] = $this->userName;

@session_register($this->keepUserPurviewTag);
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

@session_register($this->keepAdminStyleTag);
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;

PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);

$this->ReWriteAdminChannel();

return 1;
}
else
{
return -1;
}
}

好吧,结果很清晰了,使用了废弃的函数,PHP5.3+应该使用$_SESSION的方法,修改下:

修改下该函数体:

function keepUser()
{
if($this->userID != ” && $this->userType != ”)
{
global $admincachefile,$adminstyle;
if(empty($adminstyle)) {
$adminstyle = ‘dedecms’;
}
$_SESSION[$this->keepUserIDTag] = $this->keepUserIDTag;
$_SESSION[$this->keepUserIDTag] = $this->userID;
$_SESSION[$this->keepUserTypeTag] = $this->keepUserTypeTag;
$_SESSION[$this->keepUserTypeTag] = $this->userType;
$_SESSION[$this->keepUserChannelTag] = $this->keepUserChannelTag;
$_SESSION[$this->keepUserChannelTag] = $this->userChannel;
$_SESSION[$this->keepUserNameTag] = $this->keepUserNameTag;
$_SESSION[$this->keepUserNameTag] = $this->userName;
$_SESSION[$this->keepUserPurviewTag] = $this->keepUserPurviewTag;
$_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
$_SESSION[$this->keepAdminStyleTag] = $this->keepAdminStyleTag;
$_SESSION[$this->keepAdminStyleTag] = $adminstyle;
PutCookie(‘DedeUserID’, $this->userID, 3600 * 24, ‘/’);
PutCookie(‘DedeLoginTime’, time(), 3600 * 24, ‘/’);
$this->ReWriteAdminChannel();
return 1;

}
else
{
return -1;
}
}

 

成功解决!

通过清心醉

Fatal error: Call to undefined function ParCv() in C:\xampp\htdocs\include\dedesql.class.php on line 489

发现很多网络公司除了电子商城的使用,其他的就是CMS的使用了,而且DEDE的CMS基本是首选。 利用空余时间尝试安装了下,结果提示错误:

Fatal error: Call to undefined function ParCv() in C:\xampp\htdocs\include\dedesql.class.php on line 489

好吧,找不到ParCv方法。

直接ZENd F3抓去到了代码数据

require_once ‘common.func.php’;

问题搞定!

原因估计是经过其他高手进行修改,然后忘记包含或者其他文件包含错误的关系,详细的没去进行代码跟踪。

通过清心醉

织梦dedecms操作平台的编码问题

织梦dedecms的PHP平台,默认不支持高版本的PHP,如5.3以上的版本,会出错版本过高不显示以及中文输入不显示的问题,本文针对作者架设一个织梦的平台代码,后台发布文章引发的标题不能为空进行代码修改。

在php5.4中htmlspecialchars默认编码为utf8编码,gbk的中文信编码经 htmlspecialchars 转义后字符串的中文字符串为空,也就是标题为空,所以只需添加ENT_COMPAT ,’GB2312’参数修改为编码的默认值即可,方法如下:

打开dede/article_add.php和dede/article_edit.php两个文件

找到变量$title

$title = htmlspecialchars(cn_substrR($title,$cfg_title_maxlen));

修改为:$title = htmlspecialchars(cn_substrR($title,$cfg_title_maxlen),ENT_COMPAT ,’GB2312′);

 

然后:

打开 include/ckeditor/ckeditor_php5.php 文件
将htmlspecialchars($value)修改为htmlspecialchars($value, ENT_COMPAT ,’GB2312′)