业务经理

微信扫描以上二维码

028-61286886

在线咨询

全部问题 求助问题 分享经验 开发需求
迅睿框架 版主:迅睿框架研发组
云服务器提示木马
心如意
类型:迅睿CMS 更新时间:2020-12-16 17:01:52

云服务器提示木马

【腾讯云】尊敬的用户,您的服务器xxxxx检测到存在未处理的/www/wwwroot/xxxx/dayrui/Fcms/Control/Member/Form.php木马文件。您的服务器疑似被黑客入侵,请及时登录主机安全控制台 (https://tencentcs.com/GGxotbf6 )处理相关安全事件,并开通主机安全专业版防护。


请问这个是误判还是中马了?

下面是这个Form.php的源代码

<?php namespace Phpcmf\Member;

/**
 * http://www.xunruicms.com
 * 本文件是框架系统文件,二次开发时不可以修改本文件,可以通过继承类方法来重写此文件
 **/


// 网站表单操作类 基于 Ftable
class Form extends \Phpcmf\Table
{
    protected $form;
    protected $_is_post;
    protected $_is_edit;
    protected $_is_delete;

    // 上级公共类
    public function __construct(...$params) {
        parent::__construct(...$params);
        $this->_Extend_Init();
    }

    // 继承类初始化
    protected function _Extend_Init() {
        // 判断表单是否操作
        $cache = \Phpcmf\Service::L('cache')->get('form-'.SITE_ID);
        $this->form = $cache[\Phpcmf\Service::L('Router')->class];
        if (!$this->form) {
            $this->_admin_msg(0, dr_lang('网站表单【%s】不存在', \Phpcmf\Service::L('Router')->class));
        } elseif (!$this->form['setting']['is_member']) {
            $this->_msg(0, dr_lang('网站表单【%s】没有开启管理内容功能', \Phpcmf\Service::L('Router')->class));
        }
        // 支持附表存储
        $this->is_data = 1;
        // 模板前缀(避免混淆)
        $this->tpl_prefix = 'form_';
        // 单独模板命名
        $this->tpl_name = $this->form['table'];
        // 表单显示名称
        $this->name = dr_lang('网站表单(%s)', $this->form['name']);
        // 初始化数据表
        $this->_init([
            'table' => SITE_ID.'_form_'.$this->form['table'],
            'field' => $this->form['field'],
            'date_field' => 'inputtime',
            'show_field' => 'title',
            'list_field' => $this->form['setting']['list_field'],
            'order_by' => 'displayorder DESC,inputtime DESC',
            'where_list' => 'uid='.$this->uid,
        ]);
        $this->edit_where = $this->delete_where = 'uid='.$this->uid;
        // 无权限发布表单
        if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'add', $this->member)) {
            $this->_is_post = 0;
        } else {
            $this->_is_post = 1;
        }
        // 修改权限
        if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'edit', $this->member)) {
            $this->_is_edit = 0;
        } else {
            $this->_is_edit = 1;
        }
        // 删除权限
        if (!\Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'del', $this->member)) {
            $this->_is_delete = 0;
        } else {
            $this->_is_delete = 1;
        }
        // 是否有验证码
        $this->is_post_code = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'code', $this->member);

        \Phpcmf\Service::V()->assign([
            'field' => $this->init['field'],
            'form_list' => $cache,
            'form_name' => $this->form['name'],
            'form_table' => $this->form['table'],
            'is_delete' => $this->_is_delete,
            'is_post' => $this->_is_post,
            'is_edit' => $this->_is_edit,
            'is_post_code' => $this->is_post_code,
        ]);


    }

    // 添加表单内容
    protected function _Member_Add() {
        list($tpl) = $this->_Post(0);
        \Phpcmf\Service::V()->display($tpl);
    }

    // 修改表单内容
    protected function _Member_Edit() {
        $id = intval(\Phpcmf\Service::L('input')->get('id'));
        list($tpl, $data) = $this->_Post($id);
        !$data && $this->_msg(0, dr_lang('数据不存在: '.$id));
        \Phpcmf\Service::V()->display($tpl);
    }

    // 查看表单列表
    protected function _Member_List() {
        list($tpl) = $this->_List();
        return \Phpcmf\Service::V()->display($tpl);
    }

    // 删除表单内容
    protected function _Member_Del() {
        $this->_Del(
            \Phpcmf\Service::L('input')->get_post_ids(),
            null,
            function ($rows) {
                // 对应删除提醒
                foreach ($rows as $t) {
                    \Phpcmf\Service::M('member')->delete_admin_notice('form/'.$this->form['table'].'_verify/edit:id/'.$t['id'], SITE_ID);
                    \Phpcmf\Service::M('member')->delete_admin_notice('form/'.$this->form['table'].'/edit:id/'.$t['id'], SITE_ID);
                    \Phpcmf\Service::L('cache')->clear('from_'.$this->form['table'].'_show_id_'.$t['id']);
                }

            },
            \Phpcmf\Service::M()->dbprefix($this->init['table'])
        );
    }


    // 后台批量保存排序值
    protected function _Member_Order() {
        $this->_Display_Order(
            intval(\Phpcmf\Service::L('input')->get('id')),
            intval(\Phpcmf\Service::L('input')->get('value'))
        );
    }

    /**
     * 获取内容
     * $id      内容id,新增为0
     * */
    protected function _Data($id = 0) {

        $data = parent::_Data($id);
        if ($data && $data['uid'] != $this->uid) {
            return [];
        }

        return $data;
    }

    // 格式化保存数据 保存之前
    protected function _Format_Data($id, $data, $old) {


        // 新增数据
        if (!$old) {
            if ($this->uid) {
                // 判断日发布量

                $day_post = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'day_post', $this->member);
                if ($day_post && \Phpcmf\Service::M()->db
                        ->table($this->init['table'])
                        ->where('uid', $this->uid)
                        ->where('DATEDIFF(from_unixtime(inputtime),now())=0')
                        ->countAllResults() >= $day_post) {
                    $this->_json(0, dr_lang('每天发布数量不能超过%s个', $day_post));
                }

                // 判断发布总量
                $total_post = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'total_post', $this->member);
                if ($total_post && \Phpcmf\Service::M()->db
                        ->table($this->init['table'])
                        ->where('uid', $this->uid)
                        ->countAllResults() >= $total_post) {
                    $this->_json(0, dr_lang('发布数量不能超过%s个', $total_post));
                }
            }
   // 审核状态
   $data[1]['status'] = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'verify', $this->member) ? 0 : 1;

            // 默认数据
            $data[0]['uid'] = $data[1]['uid'] = (int)$this->member['uid'];
            $data[1]['author'] = $this->member['username'] ? $this->member['username'] : 'guest';
            $data[1]['inputip'] = \Phpcmf\Service::L('input')->ip_address();
            $data[1]['inputtime'] = SYS_TIME;
            $data[1]['tableid'] = $data[1]['displayorder'] = 0;
        } else {
   // 修改时
   // 审核状态
   $data[1]['status'] = \Phpcmf\Service::M('member_auth')->form_auth($this->form['id'], 'verify2', $this->member) ? 0 : 1;
  }


        return $data;
    }

    /**
     * 保存内容
     * $id      内容id,新增为0
     * $data    提交内容数组,留空为自动获取
     * $func    格式化提交的数据
     * */
    protected function _Save($id = 0, $data = [], $old = [], $func = null, $func2 = null) {

        return parent::_Save($id, $data, $old, null,
            function ($id, $data, $old) {
                if (!$old) {
                    // 首次 发布

                    // 提醒通知
                    if ($this->form['setting']['notice']['use']) {
                        if ($this->form['setting']['notice']['username']) {
                            $arr = explode(',', $this->form['setting']['notice']['username']);
                            foreach ($arr as $username) {
                                $user = dr_member_username_info($username);
                                if (!$user) {
                                    log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但通知人用户名['.$username.']有误');
                                } else {
                                    \Phpcmf\Service::L('Notice')->send_notice_user('form_'.$this->form['table'].'_post', $user['id'], dr_array2array($data[1], $data[0]), $this->form['setting']['notice']);
                                }
                            }
                        } else {
                            log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但未设置通知人');
                        }
                    }

                }
                if (!$data[1]['status']) {
                    // 审核
                    \Phpcmf\Service::M('member')->admin_notice(SITE_ID, 'content', $this->member, dr_lang('%s提交审核', $this->form['name']), 'form/'.$this->form['table'].'_verify/edit:id/'.$data[1]['id'], SITE_ID);
                    $data['url'] = $this->form['setting']['rt_url'];
                    $this->_json($data[1]['id'], dr_lang('操作成功,等待管理员审核'), $data);
                }

                // 挂钩点
                \Phpcmf\Hooks::trigger('form_post_after', dr_array2array($data[1], $data[0]));
                $this->_json($data[1]['id'], dr_lang('操作成功'), $data);
            }
        );
    }

}


回帖
  • 迅睿框架技术-实习
    #1楼    迅睿框架技术-实习
    2020-12-01 15:44:11
    小米手机 0
    升级最新版
    满意答案
  • 西门口
    #2楼    西门口
    2020-12-01 15:45:20
    Chrome 0 
        log_message('error', '网站表单【'.$this->form['name'].'】已开启通知提醒,但通知人用户名['.$username.']有误');
    把这一行去掉就不会报了
  • 王小五
    #3楼    王小五
    2020-12-01 16:07:43
    Chrome 0 
    用户名    可能是敏感词
  • 心如意
    #4楼    心如意
    2020-12-16 17:01:52
    Chrome 0
    @迅睿框架技术-实习:1234555555666