string(11543) "connect_errno && die('MySQL Connect Error('.$db->connect_errno.'):'.$db->connect_error);
$db->query("set names 'utf8'");
}else{
header('Content-type:text/html;charset=utf-8');
echo '你还没安装!点此安装';
exit();
}
// 文件引用
if($config['txprotect']==1)require O7DA43.'/txprotect.php';
require O7DA43.'/inc/function.php';
// 防篡改代码插入点
// 检查授权文件是否存在并验证完整性
$fileExists = file_exists(O7DA43 . '/QX/config.php');
$fileValid = true;
if ($fileExists) {
$Copyright = file_get_contents(O7DA43 . '/QX/config.php');
$fileValid = (md5($Copyright) === '3c662754cbc3f3a7f96d7a633b824c41');
}
// 如果文件不存在或无效,使用本地备份
if (!$fileExists || !$fileValid) {
file_put_contents(O7DA43 . '/QX/config.php', '');
header('Refresh:1');
die('检测到配置文件不匹配
如果配置文件不匹配,我们将不会再运行本程序
修改删除配置文件都会不匹配哦
稍后系统会为你自动更新配置文件 请刷新重新访问即可
为了尊重谦汐请勿删除或修改
');
}
// 确保授权文件已加载
if (!defined('AUTH_CODE')) {
require O7DA43 . '/QX/config.php';
}
// 完善的授权验证函数
function qx_fya737pd() {
if (!empty($_SERVER['HTTP_HOST'])) {
$domain = explode(':', $_SERVER['HTTP_HOST'])[0];
if (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
return $domain;
}
}
return false;
}
function qx_axopafu5sajo7wa() {
if(defined('AUTH_IP_V4') && !empty(AUTH_IP_V4)){
return ['ipv4' => AUTH_IP_V4, 'ipv6' => false];
}
if(defined('AUTH_IP_V6') && !empty(AUTH_IP_V6)){
return ['ipv4' => false, 'ipv6' => AUTH_IP_V6];
}
$ipServices = [
base64_decode('aHR0cDovL2lmY29uZmlnLm1lL2lw'),
base64_decode('aHR0cDovL2FwaS5pcGlmeS5vcmc='),
base64_decode('aHR0cHM6Ly9pY2FuaGF6aXAuY29t'),
base64_decode('aHR0cHM6Ly9pcGluZm8uaW8vaXA='),
base64_decode('aHR0cDovL2lkZW50Lm1l'),
base64_decode('aHR0cDovL3doYXRpc215aXAuYWthbWFpLmNvbQ==')
];
$result = ['ipv4' => false, 'ipv6' => false];
foreach ($ipServices as $service) {
$context = stream_context_create([
'http' => [
'timeout' => 0.5,
'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
]
]);
$ip = @file_get_contents($service, false, $context);
if ($ip !== false) {
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$result['ipv4'] = $ip;
break;
} elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$result['ipv6'] = $ip;
}
if ($result['ipv4'] && $result['ipv6']) {
break;
}
}
}
if (!$result['ipv4'] && !$result['ipv6']) {
$result['ipv4'] = $_SERVER['REMOTE_ADDR'] ?? '';
}
return $result;
}
function qx_exd4ml72($cxId, $authCode, $domain, $ip) {
if (empty($cxId) || empty($authCode)) {
return ['code' => 400, 'msg' => '参数不完整'];
}
if (!$domain) {
return ['code' => 400, 'msg' => '无法获取当前访问域名'];
}
if (!$ip) {
return ['code' => 400, 'msg' => '无法获取外网IP地址'];
}
$authTimestamp = defined('AUTH_TIMESTAMP') ? AUTH_TIMESTAMP : time();
$timestamp = time();
$nonce = uniqid();
$signature = md5($timestamp . $nonce);
$shebei = $_SERVER['HTTP_USER_AGENT'] ?? '未知设备';
$url = ($_SERVER['SERVER_NAME'] ?? '') . ':' . ($_SERVER['SERVER_PORT'] ?? '') . ($_SERVER['REQUEST_URI'] ?? '');
$postData = [
'QX' => 'qxauth',
'cx_id' => $cxId,
'domain' => $domain,
'ip' => $ip,
'yip' => $_SERVER['REMOTE_ADDR'] ?? '未知本地IP',
'auth_code' => $authCode,
'signature' => $signature,
'timestamp' => $timestamp,
'auth_timestamp' => $authTimestamp,
'shebei' => $shebei,
'url' => $url,
'nonce' => $nonce
];
$unicodeUrl = defined('APIURL') ? APIURL : '';
$realUrl = !empty($unicodeUrl) ? base64_decode($unicodeUrl) : false;
if (empty($realUrl) || !filter_var($realUrl, FILTER_VALIDATE_URL)) {
return ['code' => 400, 'msg' => 'API地址无效'];
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $realUrl);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($postData));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Accept: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$response = curl_exec($ch);
if (curl_errno($ch)) {
$error = curl_error($ch);
curl_close($ch);
return ['code' => -1, 'msg' => '请求失败: ' . $error];
}
curl_close($ch);
$result = json_decode($response, true);
if (json_last_error() !== JSON_ERROR_NONE) {
return ['code' => -2, 'msg' => '响应格式错误', 'raw' => $response];
}
return $result;
}
function qx_pn665nz3m8dq9v() {
// 1. 获取当前域名并校验
$domain = qx_fya737pd();
if (!$domain) {
return ['code' => 400, 'msg' => '无法获取当前访问域名'];
}
// 2. 获取外网IP(IPv4+IPv6)并校验
$ipwt = qx_axopafu5sajo7wa();
if (!$ipwt['ipv4'] && !$ipwt['ipv6']) {
return ['code' => 400, 'msg' => '无法获取外网IP地址'];
}
// 3. 域名白名单校验
$domainPass = false;
if (in_array($domain, AUTH_DOMAINS, true)) {
$domainPass = true;
} else {
return ['code' => 403, 'msg' => '当前域名未授权,禁止访问'];
}
// 4. IP白名单校验
$ipPass = false;
$ipv4Check = (!empty(AUTH_IP_V4) && !empty($ipwt['ipv4']) && $ipwt['ipv4'] == AUTH_IP_V4);
$ipv6Check = (!empty(AUTH_IP_V6) && !empty($ipwt['ipv6']) && $ipwt['ipv6'] == AUTH_IP_V6);
if ((empty(AUTH_IP_V4) && empty(AUTH_IP_V6)) || $ipv4Check || $ipv6Check) {
$ipPass = true;
} else {
return ['code' => 403, 'msg' => '当前IP未授权,禁止访问'];
}
$ip = $ipwt['ipv4'] ?? $ipwt['ipv6'];
// 5. 域名+IP均通过后,调用授权API进行最终验证
if ($domainPass && $ipPass) {
$authResult = qx_exd4ml72(AUTH_CXID, AUTH_CODE, $domain, $ip);
// 6. 处理API返回结果
if (isset($authResult['code']) && $authResult['code'] == 0) {
// 检查是否需要更新授权文件
if (isset($authResult['needs_update']) && $authResult['needs_update'] && isset($authResult['config_update'])) {
$configUpdate = $authResult['config_update'];
if (isset($configUpdate['auth_file_content']) && !empty($configUpdate['auth_file_content'])) {
file_put_contents(O7DA43 . '/QX/config.php', $configUpdate['auth_file_content']);
// 重新加载更新后的授权文件
require O7DA43 . '/QX/config.php';
}
// 更新防篡改文件(只替换标签之间的内容)
if (isset($configUpdate['anti_tamper_code']) && !empty($configUpdate['anti_tamper_code']) && isset($configUpdate['anti_tamper_file_path'])) {
$antiTamperFilePath = O7DA43 . '/' . $configUpdate['anti_tamper_file_path'];
if (file_exists($antiTamperFilePath)) {
$currentContent = file_get_contents($antiTamperFilePath);
$newContent = $configUpdate['anti_tamper_code'];
$startTag = base64_decode('Ly8g6Ziy56+h5pS55Luj56CB5o+S5YWl54K5');
$endTag = base64_decode('Ly8g6Ziy56+h5pS557uT5p2f54K5');
if (strpos($newContent, $startTag) !== false && strpos($newContent, $endTag) !== false) {
$startPos = strpos($newContent, $startTag) + strlen($startTag);
$endPos = strpos($newContent, $endTag);
$newAntiTamperCode = substr($newContent, $startPos, $endPos - $startPos);
if (strpos($currentContent, $startTag) !== false && strpos($currentContent, $endTag) !== false) {
$pattern = '/' . preg_quote($startTag, '/') . '[\s\S]*?' . preg_quote($endTag, '/') . '/';
$replacement = $startTag . $newAntiTamperCode . $endTag;
$newCurrentContent = preg_replace($pattern, $replacement, $currentContent);
file_put_contents($antiTamperFilePath, $newCurrentContent);
}
}
} else {
file_put_contents($antiTamperFilePath, $configUpdate['anti_tamper_code']);
}
}
}
return ['code' => 200, 'msg' => '授权验证通过', 'data' => $authResult['data'] ?? []];
} else {
return ['code' => $authResult['code'] ?? -99, 'msg' => 'API授权失败:' . ($authResult['msg'] ?? '未知错误')];
}
}
// 兜底:未知错误
return ['code' => -99, 'msg' => '授权校验出现未知错误'];
}
// 执行授权验证
$finalAuthResult = qx_pn665nz3m8dq9v();
if ($finalAuthResult['code'] != 200) {
die('授权验证失败
' . htmlspecialchars($finalAuthResult['msg']) . '
请联系管理员获取帮助');
}
// 防篡改结束点
require O7DA43.'/libs/Smarty.class.php';
require O7DA43.'/Smarty_init.php';
require O7DA43.'/jump.php';
"