无忧岛

chrome和火狐打开shtml显示为源码的解决方法

kinglife — Tue, 07 Feb 2012 08:19:08 +0000

今天用帝国cms生成出后缀为shtml的文件
就在我用火狐和chrome查看兼容性的时候意外的发现浏览页面出现的都是源码,而且中文都成乱码了

解决方案:
打开配置文件 httpd.conf 查找

#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml

这两行代码,然后把前面的注释符”#”去掉即可,然后重启apache就可以正常浏览了

帝国cms 添加字段出现 Row size too large…错误的解决方法

kinglife — Tue, 07 Feb 2012 03:48:13 +0000

Row size too large. The maximum row size for the used table type, not counting BLOBs, is 65535. You have to change some columns to TEXT or BLOBs
alter table ***_ecms_infoclass_shop add zz_columnname text not null,add z_columnname varchar(255) not null,add qz_columnname varchar(255) not null,add save_columnname varchar(10) not null;

出现以上错误信息的话不妨到数据库中看看,事实上这不是mysql的问题,而是cms的问题,你可以用mysql的管理工具到数据库的对应表中查看结构,你会发现你添加的字段已经存在mysql表中了,而在帝国cms的表字段管理页中你是看不到这个字段的存在的,这时你需要在mysql中删除那个字段然后再从帝国cms后台重新添加字段.

那么怎么样添加才不会出错?
注意的一个点就是再添加的时候把”采集项”选择为”否”(默认是”是”) 继续添加就不会出现问题了.

帝国CMS 图片集字段在内容页中打散提取全部图片的方法

kinglife — Mon, 06 Feb 2012 11:53:12 +0000



    "  alt="" title=="" />

注: 为图片地址
为图片说明

linux零基础教程 vi编辑器常用命令

kinglife — Sun, 04 Dec 2011 11:32:57 +0000

以前从未使用过linux,一直想彻底的去下定决心学习学习,但是因为手上又没有linux的工作学习环境,以前用的linux主机一直是虚拟主机,由服务商把环境完全配置好了,有问题直接就跟服务商反馈,然后他们给你操作的.

前阵子心血来潮在本地服务器上安装了CentOS5,但是也没来得及去好好系统的学习,前些天因为几个站的备案下不来,于是下狠心把网站搬到国外去,于是找大B买了款512M的linux VPS,正好自己也可以多个学习的机会.

今天在装ECSHOP的时候遇到个问题,安装完毕之后登录后台就会有”您的服务器设置了 open_base_dir 且没有包含 /tmp/，您将无法上传文件。“的错误提示.

网上搜索了一下,不少人遇到这个问题,但是大多教程是让到 “/home/httpd/islandcn.com/conf/” 这个目录去修改名为”kloxo.islandcn.com的配置文件.

我的VPS配置是 CentOS和Kloxo面板,可能因为kloxo的面板的版本问题,我打开到”/home/httpd/islandcn.com/“目录根本找不到conf的目录,下面只有个php.ini,看了下php.ini的配置又完全没问题,里面有一个open_basedir的参数,但是是被注释掉的.

最后用查找功能找到了这个文件的目录在”home/apache/conf/domains/islandcn.com.conf“这里. 于是进去修改保存,重启,问题解决了.

解决”您的服务器设置了 open_base_dir 且没有包含 /tmp/，您将无法上传文件。“问题的办法是在此文件中找到 IfModule mod_php5.c这一项的配置:

php_admin_value open_basedir “/home/httpd/…/httpd/script”
将上面粗体部分改成
改为 open_base_dir (basedir中间加了一个下划线)

下面主要把实现的命令说一下:

1.VI编辑器的进入和退出
进入VI编辑器: vi 文件名
退出VI编辑器: :q! – 不做修改直接退出
:wq 保存后退出等同于 :x

2.文件内容的插入与修改
2.1 光标控制命令

h 光标左移,l 光标右移,j 光标上移,k 光标下移
以上命令在命令符前输入数字n ，则光标会往该方向移n 个字符
2.2 删除命令

x为删除一个字符
2.3 字符插入命令 i

在打开vi编辑器状态之后如果你按下”i” 下面会有 “insert” 的状态提醒,此时你可以在光标处插入你输入的字符.当你不需要插入字符的时候记得按”ESC”来返回来命令模式.

2.4 字符的搜索
搜索命令是”/”,在输入/之后输入你要搜索的关键词,然后回车,如果有多处匹配结果可以用”n”来移动到下一个结果,如果你要返回上一个结果则需要用”N”

2.5 文件的搜索
find搜索,这个命令也是十分重要的,我的配置文件就是用它来找的,面板的类型不一样所以配置文件可能存放的位置也不一样,于是我们需要搜索出文件所在位置加以判断和修改.命令的具体写法是

find -name 文件名(文件名可以写 php.ini 或者 conf等等配置文件名信息)

以上命令足以任意修改文件了,如果确定修改之后需要保存退出,然后重启服务.

更多的教程可以参考此文: http://www.centos.bz/2011/10/linux-file-view-edit/

html静态页的最佳化301转向方法 rel=”canonical”

kinglife — Thu, 10 Nov 2011 06:30:23 +0000

各种动态页的301转向就不用再说了,网上特别多.
但是对于html页面来说,301至今也没有个权威的标准说法.
很多人用js和http-equiv=”refresh”等标签来设置重定向,但是返回的也都是非301状态,今天又试着找了很多资料,得出下面的办法是最佳化的.
先说下rel=”canonical”这个标签吧
这个标签是谷歌首先提出来的,作用是用来规范网页,也就是这么一种情况下使用的:
假设一个产品类目的页面,然后它可能有几种排序方式
A. 按照产品的价格排序我们记录它的地址是: URLA
B. 按照产品上架时间排序我们记录它的地址是: URLB
C. 按照产品的热门度排序我们记录它的地址是: URLC
同样的一类产品可能出现上面几个或者更多的URL,但是实际上对搜索引擎来说它们页面内容除了排序不一样以外,其它实质的内容几乎是相同的.所以这里便出现了规范网页这一说.也就是让你提出一个标准网页.那么这个标签如何使用呢?
假设我们去URLA为标准的规范网页,那么我们只需要在URLB和URLC的HEAD标签中加入

这行代码即可了,这里的URLA就是规范网页的地址,也就是你需要301重定向的地址.这里就完成了网页地址的统一.

那么继续说HTML如何应用这个标签做跳转呢?这里很多朋友可能已经如何实现了.其实很简单,因为从搜索引擎的角度来说,它已经明白你的意图了,还剩下的就是用户体验了.再用html或者js实现一个重定向就可以了.可以采用以下代码:

问题:百度是否支持canonical标签呢?
答案:网上有人无意中做了个实验，发现其实百度也是支持的，让所有产品页面加上都加上rel=”canonical” 并且指向首页，结果在百度的收录数目减少了2万条，产品页面撤了该标签以后，收录恢复，所以其实百度也支持rel=”canonical”

更多参考资料
谷歌关于rel=”canonical”的详细说明

timthumb.php 缩略图处理利器

kinglife — Thu, 20 Oct 2011 03:38:15 +0000

先说一下timthumb吧

timthumb.php是一个非常流行的Wordpress的缩略图脚本。通过timthumb.php这个插件脚本，可以方便的实现动态图像裁剪、缩放和调整。很多Wordpress杂志类型的主题都用到它，国外主题普遍采用该脚本自动生成缩略图，使用非常方便。

该项目地址:http://code.google.com/p/timthumb/

补充说明下:应用timthumb的缩略图地址及参数:

http://www.dongcheng.cc/wp-content/themes/corporattica/scripts/timthumb.php?src=http://www.dongcheng.cc/wp-content/uploads/2011/06/XSP-BM22AY.jpg&h=150&w=200&zc=1

譬如我网站中这个主题所应用的缩略图
timthumb.php?src=这里是图片地址&h=高度&w=宽度&zc=是否裁剪

一个问题:今天突然发现所有用到它的图片都不显示了,也就是上面的地址格式的图片都不显示了.由于我的wordpress采用了一个备份插件:BackUpWordPress ,这个插件很好使,个人极力推荐,它可以把站点目录跟数据库全部打包备份,可以每天定期备份,因为定期备份的关系我的虚拟主机空间不够了,所以起初我认为是空间受限的缘故无法生成出缩略图的原因导致的,但是把备份的打包文件全删除了也没见效果.

于是又接着找原因才发现我的timthumb.php的版本太低了是1.09的版本,用谷歌查了下这个版本有安全漏洞,大概漏洞描述为

黑客可以利用这个漏洞（大概是调用外部图像时验证上有缺陷而产生的漏洞），上传任意恶意程序到你的网站，而且作者的网站已被黑客入侵。

于是开始升级到最新版本,升级很简单直接把新文件替换掉源文件就可以了(建议备份原文件).然后就一切正常了…下面附上最新版的代码,当然也可以在谷歌代码的项目上获取.


 /dev/null 2>&1 &
	Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
	You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
	You will also need to take responsibility for server security if you're running Xvfb as root. 

*/
if(! defined('WEBSHOT_ENABLED') ) 	define ('WEBSHOT_ENABLED', false);			//Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
if(! defined('WEBSHOT_CUTYCAPT') ) 	define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
if(! defined('WEBSHOT_XVFB') ) 		define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run');		//The path to the Xvfb server
if(! defined('WEBSHOT_SCREEN_X') ) 	define ('WEBSHOT_SCREEN_X', '1024');			//1024 works ok
if(! defined('WEBSHOT_SCREEN_Y') ) 	define ('WEBSHOT_SCREEN_Y', '768');			//768 works ok
if(! defined('WEBSHOT_COLOR_DEPTH') ) 	define ('WEBSHOT_COLOR_DEPTH', '24');			//I haven't tested anything besides 24
if(! defined('WEBSHOT_IMAGE_FORMAT') ) 	define ('WEBSHOT_IMAGE_FORMAT', 'png');			//png is about 2.5 times the size of jpg but is a LOT better quality
if(! defined('WEBSHOT_TIMEOUT') ) 	define ('WEBSHOT_TIMEOUT', '20');			//Seconds to wait for a webshot
if(! defined('WEBSHOT_USER_AGENT') ) 	define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true);			//Setting to false might give you a slight speedup and block ads. But it could cause other issues.
if(! defined('WEBSHOT_JAVA_ON') ) 	define ('WEBSHOT_JAVA_ON', false);			//Have only tested this as fase
if(! defined('WEBSHOT_PLUGINS_ON') ) 	define ('WEBSHOT_PLUGINS_ON', true);			//Enable flash and other plugins
if(! defined('WEBSHOT_PROXY') ) 	define ('WEBSHOT_PROXY', '');				//In case you're behind a proxy server.
if(! defined('WEBSHOT_XVFB_RUNNING') )	define ('WEBSHOT_XVFB_RUNNING', false);			//ADVANCED: Enable this if you've got Xvfb running in the background.

// If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
if(! isset($ALLOWED_SITES)){
	$ALLOWED_SITES = array (
		'flickr.com',
		'picasa.com',
		'img.youtube.com',
		'upload.wikimedia.org',
		'photobucket.com',
		'imgur.com',
		'imageshack.us',
		'tinypic.com',
	);
}
// -------------------------------------------------------------
// -------------- STOP EDITING CONFIGURATION HERE --------------
// -------------------------------------------------------------

timthumb::start();

class timthumb {
	protected $src = "";
	protected $is404 = false;
	protected $docRoot = "";
	protected $lastURLError = false;
	protected $localImage = "";
	protected $localImageMTime = 0;
	protected $url = false;
	protected $myHost = "";
	protected $isURL = false;
	protected $cachefile = '';
	protected $errors = array();
	protected $toDeletes = array();
	protected $cacheDirectory = '';
	protected $startTime = 0;
	protected $lastBenchTime = 0;
	protected $cropTop = false;
	protected $salt = "";
	protected $fileCacheVersion = 1; //Generally if timthumb.php is modifed (upgraded) then the salt changes and all cache files are recreated. This is a backup mechanism to force regen.
	protected $filePrependSecurityBlock = "handleErrors();
		$tim->securityChecks();
		if($tim->tryBrowserCache()){
			exit(0);
		}
		$tim->handleErrors();
		if(FILE_CACHE_ENABLED && $tim->tryServerCache()){
			exit(0);
		}
		$tim->handleErrors();
		$tim->run();
		$tim->handleErrors();
		exit(0);
	}
	public function __construct(){
		global $ALLOWED_SITES;
		$this->startTime = microtime(true);
		date_default_timezone_set('UTC');
		$this->debug(1, "Starting new request from " . $this->getIP() . " to " . $_SERVER['REQUEST_URI']);
		$this->calcDocRoot();
		//On windows systems I'm assuming fileinode returns an empty string or a number that doesn't change. Check this.
		$this->salt = @filemtime(__FILE__) . '-' . @fileinode(__FILE__);
		$this->debug(3, "Salt is: " . $this->salt);
		if(FILE_CACHE_DIRECTORY){
			if(! is_dir(FILE_CACHE_DIRECTORY)){
				@mkdir(FILE_CACHE_DIRECTORY);
				if(! is_dir(FILE_CACHE_DIRECTORY)){
					$this->error("Could not create the file cache directory.");
					return false;
				}
			}
			$this->cacheDirectory = FILE_CACHE_DIRECTORY;
			if (!touch($this->cacheDirectory . '/index.html')) {
				$this->error("Could note create the index.html file.");
			}
		} else {
			$this->cacheDirectory = sys_get_temp_dir();
		}
		//Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
		$this->cleanCache();

		$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
		$this->src = $this->param('src');
		$this->url = parse_url($this->src);
		if(strlen($this->src) <= 3){
			$this->error("No image specified");
			return false;
		}
		if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
			// base64 encoded red image that says 'no hotlinkers'
			// nothing to worry about! :)
			$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
			header('Content-Type: image/gif');
			header('Content-Length: ' . sizeof($imgData));
			header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
			header("Pragma: no-cache");
			header('Expires: ' . gmdate ('D, d M Y H:i:s', time()));
			echo $imgData;
			return false;
			exit(0);
		}
		if(preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){
			$this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
		}
		if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
			$this->debug(2, "Is a request for an external URL: " . $this->src);
			$this->isURL = true;
		} else {
			$this->debug(2, "Is a request for an internal file: " . $this->src);
		}
		if($this->isURL && (! ALLOW_EXTERNAL)){
			$this->error("You are not allowed to fetch images from an external website.");
			return false;
		}
		if($this->isURL){
			if(ALLOW_ALL_EXTERNAL_SITES){
				$this->debug(2, "Fetching from all external sites is enabled.");
			} else {
				$this->debug(2, "Fetching only from selected external sites is enabled.");
				$allowed = false;
				foreach($ALLOWED_SITES as $site){
					if ((strtolower(substr($this->url['host'],-strlen($site)-1)) === strtolower(".$site")) || (strtolower($this->url['host'])===strtolower($site))) {
						$this->debug(3, "URL hostname {$this->url['host']} matches $site so allowing.");
						$allowed = true;
					}
				}
				if(! $allowed){
					return $this->error("You may not fetch images from that site. To enable this site in timthumb, you can either add it to \$ALLOWED_SITES and set ALLOW_EXTERNAL=true. Or you can set ALLOW_ALL_EXTERNAL_SITES=true, depending on your security needs.");
				}
			}
		}

		$cachePrefix = ($this->isURL ? 'timthumb_ext_' : 'timthumb_int_');
		if($this->isURL){
			$this->cachefile = $this->cacheDirectory . '/' . $cachePrefix . md5($this->salt . $_SERVER ['QUERY_STRING'] . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
		} else {
			$this->localImage = $this->getLocalImagePath($this->src);
			if(! $this->localImage){
				$this->debug(1, "Could not find the local image: {$this->localImage}");
				$this->error("Could not find the internal image you specified.");
				$this->set404();
				return false;
			}
			$this->debug(1, "Local image path is {$this->localImage}");
			$this->localImageMTime = @filemtime($this->localImage);
			//We include the mtime of the local file in case in changes on disk.
			$this->cachefile = $this->cacheDirectory . '/' . $cachePrefix . md5($this->salt . $this->localImageMTime . $_SERVER ['QUERY_STRING'] . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
		}
		$this->debug(2, "Cache file is: " . $this->cachefile);

		return true;
	}
	public function __destruct(){
		foreach($this->toDeletes as $del){
			$this->debug(2, "Deleting temp file $del");
			@unlink($del);
		}
	}
	public function run(){
		if($this->isURL){
			if(! ALLOW_EXTERNAL){
				$this->debug(1, "Got a request for an external image but ALLOW_EXTERNAL is disabled so returning error msg.");
				$this->error("You are not allowed to fetch images from an external website.");
				return false;
			}
			$this->debug(3, "Got request for external image. Starting serveExternalImage.");
			if($this->param('webshot')){
				if(WEBSHOT_ENABLED){
					$this->debug(3, "webshot param is set, so we're going to take a webshot.");
					$this->serveWebshot();
				} else {
					$this->error("You added the webshot parameter but webshots are disabled on this server. You need to set WEBSHOT_ENABLED == true to enable webshots.");
				}
			} else {
				$this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
				$this->serveExternalImage();

			}
		} else {
			$this->debug(3, "Got request for internal image. Starting serveInternalImage()");
			$this->serveInternalImage();
		}
		return true;
	}
	protected function handleErrors(){
		if($this->haveErrors()){
			if(NOT_FOUND_IMAGE && $this->is404()){
				if($this->serveImg(NOT_FOUND_IMAGE)){
					exit(0);
				} else {
					$this->error("Additionally, the 404 image that is configured could not be found or there was an error serving it.");
				}
			}
			if(ERROR_IMAGE){
				if($this->serveImg(ERROR_IMAGE)){
					exit(0);
				} else {
					$this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
				}
			}

			$this->serveErrors();
			exit(0);
		}
		return false;
	}
	protected function tryBrowserCache(){
		if(BROWSER_CACHE_DISABLE){ $this->debug(3, "Browser caching is disabled"); return false; }
		if(!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ){
			$this->debug(3, "Got a conditional get");
			$mtime = false;
			//We've already checked if the real file exists in the constructor
			if(! is_file($this->cachefile)){
				//If we don't have something cached, regenerate the cached image.
				return false;
			}
			if($this->localImageMTime){
				$mtime = $this->localImageMTime;
				$this->debug(3, "Local real file's modification time is $mtime");
			} else if(is_file($this->cachefile)){ //If it's not a local request then use the mtime of the cached file to determine the 304
				$mtime = @filemtime($this->cachefile);
				$this->debug(3, "Cached file's modification time is $mtime");
			}
			if(! $mtime){ return false; }

			$iftime = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
			$this->debug(3, "The conditional get's if-modified-since unixtime is $iftime");
			if($iftime < 1){
				$this->debug(3, "Got an invalid conditional get modified since time. Returning false.");
				return false;
			}
			if($iftime < $mtime){ //Real file or cache file has been modified since last request, so force refetch.
				$this->debug(3, "File has been modified since last fetch.");
				return false;
			} else { //Otherwise serve a 304
				$this->debug(3, "File has not been modified since last get, so serving a 304.");
				header ($_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified');
				$this->debug(1, "Returning 304 not modified");
				return true;
			}
		}
		return false;
	}
	protected function tryServerCache(){
		$this->debug(3, "Trying server cache");
		if(file_exists($this->cachefile)){
			$this->debug(3, "Cachefile {$this->cachefile} exists");
			if($this->isURL){
				$this->debug(3, "This is an external request, so checking if the cachefile is empty which means the request failed previously.");
				if(filesize($this->cachefile) < 1){
					$this->debug(3, "Found an empty cachefile indicating a failed earlier request. Checking how old it is.");
					//Fetching error occured previously
					if(time() - @filemtime($this->cachefile) > WAIT_BETWEEN_FETCH_ERRORS){
						$this->debug(3, "File is older than " . WAIT_BETWEEN_FETCH_ERRORS . " seconds. Deleting and returning false so app can try and load file.");
						@unlink($this->cachefile);
						return false; //to indicate we didn't serve from cache and app should try and load
					} else {
						$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
						$this->set404();
						$this->error("An error occured fetching image.");
						return false;
					}
				}
			} else {
				$this->debug(3, "Trying to serve cachefile {$this->cachefile}");
			}
			if($this->serveCacheFile()){
				$this->debug(3, "Succesfully served cachefile {$this->cachefile}");
				return true;
			} else {
				$this->debug(3, "Failed to serve cachefile {$this->cachefile} - Deleting it from cache.");
				//Image serving failed. We can't retry at this point, but lets remove it from cache so the next request recreates it
				@unlink($this->cachefile);
				return true;
			}
		}
	}
	protected function error($err){
		$this->debug(3, "Adding error message: $err");
		$this->errors[] = $err;
		return false;

	}
	protected function haveErrors(){
		if(sizeof($this->errors) > 0){
			return true;
		}
		return false;
	}
	protected function serveErrors(){
		$html = '';
		foreach($this->errors as $err){
			$html .= '' . htmlentities($err) . '';
		}
		$html .= '';
		header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
		echo 'A TimThumb error has occured
The following error(s) occured:
' . $html . '
';
		echo '
Query String : ' . htmlentities ($_SERVER['QUERY_STRING']);
		echo '
TimThumb version : ' . VERSION . '

'; } protected function serveInternalImage(){ $this->debug(3, "Local image path is $this->localImage"); if(! $this->localImage){ $this->sanityFail("localImage not set after verifying it earlier in the code."); return false; } $fileSize = filesize($this->localImage); if($fileSize > MAX_FILE_SIZE){ $this->error("The file you specified is greater than the maximum allowed file size."); return false; } if($fileSize <= 0){ $this->error("The file you specified is <= 0 bytes."); return false; } $this->debug(3, "Calling processImageAndWriteToCache() for local image."); if($this->processImageAndWriteToCache($this->localImage)){ $this->serveCacheFile(); return true; } else { return false; } } protected function cleanCache(){ $this->debug(3, "cleanCache() called"); $lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch'; //If this is a new timthumb installation we need to create the file if(! is_file($lastCleanFile)){ $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile"); if (!touch($lastCleanFile)) { $this->error("Could note create cache clean timestamp file."); } return; } if(@filemtime($lastCleanFile) < (time() - FILE_CACHE_TIME_BETWEEN_CLEANS) ){ //Cache was last cleaned more than 1 day ago $this->debug(1, "Cache was last cleaned more than " . FILE_CACHE_TIME_BETWEEN_CLEANS . " seconds ago. Cleaning now."); // Very slight race condition here, but worst case we'll have 2 or 3 servers cleaning the cache simultaneously once a day. if (!touch($lastCleanFile)) { $this->error("Could note create cache clean timestamp file."); } $files = glob($this->cacheDirectory . '/*' . FILE_CACHE_SUFFIX); $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE; foreach($files as $file){ if(@filemtime($file) < $timeAgo){ $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds"); @unlink($file); } } return true; } else { $this->debug(3, "Cache was cleaned less than " . FILE_CACHE_TIME_BETWEEN_CLEANS . " seconds ago so no cleaning needed."); } return false; } protected function processImageAndWriteToCache($localImage){ $sData = getimagesize($localImage); $origType = $sData[2]; $mimeType = $sData['mime']; $this->debug(3, "Mime type of image is $mimeType"); if(! preg_match('/^image\/(?:gif|jpg|jpeg|png)$/i', $mimeType)){ return $this->error("The image being resized is not a valid gif, jpg or png."); } if (!function_exists ('imagecreatetruecolor')) { return $this->error('GD Library Error: imagecreatetruecolor does not exist - please contact your webhost and ask them to install the GD library'); } if (function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { $imageFilters = array ( 1 => array (IMG_FILTER_NEGATE, 0), 2 => array (IMG_FILTER_GRAYSCALE, 0), 3 => array (IMG_FILTER_BRIGHTNESS, 1), 4 => array (IMG_FILTER_CONTRAST, 1), 5 => array (IMG_FILTER_COLORIZE, 4), 6 => array (IMG_FILTER_EDGEDETECT, 0), 7 => array (IMG_FILTER_EMBOSS, 0), 8 => array (IMG_FILTER_GAUSSIAN_BLUR, 0), 9 => array (IMG_FILTER_SELECTIVE_BLUR, 0), 10 => array (IMG_FILTER_MEAN_REMOVAL, 0), 11 => array (IMG_FILTER_SMOOTH, 0), ); } // get standard input properties $new_width = (int) abs ($this->param('w', 0)); $new_height = (int) abs ($this->param('h', 0)); $zoom_crop = (int) $this->param('zc', 1); $quality = (int) abs ($this->param('q', 90)); $align = $this->cropTop ? 't' : $this->param('a', 'c'); $filters = $this->param('f', ''); $sharpen = (bool) $this->param('s', 0); $canvas_color = $this->param('cc', 'ffffff'); // set default width and height if neither are set already if ($new_width == 0 && $new_height == 0) { $new_width = 100; $new_height = 100; } // ensure size limits can not be abused $new_width = min ($new_width, MAX_WIDTH); $new_height = min ($new_height, MAX_HEIGHT); // set memory limit to be able to have enough space to resize larger images $this->setMemoryLimit(); // open the existing image $image = $this->openImage ($mimeType, $localImage); if ($image === false) { return $this->error('Unable to open image.'); } // Get original width and height $width = imagesx ($image); $height = imagesy ($image); $origin_x = 0; $origin_y = 0; // generate new w/h if not provided if ($new_width && !$new_height) { $new_height = floor ($height * ($new_width / $width)); } else if ($new_height && !$new_width) { $new_width = floor ($width * ($new_height / $height)); } // scale down and add borders if ($zoom_crop == 3) { $final_height = $height * ($new_width / $width); if ($final_height > $new_height) { $new_width = $width * ($new_height / $height); } else { $new_height = $final_height; } } // create a new true color image $canvas = imagecreatetruecolor ($new_width, $new_height); imagealphablending ($canvas, false); if (strlen ($canvas_color) < 6) { $canvas_color = 'ffffff'; } $canvas_color_R = hexdec (substr ($canvas_color, 0, 2)); $canvas_color_G = hexdec (substr ($canvas_color, 2, 2)); $canvas_color_B = hexdec (substr ($canvas_color, 2, 2)); // Create a new transparent color for image $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127); // Completely fill the background of the new image with allocated color. imagefill ($canvas, 0, 0, $color); // scale down and add borders if ($zoom_crop == 2) { $final_height = $height * ($new_width / $width); if ($final_height > $new_height) { $origin_x = $new_width / 2; $new_width = $width * ($new_height / $height); $origin_x = round ($origin_x - ($new_width / 2)); } else { $origin_y = $new_height / 2; $new_height = $final_height; $origin_y = round ($origin_y - ($new_height / 2)); } } // Restore transparency blending imagesavealpha ($canvas, true); if ($zoom_crop > 0) { $src_x = $src_y = 0; $src_w = $width; $src_h = $height; $cmp_x = $width / $new_width; $cmp_y = $height / $new_height; // calculate x or y coordinate and width or height of source if ($cmp_x > $cmp_y) { $src_w = round ($width / $cmp_x * $cmp_y); $src_x = round (($width - ($width / $cmp_x * $cmp_y)) / 2); } else if ($cmp_y > $cmp_x) { $src_h = round ($height / $cmp_y * $cmp_x); $src_y = round (($height - ($height / $cmp_y * $cmp_x)) / 2); } // positional cropping! if ($align) { if (strpos ($align, 't') !== false) { $src_y = 0; } if (strpos ($align, 'b') !== false) { $src_y = $height - $src_h; } if (strpos ($align, 'l') !== false) { $src_x = 0; } if (strpos ($align, 'r') !== false) { $src_x = $width - $src_w; } } imagecopyresampled ($canvas, $image, $origin_x, $origin_y, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h); } else { // copy and resize part of an image with resampling imagecopyresampled ($canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); } if ($filters != '' && function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { // apply filters to image $filterList = explode ('|', $filters); foreach ($filterList as $fl) { $filterSettings = explode (',', $fl); if (isset ($imageFilters[$filterSettings[0]])) { for ($i = 0; $i < 4; $i ++) { if (!isset ($filterSettings[$i])) { $filterSettings[$i] = null; } else { $filterSettings[$i] = (int) $filterSettings[$i]; } } switch ($imageFilters[$filterSettings[0]][1]) { case 1: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]); break; case 2: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]); break; case 3: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]); break; case 4: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3], $filterSettings[4]); break; default: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0]); break; } } } } // sharpen image if ($sharpen && function_exists ('imageconvolution')) { $sharpenMatrix = array ( array (-1,-1,-1), array (-1,16,-1), array (-1,-1,-1), ); $divisor = 8; $offset = 0; imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset); } //Straight from WordPress core code. Reduces filesize by up to 70% for PNG's if ( (IMAGETYPE_PNG == $origType || IMAGETYPE_GIF == $origType) && function_exists('imageistruecolor') && !imageistruecolor( $image ) && imagecolortransparent( $image ) > 0 ){ imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) ); } $imgType = ""; $tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_'); if(preg_match('/^image\/(?:jpg|jpeg)$/i', $mimeType)){ $imgType = 'jpg'; imagejpeg($canvas, $tempfile, $quality); } else if(preg_match('/^image\/png$/i', $mimeType)){ $imgType = 'png'; imagepng($canvas, $tempfile, floor($quality * 0.09)); } else if(preg_match('/^image\/gif$/i', $mimeType)){ $imgType = 'gif'; imagegif($canvas, $tempfile); } else { return $this->sanityFail("Could not match mime type after verifying it previously."); } if($imgType == 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){ $exec = OPTIPNG_PATH; $this->debug(3, "optipng'ing $tempfile"); $presize = filesize($tempfile); $out = `$exec -o1 $tempfile`; //you can use up to -o7 but it really slows things down clearstatcache(); $aftersize = filesize($tempfile); $sizeDrop = $presize - $aftersize; if($sizeDrop > 0){ $this->debug(1, "optipng reduced size by $sizeDrop"); } else if($sizeDrop < 0){ $this->debug(1, "optipng increased size! Difference was: $sizeDrop"); } else { $this->debug(1, "optipng did not change image size."); } } else if($imgType == 'png' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){ $exec = PNGCRUSH_PATH; $tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_'); $this->debug(3, "pngcrush'ing $tempfile to $tempfile2"); $out = `$exec $tempfile $tempfile2`; $todel = ""; if(is_file($tempfile2)){ $sizeDrop = filesize($tempfile) - filesize($tempfile2); if($sizeDrop > 0){ $this->debug(1, "pngcrush was succesful and gave a $sizeDrop byte size reduction"); $todel = $tempfile; $tempfile = $tempfile2; } else { $this->debug(1, "pngcrush did not reduce file size. Difference was $sizeDrop bytes."); $todel = $tempfile2; } } else { $this->debug(3, "pngcrush failed with output: $out"); $todel = $tempfile2; } @unlink($todel); } $this->debug(3, "Rewriting image with security header."); $tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_'); $context = stream_context_create (); $fp = fopen($tempfile,'r',0,$context); file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type file_put_contents($tempfile4, $fp, FILE_APPEND); fclose($fp); @unlink($tempfile); $this->debug(3, "Locking and replacing cache file."); $lockFile = $this->cachefile . '.lock'; $fh = fopen($lockFile, 'w'); if(! $fh){ return $this->error("Could not open the lockfile for writing an image."); } if(flock($fh, LOCK_EX)){ @unlink($this->cachefile); //rename generally overwrites, but doing this in case of platform specific quirks. File might not exist yet. rename($tempfile4, $this->cachefile); flock($fh, LOCK_UN); fclose($fh); @unlink($lockFile); } else { fclose($fh); @unlink($lockFile); @unlink($tempfile4); return $this->error("Could not get a lock for writing."); } $this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()"); imagedestroy($canvas); imagedestroy($image); return true; } protected function calcDocRoot(){ $docRoot = @$_SERVER['DOCUMENT_ROOT']; if(!isset($docRoot)){ $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1."); if(isset($_SERVER['SCRIPT_FILENAME'])){ $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF']))); $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot"); } } if(!isset($docRoot)){ $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2."); if(isset($_SERVER['PATH_TRANSLATED'])){ $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF']))); $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot"); } } if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); } $this->debug(3, "Doc root is: " . $docRoot); $this->docRoot = $docRoot; } protected function getLocalImagePath($src){ $src = preg_replace('/^\//', '', $src); //strip off the leading '/' $realDocRoot = realpath($this->docRoot); //See issue 224. Using realpath as a windows fix. if(! $this->docRoot){ $this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that."); //We don't support serving images outside the current dir if we don't have a doc root for security reasons. $file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename. if(is_file($file)){ return realpath($file); } return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons."); } //Do not go past this point without docRoot set //Try src under docRoot if(file_exists ($this->docRoot . '/' . $src)) { $this->debug(3, "Found file as " . $this->docRoot . '/' . $src); $real = realpath($this->docRoot . '/' . $src); if(strpos($real, $realDocRoot) === 0){ return $real; } else { $this->debug(1, "Security block: The file specified occurs outside the document root."); //allow search to continue } } //Check absolute paths and then verify the real path is under doc root $absolute = realpath('/' . $src); if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here $this->debug(3, "Found absolute path: $absolute"); if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); } if(strpos($absolute, $realDocRoot) === 0){ return $absolute; } else { $this->debug(1, "Security block: The file specified occurs outside the document root."); //and continue search } } $base = $this->docRoot; foreach (explode('/', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME'])) as $sub){ $base .= $sub . '/'; $this->debug(3, "Trying file as: " . $base . $src); if(file_exists($base . $src)){ $this->debug(3, "Found file as: " . $base . $src); $real = realpath($base . $src); if(strpos($real, $realDocRoot) === 0){ return $real; } else { $this->debug(1, "Security block: The file specified occurs outside the document root."); //And continue search } } } return false; } protected function toDelete($name){ $this->debug(3, "Scheduling file $name to delete on destruct."); $this->toDeletes[] = $name; } protected function serveWebshot(){ $this->debug(3, "Starting serveWebshot"); $instr = "Please follow the instructions at http://code.google.com/p/timthumb/ to set your server up for taking website screenshots."; if(! is_file(WEBSHOT_CUTYCAPT)){ return $this->error("CutyCapt is not installed. $instr"); } if(! is_file(WEBSHOT_XVFB)){ return $this->Error("Xvfb is not installed. $instr"); } $cuty = WEBSHOT_CUTYCAPT; $xv = WEBSHOT_XVFB; $screenX = WEBSHOT_SCREEN_X; $screenY = WEBSHOT_SCREEN_Y; $colDepth = WEBSHOT_COLOR_DEPTH; $format = WEBSHOT_IMAGE_FORMAT; $timeout = WEBSHOT_TIMEOUT * 1000; $ua = WEBSHOT_USER_AGENT; $jsOn = WEBSHOT_JAVASCRIPT_ON ? 'on' : 'off'; $javaOn = WEBSHOT_JAVA_ON ? 'on' : 'off'; $pluginsOn = WEBSHOT_PLUGINS_ON ? 'on' : 'off'; $proxy = WEBSHOT_PROXY ? ' --http-proxy=' . WEBSHOT_PROXY : ''; $tempfile = tempnam($this->cacheDirectory, 'timthumb_webshot'); $url = $this->src; if(! preg_match('/^https?:\/\/[a-zA-Z0-9\.\-]+/i', $url)){ return $this->error("Invalid URL supplied."); } $url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986 //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC // which AFAIKT can't be used for shell injection. if(WEBSHOT_XVFB_RUNNING){ putenv('DISPLAY=:100.0'); $command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile"; } else { $command = "$xv --server-args=\"-screen 0, {$screenX}x{$screenY}x{$colDepth}\" $cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile"; } $this->debug(3, "Executing command: $command"); $out = `$command`; $this->debug(3, "Received output: $out"); if(! is_file($tempfile)){ $this->set404(); return $this->error("The command to create a thumbnail failed."); } $this->cropTop = true; if($this->processImageAndWriteToCache($tempfile)){ $this->debug(3, "Image processed succesfully. Serving from cache"); return $this->serveCacheFile(); } else { return false; } } protected function serveExternalImage(){ if(! preg_match('/^https?:\/\/[a-zA-Z0-9\-\.]+/i', $this->src)){ $this->error("Invalid URL supplied."); return false; } $tempfile = tempnam($this->cacheDirectory, 'timthumb'); $this->debug(3, "Fetching external image into temporary file $tempfile"); $this->toDelete($tempfile); #fetch file here if(! $this->getURL($this->src, $tempfile)){ @unlink($this->cachefile); touch($this->cachefile); $this->debug(3, "Error fetching URL: " . $this->lastURLError); $this->error("Error reading the URL you specified from remote host." . $this->lastURLError); return false; } $mimeType = $this->getMimeType($tempfile); if(! preg_match("/^image\/(?:jpg|jpeg|gif|png)$/i", $mimeType)){ $this->debug(3, "Remote file has invalid mime type: $mimeType"); @unlink($this->cachefile); touch($this->cachefile); $this->error("The remote file is not a valid image."); return false; } if($this->processImageAndWriteToCache($tempfile)){ $this->debug(3, "Image processed succesfully. Serving from cache"); return $this->serveCacheFile(); } else { return false; } } public static function curlWrite($h, $d){ fwrite(self::$curlFH, $d); self::$curlDataWritten += strlen($d); if(self::$curlDataWritten > MAX_FILE_SIZE){ return 0; } else { return strlen($d); } } protected function serveCacheFile(){ $this->debug(3, "Serving {$this->cachefile}"); if(! is_file($this->cachefile)){ $this->error("serveCacheFile called in timthumb but we couldn't find the cached file."); return false; } $fp = fopen($this->cachefile, 'rb'); if(! $fp){ return $this->error("Could not open cachefile."); } fseek($fp, strlen($this->filePrependSecurityBlock), SEEK_SET); $imgType = fread($fp, 3); fseek($fp, 3, SEEK_CUR); if(ftell($fp) != strlen($this->filePrependSecurityBlock) + 6){ @unlink($this->cachefile); return $this->error("The cached image file seems to be corrupt."); } $imageDataSize = filesize($this->cachefile) - (strlen($this->filePrependSecurityBlock) + 6); $this->sendImageHeaders($imgType, $imageDataSize); $bytesSent = @fpassthru($fp); fclose($fp); if($bytesSent > 0){ return true; } $content = file_get_contents ($this->cachefile); if ($content != FALSE) { $content = substr($content, strlen($this->filePrependSecurityBlock) + 6); echo $content; $this->debug(3, "Served using file_get_contents and echo"); return true; } else { $this->error("Cache file could not be loaded."); return false; } } protected function sendImageHeaders($mimeType, $dataSize){ if(! preg_match('/^image\//i', $mimeType)){ $mimeType = 'image/' . $mimeType; } if(strtolower($mimeType) == 'image/jpg'){ $mimeType = 'image/jpeg'; } $gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT'; $gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT'; // send content headers then display image header ('Content-Type: ' . $mimeType); header ('Accept-Ranges: none'); //Changed this because we don't accept range requests header ('Last-Modified: ' . $gmdate_modified); header ('Content-Length: ' . $dataSize); if(BROWSER_CACHE_DISABLE){ $this->debug(3, "Browser cache is disabled so setting non-caching headers."); header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); header("Pragma: no-cache"); header('Expires: ' . gmdate ('D, d M Y H:i:s', time())); } else { $this->debug(3, "Browser caching is enabled"); header('Cache-Control: max-age=' . BROWSER_CACHE_MAX_AGE . ', must-revalidate'); header('Expires: ' . $gmdate_expires); } return true; } protected function securityChecks(){ } protected function param($property, $default = ''){ if (isset ($_GET[$property])) { return $_GET[$property]; } else { return $default; } } protected function openImage($mimeType, $src){ switch ($mimeType) { case 'image/jpg': //This isn't a valid mime type so we should probably remove it case 'image/jpeg': $image = imagecreatefromjpeg ($src); break; case 'image/png': $image = imagecreatefrompng ($src); break; case 'image/gif': $image = imagecreatefromgif ($src); break; } return $image; } protected function getIP(){ $rem = @$_SERVER["REMOTE_ADDR"]; $ff = @$_SERVER["HTTP_X_FORWARDED_FOR"]; $ci = @$_SERVER["HTTP_CLIENT_IP"]; if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){ if($ff){ return $ff; } if($ci){ return $ci; } return $rem; } else { if($rem){ return $rem; } if($ff){ return $ff; } if($ci){ return $ci; } return "UNKNOWN"; } } protected function debug($level, $msg){ if(DEBUG_ON && $level <= DEBUG_LEVEL){ $execTime = sprintf('%.6f', microtime(true) - $this->startTime); $tick = sprintf('%.6f', 0); if($this->lastBenchTime > 0){ $tick = sprintf('%.6f', microtime(true) - $this->lastBenchTime); } $this->lastBenchTime = microtime(true); error_log("TimThumb Debug line " . __LINE__ . " [$execTime : $tick]: $msg"); } } protected function sanityFail($msg){ return $this->error("There is a problem in the timthumb code. Message: Please report this error at timthumb's bug tracking page: $msg"); } protected function getMimeType($file){ $info = getimagesize($file); if(is_array($info) && $info['mime']){ return $info['mime']; } return ''; } protected function setMemoryLimit(){ $inimem = ini_get('memory_limit'); $inibytes = timthumb::returnBytes($inimem); $ourbytes = timthumb::returnBytes(MEMORY_LIMIT); if($inibytes < $ourbytes){ ini_set ('memory_limit', MEMORY_LIMIT); $this->debug(3, "Increased memory from $inimem to " . MEMORY_LIMIT); } else { $this->debug(3, "Not adjusting memory size because the current setting is " . $inimem . " and our size of " . MEMORY_LIMIT . " is smaller."); } } protected static function returnBytes($size_str){ switch (substr ($size_str, -1)) { case 'M': case 'm': return (int)$size_str * 1048576; case 'K': case 'k': return (int)$size_str * 1024; case 'G': case 'g': return (int)$size_str * 1073741824; default: return $size_str; } } protected function getURL($url, $tempfile){ $this->lastURLError = false; $url = preg_replace('/ /', '%20', $url); if(function_exists('curl_init')){ $this->debug(3, "Curl is installed so using it to fetch URL."); self::$curlFH = fopen($tempfile, 'w'); if(! self::$curlFH){ $this->error("Could not open $tempfile for writing."); return false; } self::$curlDataWritten = 0; $this->debug(3, "Fetching url with curl: $url"); $curl = curl_init($url); curl_setopt ($curl, CURLOPT_TIMEOUT, CURL_TIMEOUT); curl_setopt ($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30"); curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt ($curl, CURLOPT_HEADER, 0); curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite'); @curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true); @curl_setopt ($curl, CURLOPT_MAXREDIRS, 10); $curlResult = curl_exec($curl); fclose(self::$curlFH); $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE); if($httpStatus == 404){ $this->set404(); } if($curlResult){ curl_close($curl); return true; } else { $this->lastURLError = curl_error($curl); curl_close($curl); return false; } } else { $img = @file_get_contents ($url); if($img === false){ $err = error_get_last(); if(is_array($err) && $err['message']){ $this->lastURLError = $err['message']; } else { $this->lastURLError = $err; } if(preg_match('/404/', $this->lastURLError)){ $this->set404(); } return false; } if(! file_put_contents($tempfile, $img)){ $this->error("Could not write to $tempfile."); return false; } return true; } } protected function serveImg($file){ $s = getimagesize($file); if(! ($s && $s['mime'])){ return false; } header ('Content-Type: ' . $s['mime']); header ('Content-Length: ' . filesize($file) ); header ('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); header ("Pragma: no-cache"); $bytes = @readfile($file); if($bytes > 0){ return true; } $content = @file_get_contents ($file); if ($content != FALSE){ echo $content; return true; } return false; } protected function set404(){ $this->is404 = true; } protected function is404(){ return $this->is404; } }

Discuz X2头像上传判断解析

kinglife — Sun, 25 Sep 2011 11:44:47 +0000

首先总结下前一次遇到的一个问题,就是设置了强制上传头像才可以发贴,但是实际上传完头像依然提示需要上传头像
解决方法:打开后台 -> 站长 -> Ucenter设置 ->在”UCenter IP 地址:”这栏写实际IP或者不写即可,默认的是”127.0.0.1″
这里要注意的是别直接打开后台菜单的”Ucenter”,而是左边的”站长”

补充下X2的头像在数据库中的判断,表 “bbs_common_member” 字段 ‘avatarstatus”,默认值是0,如果上传完它会变成1
如果你想批量让会员变成上传过头像的状态只需要运行下面的SQL语句.


UPDATE `bbs_common_member` SET avatarstatus=1 //后面也可以加条件等等

vb.net 2008 添加 drivelistbox,dirlistbox和filelistbox的办法

kinglife — Tue, 02 Aug 2011 10:25:18 +0000

这三个控件在.NET的工具箱里面默认是没有的,需要手工添加
右击工具箱中的任意单元点击选择项
然后在.NET Framework组件中找到对应的选项在前面勾上即可.
附三者的关系代码,三者控件名分别为 drive1 dir1,实现代码:


    Private Sub Drive1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Drive1.SelectedIndexChanged
        Dir1.Path = Drive1.Drive
    End Sub

    Private Sub Dir1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Dir1.SelectedIndexChanged
        File1.Path = Dir1.Path
    End Sub

为什么drupal安装只能选择SQLite数据库?

kinglife — Fri, 22 Jul 2011 04:34:06 +0000

由于drupal使用的是pdo连接数据库，如果没有开启pdo的话，在安装drupal时，不会出现mysql供选择。
解决方法：
打开php.ini
extension=php_pdo.dll
extension=php_pdo_mysql.dll
将前面的注释取消掉以加载pdo
保存后重启服务即可

php_mcrypt.dll无法加载解决方法

kinglife — Tue, 05 Jul 2011 09:19:22 +0000

今天用AppServ搭建了个PHP的环境，无论如何都加载不了php_mcrypt.dll
晚上流传的集中解决办法：
1.php.ini里面查找extension=php_mcrypt.dll,去掉前面的分号”;” ,重启apache.无效(注意:在AppServ中php.ini在dinwos目录下)

2.复制php目录下的libmcrypt.dll到windows/system32目录下,重启IIS ,无效

3.自己总结的办法:试着尝试了一下,将libmcrypt.dll复制到apache的bin目录下,生效

Apache”You don’t have permission to access on this server.”的解决办法

kinglife — Mon, 20 Jun 2011 16:16:51 +0000

打开配置文件httpd.conf,找到下面这行代码

Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from all
Satisfy all

将”deny from all“修改为”allow from all“,变成以下代码

Options FollowSymLinks
AllowOverride None
Order deny,allow
allow from all
Satisfy all

保存后重启apache即可

WordPress国外模板不显示中文字符的解决方法

kinglife — Tue, 07 Jun 2011 08:29:06 +0000

WordPress的国外主题的确非常多毕竟是来是全世界的WordPress设计师和开发者一起参与的
所以别把资源局限在国内的中文主题上.
今天找了个主题,在使用wordpress的一个主题中发现个问题:所有中文字符都不显示了,剩下的只有英文和数字.
于是查了下相关资料整理如下:
如有发现这种情况的主题大多都是用Cufon这种网页文字渲染特效使字体达到更好看的效果.

首先解释下什么是 Cufon：
Cufon 是一个用来替代 sIFR 框架，实现在网页中对文字字体进行渲染功能的纯 JavaScript 开源类库(cufon-yui.js)。
为什么要使用 Cufon：
在web开发中，经常面对的一种“冲突”，即“字体（Font Family）冲突”。
通常的这一冲突总是爆发于 Web 页面的设计者（Designer）和开发者（Coder）之间。在很多场合下，Web 页面的设计者都会倾向于在他们的页面设计稿中，为文字附加使用一些“特殊”的字体和特效，以此来展示他们卓越的设计能力。比如设计一个公司的Logo，图片上的一些特殊字体是从ps字库中调出的，当然这些文字在图片上显示肯定是没有问题的，但是如果要在网页中用文本来显示这些效果，就是会让开发人员抓狂了，因为浏览器并不支持所有的字体，这种情况Cufon就会大显身手了。

由此我们可以看出原来是Cufon在捣乱,因为它不支持中文字体的缘故所以中文字符都无法显示.

那么知道核心问题我们就知道该如何解决了,只要找到对应的目录文件和引用的地方给它删除了就可以了.
一般引用文件基本都是在header.php中,直接用编辑器的查找功能查找关键词”Cufon”即可. 找到引用的哪行然后删除即可.当然为了文件的整洁,多余的文件也可以删除,一般都在js目录中.

网站关闭12天百度权重恢复全过程

kinglife — Mon, 30 May 2011 16:49:00 +0000

本站记录权重恢复过程
记录下自5月13日站点被关闭之后的一些情况
5月13日站点关闭进入备案阶段,独立IP,用IP依然可以访问

5月26日站点恢复正常
百度收录了七百多页的站点收录还剩几十页.
用site命令查看已经不见首页了.
站点依然正常更新.

5月30日站点收录多出几页
用site命令查看已经看到首页,快照停留在5月11日

持续查看更新中.

IETester崩溃的解决方法

kinglife — Thu, 26 May 2011 13:24:44 +0000

用IETester测试IE6老崩溃的解决办法很简单
解决办法：
打开IETESTER——选项——Internet选项——连接——局域网设置——自动检测设置前面的勾去掉，然后重启IeTester即可（也可以不重启）

sdcms 1.3 分类生成出错:请正确使用列表模板的解决方法

kinglife — Fri, 22 Apr 2011 11:18:43 +0000

sdcms 的确是一款不错的轻量级的asp cms,但是这次升级标签调用产生些变化

如果分类生成出现”请正确使用列表模板”的提示的时候请注意修改数据列表调用标签

{@sdcms:page table=”View_info” where=”classid in({sdcms:class_allclassid}) and ispass=1″ order=”Ontop desc,id desc”}
‘同样这里调用的变量前面也得有 @
譬如 {@title} {@link} {@pic}
{/@sdcms:page}

注意这里的 @ 相当于以前的二维循环标签,加上@之后再生成即可.

sdcms 1.3使用技巧及注意事项

kinglife — Fri, 22 Apr 2011 06:01:48 +0000

1.1.3模板应用及相关问题问题

1.3模板如何应用?
1.首先将模板传至skins目录中（前提模板必须是适用1.3的）
2.此时进网站后台的“界面管理”的“网站模板管理”中可以看到刚才上传的模板，此时可以进行模板应用和对模板文件进行管理

1.3模板注意事项：
1.模板根目录下必须有skins.asp和Skin.xml
2.skins.asp中的模板名称请记得定义变量
2.skins.asp和Skin.xml写法请参照默认模板的配置方法

误使用了低版本的模板发生错误该如何处理？
1.打开Inc目录下的conn.asp，找到此行代码：Option Explicit
将之改为：
‘Option Explicit
意思：将此行注释掉，此时到后台重新选择系统模板的模板，然后撤销刚才的操作即可

站外调用的标签写法(1.3版本)

{sdcms:loop table="view_info" and ispass=1"}
{title}

{/sdcms:loop}
说明：主要是在{link}前加上：{sdcms:weburl}，其他的全局系统标签均可使用

调用指定栏目信息的方法(适合1.3)

1.调用某类别下信息的方法（含子类）

{sdcms:loop table="view_info" where="classid in({sdcms:allclassid(大类编号)}) and ispass=1"}
{title}

{/sdcms:loop}

2.同时调用多个大类下信息的方法（含子类）

{sdcms:loop table="view_info" where="classid in({sdcms:allclassid(大类编号1)},{sdcms:allclassid(大类编号2)},{sdcms:allclassid(大类编号3)}) and ispass=1"}
{title}

{/sdcms:loop}

js实现改变iframe的元素值

kinglife — Wed, 30 Mar 2011 06:41:12 +0000

第一种情况: 改变父框架的元素值
假设有A.HTML,里面有iFrame嵌套了B.HTML
那么现在在B.HTML中执行改变A.HTML元素的值
这是今天在用PHP写到图片上传模块所遇到的问题了,完整上传模块的实现会在下文中详解,这里主要记录下JS实现的核心代码

第二种情况改变子框架页面内元素的值

正规表达式在线测试练习源码

kinglife — Sat, 26 Mar 2011 13:17:24 +0000

在线测试地址:http://www.islandcn.com/regex.html
下面是程序源码:






正则表达式在线测试练习
 



  
    正则表达式匹配字符：
  
  
    src=([^ <>]+\.{1}(gif|jpg|png|bmp|swf)("|')?)
    0个字符
  
  
    预进行处置的原始字符：
  
  
    
    0个字符
  
  
    处置成果（匹配原始值）：
  
  
    
    0个字符
  
  
    处置结果（匹配子项值）：
  
  
    
    0个字符
  
  
    

    疏忽大小写  

    结果中显示字符串地位  

    结果中显示字符串长度

    匹配次数选项：
      
    匹配次数：

php+mysql数据库查询分页示例

kinglife — Mon, 21 Mar 2011 13:24:18 +0000

MYSQL数据分页查询原理


SELECT * FROM table  LIMIT [offset,] rows | rows OFFSET offset

LIMIT 子句可以被用于强制 SELECT 语句返回指定的记录数。LIMIT 接受一个或两个数字参数。参数必须是一个整数常量。如果给定两个参数，第一个参数指定第一个返回记录行的偏移量，第二个参数指定返回记录行的最大数目。初始记录行的偏移量是 0(而不是 1)：为了与 PostgreSQL 兼容，MySQL 也支持句法： LIMIT # OFFSET #。


mysql> SELECT * FROM table LIMIT 5,10;  // 检索记录行 6-15

//为了检索从某一个偏移量到记录集的结束所有的记录行，可以指定第二个参数为 -1：
mysql> SELECT * FROM table LIMIT 95,-1; // 检索记录行 96-last.

//如果只给定一个参数，它表示返回最大的记录行数目：
mysql> SELECT * FROM table LIMIT 5;     //检索前 5 个记录行

//换句话说，LIMIT n 等价于 LIMIT 0,n。

OK,上面大概简述了一下MYSQL分页查询的原理,下面正式切入今天的正题PHP+MYSQL分页的应用,其实这个分页函数是网上转来的,但是编码很乱,也没有换行我将它整理好了,并且测试使用没问题后贴到这里来了,如果你要拷贝此代码,请点击上方的 view plain 然后复制:


".($totle?($firstcount+1):0)."-".min($firstcount+$displaypg,$totle)." 条记录，共 $totle 条记录
";

//如果只有一页则跳出函数：
if($lastpg<=1) return false;

$pagenav.=" 首页 ";
if($prepg) $pagenav.=" 上一页 "; else $pagenav.=" 上一页 ";
if($nextpg) $pagenav.=" 下一页 "; else $pagenav.=" 下一页 ";
$pagenav.=" 尾页 ";

//下拉跳转列表，循环列出所有页码：
$pagenav.="　到第  页，共 $lastpg 页";
}
}
?>

首先将以上代码保存为 page.php
使用方法:
在需要应用的页面中,包含进分页文件


include_once $_SERVER['DOCUMENT_ROOT'].'/host/inc/page.php';


	//get page
	$rs=mysql_query("select * from Table");
	$total=mysql_num_rows($rs);
	//调用pageft()，每页显示10条信息（使用默认的20时，可以省略此参数）,使用本页URL（默认，所以省略掉）。
	pageft($total,10);
	//现在产生的全局变量就派上用场了：
$sql="select * from Table order by ID desc limit $firstcount,$displaypg";
	$result=mysql_query($sql);
	while($rows=mysql_fetch_array($result))
	{
	echo	 '此处省略';
	}

	//输出分页导航条代码：
	echo $pagenav;

Warning: session_start() 错误的解决方法

kinglife — Fri, 18 Mar 2011 11:11:58 +0000

错误代码:

Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at …. )

解决方法:
1.在语句session_start();前面有没有html代码,应该将这句语句放到最前面.如果是UTF-8编码应该用编辑器(EditPlus,UltraEdit.Notepad++等)将文件中的BOM删除.切忌勿用windows自带的记事本软件.

2.session的保存路径.配置方法:修改php.ini中的session.save_path = “C:/phpsession” [后边的路径自己设置，并且要保证此目录存在]

3.检查php.ini中的session.auto_start参数,如果是session.auto_start = 0 那么将它修改为 session.auto_start = 1

4.用ob_start()开启缓冲区将输出信息写入缓存区,可以避免headers先于session_start()输出,写入缓存区的内容可由flush()或者ob_end_flush()输出到浏览器.以下是此方法的示例代码


ob_start();
echo "test";
session_start();
ob_end_flush();

Godaddy域名转入2011最新图文教程

kinglife — Tue, 15 Mar 2011 14:34:15 +0000

这几天把在name.com的域名成功的转入了godaddy,原因很简单: name.com我没有信用卡无法续费 dm/:( 而godaddy支持支付宝. 前后也挺麻烦其实网上教程也不少,但是因为godaddy的小小改版,可能英文欠佳的同学不太喜欢,所以今天把详细的注意事项和步骤全部记录一下.

第一步准备工作 (此步骤都在原域名注册商那里操作)
whois隐私保护
首先注意的是:如果你的域名在转入之前有whois保护的话,第一步需要关闭whois隐私保护,当时我在name.com注册的时候是免费的whois隐私保护,如果开启了whois隐私保护的话,Administrative邮箱是收不到邮件的.

就拿name.com的举例吧,打开域名管理

点击图片中的位置,将状态设置为”disabled”即可关闭whois隐私保护
小提示: 很多查询WHOIS查询的地方不能及时查询WHOIS信息,也就是说你的隐私保护关闭了之后,你可能查到的依然是有WHOIS隐私保护的信息,这里推荐下:http://www.dynadot.com 这里查询的都是即时的信息.

Administrative邮箱
这个我查了些资料,有人说最好用gmail hotmail之类的邮箱,不要用国内的163或者sina之类的信箱. 以防收不到信或者慢.
这里就name.com的Administrative邮箱修改做下说明:
打开域名管理之后点击右侧的”Edit Contacts”修改”Email“那一栏的邮箱地址:

域名解锁和转移码

Domain Lock: 域名锁定设置,将状态改为 unlocked

同时记录下Auth Code(转移授权码),一会儿会用到

原域名注册设置大概就到这里了.下面工作主要进入godaddy的设置.

第二步域名的接入 Godaddy账户内操作

登录Godaddy的账户.

鼠标放到Domains 出现菜单选择 Transfer Domain.

输入你要转入的域名然后按 GO

确定好之后点击 Proceed To Checkout

选择 No Thanks

此处注意的是在Select Your Transfer Nameservers 默认的是保持域名当前的DNS服务器,如果选择下一个的话就是改成godaddy的dns服务器.然后点击最下面的下一步(此处就跳过了godaddy的增值服务部分Your Privacy and Domain Protection 和Activate Your Website, Email & More )

点击Continue to Checkout来结算如果有优惠码的话点击上面的”Enter Promo or Source Code“然后点右边的”apply”

这里选择支付宝付款,如果是其他方式付款对应选择就可以了

把上面的框勾上,然后点击 PLACE ORDER NOW

完成付款后打开My ACCOUNT 点击左侧的

Domain Related - Domain Transfers

这里需要注意的是如果到Domain Transfers的页面中看不到你的域名需要等待一段时间.

这一步如果收到信就免了,收不到信的朋友在换了Administrative邮箱之后需要点击这里重发邮件.

打开Administrative邮箱查收邮件标题为 transfer of 你的域名的邮件. 有些信箱需要到垃圾邮件或者订阅邮件中找.如果收不到邮件建议更换邮箱

这里的Transaction ID和 Security Code 需要记录下来,待会儿要用到.

继续返回到上一步,也就是Domain Transfers的页面

下一步输入刚刚记录下来的Transaction ID和 Security Code 然后next

在这里选择 Authorize 表示批准的意思,然后选择 Next

输入转移码之后点击 Finish

恭喜你,到这一步已经完成了,剩下的工作就是等待了

解决Navicat 8 for MySQL 中文乱码的问题

kinglife — Tue, 15 Mar 2011 07:20:40 +0000

解决方法：
1、右键连接选择”关闭连接”
2、右击连接库选择“连接属性”；
3、选择“高级”属性页,将“使用MySQL字符集”的勾去掉，并选择将“编码”选择为“936 (ANSI/OEM – Simplified Chinese GBK)” ,可以直接输入936根据提示来选择.
4、关闭保存，重新连接。

局域网内两台笔记本电脑无线共享上网的解决方案

kinglife — Sat, 15 Jan 2011 05:55:52 +0000

今天把两台笔记本无线共享上网的方法解决了,而且比较简单的方法,总结一下做个记录. 网络上的方法未必都适合你.

网络环境: 一根网线,通过路由器(非无线路由)上网

设备: 两台笔记本电脑

软件环境: 其中一台是WIN7 旗舰版,另外一台XP SP3专业版

现在问题是通过网线接入实现两台电脑同时可以上网.

在问题解决之前谷歌了很多资料,都不行,无疑网络上都是常规的设置本地连接共享,然后建立无线连接等等

这里我的解决方法是:

1.让WIN7做主机,其他电脑通过代理此电脑上网,理由: 微软的软件自古来都是从高向下兼容的,为了避免有兼容性上的问题,所以让高版本的WIN7机器为核心

2.WIN7的设置篇

2.1 -> 右键电脑右下角的网络连接的小电脑图标 -> 打开网络和共享中心 -> 点击左侧的[更改适配器设置] -> 将[本地连接]与[无线网络连接]选中右键选择[桥接] -> 成功之后就会看到一个名称为[网桥]的新设备

2.2 -> 打开[网络和共享中心] -> 点击[管理无线网络] -> 添加 -> 创建临时网络 -> 下一步 -> 网络名设置[记住了] -> 安全类型选择WEP -> 安全密钥(注意,这里的密码规则要求比较高,推荐长度长些,另外要大小写字母及数字混用) -> 保存这个网络可以勾上 -> 下一步完成

至此,核心的工作已经完成了.

3. 客户端设置篇

右键右下角无线网络的图标 -> 查看可用的无线网络 -> 选择刚刚上一步过程中创建临时网络输入的名称 -> 连接

连接成功之后右击网络图标 -> 状态 -> 属性 ->使用以下IP地址 -> 指定一个跟主机(WIN7系统的机器)网段内的IP,如果主机的IP是 192.169.0.2 那么这里你可以写 192.168.0.XX ,尽量往后面写,以免IP冲突.

网络网关及DNS的配置跟主机配置一致即可.

完成之后可以ping下主机的IP,譬如如果主机IP是 192.168.0.2,你可以通过ping命令测试一下,如果OK,再测试ping下外网.

怎么样是不是很方便呢?(另外好像有款软件是专门设置共享上网的,叫”闪联任意通“,有兴趣的朋友也可以试试)

DotA 6.70正式发布

kinglife — Sat, 25 Dec 2010 05:27:23 +0000

DotA 6.70地图下载地址:
http://www.localdota.com/map/official/dota-6-70/

DotA 6.70地图详细改动说明>>

此次地图大致修改内容:

新增两名新英雄:
凤凰
巨牙海民

新增物品

古之忍耐姜歌
使用后,附近玩家控制单位获得提升10%攻速和移速的buff,持续6秒. 可使用三次,不能充值.

勇气勋章
同时降低你和目标敌方单位6点护甲,持续7秒

诡计之雾

使用后,可使900范围内玩家控制单位获得buff,隐形并提升 10%移速.并且不会显示在小地图上.(似乎意思是假设河道有对面的真眼和假眼, 你们路过河道去Gank也不会显示在小地图上)

在你进入距离对方英雄或塔900范围内时,buff移除. 如果你攻击野怪,小兵,Roshan,该效果也会驱散

另有物品与英雄修改.详细请下面的链接点击进入
DotA 6.70地图详细改动说明>>

mysql批量删除指定前缀的表,批量修改表名的SQL语句

kinglife — Tue, 14 Dec 2010 03:19:06 +0000


Select CONCAT( 'drop table ', table_name, ';' )
FROM information_schema.tables
Where table_name LIKE 'uc_%';

注意: like ‘uc_%’ 其中 uc_是你需要替换的表前缀.
执行查询,会自动生成出 drop table table_name这样的SQL语句.
然后复制 drop语句可以执行删除的操作了.

这么一来也可以安全的审核一下语句,避免误操作..

顺便补充一下一个批量修改表名的操作方法


Select CONCAT( 'ALTER TABLE ', table_name, 'RENAME TO ', table_name,';' )
FROM information_schema.tables
Where table_name LIKE 'uc_%';

下面这种代码是今天遇到的,表头前面是 db,但是没有下横线显得很乱,于是批量将”dbtable_name”改成”db_table_name”
主要用的函数是mysql的substring函数

mysql教程 substring 字符截取函数
substring(str,pos)语法

substring(filed,m):截取filed字段从第m个字符开始到结束的字符串；

substring(filed,m,n):截取filed字段从第m个字符开始的长度为n的字符串；

str,字符

pos,从第几个开始取


Select CONCAT( 'ALTER TABLE ', table_name, 'RENAME TO db_', substring(table_name,3),';' )
FROM information_schema.tables
Where table_name LIKE 'db%';

会得到结果


ALTER TABLE uc_aaa RENAME TO uc_aaa;
ALTER TABLE uc_bbb RENAME TO uc_bbb;

批量复制一下到记事本或者 et之类的编辑工具中,然后批量替换 RENAME TO uc 成 RENAME TO 你想要的表前缀
完成后再执行.

这样就完成了表名的批量修改拉…

掌门人官方论坛被黑,掌门人用户请注意平台账户安全…

kinglife — Thu, 09 Dec 2010 03:58:09 +0000

大概前两天,因为掌门人更新包被NOD32干掉的事儿去官方论坛看看结果的,就这样一来看到了有意思的一幕,在论坛最下面

掌门人官方论坛被黑

打开网页源码看到

掌门人对战平台官方论坛被黑

此次看到论坛只是被挂上了链接,通过网页链接增加了目标网站的权重.没有任何破坏性,但是是可以借此达到破坏效果的,如果挂上木马那么后果不堪设想.这个小黑也够粗心的,挂黑链也不注意下UTF-8跟gbk编码,结果都成乱码了所以被发现了,要是编码统一是完全不会在页面显示出来的.也是常用的挂黑链的方法.

官方论坛被黑了这么多天,日发帖几千的论坛就没一个人反映? 官方就没一个人发现这个问题?? 实在是悲哀啊..
庆幸的是,我ping了官方的升级服务器跟论坛服务器,返回的IP不一样,分别是
update.zmrgame.com ->221.4.209.52
bbs.zmrgame.com -> 122.0.125.211

如果情况严重的话,官方升级服务器被黑,那么情况就可能不是那么好了,如果黑客在官方的升级包中加入木马病毒,在dll文件实行注入…
受害的可是zmr大批的用户.

如果我猜的没错,掌门人论坛的数据库和平台的数据库是统一整合了的(现在没法测试,以前是注册平台的时候直接提交到论坛的注册地址了),我08年9月注册这个平台的,当时可以注册好多好的ID,譬如当时我比较喜欢骷髅王,于是我也给注册了 :dm/tp, 最早这个平台也是一朋友推荐给我的,那位朋友是加菲盐的fans,大概是看着他解说视频被推荐的吧,刚开始每天掌门人对战平台就是几十个人大概,最初的推广也离不开加菲盐这位dota解说,经常是不够开主.

如果现在掌门人平台帐号数据和论坛依然是通行的话,那么就出现了我标题中所出现的帐号安全问题了.
我想官方是时候该认真对待这个问题了. 官方除了亡羊补牢及时修补安全补丁清除后门,还有个更棘手的问题:如果数据库被拿走了又怎么办呢??我真不想看到哪天有会员说我的帐号没了.. 这个平台还有一些VIP高级会员的..

但愿是我想多了..

掌门人平台无法更新,被NOD32杀,官方到底在干什么?

kinglife — Thu, 09 Dec 2010 03:19:19 +0000

一直喜欢高质量的dota环境,至少dota技术比较平衡些,而且没有那些令人恶心的全图,不败之类的东西出现
于是掌门人对站平台就成了首选了.整体来说至今感觉还是不错的,除了服务器不太稳定之外,平台体验还算不错.

但是自上次更新11月26号开始,掌门人的一次更新中,有文件被nod32给杀了. 提示:

http://down.zmrgame.com/p.php?ver=1115Green 可能是 Win32/Genetik 特洛伊木马的变种连接中断 – 已隔离通过应用程序访问 web 时检测到威胁: C:\Program Files\Internet Explorer\iexplore.exe.
http://down.zmrgame.com/p.php?ver=1115Green > ZIP > ZMRGameClient/VLanProxy.dll 可能是 Win32/Genetik 特洛伊木马的变种

当天我还到掌门人官方网站去发贴咨询了这个事儿:

http://bbs.zmrgame.com/thread-243610-1-1.html

只给了链接地址,未加链接,官方论坛已经被黑了,稍稍我会继续写一篇文章针对此事的.掌门人官方论坛被黑>>
论坛中那位版主三天后在29号回复我” 请在防火墙等安全软件添加到信任列表” 当然也是后来才看到的,等了两天也没个结果,于是以为那个帖子被删了或者被遗忘了…

就在昨天开始,我又试着更新了一下掌门人对战平台,但是NOD32照样杀,但是有所不同的是:

http://update.zmrgame.com/ZipClient/20101115/VLanProxy.dll.zip 可能是 Win32/Genetik 特洛伊木马的变种连接中断 – 已隔离通过应用程序访问 web 时检测到威胁: G:\KingLife Backup\D\Program Files\ZMRGameClient\ZmrUpdate.exe.
http://update.zmrgame.com/ZipClient/20101115/VLanProxy.dll.zip > ZIP > VLanProxy.dll 可能是 Win32/Genetik 特洛伊木马的变种

从URL可以看得出,第一次更新的有问题的URL是:http://down.zmrgame.com/p.php?ver=1115Green 而这次是http://update.zmrgame.com/ZipClient/20101115/VLanProxy.dll.zip
很显然,第一次NOD32直接把这个源头给切了,1114Green 我想前面应该是版本号,后面应该是绿色包,补丁包的意思吧
而第二次是更新到文件VLanProxy.dll.zip的时候出问题了.

官方也在修正了一些问题,但是终究还是没有彻底解决. 但是更有意思的是就在昨天我看到更新过程中,看着changelog的时候看到:
“如果NOD32报毒,请将NOD32升级到最新版本或者卸载”
对于从事计算机工作的我来说,这会是难事么? 当时误杀我第一反应就是更新NOD32,但是发现NOD32已经最新了,于是把这个url给信任了把文件和目录也给排除了.但是无济于事啊.
所以”请将NOD32升级到最新版本或者卸载”
官方给的这两个选择,只能选择后者了.
我在想这个事儿,用户会为了这个游戏去不顾自己的计算机安全么? 至少我是不会为了dota去强制卸载NOD32的…

但是事实上,貌似事情不是偶然的,在下篇文章我会再说个事儿.

午夜思绪

kinglife — Mon, 06 Dec 2010 15:33:52 +0000

这一年似乎就这样跌跌撞撞,迷迷糊糊的过去了.

已经进入12月了,再有三周又该跟2010说再见了.

昨夜在找恩雅(Enya)的音乐的时候,无意识的打出了雅尼(Yanni),就这样雅尼的音乐全部加入了播放列表.

然而更加戏剧性的是第一首就是”With An Orchid”(和兰花在一起),这首久违了有三年之久的音乐.

这首音乐伴着我走过了太多太多的路.

无尽的回忆再次浮现在脑海中…在这座城市中的一个角落里蔓延开去.

[视频]dota 6.70 新英雄曝光

kinglife — Tue, 30 Nov 2010 04:10:49 +0000

来自国外网站的视频,dota 6.70除了新英雄火凤凰之外的四个新英雄曝光,这么一来初步认定DOTA 6.70会出现无名新英雄,下面请看视频

从友情链接看cn域名

kinglife — Tue, 30 Nov 2010 01:05:16 +0000

今天大概清理了一下友情链接
唯独还有一个chenlb学习笔记里面还带着我的链接,发现其它的站大多数用cn域名的基本都打不开了,有些是无解析,有些是被抢注了停靠了.基本可以看出,CN域名基本都被放弃了!
还有部分站点可能因为改版或者其它原因不存在我的链接了

清理了一下,好歹也是谷歌秒收,百度天天快照的站. 毕竟存在的时间长些,权重也高些,日后做资源都可以. 以后看来也得经常更新了.

在昨天的日记中关于国外主机的选择,购买国外主机需要注意什么?我已经说了,站点停了两天,ixwebhosting会默认给你指向他们的一个默认页,百度当天也给我快照抓下来了,都是那个全部英文的默认页标题和内容,昨天续费上线后百度今天也把正常内容快照下来了.

无忧岛