已确认。exe文件为病毒。代码中是否有木马未知
现在我把文件内容贴出来,以免更多人上当。
先运行install.php和pay.php?ac=install进行安装
1、积分充值卡
在header.htm相应的位置加上<li><img src="image/icon/card.gif" alt="积分充值卡" /><a href="cp.php?ac=card">积分充值卡</a></li>
template/default下的cp_header.htm
找到<li$actives[credit]><a href="cp.php?ac=credit"><span>积分</span></a></li>
在其后面加上
<li$actives[card]><a href="cp.php?ac=card"><span>积分充值卡</span></a></li>
admincp.php
找到$acs = array(
array('index','config', 'privacy', 'spam', 'network', 'usergroup', 'credit',
在其后面加上'card',
修改后
$acs = array(
array('index','config', 'privacy', 'spam', 'network', 'usergroup', 'credit', 'card', 'profilefield', 'profield', 'ad', 'sitefeed', 'userapp', 'app'),
cp.php
找到$acs = array('space', 'doing', 'upload', 'comment', 'blog', 'album', 'relatekw', 'common', 'class',
'swfupload', 'thread', 'mtag', 'poke', 'friend',
'avatar', 'profile', 'theme', 'import', 'feed', 'privacy', 'pm', 'share', 'advance', 'invite','sendmail',
'userapp', 'task', 'credit',
在其后面加上'card',
修改后
$acs = array('space', 'doing', 'upload', 'comment', 'blog', 'album', 'relatekw', 'common', 'class',
'swfupload', 'thread', 'mtag', 'poke', 'friend',
'avatar', 'profile', 'theme', 'import', 'feed', 'privacy', 'pm', 'share', 'advance', 'invite','sendmail',
'userapp', 'task', 'credit','card',
source/function_delete.php
找到
//删除事件
function deletefeeds($feedids) {
在其上面加入
//删除充值卡
function deletecards($cardids) {
global $_SGLOBAL;
$allowmanage = checkperm('managecard');
$cards = $newcardids = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('app_card')." WHERE id IN (".simplode($cardids).")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if($allowmanage || $value['uid'] == $_SGLOBAL['supe_uid']) {//管理员/作者
$newcardids[] = $value['id'];
$cards[] = $value;
}
}
if(empty($newcardids)) return array();
$_SGLOBAL['db']->query("DELETE FROM ".tname('app_card')." WHERE id IN (".simplode($newcardids).")");
return $cards;
}
找到//pic
//删除图片附件
在其上面加入
//删除充值卡信息
$_SGLOBAL['db']->query("DELETE FROM ".tname('app_card')." WHERE carduser='$uid'");
//删除兑换礼品信息
$_SGLOBAL['db']->query("DELETE FROM ".tname('exchange_user')." WHERE uid='$uid'");
admin/tpl下的space.htm
找到<a href="admincp.php?ac=space&op=manage&uid=$value[uid]">管理</a><br>
在其后面加上
<br><a href="admincp.php?ac=card&uid=$value[uid]">发放充值卡</a>
admin/tpl下的header.htm
找到'usergroup' => '用户组',
在其下面加上
'card' => '积分充值卡',
card_notice.php下修改把http://xekee.com/home/cp.php?ac=card修改成您的网址
2、兑换中心
进入解开的文件夹打开兑奖中心配置文件 exchange/config.php
在第10行左右处 找到
$SConfig["ADMINUID"] =1;
admincp.php
找到$acs = array(
array('index','config', 'privacy', 'spam', 'network', 'usergroup', 'credit',
在其后面加上'exchangeclass',
修改后
$acs = array(
array('index','config', 'privacy', 'spam', 'network', 'usergroup', 'credit', 'exchangeclass', 'profilefield', 'profield', 'ad', 'sitefeed', 'userapp', 'app'),
找到:source/function_cp.php
//获取个人分类
function getclassarr($uid) {
global $_SGLOBAL;
$classarr = array();
$query = $_SGLOBAL['db']->query("SELECT classid, classname FROM ".tname('class')." WHERE uid='$uid'");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$classarr[$value['classid']] = $value;
}
return $classarr;
}
在其下面加入:
//获取兑换礼品分类
function geteclassarr() {
global $_SGLOBAL;
$eclassarr = array();
$query = $_SGLOBAL['db']->query("SELECT classid, classname FROM ".tname('exchange_class'));
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$eclassarr[$value['classid']] = $value;
}
return $eclassarr;
}
找到:source/function_delete.php
//删除事件
function deletefeeds($feedids) {
global $_SGLOBAL;
在其上面加入
//删除兑换礼品类别
function deleteexchangeclasss($classids) {
global $_SGLOBAL;
$allowmanage = checkperm('managecard');
$exchangeclasss = $newclassids = array();
$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('exchange_class')." WHERE classid IN (".simplode($classids).")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
if($allowmanage || $value['uid'] == $_SGLOBAL['supe_uid']) {//管理员/作者
$newclassids[] = $value['classid'];
$exchangeclasss[] = $value;
}
}
if(empty($newclassids)) return array();
$_SGLOBAL['db']->query("DELETE FROM ".tname('exchange_class')." WHERE classid IN (".simplode($newclassids).")");
return $exchangeclasss;
}
增加插件入口
打开 heard.htm 找到
<li><img src="image/app/share.gif"><a href="space.php?do=share">分享</a></li>
在下面添加插件入口
<li ><img src="image/icon/exchange.gif" alt="积分换礼品" /><a href="exchange.php">兑奖中心</a></li>
admin/tpl/config.htm
找到<tr>
<th>未认证实名权限</th>
<td>
<table>
<tr>
<td width="120">允许加好友</td>
<td>
<input type="radio" name="config[name_allowfriend]" value="1"<!--{if $configs[name_allowfriend] == 1}--> checked<!--{/if}-->>是
<input type="radio" name="config[name_allowfriend]" value="0"<!--{if $configs[name_allowfriend] != '1'}--> checked<!--{/if}-->>否
</td></tr>
在其下面添加
<tr>
<td width="120">允许兑换中心</td>
<td>
<input type="radio" name="config[name_allowmyexchange]" value="1"<!--{if $configs[name_allowmyexchange] == 1}--> checked<!--{/if}-->>是
<input type="radio" name="config[name_allowmyexchange]" value="0"<!--{if $configs[name_allowmyexchange] != '1'}--> checked<!--{/if}-->>否
</td></tr>
3、VIP积分充值系统
在common.php文件尾部?>之前加入:
include_once(S_ROOT.'./pay/function.php');
if (!empty($_SGLOBAL['supe_uid'])) {
$vips = ckvip($_SGLOBAL['supe_uid']);
}
修改文件:source/network_space.php
找到
$fuids = array();
$count = 0;
$query = $_SGLOBAL['db']->query($sql.' LIMIT 0, 100');//最多100条
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
realname_set($value['uid'], $value['username'], $value['name'], $value['namestatus']);
$value['isfriend'] = ($value['uid']==$space['uid'] || ($space['friends'] && in_array($value['uid'], $space['friends'])))?1:0;
$fuids[] = $value['uid'];
$list[] = $value;
}
//在线状态
替换
$fuids = array();
$vfuids = array();
$vlist = array();
$count = 0;
$query = $_SGLOBAL['db']->query($sql.' LIMIT 0, 100');//最多100条
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
realname_set($value['uid'], $value['username'], $value['name'], $value['namestatus']);
$value['isfriend'] = ($value['uid']==$space['uid'] || ($space['friends'] && in_array($value['uid'], $space['friends'])))?1:0;
if ($value[groupid] == $_SCONFIG[vipapp]) {
$vfuids[] = $value['uid'];
$vlist[] = $value;
} else {
$nfuids[] = $value['uid'];
$nlist[] = $value;
}
}
$fuids = array_merge_recursive($vfuids,$nfuids);
$list = array_merge_recursive($vlist,$nlist);
//在线状态
修改模版文件:template/default/header.htm
找到:
<br />
<a href="cp.php?ac=invite">邀请</a> | <a href="cp.php">设置</a> | <a href="cp.php?ac=privacy">隐私</a> | <a href="cp.php?ac=common&op=logout">退出</a>
前面加入:
<!--{if $vips[ztime] > 0}-->
<a href="pay.php?ac=vip"><img src="image/pay/vip.gif" alt="VIP会员 vips[day]天" border="0" align="absmiddle" /></a>
<!--{else}-->
<a href="pay.php?ac=vip" target="_blank"><img src="image/pay/vip2.gif" alt="未激活" border="0" align="absmiddle" /></a>
<!--{/if}-->
修改模版文件:template/default/space_feed.htm
找到:
<ul class="u_setting">
<li><a href="cp.php?ac=avatar">修改头像</a></li>
<li><a href="cp.php?ac=profile">个人资料</a></li>
<li><a href="cp.php?ac=password">账号设置</a></li>
<li><a href="cp.php?ac=privacy">隐私筛选</a></li>
</ul>
替换为:
<ul class="u_setting" style="width: 250px;">
<li><a href="cp.php?ac=avatar">修改头像</a></li>
<li><a href="cp.php?ac=profile">个人资料</a> </li>
<li><a href="pay.php?ac=vip"><strong>VIP升级</strong></a></li>
<li><a href="cp.php?ac=password">账号设置</a></li>
<li><a href="cp.php?ac=privacy">隐私筛选</a></li>
<li><a href="pay.php"><strong style="color: red;">积分充值</strong></a></li>
</ul>
修改模版文件:template/default/space_index.htm
找到:
<!--{if $space[qq]}-->
<li>QQ:$space[qq]</li>
<!--{/if}-->
<!--{if $space[msn]}-->
<li>MSN:$space[msn]</li>
<!--{/if}-->
替换为:
<!--{if checkperm('managespace') or $space[uid] == $_SGLOBAL['supe_uid']}-->
<!--{if $space[qq]}-->
<li>QQ:$space[qq]</li>
<!--{/if}-->
<!--{if $space[msn]}-->
<li>MSN:$space[msn]</li>
<!--{/if}-->
<!--{else}-->
<!--{if $_SCONFIG[viplookinfo] == 1 and $vips[day] > 0}-->
<!--{if $space[qq]}-->
<li>QQ:$space[qq]</li>
<!--{/if}-->
<!--{if $space[msn]}-->
<li>MSN:$space[msn]</li>
<!--{/if}-->
<!--{else}-->
<li>VIP会员可见</li>
<!--{/if}-->
<!--{/if}--> |
置顶卡
喧嚣卡
变色卡
千斤顶
显身卡