修复一些安全性问题

2025-01-07 03:16:58 +08:00 · 2024-01-04 17:48:21 +08:00 · 2024-01-04 17:48:21 +08:00 · 95e58530ba
commit 95e58530ba
parent 1261c73ff0
4 changed files with 1455 additions and 1449 deletions
--- a/admin/appmarket/index.php
+++ b/admin/appmarket/index.php
@ -1,74 +1,77 @@
-<?php
-/*
- * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
- * @license     http://www.dzzoffice.com/licenses/license.txt
- * @package     DzzOffice
- * @link        http://www.dzzoffice.com
- * @author      zyx(zyx@dzz.cc)
- */
-if (!defined('IN_DZZ') || !defined('IN_ADMIN')) {
-	exit('Access Denied');
-}
-$navtitle=lang('installed').' - '.lang('appname');
-include libfile('function/organization');
-$op='index';
-if (submitcheck('appsubmit')) {
-	$dels = $_GET['del'];
-	$allids = array();
-	foreach ($_GET['disp'] as $key => $value) {
-		if (!in_array($key, $dels))
-			C::t('app_market') -> update($key, array('disp' => $value));
-	}
-	//删除应用
-	if ($dels) {
-		C::t('app_market') -> delete_by_appid($dels);
-	}
-	showmessage('do_success', dreferer());
-}
-//获取所有标签top50；
-$tags = DB::fetch_all("SELECT * FROM %t WHERE hot>0 ORDER BY HOT DESC limit 50", array('app_tag'),'tagid');
-
-$keyword = trim($_GET['keyword']);
-$tagid = intval($_GET['tagid']);
-$group = intval($_GET['group']);
-$page = empty($_GET['page']) ? 1 : intval($_GET['page']);
-$perpage = 20;
-$gets = array('mod' => 'appmarket', 'keyword' => $keyword, 'tagid' => $tagid, 'group' => $group);
-$theurl = BASESCRIPT . "?" . url_implode($gets);
-$refer = urlencode($theurl . '&page=' . $page);
-
-$order = ' ORDER BY disp';
-$start = ($page - 1) * $perpage;
-$apps = array();
-$string = " 1 ";
-if ($keyword) {
-	$string .= " and appname like '%$keyword%' or vendor like '%$keyword%'";
-}
-if ($tagid) {
-	$appids = C::t('app_relative') -> fetch_appids_by_tagid($tagid);
-	$string .= " and appid IN (" . dimplode($appids) . ")";
-}
-if ($group) {
-	$sql = " and `group` = '{$group}'";
-	$string .= " and `group` = '{$group}'";
-}
-if ($count = DB::result_first("SELECT COUNT(*) FROM " . DB::table('app_market') . " WHERE ".$string)) {
-	$apps = DB::fetch_all("SELECT * FROM " . DB::table('app_market') . " WHERE ".$string." $order limit $start,$perpage");
-	$multi = multi($count, $perpage, $page, $theurl, 'pull-right');
-}
-
-$list = array();
-$grouptitle = array('0' => lang('all'), '-1' => lang('visitors_visible'), '1' => lang('members_available'), '2' => lang('section_administrators_available'), '3' => lang('system_administrators_available'));
-foreach ($apps as $value) {
-	$value['tags'] = C::t('app_relative') -> fetch_all_by_appid($value['appid']);
-	if ($value['appico'] != 'dzz/images/default/icodefault.png' && !preg_match("/^(http|ftp|https|mms)\:\/\/(.+?)/i", $value['appico'])) {
-		$value['appico'] = $_G['setting']['attachurl'] . $value['appico'];
-	}
-	$value['appurl'] = replace_canshu($value['appurl']);
-	$value['appadminurl'] = replace_canshu($value['appadminurl']);
-	$value['grouptitle'] = $grouptitle[$value['group']];
-	$value['department'] = getDepartmentByAppid($value['appid']);
-	$list[] = $value;
-} 
-include template('index');
-?>
+<?php
+/*
+ * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
+ * @license     http://www.dzzoffice.com/licenses/license.txt
+ * @package     DzzOffice
+ * @link        http://www.dzzoffice.com
+ * @author      zyx(zyx@dzz.cc)
+ */
+if (!defined('IN_DZZ') || !defined('IN_ADMIN')) {
+	exit('Access Denied');
+}
+$navtitle=lang('installed').' - '.lang('appname');
+include libfile('function/organization');
+$op='index';
+if (submitcheck('appsubmit')) {
+	$dels = $_GET['del'];
+	$allids = array();
+	foreach ($_GET['disp'] as $key => $value) {
+		if (!in_array($key, $dels))
+			C::t('app_market') -> update($key, array('disp' => $value));
+	}
+	//删除应用
+	if ($dels) {
+		C::t('app_market') -> delete_by_appid($dels);
+	}
+	showmessage('do_success', dreferer());
+}
+//获取所有标签top50；
+$tags = DB::fetch_all("SELECT * FROM %t WHERE hot>0 ORDER BY HOT DESC limit 50", array('app_tag'),'tagid');
+
+$keyword = trim($_GET['keyword']);
+$tagid = intval($_GET['tagid']);
+$group = intval($_GET['group']);
+$page = empty($_GET['page']) ? 1 : intval($_GET['page']);
+$perpage = 20;
+$gets = array('mod' => 'appmarket', 'keyword' => $keyword, 'tagid' => $tagid, 'group' => $group);
+$theurl = BASESCRIPT . "?" . url_implode($gets);
+$refer = urlencode($theurl . '&page=' . $page);
+
+$order = ' ORDER BY disp';
+$start = ($page - 1) * $perpage;
+$apps = array();
+$string = " 1 ";
+$param=array();
+if ($keyword) {
+	$string .= " and appname like %s or vendor like %s";
+	$param[]='%'.$keyword.'%';
+	$param[]='%'.$keyword.'%';
+}
+if ($tagid) {
+	$appids = C::t('app_relative') -> fetch_appids_by_tagid($tagid);
+	$string .= " and appid IN (" . dimplode($appids) . ")";
+}
+if ($group) {
+	$sql = " and `group` = '{$group}'";
+	$string .= " and `group` = '{$group}'";
+}
+if ($count = DB::result_first("SELECT COUNT(*) FROM %t WHERE ".$string,$param)) {
+	$apps = DB::fetch_all("SELECT * FROM %t WHERE ".$string." $order limit $start,$perpage",$param);
+	$multi = multi($count, $perpage, $page, $theurl, 'pull-right');
+}
+
+$list = array();
+$grouptitle = array('0' => lang('all'), '-1' => lang('visitors_visible'), '1' => lang('members_available'), '2' => lang('section_administrators_available'), '3' => lang('system_administrators_available'));
+foreach ($apps as $value) {
+	$value['tags'] = C::t('app_relative') -> fetch_all_by_appid($value['appid']);
+	if ($value['appico'] != 'dzz/images/default/icodefault.png' && !preg_match("/^(http|ftp|https|mms)\:\/\/(.+?)/i", $value['appico'])) {
+		$value['appico'] = $_G['setting']['attachurl'] . $value['appico'];
+	}
+	$value['appurl'] = replace_canshu($value['appurl']);
+	$value['appadminurl'] = replace_canshu($value['appadminurl']);
+	$value['grouptitle'] = $grouptitle[$value['group']];
+	$value['department'] = getDepartmentByAppid($value['appid']);
+	$list[] = $value;
+} 
+include template('index');
+?>
--- a/dzz/market/index.php
+++ b/dzz/market/index.php
@ -1,87 +1,90 @@
-<?php
-/*
- * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
- * @license     http://www.dzzoffice.com/licenses/license.txt
- * @package     DzzOffice
- * @link        http://www.dzzoffice.com
- * @author      zyx(zyx@dzz.cc)
- */
-if (!defined('IN_DZZ')) {
-	exit('Access Denied');
-}
-$applist = array();
-$userconfig = DB::fetch_first("select * from " . DB::table('user_field') . " where uid='{$_G[uid]}'");
-if ($userconfig['applist'])$applist = explode(',', $userconfig['applist']);
-$navtitle= lang('appname');
-if ($_GET['do'] == 'install') {
-	$appid = intval($_GET['appid']);
-	$applist[] = $appid;
-	C::t('app_user') -> insert_by_uid($_G['uid'], $appid);
-	if (C::t('user_field') -> update($_G['uid'], array('applist' => implode(',', $applist)))) {
-		echo json_encode(array('msg' => 'success'));
-		exit();
-	} else {
-		echo json_encode(array('error' => lang('app_installa_failed')));
-		exit();
-	}
-}
-//获取所有标签top10；
-$tags = DB::fetch_all("SELECT * FROM %t WHERE hot>0 ORDER BY HOT DESC limit 100", array('app_tag'));
-$keyword = trim($_GET['keyword']);
-$tagid = intval($_GET['tagid']);
-$page = empty($_GET['page']) ? 1 : intval($_GET['page']);
-$perpage = 20;
-$gets = array('mod' => 'market', 'keyword' => $keyword, 'tagid' => $tagid, );
-$theurl = DZZSCRIPT . "?" . url_implode($gets);
-$refer = urlencode($theurl . '&page=' . $page);
-
-$order = 'ORDER BY disp';
-$start = ($page - 1) * $perpage;
-$apps = array();
-//system=2代表系统自带安装应用不能卸载  notdelete=1表示不能删除的，不能删除的直接不可见
-$sql = 'system!=2 and available>0 and hideInMarket<1 and notdelete<1';
-if ($keyword) {
-	$sql .= " and (appname like '%$keyword%' or vendor like '%$keyword%')";
-} elseif ($tagid) {
-	$appids = C::t('app_relative') -> fetch_appids_by_tagid($tagid);
-	$sql .= " and appid IN (" . dimplode($appids) . ")";
-}
-//获取用户所在组的应用
-if (!$_G['uid']) {//游客
-	$sql .= " and (`group`='-1' OR `group`='0')";
-} elseif ($_G['adminid'] == 1) {//系统管理员
-} elseif ($_G['groupid'] == 2) {//部门管理员
-	$l = " (`group` = '1')";
-	if ($notappids = C::t('app_organization') -> fetch_notin_appids_by_uid($_G['uid'])) {
-		$l .= " and appid  NOT IN (" . dimplode($notappids) . ") ";
-	}
-	$sql .= " and (`group` = '2' OR `group`='0' OR (" . $l . "))";
-} else {//普通成员
-	$l = " (`group` = '1')";
-	if ($notappids = C::t('app_organization') -> fetch_notin_appids_by_uid($_G['uid'])) {
-		$l .= " and appid  NOT IN (" . dimplode($notappids) . ") ";
-	}
-	$sql .= " and (`group`='0' OR (" . $l . "))";
-}
-if ($count = DB::result_first("SELECT COUNT(*) FROM " . DB::table('app_market') . " WHERE  $sql ")) {
-	$apps = DB::fetch_all("SELECT * FROM " . DB::table('app_market') . " WHERE  $sql  $order limit $start,$perpage");
-	$multi = multi($count, $perpage, $page, $theurl, 'pull-right');
-}
-$list = array();
-//$grouptitle=array('0'=>'全部','-1'=>'仅游客可用','1'=>'成员可用','2'=>'部门管理员可用','3'=>'仅系统管理员可用');
-foreach ($apps as $value) {
-	if ($value['isshow'] < 1)
-		continue;
-	$value['tags'] = C::t('app_relative') -> fetch_all_by_appid($value['appid']);
-	if ($value['appico'] != 'dzz/images/default/icodefault.png' && !preg_match("/^(http|ftp|https|mms)\:\/\/(.+?)/i", $value['appico'])) {
-		$value['appico'] = $_G['setting']['attachurl'] . $value['appico'];
-	}
-	$value['url'] = replace_canshu($value['appurl']);
-	if (in_array($value['appid'], $applist))
-		$value['isinstall'] = true;
-	$list[$value['appid']] = $value;
-}
-$jsondata = json_encode($list);
-
-include template('market');
-?>
+<?php
+/*
+ * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
+ * @license     http://www.dzzoffice.com/licenses/license.txt
+ * @package     DzzOffice
+ * @link        http://www.dzzoffice.com
+ * @author      zyx(zyx@dzz.cc)
+ */
+if (!defined('IN_DZZ')) {
+	exit('Access Denied');
+}
+$applist = array();
+$userconfig = DB::fetch_first("select * from " . DB::table('user_field') . " where uid='{$_G[uid]}'");
+if ($userconfig['applist'])$applist = explode(',', $userconfig['applist']);
+$navtitle= lang('appname');
+if ($_GET['do'] == 'install') {
+	$appid = intval($_GET['appid']);
+	$applist[] = $appid;
+	C::t('app_user') -> insert_by_uid($_G['uid'], $appid);
+	if (C::t('user_field') -> update($_G['uid'], array('applist' => implode(',', $applist)))) {
+		echo json_encode(array('msg' => 'success'));
+		exit();
+	} else {
+		echo json_encode(array('error' => lang('app_installa_failed')));
+		exit();
+	}
+}
+//获取所有标签top10；
+$tags = DB::fetch_all("SELECT * FROM %t WHERE hot>0 ORDER BY HOT DESC limit 100", array('app_tag'));
+$keyword = trim($_GET['keyword']);
+$tagid = intval($_GET['tagid']);
+$page = empty($_GET['page']) ? 1 : intval($_GET['page']);
+$perpage = 20;
+$gets = array('mod' => 'market', 'keyword' => $keyword, 'tagid' => $tagid, );
+$theurl = DZZSCRIPT . "?" . url_implode($gets);
+$refer = urlencode($theurl . '&page=' . $page);
+
+$order = 'ORDER BY disp';
+$start = ($page - 1) * $perpage;
+$apps = array();
+//system=2代表系统自带安装应用不能卸载  notdelete=1表示不能删除的，不能删除的直接不可见
+$sql = 'system!=2 and available>0 and hideInMarket<1 and notdelete<1';
+$param=array('app_market');
+if ($keyword) {
+	$sql .= " and (appname like %s or vendor like %s)";
+	$param[]='%'.$keyword.'%';
+	$param[]='%'.$keyword.'%';
+} elseif ($tagid) {
+	$appids = C::t('app_relative') -> fetch_appids_by_tagid($tagid);
+	$sql .= " and appid IN (" . dimplode($appids) . ")";
+}
+//获取用户所在组的应用
+if (!$_G['uid']) {//游客
+	$sql .= " and (`group`='-1' OR `group`='0')";
+} elseif ($_G['adminid'] == 1) {//系统管理员
+} elseif ($_G['groupid'] == 2) {//部门管理员
+	$l = " (`group` = '1')";
+	if ($notappids = C::t('app_organization') -> fetch_notin_appids_by_uid($_G['uid'])) {
+		$l .= " and appid  NOT IN (" . dimplode($notappids) . ") ";
+	}
+	$sql .= " and (`group` = '2' OR `group`='0' OR (" . $l . "))";
+} else {//普通成员
+	$l = " (`group` = '1')";
+	if ($notappids = C::t('app_organization') -> fetch_notin_appids_by_uid($_G['uid'])) {
+		$l .= " and appid  NOT IN (" . dimplode($notappids) . ") ";
+	}
+	$sql .= " and (`group`='0' OR (" . $l . "))";
+}
+if ($count = DB::result_first("SELECT COUNT(*) FROM %t WHERE  $sql ",$param)) {
+	$apps = DB::fetch_all("SELECT * FROM %t WHERE  $sql  $order limit $start,$perpage",$param);
+	$multi = multi($count, $perpage, $page, $theurl, 'pull-right');
+}
+$list = array();
+//$grouptitle=array('0'=>'全部','-1'=>'仅游客可用','1'=>'成员可用','2'=>'部门管理员可用','3'=>'仅系统管理员可用');
+foreach ($apps as $value) {
+	if ($value['isshow'] < 1)
+		continue;
+	$value['tags'] = C::t('app_relative') -> fetch_all_by_appid($value['appid']);
+	if ($value['appico'] != 'dzz/images/default/icodefault.png' && !preg_match("/^(http|ftp|https|mms)\:\/\/(.+?)/i", $value['appico'])) {
+		$value['appico'] = $_G['setting']['attachurl'] . $value['appico'];
+	}
+	$value['url'] = replace_canshu($value['appurl']);
+	if (in_array($value['appid'], $applist))
+		$value['isinstall'] = true;
+	$list[$value['appid']] = $value;
+}
+$jsondata = json_encode($list);
+
+include template('market');
+?>
--- a/install/include/install_function.php
+++ b/install/include/install_function.php
--- a/install/include/install_var.php
+++ b/install/include/install_var.php
@ -1,140 +1,140 @@
-<?php
-/*
- * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
- * @license     http://www.dzzoffice.com/licenses/license.txt
- * @package     DzzOffice
- * @link        http://www.dzzoffice.com
- * @author      zyx(zyx@dzz.cc)
- */
-
-if(!defined('IN_LEYUN')) {
-	exit('Access Denied');
-}
-
-define('SOFT_NAME', 'DzzOffice');
-
-define('INSTALL_LANG', 'SC_UTF8');
-
-define('CONFIG', './config/config.php');
-
-$sqlfile = ROOT_PATH.'./install/data/install.sql';
-$lockfile = ROOT_PATH.'./data/install.lock';
-
-@include ROOT_PATH.CONFIG;
-
-define('CHARSET', 'utf-8');
-define('DBCHARSET', 'utf8');
-
-define('ORIG_TABLEPRE', 'dzz_');
-
-define('METHOD_UNDEFINED', 255);
-define('ENV_CHECK_RIGHT', 0);
-define('ERROR_CONFIG_VARS', 1);
-define('SHORT_OPEN_TAG_INVALID', 2);
-define('INSTALL_LOCKED', 3);
-define('DATABASE_NONEXISTENCE', 4);
-define('PHP_VERSION_TOO_LOW', 5);
-define('MYSQL_VERSION_TOO_LOW', 6);
-define('UC_URL_INVALID', 7);
-define('UC_DNS_ERROR', 8);
-define('UC_URL_UNREACHABLE', 9);
-define('UC_VERSION_INCORRECT', 10);
-define('UC_DBCHARSET_INCORRECT', 11);
-define('UC_API_ADD_APP_ERROR', 12);
-define('UC_ADMIN_INVALID', 13);
-define('UC_DATA_INVALID', 14);
-define('DBNAME_INVALID', 15);
-define('DATABASE_ERRNO_2003', 16);
-define('DATABASE_ERRNO_1044', 17);
-define('DATABASE_ERRNO_1045', 18);
-define('DATABASE_CONNECT_ERROR', 19);
-define('TABLEPRE_INVALID', 20);
-define('CONFIG_UNWRITEABLE', 21);
-define('ADMIN_USERNAME_INVALID', 22);
-define('ADMIN_EMAIL_INVALID', 25);
-define('ADMIN_EXIST_PASSWORD_ERROR', 26);
-define('ADMININFO_INVALID', 27);
-define('LOCKFILE_NO_EXISTS', 28);
-define('TABLEPRE_EXISTS', 29);
-define('ERROR_UNKNOW_TYPE', 30);
-define('ENV_CHECK_ERROR', 31);
-define('UNDEFINE_FUNC', 32);
-define('MISSING_PARAMETER', 33);
-define('LOCK_FILE_NOT_TOUCH', 34);
-
-if(function_exists('mysqli_connect')) $func_items = array('mysqli_connect',  'file_get_contents', 'xml_parser_create','filesize', 'curl_init','zip_open');
-else $func_items = array('mysql_connect',  'file_get_contents', 'xml_parser_create','filesize', 'curl_init','zip_open');
-
-$filesock_items = array('fsockopen', 'pfsockopen', 'stream_socket_client');
-
-$env_items = array
-(
-	'os' => array('c' => 'PHP_OS', 'r' => 'notset', 'b' => 'Linux'),
-	'php' => array('c' => 'PHP_VERSION', 'r' => '5.3+', 'b' => 'php7+'),
-	'attachmentupload' => array('r' => 'notset', 'b' => '50M'),
-	'gdversion' => array('r' => '1.0', 'b' => '2.0'),
-	'diskspace' => array('r' => '50M', 'b' => '10G以上'),
-	
-);
-
-$dirfile_items = array
-(
-
-	//'config' => array('type' => 'file', 'path' => CONFIG),
-	'config_dir' => array('type' => 'dir', 'path' => './config'),
-	//'data' => array('type' => 'dir', 'path' => './data'),
-	'cache' => array('type' => 'dir', 'path' => './data/cache'),
-	'avatar' => array('type' => 'dir', 'path' => './data/avatar'),
-	'ftemplates' => array('type' => 'dir', 'path' => './data/template'),
-	'attach' => array('type' => 'dir', 'path' => './data/attachment'),
-	'attach_dzz' => array('type' => 'dir', 'path' => './data/attachment/dzz'),
-	'attach_icon' => array('type' => 'dir', 'path' => './data/attachment/icon'),
-	'attach_appico' => array('type' => 'dir', 'path' => './data/attachment/appico'),
-	'attach_appimg' => array('type' => 'dir', 'path' => './data/attachment/appimg'),
-	'attach_cache' => array('type' => 'dir', 'path' => './data/attachment/cache'),
-	'attach_imgcache' => array('type' => 'dir', 'path' => './data/attachment/imgcache'),
-	'attach_qrcode' => array('type' => 'dir', 'path' => './data/attachment/qrcode'),
-	'logs' => array('type' => 'dir', 'path' => './data/log'),
-);
-
-
-$form_app_reg_items = array
-(
-	
-	'siteinfo' => array
-	(
-		'sitename' => array('type' => 'text', 'required' => 1, 'reg' => '/^.*$/', 'value' => array('type' => 'constant', 'var' => 'SOFT_NAME')),
-		'siteurl' => array('type' => 'text', 'required' => 1, 'reg' => '/^https?:\/\//', 'value' => array('type' => 'var', 'var' => 'default_appurl'))
-	)
-);
-
-$form_db_init_items = array
-(
-	'dbinfo' => array
-	(
-		'company' => array('type' => 'text', 'required' => 0, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'company')),
-		'dbhost' => array('type' => 'text', 'required' => 1, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'dbhost')),
-		'dbname' => array('type' => 'text', 'required' => 1, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'dbname')),
-		'dbuser' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*$/', 'value' => array('type' => 'var', 'var' => 'dbuser')),
-		'dbpw' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*$/', 'value' => array('type' => 'var', 'var' => 'dbpw')),
-		'tablepre' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*+/', 'value' => array('type' => 'var', 'var' => 'tablepre')),
-		'adminemail' => array('type' => 'text', 'required' => 1, 'reg' => '/@/', 'value' => array('type' => 'var', 'var' => 'adminemail')),
-	),
-	
-);
-$form_admin_init_items = array
-(
-	
-	'admininfo' => array
-	(
-		'email' => array('type' => 'text', 'required' => 1, 'reg' => '/@/', 'value' => array('type' => 'var', 'var' => 'adminemail')),
-		'username' => array('type' => 'text', 'required' => 1, 'reg' => '/^.*$/', 'value' => array('type' => 'constant', 'var' => 'admin')),
-		'password' => array('type' => 'password', 'required' => 1, 'reg' => '/^.*$/'),
-		'password2' => array('type' => 'password', 'required' => 1, 'reg' => '/^.*$/'),
-		
-	)
-);
-
-$serialize_sql_setting = array ();
-
-?>
+<?php
+/*
+ * @copyright   Leyun internet Technology(Shanghai)Co.,Ltd
+ * @license     http://www.dzzoffice.com/licenses/license.txt
+ * @package     DzzOffice
+ * @link        http://www.dzzoffice.com
+ * @author      zyx(zyx@dzz.cc)
+ */
+
+if(!defined('IN_LEYUN')) {
+	exit('Access Denied');
+}
+
+define('SOFT_NAME', 'DzzOffice');
+
+define('INSTALL_LANG', 'SC_UTF8');
+
+define('CONFIG', './config/config.php');
+
+$sqlfile = ROOT_PATH.'./install/data/install.sql';
+$lockfile = ROOT_PATH.'./data/install.lock';
+
+@include ROOT_PATH.CONFIG;
+
+define('CHARSET', 'utf-8');
+define('DBCHARSET', 'utf8');
+
+define('ORIG_TABLEPRE', 'dzz_');
+
+define('METHOD_UNDEFINED', 255);
+define('ENV_CHECK_RIGHT', 0);
+define('ERROR_CONFIG_VARS', 1);
+define('SHORT_OPEN_TAG_INVALID', 2);
+define('INSTALL_LOCKED', 3);
+define('DATABASE_NONEXISTENCE', 4);
+define('PHP_VERSION_TOO_LOW', 5);
+define('MYSQL_VERSION_TOO_LOW', 6);
+define('UC_URL_INVALID', 7);
+define('UC_DNS_ERROR', 8);
+define('UC_URL_UNREACHABLE', 9);
+define('UC_VERSION_INCORRECT', 10);
+define('UC_DBCHARSET_INCORRECT', 11);
+define('UC_API_ADD_APP_ERROR', 12);
+define('UC_ADMIN_INVALID', 13);
+define('UC_DATA_INVALID', 14);
+define('DBNAME_INVALID', 15);
+define('DATABASE_ERRNO_2003', 16);
+define('DATABASE_ERRNO_1044', 17);
+define('DATABASE_ERRNO_1045', 18);
+define('DATABASE_CONNECT_ERROR', 19);
+define('TABLEPRE_INVALID', 20);
+define('CONFIG_UNWRITEABLE', 21);
+define('ADMIN_USERNAME_INVALID', 22);
+define('ADMIN_EMAIL_INVALID', 25);
+define('ADMIN_EXIST_PASSWORD_ERROR', 26);
+define('ADMININFO_INVALID', 27);
+define('LOCKFILE_NO_EXISTS', 28);
+define('TABLEPRE_EXISTS', 29);
+define('ERROR_UNKNOW_TYPE', 30);
+define('ENV_CHECK_ERROR', 31);
+define('UNDEFINE_FUNC', 32);
+define('MISSING_PARAMETER', 33);
+define('LOCK_FILE_NOT_TOUCH', 34);
+
+if(function_exists('mysqli_connect')) $func_items = array('mysqli_connect',  'file_get_contents', 'xml_parser_create','filesize', 'curl_init','zip_open');
+else $func_items = array('mysql_connect',  'file_get_contents', 'xml_parser_create','filesize', 'curl_init','zip_open');
+
+$filesock_items = array('fsockopen', 'pfsockopen', 'stream_socket_client');
+
+$env_items = array
+(
+	'os' => array('c' => 'PHP_OS', 'r' => 'notset', 'b' => 'Linux'),
+	'php' => array('c' => 'PHP_VERSION', 'r' => '7+', 'b' => 'php7+'),
+	'attachmentupload' => array('r' => 'notset', 'b' => '50M'),
+	'gdversion' => array('r' => '1.0', 'b' => '2.0'),
+	'diskspace' => array('r' => '50M', 'b' => '10G以上'),
+	
+);
+
+$dirfile_items = array
+(
+
+	//'config' => array('type' => 'file', 'path' => CONFIG),
+	'config_dir' => array('type' => 'dir', 'path' => './config'),
+	//'data' => array('type' => 'dir', 'path' => './data'),
+	'cache' => array('type' => 'dir', 'path' => './data/cache'),
+	'avatar' => array('type' => 'dir', 'path' => './data/avatar'),
+	'ftemplates' => array('type' => 'dir', 'path' => './data/template'),
+	'attach' => array('type' => 'dir', 'path' => './data/attachment'),
+	'attach_dzz' => array('type' => 'dir', 'path' => './data/attachment/dzz'),
+	'attach_icon' => array('type' => 'dir', 'path' => './data/attachment/icon'),
+	'attach_appico' => array('type' => 'dir', 'path' => './data/attachment/appico'),
+	'attach_appimg' => array('type' => 'dir', 'path' => './data/attachment/appimg'),
+	'attach_cache' => array('type' => 'dir', 'path' => './data/attachment/cache'),
+	'attach_imgcache' => array('type' => 'dir', 'path' => './data/attachment/imgcache'),
+	'attach_qrcode' => array('type' => 'dir', 'path' => './data/attachment/qrcode'),
+	'logs' => array('type' => 'dir', 'path' => './data/log'),
+);
+
+
+$form_app_reg_items = array
+(
+	
+	'siteinfo' => array
+	(
+		'sitename' => array('type' => 'text', 'required' => 1, 'reg' => '/^.*$/', 'value' => array('type' => 'constant', 'var' => 'SOFT_NAME')),
+		'siteurl' => array('type' => 'text', 'required' => 1, 'reg' => '/^https?:\/\//', 'value' => array('type' => 'var', 'var' => 'default_appurl'))
+	)
+);
+
+$form_db_init_items = array
+(
+	'dbinfo' => array
+	(
+		'company' => array('type' => 'text', 'required' => 0, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'company')),
+		'dbhost' => array('type' => 'text', 'required' => 1, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'dbhost')),
+		'dbname' => array('type' => 'text', 'required' => 1, 'reg' => '/^.+$/', 'value' => array('type' => 'var', 'var' => 'dbname')),
+		'dbuser' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*$/', 'value' => array('type' => 'var', 'var' => 'dbuser')),
+		'dbpw' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*$/', 'value' => array('type' => 'var', 'var' => 'dbpw')),
+		'tablepre' => array('type' => 'text', 'required' => 0, 'reg' => '/^.*+/', 'value' => array('type' => 'var', 'var' => 'tablepre')),
+		'adminemail' => array('type' => 'text', 'required' => 1, 'reg' => '/@/', 'value' => array('type' => 'var', 'var' => 'adminemail')),
+	),
+	
+);
+$form_admin_init_items = array
+(
+	
+	'admininfo' => array
+	(
+		'email' => array('type' => 'text', 'required' => 1, 'reg' => '/@/', 'value' => array('type' => 'var', 'var' => 'adminemail')),
+		'username' => array('type' => 'text', 'required' => 1, 'reg' => '/^.*$/', 'value' => array('type' => 'constant', 'var' => 'admin')),
+		'password' => array('type' => 'password', 'required' => 1, 'reg' => '/^.*$/'),
+		'password2' => array('type' => 'password', 'required' => 1, 'reg' => '/^.*$/'),
+		
+	)
+);
+
+$serialize_sql_setting = array ();
+
+?>