当前位置 主页 > 学习园地 >

[求助] 阿里云提示我创建的文件有木马

  

我自己扩展了后台的一些东西。
阿里云提示我有木马,又不告诉我木马到底是啥,郁闷。
  1. <?php
  2. /**
  3. * Created by PhpStorm.
  4. * User: vancy
  5. * Date: 15/12/30
  6. * Time: 下午5:06
  7. */

  8. if(!defined('IN_DISCUZ') || !defined('IN_ADMINCP') || !defined('IN_MAINPAGE')) {
  9.         exit('Access Denied');
  10. }

  11. if ($id < 1) {
  12.         cpmsg('错误!', array('action' => $action, 'operation' => $operation, 'do' => $do, 'id' => $id), 'error');
  13. }

  14. define('MODIFY_SHIPPING_FEE', 0);
  15. define('CONFIRM_ORDER', 1);
  16. define('CANCEL_ORDER', 2);
  17. define('SHIPPING', 3);
  18. define('RETURN_PAYMENT', 4);

  19. $dtl = C::t($table_name)->fetch_by_id($_GET['id']);
  20. if(!submitcheck('detailsubmit')) {
  21.         $address = '';
  22.         $address .= $area['all'][$dtl['province']]['areaName'];
  23.         $address .= $area['all'][$dtl['city']]['areaName'];
  24.         $address .= $area['all'][$dtl['district']]['areaName'];
  25.         $address .= $dtl['address'];

  26.         // step 1 确认订单
  27.         if ($dtl['orderStatus'] == ORDER_STATUS_UNCONFIRMED) {
  28.                 $orderOperation = array(
  29.                         array(CONFIRM_ORDER, '确认订单'),
  30.                         array(CANCEL_ORDER, '取消订单'),
  31.                 );
  32.                 $defaultSelected = CONFIRM_ORDER;
  33.         }

  34.         // step 2 发货
  35.         if ($dtl['orderStatus'] == ORDER_STATUS_CONFIRMED && $dtl['payStatus'] == PAYMENT_STATUS_ALREADY_PAID && $dtl['shippingStatus'] == SHIPPING_STATUS_NOT_SHIPPED) {
  36.                 $orderOperation = array(
  37.                         array(SHIPPING, '发货'),
  38.                         array(CANCEL_ORDER, '取消订单'),
  39.                 );
  40.                 $defaultSelected = SHIPPING;
  41.         }

  42.         // 退款
  43.         if ($dtl['orderStatus'] > ORDER_STATUS_RETURN && $dtl['shippingStatus'] > SHIPPING_STATUS_NOT_SHIPPED && $dtl['payStatus'] == PAYMENT_STATUS_ALREADY_PAID) {
  44.                 $orderOperation = array(
  45.                         array(RETURN_PAYMENT, '退款'),
  46.                 );
  47.                 $defaultSelected = RETURN_PAYMENT;
  48.         }

  49.         showformheader("$action&operation=$operation&do=$do", 'enctype');
  50.         showtableheader();
  51.         if ($orderOperation) {
  52.                 // 注释留着扩展运费,需修改前台购买逻辑为先下单后付费
  53. //                array_unshift($orderOperation, array(MODIFY_SHIPPING_FEE, '修改运费'));
  54. //                showsetting('订单操作(除修改运费外,其它操作不可逆)', array('orderOperation', $orderOperation), MODIFY_SHIPPING_FEE, 'mradio');
  55. //                showsetting('操作日志', 'operationLog', '', 'textarea', '', '', '');
  56.                 showsetting('订单操作', array('orderOperation', $orderOperation), $defaultSelected, 'mradio');
  57.                 showsetting('操作日志', 'operationLog', '', 'textarea', '', '', '仅提交订单操作时');
  58.         }
  59.         showsetting('订单ID', '', '', $dtl['orderId']);
  60.         showsetting('订单编号', '', '', $dtl['orderSn']);
  61.         showsetting('用户姓名', '', '', $dtl['consignee']);
  62.         showsetting('用户手机', '', '', $dtl['phone']);
  63.         showsetting('订单状态', '', '', $orderStatus[$dtl['orderStatus']]);
  64.         showsetting('支付方式', '', '', $payType[$dtl['payType']]);
  65.         showsetting('支付状态', '', '', $payStatus[$dtl['payStatus']]);
  66.         showsetting('发货状态', '', '', $shippingStatus[$dtl['shippingStatus']]);
  67.         showsetting('详细地址', '', '', $address);
  68.         showsetting('商品价格', '', '', $dtl['goodsAmount']);
  69.         showsetting('订单价格', '', '', $dtl['orderAmount']);
  70.         if ($orderOperation) {
  71.                 // 注释留着扩展运费,需修改前台购买逻辑为先下单后付费
  72. //                showsetting('运费', 'shippingFee', $dtl['shippingFee'], 'text');
  73.                 showsetting('', '', '', '');
  74.                 showreturn(array('noadd'), 2);
  75.                 showhiddenfields(array('id' => $_GET['id']));
  76.                 showhiddenfields(array('back_url' => $_GET['back_url']));
  77.                 showsubmit('detailsubmit', 'submit', '', '', '', false);
  78.         }
  79.         showtablefooter();
  80.         showformfooter();
  81. } else {
  82.         $orderOperation = intval($_GET['orderOperation']);

  83.         $orderActionData = array(
  84.                 'orderId' => $dtl['orderId'],
  85.                 'uid' => $dtl['uid'],
  86.                 'orderStatus' => $dtl['orderStatus'],
  87.                 'shippingStatus' => $dtl['shippingStatus'],
  88.                 'payStatus' => $dtl['payStatus'],
  89.                 'actionNote' => dhtmlspecialchars(trim($_GET['operationLog'])),
  90.                 'addTime' => TIMESTAMP,
  91.         );

  92.         // 确定/取消订单
  93.         if (in_array($orderOperation, array(CONFIRM_ORDER, CANCEL_ORDER))) {
  94.                 $orderInfoData = array(
  95.                         'orderStatus' => $orderOperation,
  96.                 );
  97.                 $orderActionData['orderStatus'] = $orderInfoData['orderStatus'];
  98.         }

  99.         // 发货
  100.         if ($orderOperation == SHIPPING) {
  101.                 $orderInfoData = array(
  102.                         'shippingStatus' => SHIPPING_STATUS_SHIPPED,
  103.                 );
  104.                 $orderActionData['shippingStatus'] = $orderInfoData['shippingStatus'];
  105.         }

  106.         // 退款
  107.         if (in_array($orderOperation, array(RETURN_PAYMENT))) {
  108.                 $orderInfoData = array(
  109.                         'shippingStatus' => SHIPPING_STATUS_RETURN,
  110.                         'orderStatus' => ORDER_STATUS_RETURN,
  111.                         'payStatus' => PAYMENT_STATUS_RETURNED_PAYMENT,
  112.                 );
  113.         }

  114.         // 修改运费
  115.         if ($orderOperation == MODIFY_SHIPPING_FEE) {
  116.                 $orderInfoData = array(
  117.                         'shippingFee' => doubleval($_GET['shippingFee']),
  118.                 );
  119.                 $orderActionData['actionNote'] = '修改运费';
  120.         }

  121.         $aid = C::t($orderActionTable)->insert($orderActionData, true);
  122.         if ($aid > 0) {
  123.                 C::t($orderInfoTable)->update($id, $orderInfoData);

  124.                 // 退款
  125.                 if ($dtl['orderStatus'] > ORDER_STATUS_RETURN && $dtl['shippingStatus'] > SHIPPING_STATUS_NOT_SHIPPED && $dtl['payStatus'] == PAYMENT_STATUS_ALREADY_PAID) {
  126.                         // TODO
  127.                 }
  128.         }

  129.         cpmsg(($_GET['id'] > 0 ? $lang['edit'] : $lang['add']).'成功!', array('action' => $action, 'operation' => $operation, 'do' => $do, 'id' => $id), 'succeed');
  130. }
复制代码


我对比过服务器的文件和本地的文件,没有出入啊。是我哪里写的像木马?