最好的服务器系统是哪个,我用的腾讯云的服务器
你只要把check-perm.php 放到你的根目录即可:
<?php
header("Content-type: text/html; charset=utf-8");
$current_user = get_current_user();
?>
<!DOCTYPE html>
<html>
<head>
<style>
body { font-family: Arial, sans-serif; padding: 20px; background: #f0f0f1; }
.card { background: #fff; padding: 20px; margin-bottom: 20px; border-radius: 5px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
h2 { margin-top: 0; color: #23282d; }
table { width: 100%; border-collapse: collapse; margin-top: 10px; }
th, td { text-align: left; padding: 10px; border-bottom: 1px solid #eee; }
th { background: #f9f9f9; }
.safe { color: green; font-weight: bold; }
.warn { color: #e6a700; font-weight: bold; }
.danger { color: red; font-weight: bold; }
.info { font-size: 14px; color: #666; }
</style>
</head>
<body>
<div class="card">
<h2>环境信息</h2>
<p>当前运行用户: <strong><?php echo $current_user; ?></strong> (宝塔环境标准应为 www)</p>
<p class="info">检测逻辑:文件夹建议 0755,普通文件建议 0644,配置文件建议 0644/0600。</p>
</div>
<div class="card">
<h2>1. 关键目录深度检测</h2>
<table>
<tr><th>路径</th><th>类型</th><th>当前权限</th><th>建议权限</th><th>状态</th></tr>
<?php
$critical_paths = array(
'wp-content/' => '0755',
'wp-content/themes/' => '0755',
'wp-content/plugins/' => '0755',
'wp-content/uploads/' => '0755',
'wp-config.php' => '0644',
'.htaccess' => '0644'
);
foreach ($critical_paths as $path => $recommend) {
$full_path = __DIR__ . '/' . $path;
check_file_perm($full_path, $recommend, true);
}
?>
</table>
</div>
<div class="card">
<h2>2. 根目录文件全量扫描 (修复你截图中的问题)</h2>
<table>
<tr><th>文件名</th><th>类型</th><th>当前权限</th><th>建议权限</th><th>状态</th></tr>
<?php
// 扫描当前目录所有文件
$all_files = scandir(__DIR__);
foreach ($all_files as $file) {
if ($file == '.' || $file == '..') continue;
if ($file == basename(__FILE__)) continue; // 跳过脚本自己
$full_path = __DIR__ . '/' . $file;
// 自动判断建议权限
if (is_dir($full_path)) {
$recommend = '0755';
} else {
$recommend = '0644';
}
// 特殊处理 wp-config.php
if ($file == 'wp-config.php') {
check_file_perm($full_path, '0644', true); // 特殊函数处理
} else {
check_file_perm($full_path, $recommend, false);
}
}
?>
</table>
</div>
<div style="text-align:center; color:red; margin-top:20px;">
<strong>检测完毕,请务必从服务器删除此文件 (check-perm.php)!</strong>
</div>
</body>
</html>
<?php
function check_file_perm($path, $recommend, $is_config_check) {
if (!file_exists($path)) {
echo "<tr><td>" . basename($path) . "</td><td>-</td><td colspan='3' class='warn'>文件不存在 (部分可选文件忽略)</td></tr>";
return;
}
$is_dir = is_dir($path);
$type_label = $is_dir ? '[文件夹]' : '[文件]';
// 获取权限
$perms = substr(sprintf('%o', fileperms($path)), -4);
// 判断逻辑
$status_class = 'danger';
$status_text = '需修改';
// 如果是 wp-config.php,允许 0600 或 0440 或 0644
if ($is_config_check && basename($path) == 'wp-config.php') {
if ($perms == '0600' || $perms == '0440' || $perms == '0644') {
$status_class = 'safe';
$status_text = '安全';
}
} else {
// 普通文件/文件夹完全匹配建议值
if ($perms === $recommend) {
$status_class = 'safe';
$status_text = '正常';
} elseif (!$is_dir && $perms == '0755') {
// 如果是文件,但是是 755 (你遇到的情况)
$status_class = 'warn';
$status_text = '权限过大 (建议改为644)';
} elseif ($perms == '0777') {
$status_class = 'danger';
$status_text = '极度危险 (777)';
}
}
echo "<tr>";
echo "<td>" . basename($path) . "</td>";
echo "<td>$type_label</td>";
echo "<td class='$status_class'>$perms</td>";
echo "<td>$recommend</td>";
echo "<td class='$status_class'>$status_text</td>";
echo "</tr>";
}
?>
相关文章
