基於Discuz security.inc.php程式碼的深入分析

NO IMAGE

程式碼如下所示:
複製程式碼 程式碼如下:
<?php

/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*/

//如果沒有設定 IN_DISCUZ ,則訪問出錯
if(!defined(‘IN_DISCUZ’)) {
exit(‘Access Denied’);
}

// 使用位移  $attackevasive 來設定 論壇防禦級別 ,如果是 1 或者是 4 的話, 1=cookie 重新整理限制 , 4=二次請求
// 讀取上次時間到當前存放cookies陣列,並將現在時間放置cookies
// 將$_DCOOKIE[‘lastrequest’] 不斷加密 存放last訪問時間到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE[‘lastrequest’] = authcode($_DCOOKIE[‘lastrequest’], ‘DECODE’);
dsetcookie(‘lastrequest’, authcode($timestamp, ‘ENCODE’), $timestamp 816400, 1, true);
}

//如果確認被攻擊,則展示提示語 1
if($attackevasive & 1) {
if($timestamp – $_DCOOKIE[‘lastrequest’] < 1) {
securitymessage(‘attachsave_1_subject’, ‘attachsave_1_message’);
}
}

 
//如檢查到 HTTP_X_FORWARDED_FOR 有以下 引數 ,將提示 使用代理
if(($attackevasive & 2) && ($_SERVER[‘HTTP_X_FORWARDED_FOR’] ||
$_SERVER[‘HTTP_VIA’] || $_SERVER[‘HTTP_PROXY_CONNECTION’] ||
$_SERVER[‘HTTP_USER_AGENT_VIA’] || $_SERVER[‘HTTP_CACHE_INFO’] ||
$_SERVER[‘HTTP_PROXY_CONNECTION’])) {
securitymessage(‘attachsave_2_subject’, ‘attachsave_2_message’, FALSE);
}

//如果在限定的時間內訪問多次,將判斷為二次請求
if($attackevasive & 4) {
if(empty($_DCOOKIE[‘lastrequest’]) || $timestamp – $_DCOOKIE[‘lastrequest’] > 300) {
securitymessage(‘attachsave_4_subject’, ‘attachsave_4_message’);
}
}

 
//如果需要回答問題,則判斷為8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode(‘|’, authcode($_DCOOKIE[‘secqcode’], ‘DECODE’));
include_once DISCUZ_ROOT.’./forumdata/cache/cache_secqaa.php’;
if(!$questionanswer || !$questiontime || $_DCACHE[‘secqaa’][$questionkey][‘answer’] != $questionanswer) {

if(empty($_POST[‘secqsubmit’]) || (!empty($_POST[‘secqsubmit’]) && $_DCACHE[‘secqaa’][$questionkey][‘answer’] != md5($_POST[‘answer’]))) {
$questionkey = array_rand($_DCACHE[‘secqaa’]);
dsetcookie(‘secqcode’, authcode($questionkey.’||’.$timestamp, ‘ENCODE’), $timestamp 816400, 1, true);
securitymessage($_DCACHE[‘secqaa’][$questionkey][‘question’], ‘<input type=”text” name=”answer” size=”8″ maxlength=”150″ /><input class=”button” type=”submit” name=”secqsubmit” value=” Submit ” />’, FALSE, TRUE);
} else {
dsetcookie(‘secqcode’, authcode($questionkey.’|’.$_DCACHE[‘secqaa’][$questionkey][‘answer’].’|’.$timestamp, ‘ENCODE’), $timestamp 816400, 1, true);
}
}

}

/**
 * 輸出被攻擊提示語言,如果是ajax,展示一個錯誤層, 如果是請求, 則展示錯誤頁面
 * @param $subject
 * @param $message
 * @param $reload
 * @param $form
 * @return unknown_type
 */
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {

$scuritylang = array(
‘attachsave_1_subject’ => ‘频繁刷新限制’,
‘attachsave_1_message’ => ‘您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...’,
‘attachsave_2_subject’ => ‘代理服务器访问限制’,
‘attachsave_2_message’ => ‘本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。’,
‘attachsave_4_subject’ => ‘页面重载开启’,
‘attachsave_4_message’ => ‘欢迎光临本站,页面正在重新载入,请稍候 ...’
);

$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET[‘inajax’]) {
ajaxshowheader();
echo ‘<div id=”attackevasive_1″ class=”popupmenu_option”><b style=”font-size: 16px”>’.$subject.'</b><br /><br />’.$message.'</div>’;
ajaxshowfooter();
} else {
echo ‘<html>’;
echo ‘<head>’;
echo ‘<title>’.$subject.'</title>’;
echo ‘</head>’;
echo ‘<body bgcolor=”#FFFFFF”>’;
if($reload) {
echo ‘<script language=”JavaScript”>’;
echo ‘function reload() {‘;
echo ‘ document.location.reload();’;
echo ‘}’;
echo ‘setTimeout(“reload()”, 1001);’;
echo ‘</script>’;
}
if($form) {
echo ‘<form action=”‘.$_SERVER[‘PHP_SELF’].'” method=”POST”>’;
}
echo ‘<table cellpadding=”0″ cellspacing=”0″ border=”0″ width=”700″ align=”center” height=”85%”>’;
echo ‘  <tr align=”center” valign=”middle”>’;
echo ‘    <td>’;
echo ‘    <table cellpadding=”10″ cellspacing=”0″ border=”0″ width=”80%” align=”center” style=”font-family: Verdana, Tahoma; color: #666666; font-size: 11px”>’;
echo ‘    <tr>’;
echo ‘      <td valign=”middle” align=”center” bgcolor=”#EBEBEB”>’;
echo ‘     <br /><br /> <b style=”font-size: 16px”>’.$subject.'</b> <br /><br />’;
echo $message;
echo ‘        <br /><br />’;
echo ‘      </td>’;
echo ‘    </tr>’;
echo ‘    </table>’;
echo ‘    </td>’;
echo ‘  </tr>’;
echo ‘</table>’;
if($form) {
echo ‘</form>’;
}
echo ‘</body>’;
echo ‘</html>’;
}
exit();
}

 
function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header(“Expires: -1”);
@header(“Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0”, FALSE);
@header(“Pragma: no-cache”);
header(“Content-type: application/xml”);
echo “<?xml version=/”1.0/” encoding=/”$charset/”?>/n<root><![CDATA[“;
}

function ajaxshowfooter() {
echo ‘]]></root>’;
}

?>

您可能感興趣的文章:

PHP合併discuz使用者指令碼的方法使用Discuz關鍵詞伺服器實現PHP中文分詞比較discuz和ecshop的擷取字串函式php版php中通過curl模擬登陸discuz論壇的實現程式碼discuz的php防止sql注入函式深入講解PHP Session及如何保持其不過期的方法php基於session實現資料庫互動的類例項php實現將Session寫入資料庫Discuz!X中SESSION機制例項詳解