Home > Article > Backend Development > Discuz7 php源码,该如何解决
Discuz7 php源码,该如何解决
- WBOYOriginal
- 2016-06-13 13:10:19883browse
Discuz7 php源码
谁有比较完整的Discuz7源码分析(目录、文件结构、各文件的功能、模板结构、较完整的代码注释等),越全越好,谢谢?
------解决方案--------------------
- PHP code
<?php /*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: common.inc.php 17460 2008-12-24 01:46:38Z monkey $
*/
//关闭magic_quotes_gpc 引用 ,设置关闭PHP错误报告
error_reporting(0);
set_magic_quotes_runtime(0);
//获取脚本开始的时间,最后有脚本结束时间减去这个就会得到整个脚本运行的时间
$mtime = explode(' ', microtime());
$discuz_starttime = $mtime[1] + $mtime[0];
//设置一些常量
//SYSY_DEBUG是当前是否是调试状态
//IN_DISCUZ是在一些不允许直接浏览的页面用的,如果直接浏览这些页面,就会退出并出现Access Denied
//DISCUZ_ROOT是获取当前的论坛的主目录的绝对路径
//MAGIC_QUOTES_GPC 是 当前的magic_quotes_gpc的状态
//CURSCRIPT是当前运行的脚本的名称吧...现在设置为空...在其他脚本中会有值....
define('SYS_DEBUG', FALSE);
define('IN_DISCUZ', TRUE);
define('DISCUZ_ROOT', substr(dirname(__FILE__), 0, -7));
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
!defined('CURSCRIPT') && define('CURSCRIPT', '');
//为了兼容性
if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}
//为了安全性...因为脚本运行到这里之前这两个global数组是不会被定义的...
if (isset($_REQUEST['GLOBALS']) OR isset($_FILES['GLOBALS'])) {
exit('Request tainting attempted.');
}
//包含论坛的函数库...这个函数库里面有几乎整个论坛需要用到的函数
require_once DISCUZ_ROOT.'./include/global.func.php';
//测试下浏览者是什么玩意...是不是ROBOT是的话就退出显示403....
getrobot();
if(defined('NOROBOT') && IS_ROBOT) {
exit(header("HTTP/1.1 403 Forbidden"));
}
//获取$_COOKIE 等等的值然后 设置里面的key为一个变量,值为其对应的值并添加引用....
//比如说有$_COOKIE['discuz_auth'] = '123456' 就设置$discuz_auth = '123456'
//以此类推
foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
foreach($$_request as $_key => $_value) {
$_key{0} != '_' && $$_key = daddslashes($_value);
}
}
//过滤$_FILES,也就是添加引用
if (!MAGIC_QUOTES_GPC && $_FILES) {
$_FILES = daddslashes($_FILES);
}
//初始化一些变量
$charset = $dbs = $dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = $mnid = '';
$plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = array();
$_DCOOKIE = $_DSESSION = $_DCACHE = $_DPLUGIN = $advlist = array();
//包含论坛的配置文件
require_once DISCUZ_ROOT.'./config.inc.php';
//$urlxssdefend是论坛访问页面防御开关,可避免用户通过非法的url地址对本站用户造成危害
if($urlxssdefend && !empty($_SERVER['REQUEST_URI'])) {
$temp = urldecode($_SERVER['REQUEST_URI']);
if(strpos($temp, ' $val) {
if(substr($key, 0, $prelength) == $cookiepre) {
$_DCOOKIE[(substr($key, $prelength))] = MAGIC_QUOTES_GPC ? $val : daddslashes($val);
}
}
//销毁这些变量,都是对$_类数组操作用到的一些变量
unset($prelength, $_request, $_key, $_value);
//
$inajax = !empty($inajax);
$handlekey = !empty($handlekey) ? htmlspecialchars($handlekey) : '';
$timestamp = time();
//$attackevasive 论坛防御级别,可防止大量的非正常请求造成的拒绝服务攻击
if($attackevasive && CURSCRIPT != 'seccode') {
require_once DISCUZ_ROOT.'./include/security.inc.php';
}
//包含数据库类 的文件
require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
//$PHP_SELF为当前活动的脚本相对于网站主目录的路径
//$BASESCRIPT为当前活动的脚本文件名字带扩展名
//$BASEFILENAME为当前活动的脚本文件的名字不带扩展名
//$boardurl为当前活动脚本的全网站路径去掉后面文件名,如果有api|archiver|wap文件夹就去掉...
$PHP_SELF = dhtmlspecialchars($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
$BASESCRIPT = basename($PHP_SELF);
list($BASEFILENAME) = explode('.', $BASESCRIPT);
$boardurl = htmlspecialchars('http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api|archiver|wap)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/');
//获得当前浏览者IP
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$onlineip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$onlineip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$onlineip = $_SERVER['REMOTE_ADDR'];
}
preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches);
$onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';
unset($onlineipmatches);
//include settings的缓存 并且将里面的数组给extract了不懂的看这个函数解释...我不罗嗦了...
$cachelost = (@include DISCUZ_ROOT.'./forumdata/cache/cache_settings.php') ? '' : 'settings';
@extract($_DCACHE['settings']);
//如果开启了GZIP压缩并且服务器有这个功能
//并且当前脚本不是wap和attachment
//并且inajax为FLASE
//就ob_start('ob_gzhandler')否则就ob_start();
if($gzipcompress && function_exists('ob_gzhandler') && !in_array(CURSCRIPT, array('attachment', 'wap')) && !$inajax) {
ob_start('ob_gzhandler');
} else {
$gzipcompress = 0;
ob_start();
}
//平衡负载用的,$loadctrl我不知道在哪里..汗一个
if(!empty($loadctrl) && substr(PHP_OS, 0, 3) != 'WIN') {
if($fp = @fopen('/proc/loadavg', 'r')) {
list($loadaverage) = explode(' ', fread($fp, 6));
fclose($fp);
if($loadaverage > $loadctrl) {
header("HTTP/1.0 503 Service Unavailable");
include DISCUZ_ROOT.'./include/serverbusy.htm';
exit();
}
}
}
//包含其他的缓存文件
if(in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'topicadmin', 'register', 'archiver'))) {
$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT;
}
//连接数据库,完毕之后设置这些值为NULL
$db = new dbstuff;
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
$dbuser = $dbpw = $pconnect = $sdb = NULL;
//乱七八糟的 ,反正就是找到了需要的sid并过滤了就是了 $transsidstatus我也没找到在哪
//看看是不是后台设置了通过sid传输的那个东东,还有是不是通过wap访问的,
//还有是不是有sid这个东东在$_GET或$_POST这两个的任何一个中,
//以上结论都成立的话从GET中获得sid,不成立的话从$_DCOOKIE中获得。
$sid = daddslashes(($transsidstatus || CURSCRIPT == 'wap') && (isset($_GET['sid']) || isset($_POST['sid'])) ?
(isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) :
(isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));
//如果当前脚本是attachment sid是通过GET方式获得就加密然后过滤它
CURSCRIPT == 'attachment' && isset($_GET['sid']) && $sid = addslashes(authcode($_GET['sid'], 'DECODE', $_DCACHE['settings']['authkey']));
//设置一个$discuz_auth_key,md5加密。。
$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
//获得$discuz_pw, $discuz_secques, $discuz_uid这三个变量,分别对应密码,提示问题和uid。
//强制过滤了这3个值
list($discuz_pw, $discuz_secques, $discuz_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1);
//第一行是初始化变量用的(无论何时用变量都要考虑初始化,要不然安全性不值得一提)
//接下来是判断是不是有sid,有的话就从cdb_session表中取来,然后连接一下cdb_members表取出东西
//在$membertablefields这个变量里面已经全面写出来了
//标记了一个sessionexist变量,表示这个会员是在线的。
$prompt = $sessionexists = $seccode = 0;
$membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,
m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts,
m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
m.lastvisit, m.lastactivity, m.lastpost, m.prompt, m.accessmasks, m.editormode, m.customshow, m.customaddfeed';
if($sid) {
if($discuz_uid) {
$query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields
FROM {$tablepre}sessions s, {$tablepre}members m
WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid'
AND m.password='$discuz_pw' AND m.secques='$discuz_secques'");
} else {
$query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'");
}
if($_DSESSION = $db->fetch_array($query)) {
$sessionexists = 1;
if(!empty($_DSESSION['sessionuid'])) {
$_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT $membertablefields
FROM {$tablepre}members m WHERE uid='$_DSESSION[sessionuid]'"));
}
} else {
if($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'")) {
clearcookies();
$sessionexists = 1;
}
}
}
//如果不在线执行
//如果COOKIE不正确就清除
//如果IP是被办的 就被办的(标记了一下)
//写入一个随机值写入到SID SECCODE
if(!$sessionexists) {
if($discuz_uid) {
if(!($_DSESSION = $db->fetch_first("SELECT $membertablefields, m.styleid
FROM {$tablepre}members m WHERE m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"))) {
clearcookies();
}
}
<div class="clear">
</div>
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article: PHP 反照机制详解 以及插件架构实现 Next article: DoitPHP 1.2正式公布