DZ Forum core code analysis-core file global.func.php_PHP tutorial

Please read the previous article: DZ Forum Core Code Analysis Plan - Install Package

It took two days to analyze global.func.php. I also planned to complete the common.inc.php file in three days, but found that many files were separated. So this time the post will change the strategy. Let’s first analyze the global.func.php file. . Poor analysis. I don't understand what a lot of things are for. . . We even found several functions that were not referenced in the entire DZ file system. Maybe it's a test function. But it's very useful. I took it and put it in my own function package.
Because this package has a lot of code. Carefully analyze each code block only for the personally important ones.
In the last article analysis plan, I actually missed two files. One is the DZ Forum global variable declaration table. DZ forum file role table. DZ Forum function call table.
Because there are relatively few things to analyze at the moment, I haven’t uploaded them here. Let’s wait until everything is done.
The study diary is as follows:

Only part of it is updated. . . . There is another part. . Will update in the afternoon

The following is the quoted content:
Golbal.func.php
Diary time: October 7, 2008 10:37:34
1. This file is a frequently quoted file, so the beginning Still adopt the usual constant judgment method. Prevent it from being opened directly by malicious browsers
2. The encryption in the encryption function authcode has multiple md5 superimposed encryptions. Keep passwords secure. In common thinking, it is generally only encrypted once. And in DZ's encryption function. Encryption algorithms are complex. Encryption from md5, encryption with random character truncation, encryption with bit operations and encryption with key.
3. DZ’s character processing works very well. Although we will choose utf-8 or gbk when downloading. But whether you are dealing with characters or database links, character encoding is the first place to consider. The format is determined on the database link of the db_mysql.class.php file. The code is as follows
$func = empty($pconnect) ? 'mysql_connect' : 'mysql_pconnect';

//Create a link to the attribute link of the class. And set the encoding method when establishing the link.

if(!$this->link = @$func($dbhost, $dbuser, $dbpw, 1)) {

$halt && $this->halt(' Can not connect to MySQL server');

} else {

if($this->version() > '4.1') {

global $charset , $dbcharset;

$dbcharset = $dbcharset2 ? $dbcharset2 : $dbcharset;

$dbcharset = !$dbcharset && in_array(strtolower($charset), array('gbk', ' big5', 'utf-8')) ? str_replace('-', '', $charset) : $dbcharset;

$serverset = $dbcharset ? 'character_set_connection='.$dbcharset.', character_set_results ='.$dbcharset.', character_set_client=binary' : '';

$serverset .= $this->version() > '5.0.1' ? ((empty($serverset) ? '' : ',').'sql_mode=''') : '';

$serverset && mysql_query("SET $serverset", $this->link);

}
The string processing in the global.func.php file also takes into account the encoding format of the string.
There is a global variable $charset which is used to set the encoding format. Cutstr processes strings based on the value of this variable.
In addition, in the cutstr() function, special characters in the string will be processed before truncation.


$string = str_replace(array('&', '"', ''), array('&', '"', ''), $string);


After processing the truncation, restore it.


$strcut = str_replace(array('&', '"', ''), array('&', '"', ''), $strcut);
This can explain why the truncated text in the DZ forum still conforms to the original text format.
4. Customize the replacement of html code format. But here it should be noted that DZ is very thoughtful.

if(is_array($string)) {

foreach($string as $key => $val) {

$string[$key] = dhtmlspecialchars( $val); //If it is a numeric value, traverse the array and then call its own function to process a single character.

}
How to determine if the incoming string is an array? kindness. My idea is to only encapsulate the replacement part of the character. But he encapsulated it very well here. Because I don't have to worry about what format of string I pass when calling this function.
5. Encapsulate the page jump in the dheader function
6. //Typical reduction of code repetitive input functions. Process the email string. Only emailconv (email address) is needed to return an encoded email address
function emailconv($email, $tolink = 1) {

$email = str_replace(array('@', '.'), array('@', '.'), $email);

return $tolink ? ''. $email.'': $email;
}
7. //Truncate the file name, enter the file name, and return the processed file name
function fileext($filename ) {

return trim(substr(strrchr($filename, '.'), 1, 10));
}
8. DZ is used to deal with the problem of direct input path access by the browser Judgment constant method. But what about robots? There are no constants for robots. But php has a custom constant: $_SERVER['HTTP_USER_AGENT']. These two are used to determine the name of the robot. It also contains names. So the robot’s judgment method is as follows:
//By analyzing the common.inc.php file that calls this function. This function is used to determine how to handle the robot.
function getrobot() {

if(!defined('IS_ROBOT')) {

//Define the search engine name

$kw_spiders = 'Bot|Crawl |Spider|slurp|sohu-search|lycos|robozilla';

//Define browser type name

$kw_browsers = 'MSIE|Netscape|Opera|Konqueror|Mozilla';

//Determine whether it is one of these browsers. If so, define the IS_ROBOT constant as false. Otherwise, determine whether the spider is the search engine defined above, and if so, define the IS_ROBOT constant to be true. If neither condition is met, define the IS_ROBOT constant as false.

if(preg_match("/($kw_browsers)/i", $_SERVER['HTTP_USER_AGENT'])) {

define('IS_ROBOT', FALSE);

} elseif(preg_match("/($kw_spiders)/i", $_SERVER['HTTP_USER_AGENT'])) {

define('IS_ROBOT', TRUE);

} else {

define('IS_ROBOT', FALSE);

}

}

//Return the value of the IS_ROBOT constant

return IS_ROBOT;
}
The call in the common.inc.php file is handled like this:
//With this constant, robots are not allowed to access this page at will.
define('IS_ROBOT', getrobot());
if(defined('NOROBOT') && IS_ROBOT) {

exit(header("HTTP/1.1 403 Forbidden"));
}
Looks like it’s still the constant method. It's just that the value of this constant is obtained through the function getrobot().

Update Errors: These are errors I learned from my analysis of where they were called. But it’s impossible for me to find out and change it, so I’ll explain it here

The following is the quoted content:

以下为引用的内容：
checklowerlimit()：这个函数是用来检查积分限制的

checklowerlimit(): This function is used to check the points limit

以下为引用的内容：

dongxin1390008说：daddslashes函数是检查php.ini文件的'MAGIC_QUOTES_GPC选项是否打开，若这个关闭，很容易的可以进行sql注射，若关闭了，则使用addslashes对单引号，# 号进行转义 2008-10-6 17:33:30更新附件包将此注释加入

Thank you to the following people for their help

The following is the quoted content:

dongxin1390008 said: The daddslashes function checks whether the 'MAGIC_QUOTES_GPC option of the php.ini file is turned on. If this is turned off, it is easy to perform sql injection. If it is turned off, use addslashes to escape the single quotes and # signs. 2008-10-6 17:33:30 Updated attachment package to add this comment http://www.bkjia.com/PHPjc/364108.html

www.bkjia.comtrue

http: //www.bkjia.com/PHPjc/364108.htmlTechArticlePlease read the previous article: DZ Forum Core Code Analysis Plan--It took two days to install the package. Global.func.php analysis completed. I also planned to complete the common.inc.php file in three days, but found that it was separated again...