Home >php教程 >PHP开发 >In-depth analysis based on Discuz security.inc.php code

In-depth analysis based on Discuz security.inc.php code

黄舟
黄舟Original
2016-12-13 10:42:001205browse

The code looks like this:

<?php

/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*/

//如果没有设定 IN_DISCUZ ,则访问出错
if(!defined(&#39;IN_DISCUZ&#39;)) {
exit(&#39;Access Denied&#39;);
}

// 使用位移  $attackevasive 来设定 论坛防御级别 ,如果是 1 或者是 4 的话, 1=cookie 刷新限制 , 4=二次请求
// 读取上次时间到当前存放cookies数组,并将现在时间放置cookies
// 将$_DCOOKIE[&#39;lastrequest&#39;] 不断加密 存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE[&#39;lastrequest&#39;] = authcode($_DCOOKIE[&#39;lastrequest&#39;], &#39;DECODE&#39;);
dsetcookie(&#39;lastrequest&#39;, authcode($timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
}

//如果确认被攻击,则展示提示语 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE[&#39;lastrequest&#39;] < 1) {
securitymessage(&#39;attachsave_1_subject&#39;, &#39;attachsave_1_message&#39;);
}
}

 
//如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ,将提示 使用代理
if(($attackevasive & 2) && ($_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;] ||
$_SERVER[&#39;HTTP_VIA&#39;] || $_SERVER[&#39;HTTP_PROXY_CONNECTION&#39;] ||
$_SERVER[&#39;HTTP_USER_AGENT_VIA&#39;] || $_SERVER[&#39;HTTP_CACHE_INFO&#39;] ||
$_SERVER[&#39;HTTP_PROXY_CONNECTION&#39;])) {
securitymessage(&#39;attachsave_2_subject&#39;, &#39;attachsave_2_message&#39;, FALSE);
}

//如果在限定的时间内访问多次,将判断为二次请求
if($attackevasive & 4) {
if(empty($_DCOOKIE[&#39;lastrequest&#39;]) || $timestamp - $_DCOOKIE[&#39;lastrequest&#39;] > 300) {
securitymessage(&#39;attachsave_4_subject&#39;, &#39;attachsave_4_message&#39;);
}
}

 
//如果需要回答问题,则判断为8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode(&#39;|&#39;, authcode($_DCOOKIE[&#39;secqcode&#39;], &#39;DECODE&#39;));
include_once DISCUZ_ROOT.&#39;./forumdata/cache/cache_secqaa.php&#39;;
if(!$questionanswer || !$questiontime || $_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;] != $questionanswer) {

if(empty($_POST[&#39;secqsubmit&#39;]) || (!empty($_POST[&#39;secqsubmit&#39;]) && $_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;] != md5($_POST[&#39;answer&#39;]))) {
$questionkey = array_rand($_DCACHE[&#39;secqaa&#39;]);
dsetcookie(&#39;secqcode&#39;, authcode($questionkey.&#39;||&#39;.$timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
securitymessage($_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;question&#39;], &#39;<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />&#39;, FALSE, TRUE);
} else {
dsetcookie(&#39;secqcode&#39;, authcode($questionkey.&#39;|&#39;.$_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;].&#39;|&#39;.$timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
}
}

}

/**
 * 输出被攻击提示语言,如果是ajax,展示一個错误層, 如果是請求, 則展示错误頁面
 * @param $subject
 * @param $message
 * @param $reload
 * @param $form
 * @return unknown_type
 */
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {

$scuritylang = array(
&#39;attachsave_1_subject&#39; => &#39;频繁刷新限制&#39;,
&#39;attachsave_1_message&#39; => &#39;您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...&#39;,
&#39;attachsave_2_subject&#39; => &#39;代理服务器访问限制&#39;,
&#39;attachsave_2_message&#39; => &#39;本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。&#39;,
&#39;attachsave_4_subject&#39; => &#39;页面重载开启&#39;,
&#39;attachsave_4_message&#39; => &#39;欢迎光临本站,页面正在重新载入,请稍候 ...&#39;
);

$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET[&#39;inajax&#39;]) {
ajaxshowheader();
echo &#39;<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">&#39;.$subject.&#39;</b><br /><br />&#39;.$message.&#39;</div>&#39;;
ajaxshowfooter();
} else {
echo &#39;<html>&#39;;
echo &#39;<head>&#39;;
echo &#39;<title>&#39;.$subject.&#39;</title>&#39;;
echo &#39;</head>&#39;;
echo &#39;<body bgcolor="#FFFFFF">&#39;;
if($reload) {
echo &#39;<script language="JavaScript">&#39;;
echo &#39;function reload() {&#39;;
echo &#39; document.location.reload();&#39;;
echo &#39;}&#39;;
echo &#39;setTimeout("reload()", 1001);&#39;;
echo &#39;</script>&#39;;
}
if($form) {
echo &#39;<form action="&#39;.$_SERVER[&#39;PHP_SELF&#39;].&#39;" method="POST">&#39;;
}
echo &#39;<table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%">&#39;;
echo &#39;  <tr align="center" valign="middle">&#39;;
echo &#39;    <td>&#39;;
echo &#39;    <table cellpadding="10" cellspacing="0" border="0" width="80%" align="center" style="font-family: Verdana, Tahoma; color: #666666; font-size: 11px">&#39;;
echo &#39;    <tr>&#39;;
echo &#39;      <td valign="middle" align="center" bgcolor="#EBEBEB">&#39;;
echo &#39;     <br /><br /> <b style="font-size: 16px">&#39;.$subject.&#39;</b> <br /><br />&#39;;
echo $message;
echo &#39;        <br /><br />&#39;;
echo &#39;      </td>&#39;;
echo &#39;    </tr>&#39;;
echo &#39;    </table>&#39;;
echo &#39;    </td>&#39;;
echo &#39;  </tr>&#39;;
echo &#39;</table>&#39;;
if($form) {
echo &#39;</form>&#39;;
}
echo &#39;</body>&#39;;
echo &#39;</html>&#39;;
}
exit();
}

 
function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
header("Content-type: application/xml");
echo "<?xml version=/"1.0/" encoding=/"$charset/"?>/n<root><![CDATA[";
}

function ajaxshowfooter() {
echo &#39;]]></root>&#39;;
}

?>


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn