基于Discuz security.inc.php代码的深入分析
程序员文章站
2022-05-24 18:49:32
...
代码如下所示:
<?php /* [Discuz!] (C)2001-2009 Comsenz Inc. This is NOT a freeware, use is subject to license terms $Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $ */ //如果没有设定 IN_DISCUZ ,则访问出错 if(!defined('IN_DISCUZ')) { exit('Access Denied'); } // 使用位移 $attackevasive 来设定 论坛防御级别 ,如果是 1 或者是 4 的话, 1=cookie 刷新限制 , 4=二次请求 // 读取上次时间到当前存放cookies数组,并将现在时间放置cookies // 将$_DCOOKIE['lastrequest'] 不断加密 存放last访问时间到 lastrequest_cookies if($attackevasive & 1 || $attackevasive & 4) { $_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'], 'DECODE'); dsetcookie('lastrequest', authcode($timestamp, 'ENCODE'), $timestamp + 816400, 1, true); } //如果确认被攻击,则展示提示语 1 if($attackevasive & 1) { if($timestamp - $_DCOOKIE['lastrequest'] < 1) { securitymessage('attachsave_1_subject', 'attachsave_1_message'); } } //如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ,将提示 使用代理 if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] || $_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] || $_SERVER['HTTP_PROXY_CONNECTION'])) { securitymessage('attachsave_2_subject', 'attachsave_2_message', FALSE); } //如果在限定的时间内访问多次,将判断为二次请求 if($attackevasive & 4) { if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 300) { securitymessage('attachsave_4_subject', 'attachsave_4_message'); } } //如果需要回答问题,则判断为8 if($attackevasive & 8) { list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_DCOOKIE['secqcode'], 'DECODE')); include_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php'; if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) { if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) { $questionkey = array_rand($_DCACHE['secqaa']); dsetcookie('secqcode', authcode($questionkey.'||'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true); securitymessage($_DCACHE['secqaa'][$questionkey]['question'], '<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />', FALSE, TRUE); } else { dsetcookie('secqcode', authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true); } } } /** * 输出被攻击提示语言,如果是ajax,展示一個错误層, 如果是請求, 則展示错误頁面 * @param $subject * @param $message * @param $reload * @param $form * @return unknown_type */ function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) { $scuritylang = array( 'attachsave_1_subject' => '频繁刷新限制', 'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...', 'attachsave_2_subject' => '代理服务器访问限制', 'attachsave_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。', 'attachsave_4_subject' => '页面重载开启', 'attachsave_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...' ); $subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject; $message = $scuritylang[$message] ? $scuritylang[$message] : $message; if($_GET['inajax']) { ajaxshowheader(); echo '<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">'.$subject.'</b><br /><br />'.$message.'</div>'; ajaxshowfooter(); } else { echo '<html>'; echo '<head>'; echo '<title>'.$subject.'</title>'; echo '</head>'; echo '<body bgcolor="#FFFFFF">'; if($reload) { echo '<script language="JavaScript">'; echo 'function reload() {'; echo ' document.location.reload();'; echo '}'; echo 'setTimeout("reload()", 1001);'; echo '</script>'; } if($form) { echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">'; } echo '<table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%">'; echo ' <tr align="center" valign="middle">'; echo ' <td>'; echo ' <table cellpadding="10" cellspacing="0" border="0" width="80%" align="center" style="font-family: Verdana, Tahoma; color: #666666; font-size: 11px">'; echo ' <tr>'; echo ' <td valign="middle" align="center" bgcolor="#EBEBEB">'; echo ' <br /><br /> <b style="font-size: 16px">'.$subject.'</b> <br /><br />'; echo $message; echo ' <br /><br />'; echo ' </td>'; echo ' </tr>'; echo ' </table>'; echo ' </td>'; echo ' </tr>'; echo '</table>'; if($form) { echo '</form>'; } echo '</body>'; echo '</html>'; } exit(); } function ajaxshowheader() { global $charset, $inajax; ob_end_clean(); @header("Expires: -1"); @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE); @header("Pragma: no-cache"); header("Content-type: application/xml"); echo "<?xml version=/"1.0/" encoding=/"$charset/"?>/n<root><![CDATA["; } function ajaxshowfooter() { echo ']]></root>'; } ?>
推荐阅读
-
用PHP写的基于Memcache的Queue实现代码
-
在Ubuntu上搭建一个基于webrtc的多人视频聊天服务实例代码详解
-
基于python代码实现简易滤除数字的方法
-
一行代码在Linux服务器上搭建基于.Net Core的博客
-
【基于EF Core的Code First模式的DotNetCore快速开发框架】完成对DB First代码生成的支持
-
原生js基于canvas实现一个简单的前端截图工具代码实例
-
基于 Immutable.js 实现撤销重做功能的实例代码
-
基于递归实现的php树形菜单代码
-
基于jQuery实现的Ajax 验证用户名唯一性实例代码
-
详解基于Node.js的微信JS-SDK后端接口实现代码