基于Discuz security.inc.php代碼的深入分析_PHP教程
      
編輯Tag賺U幣
      




      

      推薦:作為PHP程序員應該了解MongoDB的五件事
      本篇文章是對PHP程序員應該了解MongoDB的五件事進行了詳細的分析介紹,需要的朋友參考下
      代碼如下所示:
      復制代碼 代碼如下:www.wf0088.com

      <?php

      /*
      [Discuz!] (C)2001-2009 Comsenz Inc.
      This is NOT a freeware, use is subject to license terms

      $Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
      */

      //如果沒有設定 IN_DISCUZ ,則訪問出錯
      if(!defined('IN_DISCUZ')) {
      exit('Access Denied');
      }

      // 使用位移  $attackevasive 來設定 論壇防御級別 ,如果是 1 或者是 4 的話, 1=cookie 刷新限制 , 4=二次請求
      // 讀取上次時間到當前存放cookies數組,并將現在時間放置cookies
      // 將$_DCOOKIE['lastrequest'] 不斷加密 存放last訪問時間到 lastrequest_cookies
      if($attackevasive & 1 || $attackevasive & 4) {
      $_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'], 'DECODE');
      dsetcookie('lastrequest', authcode($timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
      }

      //如果確認被攻擊,則展示提示語 1
      if($attackevasive & 1) {
      if($timestamp - $_DCOOKIE['lastrequest'] < 1) {
      securitymessage('attachsave_1_subject', 'attachsave_1_message');
      }
      }

       
      //如檢查到 HTTP_X_FORWARDED_FOR 有以下 參數 ,將提示 使用代理
      if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] ||
      $_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] ||
      $_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] ||
      $_SERVER['HTTP_PROXY_CONNECTION'])) {
      securitymessage('attachsave_2_subject', 'attachsave_2_message', FALSE);
      }

      //如果在限定的時間內訪問多次,將判斷為二次請求
      if($attackevasive & 4) {
      if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 300) {
      securitymessage('attachsave_4_subject', 'attachsave_4_message');
      }
      }

       
      //如果需要回答問題,則判斷為8
      if($attackevasive & 8) {
      list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_DCOOKIE['secqcode'], 'DECODE'));
      include_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
      if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {

      if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) {
      $questionkey = array_rand($_DCACHE['secqaa']);
      dsetcookie('secqcode', authcode($questionkey.'||'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
      securitymessage($_DCACHE['secqaa'][$questionkey]['question'], '<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />', FALSE, TRUE);
      } else {
      dsetcookie('secqcode', authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
      }
      }

      }

      /**
       * 輸出被攻擊提示語言,如果是ajax,展示一個錯誤層, 如果是請求, 則展示錯誤頁面
       * @param $subject
       * @param $message
       * @param $reload
       * @param $form
       * @return unknown_type
       */
      function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {

      $scuritylang = array(
      'attachsave_1_subject' => '频繁刷新限制',
      'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...',
      'attachsave_2_subject' => '代理服务器访问限制',
      'attachsave_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。',
      'attachsave_4_subject' => '页面重载开启',
      'attachsave_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...'
      );

      $subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
      $message = $scuritylang[$message] ? $scuritylang[$message] : $message;
      if($_GET['inajax']) {
      ajaxshowheader();
      echo '<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">'.$subject.'</b><br /><br />'.$message.'</div>';
      ajaxshowfooter();
      } else {
      echo '<html>';
      echo '<head>';
      echo '<title>'.$subject.'</title>';
      echo '</head>';
      echo '<body bgcolor="#FFFFFF">';
      if($reload) {
      echo '<script language="JavaScript">';
      echo 'function reload() {';
      echo ' document.location.reload();';
      echo '}';
      echo 'setTimeout("reload()", 1001);';
      echo '</script>';
      }
      if($form) {
      echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">';
      }
      echo '<table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%">';
      echo '  <tr align="center" valign="middle">';
      echo '    <td>';
      echo '    <table cellpadding="10" cellspacing="0" border="0" width="80%" align="center" style="font-family: Verdana, Tahoma; color: #666666; font-size: 11px">';
      echo '    <tr>';
      echo '      <td valign="middle" align="center" bgcolor="#EBEBEB">';
      echo '     <br /><br /> <b style="font-size: 16px">'.$subject.'</b> <br /><br />';
      echo $message;
      echo '        <br /><br />';
      echo '      </td>';
      echo '    </tr>';
      echo '    </table>';
      echo '    </td>';
      echo '  </tr>';
      echo '</table>';
      if($form) {
      echo '</form>';
      }
      echo '</body>';
      echo '</html>';
      }
      exit();
      }

       
      function ajaxshowheader() {
      global $charset, $inajax;
      ob_end_clean();
      @header("Expires: -1");
      @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
      @header("Pragma: no-cache");
      header("Content-type: application/xml");
      echo "<?xml version=/"1.0/" encoding=/"$charset/"?>/n<root><![CDATA[";
      }

      function ajaxshowfooter() {
      echo ']]></root>';
      }

      ?>
      分享:PHP Error與Logging函數的深入理解
      本篇文章是對PHP中的Error函數與Logging函數進行了詳細的分析介紹,需要的朋友參考下
      


      

      


      來源:模板無憂//所屬分類:PHP教程/更新時間:2013-06-04


      


      



      


      



      相關PHP教程