基于Discuz security.inc.php代碼的深入分析

2020-03-22 17:32:27

字體：大中小

來源：轉載

供稿：網友

代碼如下所示：
復制代碼代碼如下:
?php

/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*/

//如果沒有設定 IN_DISCUZ ，則訪問出錯
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}

// 使用位移 $attackevasive 來設定論壇防御級別，如果是 1 或者是 4 的話， 1=cookie 刷新限制， 4=二次請求
// 讀取上次時間到當前存放cookies數組，并將現在時間放置cookies
// 將$_DCOOKIE['lastrequest'] 不斷加密存放last訪問時間到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'], 'DECODE');
dsetcookie('lastrequest', authcode($timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
}

//如果確認被攻擊，則展示提示語 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE['lastrequest'] 1) {
securitymessage('attachsave_1_subject', 'attachsave_1_message');
}
}

//如檢查到 HTTP_X_FORWARDED_FOR 有以下參數，將提示使用代理
if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] ||
$_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] ||
$_SERVER['HTTP_PROXY_CONNECTION'])) {
securitymessage('attachsave_2_subject', 'attachsave_2_message', FALSE);
}

//如果在限定的時間內訪問多次，將判斷為二次請求
if($attackevasive & 4) {
if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] 300) {
securitymessage('attachsave_4_subject', 'attachsave_4_message');
}
}

//如果需要回答問題，則判斷為8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_DCOOKIE['secqcode'], 'DECODE'));
include_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {

if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) {
$questionkey = array_rand($_DCACHE['secqaa']);
dsetcookie('secqcode', authcode($questionkey.'||'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
securitymessage($_DCACHE['secqaa'][$questionkey]['question'], ' input type="text" name="answer" size="8" maxlength="150" / input type="submit" name="secqsubmit" html' target='_blank'>value=" Submit " / ', FALSE, TRUE);
} else {
dsetcookie('secqcode', authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
}
}

}

/**
* 輸出被攻擊提示語言，如果是ajax，展示一個錯誤層，如果是請求，則展示錯誤頁面
* @param $subject
* @param $message
* @param $reload
* @param $form
* @return unknown_type
*/
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {

$scuritylang = array(
'attachsave_1_subject' = ' ',
'attachsave_1_message' = ' ',
'attachsave_2_subject' = ' ',
'attachsave_2_message' = ' ',
'attachsave_4_subject' = ' ',
'attachsave_4_message' = ' '
);

$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET['inajax']) {
ajaxshowheader();
echo ' div id="attackevasive_1" b '.$subject.' /b br / br / '.$message.' /div
ajaxshowfooter();
} else {
echo ' html
echo ' head
echo ' title '.$subject.' /title
echo ' /head
echo ' body bgcolor="#FFFFFF"
if($reload) {
echo ' script language="JavaScript"
echo 'function reload() {';
echo ' document.location.reload();';
echo '}';
echo 'setTimeout("reload()", 1001);';
echo ' /script
}
if($form) {
echo ' form action="'.$_SERVER['PHP_SELF'].'" method="POST"
}
echo ' table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%"
echo ' tr align="center" valign="middle"
echo ' td
echo ' table cellpadding="10" cellspacing="0" border="0" width="80%" align="center"
echo ' tr
echo ' td valign="middle" align="center" bgcolor="#EBEBEB"
echo ' br / br / b '.$subject.' /b br / br /
echo $message;
echo ' br / br /
echo ' /td
echo ' /tr
echo ' /table
echo ' /td
echo ' /tr
echo ' /table
if($form) {
echo ' /form
}
echo ' /body
echo ' /html
}
exit();
}

function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
header("Content-type: application/xml");
echo " ?xml version=/"1.0/" encoding=/"$charset/"? /n root ![CDATA[";
}

function ajaxshowfooter() {
echo ']] /root
}

?
PHP教程

鄭重聲明：本文版權歸原作者所有，轉載文章僅為傳播更多信息之目的，如作者信息標記有誤，請第一時間聯系我們修改或刪除，多謝。

上一篇：PHP比你想象的好得多

下一篇：PHP正則解析多重循環模板的介紹