基于Discuz security.inc.php代码的深入分析
author:一佰互联 2019-04-30   click:294

代码如下所示:
复制代码 代码如下:
<?php/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*///如果没有设定 IN_DISCUZ ,则访问出错
if(!defined("IN_DISCUZ")) {
exit("Access Denied");
}// 使用位移  $attackevasive 来设定 论坛防御级别 ,如果是 1 或者是 4 的话, 1=cookie 刷新限制 , 4=二次请求
// 读取上次时间到当前存放cookies数组,并将现在时间放置cookies
// 将$_DCOOKIE["lastrequest"] 不断加密 存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE["lastrequest"] = authcode($_DCOOKIE["lastrequest"], "DECODE");
dsetcookie("lastrequest", authcode($timestamp, "ENCODE"), $timestamp + 816400, 1, true);
}//如果确认被攻击,则展示提示语 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE["lastrequest"] < 1) {
securitymessage("attachsave_1_subject", "attachsave_1_message");
}

//如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ,将提示 使用代理
if(($attackevasive & 2) && ($_SERVER["HTTP_X_FORWARDED_FOR"] ||
$_SERVER["HTTP_VIA"] || $_SERVER["HTTP_PROXY_CONNECTION"] ||
$_SERVER["HTTP_USER_AGENT_VIA"] || $_SERVER["HTTP_CACHE_INFO"] ||
$_SERVER["HTTP_PROXY_CONNECTION"])) {
securitymessage("attachsave_2_subject", "attachsave_2_message", FALSE);
}//如果在限定的时间内访问多次,将判断为二次请求
if($attackevasive & 4) {
if(empty($_DCOOKIE["lastrequest"]) || $timestamp - $_DCOOKIE["lastrequest"] > 300) {
securitymessage("attachsave_4_subject", "attachsave_4_message");
}

//如果需要回答问题,则判断为8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode("|", authcode($_DCOOKIE["secqcode"], "DECODE"));
include_once DISCUZ_ROOT."./forumdata/cache/cache_secqaa.php";
if(!$questionanswer || !$questiontime || $_DCACHE["secqaa"][$questionkey]["answer"] != $questionanswer) {if(empty($_POST["secqsubmit"]) || (!empty($_POST["secqsubmit"]) && $_DCACHE["secqaa"][$questionkey]["answer"] != md5($_POST["answer"]))) {
$questionkey = array_rand($_DCACHE["secqaa"]);
dsetcookie("secqcode", authcode($questionkey."||".$timestamp, "ENCODE"), $timestamp + 816400, 1, true);
securitymessage($_DCACHE["secqaa"][$questionkey]["question"], "<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />", FALSE, TRUE);
} else {
dsetcookie("secqcode", authcode($questionkey."|".$_DCACHE["secqaa"][$questionkey]["answer"]."|".$timestamp, "ENCODE"), $timestamp + 816400, 1, true);
}
}}/**
 * 输出被攻击提示语言,如果是ajax,展示一個错误層, 如果是請求, 則展示错误頁面
 * @param $subject
 * @param $message
 * @param $reload
 * @param $form
 * @return unknown_type
 */
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {$scuritylang = array(
"attachsave_1_subject" => "频繁刷新限制",
"attachsave_1_message" => "您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...",
"attachsave_2_subject" => "代理服务器访问限制",
"attachsave_2_message" => "本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。",
"attachsave_4_subject" => "页面重载开启",
"attachsave_4_message" => "欢迎光临本站,页面正在重新载入,请稍候 ..."
);$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET["inajax"]) {
ajaxshowheader();
echo "<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">".$subject."</b><br /><br />".$message."</div>";
ajaxshowfooter();
} else {
echo "<html>";
echo "<head>";
echo "<title>".$subject."</title>";
echo "</head>";
echo "<body bgcolor="#FFFFFF">";
if($reload) {
echo "<script language="JavaScript">";
echo "function reload() {";
echo " document.location.reload();";
echo "}";
echo "setTimeout("reload()", 1001);";
echo "</script>";
}
if($form) {
echo "<form action="".$_SERVER["PHP_SELF"]."" method="POST">";
}
echo "<table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%">";
echo "  <tr align="center" valign="middle">";
echo "    <td>";
echo "    <table cellpadding="10" cellspacing="0" border="0" width="80%" align="center" style="font-family: Verdana, Tahoma; color: #666666; font-size: 11px">";
echo "    <tr>";
echo "      <td valign="middle" align="center" bgcolor="#EBEBEB">";
echo "     <br /><br /> <b style="font-size: 16px">".$subject."</b> <br /><br />";
echo $message;
echo "        <br /><br />";
echo "      </td>";
echo "    </tr>";
echo "    </table>";
echo "    </td>";
echo "  </tr>";
echo "</table>";
if($form) {
echo "</form>";
}
echo "</body>";
echo "</html>";
}
exit();

function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
header("Content-type: application/xml");
echo "<?xml version=/"1.0/" encoding=/"$charset/"?>/n<root><![CDATA[";
}function ajaxshowfooter() {
echo "]]></root>";
}?>