基于Discuz security.inc.php代码的深入分析

2024-05-04 22:26:50

字体：大中小

来源：转载

供稿：网友

代码如下所示：
代码如下:
<?php

/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*/

//如果没有设定 IN_DISCUZ ，则访问出错
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}

// 使用位移 $attackevasive 来设定论坛防御级别，如果是 1 或者是 4 的话， 1=cookie 刷新限制， 4=二次请求
// 读取上次时间到当前存放cookies数组，并将现在时间放置cookies
// 将$_DCOOKIE['lastrequest'] 不断加密存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'], 'DECODE');
dsetcookie('lastrequest', authcode($timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
}

//如果确认被攻击，则展示提示语 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE['lastrequest'] < 1) {
securitymessage('attachsave_1_subject', 'attachsave_1_message');
}
}

//如检查到 HTTP_X_FORWARDED_FOR 有以下参数，将提示使用代理
if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] ||
$_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] ||
$_SERVER['HTTP_PROXY_CONNECTION'])) {
securitymessage('attachsave_2_subject', 'attachsave_2_message', FALSE);
}

//如果在限定的时间内访问多次，将判断为二次请求
if($attackevasive & 4) {
if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 300) {
securitymessage('attachsave_4_subject', 'attachsave_4_message');
}
}

//如果需要回答问题，则判断为8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_DCOOKIE['secqcode'], 'DECODE'));
include_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {

if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) {
$questionkey = array_rand($_DCACHE['secqaa']);
dsetcookie('secqcode', authcode($questionkey.'||'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
securitymessage($_DCACHE['secqaa'][$questionkey]['question'], '<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />', FALSE, TRUE);
} else {
dsetcookie('secqcode', authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp, 'ENCODE'), $timestamp + 816400, 1, true);
}
}

}

/**
* 输出被攻击提示语言，如果是ajax，展示一個错误層，如果是請求，則展示错误頁面
* @param $subject
* @param $message