时间:2021-07-01 10:21:17 帮助过:19人阅读
$_value) { $_key{0} != '_' && $$_key = daddslashes($_value); } } //过滤$_FILES,也就是添加引用 if (!MAGIC_QUOTES_GPC && $_FILES) { $_FILES = daddslashes($_FILES); } //初始化一些变量 $charset = $dbs = $dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = $mnid = ''; $plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = array(); $_DCOOKIE = $_DSESSION = $_DCACHE = $_DPLUGIN = $advlist = array(); //包含论坛的配置文件 require_once DISCUZ_ROOT.'./config.inc.php'; //$urlxssdefend是论坛访问页面防御开关,可避免用户通过非法的url地址对本站用户造成危害 if($urlxssdefend && !empty($_SERVER['REQUEST_URI'])) { $temp = urldecode($_SERVER['REQUEST_URI']); if(strpos($temp, '<') !== false || strpos($temp, '"') !== false) exit('Request Bad url'); } //$prelength为设置的cookie的前缀的长度 //循环检查$_COOKIE里面带设置的前缀的变量,如果带前缀就填入到$_DCOOKIE里面并且不带前缀 //最后 过滤值 $prelength = strlen($cookiepre); foreach($_COOKIE as $key => $val) { if(substr($key, 0, $prelength) == $cookiepre) { $_DCOOKIE[(substr($key, $prelength))] = MAGIC_QUOTES_GPC ? $val : daddslashes($val); } } //销毁这些变量,都是对$_类数组操作用到的一些变量 unset($prelength, $_request, $_key, $_value); // $inajax = !empty($inajax); $handlekey = !empty($handlekey) ? htmlspecialchars($handlekey) : ''; $timestamp = time(); //$attackevasive 论坛防御级别,可防止大量的非正常请求造成的拒绝服务攻击 if($attackevasive && CURSCRIPT != 'seccode') { require_once DISCUZ_ROOT.'./include/security.inc.php'; } //包含数据库类 的文件 require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php'; //$PHP_SELF为当前活动的脚本相对于网站主目录的路径 //$BASESCRIPT为当前活动的脚本文件名字带扩展名 //$BASEFILENAME为当前活动的脚本文件的名字不带扩展名 //$boardurl为当前活动脚本的全网站路径去掉后面文件名,如果有api|archiver|wap文件夹就去掉... $PHP_SELF = dhtmlspecialchars($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']); $BASESCRIPT = basename($PHP_SELF); list($BASEFILENAME) = explode('.', $BASESCRIPT); $boardurl = htmlspecialchars('http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api|archiver|wap)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/'); //获得当前浏览者IP if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $onlineip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) { $onlineip = getenv('HTTP_X_FORWARDED_FOR'); } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $onlineip = getenv('REMOTE_ADDR'); } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $onlineip = $_SERVER['REMOTE_ADDR']; } preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches); $onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown'; unset($onlineipmatches); //include settings的缓存 并且将里面的数组给extract了不懂的看这个函数解释...我不罗嗦了... $cachelost = (@include DISCUZ_ROOT.'./forumdata/cache/cache_settings.php') ? '' : 'settings'; @extract($_DCACHE['settings']); //如果开启了GZIP压缩并且服务器有这个功能 //并且当前脚本不是wap和attachment //并且inajax为FLASE //就ob_start('ob_gzhandler')否则就ob_start(); if($gzipcompress && function_exists('ob_gzhandler') && !in_array(CURSCRIPT, array('attachment', 'wap')) && !$inajax) { ob_start('ob_gzhandler'); } else { $gzipcompress = 0; ob_start(); } //平衡负载用的,$loadctrl我不知道在哪里..汗一个 if(!empty($loadctrl) && substr(PHP_OS, 0, 3) != 'WIN') { if($fp = @fopen('/proc/loadavg', 'r')) { list($loadaverage) = explode(' ', fread($fp, 6)); fclose($fp); if($loadaverage > $loadctrl) { header("HTTP/1.0 503 Service Unavailable"); include DISCUZ_ROOT.'./include/serverbusy.htm'; exit(); } } } //包含其他的缓存文件 if(in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'topicadmin', 'register', 'archiver'))) { $cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT; } //连接数据库,完毕之后设置这些值为NULL $db = new dbstuff; $db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset); $dbuser = $dbpw = $pconnect = $sdb = NULL; //乱七八糟的 ,反正就是找到了需要的sid并过滤了就是了 $transsidstatus我也没找到在哪 //看看是不是后台设置了通过sid传输的那个东东,还有是不是通过wap访问的, //还有是不是有sid这个东东在$_GET或$_POST这两个的任何一个中, //以上结论都成立的话从GET中获得sid,不成立的话从$_DCOOKIE中获得。 $sid = daddslashes(($transsidstatus || CURSCRIPT == 'wap') && (isset($_GET['sid']) || isset($_POST['sid'])) ? (isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) : (isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : '')); //如果当前脚本是attachment sid是通过GET方式获得就加密然后过滤它 CURSCRIPT == 'attachment' && isset($_GET['sid']) && $sid = addslashes(authcode($_GET['sid'], 'DECODE', $_DCACHE['settings']['authkey'])); //设置一个$discuz_auth_key,md5加密。。 $discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']); //获得$discuz_pw, $discuz_secques, $discuz_uid这三个变量,分别对应密码,提示问题和uid。 //强制过滤了这3个值 list($discuz_pw, $discuz_secques, $discuz_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1); //第一行是初始化变量用的(无论何时用变量都要考虑初始化,要不然安全性不值得一提) //接下来是判断是不是有sid,有的话就从cdb_session表中取来,然后连接一下cdb_members表取出东西 //在$membertablefields这个变量里面已经全面写出来了 //标记了一个sessionexist变量,表示这个会员是在线的。 $prompt = $sessionexists = $seccode = 0; $membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques, m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts, m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5, m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible, m.lastvisit, m.lastactivity, m.lastpost, m.prompt, m.accessmasks, m.editormode, m.customshow, m.customaddfeed'; if($sid) { if($discuz_uid) { $query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields FROM {$tablepre}sessions s, {$tablepre}members m WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"); } else { $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'"); } if($_DSESSION = $db->fetch_array($query)) { $sessionexists = 1; if(!empty($_DSESSION['sessionuid'])) { $_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT $membertablefields FROM {$tablepre}members m WHERE uid='$_DSESSION[sessionuid]'")); } } else { if($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'")) { clearcookies(); $sessionexists = 1; } } } //如果不在线执行 //如果COOKIE不正确就清除 //如果IP是被办的 就被办的(标记了一下) //写入一个随机值写入到SID SECCODE if(!$sessionexists) { if($discuz_uid) { if(!($_DSESSION = $db->fetch_first("SELECT $membertablefields, m.styleid FROM {$tablepre}members m WHERE m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"))) { clearcookies(); } }