基於Discuz security.inc.php程式碼的深入分析

程式碼如下圖：

<?php

/*
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$Id: security.inc.php 16688 2008-11-14 06:41:07Z cnteacher $
*/

//如果没有设定 IN_DISCUZ ，则访问出错
if(!defined(&#39;IN_DISCUZ&#39;)) {
exit(&#39;Access Denied&#39;);
}

// 使用位移  $attackevasive 来设定 论坛防御级别 ，如果是 1 或者是 4 的话， 1=cookie 刷新限制 ， 4=二次请求
// 读取上次时间到当前存放cookies数组，并将现在时间放置cookies
// 将$_DCOOKIE[&#39;lastrequest&#39;] 不断加密 存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE[&#39;lastrequest&#39;] = authcode($_DCOOKIE[&#39;lastrequest&#39;], &#39;DECODE&#39;);
dsetcookie(&#39;lastrequest&#39;, authcode($timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
}

//如果确认被攻击，则展示提示语 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE[&#39;lastrequest&#39;] < 1) {
securitymessage(&#39;attachsave_1_subject&#39;, &#39;attachsave_1_message&#39;);
}
}

 
//如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ，将提示 使用代理
if(($attackevasive & 2) && ($_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;] ||
$_SERVER[&#39;HTTP_VIA&#39;] || $_SERVER[&#39;HTTP_PROXY_CONNECTION&#39;] ||
$_SERVER[&#39;HTTP_USER_AGENT_VIA&#39;] || $_SERVER[&#39;HTTP_CACHE_INFO&#39;] ||
$_SERVER[&#39;HTTP_PROXY_CONNECTION&#39;])) {
securitymessage(&#39;attachsave_2_subject&#39;, &#39;attachsave_2_message&#39;, FALSE);
}

//如果在限定的时间内访问多次，将判断为二次请求
if($attackevasive & 4) {
if(empty($_DCOOKIE[&#39;lastrequest&#39;]) || $timestamp - $_DCOOKIE[&#39;lastrequest&#39;] > 300) {
securitymessage(&#39;attachsave_4_subject&#39;, &#39;attachsave_4_message&#39;);
}
}

 
//如果需要回答问题，则判断为8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode(&#39;|&#39;, authcode($_DCOOKIE[&#39;secqcode&#39;], &#39;DECODE&#39;));
include_once DISCUZ_ROOT.&#39;./forumdata/cache/cache_secqaa.php&#39;;
if(!$questionanswer || !$questiontime || $_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;] != $questionanswer) {

if(empty($_POST[&#39;secqsubmit&#39;]) || (!empty($_POST[&#39;secqsubmit&#39;]) && $_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;] != md5($_POST[&#39;answer&#39;]))) {
$questionkey = array_rand($_DCACHE[&#39;secqaa&#39;]);
dsetcookie(&#39;secqcode&#39;, authcode($questionkey.&#39;||&#39;.$timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
securitymessage($_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;question&#39;], &#39;<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />&#39;, FALSE, TRUE);
} else {
dsetcookie(&#39;secqcode&#39;, authcode($questionkey.&#39;|&#39;.$_DCACHE[&#39;secqaa&#39;][$questionkey][&#39;answer&#39;].&#39;|&#39;.$timestamp, &#39;ENCODE&#39;), $timestamp + 816400, 1, true);
}
}

}

/**
 * 输出被攻击提示语言，如果是ajax，展示一個错误層， 如果是請求， 則展示错误頁面
 * @param $subject
 * @param $message
 * @param $reload
 * @param $form
 * @return unknown_type
 */
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE) {

$scuritylang = array(
&#39;attachsave_1_subject&#39; => &#39;频繁刷新限制&#39;,
&#39;attachsave_1_message&#39; => &#39;您访问本站速度过快或者刷新间隔时间小于两秒！请等待页面自动跳转 ...&#39;,
&#39;attachsave_2_subject&#39; => &#39;代理服务器访问限制&#39;,
&#39;attachsave_2_message&#39; => &#39;本站现在限制使用代理服务器访问，请去除您的代理设置，直接访问本站。&#39;,
&#39;attachsave_4_subject&#39; => &#39;页面重载开启&#39;,
&#39;attachsave_4_message&#39; => &#39;欢迎光临本站，页面正在重新载入，请稍候 ...&#39;
);

$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET[&#39;inajax&#39;]) {
ajaxshowheader();
echo &#39;<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">&#39;.$subject.&#39;</b><br /><br />&#39;.$message.&#39;</div>&#39;;
ajaxshowfooter();
} else {
echo &#39;<html>&#39;;
echo &#39;<head>&#39;;
echo &#39;<title>&#39;.$subject.&#39;</title>&#39;;
echo &#39;</head>&#39;;
echo &#39;<body bgcolor="#FFFFFF">&#39;;
if($reload) {
echo &#39;<script language="JavaScript">&#39;;
echo &#39;function reload() {&#39;;
echo &#39; document.location.reload();&#39;;
echo &#39;}&#39;;
echo &#39;setTimeout("reload()", 1001);&#39;;
echo &#39;</script>&#39;;
}
if($form) {
echo &#39;<form action="&#39;.$_SERVER[&#39;PHP_SELF&#39;].&#39;" method="POST">&#39;;
}
echo &#39;<table cellpadding="0" cellspacing="0" border="0" width="700" align="center" height="85%">&#39;;
echo &#39;  <tr align="center" valign="middle">&#39;;
echo &#39;    <td>&#39;;
echo &#39;    <table cellpadding="10" cellspacing="0" border="0" width="80%" align="center" style="font-family: Verdana, Tahoma; color: #666666; font-size: 11px">&#39;;
echo &#39;    <tr>&#39;;
echo &#39;      <td valign="middle" align="center" bgcolor="#EBEBEB">&#39;;
echo &#39;     <br /><br /> <b style="font-size: 16px">&#39;.$subject.&#39;</b> <br /><br />&#39;;
echo $message;
echo &#39;        <br /><br />&#39;;
echo &#39;      </td>&#39;;
echo &#39;    </tr>&#39;;
echo &#39;    </table>&#39;;
echo &#39;    </td>&#39;;
echo &#39;  </tr>&#39;;
echo &#39;</table>&#39;;
if($form) {
echo &#39;</form>&#39;;
}
echo &#39;</body>&#39;;
echo &#39;</html>&#39;;
}
exit();
}

 
function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
header("Content-type: application/xml");
echo "<?xml version=/"1.0/" encoding=/"$charset/"?>/n<root><![CDATA[";
}

function ajaxshowfooter() {
echo &#39;]]></root>&#39;;
}

?>