PHP code$_value) { $_key{0} != '_' && $$_key = daddslashes($_value);}}//過濾$_FILES,也就是添加引用if (!MAGIC_QUOTES_GPC && $_FILES) {$_FILES = daddslashes($_FILES);}//初始化一些變量$charset = $dbs = $dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = $mnid = '';$plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = array();$_DCOOKIE = $_DSESSION = $_DCACHE = $_DPLUGIN = $advlist = array();//包含論壇的配置文件require_once DISCUZ_ROOT.'./config.inc.php';//$urlxssdefend是論壇訪問頁面防御開關，可避免用戶通過非法的url地址對本站用戶造成危害if($urlxssdefend && !empty($_SERVER['REQUEST_URI'])) {$temp = urldecode($_SERVER['REQUEST_URI']);if(strpos($temp, ' $val) {if(substr($key, 0, $prelength) == $cookiepre) { $_DCOOKIE[(substr($key, $prelength))] = MAGIC_QUOTES_GPC ? $val : daddslashes($val);}}//銷毀這些變量,都是對$_類數組操作用到的一些變量unset($prelength, $_request, $_key, $_value);//$inajax = !empty($inajax);$handlekey = !empty($handlekey) ? htmlspecialchars($handlekey) : '';$timestamp = time();//$attackevasive 論壇防御級別，可防止大量的非正常請求造成的拒絕服務攻擊if($attackevasive && CURSCRIPT != 'seccode') {require_once DISCUZ_ROOT.'./include/security.inc.php';}//包含數據庫類 的文件require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';//$PHP_SELF為當前活動的腳本相對于網站主目錄的路徑//$BASESCRIPT為當前活動的腳本文件名字帶擴展名//$BASEFILENAME為當前活動的腳本文件的名字不帶擴展名//$boardurl為當前活動腳本的全網站路徑去掉后面文件名,如果有api|archiver|wap文件夾就去掉...$PHP_SELF = dhtmlspecialchars($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);$BASESCRIPT = basename($PHP_SELF);list($BASEFILENAME) = explode('.', $BASESCRIPT);$boardurl = htmlspecialchars('http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api|archiver|wap)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/');//獲得當前瀏覽者IPif(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {$onlineip = getenv('HTTP_CLIENT_IP');} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {$onlineip = getenv('HTTP_X_FORWARDED_FOR');} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {$onlineip = getenv('REMOTE_ADDR');} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {$onlineip = $_SERVER['REMOTE_ADDR'];}preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches);$onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';unset($onlineipmatches);//include settings的緩存 并且將里面的數組給extract了不懂的看這個函數解釋...我不羅嗦了...$cachelost = (@include DISCUZ_ROOT.'./forumdata/cache/cache_settings.php') ? '' : 'settings';@extract($_DCACHE['settings']);//如果開啟了GZIP壓縮并且服務器有這個功能//并且當前腳本不是wap和attachment//并且inajax為FLASE//就ob_start('ob_gzhandler')否則就ob_start();if($gzipcompress && function_exists('ob_gzhandler') && !in_array(CURSCRIPT, array('attachment', 'wap')) && !$inajax) {ob_start('ob_gzhandler');} else {$gzipcompress = 0;ob_start();}//平衡負載用的,$loadctrl我不知道在哪里..汗一個if(!empty($loadctrl) && substr(PHP_OS, 0, 3) != 'WIN') {if($fp = @fopen('/proc/loadavg', 'r')) { list($loadaverage) = explode(' ', fread($fp, 6)); fclose($fp); if($loadaverage > $loadctrl) { header("HTTP/1.0 503 Service Unavailable"); include DISCUZ_ROOT.'./include/serverbusy.htm'; exit(); }}}//包含其他的緩存文件if(in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'topicadmin', 'register', 'archiver'))) {$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT;}//連接數據庫,完畢之后設置這些值為NULL$db = new dbstuff;$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);$dbuser = $dbpw = $pconnect = $sdb = NULL;//亂七八糟的 ,反正就是找到了需要的sid并過濾了就是了 $transsidstatus我也沒找到在哪//看看是不是后臺設置了通過sid傳輸的那個東東，還有是不是通過wap訪問的，//還有是不是有sid這個東東在$_GET或$_POST這兩個的任何一個中，//以上結論都成立的話從GET中獲得sid，不成立的話從$_DCOOKIE中獲得。$sid = daddslashes(($transsidstatus || CURSCRIPT == 'wap') && (isset($_GET['sid']) || isset($_POST['sid'])) ?(isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) :(isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));//如果當前腳本是attachment sid是通過GET方式獲得就加密然后過濾它CURSCRIPT == 'attachment' && isset($_GET['sid']) && $sid = addslashes(authcode($_GET['sid'], 'DECODE', $_DCACHE['settings']['authkey']));//設置一個$discuz_auth_key，md5加密。。$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);//獲得$discuz_pw, $discuz_secques, $discuz_uid這三個變量，分別對應密碼，提示問題和uid。//強制過濾了這3個值list($discuz_pw, $discuz_secques, $discuz_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1);//第一行是初始化變量用的(無論何時用變量都要考慮初始化，要不然安全性不值得一提)//接下來是判斷是不是有sid,有的話就從cdb_session表中取來，然后連接一下cdb_members表取出東西//在$membertablefields這個變量里面已經全面寫出來了//標記了一個sessionexist變量，表示這個會員是在線的。$prompt = $sessionexists = $seccode = 0;$membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts,m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,m.lastvisit, m.lastactivity, m.lastpost, m.prompt, m.accessmasks, m.editormode, m.customshow, m.customaddfeed';if($sid) {if($discuz_uid) { $query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields FROM {$tablepre}sessions s, {$tablepre}members m WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'");} else { $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'");}if($_DSESSION = $db->fetch_array($query)) { $sessionexists = 1; if(!empty($_DSESSION['sessionuid'])) { $_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT $membertablefields FROM {$tablepre}members m WHERE uid='$_DSESSION[sessionuid]'")); }} else { if($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'")) { clearcookies(); $sessionexists = 1; }}}//如果不在線執行//如果COOKIE不正確就清除//如果IP是被辦的 就被辦的(標記了一下)//寫入一個隨機值寫入到SID SECCODEif(!$sessionexists) {if($discuz_uid) { if(!($_DSESSION = $db->fetch_first("SELECT $membertablefields, m.styleid FROM {$tablepre}members m WHERE m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"))) { clearcookies(); }}

相關文章

相關視頻

總結

以上是生活随笔為你收集整理的discuz php源码,Discuz7 php源码,该如何解决的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。