基于Discuz security.inc.php代码的深入分析

代码如下所示：
复制代码代码如下:
300) {
securitymessage('attachsave_4_subject', 'attachsave_4_message');
}
}
//如果需要回答问题，则判断为8
if($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_dcookie['secqcode'], 'decode'));
include_once discuz_root.'./forumdata/cache/cache_secqaa.php';
if(!$questionanswer || !$questiontime || $_dcache['secqaa'][$questionkey]['answer'] != $questionanswer) {
if(empty($_post['secqsubmit']) || (!empty($_post['secqsubmit']) && $_dcache['secqaa'][$questionkey]['answer'] != md5($_post['answer']))) {
$questionkey = array_rand($_dcache['secqaa']);
dsetcookie('secqcode', authcode($questionkey.'||'.$timestamp, 'encode'), $timestamp + 816400, 1, true);
securitymessage($_dcache['secqaa'][$questionkey]['question'], '', false, true);
} else {
dsetcookie('secqcode', authcode($questionkey.'|'.$_dcache['secqaa'][$questionkey]['answer'].'|'.$timestamp, 'encode'), $timestamp + 816400, 1, true);
}
}
}
/**
* 输出被攻击提示语言，如果是ajax，展示一個错误層，如果是請求，則展示错误頁面
* @param $subject
* @param $message
* @param $reload
* @param $form
* @return unknown_type
*/
function securitymessage($subject, $message, $reload = true, $form = false) {
$scuritylang = array(
'attachsave_1_subject' => '频繁刷新限制',
'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒！请等待页面自动跳转 ...',
'attachsave_2_subject' => '代理服务器访问限制',
'attachsave_2_message' => '本站现在限制使用代理服务器访问，请去除您的代理设置，直接访问本站。',
'attachsave_4_subject' => '页面重载开启',
'attachsave_4_message' => '欢迎光临本站，页面正在重新载入，请稍候 ...'
);
$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_get['inajax']) {
ajaxshowheader();
echo ''.$subject.'
'.$message.'
';
ajaxshowfooter();
} else {
echo '';
echo '';
echo ''.$subject.'';
echo '';
echo '';
if($reload) {
echo '';
}
if($form) {
echo '';
}
echo '';
echo ' ';
echo '    ';
echo '    ';
echo '    ';
echo '      ';
echo '
'.$subject.'
';
echo $message;
echo '
';
echo '      ';
echo '
';
echo '
';
echo '    ';
echo '
';
echo '
';
if($form) {
echo '';
}
echo '';
echo '';
}
exit();
}
function ajaxshowheader() {
global $charset, $inajax;
ob_end_clean();
@header(expires: -1);
@header(cache-control: no-store, private, post-check=0, pre-check=0, max-age=0, false);
@header(pragma: no-cache);
header(content-type: application/xml);
echo /n}
function ajaxshowfooter() {
echo ']]>';
}
?>
http://www.bkjia.com/phpjc/327251.htmlwww.bkjia.comtruehttp://www.bkjia.com/phpjc/327251.htmltecharticle代码如下所示：复制代码代码如下: ?php /* [discuz!] (c)2001-2009 comsenz inc. this is not a freeware, use is subject to license terms $id: security.inc.php 16688 200...

基于Discuz security.inc.php代码的深入分析_PHP教程

推荐信息