代码如下所示:
代码如下:
PHP/*
[discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware,use is subject to license terms$Id: security.inc.PHP 16688 2008-11-14 06:41:07Z cnteacher $
*///如果没有设定 IN_disCUZ ,则访问出错
if(!defined('IN_disCUZ')) {
exit('Access Denied');
}// 使用位移 $attackevasive 来设定 论坛防御级别 ,如果是 1 或者是 4 的话, 1=cookie 刷新限制 , 4=二次请求
// 读取上次时间到当前存放cookies数组,并将现在时间放置cookies
// 将$_DCOOKIE['lastrequest'] 不断加密 存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'],'DECODE');
dsetcookie('lastrequest',authcode($timestamp,'ENCODE'),$timestamp + 816400,1,true);
}//如果确认被攻击,则展示提示语 1
if($attackevasive & 1) {
if($timestamp - $_DCOOKIE['lastrequest'] < 1) {
securitymessage('attachsave_1_subject','attachsave_1_message');
}
}
//如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ,将提示 使用代理
if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] ||
$_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] ||
$_SERVER['HTTP_PROXY_CONNECTION'])) {
securitymessage('attachsave_2_subject','attachsave_2_message',FALSE);
}//如果在限定的时间内访问多次,将判断为二次请求
if($attackevasive & 4) {
if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 300) {
securitymessage('attachsave_4_subject','attachsave_4_message');
}
}
//如果需要回答问题,则判断为8
if($attackevasive & 8) {
list($questionkey,$questionanswer,$questiontime) = explode('|',authcode($_DCOOKIE['secqcode'],'DECODE'));
include_once disCUZ_ROOT.'./forumdata/cache/cache_secqaa.PHP';
if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) {
$questionkey = array_rand($_DCACHE['secqaa']);
dsetcookie('secqcode',authcode($questionkey.'||'.$timestamp,true);
securitymessage($_DCACHE['secqaa'][$questionkey]['question'],'',FALSE,TRUE);
} else {
dsetcookie('secqcode',authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp,true);
}
}}/**
* 输出被攻击提示语言,如果是ajax,展示一個错误層, 如果是請求, 則展示错误頁面
* @param $subject
* @param $message
* @param $reload
* @param $form
* @return unkNown_type
*/
function securitymessage($subject,$message,$reload = TRUE,$form = FALSE) {$scuritylang = array(
'attachsave_1_subject' => '频繁刷新限制',
'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...',
'attachsave_2_subject' => '代理服务器访问限制',
'attachsave_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。',
'attachsave_4_subject' => '页面重载开启',
'attachsave_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...'
);$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET['inajax']) {
ajaxshowheader();
echo '';
ajaxshowfooter();
} else {
echo '';
echo '';
echo ''.$subject.' ';
echo '';
echo 'if($reload) {
echo '';
}
if($form) {
echo '
[discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware,use is subject to license terms$Id: security.inc.PHP 16688 2008-11-14 06:41:07Z cnteacher $
*/
//如果没有设定 IN_disCUZ ,则访问出错
if(!defined('IN_disCUZ')) {exit('Access Denied');
}
// 使用位移 $attackevasive 来设定 论坛防御级别 ,如果是 1 或者是 4 的话, 1=cookie 刷新限制 , 4=二次请求
// 读取上次时间到当前存放cookies数组,并将现在时间放置cookies// 将$_DCOOKIE['lastrequest'] 不断加密 存放last访问时间到 lastrequest_cookies
if($attackevasive & 1 || $attackevasive & 4) {
$_DCOOKIE['lastrequest'] = authcode($_DCOOKIE['lastrequest'],'DECODE');
dsetcookie('lastrequest',authcode($timestamp,'ENCODE'),$timestamp + 816400,1,true);
}
//如果确认被攻击,则展示提示语 1
if($attackevasive & 1) {if($timestamp - $_DCOOKIE['lastrequest'] < 1) {
securitymessage('attachsave_1_subject','attachsave_1_message');
}
}
//如检查到 HTTP_X_FORWARDED_FOR 有以下 参数 ,将提示 使用代理
if(($attackevasive & 2) && ($_SERVER['HTTP_X_FORWARDED_FOR'] ||$_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] ||
$_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] ||
$_SERVER['HTTP_PROXY_CONNECTION'])) {
securitymessage('attachsave_2_subject','attachsave_2_message',FALSE);
}
//如果在限定的时间内访问多次,将判断为二次请求
if($attackevasive & 4) {if(empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 300) {
securitymessage('attachsave_4_subject','attachsave_4_message');
}
}
//如果需要回答问题,则判断为8
if($attackevasive & 8) {list($questionkey,$questionanswer,$questiontime) = explode('|',authcode($_DCOOKIE['secqcode'],'DECODE'));
include_once disCUZ_ROOT.'./forumdata/cache/cache_secqaa.PHP';
if(!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {if(empty($_POST['secqsubmit']) || (!empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer']))) {
$questionkey = array_rand($_DCACHE['secqaa']);
dsetcookie('secqcode',authcode($questionkey.'||'.$timestamp,true);
securitymessage($_DCACHE['secqaa'][$questionkey]['question'],'',FALSE,TRUE);
} else {
dsetcookie('secqcode',authcode($questionkey.'|'.$_DCACHE['secqaa'][$questionkey]['answer'].'|'.$timestamp,true);
}
}}/**
* 输出被攻击提示语言,如果是ajax,展示一個错误層, 如果是請求, 則展示错误頁面
* @param $subject
* @param $message
* @param $reload
* @param $form
* @return unkNown_type
*/
function securitymessage($subject,$message,$reload = TRUE,$form = FALSE) {$scuritylang = array(
'attachsave_1_subject' => '频繁刷新限制',
'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...',
'attachsave_2_subject' => '代理服务器访问限制',
'attachsave_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。',
'attachsave_4_subject' => '页面重载开启',
'attachsave_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...'
);$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if($_GET['inajax']) {
ajaxshowheader();
echo '';
ajaxshowfooter();
} else {
echo '';
echo '';
echo '
echo '';
echo 'if($reload) {
echo '';
}
if($form) {
echo '