DZ Forum Core Code Analysis-core file global.func.php _php Tutorial

Please see an article: DZ Forum Core Code Analysis plan--install Package

It took two days to finish analyzing the global.func.php. Also intends to 3 days to complete the common.inc.php file, found again a lot of documents. So this time the post changes the strategy. First, the analysis of the global.func.php file. The analysis was not good. A lot of things I don't know what to do with ... I even found a few functions that were not referenced in the entire DZ file system. Maybe it's a test function. But it's very useful. I took it and put it in my own function bag.
Because this package has a lot of code. Each block of code is carefully analyzed only by the individual's importance.
In the previous paper analysis plan, I actually less two files, one is the DZ Forum global Variable Declaration table. DZ Forum file action table. DZ Forum function call table.
Because the analysis of things temporarily less, so did not come up. Let's finish the whole talk.
The study diary is as follows:

Only part of the update .... There is another part: PM Update up

The following is the referenced content: Golbal.func.php Journal Time: October 7, 2008 10:37:34 1, this file is often quoted files, so the beginning or the use of the usual constant judgment. Prevent direct open by malicious browser 2, encryption function Authcode in the encryption has multiple MD5 overlay encryption. Ensure the security of your password. In common thinking, it is usually only encrypted once. In the cryptographic function of DZ. Cryptographic algorithms are complex. respectively, from MD5 encryption, character random truncation encryption, bit operation encryption and encryption key combination. 3, DZ character processing work is very good. Although we will choose Utf-8 or GBK at the time of downloading. But it is the first place to consider character encoding, whether it is handling characters or working with database links. The database link on the db_mysql.class.php file determines what the format is. The code is as follows $func = Empty ($pconnect)? ' Mysql_connect ': ' Mysql_pconnect '; Create a link to the properties of the class link. And how to set the encoding method when the link is established. if (! $this->link = @ $func ($dbhost, $dbuser, $DBPW, 1)) { $halt && $this->halt (' Can not connect to MySQL server '); } else { if ($this->version () > ' 4.1 ') { Global $charset, $dbcharset; $dbcharset = $dbcharset 2? $dbcharset 2: $dbcharset; $dbcharset =! $dbcharset && in_array (Strtolower ($charset), Array (' GBK ', ' Big5 ', ' utf-8 ')? Str_replace ('-', ', $charset): $dbcharset; $serverset = $dbcharset? ' character_set_connection= '. $dbcharset. ', character_set_results= ' $dbcharset. ', character_set_client=binary ': '; $serverset. = $this->version () > ' 5.0.1 '? (Empty ($serverset)? '' : ',').' Sql_mode=\ ' \ '): '; $serverset && mysql_query ("SET $serverset", $this->link); } The string processing in the global.func.php file also takes into account the encoding format of the string. There is a global variable $charset that is used to set the encoding format. The string is processed in CUTSTR based on the value of the variable. Also, in the Cutstr () function, special characters in the string are processed before truncation. $string = Str_replace (' & ', ' ' ', ' < ', ' > '), Array (' & ', ' "', ' < ', ' > '), $string); After the truncation is processed, it is restored. $strcut = Str_replace (' & ', ' ' ', ' < ', ' > '), Array (' & ', ' "', ' < ', ' > '), $strcut); This will explain why the text of the DZ forum is still in line with the original text format. 4. Custom substitution for HTML code format. But it's important to note that DZ is thoughtful. if (Is_array ($string)) { foreach ($string as $key = = $val) { $string [$key] = Dhtmlspecialchars ($val);//If it is a number of leases, iterate over the array and call itself this function on a single character processing. } Judging if the incoming string is an array? Well. In my opinion, only the replacement part of the character is encapsulated. But he's got a good package here. Because I don't have to worry about what format string I'm passing when I call this function. 5, the page jump encapsulated in the Dheader function 6,//Typical reduction code repeat input function. Handle the email string. Just need Emailconv (email address) to return an already coded email address. function Emailconv ($email, $tolink = 1) { $email = str_replace (Array (' @ ', '. '), array (' @ ', '. '), $email); Return $tolink? ". $email. ': $email; } 7,//Truncate the file name, enter the file name, return the processed file name function Fileext ($filename) { Return Trim (substr (STRRCHR ($filename, '. '), 1, 10)); } 8, DZ processing browser direct input path access problem is used to determine the constant method. But what about robots? Robots are not constant. But PHP has and custom constants: $_server[' Http_user_agent '. These two are used to determine the name of the robot. It also contains a name. So the robot's judgment is as follows: This function is called by parsing the common.inc.php file. This function is used to determine how the robot is handled. function Getrobot () { if (!defined (' Is_robot ')) { Define search engine Name $kw _spiders = ' bot| crawl| Spider|slurp|sohu-search|lycos|robozilla '; Define Browser type name $kw _browsers = ' msie| netscape| opera| konqueror| Mozilla '; Determine whether these browsers, if yes, define Is_robot this constant is false. Conversely, if the spider is not the above defined search engine, if it is defined Is_robot this constant is true. If none of the conditions are met, define Is_robot this constant is false. if (Preg_match ("/($kw _browsers)/i", $_server[' Http_user_agent '])) { Define (' Is_robot ', FALSE); } elseif (Preg_match ("/($kw _spiders)/i", $_server[' Http_user_agent '])) { Define (' Is_robot ', TRUE); } else { Define (' Is_robot ', FALSE); } } Returns the value of the constant Is_robot return Is_robot; } The invocation in the common.inc.php file is handled like this: With this constant, the robot is not allowed to access this page at will. Define (' Is_robot ', Getrobot ()); if (defined (' Norobot ') && Is_robot) { Exit (Header ("http/1.1 403 Forbidden")); } Look back still the constant method. Only the value of this constant is obtained through the function Getrobot ().

Update error: These errors are the errors I learned in my analysis where they were called. But it's not possible. I found a little bit of a change, so here's the explanation

The following is the referenced content: Checklowerlimit (): This function is used to check the limit of the integral

Thanks for the help of the following people.

The following is the referenced content: Dongxin1390008 said: daddslashes function is to check the php.ini file's ' MAGIC_QUOTES_GPC option is open, if this close, it is easy to do SQL injection, if closed, then use the addslashes to single quotes, # Number to be escaped 2008-10-6 17:33:30 Update attachment package Add this comment

http://www.bkjia.com/PHPjc/364108.html www.bkjia.com true http://www.bkjia.com/PHPjc/364108.html techarticle Please see an article: DZ Forum Core Code Analysis plan--install package It took two days to finish global.func.php analysis. Also intends to 3 days to complete the common.inc.php file, found again separated to very ...

