In-depth analysis of Discuz security. inc. php code

The Code is as follows:
Copy codeThe Code is as follows:
<? Php

/*
[Discuz!] (C) 2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$ Id: security. inc. php 16688 06: 41: 07Z cnteacher $
*/

// If IN_DISCUZ is not set, an access error occurs.
If (! Defined ('in _ discuz ')){
Exit ('Access Denied ');
}

// Use Shift $ attackevasive to set the Forum defense level. If it is 1 or 4, 1 = cookie refresh limit, 4 = second request
// Read the last time to the current cookie storage array and place the current time as cookies
// Encrypt $ _ DCOOKIE ['lastquest '] to store the last access time to lastrequest_cookies
If ($ attackevasive & 1 | $ attackevasive & 4 ){
$ _ DCOOKIE ['lastquest '] = authcode ($ _ DCOOKIE ['lastquest'], 'decode ');
Dsetcookie ('lastquest ', authcode ($ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
}

// If the attack is confirmed, prompt 1 is displayed.
If ($ attackevasive & 1 ){
If ($ timestamp-$ _ DCOOKIE ['lastquest '] <1 ){
Securitymessage ('attachsave _ Your subobject', 'attachsave _ Your message ');
}
}

 
// If the following parameters are found in HTTP_X_FORWARDED_FOR, the agent is prompted.
If ($ attackevasive & 2) & ($ _ SERVER ['HTTP _ X_FORWARDED_FOR '] |
$ _ SERVER ['HTTP _ pass'] | $ _ SERVER ['HTTP _ PROXY_CONNECTION '] |
$ _ SERVER ['HTTP _ USER_AGENT_VIA '] | $ _ SERVER ['HTTP _ CACHE_INFO'] |
$ _ SERVER ['HTTP _ PROXY_CONNECTION ']) {
Securitymessage ('attachsave _ 2_subject ', 'attachsave _ 2_message', FALSE );
}

// If the request is accessed multiple times within the specified time, the request is considered as a second request.
If ($ attackevasive & 4 ){
If (empty ($ _ DCOOKIE ['lastquest ']) | $ timestamp-$ _ DCOOKIE ['lastquest']> 300 ){
Securitymessage ('attachsave _ 4_subject ', 'attachsave _ 4_message ');
}
}

 
// If you need to answer the question, the value is 8.
If ($ attackevasive & 8 ){
List ($ questionkey, $ questionanswer, $ questiontime) = explode ('|', authcode ($ _ DCOOKIE ['secqcode'], 'decode '));
Include_once DISCUZ_ROOT. './forumdata/cache/cache_secqaa.php ';
If (! $ Questionanswer |! $ Questiontime | $ _ DCACHE ['secqa'] [$ questionkey] ['answer']! = $ Questionanswer ){

If (empty ($ _ POST ['secqsubmit ']) | (! Empty ($ _ POST ['secqsubmit ']) & $ _ DCACHE ['secqa'] [$ questionkey] ['answer']! = Md5 ($ _ POST ['answer']) {
$ Questionkey = array_rand ($ _ DCACHE ['secqa']);
Dsetcookie ('secqcode', authcode ($ questionkey. '|'. $ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
Securitymessage ($ _ DCACHE ['secqa'] [$ questionkey] ['question'], '<input type = "text" name = "answer" size = "8" maxlength = "150"/> <input class = "button" type = "submit" name =" secqsubmit "value =" Submit "/> ', FALSE, TRUE );
} Else {
Dsetcookie ('secqcode', authcode ($ questionkey. '| '. $ _ DCACHE ['secqa'] [$ questionkey] ['ancer']. '| '. $ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
}
}

}

/**
* The output prompt language is attacked. If ajax is used, an error response is displayed. If so, an error response is displayed.
* @ Param $ subject
* @ Param $ message
* @ Param $ reload
* @ Param $ form
* @ Return unknown_type
*/
Function securitymessage ($ subject, $ message, $ reload = TRUE, $ form = FALSE ){

$ Scuritylang = array (
'Attachsave _ repeated subobject' => 'frequent refresh limited ',
'Attachsave _ upload message' => 'Your Website access speed is too fast or the refresh interval is less than two seconds! Please wait for the page to automatically jump ...',
'Attachsave _ 2_subject '=> 'proxy server access limited ',
'Attachsave _ 2_message '=>' currently, this site is restricted to access by proxy servers. Please remove your proxy settings and access this site directly. ',
'Attachsave _ 4_subject '=> 'page reload enabled ',
'Attachsave _ 4_message '=>' Welcome to this site. The page is being reloaded. Please wait ...'
);

$ Subject = $ scuritylang [$ subject]? $ Scuritylang [$ subject]: $ subject;
$ Message = $ scuritylang [$ message]? $ Scuritylang [$ message]: $ message;
If ($ _ GET ['ajax ']) {
Ajaxshowheader ();
Echo '<div id = "attackevasive_1" class = "popupmenu_option"> <B style = "font-size: 16px"> '. $ subject. '</B> <br/> '. $ message. '</div> ';
Ajaxshowfooter ();
} Else {
Echo 'Echo 'Echo '<title>'. $ subject. '</title> ';
Echo 'Echo '<body bgcolor = "# FFFFFF"> ';
If ($ reload ){
Echo '<script language = "JavaScript"> ';
Echo 'function reload (){';
Echo 'document. location. reload ();';
Echo '}';
Echo 'settimeout ("reload ()", 1001 );';
Echo '</script> ';
}
If ($ form ){
Echo '<form action = "'. $ _ SERVER ['php _ SELF '].'" method = "POST"> ';
}
Echo '<table cellpadding = "0" cellspacing = "0" border = "0" width = "700" align = "center" height = "85%"> ';
Echo '<tr align = "center" valign = "middle"> ';
Echo '<td> ';
Echo '<table cellpadding = "10" cellspacing = "0" border = "0" width = "80%" align = "center" style = "font-family: Verdana, Tahoma; color: #666666; font-size: 11px "> ';
Echo '<tr> ';
Echo '<td valign = "middle" align = "center" bgcolor = "# EBEBEB"> ';
Echo '<br/> <B style = "font-size: 16px"> '. $ subject. '</B> <br/> ';
Echo $ message;
Echo '<br/> ';
Echo '</td> ';
Echo '</tr> ';
Echo '</table> ';
Echo '</td> ';
Echo '</tr> ';
Echo '</table> ';
If ($ form ){
Echo '</form> ';
}
Echo '</body> ';
Echo '}
Exit ();
}

 
Function ajaxshowheader (){
Global $ charset, $ inajax;
Ob_end_clean ();
@ Header ("Expires:-1 ");
@ Header ("Cache-Control: no-store, private, post-check = 0, pre-check = 0, max-age = 0", FALSE );
@ Header ("Pragma: no-cache ");
Header ("Content-type: application/xml ");
Echo "<? Xml version =/"1.0/" encoding =/"$ charset/"?> /N <root> <! [CDATA [";
}

Function ajaxshowfooter (){
Echo ']> </root> ';
}

?>