In-depth analysis of Discuzsecurity. inc. php code _ php instance

This article provides a detailed analysis of the Discuzsecurity. inc. php code. For more information, see the following code:

The code is as follows:

/*
[Discuz!] (C) 2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms

$ Id: security. inc. php 16688 06: 41: 07Z cnteacher $
*/

// If IN_DISCUZ is not set, an access error occurs.
If (! Defined ('in _ discuz ')){
Exit ('Access Denied ');
}

// Use shift $ attackevasive to set the Forum defense level. if it is 1 or 4, 1 = cookie refresh limit, 4 = Second request
// Read the last time to the current cookie storage array and place the current time as cookies
// Encrypt $ _ DCOOKIE ['lastquest '] to store the last access time to lastrequest_cookies
If ($ attackevasive & 1 | $ attackevasive & 4 ){
$ _ DCOOKIE ['lastquest '] = authcode ($ _ DCOOKIE ['lastquest'], 'decode ');
Dsetcookie ('lastquest ', authcode ($ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
}

// If the attack is confirmed, prompt 1 is displayed.
If ($ attackevasive & 1 ){
If ($ timestamp-$ _ DCOOKIE ['lastquest '] <1 ){
Securitymessage ('attachsave _ your subobject', 'attachsave _ your message ');
}
}


// If the following parameters are found in HTTP_X_FORWARDED_FOR, the agent is prompted.
If ($ attackevasive & 2) & ($ _ SERVER ['http _ X_FORWARDED_FOR '] |
$ _ SERVER ['http _ pass'] | $ _ SERVER ['http _ PROXY_CONNECTION '] |
$ _ SERVER ['http _ USER_AGENT_VIA '] | $ _ SERVER ['http _ CACHE_INFO'] |
$ _ SERVER ['http _ PROXY_CONNECTION ']) {
Securitymessage ('attachsave _ 2_subject ', 'attachsave _ 2_message', FALSE );
}

// If the request is accessed multiple times within the specified time, the request is considered as a second request.
If ($ attackevasive & 4 ){
If (empty ($ _ DCOOKIE ['lastquest ']) | $ timestamp-$ _ DCOOKIE ['lastquest']> 300 ){
Securitymessage ('attachsave _ 4_subject ', 'attachsave _ 4_message ');
}
}


// If you need to answer the question, the value is 8.
If ($ attackevasive & 8 ){
List ($ questionkey, $ questionanswer, $ questiontime) = explode ('|', authcode ($ _ DCOOKIE ['secqcode'], 'decode '));
Include_once DISCUZ_ROOT. './forumdata/cache/cache_secqaa.php ';
If (! $ Questionanswer |! $ Questiontime | $ _ DCACHE ['secqa'] [$ questionkey] ['answer']! = $ Questionanswer ){

If (empty ($ _ POST ['secqsubmit ']) | (! Empty ($ _ POST ['secqsubmit ']) & $ _ DCACHE ['secqa'] [$ questionkey] ['answer']! = Md5 ($ _ POST ['answer']) {
$ Questionkey = array_rand ($ _ DCACHE ['secqa']);
Dsetcookie ('secqcode', authcode ($ questionkey. '|'. $ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
Securitymessage ($ _ DCACHE ['secqa'] [$ questionkey] ['question'],'', FALSE, TRUE );
} Else {
Dsetcookie ('secqcode', authcode ($ questionkey. '| '. $ _ DCACHE ['secqa'] [$ questionkey] ['ancer']. '| '. $ timestamp, 'encoding'), $ timestamp + 816400, 1, true );
}
}

}

/**
* The output prompt language is attacked. if ajax is used, an error response is displayed. if so, an error response is displayed.
* @ Param $ subject
* @ Param $ message
* @ Param $ reload
* @ Param $ form
* @ Return unknown_type
*/
Function securitymessage ($ subject, $ message, $ reload = TRUE, $ form = FALSE ){

$ Scuritylang = array (
'Attachsave _ repeated subobject' => 'frequent refresh limited ',
'Attachsave _ Upload message' => 'your website access speed is too fast or the refresh interval is less than two seconds! Please wait for the page to automatically jump ...',
'Attachsave _ 2_subject '=> 'Proxy server access limited ',
'Attachsave _ 2_message '=>' currently, this site is restricted to access by proxy servers. please remove your proxy settings and access this site directly. ',
'Attachsave _ 4_subject '=> 'Page reload enabled ',
'Attachsave _ 4_message '=>' Welcome to this site. the page is being reloaded. please wait ...'
);

$ Subject = $ scuritylang [$ subject]? $ Scuritylang [$ subject]: $ subject;
$ Message = $ scuritylang [$ message]? $ Scuritylang [$ message]: $ message;
If ($ _ GET ['Ajax ']) {
Ajaxshowheader ();
Echo'

'. $ Subject .'

'. $ Message .'

';
Ajaxshowfooter ();
} Else {
Echo'';
Echo'';
Echo' '. $ Subject .'';
Echo'';
Echo'';
If ($ reload ){
Echo'