Discuz!源代碼分析系列:./include/global.func.php(3)

時間 2021-08-15

標籤 php html ajax 安全 session dom ide 函數加密欄目 Discuz 简体版

原文原文鏈接

轉自www.discuz.net　做者：郭鑫 /** * 輸出用的，這個時候能夠作一點事情，好比說：把sid用正則寫到form裏面，rewrite規則啓用後把論壇裏面的forumdisplay.php?fid=1&page=2用正則換成forum-1-2.html。 * 並把ftp鏈接關掉，寫入cache */ function output() { global $sid, $transsidstatus, $rewritestatus, $ftp; if(($transsidstatus = empty($GLOBALS['_DCOOKIE']['sid']) && $transsidstatus) || in_array($rewritestatus, array(2, 3))) { if($transsidstatus) { $searcharray = array ( "/\<a(\s*[^\>]+\s*)href\=([\"|\']?)([^\"\'\s]+)/ies", "/(\<form.+?\>)/is" ); $replacearray = array ( "transsid('\\3','<a\\1href=\\2')", "\\1\n<input type=\"hidden\" name=\"sid\" value=\"$sid\">" ); } else { $searcharray = array ( //"/\<a href\=\"index\.php\"\>/", "/\<a href\=\"forumdisplay\.php\?fid\=(\d+)(&page\=(\d+))?\"([^\>]*)\>/e", "/\<a href\=\"viewthread\.php\?tid\=(\d+)(&extra\=page\%3D(\d+))?(&page\=(\d+))?\"([^\>]*)\>/e", "/\<a href\=\"viewpro\.php\?(uid\=(\d+)|username\=([^&]+?))\"([^\>]*)\>/e", "/\<a href\=\"space\.php\?(uid\=(\d+)|username\=([^&]+?))\"([^\>]*)\>/e" ); $replacearray = array ( //"<a href=\"index.html\">", "rewrite_forum('\\1', '\\3', '\\4')", "rewrite_thread('\\1', '\\5', '\\3', '\\6')", "rewrite_profile('\\2', '\\3', '\\4')", "rewrite_space('\\2', '\\3', '\\4')" ); } $content = preg_replace($searcharray, $replacearray, ob_get_contents()); ob_end_clean(); $GLOBALS['gzipcompress'] ? ob_start('ob_gzhandler') : ob_start(); echo $content; } if($ftp['connid']) { @ftp_close($ftp['connid']); } $ftp = array(); if(defined('CACHE_FILE') && CACHE_FILE && !defined('CACHE_FORBIDDEN')) { global $cachethreaddir; if(diskfreespace(DISCUZ_ROOT.'./'.$cachethreaddir) > 1000000) { $fp = fopen(CACHE_FILE, 'w'); if($fp) { flock($fp, LOCK_EX); fwrite($fp, empty($content) ? ob_get_contents() : $content); } @fclose($fp); } } } 複製內容到剪貼板代碼: /**這一段都是rewrite規則，和上一個函數相映成趣~ * @para int $tid 帖子的id * @para int $page 頁數 * @para int $prevpage 上一頁 * @para string $extra 附加的東東 * * @return string 返回一個連接，如: <a href = "thread-1-1.html"> */ function rewrite_thread($tid, $page = 0, $prevpage = 0, $extra = '') { return '<a href="thread-'.$tid.'-'.($page ? $page : 1).'-'.($prevpage ? $prevpage : 1).'.html"'.stripslashes($extra).'>'; } function rewrite_forum($fid, $page = 0, $extra = '') { return '<a href="forum-'.$fid.'-'.($page ? $page : 1).'.html"'.stripslashes($extra).'>'; } function rewrite_profile($uid, $username, $extra = '') { return '<a href="profile-'.($uid ? 'uid-'.$uid : 'username-'.$username).'.html"'.stripslashes($extra).'>'; } function rewrite_space($uid, $username, $extra = '') { return '<a href="space-'.($uid ? 'uid-'.$uid : 'username-'.$username).'.html"'.stripslashes($extra).'>'; } 複製內容到剪貼板代碼: /** * 訪問時段檢查 * @para string $periods 容許訪問的時段 * @para string showmessage 若是不容許訪問的時段會員訪問了的話出現的自定義提示 * * @return TRUE or no return */ function periodscheck($periods, $showmessage = 1) { global $timestamp, $disableperiodctrl, $_DCACHE, $banperiods; if(!$disableperiodctrl && $_DCACHE['settings'][$periods]) { $now = gmdate('G.i', $timestamp + $_DCACHE['settings']['timeoffset'] * 3600); foreach(explode("\r\n", str_replace(':', '.', $_DCACHE['settings'][$periods])) as $period) { list($periodbegin, $periodend) = explode('-', $period); if(($periodbegin > $periodend && ($now >= $periodbegin || $now < $periodend)) || ($oeriodbegin < $periodend && $now >= $periodbegin && $now < $periodend)) { $banperiods = str_replace("\r\n", ', ', $_DCACHE['settings'][$periods]); if($showmessage) { showmessage('period_nopermission', NULL, 'NOPERM'); } else { return TRUE; } } } } return FALSE; } 複製內容到剪貼板代碼: /** * 加密安全提問的，MD5加密 * @para int $qestionid * @para string $anser * * @return string 返回加密後的字串 */ function quescrypt($questionid, $answer) { return $questionid > 0 && $answer != '' ? substr(md5($answer.md5($questionid)), 16, 8) : ''; } 複製內容到剪貼板代碼: /** * 生成隨機數(這裏返回$hash名字有點點不合適，hash是包含key和value的，這裏沒有這樣的意思) * @para int $length 要生成的長度 * @para int $numeric 傳入一個非零的數表示要生成的全是數字 * * @return string 返回生成的字串 */ function random($length, $numeric = 0) { PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000); if($numeric) { $hash = sprintf('%0'.$length.'d', mt_rand(0, pow(10, $length) - 1)); } else { $hash = ''; $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz'; $max = strlen($chars) - 1; for($i = 0; $i < $length; $i++) { $hash .= $chars[mt_rand(0, $max)]; } } return $hash; } 複製內容到剪貼板代碼: /** * 刪除目錄和文件用的 * @para string $dirname 要刪除的目錄名 * @para boolean $keepdir 是否在刪除文件後保留目錄，也就是隻清空目錄 * * @return boolean */ function removedir($dirname, $keepdir = FALSE) { $dirname = wipespecial($dirname); if(!is_dir($dirname)) { return FALSE; } $handle = opendir($dirname); while(($file = readdir($handle)) !== FALSE) { if($file != '.' && $file != '..') { $dir = $dirname . DIRECTORY_SEPARATOR . $file; is_dir($dir) ? removedir($dir) : unlink($dir); } } closedir($handle); return !$keepdir ? (@rmdir($dirname) ? TRUE : FALSE) : TRUE; } 複製內容到剪貼板代碼: /** * 發信件用的，用到了include目錄下的sendmail.inc.php * @para string $email_to * @para string $email_subject * @para string $email_message * @para string $email_from */ function sendmail($email_to, $email_subject, $email_message, $email_from = '') { extract($GLOBALS, EXTR_SKIP); require DISCUZ_ROOT.'./include/sendmail.inc.php'; } 複製內容到剪貼板代碼: /** * 發送PM的函數 * @para int $toid 對方id * @para string $subject PM主題 * @para int $fromid 發送方id * @para string $from 發送方用戶名 */ function sendpm($toid, $subject, $message, $fromid = '', $from = '') { extract($GLOBALS, EXTR_SKIP); include language('pms'); if(isset($language[$subject])) { eval("\$subject = addslashes(\"".$language[$subject]."\");"); } if(isset($language[$message])) { eval("\$message = addslashes(\"".$language[$message]."\");"); } if(!$fromid && !$from) { $fromid = $discuz_uid; $from = $discuz_user; } $pmids = array(); foreach(explode(',', $toid) as $uid) { if(is_numeric($uid)) { $query = $db->query("INSERT INTO {$tablepre}pms (msgfrom, msgfromid, msgtoid, folder, new, subject, dateline, message) VALUES ('$from', '$fromid', '$uid', 'inbox', '1', '$subject', '$timestamp', '$message')"); if($query) { $pmids[] = $uid; } } } if($toid = implodeids($pmids)) { $db->query("UPDATE {$tablepre}members SET newpm='1' WHERE uid IN ($toid)"); } } /** * 你們熟悉的showmesage終於出現~！包含了ajax效果了 * @para string $message 顯示在跳轉頁面的信息，好比：您已成功登錄…… * @para string $url_forword 下一個url，過三秒會自動跳轉過去 * @para string $extra 這個用來控制一些特殊的顯示，好比：HALTED, NOPERM，這樣能夠控制一些特殊場合，Discuz想得真是太全面了~！ */ function showmessage($message, $url_forward = '', $extra = '') { extract($GLOBALS, EXTR_SKIP); global $extrahead, $discuz_action, $debuginfo, $seccode, $fid, $tid, $supe_fromsupesite, $supe_jumpurl, $supe, $charset, $show_message, $_DCACHE; $supe_messagetpl = $supe_error = ''; $show_message = $message; $msgforward = unserialize($_DCACHE['settings']['msgforward']); $msgforward['refreshtime'] = intval($msgforward['refreshtime']); $url_forward = empty($url_forward) ? '' : (empty($_DCOOKIE['sid']) && $transsidstatus ? transsid($url_forward) : $url_forward); if($supe_fromsupesite && $supe['status']) { $supe_messagetpl = 'supesite_'; $extra = ''; $supe_error = $url_forward ? false : true; $url_forward = !empty($supe_jumpurl) && !$supe_error ? urldecode($supe_jumpurl) : $url_forward; } elseif($url_forward && empty($_GET['inajax']) && $msgforward['quick'] && $msgforward['messages'] && @in_array($message, $msgforward['messages'])) { updatesession(); dheader("location: ".str_replace('&', '&', $url_forward)); } if(in_array($extra, array('HALTED', 'NOPERM'))) { $fid = $tid = 0; $discuz_action = 254; } else { $discuz_action = 255; } include language('messages'); //把message這個語言包加了進來 if(isset($language[$message])) { $supe_pre = $supe_fromsupesite ? 'supe_' : ''; eval("\$show_message = \"".($language[$supe_pre.$message] ? $language[$supe_pre.$message] : $language[$message])."\";"); unset($supe_pre); } ajaxtemplate('showmessage_ajax'); $extrahead .= $url_forward ? '<meta http-equiv="refresh" content="'.$msgforward['refreshtime'].' url='.$url_forward.'">' : ''; if($advlist = $advlist['redirect']) { foreach($advlist AS $type => $redirectadvs) { $advlist[$type] = $redirectadvs[array_rand($redirectadvs)]; } } if($extra == 'NOPERM' && !$passport_status) { //get secure code checking status (pos. -2) if($seccodecheck = substr(sprintf('%05b', $seccodestatus), -2, 1)) { $seccode = random(6, 1) + $seccode{0} * 1000000; } include template('nopermission'); } else { include template($supe_messagetpl.'showmessage'); } dexit(); }