- <?php
-
-
-
-
-
-
- error_reporting(0);
-
-
-
-
-
- set_magic_quotes_runtime(0);
-
-
-
-
-
-
-
-
-
-
-
-
- $mtime = explode(' ', microtime());
-
-
-
-
-
-
-
- $discuz_starttime = $mtime[1] + $mtime[0];
-
- define('SYS_DEBUG', FALSE);
-
-
-
- define('IN_DISCUZ', TRUE);
- define('DISCUZ_ROOT', substr(dirname(__FILE__), 0, -7));
- define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
- !defined('CURSCRIPT') && define('CURSCRIPT', '');
-
- if(PHP_VERSION < '4.1.0') {
- $_GET = &$HTTP_GET_VARS;
- $_POST = &$HTTP_POST_VARS;
- $_COOKIE = &$HTTP_COOKIE_VARS;
- $_SERVER = &$HTTP_SERVER_VARS;
- $_ENV = &$HTTP_ENV_VARS;
- $_FILES = &$HTTP_POST_FILES;
- }
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- if (isset($_REQUEST['GLOBALS']) OR isset($_FILES['GLOBALS'])) {
- exit('Request tainting attempted.');
- }
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- require_once DISCUZ_ROOT.'./include/global.func.php';
-
-
-
-
-
-
-
-
-
- define('IS_ROBOT', getrobot());
- if(defined('NOROBOT') && IS_ROBOT) {
- exit(header("HTTP/1.1 403 Forbidden"));
- }
-
- foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
- foreach($$_request as $_key => $_value) {
- $_key{0} != '_' && $$_key = daddslashes($_value);
- }
- }
-
-
-
-
-
-
- if (!MAGIC_QUOTES_GPC && $_FILES) {
- $_FILES = daddslashes($_FILES);
- }
-
- $charset = $dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = '';
-
- $plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = array();
-
-
-
-
- require_once DISCUZ_ROOT.'./config.inc.php';
-
- $_DCOOKIE = $_DSESSION = $_DCACHE = $_DPLUGIN = $advlist = array();
-
- $prelength = strlen($cookiepre);
-
- foreach($_COOKIE as $key => $val) {
- if(substr($key, 0, $prelength) == $cookiepre) {
- $_DCOOKIE[(substr($key, $prelength))] = MAGIC_QUOTES_GPC ? $val : daddslashes($val);
- }
- }
-
-
-
-
- unset($prelength, $_request, $_key, $_value);
-
-
-
-
- $inajax = !emptyempty($inajax);
- $timestamp = time();
-
- if($attackevasive && CURSCRIPT != 'seccode') {
- require_once DISCUZ_ROOT.'./include/security.inc.php';
- }
-
-
-
-
- require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
-
- $PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
- $BASESCRIPT = basename($PHP_SELF);
- $boardurl = htmlspecialchars('http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api|archiver|wap)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/');
- /*
- * 取当前url 返回bbs的url(htmlspecialchars将特殊字符”<>“等转换为”< $gt“等)仔细看下substr、strpos那段,看这样是什么效果
- * strrpos() 函数查找字符串在另一个字符串中最后一次出现的位置
- * preg_replace() 执行一个正则表达式的搜索和替换
- */
-
- if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
- $onlineip = getenv('HTTP_CLIENT_IP');
- } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
- $onlineip = getenv('HTTP_X_FORWARDED_FOR');
- } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
- $onlineip = getenv('REMOTE_ADDR');
- } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
- $onlineip = $_SERVER['REMOTE_ADDR'];
- }
-
-
-
-
-
-
-
-
- preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches);
- $onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';
- unset($onlineipmatches);
-
- $cachelost = (@include DISCUZ_ROOT.'./forumdata/cache/cache_settings.php') ? '' : 'settings';
- @extract($_DCACHE['settings']);
-
-
-
-
-
-
-
- if($gzipcompress && function_exists('ob_gzhandler') && !in_array(CURSCRIPT, array('attachment', 'wap')) && !$inajax) {
- ob_start('ob_gzhandler');
- } else {
- $gzipcompress = 0;
- ob_start();
- }
-
-
-
-
-
-
- if(!emptyempty($loadctrl) && substr(PHP_OS, 0, 3) != 'WIN') {
- if($fp = @fopen('/proc/loadavg', 'r')) {
- list($loadaverage) = explode(' ', fread($fp, 6));
- fclose($fp);
- if($loadaverage > $loadctrl) {
- header("HTTP/1.0 503 Service Unavailable");
- include DISCUZ_ROOT.'./include/serverbusy.htm';
- exit();
- }
- }
- }
-
-
-
-
-
- if(in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'topicadmin', 'register', 'archiver'))) {
- $cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT;
- }
-
-
-
-
-
- $db = new dbstuff;
- $db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
- $dbuser = $dbpw = $dbname = $pconnect = NULL;
-
-
-
-
-
- $sid = daddslashes(($transsidstatus || CURSCRIPT == 'wap') && (isset($_GET['sid']) || isset($_POST['sid'])) ?
- (isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) :
- (isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));
-
-
-
-
-
-
- $discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
-
-
-
-
- list($discuz_pw, $discuz_secques, $discuz_uid) = emptyempty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1);
-
-
-
-
-
-
- $newpm = $newpmexists = $sessionexists = $seccode = 0;
-
- $membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,
- m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts,
- m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
- m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
- m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks, m.editormode, m.customshow, m.customaddfeed';
-
-
-
-
- if($sid) {
- if($discuz_uid) {
- $query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields
- FROM {$tablepre}sessions s, {$tablepre}members m
- WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid'
- AND m.password='$discuz_pw' AND m.secques='$discuz_secques'");
- } else {
- $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
- FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'");
- }
-
-
-
-
-
-
-
-
-
- ?>
本文转自许琴 51CTO博客,原文链接:http://blog.51cto.com/xuqin/882308,如需转载请自行联系原作者