illegallog.php,discuz代码分析logging.php

discuz代码分析logging.php

时间: 2009-10-22  分类: php+Mysql  收藏

//定义操作页面

define('CURscrīpt', 'logging');

//包含公共文件

require_once './include/common.inc.php';

//包含misc函数文件

require_once DISCUZ_ROOT.'./include/misc.func.php';

//判断动作

//注销

if($action == 'logout' && !empty($formhash) && $formhash == FORMHASH) {

//清除cookies

clearcookies();

//重置用户状态为游客

$groupid = 7;

$discuz_uid = 0;

//清除用户名密码

$discuz_user = $discuz_pw = '';

//重置页面样式

$styleid = $_DCACHE['settings']['styleid'];

//显示注销成功页面

showmessage('logout_succeed', dreferer());

}

//登陆

elseif($action == 'login') {

//判断用户是否为游客

if($discuz_uid) {

//显示登陆成功页面

showmessage('login_succeed', $indexname);

}

//登陆用户名的字段名

$field = isset($loginfield) && $loginfield == 'uid' ? 'uid' : 'username';

//验证码检查

//get secure code checking status (pos. -2)

$seccodecheck = substr(sprintf('%05b', $seccodestatus), -2, 1);

//判断是否为提交登陆

if(!submitcheck('loginsubmit', 1, $seccodecheck)) {

//显示登陆页面

$discuz_action = 6;

$referer = dreferer();

$thetimenow = '(GMT '.($timeoffset > 0 ? '+' : '').$timeoffset.') '.

gmdate("$dateformat $timeformat", $timestamp + $timeoffset * 3600).

$styleselect = '';

$query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'");

while($styleinfo = $db->fetch_array($query)) {

$styleselect .= "$styleinfo[name]

";

}

$_DCOOKIE['cookietime'] = isset($_DCOOKIE['cookietime']) ? $_DCOOKIE['cookietime'] : 2592000;

$cookietimecheck = array((isset($_DCOOKIE['cookietime']) ? intval($_DCOOKIE['cookietime']) : 2592000) => 'checked');

if($seccodecheck) {

$seccode = random(4, 1);

}

include template('login');

} else {

//处理登陆

//用户信息置空

$discuz_uid = 0;

$discuz_user = $discuz_pw = $discuz_secques = $md5_password = '';

$member = array();

//判断是否被限制登陆,返回0,1,2,3。声明在misc.func.php

$loginperm = logincheck();

if(!$loginperm) {

//显示限制登陆

showmessage('login_strike');

}

//安全提问处理,返回一串字符或空。声明在global.func.php

$secques = quescrypt($questionid, $answer);

//判断是否安全提问页面登陆

if(isset($loginauth)) {

$field = 'username';

$password = 'VERIFIED';

list($username, $md5_password) = explode("", authcode($loginauth, 'DECODE'));

} else {

$md5_password = md5($password);

$password = preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\1***\3", $password);

}

//查询数据表members,usergroups

$query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,

m.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible

FROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)

WHERE m.$field='$username'");

//取出用户认证信息包括UID,用户名,密码,安全提问,管理权限,用户组ID,页面风格,上次访问,最后发帖,是否允许隐身

$member = $db->fetch_array($query);

//验证登陆

if($member['discuz_uid'] && $member['discuz_pw'] == $md5_password) {

//验证安全提问

if($member['discuz_secques'] == $secques) {

//安全提问匹配

//从数组中将变量导入到当前的符号表

extract($member);

//处理用户名

$discuz_userss = $discuz_user;

$discuz_user = addslashes($discuz_user);

//判断隐身模式

if(($allowinvisible && $loginmode == 'invisible') || $loginmode == 'normal') {

//更新members表用户现在的模式:隐身或普通

$db->query("UPDATE {$tablepre}members SET invisible='".($loginmode == 'invisible' ? 1 : 0)."' WHERE uid='$member[discuz_uid]'", 'UNBUFFERED');

}

$styleid = intval(empty($_POST['styleid']) ? ($styleidmem ? $styleidmem :

$_DCACHE['settings']['styleid']) : $_POST['styleid']);

$cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] :

($_DCOOKIE['cookietime'] ? $_DCOOKIE['cookietime'] : 0));

//写cookie

dsetcookie('cookietime', $cookietime, 31536000);

dsetcookie('auth', authcode("$discuz_pw$discuz_secques$discuz_uid", 'ENCODE'), $cookietime);

$sessionexists = 0;

//判断是否为等待验证会员

if($groupid == 8) {

showmessage('login_succeed_inactive_member', 'memcp.php');

} else {

showmessage('login_succeed', dreferer());

}

} elseif(empty($secques)) {

//安全提问不匹配且安全提问不为空

$username = dhtmlspecialchars($member['discuz_user']);

$loginmode = dhtmlspecialchars($loginmode);

$styleid = intval($styleid);

$cookietime = intval($cookietime);

//加密已接受的用户名和密码

$loginauth = authcode(addslashes($member['discuz_user'])."".addslashes($member['discuz_pw']), 'ENCODE');

//显示回答安全提问

include template('login_secques');

dexit();

}

}

//生成密码错误日志记录

$errorlog = "<?PHP exit('Access Denied'); ?>".$timestamp."".

dhtmlspecialchars($member['discuz_user'] ? $member['discuz_user'] : stripslashes($username))."".

$password."".

($secques ? "Ques #".dhtmlspecialchars($questionid) : '')."".

$onlineip."

";

loginfailed($loginperm);

//日志记录加入日志文件

@$fp = fopen(DISCUZ_ROOT.'./forumdata/illegallog.php', 'a');

@flock($fp, 2);

@fwrite($fp, $errorlog);

@fclose($fp);

//显示登陆出错页面

showmessage('login_invalid', NULL, 'HALTED');

}

}

else {

showmessage('undefined_action');

}

?>

分享到:

评论

昵 称:

发表评论

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值