1、 銆銆鐐硅瘎鏈 枃灏嗚 缁嗕粙缁嶄笅 Discuz! X楠岃瘉鐮佺殑浜敓鍜岄獙璇佺爜鐨勯獙璇佷互鍙婇氳繃PHP鏂瑰紡鐨勯獙璇佺爜楠岃瘉瀹炰緥璁茶鍙 杩樻湁闅忔満鏁板 浣曚骇 鐢熺殑浠嬬粛鎰熷叴瓒殑浣犲彲浠弬鑰冧笅甯屾湜鍙 互甯姪鍒颁綘涓楠岃瘉鐮佺殑浜敓 濡備綍鍦鏉夸腑娣诲姞涓涓 獙璇佺爜 鍦涓 獙璇佺爜鐨勬 鏉块儴鍒嗙嫭绔嬩负涓涓鏉挎枃浠讹紙template/default/common/锛変緵鍚勪釜鍦版柟璋冪敤 鍦鏉夸腑鍙 互娣诲姞濡備笅浠爜鏉皟鐢獙璇佺爜妯澘閮垎 銆銆浠爜濡備笅 :銆銆 ; 瑙噴涓 涓 璇 鍙 殑鎰忔 负 鍚 獙璇佺爜 $seccodecheck 鍙 涓 灏 鍚 獙璇佺爜
2、鍙 殑鎰忔 负缁 鐨勯獙璇佺爜璁currency1涓涓“ 殑妯澘紡$sectpl 杩釜鍙 fi瑰fl鐨 鏉 $sectpl 鍙 互璁獙璇佺爜鐨勬“ ”鐨勬 忔 殑缁浠嬬殑妯澘浠爜涓 彲浠 鏈 涓浜HMTL 浠爜鑰 浜 垎鍒 ldquo;楠岃瘉鐮rdquo;鏂楠岃瘉鐮 楠岃瘉鐮 涓 杩 灏 彲浠 楠岃瘉鐮佷 鍚 殑閮垎鍚 鐨 殑”涓 鍙 殑鎰忔 负灏嗙嫭绔嬬殑楠岃瘉鐮 鏉 ”涓 ”鐨勬 鏉夸 鍚岃 鍦 鏉夸腑娣诲姞涓 涓殑浠爜鍚 鏂 鍙 rivate Const SMART_INVALID_BUFFER As Long = 4 “ Bad buffer (null, invalid addr)浠
3、 鍒 獙璇佺爜閮垎浜 楠岃瘉鐮佺殑鐢 佺 锛互X 璁currency1鐨 ldquo; 枃鍥墖楠岃瘉鐮rdquo;涓 緥锛 锛 垰 鐨勯獙璇佺爜浼氶粯璁墽 娈JS 浠爜 銆銆浠爜濡備笅:銆銆updateseccode(SQqj); 殑 JS 涓昏 灏 槸 浜updateseccode杩釜芥暟鐩存帴鐐瑰嚮楠岃瘉鐮 囨墽 殑涔 槸杩釜芥暟芥暟涓 殑 SQqj 獙璇佺爜鐨 敮涓瀛楃 涓 idhash浠栨槸鐢 槸鍚负Ajax璇锋眰session id鑷 鏁板缁勬姝 涓繀娣辩 惈涔 锛塽 pdateseccode 芥暟鍦static/js/commonjs 涓 銆銆浠爜濡備笅:銆銆function up
4、dateseccode(idhash play) $F(_updateseccode arguments); 閫氳繃涓婇浠爜鍙 互鐪 updateseccode 鍙堣皟鐢 _updateseccode 绉湁芥暟_updateseccode 芥暟鍦static/js/common_extrajs 鏂囦欢涓 銆銆浠爜濡備笅:銆銆function _updateseccode(idhash play) if(isUndefined(play) if($(seccode_ + idhash) $(seccodeverify_ + idhash)value = ; if(secSTcode_ + idh
5、ash) clearTimeout(secSTcode_ + idhash); $(checkseccodeverify_ + idhash)innerHTML = ; ajaxget(miscphp?mod=seccodeaction=updateidhash= + idhash seccode_ + idhash null function() secSTcode_ + idhash = setTimeout(function() $(seccode_ + idhash)innerHTML = 鍒锋柊楠岃瘉鐮/span; ); ); else eval(windowdocumentsecc
6、odeplayer_ + idhash + SetVariable(isPlay ); 杩 JS 浠爜鏈変袱涓 惈涔 涓 氳繃 ajaxget 璇锋眰浜miscphp?mod=seccodeaction=updateidhash=xxxx 杩 涓涓 湴鍧 浜屾槸璁 畾浜嗕 涓瀹氭椂鍣 浠庢“ 楠岃瘉鐮 紑濮 垎閽熷悗鑷姩灏嗛獙璇佺爜鍥墖鎹 负 鍒锋柊楠岃瘉鐮rdquo;鐨勬枃瀛楃偣昏 鏂 灏 墽 updateseccode 杩釜芥暟閲嶆柊鏇存柊楠岃瘉鐮佺敱姝彲浠 绉嶆柟 忓彲浠緢 殑瑙喅楠岃瘉鐮 繃鏈熺殑闂 锛夋壘鍒 氳繃 ajaxget 璇锋眰鐨勭搴source/module/misc/mi
7、sc_seccodephp 閫氳繃 url 涓 殑 action=update 鍙 互鐪 嚭搴旇鏌 if($_Ggp_action = update) 涓 殑涓娈 銆銆浠爜濡備笅 :銆銆if($_Ggp_action = update) $message = ; if($_Gsettingseccodestatus) $rand = random( ); $flashcode = ; $idhash = isset($_Ggp_idhash) ? $_Ggp_idhash : ; $ani = $_Gsettingseccodedataanimator ? _ani : ; if($_Gset
8、tingseccodedatatype = ) elseif($_Gsettingseccodedatatype = ) else $message = lang(core seccode_image$ani_tips); include template(common/header_ajax); echo lang(message $message array(flashcode = $flashcode idhash = $idhash); include template(common/footer_ajax); 璁殑 枃鍥墖楠岃瘉鐮rdquo;鐨$_Gsettingseccodedat
9、atype 涓 浠 else 鐨勯儴鍒嗕粩缁嗙杩欓噷灏 槸鎸夌収 ajax 鐨勬 忚繑鍥炰涓涓 獙璇佺爜鐨 囦絾 囩殑 src 涓miscphp?mod=seccodeupdate=$randidhash=$idhash 杩 涓涓 姩鎬侀摼鎺 墍浠 槸閫氳繃杩釜閾炬帴鍔佺敓 愮殑鍥墖姝椂鍙骇鐢熶涓涓 柊 鐨勮 姹 锛夋壘鍒 氳繃鍥墖閾炬帴璇锋眰鐨勭搴 source/module/misc/misc_seccodephp锛堝拰涓婇 悓涓涓 枃浠讹級 閫氳繃 url 鍙 互鐪 嚭搴旇鏌 if($_Ggp_action = update) else 涓 殑涓娈 銆銆浠爜濡備笅:銆銆 else $re
10、fererhost = parse_url($_SERVERHTTP_REFERER); $refererhosthost = !empty($refererhostport) ? (:$refererhostport) : ; if($_Gsettingseccodedatatype code = $seccode; $codetype = $_Gsettingseccodedatatype; $codewidth = $_Gsettingseccodedatawidth; $codeheight = $_Gsettingseccodedataheight; $codebackground
11、= $_Gsettingseccodedatabackground; $codeadulterate = $_Gsettingseccodedataadulterate; $codettf = $_Gsettingseccodedatattf; $codeangle = $_Gsettingseccodedataangle; $codewarping = $_Gsettingseccodedatawarping; $codescatter = $_Gsettingseccodedatascatter; $codecolor = $_Gsettingseccodedatacolor; $code
12、size = $_Gsettingseccodedatasize; $codeshadow = $_Gsettingseccodedatashadow; $codeanimator = $_Gsettingseccodedataanimator; $codefontpath = DISCUZ_ROOT/static/image/seccode/font/; $codedatapath = DISCUZ_ROOT/static/image/seccode/; $codeincludepath = DISCUZ_ROOT/source/class/; $codedisplay(); 杩欓儴鍒嗗紑濮
13、嬫槸 堝仛浜嗕 浜涘 殑楠岃瘉鏈鍚庢槸规嵁缁欏畾鐨 弬鏁板拰鐢make_seccode 鐢 鐨勯獙璇佺爜瀛楃 涓茬敓愰獙璇佺爜鐨 囨墍浠腑闂存槸閲嶇偣 make_seccode($_Ggp_idhash) 杩釜芥暟浼犲叆浜嗗 獙璇佺爜鐨 敮涓瀛楃 涓 idhash鐢 浜嗙敤浜庨獙璇佺爜鐨 覆 锛塵ake_seccode 芥暟鍦source/function/function_seccodephp 鏂囦欢 銆銆浠爜濡備笅:銆銆function make_seccode($idhash) global $_G; $seccode = random( ); $seccodeunits = ; if(
14、$_Gsettingseccodedatatype = ) $lang = lang(seccode); $len = strtoupper(CHARSET) = GBK ? : ; $code = array(substr($seccode ) substr($seccode ); $seccode = ; for($i = ; $i = x $unit ; xget(miscphp?mod=sec + type + action=checkinajax=idhash= + idhash + secverify= + (BROWSERie documentcharset = utf ? en
15、codeURIComponent(secverify) : secverify) function(s) var obj = $(checksec + type + verify_ + idhash); objstyledisplay = ; if(ssubstr( ) = succeed) objinnerHTML = ; if(showmsg) recall(); else objinnerHTML = ; if(showmsg) if(type = code) showError(楠岃瘉鐮侀“璇 閲嶆柊 ); else if(type = qaa) showError(楠岃瘉闂fi 璇f
16、l 鏂板 ; recall(); ); 杩 涓嚱鏁 獙璇佷笅叆嗗鐨勯獙璇佺爜鐨 $(sec + type + verify_ + idhash)value 瀛 锛 ype 灏 槸浼犲叆鐨code锛夌鍚庨氳繃 ajax 璇锋眰璁块 miscphp?mod=seccodeaction=checkinajax=idhash=xxxxsecverify=xxxx杩 涓涓 湴鍧杩釜鍦板浼氳繑鍥”獙璇佺殑缁瀛楃 涓 繑鍥 殑 涓 槸 succeed 鍒欓獙璇侀氳繃fi瑰鍚愮楠岃瘉鐮侀“璇 閲嶆柊 “ 鍙 锛夋壘鍒 氳繃 ajax 璇锋眰鐨勭搴source/module/misc/misc_seccodep
17、hp 閫氳繃 url 涓 殑 action=check 鍙 互鐪 嚭搴旇鏌 elseif($_Ggp_action = check) 涓 殑涓娈 銆銆浠爜濡備笅:銆銆 elseif($_Ggp_action = check) include template(common/header_ajax); echo check_seccode($_Ggp_secverify $_Ggp_idhash) ? succeed : invalid; include template(common/footer_ajax); else 杩 閲 閫氳繃 url 浼犲叆鐨secverify 鍜idhash 涓釜
18、 閫 check_seccode 芥暟閫氳繃浠爜鐪 check_seccode 杩 甯 缁涓 鍒欓氳繃楠岃瘉杩 succeed 瀛楃 涓茬 负 楠岃瘉 杩 invalid 瀛楃 涓 锛heck_seccode 芥暟鍦source/function/function_corephp 鏂囦欢 銆銆浠爜濡備笅:銆銆function check_seccode($value $idhash) global $_G; if(!$_Gsettingseccodestatus) return true; if(!isset($_Gcookieseccode$idhash) return false; lis
19、t($checkvalue $checktime $checkidhash $checkformhash) = explode(t authcode($_Gcookieseccode$idhash DECODE $_Gconfigsecurityauthkey); return $checkvalue = strtoupper($value) TIMESTAMP $checktime $checkidhash = $idhash FORMHASH = $checkformhash; 姝嚱鏁 鎹 瀛 腑鐨勮瀹氶獙璇侀獙璇佺爜鐨 紑鍚 鎬 鍚 勯獙璇佺 鎺繑鍥 湁 Clities As Long
20、“Bit mask of driver capabilities.鍚 獙璇佺爜鑷 濡備綍楠岃瘉鍧囦负鐪 悗楠岃瘉 cookie 涓 槸鍚 鍦敓 愰獙璇佺爜 cookie 鐨 紙 seccodeSQqj锛 cookie湁姝姝 楠岃瘉 侀 鏂 敓 愰獙璇佺爜閲嶆柊楠岃瘉 鏈鍚 cookie 鍙栧嚭 鐢$_Gconfigsecurityauthkey 鍔犲 涓氳繃 authcode 芥暟fi瑰岃fi嗚fi嗗悗 鍒 獙璇佺爜鐢 idhashformhash 鍥 釜鍚庨 悓 瓒 互涓 涓 浠鍙 互閫氳繃楠岃瘉 叆鐨勯獙璇佺爜 変瑙 鐨勯獙璇佺爜 楠岃瘉鐮佺殑鐢 嶆椂闂 浜 绉 浼犲叆鐨 idhash 変
21、瑙 鐨idhash 鐢 鐨formhash 変瑙 鐨formhash 鑷 閫氳繃 JS 鏂瑰紡鐨勯獙璇佺爜楠岃瘉瀹屾 PHP 鏂瑰紡鐨勯獙璇 锛 绉嶆柟 忓 楠岃瘉鐮墍鍦殑崟愪氦鍚 叆鐨勯獙璇佺爜杩 鐨勯獙璇 鍦慨 圭敤 鐮椂 鍚 楠岃瘉鐮 浼氬 鐞嗙殑 PHP 绋 簭涓 currency1鐜帮紙 source/include/spacecp/spacecp_profilephp锛蜂 鍙鐮submitcheck(passwordsubmit $seccodecheck $secqaacheck) submitcheck 芥暟灏 槸fi规彁浜殑崟杩 楠岃瘉鐨 锛塻 ubmitcheck 芥暟鍦s
22、ource/function/function_corephp 鏂囦欢 銆銆浠爜濡備笅:銆銆function submitcheck($var $allowget = $seccodecheck = $secqaacheck = ) if(!getgpc($var) return FALSE; else global $_G; if($allowget | ($_SERVERREQUEST_METHOD = POST !empty($_Ggp_formhash) $_Ggp_formhash = formhash() empty($_SERVERHTTP_X_FLASH_VERSION) (e
23、mpty($_SERVERHTTP_REFERER) | preg_replace(/https?:/(:/+)*/i $_SERVERHTTP_REFERER) = preg_replace(/(:+)*/ $_SERVERHTTP_HOST) if(checkperm(seccode) if($secqaacheck !check_secqaa($_Ggp_secanswer $_Ggp_sechash) showmessage(submit_secqaa_invalid); if($seccodecheck !check_seccode($_Ggp_seccodeverify $_Ggp
24、_sechash) showmessage(submit_seccode_invalid); return TRUE; else showmessage(submit_invalid); submitcheck 芥暟涓鑸 嶄袱涓 弬鏁板 嵆鍙 涓涓 弬鏁拌 鸿 楠岃瘉鐨勮 曞厓绱犵殑鍚 姝 曞厓绱犱 瀛 鍒欓獙璇 璐 浜釜鍙傛暟 閫氳繃 GET 鏂瑰紡愪氦鐨勬暟鎹 氳繃楠岃瘉 涓 涓 厑璁镐 鑸 负 冲彲 鍚 袱涓 弬鏁 敤浜 彁浜殑崟涓 槸鍚 楠岃瘉鐮 拰楠岃瘉闂 氶獙璇佺涓変釜鍙傛暟 $seccodecheck 浠 楠岃瘉鐮佺 鍥 釜鍙傛暟 $secqaacheck 浠 楠岃瘉闂鍙傛暟奸兘
25、 涓 楠岃瘉 涓洪獙璇 浠 滈 愪氦鍚庨獙璇侀獙璇佺爜鍒嚦灏 涓弬鏁板嵆 submitcheck(passwordsubmit ) 杩涘叆芥暟涓 細鐜板 愪氦崟鐨勬彁浜柟 廸 ormhash璁块鏉 簮 referer 夋暟鎹 獙璇侀氳繃鍚 浼氳皟鐢check_seccode 芥暟fi规彁浜繃鏉 殑楠岃瘉鐮 岄獙璇佷规嵁 check_seccode 鐨勮繑鍥炲 缁簣涓悓鐨勬彁 check_seccode 芥暟濡備綍 鐨 弬鐪JS 楠岃瘉涓 殑 锛 冲彲 鑷 閫氳繃 PHP 鏂瑰紡鐨勯獙璇佺爜楠岃瘉瀹屾 涓夐殢鏈暟濡備綍浜敓鐨Discuz! X鐨勯殢鏈暟 氳繃 random 芥暟浜敓鐨 嚱鏁板 s
26、ource/function/function_corephp 鏂囦欢 銆銆浠爜濡備笅:銆銆function random($length $numeric = ) $seed = base_convert(md(microtime()$_SERVERDOCUMENT_ROOT) $numeric ? : ); $seed = $numeric ? (str_replace( $seed) : ($seedzZstrtoupper($seed); $hash = ; $max = strlen($seed) ; for($i = ; $i $length; $i+) $hash = $seed
27、mt_rand( $max); return $hash; 姝嚱鏁版湁涓釜鍙傛暟$length 幏鍙栫殑闅忔満鏁 殑浣嶆暟$numeric 幏鍙栫函鏁板 鐨勯殢鏈暟鍙栧 芥暟棣栧厛浣 敤 microtime芥暟 鐨 井绉骇 冲 覆 悗鍦悗 嫾鎺 曞戠珯鐨勬 鐩 綍 緞 悗杩 MD 鍔犲 緱 浣 暱鐨 覆涔 悗fi瑰叾杩 鍒 绾 暟瀛楃殑闅忔満鏁板浠 杩涘 负 杩涘 濡傛 幏 暟瀛楀拰 枃娣锋潅鐨勯殢鏈 暟鍒 杩涘 负 杩涘 涔 悗 鍒 悗 緱鐨 覆规嵁 幏鍙栫函 鏁板 闅忔満鏁 殑鍖 埆杩 鎷 帴鏈鍚 鎷 帴鍚殑瀛楃涓蹭腑闅忔満鎶藉 闅忔満鏁 殑 浣嶇 浜綅浠 绫绘帹鐩 鑷宠幏鍙栨 瓒宠 姹傜殑闅忔満鏁 殑浣嶇currency1涓 鑷 鐢 浜嗛 殢鏈暟
