Discuz!源代码分析系列:./include/global.func.php(4)

时间 2021-08-15 标签 javascript php html java sql 安全 session dom ide 函数

转自www.discuz.net　做者：郭鑫复制内容到剪贴板代码: /** * 用来计算星星月亮太阳显示的 * @para $num 等级数 * */ function showstars($num) { global $starthreshold; $alt = 'alt="Rank: '.$num.'"'; if(empty($starthreshold)) { for($i = 0; $i < $num; $i++) { echo '<img src="'.IMGDIR.'/star_level1.gif" '.$alt.' />'; } } else { for($i = 3; $i > 0; $i--) { $numlevel = intval($num / pow($starthreshold, ($i - 1))); $num = ($num % pow($starthreshold, ($i - 1))); for($j = 0; $j < $numlevel; $j++) { echo '<img src="'.IMGDIR.'/star_level'.$i.'.gif" '.$alt.' />'; } } } } 复制内容到剪贴板代码: /** * 获得站点 * * @return string 如: [url]http://discuz.net[/url] */ function site() { return $_SERVER['HTTP_HOST']; } 复制内容到剪贴板代码: /** * 这个当作函数重载也无妨，功能就是查找$haystack是否是在$needle中存在 * @para string $haystack * @para string $needle * * @return boolean */ function strexists($haystack, $needle) { return !(strpos($haystack, $needle) === FALSE); } 复制内容到剪贴板代码: /** * 验证码转换，具体功能用处还没研究 * @para string $seccode 验证码 * */ function seccodeconvert(&$seccode) { $seccode = substr($seccode, -6); $s = sprintf('%04s', base_convert($seccode, 10, 24)); $seccode = ''; $seccodeunits = 'BCEFGHJKMPQRTVWXY2346789'; for($i = 0; $i < 4; $i++) { $unit = ord($s{$i}); $seccode .= ($unit >= 0x30 && $unit <= 0x39) ? $seccodeunits[$unit - 0x30] : $seccodeunits[$unit - 0x57]; } } 复制内容到剪贴板代码: /** * 提交后的检查，主要是检查验证码，安全提问和来路是否是正常。 * @para string $var 存放在全局变量中的下标 * @para int $allowget 是否是容许get提交 * @para int $seccodecheck 验证码检查 * @para int $secqaacheck 安全提问检查 * * @return boolean */ function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) { if(empty($GLOBALS[$var])) { return FALSE; } else { global $_SERVER, $seccode, $seccodeverify, $secanswer, $_DCACHE; if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) { if($seccodecheck) { $tmp = $seccode{0}; seccodeconvert($seccode); if(strtoupper($seccodeverify) != $seccode) { showmessage('submit_seccode_invalid'); } $seccode = random(6, 1) + $tmp * 1000000; } if($secqaacheck) { require_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php'; if(md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) { showmessage('submit_secqaa_invalid'); } $seccode = random(1, 1) * 1000000 + substr($seccode, -6); } return TRUE; } else { showmessage('submit_invalid'); } } } /** * 另外一个提交检查，检查super site的提交的 * @para int $allowget 是否是容许get提交 * @para int $timespan 时间跨度 * * @return boolean */ function supe_submitcheck($allowget = 0, $timespan = 300) { global $supe_seccode, $timestamp, $_DCOOKIE, $supe, $supe_fromsupesite; $supe_hash = isset($_GET['supe_hash']) || isset($_POST['supe_hash']) ? (isset($_GET['supe_hash']) ? $_GET['supe_hash'] : $_POST['supe_hash']) : (isset($_DCOOKIE['supe_hash']) ? $_DCOOKIE['supe_hash'] : ''); if($supe_fromsupesite && $supe['status'] && ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST') && $supe_hash && !empty($supe_seccode)) { list($check_timestamp, $check_seccode) = explode("\t", authcode($supe_hash, 'DECODE')); if($timestamp - $check_timestamp <= $timespan && $check_seccode == $supe_seccode) { return TRUE; } showmessage('submit_invalid'); } return FALSE; } 复制内容到剪贴板代码: /** * 另一个重大函数来了，那就是模板解析，绝对Discuz核心 * @para string $file 模板文件(如：discuz, forumdata, viewthread等) * @para int $templateid 用的是哪套模板中的，若没有的话用TEMPLATEID这个常数取代 * @para string $tpldir 模板所在的目录 * * @return string 解析好的模板文件，经过include template('xxx')这样引用到文件，framework的MVC也是这样一个模式的 */ function template($file, $templateid = 0, $tpldir = '') { global $tplrefresh; $tpldir = $tpldir ? $tpldir : TPLDIR; $templateid = $templateid ? $templateid : TEMPLATEID; $tplfile = DISCUZ_ROOT.'./'.$tpldir.'/'.$file.'.htm'; $objfile = DISCUZ_ROOT.'./forumdata/templates/'.$templateid.'_'.$file.'.tpl.php'; if(TEMPLATEID != 1 && $templateid != 1 && !file_exists($tplfile)) { return template($file, 1, './templates/default/'); } if($tplrefresh == 1 || ($tplrefresh > 1 && substr($GLOBALS['timestamp'], -1) > $tplrefresh)) { if(@filemtime($tplfile) > @filemtime($objfile)) { require_once DISCUZ_ROOT.'./include/template.func.php'; parse_template($file, $templateid, $tpldir); } } return $objfile; } 复制内容到剪贴板代码: /** * 获得url中的sid * @para string $url * @para string tag * @para int $wml * * @return string */ function transsid($url, $tag = '', $wml = 0) { global $sid; $tag = stripslashes($tag); if(!$tag || (!preg_match("/^(http:\/\/|mailto:|#|javascript)/i", $url) && !strpos($url, 'sid='))) { if($pos = strpos($url, '#')) { $urlret = substr($url, $pos); $url = substr($url, 0, $pos); } else { $urlret = ''; } $url .= (strpos($url, '?') ? ($wml ? '&' : '&') : '?').'sid='.$sid.$urlret; } return $tag.$url; } 复制内容到剪贴板代码: /** * 生成主题分类下拉列表 * @para int $curtypeid 当前选择的id * * @return string */ function typeselect($curtypeid = 0) { if($threadtypes = $GLOBALS['forum']['threadtypes']) { $html = '<select name="typeid"><option value="0"> </option>'; foreach($threadtypes['types'] as $typeid => $name) { $html .= '<option value="'.$typeid.'" '.($curtypeid == $typeid ? 'selected' : '').'>'.strip_tags($name).'</option>'; } $html .= '</select>'; return $html; } else { return ''; } } 复制内容到剪贴板代码: /** * 更新积分用到的函数 * @para string $uids 要更新的uid * @para array $creditsarray 要更新的积分 * @para int $coef 单位 * @para string $extrasql 附加的sql语句 * */ function updatecredits($uids, $creditsarray, $coef = 1, $extrasql = '') { if($uids && ((!empty($creditsarray) && is_array($creditsarray)) || $extrasql)) { global $db, $tablepre; $creditsadd = $comma = ''; foreach($creditsarray as $id => $addcredits) { $creditsadd .= $comma.'extcredits'.$id.'=extcredits'.$id.'+('.intval($addcredits).')*('.$coef.')'; $comma = ', '; } if($creditsadd || $extrasql) { $db->query("UPDATE {$tablepre}members SET $creditsadd ".($creditsadd && $extrasql ? ', ' : '')." $extrasql WHERE uid IN ('$uids')", 'UNBUFFERED'); } } } 复制内容到剪贴板代码: /** * 把session更新一下，更新了以下的表：onlinetime, members, sessions */ function updatesession() { if(!empty($GLOBALS['sessionupdated'])) { return TRUE; } global $db, $tablepre, $sessionexists, $sessionupdated, $sid, $onlineip, $discuz_uid, $discuz_user, $timestamp, $lastactivity, $seccode, $pvfrequence, $spageviews, $lastolupdate, $oltimespan, $onlinehold, $groupid, $styleid, $invisible, $discuz_action, $fid, $tid, $bloguid; $fid = intval($fid); $tid = intval($tid); if($oltimespan && $discuz_uid && $lastactivity && $timestamp - ($lastolupdate ? $lastolupdate : $lastactivity) > $oltimespan * 60) { $lastolupdate = $timestamp; $db->query("UPDATE {$tablepre}onlinetime SET total=total+'$oltimespan', thismonth=thismonth+'$oltimespan', lastupdate='$timestamp' WHERE uid='$discuz_uid' AND lastupdate<='".($timestamp - $oltimespan * 60)."'"); if(!$db->affected_rows()) { $db->query("INSERT INTO {$tablepre}onlinetime (uid, thismonth, total, lastupdate) VALUES ('$discuz_uid', '$oltimespan', '$oltimespan', '$timestamp')", 'SILENT'); } } else { $lastolupdate = intval($lastolupdate); } if($sessionexists == 1) { if($pvfrequence && $discuz_uid) { if($spageviews >= $pvfrequence) { $pageviewsadd = ', pageviews=\'0\''; $db->query("UPDATE {$tablepre}members SET pageviews=pageviews+'$spageviews' WHERE uid='$discuz_uid'", 'UNBUFFERED'); } else { $pageviewsadd = ', pageviews=pageviews+1'; } } else { $pageviewsadd = ''; } $db->query("UPDATE {$tablepre}sessions SET uid='$discuz_uid', username='$discuz_user', groupid='$groupid', styleid='$styleid', invisible='$invisible', action='$discuz_action', lastactivity='$timestamp', lastolupdate='$lastolupdate', seccode='$seccode', fid='$fid', tid='$tid', bloguid='$bloguid' $pageviewsadd WHERE sid='$sid'"); } else { $ips = explode('.', $onlineip); $db->query("DELETE FROM {$tablepre}sessions WHERE sid='$sid' OR lastactivity<($timestamp-$onlinehold) OR ('$discuz_uid'<>'0' AND uid='$discuz_uid') OR (uid='0' AND ip1='$ips[0]' AND ip2='$ips[1]' AND ip3='$ips[2]' AND ip4='$ips[3]' AND lastactivity>$timestamp-60)"); $db->query("INSERT INTO {$tablepre}sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid) VALUES ('$sid', '$ips[0]', '$ips[1]', '$ips[2]', '$ips[3]', '$discuz_uid', '$discuz_user', '$groupid', '$styleid', '$invisible', '$discuz_action', '$timestamp', '$lastolupdate', '$seccode', '$fid', '$tid', '$bloguid')", 'SILENT'); if($discuz_uid && $timestamp - $lastactivity > 21600) { if($oltimespan && $timestamp - $lastactivity > 86400) { $query = $db->query("SELECT total FROM {$tablepre}onlinetime WHERE uid='$discuz_uid'"); $oltimeadd = ', oltime='.round(intval($db->result($query, 0)) / 60); } else { $oltimeadd = ''; } $db->query("UPDATE {$tablepre}members SET lastip='$onlineip', lastvisit=lastactivity, lastactivity='$timestamp' $oltimeadd WHERE uid='$discuz_uid'", 'UNBUFFERED'); } } $sessionupdated = 1; }