www.gusucode.com > 教程素材资源下载论坛网站源码程序 > 教程素材资源下载论坛/整站源码/source/class/helper/helper_antitheft.php
<?php /** * [Discuz!] (C)2001-2099 Comsenz Inc. * This is NOT a freeware, use is subject to license terms * * $Id: helper_antitheft.php 33494 2013-06-26 05:26:25Z laoguozhang $ */ if(!defined('IN_DISCUZ')) { exit('Access Denied'); } class helper_antitheft { public static function check($id, $idtype) { if((!isset($_GET['_dsign']) || $_GET['_dsign'] !== ($_dsign = dsign($id.$idtype, 8))) && !self::check_allow($id, $idtype)) { if(!isset($_dsign)) { $_dsign = dsign($id.$idtype, 8); } echo self::make_content($id, $idtype, $_dsign);exit; } } public static function get_sign($id, $idtype) { return !self::check_allow($id, $idtype) ? dsign($id.$idtype, 8) : ''; } protected static function check_allow($id, $idtype) { global $_G; $ip = ip2long($_G['clientip']); if(!$ip || $ip == -1) return false; if($ip < 0) { $ip = sprintf('%u', $ip); } loadcache('antitheft'); $antitheft = $_G['cache']['antitheft']; if(isset($antitheft['white'])){ if(in_array($ip, (array)$antitheft['white']['single'], true)) { return true; } foreach($antitheft['white']['range'] as $_ip) { if($ip > $_ip['min'] && $ip < $_ip['max']) return true; } } if(isset($antitheft['black'])){ if(in_array($ip, (array)$antitheft['black']['single'], true)) { return false; } foreach($antitheft['black']['range'] as $_ip) { if($ip > $_ip['min'] && $ip < $_ip['max']) return false; } } if(!($log = C::t('common_visit')->fetch($ip))) { C::t('common_visit')->insert(array( 'ip' => $ip, 'view' => 1, )); return true; } elseif($log['view'] >= $_G['setting']['antitheft']['max']) { return false; } else { C::t('common_visit')->inc($ip); return true; } } protected static function make_content($id, $idtype, $dsign) { $url = ''; $urls = parse_url($_SERVER['REQUEST_URI']); $addstr = $urls['query'] ? $urls['query'].'&' : ''; $url = $urls['path'].'?'.$addstr.'_dsign='.$dsign.($urls['fragment'] ? '#'.$urls['fragment'] : ''); return self::make_js($url); } protected static function make_js($url){ $js = '<script type="text/javascript">'; $varname = array(); $codes = array(); $window = '_'.random(5); $location = '_'.random(5); $href = '_'.random(5); $replace = '_'.random(5); $assign = '_'.random(5); $codes[$window] = "$window = window;"; $codes[$location] = "$location = location;"; $codes[$href] = "$href = 'href';"; $codes[$replace] = "$replace = 'replace';"; $codes[$assign] = "$assign = 'assign';"; $codes['getname'] = 'function getName(){var caller=getName.caller;if(caller.name){return caller.name} var str=caller.toString().replace(/[\s]*/g,"");var name=str.match(/^function([^\(]+?)\(/);if(name && name[1]){return name[1];} else {return \'\';}}'; $jskeywords = array('for' => '', 'case' => '', 'if' => '', 'else' => '', 'try' => '', 'new' => '', 'eval' => '', 'var' => ''); //js关键字 $methods = array(1,2,3,4,5,6,7); $lenths = array(2,2,3,4); for($i = 0, $l = strlen($url); $i < $l; $i++) { $len = $lenths[array_rand($lenths)]; $cflag = $len % 2; $var = random($len); if(ctype_digit($var[0])) { $var = '_'.$var; } while(isset($varname[$var])) { $var = random(3); if(ctype_digit($var[0])) { $var = '_'.$var; } } $val = substr($url, $i, $len-1); $i = $i + $len - 2; switch ($methods[array_rand($methods)]) { case 1: if($cflag) { $varname[$var] = "'$val'"; } else { $codes[] = "$var='$val';"; $varname[$var] = $var; } break; case 2: if(!isset($jskeywords[$val]) && ctype_alnum($val) && !ctype_digit($val[0])) { $codes[] = "function $var({$var}_){function $val(){return getName();};return $val();return '{$var}'}"; $varname[$var] = "$var('".random($len)."')"; } else { $codes[] = "function $var(){'return $var';return '$val'}"; $varname[$var] = $var.'()'; } break; case 3: if($cflag) { $codes[] = "$var=function({$var}_){'return $var';return {$var}_;};"; $varname[$var] = "$var('$val')"; } else { $codes[] = "$var=function(){'return $var';return '$val';};"; $varname[$var] = "$var()"; } break; case 4: if($cflag) { $varname[$var] = "(function({$var}_){'return $var';return {$var}_})('$val')"; } else { $varname[$var] = "(function(){'return $var';return '$val'})()"; } break; case 5: if(!isset($jskeywords[$val]) && ctype_alnum($val) && !ctype_digit($val[0])) { $codes[] = "function $var({$var}_){function _{$var[0]}({$var}_){function $val(){return getName();}function {$var}_(){}return $val();return {$var}_}; return _{$var[0]}({$var}_);}"; $varname[$var] = "$var('".random($len)."')"; } else { $codes[] = "function $var(){'$var';function _{$var[0]}(){return '$val'}; return _{$var[0]}();}"; $varname[$var] = $var.'()'; } break; case 6: if($cflag) { $codes[] = "$var=function({$var}_){var _{$var[0]}=function({$var}_){'return $var';return {$var}_;}; return _{$var[0]}({$var}_);};"; $varname[$var] = "$var('$val')"; } else { $codes[] = "$var=function(){'$var';var _{$var[0]}=function(){return '$val'}; return _{$var[0]}();};"; $varname[$var] = $var.'()'; } break; case 7: if($cflag) { $varname[$var] = "(function({$var}_){return (function({$var}_){return {$var}_;})({$var}_);})('$val')"; } else { $varname[$var] = "(function(){'return $var';return (function(){return '$val';})();})()"; } break; } } shuffle($codes); $js .= implode('', $codes); $hrefheader = array('location.href=', 'location=', "{$location}[$href]=", "location[$href]=", 'location.replace(', 'location.assign(', "location[$assign](", "location[$replace]("); $hreffooter = array('','','','',')',')',')',')'); $index = array_rand($hrefheader); $js .= $hrefheader[$index]. implode('+', $varname).$hreffooter[$index].';'; $fix = array("{$window}[$href]=", "{$window}['href']=", "{$window}.href="); $js .= $fix[array_rand($fix)].implode('+', array_slice($varname, 0, 8)).';'; $js .= '</script>'; return $js; } } ?>