论坛风格切换
发帖 回复
返回列表
  • 3949阅读
  • 0回复

[功能优化与改进]防机器方案 [复制链接]

 上一主题 下一主题
离线ensoon
技术团队
 

发帖
166
金币
0
威望
15
只看楼主 倒序阅读 使用道具 楼主  发表于: 2011-09-14
— 本帖被 云天河 执行取消置顶操作(2011-11-18) —
1)修改的文件require/common.php
添加三个function
复制代码
  1. /**
  2. * add by hexiang
  3. *
  4. * @param unknown_type $key
  5. * @return unknown
  6. */
  7. function sessionSet($cookieName, $cookieValue, $expireTime = 'F', $needPrefix = true) {
  8.         global $timestamp;
  9.         $needPrefix && $cookieName = CookiePre() . '_' . $cookieName;
  10.         if ($expireTime == 'F') {
  11.                 $expireTime = $timestamp + 31536000;
  12.         } elseif ($cookieValue == '' && $expireTime == 0) {
  13.                 $expireTime = $timestamp - 31536000;
  14.         }
  15.         ini_set('session.gc_probability', 2);
  16.         ini_set('session.gc_divisor', 100);
  17.         ini_set('session.gc_maxlifetime', $expireTime);
  18.         ini_set('session.cache_expire', $expireTime);
  19.         session_set_cookie_params($expireTime);
  20.         if ($GLOBALS['sessionid']) {
  21.                 session_id($GLOBALS['sessionid']);
  22.         }
  23.         session_start();
  24.         $_SESSION[$cookieName] = $cookieValue;
  25.         return TRUE;
  27. }
  28. /**
  29. * add by hexiang
  30. *
  31. * @param unknown_type $key
  32. * @return unknown
  33. */
  34. function sessionGet($key) {
  35.         session_start();
  36.         return $_SESSION[CookiePre() . '_' . $key];
  37. }
  38. /**
  39. * 随机字母
  40. *
  41. * @param unknown_type $length
  42. * @param unknown_type $mode
  43. * @return unknown
  44. */
  45. function getCode($length = 32, $mode = 2) {
  46.         switch ($mode) {
  47.                 case '1' :
  48.                         $str = '1234567890';
  49.                         break;
  50.                 case '2' :
  51.                         $str = 'abcdefghijklmnopqrstuvwxyz';
  52.                         break;
  53.                 case '3' :
  54.                         $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  55.                         break;
  56.                 default :
  57.                         $str = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  58.                         break;
  59.         }
  60.         
  61.         $result = '';
  62.         $l = strlen($str) - 1;
  63.         $num = 0;
  64.         
  65.         for ($i = 0; $i < $length; $i++) {
  66.                 $num = rand(0, $l);
  67.                 $a = $str[$num];
  68.                 $result = $result . $a;
  69.         }
  70.         return $result;
  71. }

2)require/postnew.php
在 if (empty($_POST['step'])) {;下面添加
复制代码
  1. /**
  2.      * add by yanghexiang
  3.      */
  4.     $randnum = rand(10, 50);
  5.     $htmlNameTokenS = getCode(1);
  6.     $htmlNameToken = $htmlNameTokenS . md5($timestamp);
  7.     $totkenName = 'token';
  8.     $numa = rand(10, 30);
  9.     $numb = rand(30, 50);
  10.     $numc = rand(50, 70);
  11.     //$token = $htmlNameTokenS . md5($GLOBALS['db_hash'] . $timestamp);
  12.     $scret = strtolower(md5($GLOBALS['db_hash'] . $timestamp));
  13.     $token = $htmlNameTokenS . $scret;
  14.     sessionSet($totkenName, $token, 3600);
  15.     
  16.     $mouseValue = encode($scret, $timestamp, $numa, $numb, $numc);
  17.     sessionSet('mouseValue', $mouseValue, 3600);
  18.     require_once 'class.JavaScriptPacker.php';
  19.     $scriptAdd = $scriptAddAfter = '';
  20.     for ($i = 1; $i < $randnum; $i++) {
  21.         $scriptAddHead .= 'var ' . $htmlNameTokenS . md5($i . 'H') . '="' . $htmlNameTokenS . md5($i . 'Head') . '";';
  22.         $scriptAddAfter .= 'var ' . $htmlNameTokenS . md5($i . 'A') . '="' . $htmlNameTokenS . md5($i . 'After') . '";';
  23.     }
  24.     $script = 'var mouseValue = "";
  25. function setMouseValue(){
  26.     mouseValue = encodesgg("' . $scret . '",' . $timestamp .');
  27. }
  28. function ' . $htmlNameToken . '(){
  29.      var ' . $htmlNameToken . '=document.createElement("input");
  30.        ' . $htmlNameToken . '.type="hidden";' . $scriptAddHead . '
  31.        ' . $htmlNameToken . '.name="' . $token . '";
  32.        ' . $htmlNameToken . '.value=mouseValue;
  33.        ' . $scriptAddAfter . '
  34.     return ' . $htmlNameToken . ';
  35. }
  36. function encodesgg(F,D) {
  37.     var D = D,
  38.         J = 0;
  39.     var F = F;
  40.     var M = "",
  41.         C = "";
  42.     var I = [],
  43.         E = [];
  44.     function L(Q, N, O) {
  45.         for (var P = Q; P <= N; P++) {
  46.             I[P] = P + O;
  47.             E[P + O] = P
  48.         }
  49.     }
  50.     L(0, 9, 48);
  51.     L(10, 35, 55);
  52.     L(36, 61, 61);
  53.     var K = D % 26;
  54.     K = K ? K : 1;
  56.     function A(O) {
  57.         var N = O.length;
  58.         var Q = "";
  59.         for (var P = 0; P < N; P++) {
  60.             var R = O.charAt(P);
  61.             if (/[A-Za-z0-9]/.test(R)) {
  62.                 var S = E[O.charCodeAt(P)] - K;
  63.                 if (S < 0) {
  64.                     S += 62
  65.                 }
  66.                 R = String.fromCharCode(I[S])
  67.             }
  68.             Q += R
  69.         }
  70.         return Q
  71.     }
  72.     M = A(F);
  73.     return M;
  74. }';
  75.     $packer = new JavaScriptPacker($script);
  76.     $packed = $packer->pack();
  77.     //$packed = $script;
  78.     //end by yanghexiang
在S::gp(array('iscontinue'), 'P');下面添加
复制代码
  1. /**
  2.      * add by yanghexiang
  3.      */
  4.     S::gp(array('ifpostcheck'), 'G');
  5.     if (!procLock($winduid)) {
  6.         Showmsg('并发错误');
  7.     }
  8.     procUnLock($winduid);
  9.     $totkenName = 'token';
  10.     $token = sessionGet($totkenName);
  11.     $mouseValue = (sessionGet('mouseValue'));
  12.     S::gp(array($token), 'P', 0);
  13.     if (empty($token) || empty($mouseValue) || $$token != $mouseValue) {
  14.         Showmsg('非法请求');
  15.     }
在 refreshto($j_p, $pinfo);前面加
复制代码
  1. //add by yanghexiang
  2. sessionSet($totkenName, FALSE, 3600);
  3.     sessionSet($totkenName, FALSE, 3600);
  4.     //add by yanghexiang

顶下添加函数
复制代码
  1. /**
  2. * add by yanghexiang
  3. *
  4. * @param unknown_type $url
  5. * @param unknown_type $sertim
  6. * @param unknown_type $numa
  7. * @param unknown_type $numb
  8. * @param unknown_type $numc
  9. * @return unknown
  10. */
  11. function encode($url, $sertim, $numa, $numb, $numc) {
  12.     $len = strlen($url);
  13.     $decurl = "";
  14.     $asc_arr1 = array();
  15.     $asc_arr2 = array();
  16.     
  17.     $key = $sertim % 26;
  18.     
  19.     $key = $key ? $key : 1;
  20.     for ($i = 0; $i <= 9; $i++) {
  21.         $asc_arr1[$i] = $i + 48;
  22.         $asc_arr2[$i + 48] = $i;
  23.     }
  24.     for ($i = 10; $i <= 35; $i++) {
  25.         $asc_arr1[$i] = $i + 55;
  26.         $asc_arr2[$i + 55] = $i;
  27.     }
  28.     for ($i = 36; $i <= 61; $i++) {
  29.         $asc_arr1[$i] = $i + 61;
  30.         $asc_arr2[$i + 61] = $i;
  31.     }
  32.     for ($i = 0; $i < $len; $i++) {
  33.         $word = substr($url, $i, 1);
  34.         
  35.         if (preg_match("/[A-Za-z0-9]/", $word)) {
  36.             $pos = $asc_arr2[ord(substr($url, $i, 1))] - $key;
  37.             if ($pos < 0) {
  38.                 $pos += 62;
  39.             }
  40.             $word = chr($asc_arr1[$pos]);
  41.         }
  42.         $decurl .= $word;
  43.     }
  44.     
  45.     return $decurl;
  46. }
模板里面添加 template/wind/post.html (也许在你自定义的模板里面)
找到 function ajaxSubmit(obj){
在前面添加
{$packed}
在下面添加
复制代码
  1. <!--
  2. EOT;
  3. if($htmlNameToken){
  4. print <<<EOT
  5. -->
  6.     $htmlNameToken = {$htmlNameToken}();
  7.        obj.appendChild($htmlNameToken);
  8. <!--
  9. EOT;
  10. }
  11. print <<<EOT
  12. -->



<button type="submit" name="Submit"> 发 布 </button>
变成
<button type="submit" name="Submit" onmousemove="setMouseValue()"
> 发 布 </button>

3)添加文件 require/class.JavaScriptPacker.php
内容: class.JavaScriptPacker.rar (7 K) 下载次数:82




3条评分分享分+4金币+21
wumweicao 分享分 +4 给你个好评哦亲~ 2012-03-19
谯周 金币 +1 不顶不舒服斯基 2011-09-20
top 金币 +20 我做了一个艰难的决定 加点分给你 2011-09-14
open source ,like douban.com [color=#ff0000][url]www.ensoon.com[/url][/color]
回复
举报
发帖 回复
返回列表
快速回复
限100 字节
批量上传需要先选择文件,再选择上传
 
提到某人:
选择好友
上一个 下一个