Discuz!X2核心源碼分析.doc

Discuz! X2 核心類源碼分析不是原創(chuàng),只是進(jìn)行轉(zhuǎn)載MARK：/thread-212115-1-1.html 1, _GET = 1, _POST = 1, _REQUEST = 1, _COOKIE = 1, _SERVER = 1, _ENV = 1, _FILES = 1,);function &instance() static $object; if(empty($object) $object = new discuz_core(); return $object;function discuz_core() $this-_init_env(); /初始化環(huán)境變量 $this-_init_config(); /初始化配置變量 $this-_init_input(); /初始化輸入 $this-_init_output(); /初始化輸出function init() if(!$this-initated) $this-_init_db(); /初始化數(shù)據(jù)庫 $this-_init_memory(); /初始化memcache $this-_init_user(); /用戶信息初始化 $this-_init_session(); /session操作初始化 $this-_init_setting(); /系統(tǒng)設(shè)置初始化 $this-_init_mobile(); /手機(jī)功能初始化 $this-_init_cron(); /計(jì)劃任務(wù)初始化 $this-_init_misc(); /其他功能初始化 $this-initated = true; /設(shè)置完成標(biāo)志function _init_env() /環(huán)境變量初始化方法 error_reporting(E_ERROR); /定義錯(cuò)誤報(bào)告等級 if(phpversion() timezone_set(); if(!defined(DISCUZ_CORE_FUNCTION) & !include(DISCUZ_ROOT./source/function/function_core.php) exit(function_core.php is missing); /如果系統(tǒng)核心函數(shù)庫文件未include,則include,如果核心函數(shù)庫文件缺失，則退出，因?yàn)閒unction_core.php是系統(tǒng)本身的函數(shù)庫，必須加載 if(function_exists(ini_get) $memorylimit = ini_get(memory_limit); if($memorylimit & return_bytes($memorylimit) $value) if (!isset($this-superglobal$key) $GLOBALS$key = null; unset($GLOBALS$key); /以上幾行的意思是，注銷所有的超級變量。 global $_G; /$_G大數(shù)組是Discuz中自定義的超級變量 $_G = array( uid = 0, /uid username = , /用戶名 adminid = 0, /adminid標(biāo)識 groupid = 1, /用戶組ID sid = , / sessionID formhash = , /表單驗(yàn)證認(rèn)證 timestamp = TIMESTAMP, /時(shí)間戳 starttime = dmicrotime(), /開始時(shí)間 clientip = $this-_get_client_ip(), /客戶端IP referer = , /referer地址 charset = , /字符串編碼 gzipcompress = , /gzip authkey = , /authkey 認(rèn)證碼 timenow = array(), /當(dāng)前時(shí)間 PHP_SELF = , /PHP_SELF siteurl = , /網(wǎng)站地址 siteroot = , /網(wǎng)站根目錄 config = array(), /配置變量數(shù)組 setting = array(), /設(shè)置變量數(shù)組 member = array(), /用戶信息數(shù)組 group = array(), /用戶組數(shù)組 cookie = array(), /cookie數(shù)組 style = array(), /風(fēng)格數(shù)組 cache = array(), /緩存列表數(shù)組 session = array(), /session變量數(shù)組 lang = array(), /語言包數(shù)組 my_app = array(), /我的應(yīng)用數(shù)組 my_userapp = array(), /用戶應(yīng)用數(shù)組 fid = 0, tid = 0, forum = array(), /論壇板塊數(shù)組 thread = array(), /論壇相關(guān)帖子數(shù)組 rssauth = , /RSS訂閱認(rèn)證 home = array(), /home功能相關(guān)數(shù)組 space = array(), /space功能相關(guān)數(shù)組 block = array(), /塊信息數(shù)組 article = array(), action = array( action = APPTYPEID, fid = 0, tid = 0, ), mobile = , /手機(jī)信息 ); /以上定義了$_G超級變量的部分內(nèi)容。都是系統(tǒng)以后要用到的。寫在一個(gè)大數(shù)組中，方便使用 $_GPHP_SELF = htmlspecialchars($_SERVERSCRIPT_NAME ? $_SERVERSCRIPT_NAME : $_SERVERPHP_SELF); /當(dāng)前腳本地址寫入$_G超級變量中 $_Gbasescript = CURSCRIPT; /當(dāng)前腳本 $_Gbasefilename = basename($_GPHP_SELF); /當(dāng)前腳本名稱 $_Gsiteurl = htmlspecialchars(http:/.$_SERVERHTTP_HOST.preg_replace(/+(api)?/*$/i, , substr($_GPHP_SELF, 0, strrpos($_GPHP_SELF, /)./);/網(wǎng)站地址 $_Gsiteroot = substr($_GPHP_SELF, 0, -strlen($_Gbasefilename);/網(wǎng)站根地址 if(defined(SUB_DIR) /二級目錄設(shè)置 $_Gsiteurl = str_replace(SUB_DIR, /, $_Gsiteurl); $_Gsiteroot = str_replace(SUB_DIR, /, $_Gsiteroot); $this-var = & $_G;function _init_input() /輸入初始化方法 if (isset($_GETGLOBALS) |isset($_POSTGLOBALS) | isset($_COOKIEGLOBALS) | isset($_FILESGLOBALS) system_error(request_tainting); if(!MAGIC_QUOTES_GPC) $_GET = daddslashes($_GET); $_POST = daddslashes($_POST); $_COOKIE = daddslashes($_COOKIE); $_FILES = daddslashes($_FILES); /以上代碼未GPC安全機(jī)制，進(jìn)行轉(zhuǎn)義 $prelength = strlen($this-configcookiecookiepre); foreach($_COOKIE as $key = $val) if(substr($key, 0, $prelength) = $this-configcookiecookiepre) $this-varcookiesubstr($key, $prelength) = $val; /以上代碼意思是，如果cookie的鍵值等于定義的鍵值，那么截取cookiepre $_GETdiy = empty($_GETdiy) ? : $_GETdiy; if($_SERVERREQUEST_METHOD = POST & !empty($_POST) $_GET = array_merge($_GET, $_POST); /合并$_POST,$_GET foreach($_GET as $k = $v) $this-vargp_.$k = $v; /然后把$_POST和$_GET的值都賦予gp變量中,方便使用 $this-varmod = empty($this-vargp_mod) ? : htmlspecialchars($this-vargp_mod);/獲得$mod變量 ?mod=xxx,則$this-varmod為xxx $this-varinajax = empty($this-vargp_inajax) ? 0 : (empty($this-varconfigoutputajaxvalidate) ? 1 : ($_SERVERREQUEST_METHOD = GET & $_SERVERHTTP_X_REQUESTED_WITH = XMLHttpRequest | $_SERVERREQUEST_METHOD = POST ? 1 : 0); /是否需要ajax方式 $this-varpage = empty($this-vargp_page) ? 1 : max(1, intval($this-vargp_page); /頁面獲取,最小為1 $this-varsid = $this-varcookiesid = isset($this-varcookiesid) ? htmlspecialchars($this-varcookiesid) : ;/sid獲取function _init_config() /獲得配置文件 $_config = array(); include DISCUZ_ROOT./config/config_global.php;/加載全局配置文件 if(empty($_config) if(!file_exists(DISCUZ_ROOT./data/install.lock) header(location: install); exit; else system_error(config_notfound); /以上代碼為：如果config不存在，要么沒安裝，要么文件不存在，系統(tǒng)報(bào)錯(cuò) if(empty($_configsecurityauthkey) $_configsecurityauthkey = md5($_configcookiecookiepre.$_configdb1dbname); /設(shè)置安全驗(yàn)證的authkey if(empty($_configdebug) | !file_exists(libfile(function/debug) define(DISCUZ_DEBUG, false); elseif($_configdebug = 1 | $_configdebug = 2 | !empty($_REQUESTdebug) & $_REQUESTdebug = $_configdebug) define(DISCUZ_DEBUG, true); if($_configdebug = 2) error_reporting(E_ALL); else define(DISCUZ_DEBUG, false); /以上代碼為是否調(diào)試模式， define(STATICURL, !empty($_configoutputstaticurl) ? $_configoutputstaticurl : static/); /定義靜態(tài)文件常量,如：css,img等，如果$_configoutputstaticurl為空，則是默認(rèn)的static目錄，就是默認(rèn)目錄 $this-varstaticurl = STATICURL; $this-config = & $_config; $this-varconfig = & $_config; /引用$_config變量，改變$this-config,則$_config改變，保持統(tǒng)一 if(substr($_configcookiecookiepath, 0, 1) != /) $this-varconfigcookiecookiepath = /.$this-varconfigcookiecookiepath; /設(shè)置cookie域，一般是設(shè)置目錄域。/不存在則加上/,安全性更高 $this-varconfigcookiecookiepre = $this-varconfigcookiecookiepre.substr(md5($this-varconfigcookiecookiepath.|.$this-varconfigcookiecookiedomain), 0, 4)._; /定義cookie前綴,如定義為xxx_;則為$cookiexxx_uid $this-varauthkey = md5($_configsecurityauthkey.$_SERVERHTTP_USER_AGENT);/得到authkeyfunction _init_output() /輸出初始化方法 if($this-configsecurityurlxssdefend & $_SERVERREQUEST_METHOD = GET & !empty($_SERVERREQUEST_URI) $this-_xss_check(); if($this-configsecurityattackevasive & (!defined(CURSCRIPT) | !in_array($this-varmod, array(seccode, secqaa, swfupload) require_once libfile(misc/security, include); /驗(yàn)證碼設(shè)置，加載include/misc/misc_security.php文件,驗(yàn)證功能; if(!empty($_SERVERHTTP_ACCEPT_ENCODING) & strpos($_SERVERHTTP_ACCEPT_ENCODING, gzip) = false) $this-configoutputgzip = false; /是否開啟gzip,如果不支持gzip，則定義為false $allowgzip = $this-configoutputgzip & empty($this-varinajax) & $this-varmod != attachment & EXT_OBGZIP; setglobal(gzipcompress, $allowgzip); /把$allowgzip寫入全局變量中 ob_start($allowgzip ? ob_gzhandler : null);/定義輸出緩存 setglobal(charset, $this-configoutputcharset); /把配置文件中的字符集賦予全局變量中 define(CHARSET, $this-configoutputcharset); if($this-configoutputforceheader) header(Content-Type: text/html; charset=.CHARSET);/設(shè)置網(wǎng)頁編碼,強(qiáng)制輸出 function reject_robot() /拒絕機(jī)器人訪問，設(shè)置為403錯(cuò)誤 if(IS_ROBOT) exit(header(HTTP/1.1 403 Forbidden); function _xss_check() /檢測xss漏洞,UBB $temp = strtoupper(urldecode(urldecode($_SERVERREQUEST_URI); if(strpos($temp, db = & DB:object($class); $this-db-set_config($this-configdb); $this-db-connect(); /建立數(shù)據(jù)庫連接function _init_session() /session初始化方法 $this-session = new discuz_session(); /new discuz_session類 if($this-init_session) $this-session-init($this-varcookiesid, $this-varclientip, $this-varuid); $this-varsid = $this-session-sid; /設(shè)置sid $this-varsession = $this-session-var; /設(shè)置session if($this-varsid != $this-varcookiesid) dsetcookie(sid, $this-varsid, 86400); /如果sid不為cookie中的sid,則重寫sid到cookie if($this-session-isnew) if(ipbanned($this-varclientip) $this-session-set(groupid, 6); /如果發(fā)現(xiàn)IP在禁止范圍里，則設(shè)置該客戶端用戶組為6，則：禁止IP用戶組 if($this-session-get(groupid) = 6) $this-varmembergroupid = 6; sysmessage(user_banned); /提示IP禁止 if($this-varuid & ($this-session-isnew | ($this-session-get(lastactivity) + 600) session-set(lastactivity, TIMESTAMP); /最近活動檢測，600秒 if($this-session-isnew) DB:update(common_member_status, array(lastip = $this-varclientip, lastvisit = TIMESTAMP), uid=.$this-varuid.); /如果用戶在600秒里不活動，則設(shè)置最后訪問時(shí)間點(diǎn) function _init_user() /用戶初始化方法 if($this-init_user) if($auth = getglobal(auth, cookie) /得到auth,usernametuid的加密信息 $auth = daddslashes(explode(t, authcode($auth, DECODE); /進(jìn)行解密 list($discuz_pw, $discuz_uid) = empty($auth) | count($auth) varmember = $user; /如果用戶存在，且密碼正確，則用戶信息寫進(jìn)全局變量中 else $user = array(); /user定義為空數(shù)組 $this-_init_guest(); /否則為游客,游客初始化方法 if($user & $usergroupexpiry 0 & $usergroupexpiry cachelist = usergroup_.$this-varmembergroupid; /用戶組數(shù)據(jù)緩存 if($user & $useradminid 0 & $usergroupid != $useradminid) $this-cachelist = admingroup_.$this-varmemberadminid; /管理員用戶組緩存 else $this-_init_guest(); /游客 if(empty($this-varcookielastvisit) $this-varmemberlastvisit = TIMESTAMP - 3600; dsetcookie(lastvisit, TIMESTAMP - 3600, 86400 * 30); /cookie中如果為記錄最后訪問時(shí)間，則寫入 else $this-varmemberlastvisit = $this-varcookielastvisit;/否則，寫入全局變量 setglobal(uid, getglobal(uid, member); setglobal(username, addslashes(getglobal(username, member); setglobal(adminid, getglobal(adminid, member); setglobal(groupid, getglobal(groupid, member); /以上四行是把用戶的uid，用戶名，管理組id，用戶組寫入全局變量中function _init_guest() /游客初始化方法 setglobal(member, array( uid = 0, username = , adminid = 0, groupid = 7, credits = 0, timeoffset = 9999);function _init_cron() /計(jì)劃任務(wù)初始化 if($this-init_cron & $this-init_setting) if($this-varcachecronnextrun init_misc) return false; lang(core); /加載core語言包 if($this-init_setting & $this-init_user) if(!isset($this-varmembertimeoffset) | $this-varmembertimeoffset = 9999 | $this-varmembertimeoffset = ) $this-varmembertimeoffset = $this-varsettingtimeoffset; /設(shè)置用戶時(shí)區(qū) $timeoffset = $this-init_setting ? $this-varmembertimeoffset : $this-varsettingtimeoffset; $this-vartimenow = array( time = dgmdate(TIMESTAMP), offset = $timeoffset = 0 ? ($timeoffset = 0 ? : +.$timeoffset) : $timeoffset ); $this-timezone_set($timeoffset); $this-varformhash = formhash(); /得到FORMHASH define(FORMHASH, $this-varformhash); /定義為常量 if($this-init_user) if($this-vargroup & isset($this-vargroupallowvisit) & !$this-vargroupallowvisit) if($this-varuid) sysmessage(user_banned, null); /檢測是否為禁止訪問 elseif(!defined(ALLOWGUEST) | !ALLOWGUEST) & !in_array(CURSCRIPT, array(member, api) & !$this-varinajax) dheader(location: member.php?mod=logging&action=login&referer=.rawurlencode($_SERVERREQUEST_URI); if($this-varmemberstatus = -1) sysmessage(user_banned, null); /如果用戶狀態(tài)為-1,則提示禁止訪問 if($this-varsettingipaccess & !ipaccess($this-varclientip, $this-varsettingipaccess) sysmessage(user_banned, null); /ip權(quán)限檢測 if($this-varsettingbbclosed) if($this-varuid & ($this-vargroupallowvisit = 2 | $this-vargroupid = 1) elseif(in_array(CURSCRIPT, array(admin, member, api) | defined(ALLOWGUEST) & ALLOWGUEST) else $closedreason = DB:result_first(SELECT svalue FROM .DB:table(common_setting). WHERE skey=closedreason); $closedreason = str_replace(:, , $closedreason); showmessage($closedreason ? $closedreason : board_closed, NULL, array(), array(login = 1); /以上是論壇如果為關(guān)閉，只有管理員可以訪問，其他則提示關(guān)閉原因 if(CURSCRIPT != admin & !(in_array($this-varmod, array(logging, seccode) periodscheck(visitbanperiods); /私密板塊訪問設(shè)置 if(defined(IN_MOBILE) $this-vartpp = $this-varsettingmobilemobiletopicperpage ? intval($this-varsettingmobilemobiletopicperpage) : 20; $this-varppp = $this-varsettingmobilemobilepostperpage ? intval($this-varsettingmobilemobilepostperpage) : 5; else $this-vartpp = $this-varsettingtopicperpage ? intval($this-varsettingtopicperpage) : 20; $this-varppp = $this-varsettingpostperpage ? intval($this-varsettingpostperpage) : 10; /wap訪問設(shè)置 if($this-varsettingnocacheheaders) header(Expires: -1); header(Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0, FALSE); header(Pragma: no-cache); /以上五行作用是header cache狀態(tài)設(shè)置 if($this-session-isnew & $this-varuid) updatecreditbyaction(daylogin, $this-varuid); /每日登陸增加積分設(shè)置 include_once libfile(function/stat); updatestat(login, 1); if(defined(IN_MOBILE) updatestat(mobilelogin, 1); /MOBILE if($this-varsettingconnectallow & $this-varmemb