roobe
/
zijia


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
							<?php

/**
 *      [Discuz!] (C)2001-2099 Comsenz Inc.
 *      This is NOT a freeware, use is subject to license terms
 *
 *      $Id: helper_antitheft.php 33494 2013-06-26 05:26:25Z laoguozhang $
 */

if(!defined('IN_DISCUZ')) {
	exit('Access Denied');
}

class helper_antitheft {

	public static function check($id, $idtype) {
		if((!isset($_GET['_dsign']) || $_GET['_dsign'] !== ($_dsign = dsign($id.$idtype, 8))) && !self::check_allow($id, $idtype)) {
			if(!isset($_dsign)) {
				$_dsign = dsign($id.$idtype, 8);
			}
			echo self::make_content($id, $idtype, $_dsign);exit;
		}
	}

	public static function get_sign($id, $idtype) {
		return !self::check_allow($id, $idtype) ? dsign($id.$idtype, 8) : '';
	}

	protected static function check_allow($id, $idtype) {
		global $_G;
		$ip = ip2long($_G['clientip']);
		if(!$ip || $ip == -1) return false;
		if($ip < 0) {
			$ip = sprintf('%u', $ip);
		}
		loadcache('antitheft');
		$antitheft = $_G['cache']['antitheft'];

		if(isset($antitheft['white'])){
			if(in_array($ip, (array)$antitheft['white']['single'], true)) {
				return true;
			}
			foreach($antitheft['white']['range'] as $_ip) {
				if($ip > $_ip['min'] && $ip < $_ip['max']) return true;
			}
		}

		if(isset($antitheft['black'])){
			if(in_array($ip, (array)$antitheft['black']['single'], true)) {
				return false;
			}
			foreach($antitheft['black']['range'] as $_ip) {
				if($ip > $_ip['min'] && $ip < $_ip['max']) return false;
			}
		}
		if(!($log = C::t('common_visit')->fetch($ip))) {
			C::t('common_visit')->insert(array(
				'ip' => $ip,
				'view' => 1,
			));
			return true;
		} elseif($log['view'] >= $_G['setting']['antitheft']['max']) {
			return false;
		} else {
			C::t('common_visit')->inc($ip);
			return true;
		}

	}

	protected static function make_content($id, $idtype, $dsign) {
		$url = '';
		$urls = parse_url($_SERVER['REQUEST_URI']);
		$addstr = $urls['query'] ? $urls['query'].'&' : '';
		$url = $urls['path'].'?'.$addstr.'_dsign='.$dsign.($urls['fragment'] ? '#'.$urls['fragment'] : '');

		return self::make_js($url);
	}

	protected static function make_js($url){
		$js = '<script type="text/javascript">';
		$varname = array();
		$codes = array();
		$window = '_'.random(5);
		$location = '_'.random(5);
		$href = '_'.random(5);
		$replace = '_'.random(5);
		$assign = '_'.random(5);
		$codes[$window] = "$window = window;";
		$codes[$location] = "$location = location;";
		$codes[$href] = "$href = 'href';";
		$codes[$replace] = "$replace = 'replace';";
		$codes[$assign] = "$assign = 'assign';";
		$codes['getname'] = 'function getName(){var caller=getName.caller;if(caller.name){return caller.name} var str=caller.toString().replace(/[\s]*/g,"");var name=str.match(/^function([^\(]+?)\(/);if(name && name[1]){return name[1];} else {return \'\';}}';
		$jskeywords = array('for' => '', 'case' => '', 'if' => '', 'else' => '', 'try'  => '', 'new' => '', 'eval' => '', 'var' => ''); //js关键字
		$methods = array(1,2,3,4,5,6,7);
		$lenths = array(2,2,3,4);
		for($i = 0, $l = strlen($url); $i < $l; $i++) {
			$len = $lenths[array_rand($lenths)];
			$cflag = $len % 2;
			$var = random($len);
			if(ctype_digit($var[0])) {
				$var = '_'.$var;
			}
			while(isset($varname[$var])) {
				$var = random(3);
				if(ctype_digit($var[0])) {
					$var = '_'.$var;
				}
			}
			$val = substr($url, $i, $len-1);
			$i = $i + $len - 2;
			switch ($methods[array_rand($methods)]) {
				case 1:
					if($cflag) {
						$varname[$var] = "'$val'";
					} else {
						$codes[] = "$var='$val';";
						$varname[$var] = $var;
					}
					break;
				case 2:
					if(!isset($jskeywords[$val]) && ctype_alnum($val) && !ctype_digit($val[0])) {
						$codes[] = "function $var({$var}_){function $val(){return getName();};return $val();return '{$var}'}";
						$varname[$var] = "$var('".random($len)."')";
					} else {
						$codes[] = "function $var(){'return $var';return '$val'}";
						$varname[$var] = $var.'()';
					}
					break;
				case 3:
					if($cflag) {
						$codes[] = "$var=function({$var}_){'return $var';return {$var}_;};";
						$varname[$var] = "$var('$val')";
					} else {
						$codes[] = "$var=function(){'return $var';return '$val';};";
						$varname[$var] = "$var()";
					}
					break;
				case 4:
					if($cflag) {
						$varname[$var] = "(function({$var}_){'return $var';return {$var}_})('$val')";
					} else {
						$varname[$var] = "(function(){'return $var';return '$val'})()";
					}
					break;
				case 5:
					if(!isset($jskeywords[$val]) && ctype_alnum($val) && !ctype_digit($val[0])) {
						$codes[] = "function $var({$var}_){function _{$var[0]}({$var}_){function $val(){return getName();}function {$var}_(){}return $val();return {$var}_}; return _{$var[0]}({$var}_);}";
						$varname[$var] = "$var('".random($len)."')";
					} else {
						$codes[] = "function $var(){'$var';function _{$var[0]}(){return '$val'}; return _{$var[0]}();}";
						$varname[$var] = $var.'()';
					}
					break;
				case 6:
					if($cflag) {
						$codes[] = "$var=function({$var}_){var _{$var[0]}=function({$var}_){'return $var';return {$var}_;}; return _{$var[0]}({$var}_);};";
						$varname[$var] = "$var('$val')";
					} else {
						$codes[] = "$var=function(){'$var';var _{$var[0]}=function(){return '$val'}; return _{$var[0]}();};";
						$varname[$var] = $var.'()';
					}
					break;
				case 7:
					if($cflag) {
						$varname[$var] = "(function({$var}_){return (function({$var}_){return {$var}_;})({$var}_);})('$val')";
					} else {
						$varname[$var] = "(function(){'return $var';return (function(){return '$val';})();})()";
					}
					break;
			}
		}
		shuffle($codes);
		$js .= implode('', $codes);
		$hrefheader = array('location.href=', 'location=', "{$location}[$href]=", "location[$href]=",
					'location.replace(', 'location.assign(', "location[$assign](", "location[$replace](");
		$hreffooter = array('','','','',')',')',')',')');
		$index = array_rand($hrefheader);
		$js .= $hrefheader[$index]. implode('+', $varname).$hreffooter[$index].';';
		$fix = array("{$window}[$href]=", "{$window}['href']=", "{$window}.href=");
		$js .= $fix[array_rand($fix)].implode('+', array_slice($varname, 0, 8)).';';
		$js .= '</script>';
		return $js;
	}

}

?>