谴责下某位同学,转载了我的上一篇文章,也不给个原文地址,希望这次再来转时能加上。

//检查登录,在common.php判断

//cookie串: 2|dc4fab5bb354be5104bae0affe2c1b615c565cf5|1384165106|eb084e693bb241a29e9986b62e69cf5f465f354d

//cookie有效期大于当前时间=》继续判断:用户cookie中保存的用户ID、生存周期、及预设置的cookie密钥,经过特殊处理后与$cookie['cookie_hash']比较

 function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $cookie_name, $cookie_seed; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\d+)\|([0-9a-fA-F]+)\|(\d+)\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches))
{
$cookie = array(
'user_id' => intval($matches[1]),
'password_hash' => $matches[2],
'expiration_time' => intval($matches[3]),
'cookie_hash' => $matches[4],
);
} // If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now)
{
// If the cookie has been tampered with
if (forum_hmac($cookie['user_id'].'|'.$cookie['expiration_time'], $cookie_seed.'_cookie_hash') != $cookie['cookie_hash'])
{
$expire = $now + 31536000; // The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user(); return;
}
...............

//从上面得到的$cookie变量中的user_id,去数据库查询取到密码,特殊处理后与$cookie中的password_hash比较

 // Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result); // If user authorisation failed
if (!isset($pun_user['id']) || forum_hmac($pun_user['password'], $cookie_seed.'_password_hash') !== $cookie['password_hash'])
{
$expire = $now + 31536000; // The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user(); return;
}

//退出 "login.php?action=out&id=2&csrf_token=40ce5abbaf76ba6fe66bb8a833eb9e8d4da5c273" ,此处没有直接删除cookie

//先判断用户是否已登录,链接是否有相应的标识

 if ($action == 'out')
{
if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id'] || !isset($_GET['csrf_token']) || $_GET['csrf_token'] != pun_hash($pun_user['id'].pun_hash(get_remote_address())))
{
header('Location: index.php');
exit;
} // Remove user from "users online" list
$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); // Update last_visit (make sure there's something to update it with)
if (isset($pun_user['logged']))
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); pun_setcookie(1, pun_hash(uniqid(rand(), true)), time() + 31536000); redirect('index.php', $lang_login['Logout redirect']);
}

//get_remote_address()取远程IP,区分了是否用了代理

 function get_remote_address()
{
$remote_addr = $_SERVER['REMOTE_ADDR']; // If we are behind a reverse proxy try to find the real users IP
if (defined('FORUM_BEHIND_REVERSE_PROXY'))
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
// The general format of the field is:
// X-Forwarded-For: client1, proxy1, proxy2
// where the value is a comma+space separated list of IP addresses, the left-most being the farthest downstream client,
// and each successive proxy that passed the request adding the IP address where it received the request from.
$forwarded_for = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$forwarded_for = trim($forwarded_for[0]); if (@preg_match('%^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$%', $forwarded_for) || @preg_match('%^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$%', $forwarded_for))
$remote_addr = $forwarded_for;
}
} return $remote_addr;
}

//退出时cookie处理

 pun_setcookie(1, pun_hash(uniqid(rand(), true)), time() + 31536000);
 // Set a cookie, FluxBB style!
// Wrapper for forum_setcookie
//
function pun_setcookie($user_id, $password_hash, $expire)
{
global $cookie_name, $cookie_seed; forum_setcookie($cookie_name, $user_id.'|'.forum_hmac($password_hash, $cookie_seed.'_password_hash').'|'.$expire.'|'.forum_hmac($user_id.'|'.$expire, $cookie_seed.'_cookie_hash'), $expire);
} //
// Set a cookie, FluxBB style!
//
function forum_setcookie($name, $value, $expire)
{
global $cookie_path, $cookie_domain, $cookie_secure, $pun_config; if ($expire - time() - $pun_config['o_timeout_visit'] < 1)
$expire = 0; // Enable sending of a P3P header
header('P3P: CP="CUR ADM"'); if (version_compare(PHP_VERSION, '5.2.0', '>='))
setcookie($name, $value, $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
else
setcookie($name, $value, $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
}

//定义一些通用函数,

如:error():

error('Unable to fetch user info', __FILE__, __LINE__, $db->error())

message($message, $no_back_link = false, $http_status = null)

utf8_trim( $str, $charlist=false);  //去空格

redirect($destination_url, $message);  //重定向

fluxbb多数页面都写在一个文件中,如login.php包括登录、退出、忘记密码等操作,通过不同的action区分。

引入公用header.php、不同页面分别替换相应的内容($pun_user变量),如title、要加载的css等。

$pun_user变量前面提到的check_cookie()函数中设置的值。 

 $pun_user = array();
check_cookie($pun_user);

function check_cookie(&$pun_user){}    //注意后面的&地址符

check_cookie(函数中,通过cookie值来判断用户信息,如是合法的已登录用户,直接将一些值保存到$pun_user,否则设置一些默认值。通过set_default_user()函数,并记录在线用户。

 //
// Fill $pun_user with default values (for guests)
//
function set_default_user()
{
global $db, $db_type, $pun_user, $pun_config; $remote_addr = get_remote_address(); // Fetch guest user
$result = $db->query('SELECT u.*, g.*, o.logged, o.last_post, o.last_search FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$db->escape($remote_addr).'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
exit('Unable to fetch guest information. Your database must contain both a guest user and a guest user group.'); $pun_user = $db->fetch_assoc($result); // Update online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = time(); // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type)
{
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break; default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) SELECT 1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].' WHERE NOT EXISTS (SELECT 1 FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($remote_addr).'\')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
}
else
$db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
$pun_user['timezone'] = $pun_config['o_default_timezone'];
$pun_user['dst'] = $pun_config['o_default_dst'];
$pun_user['language'] = $pun_config['o_default_lang'];
$pun_user['style'] = $pun_config['o_default_style'];
$pun_user['is_guest'] = true;
$pun_user['is_admmod'] = false;
}

//footer.php

页面header和footer内容通过$tpl_main变量保存,footer.php最后,exit($tpl_main);直接输出并终止运行。主要用到了输出缓冲的一些函数。

在整个fluxbb系统中,只看到了两个js文件,分别是common.js和minmax.js,而且两个文件都没超过3kb,其中minmax.js是在header.php引入了。想想自己,没有jquery就有点寸步难行了。

原文作者:lltong,博客园地址:http://www.cnblogs.com/lltong/

PHP开源系统学习之fluxbb_2的更多相关文章

  1. PHP开源系统学习之fluxbb_1

    最近一直忙于做项目,虽说做了点新东西.感觉自己进步不是很大,总体水平还是跟半年前差不多,想到的东西跟以前差不多,写出来的东西也跟以前差不多.只是现在做的东西多些,比以前敢做了. 近期准备利用点时间,读 ...

  2. GitHub 上 57 款最流行的开源深度学习项目

    转载:https://www.oschina.net/news/79500/57-most-popular-deep-learning-project-at-github GitHub 上 57 款最 ...

  3. Computational Network Toolkit (CNTK) 是微软出品的开源深度学习工具包

    Computational Network Toolkit (CNTK) 是微软出品的开源深度学习工具包 用 CNTK 搞深度学习 (一) 入门 Computational Network Toolk ...

  4. Hibernate的系统 学习

    Hibernate的系统 学习 一.Hibernate的介绍 1.什么是Hibernate? 首先,hibernate是数据持久层的一个轻量级框架.数据持久层的框架有很多比如:iBATIS,myBat ...

  5. Ubuntu LTS 系统学习使用体会和实用工具软件汇总 6.04 8.04 10.04 12.04 14.04 16.04

    Ubuntu LTS 系统学习体会和工具软件汇总 6.04 8.04 10.04 12.04 14.04 16.04 ubuntu入门必备pdf:http://download.csdn.net/de ...

  6. MySQL如何系统学习

    MySQL是当下互联网最流行的开源数据库.不管你使用或者学习何种编程语言,都将会使用到数据库,而MySQL则是应用最为广泛的数据库,没有之一! 之前在我的博客上也发布过一些MySQL优化配置项,都收到 ...

  7. 开源深度学习架构Caffe

    Caffe 全称为 Convolutional Architecture for Fast Feature Embedding,是一个被广泛使用的开源深度学习框架(在 TensorFlow 出现之前一 ...

  8. 一种基于python的人脸识别开源系统

    今天在搜索人脸识别的文章时,无意中搜到一个比较开源代码,介绍说是这个系统人脸的识别率 是比较高的,可以达到:99.38%.这么高的识别率,着实把我吓了一跳.抱着实事求是的态度.个人 就做了一些验证和研 ...

  9. GitHub 上 57 款最流行的开源深度学习项目【转】

    GitHub 上 57 款最流行的开源深度学习项目[转] 2017-02-19 20:09 334人阅读 评论(0) 收藏 举报 分类: deeplearning(28) from: https:// ...

随机推荐

  1. Spring的使用

    Spring的组成 1. Core模块 该模块是Spring的核心容器,它实现了Ioc模式和Spring框架的基础功能. 2. Context模块 该模块继承BeanFactory类,并添加了事件处理 ...

  2. 深入理解JVM - 早期(编译期)优化

    Java“编译期”是一段“不确定”的操作过程:可能是指一个前端编译器(编译器的前端)把*.java文件转变为*.class文件的过程:可能是指虚拟机的后端运行期编译器(JIT编译器,Just In T ...

  3. 纯CSS的jQuery的气泡提示组件

    1. [代码][JavaScript]代码 //调用说明//$(selector).bub($(selector) | string[, options]);//示例: $('#demo1').bub ...

  4. apache 简单笔记

    1.端口监听 可以多个 Listen 80Listen 8080 2.多网站 Listen 80Listen 8080 # Virtual hostsInclude conf/extra/httpd- ...

  5. Oracle使用hs odbc连接mssql2008

    1.创建odbc 2.在 product\11.2.0\dbhome_1\hs\admin\  下拷贝initdg4odbc,把名字改为initcrmsql(init+所建odbc的名称) HS_FD ...

  6. 分享知识-快乐自己:关于 String 小案例

    单个字符出现的次数: /*** * 验证是否符合拆分条件 * * @param text * 原字符串 * @param sub * 判断条件 * @return */ public static i ...

  7. 负载均衡之IP

    文章出自:http://blog.csdn.net/cywosp/article/details/38036537       首先让我们来看看下面这张大家都非常熟悉的TCP/IP协议族的分层图:   ...

  8. 关于VS中包含库、附加包含库、

    转载:https://blog.csdn.net/qing101hua/article/details/53841827 VS中C++的包含目录.附加包含目录和库目录和附加库目录的区别 对Visual ...

  9. leetcode 162 Find Peak Element(二分法)

    A peak element is an element that is greater than its neighbors. Given an input array where num[i] ≠ ...

  10. android sqlite,大数据处理、同时读写

    1. 批量写入,采用事物方式,先缓存数据,再批量写入数据,极大提高了速度 288条,直接inset  into  耗时7秒 8640条,     批量写入  耗时5-7秒 try { this.myD ...