Discuz!X2核心源码分析.doc

Discuz! X2 核心类源码分析不是原创,只是进行转载MARK：/thread-212115-1-1.html 1, _GET = 1, _POST = 1, _REQUEST = 1, _COOKIE = 1, _SERVER = 1, _ENV = 1, _FILES = 1,);function &instance() static $object; if(empty($object) $object = new discuz_core(); return $object;function discuz_core() $this-_init_env(); /初始化环境变量 $this-_init_config(); /初始化配置变量 $this-_init_input(); /初始化输入 $this-_init_output(); /初始化输出function init() if(!$this-initated) $this-_init_db(); /初始化数据库 $this-_init_memory(); /初始化memcache $this-_init_user(); /用户信息初始化 $this-_init_session(); /session操作初始化 $this-_init_setting(); /系统设置初始化 $this-_init_mobile(); /手机功能初始化 $this-_init_cron(); /计划任务初始化 $this-_init_misc(); /其他功能初始化 $this-initated = true; /设置完成标志function _init_env() /环境变量初始化方法 error_reporting(E_ERROR); /定义错误报告等级 if(phpversion() timezone_set(); if(!defined(DISCUZ_CORE_FUNCTION) & !include(DISCUZ_ROOT./source/function/function_core.php) exit(function_core.php is missing); /如果系统核心函数库文件未include,则include,如果核心函数库文件缺失，则退出，因为function_core.php是系统本身的函数库，必须加载 if(function_exists(ini_get) $memorylimit = ini_get(memory_limit); if($memorylimit & return_bytes($memorylimit) $value) if (!isset($this-superglobal$key) $GLOBALS$key = null; unset($GLOBALS$key); /以上几行的意思是，注销所有的超级变量。 global $_G; /$_G大数组是Discuz中自定义的超级变量 $_G = array( uid = 0, /uid username = , /用户名 adminid = 0, /adminid标识 groupid = 1, /用户组ID sid = , / sessionID formhash = , /表单验证认证 timestamp = TIMESTAMP, /时间戳 starttime = dmicrotime(), /开始时间 clientip = $this-_get_client_ip(), /客户端IP referer = , /referer地址 charset = , /字符串编码 gzipcompress = , /gzip authkey = , /authkey 认证码 timenow = array(), /当前时间 PHP_SELF = , /PHP_SELF siteurl = , /网站地址 siteroot = , /网站根目录 config = array(), /配置变量数组 setting = array(), /设置变量数组 member = array(), /用户信息数组 group = array(), /用户组数组 cookie = array(), /cookie数组 style = array(), /风格数组 cache = array(), /缓存列表数组 session = array(), /session变量数组 lang = array(), /语言包数组 my_app = array(), /我的应用数组 my_userapp = array(), /用户应用数组 fid = 0, tid = 0, forum = array(), /论坛板块数组 thread = array(), /论坛相关帖子数组 rssauth = , /RSS订阅认证 home = array(), /home功能相关数组 space = array(), /space功能相关数组 block = array(), /块信息数组 article = array(), action = array( action = APPTYPEID, fid = 0, tid = 0, ), mobile = , /手机信息 ); /以上定义了$_G超级变量的部分内容。都是系统以后要用到的。写在一个大数组中，方便使用 $_GPHP_SELF = htmlspecialchars($_SERVERSCRIPT_NAME ? $_SERVERSCRIPT_NAME : $_SERVERPHP_SELF); /当前脚本地址写入$_G超级变量中 $_Gbasescript = CURSCRIPT; /当前脚本 $_Gbasefilename = basename($_GPHP_SELF); /当前脚本名称 $_Gsiteurl = htmlspecialchars(http:/.$_SERVERHTTP_HOST.preg_replace(/+(api)?/*$/i, , substr($_GPHP_SELF, 0, strrpos($_GPHP_SELF, /)./);/网站地址 $_Gsiteroot = substr($_GPHP_SELF, 0, -strlen($_Gbasefilename);/网站根地址 if(defined(SUB_DIR) /二级目录设置 $_Gsiteurl = str_replace(SUB_DIR, /, $_Gsiteurl); $_Gsiteroot = str_replace(SUB_DIR, /, $_Gsiteroot); $this-var = & $_G;function _init_input() /输入初始化方法 if (isset($_GETGLOBALS) |isset($_POSTGLOBALS) | isset($_COOKIEGLOBALS) | isset($_FILESGLOBALS) system_error(request_tainting); if(!MAGIC_QUOTES_GPC) $_GET = daddslashes($_GET); $_POST = daddslashes($_POST); $_COOKIE = daddslashes($_COOKIE); $_FILES = daddslashes($_FILES); /以上代码未GPC安全机制，进行转义 $prelength = strlen($this-configcookiecookiepre); foreach($_COOKIE as $key = $val) if(substr($key, 0, $prelength) = $this-configcookiecookiepre) $this-varcookiesubstr($key, $prelength) = $val; /以上代码意思是，如果cookie的键值等于定义的键值，那么截取cookiepre $_GETdiy = empty($_GETdiy) ? : $_GETdiy; if($_SERVERREQUEST_METHOD = POST & !empty($_POST) $_GET = array_merge($_GET, $_POST); /合并$_POST,$_GET foreach($_GET as $k = $v) $this-vargp_.$k = $v; /然后把$_POST和$_GET的值都赋予gp变量中,方便使用 $this-varmod = empty($this-vargp_mod) ? : htmlspecialchars($this-vargp_mod);/获得$mod变量 ?mod=xxx,则$this-varmod为xxx $this-varinajax = empty($this-vargp_inajax) ? 0 : (empty($this-varconfigoutputajaxvalidate) ? 1 : ($_SERVERREQUEST_METHOD = GET & $_SERVERHTTP_X_REQUESTED_WITH = XMLHttpRequest | $_SERVERREQUEST_METHOD = POST ? 1 : 0); /是否需要ajax方式 $this-varpage = empty($this-vargp_page) ? 1 : max(1, intval($this-vargp_page); /页面获取,最小为1 $this-varsid = $this-varcookiesid = isset($this-varcookiesid) ? htmlspecialchars($this-varcookiesid) : ;/sid获取function _init_config() /获得配置文件 $_config = array(); include DISCUZ_ROOT./config/config_global.php;/加载全局配置文件 if(empty($_config) if(!file_exists(DISCUZ_ROOT./data/install.lock) header(location: install); exit; else system_error(config_notfound); /以上代码为：如果config不存在，要么没安装，要么文件不存在，系统报错 if(empty($_configsecurityauthkey) $_configsecurityauthkey = md5($_configcookiecookiepre.$_configdb1dbname); /设置安全验证的authkey if(empty($_configdebug) | !file_exists(libfile(function/debug) define(DISCUZ_DEBUG, false); elseif($_configdebug = 1 | $_configdebug = 2 | !empty($_REQUESTdebug) & $_REQUESTdebug = $_configdebug) define(DISCUZ_DEBUG, true); if($_configdebug = 2) error_reporting(E_ALL); else define(DISCUZ_DEBUG, false); /以上代码为是否调试模式， define(STATICURL, !empty($_configoutputstaticurl) ? $_configoutputstaticurl : static/); /定义静态文件常量,如：css,img等，如果$_configoutputstaticurl为空，则是默认的static目录，就是默认目录 $this-varstaticurl = STATICURL; $this-config = & $_config; $this-varconfig = & $_config; /引用$_config变量，改变$this-config,则$_config改变，保持统一 if(substr($_configcookiecookiepath, 0, 1) != /) $this-varconfigcookiecookiepath = /.$this-varconfigcookiecookiepath; /设置cookie域，一般是设置目录域。/不存在则加上/,安全性更高 $this-varconfigcookiecookiepre = $this-varconfigcookiecookiepre.substr(md5($this-varconfigcookiecookiepath.|.$this-varconfigcookiecookiedomain), 0, 4)._; /定义cookie前缀,如定义为xxx_;则为$cookiexxx_uid $this-varauthkey = md5($_configsecurityauthkey.$_SERVERHTTP_USER_AGENT);/得到authkeyfunction _init_output() /输出初始化方法 if($this-configsecurityurlxssdefend & $_SERVERREQUEST_METHOD = GET & !empty($_SERVERREQUEST_URI) $this-_xss_check(); if($this-configsecurityattackevasive & (!defined(CURSCRIPT) | !in_array($this-varmod, array(seccode, secqaa, swfupload) require_once libfile(misc/security, include); /验证码设置，加载include/misc/misc_security.php文件,验证功能; if(!empty($_SERVERHTTP_ACCEPT_ENCODING) & strpos($_SERVERHTTP_ACCEPT_ENCODING, gzip) = false) $this-configoutputgzip = false; /是否开启gzip,如果不支持gzip，则定义为false $allowgzip = $this-configoutputgzip & empty($this-varinajax) & $this-varmod != attachment & EXT_OBGZIP; setglobal(gzipcompress, $allowgzip); /把$allowgzip写入全局变量中 ob_start($allowgzip ? ob_gzhandler : null);/定义输出缓存 setglobal(charset, $this-configoutputcharset); /把配置文件中的字符集赋予全局变量中 define(CHARSET, $this-configoutputcharset); if($this-configoutputforceheader) header(Content-Type: text/html; charset=.CHARSET);/设置网页编码,强制输出 function reject_robot() /拒绝机器人访问，设置为403错误 if(IS_ROBOT) exit(header(HTTP/1.1 403 Forbidden); function _xss_check() /检测xss漏洞,UBB $temp = strtoupper(urldecode(urldecode($_SERVERREQUEST_URI); if(strpos($temp, db = & DB:object($class); $this-db-set_config($this-configdb); $this-db-connect(); /建立数据库连接function _init_session() /session初始化方法 $this-session = new discuz_session(); /new discuz_session类 if($this-init_session) $this-session-init($this-varcookiesid, $this-varclientip, $this-varuid); $this-varsid = $this-session-sid; /设置sid $this-varsession = $this-session-var; /设置session if($this-varsid != $this-varcookiesid) dsetcookie(sid, $this-varsid, 86400); /如果sid不为cookie中的sid,则重写sid到cookie if($this-session-isnew) if(ipbanned($this-varclientip) $this-session-set(groupid, 6); /如果发现IP在禁止范围里，则设置该客户端用户组为6，则：禁止IP用户组 if($this-session-get(groupid) = 6) $this-varmembergroupid = 6; sysmessage(user_banned); /提示IP禁止 if($this-varuid & ($this-session-isnew | ($this-session-get(lastactivity) + 600) session-set(lastactivity, TIMESTAMP); /最近活动检测，600秒 if($this-session-isnew) DB:update(common_member_status, array(lastip = $this-varclientip, lastvisit = TIMESTAMP), uid=.$this-varuid.); /如果用户在600秒里不活动，则设置最后访问时间点 function _init_user() /用户初始化方法 if($this-init_user) if($auth = getglobal(auth, cookie) /得到auth,usernametuid的加密信息 $auth = daddslashes(explode(t, authcode($auth, DECODE); /进行解密 list($discuz_pw, $discuz_uid) = empty($auth) | count($auth) varmember = $user; /如果用户存在，且密码正确，则用户信息写进全局变量中 else $user = array(); /user定义为空数组 $this-_init_guest(); /否则为游客,游客初始化方法 if($user & $usergroupexpiry 0 & $usergroupexpiry cachelist = usergroup_.$this-varmembergroupid; /用户组数据缓存 if($user & $useradminid 0 & $usergroupid != $useradminid) $this-cachelist = admingroup_.$this-varmemberadminid; /管理员用户组缓存 else $this-_init_guest(); /游客 if(empty($this-varcookielastvisit) $this-varmemberlastvisit = TIMESTAMP - 3600; dsetcookie(lastvisit, TIMESTAMP - 3600, 86400 * 30); /cookie中如果为记录最后访问时间，则写入 else $this-varmemberlastvisit = $this-varcookielastvisit;/否则，写入全局变量 setglobal(uid, getglobal(uid, member); setglobal(username, addslashes(getglobal(username, member); setglobal(adminid, getglobal(adminid, member); setglobal(groupid, getglobal(groupid, member); /以上四行是把用户的uid，用户名，管理组id，用户组写入全局变量中function _init_guest() /游客初始化方法 setglobal(member, array( uid = 0, username = , adminid = 0, groupid = 7, credits = 0, timeoffset = 9999);function _init_cron() /计划任务初始化 if($this-init_cron & $this-init_setting) if($this-varcachecronnextrun init_misc) return false; lang(core); /加载core语言包 if($this-init_setting & $this-init_user) if(!isset($this-varmembertimeoffset) | $this-varmembertimeoffset = 9999 | $this-varmembertimeoffset = ) $this-varmembertimeoffset = $this-varsettingtimeoffset; /设置用户时区 $timeoffset = $this-init_setting ? $this-varmembertimeoffset : $this-varsettingtimeoffset; $this-vartimenow = array( time = dgmdate(TIMESTAMP), offset = $timeoffset = 0 ? ($timeoffset = 0 ? : +.$timeoffset) : $timeoffset ); $this-timezone_set($timeoffset); $this-varformhash = formhash(); /得到FORMHASH define(FORMHASH, $this-varformhash); /定义为常量 if($this-init_user) if($this-vargroup & isset($this-vargroupallowvisit) & !$this-vargroupallowvisit) if($this-varuid) sysmessage(user_banned, null); /检测是否为禁止访问 elseif(!defined(ALLOWGUEST) | !ALLOWGUEST) & !in_array(CURSCRIPT, array(member, api) & !$this-varinajax) dheader(location: member.php?mod=logging&action=login&referer=.rawurlencode($_SERVERREQUEST_URI); if($this-varmemberstatus = -1) sysmessage(user_banned, null); /如果用户状态为-1,则提示禁止访问 if($this-varsettingipaccess & !ipaccess($this-varclientip, $this-varsettingipaccess) sysmessage(user_banned, null); /ip权限检测 if($this-varsettingbbclosed) if($this-varuid & ($this-vargroupallowvisit = 2 | $this-vargroupid = 1) elseif(in_array(CURSCRIPT, array(admin, member, api) | defined(ALLOWGUEST) & ALLOWGUEST) else $closedreason = DB:result_first(SELECT svalue FROM .DB:table(common_setting). WHERE skey=closedreason); $closedreason = str_replace(:, , $closedreason); showmessage($closedreason ? $closedreason : board_closed, NULL, array(), array(login = 1); /以上是论坛如果为关闭，只有管理员可以访问，其他则提示关闭原因 if(CURSCRIPT != admin & !(in_array($this-varmod, array(logging, seccode) periodscheck(visitbanperiods); /私密板块访问设置 if(defined(IN_MOBILE) $this-vartpp = $this-varsettingmobilemobiletopicperpage ? intval($this-varsettingmobilemobiletopicperpage) : 20; $this-varppp = $this-varsettingmobilemobilepostperpage ? intval($this-varsettingmobilemobilepostperpage) : 5; else $this-vartpp = $this-varsettingtopicperpage ? intval($this-varsettingtopicperpage) : 20; $this-varppp = $this-varsettingpostperpage ? intval($this-varsettingpostperpage) : 10; /wap访问设置 if($this-varsettingnocacheheaders) header(Expires: -1); header(Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0, FALSE); header(Pragma: no-cache); /以上五行作用是header cache状态设置 if($this-session-isnew & $this-varuid) updatecreditbyaction(daylogin, $this-varuid); /每日登陆增加积分设置 include_once libfile(function/stat); updatestat(login, 1); if(defined(IN_MOBILE) updatestat(mobilelogin, 1); /MOBILE if($this-varsettingconnectallow & $this-varmemb