}
}
if ($attackevasive & 8) {
list($visitcode, $visitcheck, $visittime) = explode('|', authcode($_G['cookie']['visitcode'], 'DECODE'));
if (!$visitcode || !$visitcheck || !$visittime || TIMESTAMP - $visittime > 60 * 60 * 4) {
if (empty($_POST['secqsubmit']) || $visitcode != md5($_POST['answer'])) {
$answer = 0;
$question = '';
for ($i = 0; $i < rand(2, 5); $i++) {
$r = rand(1, 20);
$question .= $question ? ' + ' . $r : $r;
$answer += $r;
}
$question .= ' = ?';
dsetcookie('visitcode', authcode(md5($answer) . '|0|' . TIMESTAMP, 'ENCODE'), TIMESTAMP + 816400, 1, true);
securitymessage($question, '<input type="text" name="answer" size="8" maxlength="150" /><input type="submit" name="secqsubmit" class="button" value=" Submit " />', FALSE, TRUE);
} else {
dsetcookie('visitcode', authcode($visitcode . '|1|' . TIMESTAMP, 'ENCODE'), TIMESTAMP + 816400, 1, true);
}
}
}
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE)
{
global $_G;
$scuritylang = array('attackevasive_1_subject' => '频繁刷新限制', 'attackevasive_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...', 'attackevasive_2_subject' => '代理服务器访问限制', 'attackevasive_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。', 'attackevasive_4_subject' => '页面重载开启', 'attackevasive_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...');
$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if ($_GET['inajax']) {
security_ajaxshowheader();
echo '<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">' . $subject . '</b><br /><br />' . $message . '</div>';
security_ajaxshowfooter();
if ($attackevasive & 2 && ($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_VIA'] || $_SERVER['HTTP_PROXY_CONNECTION'] || $_SERVER['HTTP_USER_AGENT_VIA'] || $_SERVER['HTTP_CACHE_INFO'] || $_SERVER['HTTP_PROXY_CONNECTION'])) {
securitymessage('attachsave_2_subject', 'attachsave_2_message', FALSE);
}
if ($attackevasive & 4) {
if (empty($_DCOOKIE['lastrequest']) || $timestamp - $_DCOOKIE['lastrequest'] > 60) {
securitymessage('attachsave_4_subject', 'attachsave_4_message');
}
}
if ($attackevasive & 8) {
list($questionkey, $questionanswer, $questiontime) = explode('|', authcode($_DCOOKIE['secqcode'], 'DECODE'));
include_once DISCUZ_ROOT . './forumdata/cache/cache_secqaa.php';
if (!$questionanswer || !$questiontime || $_DCACHE['secqaa'][$questionkey]['answer'] != $questionanswer) {
if (empty($_POST['secqsubmit']) || !empty($_POST['secqsubmit']) && $_DCACHE['secqaa'][$questionkey]['answer'] != md5($_POST['answer'])) {
$questionkey = array_rand($_DCACHE['secqaa']);
dsetcookie('secqcode', authcode($questionkey . '||' . $timestamp, 'ENCODE'), $timestamp + 816400);
securitymessage($_DCACHE['secqaa'][$questionkey]['question'], '<input type="text" name="answer" size="8" maxlength="150" /><input class="button" type="submit" name="secqsubmit" value=" Submit " />', FALSE, TRUE);
} else {
dsetcookie('secqcode', authcode($questionkey . '|' . $_DCACHE['secqaa'][$questionkey]['answer'] . '|' . $timestamp, 'ENCODE'), $timestamp + 816400);
}
}
}
function securitymessage($subject, $message, $reload = TRUE, $form = FALSE)
{
$scuritylang = array('attachsave_1_subject' => '频繁刷新限制', 'attachsave_1_message' => '您访问本站速度过快或者刷新间隔时间小于两秒!请等待页面自动跳转 ...', 'attachsave_2_subject' => '代理服务器访问限制', 'attachsave_2_message' => '本站现在限制使用代理服务器访问,请去除您的代理设置,直接访问本站。', 'attachsave_4_subject' => '页面重载开启', 'attachsave_4_message' => '欢迎光临本站,页面正在重新载入,请稍候 ...');
$subject = $scuritylang[$subject] ? $scuritylang[$subject] : $subject;
$message = $scuritylang[$message] ? $scuritylang[$message] : $message;
if ($_GET['inajax']) {
ajaxshowheader();
echo '<div id="attackevasive_1" class="popupmenu_option"><b style="font-size: 16px">' . $subject . '</b><br /><br />' . $message . '</div>';
ajaxshowfooter();
} else {
