Discuz原码分析（一）admincp.php

最新推荐文章于 2025-05-28 20:42:42 发布

Black_c

最新推荐文章于 2025-05-28 20:42:42 发布

阅读量3.5k

点赞数

CC 4.0 BY-SA版权

文章标签： action query plugins header url templates

本文链接：https://blog.youkuaiyun.com/Black_c/article/details/2029910

本文介绍Discuz!论坛系统后台登录验证流程与不同管理员级别的权限分配方式，涉及用户认证、会话管理及操作日志记录等关键环节。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

<?php

This is NOT a freeware, use is subject to license terms

$Id: admincp.php 10318 2007-08-25 12:26:40Z heyond $

define('IN_ADMINCP', TRUE);

define('NOROBOT', TRUE);

require_once './include/common.inc.php';

require_once DISCUZ_ROOT.'./admin/global.func.php';

require_once DISCUZ_ROOT.'./include/cache.func.php';

$discuz_action = 211;

include language('admincp');

if($adminid <= 0) {

$cpaccess = 0;

} else {

if(!$discuz_secques && $admincp['forcesecques']) {

cpheader();

cpmsg('secques_invalid');

}

if($adminipaccess && $adminid == 1 && !ipaccess($onlineip, $adminipaccess)) {

$cpaccess = 2;

} else {

$addonlineip = $admincp['checkip'] ? "AND ip='$onlineip'" : '';

$query = $db->query("SELECT errorcount FROM {$tablepre}adminsessions WHERE uid='$discuz_uid' $addonlineip AND dateline+1800>'$timestamp'", 'SILENT');

if($db->error()) {

$db->query("DROP TABLE IF EXISTS {$tablepre}adminsessions");

$db->query("CREATE TABLE {$tablepre}adminsessions (uid mediumint(8) UNSIGNED NOT NULL default '0', ip char(15) NOT NULL default '', dateline int(10) unsigned NOT NULL default '0', errorcount tinyint(1) NOT NULL default '0')");

$cpaccess = 1;

} else {

if($session = $db->fetch_array($query)) {

if($session['errorcount'] == -1) {

$db->query("UPDATE {$tablepre}adminsessions SET dateline='$timestamp' WHERE uid='$discuz_uid'", 'UNBUFFERED');

$cpaccess = 3;

} elseif($session['errorcount'] <= 3) {

$cpaccess = 1;

} else {

$cpaccess = 0;

}

} else {

$db->query("DELETE FROM {$tablepre}adminsessions WHERE uid='$discuz_uid' OR dateline+1800<'$timestamp'");

$db->query("INSERT INTO {$tablepre}adminsessions (uid, ip, dateline, errorcount)

VALUES ('$discuz_uid', '$onlineip', '$timestamp', '0')");

$cpaccess = 1;

}

$username = !empty($username) ? dhtmlspecialchars($username) : '';

$action = !empty($action) && is_string($action) ? trim($action) : '';

$page = isset($page) ? intval((max(1, $page))) : 0;

if(!empty($action) && !in_array($action, array('main', 'header', 'menu', 'illegallog', 'ratelog', 'modslog', 'medalslog', 'creditslog', 'banlog', 'cplog', 'errorlog'))) {

switch($cpaccess) {

case 0:

$extra = 'PERMISSION DENIED';

break;

case 1:

$extra = 'AUTHENTIFICATION(ERROR #'.intval($session['errorcount']).')';

break;

case 2:

$extra = 'IP ACCESS DENIED';

break;

case 3:

$extra = $semicolon = '';

if(is_array($_GET)) {

foreach(array_merge($_GET, $_POST) as $key => $val) {

if(!in_array($key, array('action', 'sid', 'formhash', 'admin_password')) && $val) {

$extra .= $semicolon.$key.'=';

if(is_array($val)) {

$extra .= 'Array(';

foreach($val as $arraykey => $arrayval) {

$extra .= $arraykey.'='.cutstr($arrayval, 15).'; ';

}

$extra .= ')';

} else {

$extra .= cutstr($val, 15);

}

$semicolon = '; ';

}

$extra = nl2br(dhtmlspecialchars($extra));

}

break;

}

$extralog = (($action == 'home' && isset($securyservice)) || ($action == 'insenz' && in_array($operation, array('register', 'binding')))) ? '' : $extra;

writelog('cplog', dhtmlspecialchars("$timestamp $discuz_userss $adminid $onlineip $action $extralog"));

unset($extralog);

}

if($cpaccess == 0) {

clearcookies();

loginmsg('noaccess');

} elseif($cpaccess == 1) {

if(!$admin_password || md5($admin_password) != $discuz_pw) {

if($admin_password) {

$db->query("UPDATE {$tablepre}adminsessions SET errorcount=errorcount+1 WHERE uid='$discuz_uid'");

writelog('cplog', dhtmlspecialchars("$timestamp $discuz_userss $adminid $onlineip $action AUTHENTIFICATION(PASSWORD)"));

}

loginmsg('', '', 'login');

} else {

$db->query("UPDATE {$tablepre}adminsessions SET errorcount='-1' WHERE uid='$discuz_uid'");

loginmsg('login_succeed', 'admincp.php?'.$_SERVER['QUERY_STRING'].'');

if(!empty($url_forward)) {

echo "<meta http-equiv=refresh content="0;URL=$url_forward">";exit;

}

} elseif($cpaccess == 2) {

loginmsg('noaccess_ip');

}

if(empty($action) || isset($frames)) {

parse_str($_SERVER['QUERY_STRING'], $getarray);

$extra = $and = '';

foreach($getarray as $key => $value) {

if($key == 'action' && in_array($value, array('header', 'menu'))) {

$extra .= $and.$key.'=home';

} elseif(!in_array($key, array('sid', 'frames'))) {

@$extra .= $and.$key.'='.rawurlencode($value);

$and = '&';

}

$extra = $extra && $action ? $extra : (!empty($runwizard) ? 'action=runwizard' : 'action=home');

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<title>Discuz! Administrator's Control Panel</title>

</head>

</div>

<tr>

<td><iframe frameborder="0" id="menu" name="menu" src="admincp.php?action=menu&sid=<?=$sid?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td>

<td><iframe frameborder="0" id="main" name="main" src="admincp.php?<?=$extra?>&sid=<?=$sid?>" scrolling="yes" style="height: 100%; visibility: inherit; width: 100%; z-index: 1;overflow: auto;"></iframe></td>

</tr></table>

</body>

</html>

exit();

}

$isfounder = isfounder();

if($action == 'menu') { //如果你点“后台首页”就会指向menu.inc.php这个文件

require_once DISCUZ_ROOT.'./admin/menu.inc.php';

} elseif($action == 'header') { //如果你点上面的那些“基本设置”，“论坛管理”，“用户管理”之类的按扭就会指向header.inc.php这个文件

require_once DISCUZ_ROOT.'./admin/header.inc.php';

} elseif($action == 'logout') { //如果你点退出则执行下面的语句，删除在数据库中相应管理ID的session值

$db->query("DELETE FROM {$tablepre}adminsessions WHERE uid='$discuz_uid'");

loginmsg('logout_succeed', 'index.php'); //返回index.php页面（即论坛首页）

} else {

$cpscript = '';

if($adminid == 1) {

if($action == 'home') { //系统设置首页

$cpscript = 'home';

} elseif($action == 'runwizard' && isfounder()) { //快速设置向导

$cpscript = 'runwizard';

} elseif($action == 'settings') { //头部基本设置

$cpscript = 'settings';

} elseif($action == 'xspace') { //头部扩展设置-->SupeSite设置，是DZ的内容管理系统（CMS）

$cpscript = 'supesite';

} elseif($action == 'passport' || $action == 'shopex') { //头部扩展设置-->通行证API相关设置

$cpscript = 'passport';

} elseif($action == 'google_config') { //头部扩展设置-->GOOGLE搜索相关设置

$cpscript = 'google';

} elseif($action == 'qihoo_config' || $action == 'qihoo_relatedthreads' || $action == 'qihoo_topics') { //头部扩展设置-->QIHOO搜索相关设置

$cpscript = 'qihoo';

} elseif($action == 'forumadd' || $action == 'forumsedit' || $action == 'forumsmerge' || $action == 'forumdetail' || $action == 'forumdelete' || $action == 'moderators' || $action == 'forumcopy' || $action == 'forumrecommend') { //后台首页左边栏-->编辑版块相关设置

$cpscript = 'forums';

} elseif($action == 'editmember' || $action == 'memberadd' || $action == 'members' || $action == 'membersmerge' || $action == 'editgroups' || $action == 'access' || $action == 'editcredits' || $action == 'editmedals' || $action == 'memberprofile' || $action == 'profilefields' || $action == 'ipban' || $action == 'banmember') { //头部用用户管理-->添加用户||编辑用户||合并用户||用户栏目制定||禁止IP||禁止用户

$cpscript = 'members';

} elseif($action == 'usergroups' || $action == 'admingroups' || $action == 'ranks') { //头部用户管理-->左边栏相关设置

$cpscript = 'groups';

} elseif($action == 'announcements') { //头部其它设置-->论坛公告

$cpscript = 'announcements';

} elseif($action == 'styles') { //头部论坛管理-->界面风格

$cpscript = 'styles';

} elseif($isfounder && ($action == 'templates' || $action == 'tpladd' || $action == 'tpledit' || $action == 'tplcopy')) {

$cpscript = 'templates';

} elseif($action == 'modmembers' || $action == 'modthreads' || $action == 'modreplies') { //头部用户管理-->审核新用户，

$cpscript = 'moderate';

} elseif($action == 'recyclebin') {

$cpscript = 'recyclebin';

} elseif($action == 'alipay' || $action == 'orders' || $action == 'ec_credit') {

$cpscript = 'ecommerce';

} elseif($action == 'smilies') {

$cpscript = 'smilies';

} elseif($action == 'forumlinks' || $action == 'onlinelist' || $action == 'medals' || $action == 'censor' || $action == 'discuzcodes' || $action == 'icons' || $action == 'attachtypes' || $action == 'crons' || $action == 'creditslog' || $action == 'tags') {

$cpscript = 'misc';

} elseif($action == 'adv' || $action == 'advadd' || $action == 'advedit') {

$cpscript = 'advertisements';

} elseif($isfounder && ($action == 'export' || $action == 'optimize' || ($action == 'import' || $action == 'importzip' || $action == 'runquery'))) {

$cpscript = 'database';

} elseif($action == 'attachments') {

$cpscript = 'attachments';

} elseif($action == 'counter') {

$cpscript = 'counter';

} elseif($action == 'threads') {

$cpscript = 'threads';

} elseif($action == 'insenz') {

$cpscript = 'insenz';

} elseif($action == 'prune' || $action == 'pmprune') {

$cpscript = 'prune';

} elseif($action == 'updatecache' || $action == 'jswizard' || $action == 'fileperms') {

$cpscript = 'tools';

} elseif($action == 'filecheck' || $action == 'dbcheck' || $action == 'ftpcheck' || $action == 'mailcheck' || $action == 'imagepreview') {

$cpscript = 'checktools';

} elseif($action == 'creditwizard') {

$cpscript = 'creditwizard';

} elseif($action == 'plugins' || $action == 'pluginsconfig' || $action == 'pluginsedit' || $action == 'pluginhooks' || $action == 'pluginvars') { //头部按扭的扩展设置里的，插件设置，插件管理，

$cpscript = 'plugins';

} elseif($action == 'illegallog' || $action == 'ratelog' || $action == 'modslog' || $action == 'medalslog' || $action == 'banlog' || $action == 'cplog' || $action == 'errorlog' || $action == 'invitelog') {

$cpscript = 'logs';

} elseif($action == 'tradelog') {

$cpscript = 'tradelog';

} elseif($action == 'faqlist' || $action == 'faqdetail') {

$cpscript = 'faq';

} elseif($action == 'magic_config' || $action == 'magic' || $action == 'magicadd' || $action == 'magicedit' || $action == 'magicmarket' || $action == 'magiclog') {

$cpscript = 'magics';

} elseif($action == 'upgrade' || $action == 'upgradedown' || $action == 'upgradeopenbbs') {

$cpscript = 'upgrade';

} elseif($action == 'project' || $action == 'projectadd' || $action == 'projectapply') {

$cpscript = 'project';

} elseif($action == 'threadtypes' || $action == 'typeoption' || $action == 'typedetail' || $action == 'optiondetail' || $action == 'typemodel' || $action == 'modeldetail') {

$cpscript = 'threadtypes';

} elseif($action == 'videoconfig' || $action == 'video' || $action == 'videobind' || $action == 'videoclass') {

$cpscript = 'video';

}

if($radminid != $groupid) {

$query = $db->query("SELECT disabledactions FROM {$tablepre}adminactions WHERE admingid='$groupid'");

$dactionarray = ($dactionarray = unserialize($db->result($query, 0))) ? $dactionarray : array();

if(in_array($action, $dactionarray)) {

cpheader();

cpmsg('action_noaccess');

}

} elseif($adminid == 2 || $adminid == 3) {

if($action == 'home') {

$cpscript = 'home';

} elseif((($allowedituser || $allowbanuser) && ($action == 'editmember' || $action == 'banmember')) || ($allowbanip && $action == 'ipban')) {

$cpscript = 'members';

} elseif($action == 'forumrules' || $action == 'forumrecommend') {

$cpscript = 'forums';

} elseif($allowpostannounce && $action == 'announcements') {

$cpscript = 'announcements';

} elseif(($allowmoduser && $action == 'modmembers') || ($allowmodpost && ($action == 'modthreads' || $action == 'modreplies'))) {

$cpscript = 'moderate';

} elseif(($allowcensorword && $action == 'censor') || $action == 'logout') {

$cpscript = 'misc';

} elseif($allowmassprune && $action == 'prune') {

$cpscript = 'prune';

} elseif($action == 'plugins') {

$cpscript = 'plugins';

} elseif($allowviewlog && ($action == 'ratelog' || $action == 'modslog' || $action == 'banlog')) {

$cpscript = 'logs';

}

if($cpscript) {

require_once DISCUZ_ROOT.'./admin/'.$cpscript.'.inc.php'; //根据上面不同的cpscript跳转到不同的页面

} else {

cpheader(); //该函数查看/admin/global.func.php

cpmsg('noaccess'); //该函数查看/admin/global.func.php

}

if($action != 'menu' && $action != 'header') {

cpfooter(); //该函数查看/admin/global.func.php

}

output();

function loginmsg($message, $url_forward = '', $msgtype = 'message') {

extract($GLOBALS, EXTR_SKIP);

$action = dhtmlspecialchars($action); //特殊字符转换成HTML

$message = isset($msglang[$message]) ? $msglang[$message] : $message;

if($msgtype == 'message') {

$message = '<tr><td> </td><td align="center" colspan="3" >'.$message; //已登陆的用户名

if($url_forward) {

$message .= "<br /><br /><a href="$url_forward">dssd$lang[message_redirect]</a>";

$url_forward = transsid($url_forward);

$message .= "<script> setTimeout("redirect('$url_forward');", 1250);</script><br /><br /><br /></td><td> </td></tr>";

} else {

$message .= '<br /><br /><br />';

}

} else {

$extra = isset($action) && empty($frames) && $action != 'logout' ? '?frames=yes&'.$_SERVER['QUERY_STRING'] : (in_array($action, array('header', 'menu', 'logout')) ? '' : '?'.$_SERVER['QUERY_STRING']);

$message = '<form method="get" name="login" action="admincp.php'.$extra.'">'. //后台管理登陆页面效果

'<input type="hidden" name="sid" value="'.$sid.'">'. //用户UID

'<input type="hidden" name="frames" value="yes>'.

'<input type="hidden" name="url_forward" value="'.$url_forward.'">'.

'<tr><td> </td><td align="right">'.$lang['username'].':</td>'. //显示“用户名”三字

'<td>'.$discuz_user.'</td><td><a href="'.$link_logout.'&referer='.$indexname.'" target="_blank">'.$lang['menu_logout'].'</a></td>'. //先前登陆的用户名。及退出按扭.$link_logout可以取到提交当前页面的父页面地址，$indexname为退出管理界面后跳转的最终界面页，此时为index.php,所以在点击退出后最终会进入论坛首页

'<td> </td></tr>'.

'<tr><td> </td><td align="right">'.$lang['password'].':</td><td><input type="password" name="admin_password" size="25"></td>'. //显示“密码”两字

'<td> </td><td>  </td></tr>'.

'<tr><td> </td><td class="line1"> </td>'.

'<td class="line1" align="center"><input type="submit" class="button" value="'.$lang['submit'].'" /></form><script language="JavaScript">document.login.admin_password.focus();</script></td>'. //提交按扭，调用JS使光标自动移动按扭上，使回车符有效

'<td class="line1"> </td><td> </td></tr>';

}

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Discuz! Administrator's Control Panel</title>

</head>

if(self.parent.frames.length != 0) {

self.parent.location=document.location;

}

function redirect(url) {

window.location.replace(url);

}