Discuz7php源码,该如何解决

$loadctrl) { header("HTTP/1.0 503 Service Unavailable"); include DISCUZ_ROOT.'./include/serverbusy.htm'; exit(); }}}//包含其他的缓存文件if(in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'topicadmin', 'register', 'archiver'))) {$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT;}//连接数据库,完毕之后设置这些值为NULL$db = new dbstuff;$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);$dbuser = $dbpw = $pcOnnect= $sdb = NULL;//乱七八糟的 ,反正就是找到了需要的sid并过滤了就是了 $transsidstatus我也没找到在哪//看看是不是后台设置了通过sid传输的那个东东，还有是不是通过wap访问的，//还有是不是有sid这个东东在$_GET或$_POST这两个的任何一个中，//以上结论都成立的话从GET中获得sid，不成立的话从$_DCOOKIE中获得。$sid = daddslashes(($transsidstatus || CURSCRIPT == 'wap') && (isset($_GET['sid']) || isset($_POST['sid'])) ?(isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) :(isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));//如果当前脚本是attachment sid是通过GET方式获得就加密然后过滤它CURSCRIPT == 'attachment' && isset($_GET['sid']) && $sid = addslashes(authcode($_GET['sid'], 'DECODE', $_DCACHE['settings']['authkey']));//设置一个$discuz_auth_key，md5加密。。$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);//获得$discuz_pw, $discuz_secques, $discuz_uid这三个变量，分别对应密码，提示问题和uid。//强制过滤了这3个值list($discuz_pw, $discuz_secques, $discuz_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1);//第一行是初始化变量用的（无论何时用变量都要考虑初始化，要不然安全性不值得一提）//接下来是判断是不是有sid,有的话就从cdb_session表中取来，然后连接一下cdb_members表取出东西//在$membertablefields这个变量里面已经全面写出来了//标记了一个sessionexist变量，表示这个会员是在线的。$prompt = $sessiOnexists= $seccode = 0;$membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts,m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,m.lastvisit, m.lastactivity, m.lastpost, m.prompt, m.accessmasks, m.editormode, m.customshow, m.customaddfeed';if($sid) {if($discuz_uid) { $query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields FROM {$tablepre}sessions s, {$tablepre}members m WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'");} else { $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'");}if($_DSESSION = $db->fetch_array($query)) { $sessiOnexists= 1; if(!empty($_DSESSION['sessionuid'])) { $_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT $membertablefields FROM {$tablepre}members m WHERE uid='$_DSESSION[sessionuid]'")); }} else { if($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'")) { clearCOOKIEs(); $sessiOnexists= 1; }}}//如果不在线执行//如果COOKIE不正确就清除//如果IP是被办的 就被办的(标记了一下)//写入一个随机值写入到SID SECCODEif(!$sessionexists) {if($discuz_uid) { if(!($_DSESSION = $db->fetch_first("SELECT $membertablefields, m.styleid FROM {$tablepre}members m WHERE m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"))) { clearCOOKIEs(); }}