Discuz发帖机Python版
2010年03月19日 9:54 上午 | 分类:python
流程:
1、获取logging.php?action=login页的源代码,分析得到fromhash
2、输入用户名与密码,POST至/logging.php?action=login&loginsubmit=yes地址
3、得到cookie并保存
4、访问发帖页面并附带上cookie
我承认我在DZ上有RPWT
2009年06月22日 4:13 下午 | 分类:Develop
操作cdb_sessions表,发现大量的locked,直接后果就是mysql无法响应WEB的请求,WEB无法响应浏览器端的请求。
太壮观:
+-------+------+-----------+--------+---------+------+--------+------------------------------------------------------------------------------------------------------+
| Id | User | Host | db | Command | Time | State | Info |
+-------+------+-----------+--------+---------+------+--------+------------------------------------------------------------------------------------------------------+
| 84082 | root | localhost | discuz | Query | 54 | update | INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, acti |
| 84083 | root | localhost | discuz | Query | 54 | Locked | DELETE FROM cdb_sessions WHERE sid='Z71z19' OR lastactivity<(1245657270-900) OR ('0'<>'0' AND uid=' |
| 84084 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84086 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84085 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84087 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84088 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84089 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84090 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84091 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84092 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84093 | root | localhost | discuz | Query | 54 | Locked | DELETE FROM cdb_sessions WHERE sid='wsX92s' OR lastactivity<(1245657270-900) OR ('0'<>'0' AND uid=' |
| 84095 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84096 | root | localhost | discuz | Query | 54 | Locked | DELETE FROM cdb_sessions WHERE sid='Ra5ZqL' OR lastactivity<(1245657270-900) OR ('0'<>'0' AND uid=' |
| 84094 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
| 84097 | root | localhost | discuz | Query | 54 | Locked | SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, l |
| 84100 | root | localhost | discuz | Query | 54 | Locked | SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, l |
| 84099 | root | localhost | discuz | Query | 54 | Locked | SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions WHERE uid <> 0 |
最为BT的是,这些locked形成之后,必须重启mysql才行
寻Apache2下Discuz高性能配置方案
2009年04月28日 9:42 下午 | 分类:Develop
服务器品牌 DELL
服务器型号 PE1850
cpu类型 Intel Xeon 2.80GHz
cpu个数 2
内存条类型 512M
内存条个数 2
硬盘类型1 36G
硬盘个数1 1
操作系统:Linux centos2 2.6.18-92.el5
Apache 2.0
PHP 5.2.9
目前300并发,持续时间1小时
测试截图:
已安装Discuz7.0版,目前论坛并无帖子。
下午进行LoadRunner测试,
100用户并发时,响应时间在1.5s左右。
400用户并发时,响应时间约为3s,但每秒连接数一直处于170左右,无法继续上升。
此时,web服务器CPU占用70%-80%
Db服务器为2%,基本无压力。
在网上看到一些文章,Apache在配置正确的情况下基本上可以处理每秒2K的并发请求,但今天的测试让我大跌眼镜。
响应时间也不够理想,况且这次的测试只是测了首页的访问,而且首页是做了缓存处理的。
最开始是怀疑httpd.conf中最大连接数没有设置正确,改动后重启Apache依然如此。
最令人担忧的是居高不下的CPU占用率。
希望有在Apache下配置Discuz经验的大虾们能给一个合理的配置方案。
Discuz中的同步登录
2009年03月8日 12:40 下午 | 分类:Develop
依附于Discuz UCenter的子应用都会有一个选项:
意思很明白了,那它是如何实现的呢?
UC/Control/user.php中有一个onsynlogin方法,这里就是处理同步登录的。
function onsynlogin() {
$this->init_input();
$uid = $this->input('uid');
if($this->app['synlogin']) {
if($this->user = $_ENV['user']->get_user_by_uid($uid)) {
$synstr = '';
foreach($this->cache['apps'] as $appid => $app) {
if($app['synlogin'] && $app['appid'] != $this->app['appid']) {
$synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/uc.php?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogin&username='.$this->user['username'].'&uid='.$this->user['uid'].'&password='.$this->user['password']."&time=".$this->time, 'ENCODE', $app['authkey'])).'" reload="1"></script>';
}
}
return $synstr;
}
}
return '';
}
当调用该方法时,实际上会去调用该应用下api/uc.php文件,将用户名、密码及时间戳做为参数传递。
以上是实现的第一步。
第二步,当应用接收到UC的请求后,会调用uc_note类中的synlogin方法,该方法的核心是送一个P3P的HTTP头,然后种下COOKIE。
$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$uid = intval($uid);
$query = $this->db->query("SELECT username, uid, password, secques FROM ".$this->tablepre."members WHERE uid='$uid'");
if($member = $this->db->fetch_array($query)) {
_setcookie('sid', '', -86400 * 365);
_setcookie('cookietime', $cookietime, 31536000);
_setcookie('auth', _authcode("$member[password]t$member[secques]t$member[uid]", 'ENCODE', $discuz_auth_key), $cookietime);
} else {
_setcookie('cookietime', $cookietime, 31536000);
_setcookie('loginuser', $username, $cookietime);
_setcookie('activationauth', _authcode($username, 'ENCODE', $discuz_auth_key), $cookietime);
}
对于Disucz这种基于COOKIE验证的应用来说,就实现了同步登录。
