Login   Register  
PHP Classes
elePHPant
Icontem

File: class/rex.class.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of David Ferreira  >  Rex  >  class/rex.class.php  >  Download  
File: class/rex.class.php
Role: Class source
Content type: text/plain
Description: The class itself
Class: Rex
Check proxy addresses and filter Javascript
Author: By
Last change: Rex v1.1 features:
- Proxy port scan can be disabled (in some cases, it blocks users that have port 80 open in their router configuration)
- Added checkspamcop() that checks if a user IP is registered as spammer on Spamcop.net (can be enabled/diabled)
- Function filtraxss() renamed to checkxss() because it really checks the presence of malicious xss doesn't filter anything
- Function checkxss() only accepts arrays
- Added filterxss() that removes or disables tags
- Added checksize_db_data() that can be used to check for data size before inserting in database
- Added filtersql() that escapes special characters in a string for use in a SQL statement
- Portuguese variables renamed to english for better understanding the code to a larger community
Date: 6 years ago
Size: 7,264 bytes
 

Contents

Class file image Download
<?php
/**
 * @name Rex
 * @version 1.1
 * @author David Sopas Ferreira <coder at davidsopas dot com>
 * @copyright 2008
 * 
 * Changelog:
 * 
 * v1.1
 * - Proxy port scan can be disabled (in some cases, it blocks users that have port 80 open in their router configuration)
 * - Added checkspamcop() that checks if a user IP is registered as spammer on Spamcop.net (can be enabled/diabled)
 * - Function filtraxss() renamed to checkxss() because it really checks the presence of malicious xss doesn't filter anything
 * - Function checkxss() only accepts arrays
 * - Added filterxss() that removes or disables tags
 * - Added checksize_db_data() that can be used to check for data size before inserting in database
 * - Added filtersql() that escapes special characters in a string for use in a SQL statement
 * - Portuguese variables renamed to english for better understanding the code to a larger community
 * 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */

class Rex
{
    
// Set the values to your needs (fit your needs)
    
private $logfile "rexlog.txt"// The log file, I recommend to put it on a protected directory
    
private $timeout 5// Timeout for the IP verification
    
private $lockscan 1// 0 - enable proxy port scan | 1 - disable proxy port scan
    
private $lockspamcop 0// 0 - enable spamcop check | 1 - disable spamcop check
    // -------------------------------------------------------------------------------------------------

    // Function that checks if the IP is listed on any spam blacklist on spamcop.net
    
public function checkspamcop($ip)
    {
        if (
$this->lockspamcop == 0)
        {
            
$handle = @fopen("http://www.spamcop.net/w3m?action=checkblock&ip=$ip""rb");
            
stream_set_timeout($handle$timeout);
            
$contents "";
            while (!
feof($handle))
            {
                
$contents .= @fread($handle8192);
            }
            
fclose($handle);
            if (
preg_match("/$ip listed in [\w]*\.spamcop\.net/"$contents))
            {
                return 
true;
            } else
            {
                return 
false;
            }
        }
    }

    
// Function that checks if the IP is possibly a PROXY
    
public function checkip($ip)
    {
        if (
$this->lockscan == 0)
        {
            
// Array with the proxy ports, you can add more if you want
            
$ports = array(8031288080);
            
// Flag to be returned: 0 safe - 1 open and unsafe
            
$flag 0;
            foreach (
$ports as $port)
            {
                @
$fp fsockopen($ip$port$errno$errstr$this->timeout);
                
// Check if fp return something
                
if (!empty($fp))
                {
                    
$flag 1;
                    
fclose($fp);
                }
            }
            return 
$flag;
        }
    }

    
// Function that checks $_GET , $_POST , $_SESSION , $_COOKIE or any other arrays for XSS malicious code
    
public function checkxss($filter)
    {
        if (
is_array($filter))
        {
            foreach (
$filter as $check_array)
            {
                if ((
eregi("<[^>]*script*\"?[^>]*>"$check_array)) || (eregi("<[^>]*object*\"?[^>]*>",
                    
$check_array)) || (eregi("<[^>]*iframe*\"?[^>]*>"$check_array)) || (eregi("<[^>]*applet*\"?[^>]*>",
                    
$check_array)) || (eregi("<[^>]*meta*\"?[^>]*>"$check_array)) || (eregi("<[^>]*style*\"?[^>]*>",
                    
$check_array)) || (eregi("<[^>]*form*\"?[^>]*>"$check_array)) || (eregi("\([^>]*\"?[^)]*\)",
                    
$check_array)) || (eregi("\""$check_array)))
                {
                    return 
true;
                } else
                {
                    return 
false;
                }
            }
            unset(
$check_array);
        } else
        {
            echo 
"ERROR: function checkxss() only can treat arrays.";
        }
    }

    
// Function that filters tags, preventing HTML injections or XSS attacks on variables
    // Option: 0- removes tags 1- disables html
    
public function filterxss($filter$option)
    {
        if (
$option == 0)
        {
            
$filtered strip_tags($filter);
            return 
$filtered;
        } elseif (
$option == 1)
        {
            
$filtered htmlspecialchars($filter);
            return 
$filtered;
        } else
        {
            return 
"ERROR: function filterxss() doesn't have that option available.";
        }
    }

    
// Function that checks for the right size of data that will be inserted in the database
    
public function checksize_db_data($data$minsize$maxsize)
    {
        if (
strlen($data) < $minsize || strlen($data) > $maxsize)
        {
            return 
false;
        } else
        {
            return 
true;
        }
    }

    
// Function that escapes special characters in a string for use in a SQL statement
    
public function filtersql($data)
    {
        
// Strips whitespaces or other characters from the beginning and end of $data
        
$filtered trim($data);
        
$filtered mysql_real_escape_string($filtered);
        return 
$filtered;
    }

    
// Function that records all the data in a log file
    
public function recordlog($ip$error)
    {
        if (
is_writable($this->logfile))
        {
            if (
$this->lockscan == 0)
            {
                if (
$this->checkip("$ip") == 1)
                {
                    
$proxy "Possible PROXY";
                } else
                {
                    
$proxy "";
                }
            }
            if (
$this->lockspamcop == 0)
            {
                if (
$this->checkspamcop("$ip") == true)
                {
                    
$spamcop "(IP is listed as spammer on Spamcop.net)";
                } else
                {
                    
$spamcop "";
                }
            }

            
$fp fopen($this->logfile'a+');

            
// Data that will be stored in the log file
            
$information "[IP]: " $ip $proxy " $spamcop;
            
$information .= " [Date and time]: " date("Y/m/d - H:i:s");
            
$information .= " [Error]: " $error "\n\n";
            
fwrite($fp$information);
            
fclose($fp);
        } else
        {
            echo 
"ERROR: Log file don't have write permissions, please fix it (eg: CHMOD 777 filename.txt).";
        }
    }
}
?>