<?php
class Security {
private $sql = NULL;
public function __construct() {
$this->sql = new MySQL();
$this->security_slashes($_GET);
$this->security_slashes($_POST);
$this->security_slashes($_COOKIE);
// $this->check_data();
// $this->security_slashes($_SESSION);
// $this->unregister_globals();
}
private function check_data() {
$request = strtolower(urldecode($_SERVER['QUERY_STRING']));
$protarray = array("union","drop","select","into","where","update ","from","/*","set ",$this->sql->prefix."users ",$this->sql->prefix."users(",$this->sql->prefix."user`",$this->sql->prefix."user_groups","phpinfo","escapeshellarg","exec","fopen","fwrite","escapeshellcmd","passthru","proc_close","proc_get_status","proc_nice","proc_open","proc_terminate","shell_exec","system","telnet","ssh","cmd","mv","chmod","chdir","locate","killall","passwd","kill","script","bash","perl","mysql","~root",".history","~nobody","getenv");
$check = str_replace($protarray, '*', $request);
if ($request != $check) die("ERROR: Invalid request detected");
}
public function security_slashes(&$array) {
foreach($array as $key => $value) {
if(is_array($array[$key])) {
$this -> security_slashes($array[$key]);
}
else {
if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) {
$tmp = stripslashes($value);
}
else {
$tmp = $value;
}
if(function_exists("mysql_real_escape_string")) {
$array[$key] = mysql_real_escape_string($tmp);
}
else {
$array[$key] = addslashes($tmp);
}
unset($tmp);
}
}
}
private function unregister_globals() {
if(ini_get("register_globals") == "1") {
$superglobals=array("_GET", "_POST", "_REQUEST", "_ENV", "_FILES", "_SESSION", "_COOKIES", "_SERVER");
foreach($GLOBALS as $key => $value) {
if(!in_array($key, $superglobals) && $key != "GLOBALS") {
unset($GLOBALS[$key]);
}
}
return true;
}
else {
return true;
}
}
}
?>