<?php
function customerror($errno, $errstr, $errfile, $errline)
{
echo <b>error number:</b> [$errno],error on line $errline in $errfile<br />;
die();
}
set_error_handler(customerror,e_error);
$getfilter='|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|< \\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert \\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate) \\s+(table|database);
$postfilter=\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/ \\*.+?\\*\\/|<\\s*script\\b|\\bexec \\b|union.+?select|update.+?set|insert\\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database);
$cookiefilter=\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/ \\*.+?\\*\\/|<\\s*script\\b|\\bexec \\b|union.+?select|update.+?set|insert\\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database);
function stopattack($strfiltkey,$strfiltvalue,$arrfiltreq)
{
if(is_array($strfiltvalue))
{
$strfiltvalue=implode($strfiltvalue);
}
if (preg_match(/.$arrfiltreq./is,$strfiltvalue)==1&&!isset($_request['securitytoken']))
{
slog(<br><br>操作ip: .$_server[remote_addr].<br>操作时间: .strftime(%y-%m-%d %h:%m:%s).<br>操作页面:.$_server[php_self].<br>提交方式: .$_server[request_method].<br>提交参数: .$strfiltkey.<br>提交数据: .$strfiltvalue);
print result notice:illegal operation!;
exit();
}
}
foreach($_get as $key=>$value)
{
stopattack($key,$value,$getfilter);
}
foreach($_post as $key=>$value)
{
stopattack($key,$value,$postfilter);
}
foreach($_cookie as $key=>$value)
{
stopattack($key,$value,$cookiefilter);
}
function slog($logs)
{
$toppath=log.htm;
$ts=fopen($toppath,a+);
fputs($ts,$logs.\r\n);
fclose($ts);
}
?>
|