<?php
/*
This example shows how this class can be used to detect intrusions and halt the system.
It is good to be used at the header of every web page you have.
The sensitivity can be set via constants like HF_IDS::VIRUSES.
Strict constants are not recommended, unless your input data is extremely limited.
Usage: open the browser and go to http://127.0.0.1/hf_ids/example.php?param1=<?php
*/
require("HF_IDS.class.php");
//Here we create an instance of this class and set its sensitivity
//If we do not pass the sensitivity array, the default sensitivity will be array(self::VIRUSES,self::DIRECTORY_TRESPASSING,self::SQL_INJECTION)
$ids=HF_IDS::getInstance(array(HF_IDS::VIRUSES,HF_IDS::DIRECTORY_TRESPASSING,HF_IDS::VIRUSES_RESTRICT,HF_IDS::SQL_INJECTION,HF_IDS::SQL_INJECTION_RESTRICT,HF_IDS::CODE_INJECTION,HF_IDS::CODE_INJECTION_RESTRICT));
try{
/*
Here we check the input ($_REQUEST)
You may also use $ids->checkInputSecurity($_GET); or $ids->checkInputSecurity($_POST); to check only GET or POST
*/
$ids->checkInputSecurity();
}catch(Exception $e)
{
echo "INPUT: ";
print_r($ids->getDangerousErrorDetail());
die();
}
try{
/*
Here we check the uploaded files
The first param is the length to be checked (in bytes).
The second param is the sensitivity array.
Please note that sensitivity must be less restrict here since the content of normal files (like images) may include restricted phrases like `<?`
*/
$ids->checkUploadSecurity(10000,array(HF_IDS::VIRUSES,HF_IDS::VIRUSES_RESTRICT,HF_IDS::CODE_INJECTION));
}catch(Exception $e)
{
echo "UPLOAD: ";
print_r($ids->getDangerousErrorDetail());
die();
}
echo "
<form method='post' action='' enctype='multipart/form-data'>
<input type='file' name='file1'>
<input type='submit'>
</form>
";
?>
|