Login   Register  
PHP Classes
elePHPant
Icontem

File: example1.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Hamed Afshar  >  PHP Intrusion Detection System  >  example1.php  >  Download  
File: example1.php
Role: Example script
Content type: text/plain
Description: Sample usage
Class: PHP Intrusion Detection System
Analyze request input to prevent security attacks
Author: By
Last change:
Date: 2013-10-03 04:38
Size: 1,828 bytes
 

Contents

Class file image Download
<?php
/*
    This example shows how this class can be used to detect intrusions and halt the system.
    It is good to be used at the header of every web page you have.
    The sensitivity can be set via constants like HF_IDS::VIRUSES.
    Strict constants are not recommended, unless your input data is extremely limited.
    
    Usage: open the browser and go to http://127.0.0.1/hf_ids/example.php?param1=<?php
*/
require("HF_IDS.class.php");
//Here we create an instance of this class and set its sensitivity
//If we do not pass the sensitivity array, the default sensitivity will be array(self::VIRUSES,self::DIRECTORY_TRESPASSING,self::SQL_INJECTION)
$ids=HF_IDS::getInstance(array(HF_IDS::VIRUSES,HF_IDS::DIRECTORY_TRESPASSING,HF_IDS::VIRUSES_RESTRICT,HF_IDS::SQL_INJECTION,HF_IDS::SQL_INJECTION_RESTRICT,HF_IDS::CODE_INJECTION,HF_IDS::CODE_INJECTION_RESTRICT));
try{
    
/*
        Here we check the input ($_REQUEST)
        You may also use $ids->checkInputSecurity($_GET); or $ids->checkInputSecurity($_POST); to check only GET or POST
    */
    
$ids->checkInputSecurity();
}catch(
Exception $e)
{
    echo 
"INPUT: ";
    
print_r($ids->getDangerousErrorDetail());
    die();
}
try{
    
/*
        Here we check the uploaded files
        The first param is the length to be checked (in bytes).
        The second param is the sensitivity array.
        Please note that sensitivity must be less restrict here since the content of normal files (like images) may include restricted phrases like `<?`
    */
    
$ids->checkUploadSecurity(10000,array(HF_IDS::VIRUSES,HF_IDS::VIRUSES_RESTRICT,HF_IDS::CODE_INJECTION));
}catch(
Exception $e)
{
    echo 
"UPLOAD: ";
    
print_r($ids->getDangerousErrorDetail());
    die();
}

echo 
"
    <form method='post' action='' enctype='multipart/form-data'>
        <input type='file' name='file1'>
        <input type='submit'>
    </form>
"
;
?>