PHP Classes

File: examples.php

Recommend this page to a friend!
  Classes of Pouya Darabi   Security Helper   examples.php   Download  
File: examples.php
Role: Example script
Content type: text/plain
Description: Example script
Class: Security Helper
Validate user input for security purposes
Author: By
Last change: Update of examples.php
Date: 9 months ago
Size: 2,551 bytes
 

Contents

Class file image Download
<?php
// require class
require_once 'SecurityHelper.php';
// get instance
$sec = SecurityHelper::getInstance();

$endl = '<br />';
echo
'<pre>';

echo
$endl,'|-------- Xss Test --------------|',$endl;
// clean input from xss
// input can be array or string

$xss = 'hi <script>alert(1)</script>'; // before

echo $sec->CleanXss($xss); // after

$xssarray = array('hi <script>alert(1)</script>','hi <script>alert(1)</script>','hi <script>alert(1)</script>',132 => array('hi <script>alert(1)</script>')); // before

print_r($sec->CleanXss($xssarray)); // after

echo $endl,'|-------- Xss Test --------------|',$endl;



echo
$endl,'|-------- File Upload Cleaner Test --------------|',$endl;
// clean un allowed char from upload file name
// some one try to upload this file to replace site header
// function remove special chars and safe it for use
$replace_heder = '../../img/header.jpg'; // before

echo $sec->CleanFileChar($replace_heder); // after


echo $endl,'|-------- File Upload Cleaner Test --------------|',$endl;


echo
$endl,'|-------- Csrf Generator Test --------------|',$endl;

// generate token for csrf check
echo $sec->CsrfTokenGenerator(); // can be $_SESSION['token'] = $sec->CsrfTokenGenerator();


echo $endl,'|-------- Csrf Generator Test --------------|',$endl;


echo
$endl,'|-------- Crypt Test --------------|',$endl;
// hash password and check password is correct

$pass = '123456'; // before
$wrongpass = '123';

// my seggest (more secure) bcrypt
$obj = $sec->MyCrypt($pass);

$hash = $obj->hash;
$salt = $obj->salt;

echo
'hash : '.$hash,' | salt :'.$salt , $endl;
var_dump($sec->CheckMyCrypt($wrongpass, $hash, $salt)); // false
var_dump($sec->CheckMyCrypt($pass, $hash, $salt)); // true

// salted md5 (change salt in file if u want)
$hashed = $sec->MyMD5($pass);

echo
'MD5 : '.$hashed,$endl;
var_dump($sec->CheckMyMD5($wrongpass, $hashed)); // false
var_dump($sec->CheckMyMD5($pass, $hashed)); // true

//$ = $sec->MyCrypt($pass);


echo $endl,'|-------- Crypt Test --------------|',$endl;


echo
$endl,'|-------- DataType Test --------------|',$endl;
// check data type
$int = 11;
$email = 'a@mail.com';
$date = '2014-01-01 22:22:22';

var_dump($sec->CheckType($date, $sec->Type_Date));
var_dump($sec->CheckType($email, $sec->Type_Email));
var_dump($sec->CheckType($int, $sec->Type_Integer));

echo
$endl,'|-------- DataType Test --------------|',$endl;


echo
'</pre>';