PHP Classes

Security Helper: Validate user input for security purposes

Recommend this page to a friend!
  Info   View files Example   View files View files (3)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-10 (3 days ago) RSS 2.0 feedNot enough user ratingsTotal: 322 This week: 2All time: 7,205 This week: 220Up
Version License PHP version Categories
security-helper 13The PHP License5.3Security
Description 

Author

This class can validate user input for security purposes.

It can validate request values to check if they are of expected types like dates, integers, email, float, array or string.

The class can also filter values to prevent cross-site scripting attacks (XSS) attacks, and create hashes of passwords for subsequent password verification.

Picture of Pouya Darabi
  Performance   Level  
Name: Pouya Darabi <contact>
Classes: 1 package by
Country: Canada Canada

Example

<?php
// require class
require_once 'SecurityHelper.php';
// get instance
$sec = SecurityHelper::getInstance();

$endl = '<br />';
echo
'<pre>';

echo
$endl,'|-------- Xss Test --------------|',$endl;
// clean input from xss
// input can be array or string

$xss = 'hi <script>alert(1)</script>'; // before

echo $sec->CleanXss($xss); // after

$xssarray = array('hi <script>alert(1)</script>','hi <script>alert(1)</script>','hi <script>alert(1)</script>',132 => array('hi <script>alert(1)</script>')); // before

print_r($sec->CleanXss($xssarray)); // after

echo $endl,'|-------- Xss Test --------------|',$endl;



echo
$endl,'|-------- File Upload Cleaner Test --------------|',$endl;
// clean un allowed char from upload file name
// some one try to upload this file to replace site header
// function remove special chars and safe it for use
$replace_heder = '../../img/header.jpg'; // before

echo $sec->CleanFileChar($replace_heder); // after


echo $endl,'|-------- File Upload Cleaner Test --------------|',$endl;


echo
$endl,'|-------- Csrf Generator Test --------------|',$endl;

// generate token for csrf check
echo $sec->CsrfTokenGenerator(); // can be $_SESSION['token'] = $sec->CsrfTokenGenerator();


echo $endl,'|-------- Csrf Generator Test --------------|',$endl;


echo
$endl,'|-------- Crypt Test --------------|',$endl;
// hash password and check password is correct

$pass = '123456'; // before
$wrongpass = '123';

// my seggest (more secure) bcrypt
$obj = $sec->MyCrypt($pass);

$hash = $obj->hash;
$salt = $obj->salt;

echo
'hash : '.$hash,' | salt :'.$salt , $endl;
var_dump($sec->CheckMyCrypt($wrongpass, $hash, $salt)); // false
var_dump($sec->CheckMyCrypt($pass, $hash, $salt)); // true

// salted md5 (change salt in file if u want)
$hashed = $sec->MyMD5($pass);

echo
'MD5 : '.$hashed,$endl;
var_dump($sec->CheckMyMD5($wrongpass, $hashed)); // false
var_dump($sec->CheckMyMD5($pass, $hashed)); // true

//$ = $sec->MyCrypt($pass);


echo $endl,'|-------- Crypt Test --------------|',$endl;


echo
$endl,'|-------- DataType Test --------------|',$endl;
// check data type
$int = 11;
$email = 'a@mail.com';
$date = '2014-01-01 22:22:22';

var_dump($sec->CheckType($date, $sec->Type_Date));
var_dump($sec->CheckType($email, $sec->Type_Email));
var_dump($sec->CheckType($int, $sec->Type_Integer));

echo
$endl,'|-------- DataType Test --------------|',$endl;


echo
'</pre>';


Details

This class can validate user input for security purposes.

It can validate request values to check if they are of expected types like dates, integers, email, float, array or string.

The class can also filter values to prevent cross-site scripting attacks (XSS) attacks, and create hashes of passwords for subsequent password verification.


  Files folder image Files  
File Role Description
Plain text file SecurityHelper.php Class main class
Accessible without login Plain text file examples.php Example Example script
Accessible without login Plain text file README.md Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
 100%
Total:322
This week:2
All time:7,205
This week:220Up