File phpshop/class/security.class.php

  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209:

<?php

/**

 * @author PHPShop Software
 * @version 1.5
 * @package PHPShopClass
 * @subpackage Helper
 */
class PHPShopSecurity {

    /**

     * @return bool
     */
    static function true_param() {
        $Arg = func_get_args();
        foreach ($Arg as $val) {
            if (empty($val))
                return false;
        }
        return true;
    }

    /**


     * @return mixed
     */
    static function getExt($sFileName) {
        $sTmp = $sFileName;
        while ($sTmp != "") {
            $sTmp = strstr($sTmp, ".");
            if ($sTmp != "") {
                $sTmp = substr($sTmp, 1);
                $sExt = $sTmp;
            }
        }
        $pos = stristr($sFileName, "php");
        if ($pos === false)
            return strtolower($sExt);
    }

    /**


     * @return string
     */
    static function CleanStr($str) {
        $str = str_replace("\/", "|", $str);
        //$str = str_replace("\"", "", $str);
        $str = str_replace("\\", "", $str);
        return str_replace("'", "", $str);
    }

    /**


     * @return string
     */
    static function CleanOut($str) {
        $str = stripslashes($str);
        $str = preg_replace('([\r\n\t;])', '', $str);
        $str = @html_entity_decode($str,null,'windows-1251');
        
        return $str;
    }

    /**


     * @return bool
     */
    static function true_email($email) {
        if (strlen($email) > 100)
            return FALSE;
        return preg_match("/^([a-z0-9_\.-]+@[a-z0-9_\.\-]+\.[a-z0-9_-]{2,6})$/i", trim($email));
    }

    /**


     * @return bool
     */
    static function true_login($login) {
        return preg_match("/^[a-zA-Z0-9_\.]{2,20}$/", trim($login));
    }
    
    
    /**


     * @return bool
     */
    static function true_skin($skin) {
        return preg_match("/^[a-zA-Z0-9\-_\.\/]{2,30}$/", trim($skin));
    }

    /**


     * @return bool
     */
    static function true_order($num) {
        return preg_match("/^[0-9-]{4,20}$/", $num);
    }

    /**


     * @return bool
     */
    static function true_num($num) {
        return preg_match("/^[0-9]{1,20}$/", $num);
    }

    /**


     * @return bool
     */
    static function true_passw($passw) {
        return preg_match("/^[a-zA-Z0-9_]{4,20}$/", trim($passw));
    }

    /**



     * @return mixed
     */
    static function TotalClean($str, $flag = 2) {

        switch ($flag) {
            case 1:
                if (!preg_match("/([0-9])/", $str))
                    $str = "0";
                return abs($str);
                break;

            case 2:
                return htmlspecialchars(stripslashes($str),ENT_QUOTES,'windows-1251');
                break;

            case 3:
                if (!preg_match("/^([a-z0-9_\.-]+@[a-z0-9_\.\-]+\.[a-z0-9_-]{2,6})$/i", $str))
                    $str = "";
                return $str;
                break;

            case 4:
                if (preg_match("/[^(\w)|(\x7F-\xFF)|(\s)]/", $str))
                    $str = "";
                return htmlspecialchars(stripslashes($str),ENT_QUOTES,'windows-1251');
                break;

            case 5:
                if (preg_match("/[^(0-9)|(\-)|(\.]/", $str))
                    $str = 0;
                return $str;
                break;
        }
    }

    /**

     * @param string $search
     */
    static function RequestSearch($search) {
        $pathinfo = pathinfo($_SERVER['PHP_SELF']);
        $f = $pathinfo['basename'];
        if (empty($_SESSION['theme']))
            $_SESSION['theme'] = 'classic';
        $com = array("union", "select", "insert", "update", "delete");
        $mes = '' . $_SERVER['PHP_SELF'] . '';
        $mes2 = "";
        foreach ($com as $v)
            if (@preg_match("/" . $v . "/i", $search))
                exit($mes . ' <b style="color:red">' . $v . '</b>' . $mes2);
    }

    /**

     * @param string $search
     * @return strong
     */
    static function true_search($search) {
        $count = strlen($search);
        $search = strtolower($search);
        $i = 0;
        while ($i < ($count / 7)) {
            $search = str_replace("'", "", $search);
            $search = str_replace("\\", "", $search);
            $search = str_replace("union", "", $search);
            $search = str_replace("select", "", $search);
            $search = str_replace("insert", "", $search);
            $search = str_replace("delete", "", $search);
            $search = str_replace(")", "", $search);
            $search = str_replace("(", "", $search);
            $i++;
        }

        if (!empty($search))
            return trim($search);
    }

}

?>

Packages

Classes

Functions