PHP Classes

File: class/rex.class.php

Recommend this page to a friend!
  Classes of David Ferreira   Rex   class/rex.class.php   Download  
File: class/rex.class.php
Role: Class source
Content type: text/plain
Description: The class itself
Class: Rex
Check proxy addresses and filter Javascript
Author: By
Last change: Rex v1.1 features:
- Proxy port scan can be disabled (in some cases, it blocks users that have port 80 open in their router configuration)
- Added checkspamcop() that checks if a user IP is registered as spammer on Spamcop.net (can be enabled/diabled)
- Function filtraxss() renamed to checkxss() because it really checks the presence of malicious xss doesn't filter anything
- Function checkxss() only accepts arrays
- Added filterxss() that removes or disables tags
- Added checksize_db_data() that can be used to check for data size before inserting in database
- Added filtersql() that escapes special characters in a string for use in a SQL statement
- Portuguese variables renamed to english for better understanding the code to a larger community
Date: 15 years ago
Size: 7,264 bytes
 

Contents

Class file image Download
<?php
/**
 * @name Rex
 * @version 1.1
 * @author David Sopas Ferreira <coder at davidsopas dot com>
 * @copyright 2008
 *
 * Changelog:
 *
 * v1.1
 * - Proxy port scan can be disabled (in some cases, it blocks users that have port 80 open in their router configuration)
 * - Added checkspamcop() that checks if a user IP is registered as spammer on Spamcop.net (can be enabled/diabled)
 * - Function filtraxss() renamed to checkxss() because it really checks the presence of malicious xss doesn't filter anything
 * - Function checkxss() only accepts arrays
 * - Added filterxss() that removes or disables tags
 * - Added checksize_db_data() that can be used to check for data size before inserting in database
 * - Added filtersql() that escapes special characters in a string for use in a SQL statement
 * - Portuguese variables renamed to english for better understanding the code to a larger community
 *
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */

class Rex
{
   
// Set the values to your needs (fit your needs)
   
private $logfile = "rexlog.txt"; // The log file, I recommend to put it on a protected directory
   
private $timeout = 5; // Timeout for the IP verification
   
private $lockscan = 1; // 0 - enable proxy port scan | 1 - disable proxy port scan
   
private $lockspamcop = 0; // 0 - enable spamcop check | 1 - disable spamcop check
    // -------------------------------------------------------------------------------------------------

    // Function that checks if the IP is listed on any spam blacklist on spamcop.net
   
public function checkspamcop($ip)
    {
        if (
$this->lockspamcop == 0)
        {
           
$handle = @fopen("http://www.spamcop.net/w3m?action=checkblock&ip=$ip", "rb");
           
stream_set_timeout($handle, $timeout);
           
$contents = "";
            while (!
feof($handle))
            {
               
$contents .= @fread($handle, 8192);
            }
           
fclose($handle);
            if (
preg_match("/$ip listed in [\w]*\.spamcop\.net/", $contents))
            {
                return
true;
            } else
            {
                return
false;
            }
        }
    }

   
// Function that checks if the IP is possibly a PROXY
   
public function checkip($ip)
    {
        if (
$this->lockscan == 0)
        {
           
// Array with the proxy ports, you can add more if you want
           
$ports = array(80, 3128, 8080);
           
// Flag to be returned: 0 safe - 1 open and unsafe
           
$flag = 0;
            foreach (
$ports as $port)
            {
                @
$fp = fsockopen($ip, $port, $errno, $errstr, $this->timeout);
               
// Check if fp return something
               
if (!empty($fp))
                {
                   
$flag = 1;
                   
fclose($fp);
                }
            }
            return
$flag;
        }
    }

   
// Function that checks $_GET , $_POST , $_SESSION , $_COOKIE or any other arrays for XSS malicious code
   
public function checkxss($filter)
    {
        if (
is_array($filter))
        {
            foreach (
$filter as $check_array)
            {
                if ((
eregi("<[^>]*script*\"?[^>]*>", $check_array)) || (eregi("<[^>]*object*\"?[^>]*>",
                   
$check_array)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_array)) || (eregi("<[^>]*applet*\"?[^>]*>",
                   
$check_array)) || (eregi("<[^>]*meta*\"?[^>]*>", $check_array)) || (eregi("<[^>]*style*\"?[^>]*>",
                   
$check_array)) || (eregi("<[^>]*form*\"?[^>]*>", $check_array)) || (eregi("\([^>]*\"?[^)]*\)",
                   
$check_array)) || (eregi("\"", $check_array)))
                {
                    return
true;
                } else
                {
                    return
false;
                }
            }
            unset(
$check_array);
        } else
        {
            echo
"ERROR: function checkxss() only can treat arrays.";
        }
    }

   
// Function that filters tags, preventing HTML injections or XSS attacks on variables
    // Option: 0- removes tags 1- disables html
   
public function filterxss($filter, $option)
    {
        if (
$option == 0)
        {
           
$filtered = strip_tags($filter);
            return
$filtered;
        } elseif (
$option == 1)
        {
           
$filtered = htmlspecialchars($filter);
            return
$filtered;
        } else
        {
            return
"ERROR: function filterxss() doesn't have that option available.";
        }
    }

   
// Function that checks for the right size of data that will be inserted in the database
   
public function checksize_db_data($data, $minsize, $maxsize)
    {
        if (
strlen($data) < $minsize || strlen($data) > $maxsize)
        {
            return
false;
        } else
        {
            return
true;
        }
    }

   
// Function that escapes special characters in a string for use in a SQL statement
   
public function filtersql($data)
    {
       
// Strips whitespaces or other characters from the beginning and end of $data
       
$filtered = trim($data);
       
$filtered = mysql_real_escape_string($filtered);
        return
$filtered;
    }

   
// Function that records all the data in a log file
   
public function recordlog($ip, $error)
    {
        if (
is_writable($this->logfile))
        {
            if (
$this->lockscan == 0)
            {
                if (
$this->checkip("$ip") == 1)
                {
                   
$proxy = "Possible PROXY";
                } else
                {
                   
$proxy = "";
                }
            }
            if (
$this->lockspamcop == 0)
            {
                if (
$this->checkspamcop("$ip") == true)
                {
                   
$spamcop = "(IP is listed as spammer on Spamcop.net)";
                } else
                {
                   
$spamcop = "";
                }
            }

           
$fp = fopen($this->logfile, 'a+');

           
// Data that will be stored in the log file
           
$information = "[IP]: " . $ip . " $proxy " . $spamcop;
           
$information .= " [Date and time]: " . date("Y/m/d - H:i:s");
           
$information .= " [Error]: " . $error . "\n\n";
           
fwrite($fp, $information);
           
fclose($fp);
        } else
        {
            echo
"ERROR: Log file don't have write permissions, please fix it (eg: CHMOD 777 filename.txt).";
        }
    }
}
?>