#native_company# #native_desc#
#native_cta#
PHP Snippets

GET POST COOKIE SECURITY SYSTEM

By Clifford Moore
on March 11, 2009

Version: 1.0

Type: Function

Category: Other

License: GNU General Public License

Description: By Metalfrog Studios
http://metalfrog.co.uk
USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES
It will remove any XSS code as well as make the code safe to store into a database or display on the page 

<?php
/*
Metalfrog Studios (GPL)
http://metalfrog.co.uk
Website Development, website SEO & Graphic Designers

USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES
It will remove any XSS code as well as make the code safe to store into a database or display on the page
*/

/*////////////////////////////////////////////////////////////
//////////////////////////////// Super Globes Security System
*/////////////////////////////////////////////////////////////
if ($_GET) 
	{
  	foreach ($_GET as $k => $v) 
		{
    	$_GET[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		if ($length > 20 )
			{
			$v="";
			}
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_GET[$k]="";
				}
      		$_GET[$k] = intval ($v);
    		}
  		}
	}
if ($_POST) 
	{
  	foreach ($_POST as $k => $v) 
		{
    	$_POST[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		
		if ($length > 20 )
			{
			$_POST[$k]="";
			}
		}
		
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_POST[$k]="";
				}
			$_POST[$k] = intval ($v);
    		}
  		}
	}
if ($_COOKIE) 
	{
  	foreach ($_COOKIE as $k => $v) 
		{
    	$_COOKIE[$k] = RemoveXSS(trim(stripslashes ($v)));
    	if (is_numeric ($v)) 
			{
			$_COOKIE[$k] = intval ($v);
    		}
  		}
	}
	
	
	
/*////////////////////////////////////////////////////////////
////////////////////////// Security System from XSS Injections
*/////////////////////////////////////////////////////////////
function RemoveXSS($val) 
	{
	$val = preg_replace('/([x00-x08][x0b-x0c][x0e-x20])/', '', $val);
   
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|'';
   for ($i = 0; $i < strlen($search); $i++) 
   		{
      	$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); 
     	$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); 
   		}
   
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);
   
   $found = true; 
   while ($found == true) 
		{
		  $val_before = $val;
		  for ($i = 0; $i < sizeof($ra); $i++) 
			{
			 $pattern = '/';
			 for ($j = 0; $j < strlen($ra[$i]); $j++) 
				{
					if ($j > 0) 
						{
					   $pattern .= '(';
					   $pattern .= '(&#[xX]0{0,8}([9ab]);)';
					   $pattern .= '|';
					   $pattern .= '|(&#0{0,8}([9|10|13]);)';
					   $pattern .= ')*';
						}
				$pattern .= $ra[$i][$j];
				}
			 $pattern .= '/i';
			 $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); 
			 $val = preg_replace($pattern, $replacement, $val);
			 if ($val_before == $val) 
				{
				
				$found = false;
				}
			}
		}
	return $val;
	}	
?>

Related Results via Envato Market

Related Content