Location: PHPKode > scripts > Rex > rex/class/rex.class.php
<?php
/**
 * @name Rex
 * @version 1.1
 * @author David Sopas Ferreira <coder at davidsopas dot com>
 * @copyright 2008
 * 
 * Changelog:
 * 
 * v1.1
 * - Proxy port scan can be disabled (in some cases, it blocks users that have port 80 open in their router configuration)
 * - Added checkspamcop() that checks if a user IP is registered as spammer on Spamcop.net (can be enabled/diabled)
 * - Function filtraxss() renamed to checkxss() because it really checks the presence of malicious xss doesn't filter anything
 * - Function checkxss() only accepts arrays
 * - Added filterxss() that removes or disables tags
 * - Added checksize_db_data() that can be used to check for data size before inserting in database
 * - Added filtersql() that escapes special characters in a string for use in a SQL statement
 * - Portuguese variables renamed to english for better understanding the code to a larger community
 * 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */

class Rex
{
    // Set the values to your needs (fit your needs)
    private $logfile = "rexlog.txt"; // The log file, I recommend to put it on a protected directory
    private $timeout = 5; // Timeout for the IP verification
    private $lockscan = 1; // 0 - enable proxy port scan | 1 - disable proxy port scan
    private $lockspamcop = 0; // 0 - enable spamcop check | 1 - disable spamcop check
    // -------------------------------------------------------------------------------------------------

    // Function that checks if the IP is listed on any spam blacklist on spamcop.net
    public function checkspamcop($ip)
    {
        if ($this->lockspamcop == 0)
        {
            $handle = @fopen("http://www.spamcop.net/w3m?action=checkblock&ip=$ip", "rb");
            stream_set_timeout($handle, $timeout);
            $contents = "";
            while (!feof($handle))
            {
                $contents .= @fread($handle, 8192);
            }
            fclose($handle);
            if (preg_match("/$ip listed in [\w]*\.spamcop\.net/", $contents))
            {
                return true;
            } else
            {
                return false;
            }
        }
    }

    // Function that checks if the IP is possibly a PROXY
    public function checkip($ip)
    {
        if ($this->lockscan == 0)
        {
            // Array with the proxy ports, you can add more if you want
            $ports = array(80, 3128, 8080);
            // Flag to be returned: 0 safe - 1 open and unsafe
            $flag = 0;
            foreach ($ports as $port)
            {
                @$fp = fsockopen($ip, $port, $errno, $errstr, $this->timeout);
                // Check if fp return something
                if (!empty($fp))
                {
                    $flag = 1;
                    fclose($fp);
                }
            }
            return $flag;
        }
    }

    // Function that checks $_GET , $_POST , $_SESSION , $_COOKIE or any other arrays for XSS malicious code
    public function checkxss($filter)
    {
        if (is_array($filter))
        {
            foreach ($filter as $check_array)
            {
                if ((eregi("<[^>]*script*\"?[^>]*>", $check_array)) || (eregi("<[^>]*object*\"?[^>]*>",
                    $check_array)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_array)) || (eregi("<[^>]*applet*\"?[^>]*>",
                    $check_array)) || (eregi("<[^>]*meta*\"?[^>]*>", $check_array)) || (eregi("<[^>]*style*\"?[^>]*>",
                    $check_array)) || (eregi("<[^>]*form*\"?[^>]*>", $check_array)) || (eregi("\([^>]*\"?[^)]*\)",
                    $check_array)) || (eregi("\"", $check_array)))
                {
                    return true;
                } else
                {
                    return false;
                }
            }
            unset($check_array);
        } else
        {
            echo "ERROR: function checkxss() only can treat arrays.";
        }
    }

    // Function that filters tags, preventing HTML injections or XSS attacks on variables
    // Option: 0- removes tags 1- disables html
    public function filterxss($filter, $option)
    {
        if ($option == 0)
        {
            $filtered = strip_tags($filter);
            return $filtered;
        } elseif ($option == 1)
        {
            $filtered = htmlspecialchars($filter);
            return $filtered;
        } else
        {
            return "ERROR: function filterxss() doesn't have that option available.";
        }
    }

    // Function that checks for the right size of data that will be inserted in the database
    public function checksize_db_data($data, $minsize, $maxsize)
    {
        if (strlen($data) < $minsize || strlen($data) > $maxsize)
        {
            return false;
        } else
        {
            return true;
        }
    }

    // Function that escapes special characters in a string for use in a SQL statement
    public function filtersql($data)
    {
        // Strips whitespaces or other characters from the beginning and end of $data
        $filtered = trim($data);
        $filtered = mysql_real_escape_string($filtered);
        return $filtered;
    }

    // Function that records all the data in a log file
    public function recordlog($ip, $error)
    {
        if (is_writable($this->logfile))
        {
            if ($this->lockscan == 0)
            {
                if ($this->checkip("$ip") == 1)
                {
                    $proxy = "Possible PROXY";
                } else
                {
                    $proxy = "";
                }
            }
            if ($this->lockspamcop == 0)
            {
                if ($this->checkspamcop("$ip") == true)
                {
                    $spamcop = "(IP is listed as spammer on Spamcop.net)";
                } else
                {
                    $spamcop = "";
                }
            }

            $fp = fopen($this->logfile, 'a+');

            // Data that will be stored in the log file
            $information = "[IP]: " . $ip . " $proxy " . $spamcop;
            $information .= " [Date and time]: " . date("Y/m/d - H:i:s");
            $information .= " [Error]: " . $error . "\n\n";
            fwrite($fp, $information);
            fclose($fp);
        } else
        {
            echo "ERROR: Log file don't have write permissions, please fix it (eg: CHMOD 777 filename.txt).";
        }
    }
}
?>
Return current item: Rex