public function addProduct($name, $brand, $description, $price)
{
$Name = Antiexploit::detectExploit($name, $_SERVER['REMOTE_ADDR']);
$Brand = Antiexploit::detectExploit($brand, $_SERVER['REMOTE_ADDR']);
$Desc = strip_tags($description);
$Price = strip_tags($price);
/* first see if this product already exists */
$handle1 = Database::checkColumn("SELECT * FROM products WHERE product_name = ? AND product_brand = ?", array($Name, $Brand));
if ($handle1) {
return false;
} else {
/* product doesnt exist, set up a new handle to insert into the database */
$handle2 = Database::query("INSERT INTO products (product_name, product_brand, product_description, price) VALUES (?, ?, ?, ?)", "insert", array($Name, $Brand, $Desc, $Price));
return true;
}
}
public static function detectNumericExploit($data, $ip)
{
if (!is_numeric($data)) {
/* Testing purposes, no actual IP ban */
if (DEBUG == true) {
/* First see if a warning has already been issued */
$query = "SELECT * FROM warning_table WHERE ip_address = ?";
$check = Database::checkColumn($query, array($ip));
if ($check) {
/* warnings exists */
die("Ban system is fully operational");
} else {
/* no warning, establish warning */
$time = date("H:i");
$date = date("d-m-y");
$_query = "INSERT INTO warning_table (ip_address, time, date) VALUES (:ip, :time, :date)";
$_params = array(":ip" => $ip, ":time" => $time, ":date" => $date);
Database::query($_query, 'insert', $_params);
die("EXPLOIT ATTEMPT DETECTED, THIS IS YOUR FIRST AND ONLY WARNING.<br> Warning issued on IP address: {$ip}");
}
} else {
/* First see if a warning has already been issued */
$prms = array($ip);
$qry = "SELECT * FROM warnings_table WHERE ip_address = ?";
$result = Database::checkColumn($qry, $prms);
if ($result) {
/* warnings exists */
$params2 = array($ip, "Anti exploit system auto-ban", time("H:i"), time("d-m-y"));
$query2 = "INSERT INTO ban_table (`ip_address`, `reason`, `time`, `date`) VALUES (?, ?, ?, ?)";
Database::query($query2, "insert", $params2);
die("Ban system is fully operational");
} else {
/* no warning, establish warning */
$_time = date("H-i-s");
$_date = date("d-m-y");
$q = "INSERT INTO warning_table (`ip_address`, `time`, `date`) VALUES (?, ?, ?)";
$p = array($ip, $_time, $_date);
Database::query($q, 'insert', $p);
die("EXPLOIT ATTEMPT DETECTED, THIS IS YOUR FIRST AND ONLY WARNING.<br> Warning issued on IP address: {$ip}");
}
}
} else {
return $data;
}
}
public function register($email, $password, $password_again, $token = null, $street, $number, $zip, $ip)
{
$Email = Antiexploit::detectExploit($email, $ip);
$Password = Antiexploit::detectExploit($password, $ip);
$PasswordAgain = Antiexploit::detectExploit($password_again, $ip);
$Token = $token !== null ? Antiexploit::detectNumericExploit($token, $ip) : null;
$Street = strip_tags($street);
$Number = Antiexploit::detectNumericExploit($number, $ip);
$Zip = Antiexploit::detectExploit($zip, $ip);
/* first check if user exists */
$handle = Database::checkColumn("SELECT * FROM users WHERE email = ?", array($email));
if ($handle == true) {
return false;
} else {
/* user doesnt exist, lets insert into the database */
if ($Password == $PasswordAgain) {
$_pass = $this->betterCrypt($Password);
Database::query("INSERT INTO users (email, password, id_code, street_name, house_number, zip_code, ip_address) VALUES (?, ?, ?, ?, ?, ?, ?)", "insert", array($Email, $_pass, $Token, $Street, $Number, $Zip, $ip));
return true;
}
}
}
