public function addProduct($name, $brand, $description, $price) { $Name = Antiexploit::detectExploit($name, $_SERVER['REMOTE_ADDR']); $Brand = Antiexploit::detectExploit($brand, $_SERVER['REMOTE_ADDR']); $Desc = strip_tags($description); $Price = strip_tags($price); /* first see if this product already exists */ $handle1 = Database::checkColumn("SELECT * FROM products WHERE product_name = ? AND product_brand = ?", array($Name, $Brand)); if ($handle1) { return false; } else { /* product doesnt exist, set up a new handle to insert into the database */ $handle2 = Database::query("INSERT INTO products (product_name, product_brand, product_description, price) VALUES (?, ?, ?, ?)", "insert", array($Name, $Brand, $Desc, $Price)); return true; } }
public static function detectNumericExploit($data, $ip) { if (!is_numeric($data)) { /* Testing purposes, no actual IP ban */ if (DEBUG == true) { /* First see if a warning has already been issued */ $query = "SELECT * FROM warning_table WHERE ip_address = ?"; $check = Database::checkColumn($query, array($ip)); if ($check) { /* warnings exists */ die("Ban system is fully operational"); } else { /* no warning, establish warning */ $time = date("H:i"); $date = date("d-m-y"); $_query = "INSERT INTO warning_table (ip_address, time, date) VALUES (:ip, :time, :date)"; $_params = array(":ip" => $ip, ":time" => $time, ":date" => $date); Database::query($_query, 'insert', $_params); die("EXPLOIT ATTEMPT DETECTED, THIS IS YOUR FIRST AND ONLY WARNING.<br> Warning issued on IP address: {$ip}"); } } else { /* First see if a warning has already been issued */ $prms = array($ip); $qry = "SELECT * FROM warnings_table WHERE ip_address = ?"; $result = Database::checkColumn($qry, $prms); if ($result) { /* warnings exists */ $params2 = array($ip, "Anti exploit system auto-ban", time("H:i"), time("d-m-y")); $query2 = "INSERT INTO ban_table (`ip_address`, `reason`, `time`, `date`) VALUES (?, ?, ?, ?)"; Database::query($query2, "insert", $params2); die("Ban system is fully operational"); } else { /* no warning, establish warning */ $_time = date("H-i-s"); $_date = date("d-m-y"); $q = "INSERT INTO warning_table (`ip_address`, `time`, `date`) VALUES (?, ?, ?)"; $p = array($ip, $_time, $_date); Database::query($q, 'insert', $p); die("EXPLOIT ATTEMPT DETECTED, THIS IS YOUR FIRST AND ONLY WARNING.<br> Warning issued on IP address: {$ip}"); } } } else { return $data; } }
public function register($email, $password, $password_again, $token = null, $street, $number, $zip, $ip) { $Email = Antiexploit::detectExploit($email, $ip); $Password = Antiexploit::detectExploit($password, $ip); $PasswordAgain = Antiexploit::detectExploit($password_again, $ip); $Token = $token !== null ? Antiexploit::detectNumericExploit($token, $ip) : null; $Street = strip_tags($street); $Number = Antiexploit::detectNumericExploit($number, $ip); $Zip = Antiexploit::detectExploit($zip, $ip); /* first check if user exists */ $handle = Database::checkColumn("SELECT * FROM users WHERE email = ?", array($email)); if ($handle == true) { return false; } else { /* user doesnt exist, lets insert into the database */ if ($Password == $PasswordAgain) { $_pass = $this->betterCrypt($Password); Database::query("INSERT INTO users (email, password, id_code, street_name, house_number, zip_code, ip_address) VALUES (?, ?, ?, ?, ?, ?, ?)", "insert", array($Email, $_pass, $Token, $Street, $Number, $Zip, $ip)); return true; } } }