コード例 #1
0
ファイル: Page.php プロジェクト: hongbo819/APILJL
 /**
  * 统计访问日志,比如记录某一文章ID的访问
  */
 public static function logAccessByType($paramArr)
 {
     $options = array('type' => '', 'param' => false, 'imei' => "");
     if (is_array($paramArr)) {
         $options = array_merge($options, $paramArr);
     }
     extract($options);
     $url = '';
     switch ($type) {
         case "DOC_DETAIL":
             #文章内容页
             $param = array('docId' => 3269781, 'classId' => 210, 'fullUrl' => 1);
             //$url = API_Item_Urls_Doc::getDocUrl($param);
             $url = "www.baidu.com";
             //做实验用
             break;
         case "PRO_DETAIL":
             #产品库各种综述页
             $url = '';
             break;
     }
     if (!$url) {
         return false;
     }
     $url = urlencode($url);
     $ip = API_Item_Service_Area::getClientIp();
     //获得当前用户的IP地址
     $refer = isset($_SERVER['HTTP_REFERER']) ? urlencode($_SERVER['HTTP_REFERER']) : '';
     //上一层连接
     $reqUrl = "http://hongbo.ea3w.com/ext-test/writeLog.php?ip={$ip}&url={$url}&refer={$refer}&imei={$imei}&type={$type}";
     #请求这个页面,writeLog.php执行写入日志
     return API_Http::sendHeaderOnly(array('url' => $reqUrl));
 }
コード例 #2
0
ファイル: Input.php プロジェクト: hongbo819/APILJL
 /**
  * 预防sql注入的过滤
  */
 public static function sqlFilter($paramArr)
 {
     $options = array('value' => false, 'from' => 'G', 'recDb' => false);
     if (is_array($paramArr)) {
         $options = array_merge($options, $paramArr);
     }
     extract($options);
     if (!$value) {
         return false;
     }
     #如果是数组,就递归处理
     if (is_array($value)) {
         $data = array();
         foreach ($value as $k => $v) {
             $options["value"] = $v;
             $data[$k] = self::sqlFilter($options);
         }
         return $data;
     }
     #不同的来源,过滤字符不同
     $filterArr = array("G" => "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)", "P" => "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)", "C" => "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)");
     $filterStr = isset($filterArr[$from]) ? $filterArr[$from] : $filterArr["G"];
     if (preg_match("/" . $filterStr . "/is", $value) == 1) {
         if ($recDb) {
             #将数据过滤的结果,记录到数据库,便于监控恢复
             $db = API_Db_Eagleeye::instance();
             $server = $_SERVER["SERVER_NAME"];
             $php = $_SERVER["SCRIPT_NAME"];
             $query = $_SERVER["QUERY_STRING"];
             $tm = $_SERVER["REQUEST_TIME"];
             $method = $_SERVER["REQUEST_METHOD"];
             $cookie = isset($_SERVER["HTTP_COOKIE"]) ? $_SERVER["HTTP_COOKIE"] : '';
             $ip = API_Item_Service_Area::getClientIp();
             $detail = "METHOD:{$method}\n\nQUERY:{$query}\n\nCOOKIE:{$cookie}";
             $sql = "insert into eagleeye_sqlinject(server,php,tm,ip,reqstr,detail) values('{$server}','{$php}','{$tm}','{$ip}','{$value}','{$detail}')";
             $db->query($sql);
         }
         return false;
         #如果不合法就清空数据
     } else {
         return $value;
     }
 }