protected static function addAlert($type, $key, $message, $severity = 0, $save = false) { // If the severity is greater than 0, this alert can be tracked by the system to learn more about it. // This may be useful for diagnosing potential threats, or seeing where problems are frequently occuring. if ($severity > 0) { // Identify where the alert was called: the class, file, file line, etc. $backtrace = debug_backtrace(); $origin = $backtrace[2]; // Record the information discovered about the alert self::$debuggingInfo[] = array($message, isset($origin['class']) ? $origin['class'] . $origin['type'] : "", isset($origin['function']) ? $origin['function'] : "", isset($origin['args']) ? $origin['args'] : array(), $origin['file'], $backtrace[1]['line'], $severity, Me::$id); // If debug mode is verbose, display the alert information directly in the browser if (Debug::$verbose == 1 and Debug::$adminDisplay == false) { Debug::$adminDisplay = true; register_shutdown_function(array('Debug', 'run')); } // If Security_ThreatTracker mode is set to logging, log these results in the database for later review if (Security_ThreatTracker::$trackActivity == true and Security_ThreatTracker::$minSeverity <= $severity) { // Prepare Values $function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : ""); $params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : ""; // Log the threat Security_ThreatTracker::log("activity", $severity, $message, array(), $function, $params, $origin['file'], $backtrace[1]['line']); } } // Now we can load the alert as intended for normal users: if ($save == false) { // This alert is a regular alert, and will only load on this page: switch ($type) { case "success": self::$successList[$key] = $message; break; case "warning": self::$warningList[$key] = $message; break; case "error": self::$errorList[$key] = $message; break; case "info": self::$infoList[$key] = $message; break; default: return false; } return true; } // This is a saved alert, so it will generally load on the next page (unless you don't display alerts there) // Filter out any invalid alert types if (!in_array($type, array("success", "warning", "error", "info"))) { return false; } // Prepare the Session Variable if (!isset($_SESSION[SITE_HANDLE]['alert'])) { $_SESSION[SITE_HANDLE]['alert'] = array($type => array()); } else { if (!isset($_SESSION[SITE_HANDLE]['alert'][$type])) { $_SESSION[SITE_HANDLE]['alert'][$type] = array(); } } // Save the Alert into the Session $_SESSION[SITE_HANDLE]['alert'][$type][$key] = $message; return true; }
function customErrorHandler($errorNumber, $errorString, $errorFile, $errorLine) { // Prepare Values $errorType = "Error"; switch ($errorNumber) { case E_USER_NOTICE: $errorType = "Notice"; $importance = 0; break; case E_USER_WARNING: $errorType = "Warning"; $importance = 2; break; case E_USER_ERROR: $errorType = "Fatal Error"; $importance = 4; break; default: $errorType = "Unknown Error"; $importance = 8; break; } // Run the Backtrace $backtrace = debug_backtrace(); if (isset($backtrace[1])) { // Prepare Backtrace Values $origin = $backtrace[1]; $behind = $backtrace[0]; // Identify the current URL $urlData = URL::parse($_SERVER['SERVER_NAME'] . "/" . $_SERVER['REQUEST_URI']); // If the error was triggered with trigger_error(), simplify the logging if ($origin['function'] == "trigger_error") { // Prepare Logging Values $class = ""; $function = "trigger_error"; $argString = $origin['args'][0]; $filePath = str_replace(SYS_PATH, "", $origin['file']); $fileLine = (int) $origin['line']; // Local Environment if (ENVIRONMENT == "local") { $cons = get_defined_constants(true); $debugData = array("Backtrace" => array_splice($backtrace, 1), "URL" => $urlData, "Constants" => $cons['user'], "_GET" => $_GET, "_POST" => $_POST, "_COOKIE" => $_COOKIE, "_SESSION" => $_SESSION, "_SERVER" => $_SERVER); } } else { // Prepare Logging Values $class = isset($origin['class']) ? $origin['class'] : ""; $function = isset($origin['function']) ? $origin['function'] : ""; $argString = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : ""; $filePath = isset($behind['file']) ? str_replace(dirname(SYS_PATH), "", $behind['file']) : ''; $fileLine = isset($behind['line']) ? $behind['line'] : 0; // Skip instances of the autoloader if ($errorType == "Unknown Error" and strpos($function, "spl_autoload") !== false) { return false; } } // Debug files in the local environment if (ENVIRONMENT == "local") { if (!isset($urlData['path'])) { $urlData['path'] = "home"; } // Add an entry to the debug timeline File::write(SYS_PATH . "/debug/" . microtime(true) . "-" . str_replace("/", "_", $urlData['path']) . ".php", print_r(isset($debugData) ? $debugData : $backtrace, true)); // Add an entry to the primary debug page File::prepend(SYS_PATH . "/debug/_primaryDebug.php", print_r(array("Domain" => FULL_DOMAIN, "URL" => $urlData['full'], "Error" => $errorType . ": " . $argString, "File" => "[Line " . $fileLine . "] " . $filePath, "Timestamp" => microtime(true)), true)); // Add an entry to the debugging page File::prepend(SYS_PATH . "/debug/by-site/" . FULL_DOMAIN . "/" . $urlData['path'] . ".php", print_r(array("URL" => $urlData['full'], "Error" => $errorType . ": " . $behind['args'][1], "File" => "[Line " . $fileLine . "] " . $filePath, "Timestamp" => microtime(true)), true)); // Prune the debug pages so that they don't get overloaded File::prune(SYS_PATH . "/debug/_primaryDebug.php", 300); File::prune(SYS_PATH . "/debug/by-site/" . FULL_DOMAIN . "/" . $urlData['path'] . ".php", 120); // Prune the timeline debug files so that they don't exhaust the system if (mt_rand(0, 25) == 22) { $debugFiles = Dir::getFiles(SYS_PATH . "/debug"); foreach ($debugFiles as $dbf) { if ($dbf[0] != "_") { $exp = explode(".", $dbf); if ($exp[0] < time() + 86400) { File::delete(SYS_PATH . "/debug/" . $dbf); } else { break; } } } } } // Log this error in the database // Debug::logError($importance, $errorType, $class, $function, $argString, $filePath, $fileLine, $urlData['full'], Me::$id); // End the Error Handler return false; // TRUE to run standard error logging afterward /* if(ENVIRONMENT != "production") { Debug::$verbose = true; Debug::scriptError($errorString, $class, $function, $argString, $filePath, $fileLine, $filePathNext, $fileLineNext); } else { return false; } */ } // Returning FALSE will activate the default PHP Handler after ours runs. // Returning TRUE will prevent the default PHP Handler from running. return true; }
private static function warnOfPotentialAttack($unsafeContent, $threatText = "", $severity = 0, $traceDepth = 0) { // Record this if the system is tracking input of this severity level if (Security_ThreatTracker::$trackInput == true and Security_ThreatTracker::$minSeverity <= $severity) { // Prepare Values $threatData = array("Input Caught" => $unsafeContent, "Illegal Characters" => ''); $backtrace = debug_backtrace(); $origin = $backtrace[2 + $traceDepth]; $function = (isset($origin['class']) ? $origin['class'] . $origin['type'] : "") . (isset($origin['function']) ? $origin['function'] : ""); $params = isset($origin['args']) ? Data_Utilities::convertArrayToArgumentString($origin['args']) : ""; // Log the threat Security_ThreatTracker::log("input", $severity, $threatText, $threatData, $function, $params, $origin['file'], $backtrace[1 + $traceDepth]['line']); } }