function preDispatch(Zend_Controller_Request_Abstract $request) { try { require_once 'IDS/Init.php'; require_once 'IDS/Log/Composite.php'; require_once 'IDS/Log/Database.php'; #require_once 'IDS/Log/File.php'; $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init(APPLICATION_PATH . '/../library/phpids/lib/IDS/Config/Config.ini.php'); $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { // This is where you should put some code that // deals with potential attacks, e.g. throwing // an exception, logging the attack, etc. $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_Database::getInstance($init)); #$compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); echo $result; die('<h1>Go away!</h1>'); #$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); #$redirector->gotoUrl('default/error/error/eh/ids')->redirectAndExit(); } return $request; } catch (Exception $e) { try { $writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugin-ids.log'); $logger = new Zend_Log($writer); $logger->log($e->getMessage() . ' line ' . $e->getLine() . ' file ' . $e->getFile(), Zend_Log::ERR); } catch (Exception $e) { } } }
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { //array_push($request,array('HTTP_X_FORWARDED_FOR'=>$_SERVER['HTTP_X_FORWARDED_FOR'])); } if (isset($_SERVER['HTTP_USER_AGENT'])) { //array_push($request,$_SERVER['HTTP_USER_AGENT']); } if (!$_SESSION['UserName']) { //array_push($request,$_POST); } $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { require_once 'IDS/Log/Composite.php'; require_once 'IDS/Log/Database.php'; $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_Database::getInstance($init)); $compositeLog->execute($result); if (is_array($Output)) { sql_connect(); $Output = array_map('mysql_escape_string', $Output); $ids_name = $Output['name']; $ids_value = $Output['value']; $ids_page = $Output['page']; $ids_ip = $Output['ip']; $ids_impact = $Output['impact']; $ids_created = date('Y-m-d H:i:s'); $query = mysql_query("INSERT INTO `intrusions` (`name`,`value`,`page`,`ip`,`impact`,`created`) VALUES ('{$ids_name}','{$ids_value}','{$ids_page}','{$ids_ip}','{$ids_impact}','{$ids_created}')"); sql_close(); } echo $result; exit;