Validate vars types

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Validate vars types

    I made a class in my way of learning php5 OOP that clean global vars like GET , POST .., SERVER at the developer's choice.
    in a file MyCleanerClass.php put the following code.
    PHP Code:
    class XpGlobalVarsCleaner {
       private 
    $Ints = array();
       private 
    $Floats = array();
       private 
    $Bools = array();
       private 
    $NoTypes 0;   
       private 
    $NoProcesses 0;
         
           public function 
    SetType($type,$val){
              
    $this->NoTypes++;
               switch(
    strtolower($type)){
                  case 
    'int':         
                      if(
    is_array($val))
                         
    $this->Ints $val;
                      else
                         
    $this->Ints[] = $val;   
                  break;
                  case 
    'float':                   
                  if(
    is_array($val))
                         
    $this->Floats $val;
                      else
                         
    $this->Floats[] = $val;   
                  break;
                  case 
    'bool':                   
                  if(
    is_array($val))
                         
    $this->Bools $val;
                      else
                         
    $this->Bools[] = $val;   
                  break;
                  
    // .... //
                  
    default: echo 'Error at SetType(\''.$type.'\',Array of values\')['.$this->NoTypes.']'; break;           
               }
           
           } 
           private function 
    CleanProcess(&$data){     
               foreach(
    $data as $key=>$val){
                   if(
    in_array($key,$this->Ints)){
                      
    $data[$key] = (int)$val;
                   }
                   else if(
    in_array($key,$this->Floats)){
                      
    $data[$key] = (float)$val;
                   }else if(
    in_array($key,$this->Bools)){
                      
    $data[$key] = (bool)$val;
                   }else{
                      
    $data[$key] = mysql_real_escape_string($val);
                   }             
               }
           }
           public function 
    CleanData($type){
              
    $this->NoProcesses++;
               switch(
    strtolower($type)){
                  case 
    'get':  $MyArray = &$_GET; break;
                  case 
    'post'$MyArray = &$_POST; break;
                  case 
    'session'$MyArray = &$_SESSION; break;
                  case 
    'cookie'$MyArray = &$_COOKIE; break;
                  case 
    'server'$MyArray = &$_SERVER; break;
                  
    // .... //
                  
    default: echo 'Error at CleanData(\''.$type.'\')['.$this->NoProcesses.']'; break;           
               }
               
    self::CleanProcess($MyArray);
               return;
           }

    Usage:
    PHP Code:
    <?php
    $_GET
    ['uid'] = 'Just a name';
    $_GET['sid'] = '2193asd\'as41312dax16';
    $_GET['ok'] = 'a string'

    require(
    'MyCleanerClass.php');
    $safe = new XpGlobalVarsCleaner;
    $safe->SetType('int',array('who','uid','id'));  // in array or
    $safe->SetType('int','type'); // one by one
    $safe->SetType('bool','ok');
    $safe->CleanData('get'); // what to clean: get , post, sessions, server .. etc.

    // uid must be int , sid a string and ok a boolean
    echo $_GET['uid'].' and '.$_GET['sid'].' and '.$_GET['ok']; //output: 0 and 2193asd\'as41312dax16 and 1
    ?>
    I hope that helps someone....
    Last edited by i0nutzxp; 08.05.11, 07:25.

  • #2
    Hello! I'm back with a new updated class. This thing can help you to clean your lavascript or wathever...
    The main file with the class named MyCleanerClass.php:
    PHP Code:
    class XpGlobalVarsCleaner {
       public 
    $debug FALSE;
       public 
    $report FALSE;
       public 
    $FileSelected 'logs/log.txt';
       private 
    $AvabileTypes = array('int','bool','float');
       private 
    $InjectionData = array();
       private 
    $ActiveGlobals = array(
                                  
    'get'=>FALSE,
                                  
    'post'=>FALSE,
                                  
    'server'=>FALSE,
                                  
    'cookie'=>FALSE,
                                  
    'sessions'=>FALSE
                                      
    );
       private 
    $int = array();
       private 
    $float = array();
       private 
    $bool = array();
       private 
    $NoTypes 0;   
       private 
    $NoProcesses 0;
         
           public function 
    SetType($type,$val){
              
    $this->NoTypes++;
               if(
    $this->debug
                    try{
                       if(!
    in_array($type,$this->AvabileTypes))
                           throw new 
    Exception('<b>Fatal Error: Invalid variabile type!<b/>');
                    } catch (
    Exception $e) {
                       echo 
    $e->getmessage(); die();
                    }
                      if(
    is_array($val))
                         
    $this->{$type} = $val;
                      else
                         
    $this->{$type}[] = $val;        
           } 
           private function 
    MyEscapeFunction($String){ 
             
    /*
               In this function you can put whatever function
               you want for cleaning the string!
               default::mysql_real_escape_string ( you need a mysql connection before the class instance!)
             */
              
    return mysql_real_escape_string($String);
           }
          private function 
    write_read($filename,$text ''$action){ 
             if(
    $action == 'write'){      
                if (!
    file_exists($filename)) {
                   
    $file fopen($filename'w'); #or die('Cant make a new file.');
                    
    fclose($file);
                }
                  
    $file fopen($filename'a'); #or die('Cant open the file.');
                  
    fwrite($file$text);
                  
    fclose($file);     
             }else
                  return 
    file_get_contents($filename);        
         }
           private function 
    CleanProcess(&$data,$glob){     
               foreach(
    $data as $key=>$val){
                   if(
    in_array($key,$this->int)){
                      
    $data[$key] = (int)$val;
                   }
                   else if(
    in_array($key,$this->float)){
                      
    $data[$key] = (float)$val;
                   }else if(
    in_array($key,$this->bool)){
                      
    $data[$key] = (bool)$val;
                   }else{
                      
    $data[$key] = self::MyEscapeFunction($val);
                   }         
                  if(
    $this->report && $data[$key] != $val){
                     
    $this->Injections++;
                     
    $this->InjectionData[] = 'Alert! in $_'.$glob.'['.$key.']='.$val.'#';
                  }     
               }
           }
           public function 
    TurnOnProtection(){
                  if(
    $this->ActiveGlobals['get'])
                     
    self::CleanProcess($_GET,'get');
                  if(
    $this->ActiveGlobals['post'])
                     
    self::CleanProcess($_POST,'post');
                  if(
    $this->ActiveGlobals['server'])
                     
    self::CleanProcess($_SERVER,'server');   
                  if(
    $this->ActiveGlobals['cookie'])
                     
    self::CleanProcess($_COOKIE,'cookie');
                  if(
    $this->ActiveGlobals['session'])
                     
    self::CleanProcess($_SESSION,'session');   
                  
                  if(
    $this->Injections 0){
                     for(
    $i=0;$i<$this->Injections;$i++){
                        
    self::write_read($this->FileSelected,$this->InjectionData[$i],'write');
                     }
                  }               
           }
           public function 
    ScanZone($type){
                
    $this->NoProcesses++;
                 if(
    $this->debug)
                   try{
                       if(
    $this->ActiveGlobals[$type] != NULL)
                           throw new 
    Exception('<b>Fatal Error: Invalid global selected!</b>');
                    } catch (
    Exception $e) {
                       echo 
    $e->getmessage(); die();
                    }
                
    $this->ActiveGlobals[$type] = TRUE;
               return;
           }

    How to use it?
    PHP Code:
    <?php
    //here a mysql connection...
    //.....//
    require('MyCleanerClass.php');
    $safe = new XpGlobalVarsCleaner;
    $safe->debug TRUE// if TRUE show errors if they are in script
    $safe->report TRUE// make a log file with your variabile type that were modifed
    $safe->FileSelected 'log.txt'// log file url
    $safe->SetType('int',array('who','uid','id'));  // ex: Force $_GET['who'] to be an INT
    $safe->ScanZone('get'); // scan the $_GET variabile
    $safe->ScanZone('post');
    #$safe->ScanZone('cookie');
    #$safe->ScanZone('session');
    #$safe->ScanZone('server');
    $safe->TurnOnProtection(); // Start our protection
    ?>
    In the next version i'll make a admin panel ... and a rfi, lfi, xss protection!
    If you have ideas / problems post here or send a PM.
    Last edited by i0nutzxp; 22.05.11, 10:46.

    Comment

    Working...
    X