Validate vars types

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Validate vars types

    I made a class in my way of learning php5 OOP that clean global vars like GET , POST .., SERVER at the developer's choice.
    in a file MyCleanerClass.php put the following code.
    PHP Code:
    class XpGlobalVarsCleaner {
       private     $Ints = array();
       private     $Floats = array();
       private     $Bools = array();
       private     $NoTypes 0;   
       private     $NoProcesses 0;
         
           public function     SetType($type,$val){
                  $this->NoTypes++;
               switch(    strtolower($type)){
                  case     'int':         
                      if(    is_array($val))
                             $this->Ints $val;
                      else
                             $this->Ints[] = $val;   
                  break;
                  case     'float':                   
                  if(    is_array($val))
                             $this->Floats $val;
                      else
                             $this->Floats[] = $val;   
                  break;
                  case     'bool':                   
                  if(    is_array($val))
                             $this->Bools $val;
                      else
                             $this->Bools[] = $val;   
                  break;
                      // .... //
                      default: echo 'Error at SetType(\''.$type.'\',Array of values\')['.$this->NoTypes.']'; break;           
               }
           
           } 
           private function     CleanProcess(&$data){     
               foreach(    $data as $key=>$val){
                   if(    in_array($key,$this->Ints)){
                          $data[$key] = (int)$val;
                   }
                   else if(    in_array($key,$this->Floats)){
                          $data[$key] = (float)$val;
                   }else if(    in_array($key,$this->Bools)){
                          $data[$key] = (bool)$val;
                   }else{
                          $data[$key] = mysql_real_escape_string($val);
                   }             
               }
           }
           public function     CleanData($type){
                  $this->NoProcesses++;
               switch(    strtolower($type)){
                  case     'get':  $MyArray = &$_GET; break;
                  case     'post'$MyArray = &$_POST; break;
                  case     'session'$MyArray = &$_SESSION; break;
                  case     'cookie'$MyArray = &$_COOKIE; break;
                  case     'server'$MyArray = &$_SERVER; break;
                      // .... //
                      default: echo 'Error at CleanData(\''.$type.'\')['.$this->NoProcesses.']'; break;           
               }
                   self::CleanProcess($MyArray);
               return;
           }

    Usage:
    PHP Code:
    <?php
    $_GET    ['uid'] = 'Just a name';
    $_GET['sid'] = '2193asd\'as41312dax16';
    $_GET['ok'] = 'a string'

    require(    'MyCleanerClass.php');
    $safe = new XpGlobalVarsCleaner;
    $safe->SetType('int',array('who','uid','id'));  // in array or
    $safe->SetType('int','type'); // one by one
    $safe->SetType('bool','ok');
    $safe->CleanData('get'); // what to clean: get , post, sessions, server .. etc.

    // uid must be int , sid a string and ok a boolean
    echo $_GET['uid'].' and '.$_GET['sid'].' and '.$_GET['ok']; //output: 0 and 2193asd\'as41312dax16 and 1
    ?>
    I hope that helps someone....
    Last edited by i0nutzxp; 08.05.11, 07:25.
    <?php unlink('World/Europe/Romania.country'); ?>
    Tags: None
    #2
    Hello! I'm back with a new updated class. This thing can help you to clean your lavascript or wathever...
    The main file with the class named MyCleanerClass.php:
    PHP Code:
    class XpGlobalVarsCleaner {
       public     $debug FALSE;
       public     $report FALSE;
       public     $FileSelected 'logs/log.txt';
       private     $AvabileTypes = array('int','bool','float');
       private     $InjectionData = array();
       private     $ActiveGlobals = array(
                                      'get'=>FALSE,
                                      'post'=>FALSE,
                                      'server'=>FALSE,
                                      'cookie'=>FALSE,
                                      'sessions'=>FALSE
                                          );
       private     $int = array();
       private     $float = array();
       private     $bool = array();
       private     $NoTypes 0;   
       private     $NoProcesses 0;
         
           public function     SetType($type,$val){
                  $this->NoTypes++;
               if(    $this->debug
                    try{
                       if(!    in_array($type,$this->AvabileTypes))
                           throw new     Exception('<b>Fatal Error: Invalid variabile type!<b/>');
                    } catch (    Exception $e) {
                       echo     $e->getmessage(); die();
                    }
                      if(    is_array($val))
                             $this->{$type} = $val;
                      else
                             $this->{$type}[] = $val;        
           } 
           private function     MyEscapeFunction($String){ 
                 /*
               In this function you can put whatever function
               you want for cleaning the string!
               default::mysql_real_escape_string ( you need a mysql connection before the class instance!)
             */
                  return mysql_real_escape_string($String);
           }
          private function     write_read($filename,$text ''$action){ 
             if(    $action == 'write'){      
                if (!    file_exists($filename)) {
                       $file fopen($filename'w'); #or die('Cant make a new file.');
                        fclose($file);
                }
                      $file fopen($filename'a'); #or die('Cant open the file.');
                      fwrite($file$text);
                      fclose($file);     
             }else
                  return     file_get_contents($filename);        
         }
           private function     CleanProcess(&$data,$glob){     
               foreach(    $data as $key=>$val){
                   if(    in_array($key,$this->int)){
                          $data[$key] = (int)$val;
                   }
                   else if(    in_array($key,$this->float)){
                          $data[$key] = (float)$val;
                   }else if(    in_array($key,$this->bool)){
                          $data[$key] = (bool)$val;
                   }else{
                          $data[$key] = self::MyEscapeFunction($val);
                   }         
                  if(    $this->report && $data[$key] != $val){
                         $this->Injections++;
                         $this->InjectionData[] = 'Alert! in $_'.$glob.'['.$key.']='.$val.'#';
                  }     
               }
           }
           public function     TurnOnProtection(){
                  if(    $this->ActiveGlobals['get'])
                         self::CleanProcess($_GET,'get');
                  if(    $this->ActiveGlobals['post'])
                         self::CleanProcess($_POST,'post');
                  if(    $this->ActiveGlobals['server'])
                         self::CleanProcess($_SERVER,'server');   
                  if(    $this->ActiveGlobals['cookie'])
                         self::CleanProcess($_COOKIE,'cookie');
                  if(    $this->ActiveGlobals['session'])
                         self::CleanProcess($_SESSION,'session');   
                  
                  if(    $this->Injections 0){
                     for(    $i=0;$i<$this->Injections;$i++){
                            self::write_read($this->FileSelected,$this->InjectionData[$i],'write');
                     }
                  }               
           }
           public function     ScanZone($type){
                    $this->NoProcesses++;
                 if(    $this->debug)
                   try{
                       if(    $this->ActiveGlobals[$type] != NULL)
                           throw new     Exception('<b>Fatal Error: Invalid global selected!</b>');
                    } catch (    Exception $e) {
                       echo     $e->getmessage(); die();
                    }
                    $this->ActiveGlobals[$type] = TRUE;
               return;
           }

    How to use it?
    PHP Code:
    <?php
    //here a mysql connection...
    //.....//
    require('MyCleanerClass.php');
    $safe = new XpGlobalVarsCleaner;
    $safe->debug TRUE// if TRUE show errors if they are in script
    $safe->report TRUE// make a log file with your variabile type that were modifed
    $safe->FileSelected 'log.txt'// log file url
    $safe->SetType('int',array('who','uid','id'));  // ex: Force $_GET['who'] to be an INT
    $safe->ScanZone('get'); // scan the $_GET variabile
    $safe->ScanZone('post');
    #$safe->ScanZone('cookie');
    #$safe->ScanZone('session');
    #$safe->ScanZone('server');
    $safe->TurnOnProtection(); // Start our protection
    ?>
    In the next version i'll make a admin panel ... and a rfi, lfi, xss protection!
    If you have ideas / problems post here or send a PM.
    Last edited by i0nutzxp; 22.05.11, 10:46.
    <?php unlink('World/Europe/Romania.country'); ?>

    Comment

    Previous template Next
    Working...
    X