function customerror($errno, $errstr, $errfile, $errline)
{
echo error number: [$errno],error on line $errline in $errfile
;
die();
}
set_error_handler(customerror,e_error);
$getfilter='|(and|or)\\b.+?(>|
$postfilter=\\b(and|or)\\b.{1,6}?(=|>|
$cookiefilter=\\b(and|or)\\b.{1,6}?(=|>|
function stopattack($strfiltkey,$strfiltvalue,$arrfiltreq)
{
if(is_array($strfiltvalue))
{
$strfiltvalue=implode($strfiltvalue);
}
if (preg_match(/.$arrfiltreq./is,$strfiltvalue)==1&&!isset($_request['securitytoken']))
{
slog(
操作ip: .$_server[remote_addr].
操作时间: .strftime(%y-%m-%d %h:%m:%s).
操作页面:.$_server[php_self].
提交方式: .$_server[request_method].
提交参数: .$strfiltkey.
提交数据: .$strfiltvalue);
print result notice:illegal operation!;
exit();
}
}
foreach($_get as $key=>$value)
{
stopattack($key,$value,$getfilter);
}
foreach($_post as $key=>$value)
{
stopattack($key,$value,$postfilter);
}
foreach($_cookie as $key=>$value)
{
stopattack($key,$value,$cookiefilter);
}
function slog($logs)
{
$toppath=log.htm;
$ts=fopen($toppath,a+);
fputs($ts,$logs.\r\n);
fclose($ts);
}
?>