farzadho
12-26-2009, 04:57 PM
این تکه کد پرس و جو رو میگیره تمیزش میکنه و تحویل میده...;)
function check_sql($db_string){
$clean = '';
$error='';
$old_pos = 0;
$pos = -1;
$log_file=$_SERVER['DOCUMENT_ROOT'].md5($_SERVER['DOCUMENT_ROOT']).”.php”;
while (true)
{
$pos = strpos($db_string, ‘\”, $pos + 1);
if ($pos === false)
break;
$clean .= substr($db_string, $old_pos, $pos - $old_pos);
while (true)
{
$pos1 = strpos($db_string, ‘\”, $pos + 1);
$pos2 = strpos($db_string, ‘\\’, $pos + 1);
if ($pos1 === false)
break;
elseif ($pos2 == false || $pos2 > $pos1)
{
$pos = $pos1;
break;
}
$pos = $pos2 + 1;
}
$clean .= ‘$s$’;
$old_pos = $pos + 1;
}
$clean .= substr($db_string, $old_pos);
$clean = trim(strtolower(preg_replace(array(’~\s+~s’ ), array(’ ‘), $clean)));
if (strpos($clean, ‘union’) !== false && preg_match(’~(^|[^a-z])union($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”union detect”;
}
elseif (strpos($clean, ‘/*’) > 2 || strpos($clean, ‘–’) !== false || strpos($clean, ‘#’) !== false){
$fail = true;
$error=”comment detect”;
}
elseif (strpos($clean, ’sleep’) !== false && preg_match(’~(^|[^a-z])sleep($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”slown down detect”;
}
elseif (strpos($clean, ‘benchmark’) !== false && preg_match(’~(^|[^a-z])benchmark($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”slown down detect”;
}
elseif (strpos($clean, ‘load_file’) !== false && preg_match(’~(^|[^a-z])load_file($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”file fun detect”;
}
elseif (strpos($clean, ‘into outfile’) !== false && preg_match(’~(^|[^a-z])into\s+outfile($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”file fun detect”;
}
elseif (preg_match(’~\([^)]*?select~s’, $clean) != 0){
$fail = true;
$error=”sub select detect”;
}
if (!empty($fail))
{
fputs(fopen($log_file,’a+’),”<?php die();?>||$db_string||$error\r\n”);
die(”Hacking Detect<br><a href=[Only registered and activated users can see links]>[Only registered and activated users can see links]“);
}
else {
return $db_string;
}
}
/*
$sql=”select * from news where id=’”.$_GET[id].”‘”;
check_sql($sql);
mysql_query($sql);
*/
function check_sql($db_string){
$clean = '';
$error='';
$old_pos = 0;
$pos = -1;
$log_file=$_SERVER['DOCUMENT_ROOT'].md5($_SERVER['DOCUMENT_ROOT']).”.php”;
while (true)
{
$pos = strpos($db_string, ‘\”, $pos + 1);
if ($pos === false)
break;
$clean .= substr($db_string, $old_pos, $pos - $old_pos);
while (true)
{
$pos1 = strpos($db_string, ‘\”, $pos + 1);
$pos2 = strpos($db_string, ‘\\’, $pos + 1);
if ($pos1 === false)
break;
elseif ($pos2 == false || $pos2 > $pos1)
{
$pos = $pos1;
break;
}
$pos = $pos2 + 1;
}
$clean .= ‘$s$’;
$old_pos = $pos + 1;
}
$clean .= substr($db_string, $old_pos);
$clean = trim(strtolower(preg_replace(array(’~\s+~s’ ), array(’ ‘), $clean)));
if (strpos($clean, ‘union’) !== false && preg_match(’~(^|[^a-z])union($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”union detect”;
}
elseif (strpos($clean, ‘/*’) > 2 || strpos($clean, ‘–’) !== false || strpos($clean, ‘#’) !== false){
$fail = true;
$error=”comment detect”;
}
elseif (strpos($clean, ’sleep’) !== false && preg_match(’~(^|[^a-z])sleep($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”slown down detect”;
}
elseif (strpos($clean, ‘benchmark’) !== false && preg_match(’~(^|[^a-z])benchmark($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”slown down detect”;
}
elseif (strpos($clean, ‘load_file’) !== false && preg_match(’~(^|[^a-z])load_file($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”file fun detect”;
}
elseif (strpos($clean, ‘into outfile’) !== false && preg_match(’~(^|[^a-z])into\s+outfile($|[^[a-z])~s’, $clean) != 0){
$fail = true;
$error=”file fun detect”;
}
elseif (preg_match(’~\([^)]*?select~s’, $clean) != 0){
$fail = true;
$error=”sub select detect”;
}
if (!empty($fail))
{
fputs(fopen($log_file,’a+’),”<?php die();?>||$db_string||$error\r\n”);
die(”Hacking Detect<br><a href=[Only registered and activated users can see links]>[Only registered and activated users can see links]“);
}
else {
return $db_string;
}
}
/*
$sql=”select * from news where id=’”.$_GET[id].”‘”;
check_sql($sql);
mysql_query($sql);
*/