| private $postfilter = \\b(and|or)\\b.{1,6}?(=|>| private $cookiefilter = \\b(and|or)\\b.{1,6}?(=|>| /** * 构造函数 */ public function __construct() { foreach($_get as $key=>$value){$this->stopattack($key,$value,$this->getfilter);} foreach($_post as $key=>$value){$this->stopattack($key,$value,$this->postfilter);} foreach($_cookie as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);} } /** * 参数检查并写日志 */ public function stopattack($strfiltkey, $strfiltvalue, $arrfiltreq){ if(is_array($strfiltvalue))$strfiltvalue = implode($strfiltvalue); if (preg_match(/.$arrfiltreq./is,$strfiltvalue) == 1){ $this->writeslog($_server[remote_addr]. .strftime(%y-%m-%d %h:%m:%s). .$_server[php_self]. .$_server[request_method]. .$strfiltkey. .$strfiltvalue); showmsg('您提交的参数非法,系统已记录您的本次操作！','',0,1); } } /** * sql注入日志 */ public function writeslog($log){ $log_path = cache_path.'logs'.directory_separator.'sql_log.txt'; $ts = fopen($log_path,a+); fputs($ts,$log.\r\n); fclose($ts); }}?>
复制代码