entities();
$this->to_merge[1] = $this->to_merge[2] = $this->to_merge[3] = NULL;
if( ( $b === $_REQUEST ) || ( $c === $_REQUEST ) || ( $d === $_REQUEST ) )
foreach($_REQUEST as $id => $val)
$this->request[$id] = $val;
else
{
if( $b !== NULL )
{
foreach($b as $id => $val)
$this->get[$id] = $val;
$this->to_merge[1] = 1;
}
if( $c !== NULL )
{
foreach($c as $id => $val)
$this->post[$id] = $val;
$this->to_merge[2] = 1;
}
if( $d !== NULL )
{
foreach($d as $id => $val)
$this->cookie[$id] = $val;
$this->to_merge[3] = 1;
}
$this->request = array_merge( (NULL !== $this->to_merge[1]) ? $this->get : array() , (NULL !== $this->to_merge[2]) ? $this->post : array() , (NULL !== $this->to_merge[3]) ? $this->cookie : array() );
}
$this->path = dirname(__FILE__);
$this->counter = intval( file_get_contents( $this->path.$this->COUNT_noSentinel ) );
$this->user_agent( $_SERVER["HTTP_USER_AGENT"] );
$this->ban("CHECK");
}
#private functions
private function add_counter()
{
$this->counter++;
if($fp = @fopen($this->path.$this->COUNT_noSentinel,'w'))
{
fwrite($fp,$this->counter);
fclose($fp);
}
else echo "Error saving counter file in ". $this->COUNT_noSentinel ."\n";
}
private function set_var($name)
{
echo "Request value NOT isset! (function: ". $name .")
\n";
}
private function user_agent($var)
{
$var = strtolower($var);
if(preg_match("@<+[^*]+>|acunetix|scanner|libwww-perl@m",$var))
{
$this->add_counter();
if($fp = @fopen($this->path.$this->AGENT_noSentinel,'a'))
{
fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - AGENT: ". $_SERVER["HTTP_USER_AGENT"] ." - DATE & TIME: " .date('d m Y - H:i,s'). "\n");
fclose($fp);
$this->ban(ADD);
}
else echo "Error saving counter file in " . $this->AGENT_noSentinel ."";
die("
You must change user agent to view this page
noSentinel");
}
}
private function ban($opt)
{
$ip = $_SERVER["REMOTE_ADDR"];
if($opt == "ADD")
{
if(filesize($this->path.$this->BAN_noSentinel) == 0)
if($fp = @fopen($this->path.$this->BAN_noSentinel,'w'))
{
fwrite($fp,"127.0.1.1{}0\n");
fclose($fp);
}
else echo "Error opening ban file (". $this->BAN_noSentinel .") to add first IP. Check permission";
$arr = file($this->path.$this->BAN_noSentinel);
for($i = 0;$i=3)
{
die('You\'ve been Banned by noSentinel
reason: 3 hack attempt detected from your IP
If you want to be unbanned send a mail to the path.$this->BAN_noSentinel,$str);
unset($str,$dest,$list);
}
if($opt == "CHECK")
{
if(filesize($this->path.$this->BAN_noSentinel) == 0)
if($fp = @fopen($this->path.$this->BAN_noSentinel,'w'))
{
fwrite($fp,"127.0.1.1{}0\n");
fclose($fp);
}
else echo "Error opening ban file (".$this->BAN_noSentinel.") to add first IP, check permission";
$arr = file($this->path.$this->BAN_noSentinel);
//creiamo la matrice
for($i = 0;$i=3)
die('You\'ve been Banned by noSentinel
reason: 3 hack attempt detected from your IP
If you want to be unbanned send a mail to the noSentinel Attack locked: '. $this->counter ."";
}
public function show_version()
{
echo "noSentinel, version: ".$this->version."";
}
public function banner()
{
echo '
';
}
public function entities($opt = NULL)
{
if($opt !== NULL)
{
switch($opt)
{
case "GET":
foreach($_GET as $id => $value)
$_GET[$id] = htmlentities($value);
break;
case "POST":
foreach($_POST as $id => $value)
$_POST[$id] = htmlentities($value);
break;
case "COOKIE":
foreach($_COOKIE as $id => $value)
$_COOKIE[$id] = htmlentities($value);
break;
case "REQUEST":
foreach($_REQUEST as $id => $value)
$_REQUEST[$id] = htmlentities($value);
break;
}
}
else
{
foreach($_GET as $id => $value)
$_GET[$id] = htmlentities($value);
foreach($_POST as $id => $value)
$_POST[$id] = htmlentities($value);
foreach($_COOKIE as $id => $value)
$_COOKIE[$id] = htmlentities($value);
foreach($_REQUEST as $id => $request)
$_REQUEST[$id] = htmlentities($value);
}
}
#functions for single value, NOT ARRAY but only one elements of them
public function numeric_id_check($var_id, $opt = NULL)
{
if(isset($this->request[$var_id]))
{
if(!is_numeric($this->request[$var_id]) && !empty($this->request[$var_id]))
{
$this->add_counter();
if($fp = @fopen($this->path.$this->NUMERIC_noSentinel,'a'))
{
fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - PAGE: ". $_SERVER['PHP_SELF'] ." - QUERY: ". $this->request[$var_id]. " - DATE & TIME: " .date('d m Y - H:i,s'). "\n");
fclose($fp);
}
else echo "Error saving counter file in " .$this->NUMERIC_noSentinel ."";
if($opt == "BAN")
$this->ban(ADD);
return false;
}
else return true;
}
else
{
$this->set_var( __FUNCTION__ );
return true;
}
}
public function xss_id_check($var_id,$opt = NULL)
{
if(isset($this->request[$var_id]))
{
if(is_array($this->request[$var_id]))
foreach($this->request[$var_id] as $id => $value)
$this->xss_check($this->request[$var_id][$id]);
else
{
$acca = urlencode(strtolower(trim($this->request[$var_id])));
if(!empty($this->request[$var_id]) && preg_match("@[0-9]+|<+[^*]+>|string\.+fromcharcode|\\.[uU]003[cC]+[^*]+\\.[uU]003[cC]@m",$acca))
{
$this->add_counter();
if($fp = @fopen($this->path.$this->XSS_noSentinel,'a'))
{
fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n");
fclose($fp);
unset($acca);
}
else echo "Error saving counter file in ".$this->XSS_noSentinel ."";
if($opt == "BAN")
$this->ban(ADD);
return false;
}
else return true;
}
}
else
{
$this->set_var( __FUNCTION__ );
return true;
}
}
public function sql_id_check($var_id,$opt = NULL)
{
if(isset($this->request[$var_id]))
{
if(is_array($this->request[$var_id]))
foreach($this->request[$var_id] as $id => $value)
$this->sql_check($this->request[$var_id][$id]);
else
{
$acca = strtolower(trim($this->request[$var_id]));
if(!empty($this->request[$var_id]) && preg_match("@^'|^\\\"|^-[0-9]+@",$acca))
{
$this->add_counter();
if($fp = @fopen($this->path.$this->SQL_noSentinel,'a'))
{
fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n");
fclose($fp);
}
else echo "Error saving counter file in ".$this->SQL_noSentinel ."";
if($opt == "BAN")
$this->ban(ADD);
return false;
}
else return true;
}
}
else
{
$this->set_var( __FUNCTION__ );
return true;
}
}
public function numeric_check($var, $opt = NULL)
{
$ret = true;
if(in_array($var,$this->request))
foreach($this->request as $id => $value)
if($var == $value)
{
$ret = $this->numeric_id_check($id,$opt);
break;
}
return $ret;
}
public function xss_check($var, $opt = NULL)
{
$ret = true;
if(in_array($var,$this->request))
foreach($this->request as $id => $value)
if($var == $value)
{
$ret = $this->xss_id_check($id,$opt);
break;
}
return $ret;
}
public function sql_check($var, $opt = NULL)
{
$ret = true;
if(in_array($var,$this->request))
foreach($this->request as $id => $value)
if($var == $value)
{
$ret = $this->sql_id_check($id,$opt);
break;
}
return $ret;
}
}
?>