File indexing completed on 2024-05-12 17:26:16
0001 <?php 0002 0003 /* 0004 * TRT GFX 4.0 0005 * 0006 * support: happy.snizzo@gmail.com 0007 * website: http://trt-gfx.googlecode.com 0008 * credits: Claudio Desideri 0009 * 0010 * This software is released under the MIT License. 0011 * http://opensource.org/licenses/mit-license.php 0012 */ 0013 0014 0015 /* 0016 * This module should provide a quite reasonable amount of security if used correctly. 0017 * It automatically parse incoming data, preventing from SQL injection etc... 0018 */ 0019 0020 class EHeaderDataParser { 0021 0022 private static $gets; 0023 private static $posts; 0024 private static $quotes; 0025 0026 /* 0027 * Store all the keys of gets and posts in arrays. 0028 */ 0029 public static function load(){ 0030 EHeaderDataParser::$quotes = get_magic_quotes_gpc(); 0031 EHeaderDataParser::$gets = $_GET; 0032 EHeaderDataParser::$posts = $_POST; 0033 } 0034 0035 // Generates safe data for using in databases. 0036 public static function safeAll(){ 0037 if(!EHeaderDataParser::$quotes){ 0038 foreach (EHeaderDataParser::$gets as $key => $value){ 0039 EHeaderDataParser::$gets[$key] = EDatabase::safe($value); 0040 } 0041 foreach (EHeaderDataParser::$posts as $key => $value){ 0042 EHeaderDataParser::$posts[$key] = EDatabase::safe($value); 0043 } 0044 } 0045 } 0046 0047 /* 0048 * Access untouched data 0049 */ 0050 public static function post($key){ 0051 if(isset(EHeaderDataParser::$posts[$key])){ 0052 return EHeaderDataParser::$posts[$key]; 0053 } else { 0054 return false; 0055 } 0056 } 0057 0058 public static function get($key){ 0059 if(isset(EHeaderDataParser::$gets[$key])){ 0060 return EHeaderDataParser::$gets[$key]; 0061 } else { 0062 return false; 0063 } 0064 } 0065 0066 public static function get_cookie($key){ 0067 if(isset($_COOKIE[$key])){ 0068 return $_COOKIE[$key]; 0069 } else { 0070 return false; 0071 } 0072 } 0073 0074 public static function set_cookie($key, $value, $time=86400){ 0075 setcookie($key,$value, time()+($time * 30), "/"); //TODO: seriously inspect on time being multiplied for 30 0076 } 0077 0078 public static function del_cookie($key){ 0079 if(isset($_COOKIE[$key])){ 0080 setcookie($key, "", -1, "/"); 0081 } 0082 } 0083 0084 /* 0085 * Used to check if get/post has been set 0086 */ 0087 public static function exists_post($key){ 0088 if(isset(EHeaderDataParser::$posts[$key])){ 0089 return true; 0090 } else { 0091 return false; 0092 } 0093 } 0094 0095 public static function exists_get($key){ 0096 if(isset(EHeaderDataParser::$gets[$key])){ 0097 return true; 0098 } else { 0099 return false; 0100 } 0101 } 0102 0103 /* 0104 * Useful if get or post need to be printed in html pages 0105 */ 0106 public static function out_get($key){ 0107 if(isset(EHeaderDataParser::$gets[$key])){ 0108 if(EHeaderDataParser::$quotes){ 0109 return stripslashes(EHeaderDataParser::$gets[$key]); 0110 } else { 0111 return EHeaderDataParser::$gets[$key]; 0112 } 0113 } else { 0114 return false; 0115 } 0116 } 0117 0118 public static function out_post($key){ 0119 if(isset(EHeaderDataParser::$gets[$key])){ 0120 if(EHeaderDataParser::$quotes){ 0121 return stripslashes(EHeaderDataParser::$posts[$key]); 0122 } else { 0123 return EHeaderDataParser::$posts[$key]; 0124 } 0125 } else { 0126 return false; 0127 } 0128 } 0129 0130 /* 0131 * Safe parsed data to be used with databases 0132 */ 0133 // Use instead of accessing $_GET 0134 //obsolete? port to secure_get 0135 public static function db_get($key){ 0136 if(isset(EHeaderDataParser::$gets[$key])){ 0137 if(EHeaderDataParser::$quotes){ 0138 return EHeaderDataParser::$gets[$key]; 0139 } else { 0140 return EDatabase::safe(EHeaderDataParser::$gets[$key]); 0141 } 0142 } else { 0143 return false; 0144 } 0145 } 0146 //usability rename 0147 public static function secure_get($key){ 0148 return EHeaderDataParser::db_get($key); 0149 } 0150 0151 0152 // Use instead of accessing $_POST 0153 //obsolete? port to secure_post 0154 public static function db_post($key){ 0155 if(isset(EHeaderDataParser::$posts[$key])){ 0156 if(EHeaderDataParser::$quotes){ 0157 return EHeaderDataParser::$posts[$key]; 0158 } else { 0159 return EDatabase::safe(EHeaderDataParser::$posts[$key]); 0160 } 0161 } else { 0162 return false; 0163 } 0164 } 0165 //usability rename 0166 public static function secure_post($key){ 0167 return EHeaderDataParser::db_post($key); 0168 } 0169 0170 /* 0171 * Manually adding values to module 0172 * 0173 * Can be useful when using EModel automatic database management 0174 */ 0175 public static function add_post($key,$value){ 0176 if(!isset(EHeaderDataParser::$posts[$key])){ 0177 EHeaderDataParser::$posts[$key] = $value; 0178 } //else ignored 0179 } 0180 0181 public static function add_get($key,$value){ 0182 if(!isset(EHeaderDataParser::$gets[$key])){ 0183 EHeaderDataParser::$gets[$key] = $value; 0184 } //else ignored 0185 } 0186 0187 /* 0188 * Loads GET/POST data from parsing an html string 0189 */ 0190 public static function add_from_string($str){ 0191 $chunks = explode("&", $str); 0192 0193 foreach($chunks as $chunk){ 0194 $data = explode("=", $chunk); 0195 EHeaderDataParser::add_get($data[0],$data[1]); 0196 } 0197 } 0198 0199 /* 0200 * Simply returns page without additional data. 0201 * Maybe to be moved to EPageProperties? 0202 */ 0203 public static function erase_get_data($url){ 0204 $url = explode("?", $url); 0205 return $url[0]; 0206 } 0207 } 0208 0209 ?>