??????????????????
????????????:
<??php
function customerror($errno?? $errstr?? $errfile?? $errline)
{
echo <b>error number:</b> [$errno]??error on line $errline in $errfile<br />;
die();
}
set_error_handler(customerror??e_error);
$getfilter='|(and|or)\b.+??(>|<|=|in|like)|\/\*.+??\*\/|< \s*script\b|\bexec\b|union.+??select|update.+??set|insert \s+into.+??values|(select|delete).+??from|(create|alter|drop|truncate) \s+(table|database);
$postfilter=\b(and|or)\b.{1??6}??(=|>|<|\bin\b|\blike\b)|\/ \*.+??\*\/|<\s*script\b|\bexec \b|union.+??select|update.+??set|insert\s+into.+??values| (select|delete).+??from|(create|alter|drop|truncate)\s+(table|database);
$cookiefilter=\b(and|or)\b.{1??6}??(=|>|<|\bin\b|\blike\b)|\/ \*.+??\*\/|<\s*script\b|\bexec \b|union.+??select|update.+??set|insert\s+into.+??values| (select|delete).+??from|(create|alter|drop|truncate)\s+(table|database);
function stopattack($strfiltkey??$strfiltvalue??$arrfiltreq)
{
if(is_array($strfiltvalue))
{
$strfiltvalue=implode($strfiltvalue);
}
if (preg_match(/.$arrfiltreq./is??$strfiltvalue)==1&&!isset($_request['securitytoken']))
{
slog(<br><br>????ip: .$_server[remote_addr].<br>???????: .strftime(%y-%m-%d %h:%m:%s).<br>???????:.$_server[php_self].<br>?????: .$_server[request_method].<br>??????: .$strfiltkey.<br>??????: .$strfiltvalue);
print result notice:illegal operation!;
exit();
}
}
foreach($_get as $key=>$value)
{
stopattack($key??$value??$getfilter);
}
foreach($_post as $key=>$value)
{
stopattack($key??$value??$postfilter);
}
foreach($_cookie as $key=>$value)
{
stopattack($key??$value??$cookiefilter);
}
function slog($logs)
{
$toppath=log.htm;
$ts=fopen($toppath??a+);
fputs($ts??$logs. );
fclose($ts);
}
??>