/no_paste/page/65.php - Nessuno's space

## No_paste ##

Title: noSentinel v 0.0.1
Author: nessuno
Syntax highlighting: php
 
<?php
class noSentinel
{
    #### you MUST modify this email, whit your! ####
    protected $ADMIN_noSentinel = 	"your@address.here";
    #### if you want you can modify this file name (that are the databases)####
    ### do NOT remove the slashes before file names! ###
    protected $XSS_noSentinel =	"/xss.txt";
    protected $COUNT_noSentinel = 	"/count.txt";
    protected $NUMERIC_noSentinel = "/numeric.txt";
    protected $AGENT_noSentinel = 	"/agent.txt";
    protected $BAN_noSentinel = 	"/ban.txt";
    protected $SQL_noSentinel = 	"/sql.txt";
		#### do not touch nothing else ####
    protected $to_merge =	array();
    protected $path	=	NULL;
    public $get =			array();
    public $post =		array();
    public $cookie = 		array();
    public $request = 		array();
    public $counter = 		NULL;
    public $version = 		"0.0.1";
 
    #constrctor
    public function __construct( $a = NULL, $b = NULL, $c = NULL, $d = NULL )
    {
	  if( (strtolower(trim($a)) == "entities") )
		$this->entities();
 
	  $this->to_merge[1] = $this->to_merge[2] = $this->to_merge[3] = NULL;
 
	  if( ( $b === $_REQUEST ) || ( $c === $_REQUEST ) || ( $d === $_REQUEST ) )
		foreach($_REQUEST as $id => $val)
		    $this->request[$id] = $val;
	  else
	  {
		if( $b !== NULL )
		{
		    foreach($b as $id => $val)
			  $this->get[$id] = $val;
		    $this->to_merge[1] = 1;
		}
 
		if( $c !== NULL )
		{
		    foreach($c as $id => $val)
			  $this->post[$id] = $val;
		    $this->to_merge[2] = 1;
		}
 
		if( $d !== NULL )
		{
		    foreach($d as $id => $val)
			  $this->cookie[$id] = $val;
		    $this->to_merge[3] = 1;
		}
 
		$this->request = array_merge( (NULL !== $this->to_merge[1]) ? $this->get : array() , (NULL !== $this->to_merge[2]) ? $this->post : array() , (NULL !== $this->to_merge[3]) ? $this->cookie : array() );
	  }
 
	  $this->path = dirname(__FILE__);
	  $this->counter = intval( file_get_contents( $this->path.$this->COUNT_noSentinel ) );
	  $this->user_agent( $_SERVER["HTTP_USER_AGENT"] );
	  $this->ban(CHECK);
 
    }
 
    #private functions
    private function add_counter()
    {
	  $this->counter++;
	  if($fp = @fopen($this->path.$this->COUNT_noSentinel,'w'))
	  {
		fwrite($fp,$this->counter);
		fclose($fp);
	  }
	  else echo "<span style=\"color:#FF0000;font-size:7pt;\">Error saving counter file in ". $this->COUNT_noSentinel ."</span>\n";
    }
 
    private function set_var($name)
    {
	  echo "<span style=\"color:#FF0000;font-size:7pt;\">Request value NOT isset! (function: <strong>". $name ."</strong>)</span><br />\n";
    }
 
    private function user_agent($var)
    {
	  $var = strtolower($var);
	  if(preg_match("@<+[^*]+>|acunetix|scanner|libwww-perl@m",$var))
	  {
		$this->add_counter();
		if($fp = @fopen($this->path.$this->AGENT_noSentinel,'a'))
		    {
			  fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - AGENT: ". $_SERVER["HTTP_USER_AGENT"] ." - DATE & TIME: " .date('d m Y - H:i,s'). "\n");
			  fclose($fp);
			  $this->ban(ADD);
		    }
		else echo "<span style=\"color:#FF0000;font-size:8pt;\">Error saving counter file in " . $this->AGENT_noSentinel ."</span>";
		die("<center>You must change user agent to view this page<br /><a href=\"http://nessuno.gotdns.org/\">noSentinel</a></center>");
	  }
    }
 
    private function ban($opt)
    {
	  $ip = $_SERVER["REMOTE_ADDR"];
	  if($opt == "ADD")
	  {
		if(filesize($this->path.$this->BAN_noSentinel) == 0)
		    if($fp = @fopen($this->path.$this->BAN_noSentinel,'w'))
		    {
			  fwrite($fp,"127.0.1.1{}0\n");
			  fclose($fp);
		    }
		    else echo "Error opening ban file (". $this->BAN_noSentinel .") to add first IP. Check permission";
 
		$arr = file($this->path.$this->BAN_noSentinel);
		for($i = 0;$i<count($arr);$i++)
		    {
			  $list[$i][0] = substr($arr[$i],0,strpos("{}",$arr[$i])-4);
			  $list[$i][1] = (int) substr($arr[$i],-2);
		    }
		//cerchiamo l'ip nella prima colonna della matrice
		$find_ip = false;
		for($i = 0;$i<count($arr);$i++)
			  if($ip == $list[$i][0])
			  {
				$find_ip = true;
				if($list[$i][1]>=3)
				{
				    die('<center>You\'ve been Banned by <a href="http://nessuno.gotdns.org/">noSentinel</a><br />reason: 3 hack attempt detected from your IP<br /><br />If you want to be unbanned send a mail to the <a href="mailto:'. $this->ADMIN_noSentinel .'>admin</a></center>');
				}
				else $list[$i][1]++;
				break;
			  }
		if(!$find_ip)
		{
		    $list[$i][0] = $ip;
		    $list[$i][1] = 1;
		    $dest = count($arr)+1;
		}
		else $dest = count($arr);
 
		//creiamo la nuova stringa e salviamola
		$str='';
		for($i = 0;$i<$dest;$i++)
		{
		    $str.=$list[$i][0]."{}";
		    $str.=$list[$i][1]."\n";
		}
		file_put_contents($this->path.$this->BAN_noSentinel,$str);
		unset($str,$dest,$list);
	  }
	  if($opt == "CHECK")
	  {
		if(filesize($this->path.$this->BAN_noSentinel) == 0)
		    if($fp = @fopen($this->path.$this->BAN_noSentinel,'w'))
		    {
			  fwrite($fp,"127.0.1.1{}0\n");
			  fclose($fp);
		    }
		    else echo "Error opening ban file (".$this->BAN_noSentinel.") to add first IP, check permission";
		$arr = file($this->path.$this->BAN_noSentinel);
		//creiamo la matrice
		for($i = 0;$i<count($arr);$i++)
		    {
			  $list[$i][0] = substr($arr[$i],0,strpos("{}",$arr[$i])-4);
			  $list[$i][1] = (int) substr($arr[$i],-2);
		    }
		//cerchiamo l'ip nella prima colonna della matrice
		for($i = 0;$i<count($arr);$i++)
			  if($ip == $list[$i][0])
			  {
				if($list[$i][1]>=3)
				    die('<center>You\'ve been Banned by <a href="http://nessuno.gotdns.org/">noSentinel</a><br />reason: 3 hack attempt detected from your IP<br /><br />If you want to be unbanned send a mail to the <a href="mailto:'.$this->ADMIN_noSentinel.'>admin</a></center>');
				break;
			  }
		unset($arr,$list);
	  }
    }
 
    #public functions
    public function show_counter()
    {
	  echo '<span style="font-size:7pt;"><a href="http://nessuno.gotdns.org/">noSentinel</a> Attack locked: '. $this->counter ."</span>";
    }
 
    public function show_version()
    {
	  echo "<span style=\"font-size:5pt\"><a href=\"http://nessuno.gotdns.org\">noSentinel</a>, version: <strong>".$this->version."</strong></span>";
    }
 
    public function banner()
    {
	  echo '<br /><div align="center" style="font-size:9pt; margin:2pt;"><strong><a href="http://nessuno.gotdns.org/">noSentinel/</a></strong><br />
	  <strong><a href="http://nessuno.gotdns.org/forum/">Forum</a><br /></strong></div>';
    }
 
    public function entities($opt = NULL)
    {
	  if($opt !== NULL)
	  {
		switch($opt)
		{
		    case "GET":
			  foreach($_GET as $id => $value)
				$_GET[$id] = htmlentities($value);
			  break;
 
		    case "POST":
			  foreach($_POST as $id => $value)
				$_POST[$id] = htmlentities($value);
			  break;
 
		    case "COOKIE":
			  foreach($_COOKIE as $id => $value)
				$_COOKIE[$id] = htmlentities($value);
			  break;
 
		    case "REQUEST":
			  foreach($_REQUEST as $id => $value)
				$_REQUEST[$id] = htmlentities($value);
			  break;
		}
	  }
	  else
	  {
		foreach($_GET as $id => $value)
		    $_GET[$id] = htmlentities($value);
		foreach($_POST as $id => $value)
		    $_POST[$id] = htmlentities($value);
		foreach($_COOKIE as $id => $value)
		    $_COOKIE[$id] = htmlentities($value);
		foreach($_REQUEST as $id => $request)
		    $_REQUEST[$id] = htmlentities($value);
	  }
    }
 
    #functions for single value, NOT ARRAY but only one elements of them
    public function numeric_id_check($var_id, $opt = NULL)
    {
	  if(isset($this->request[$var_id]))
	  {
		if(!is_numeric($this->request[$var_id]) && !empty($this->request[$var_id]))
		{
		    $this->add_counter();
		    if($fp = @fopen($this->path.$this->NUMERIC_noSentinel,'a'))
		    {
			  fwrite($fp,"IP: ". $_SERVER['REMOTE_ADDR'] ." - PAGE: ". $_SERVER['PHP_SELF'] ." - QUERY: ". $this->request[$var_id]. " - DATE & TIME: " .date('d m Y - H:i,s'). "\n");
			  fclose($fp);
		    }
		    else echo "<span style=\"color:#FF0000;font-size:8pt;\">Error saving counter file in " .$this->NUMERIC_noSentinel ."</span>";
		    if($opt == "BAN")
			  $this->ban(ADD);
		    return false;
		}
		else return true;
	  }
	  else
	  {
		$this->set_var( __FUNCTION__ );
		return true;
	  }
    }
 
    public function xss_id_check($var_id,$opt = NULL)
    {
	  if(isset($this->request[$var_id]))
	  {
		if(is_array($this->request[$var_id]))
		    foreach($this->request[$var_id] as $id => $value)
			  $this->xss_check($this->request[$var_id][$id]);
		else
		{
		    $acca = urlencode(strtolower(trim($this->request[$var_id])));
		    if(!empty($this->request[$var_id]) && preg_match("@%26%23[0-9]+|%3C+[^*]+%3E|string\.+fromcharcode|%5C\.[uU]003[cC]+[^*]+%5C\.[uU]003[cC]@m",$acca))
		    {
			  $this->add_counter();
			  if($fp = @fopen($this->path.$this->XSS_noSentinel,'a'))
			  {
				fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n");
				fclose($fp);
				unset($acca);
			  }
			  else echo "<span style=\"color:#FF0000;font-size:7pt;\">Error saving counter file in ".$this->XSS_noSentinel ."</span>";
			  if($opt == "BAN")
				$this->ban(ADD);
			  return false;
		    }
		    else return true;
		}
	  }
	  else
	  {
		$this->set_var( __FUNCTION__ );
		return true;
	  }
    }
 
    public function sql_id_check($var_id,$opt = NULL)
    {
	  if(isset($this->request[$var_id]))
	  {
		if(is_array($this->request[$var_id]))
		    foreach($this->request[$var_id] as $id => $value)
			  $this->sql_check($this->request[$var_id][$id]);
		else
		{
		    $acca = strtolower(trim($this->request[$var_id]));
		    if(!empty($this->request[$var_id]) && preg_match("@^'|^\\\"|^-[0-9]+@",$acca))
		    {
			  $this->add_counter();
			  if($fp = @fopen($this->path.$this->SQL_noSentinel,'a'))
			  {
				fwrite($fp,"IP: ".$_SERVER['REMOTE_ADDR']." - PAGE: ".$_SERVER['PHP_SELF']." - XSS: ".urldecode($acca)." - DATE & TIME: ".date('d m Y - H:i,s')."\n");
				fclose($fp);
			  }
			  else echo "<span style=\"color:#FF0000;font-size:7pt;\">Error saving counter file in ".$this->SQL_noSentinel ."</span>";
			  if($opt == "BAN")
				$this->ban(ADD);
			  return false;
		    }
		    else return true;
		}
	  }
	  else
	  {
		$this->set_var( __FUNCTION__ );
		return true;
	  }
    }
 
    public function numeric_check($var, $opt = NULL)
    {
	  $ret = true;
	  if(in_array($var,$this->request))
		foreach($this->request as $id => $value)
		    if($var == $value)
		    {
			  $ret = $this->numeric_id_check($id,$opt);
			  break;
		    }
	  return $ret;
    }
 
    public function xss_check($var, $opt = NULL)
    {
	  $ret = true;
	  if(in_array($var,$this->request))
		foreach($this->request as $id => $value)
		    if($var == $value)
		    {
			  $ret = $this->xss_id_check($id,$opt);
			  break;
		    }
	  return $ret;
    }
 
    public function sql_check($var, $opt = NULL)
    {
	  $ret = true;
	  if(in_array($var,$this->request))
		foreach($this->request as $id => $value)
		    if($var == $value)
			  {
				$ret = $this->sql_id_check($id,$opt);
				break;
			  }
	  return $ret;
    }
}
 
?>
Text version