php安全防护代码

php安全防护代码
<?php
//判断是否开启防护规则
$localtime=date('y-m-d H:i:s:ms',time());
echo $localtime . '<br>';
//error_reporting(E_ERROR);
$isopen = 1;
if(isset($_GET['op_sec_rule_open']))
$isopen =intval($_GET['op_sec_rule_open']);
//当参数值在20~2048 之间时，进⾏检查
function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$data='get'){
if(is_array($StrFiltValue))
{
$StrFiltValue=implode($StrFiltValue);
}
$length = strlen($StrFiltValue);
if($length > 20 && $length < 2048)
{
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
$sec_method = $_SERVER['REQUEST_METHOD'];
$sec_referer = '';
if(isset($_SERVER['HTTP_REFERER']))
$sec_referer = $_SERVER['HTTP_REFERER'];
$sec_uri = $_SERVER["REQUEST_URI"];
$sec_host = $_SERVER["HTTP_HOST"];
$sec_payload = '';
if($data == 'post')
{
foreach($_POST as $key=>$value){
if(empty($sec_payload))
{
$sec_payload = $key.'='.$value;
}else
{
$sec_payload =$payload.'&'.$key.'='.$value;
}
}
}else if($data == 'cookie')
{
foreach($_COOKIE as $key=>$value){
if(empty($sec_payload))
{
$sec_payload = $key.'='.$value;
}else
{
$sec_payload =$sec_payload.';'.$key.'='.$value;
}
}
}
$arr = array ('method'=>$sec_method,'referer'=>$sec_referer,'host'=>$sec_host,'url'=>$sec_uri,'payload'=>$sec_payload,'datatype' => $data); $sec_data = json_encode($arr);
// 匹配成功后，只记录暂时不终⽌
$sec_server = 'http://website80/alert_v1.php?param='.$sec_data;
//file_get_contents($sec_server);
print "vdian security notice:Illegal operation!";
//exit();
}
}
}
if($isopen == 1)
{
$getfilter="<i?frame\\b|<\\s*script\\b|<.+?>|UNION.+?SELECT|SELECT.+?FROM";
$postfilter="<\\s*script\\b|UNION.+?SELECT|SELECT.+?FROM";
$cookiefilter="UNION.+?SELECT|SELECT.+?FROM";
foreach($_GET as $key=>$value){
StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value){
StopAttack($key,$value,$postfilter,$data='post');
}
foreach($_COOKIE as $key=>$value){
StopAttack($key,$value,$cookiefilter,$data='cookie');
}
unset($getfilter);
unset($postfilter);
unset($cookiefilter);
}
unset($isopen);
$localtime=date('y-m-d H:i:s:ms',time()); echo $localtime . '<br>';
>。