?
Solved

Security function in a class

Posted on 2003-11-28
11
Medium Priority
?
285 Views
Last Modified: 2011-09-20
How can I add a function into my php class so that every page that requires the class, must have my website link and things like that otherwise an error prints out on the page???

Cheers

-OBCT
0
Comment
Question by:OBCT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 14

Expert Comment

by:ThG
ID: 9837658
Can you think of a conceptual algorithm to solve your problem? I don't think so..
If i got you correctly, something like ob_start() on inclusion, and later (maybe using register_shutdown_function()) check with ob_get_contents(), if your link is somewhere inside there..should be what you want.
Also try striptags() to remove comments, so they don't add your link inside <!-- and -->, and other output buffer control functions to modify it..
0
 

Expert Comment

by:mixmastr
ID: 9837925
class yeah {

 function test() {
 echo "test";
 }

 function bla() {
 echo "bla";
 }
}

$my = new yeah;
$my->bla();

Think this should work.
0
 

Expert Comment

by:mixmastr
ID: 9837936
Sorry, posted at the wrong post.

New to exepert exchange.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 9

Author Comment

by:OBCT
ID: 9837988
ThG,

I am fairly new to php and using its functions...could you put it in a more simple manner, or send me in the direction of a tutorial that could help me work it out myself?

Cheers

-OBCT
0
 
LVL 14

Expert Comment

by:ThG
ID: 9838520
OBCT: explain me again, more technically and more strictly what you want to do. Then, read carefully the man pages for each function i mentioned, and if you can't understand the man page go back to the basic syntax chapter.

http://www.php.net/ob_start
http://www.php.net/register_shutdown_function
0
 
LVL 9

Author Comment

by:OBCT
ID: 9840767
At the bottom of all my php pages, it has who wrote the script, the company name and copyright information. I want to be able to put a function in my class, that checks that the information is on all the pages, so if that text gets removed by a user, an error will print on the page saying that the page must contain the copyright information.
I had a look at those functions, then I checked the basic syntax but I don't know how I would use those functions in my scripts.

Cheers

-OBCT
0
 
LVL 14

Expert Comment

by:ThG
ID: 9840853
how your code look like? i'll try to write a few proof of concept lines
0
 
LVL 9

Author Comment

by:OBCT
ID: 9841123
<?php

class DB
{
      
    var $dbhost = "localhost";      
      var $dblogin = "";
      var $dbpass = "";
      var $dbname = "";
      var $dblink;      
      var $queryid;      
      var $error = array();      
      var $record = array();            
      var $totalrecords;      
      var $last_insert_id;                        

      function get_dbhost()
    {
        return $this->dbhost;
    }

      function get_dblogin()
    {
        return $this->dblogin;
    }

      function get_dbpass()
    {
        return $this->dbpass;
    }

      function get_dbname()
    {
        return $this->dbname;
    }

      function set_dbhost($value)
      {
          return $this->dbhost = $value;
      }

      function set_dblogin($value)
    {
        return $this->dblogin = $value;
    }

      function set_dbpass($value)
    {
        return $this->dbpass = $value;
    }

      function set_dbname($value)
    {
        return $this->dbname = $value;
    }


      function DB($dblogin, $dbpass, $dbname)
    {
        $this->set_dblogin($dblogin);
            $this->set_dbpass($dbpass);
            $this->set_dbname($dbname);
    }

      function connect()
    {
        $this->dblink = @mysql_pconnect($this->dbhost, $this->dblogin, $this->dbpass);
            if(!$this->dblink)
            {
                  $this->return_error("Unable to connect to the database.");
            }
            $t = @mysql_select_db($this->dbname, $this->dblink);
            if(!$t)
            {
                  $this->return_error("Unable to change databases.");
            }
            return $this->dblink;

    }


      function disconnect()
    {
        if($this->dblink)
            {      
                  $test = @mysql_close($this->dblink);
                  if(!$test)
                  {
                        $this->return_error("Unable to close the connection.");
                  }
            }
            else
            {
                $this->return_error("No connection open.");
            }
            unset($this->dblink);
    }


      function return_error($message)
      {
            return $this->error[] = $message." ".mysql_error().".";
      }


      function showErrors()
    {
        if($this->hasErrors())
            {
                  reset($this->error);
                  $errcount = count($this->error);
                  echo "<p>Error(s) found: <b>'$errcount'</b></p>\n";

                  while(list($key, $val) = each($this->error))
                  {
                        echo "<li>$val</li><br>\n";
                  }
                  $this->resetErrors();
            }
    }


      function hasErrors()
    {
        if(count($this->error) > 0)
            {
                  return true;
            }
            else
            {
                  return false;
            }
    }


      function resetErrors()
    {
        if($this->hasErrors())
            {
                  unset($this->error);
                  $this->error = array();
            }
    }


      function query($sql)
    {
            if(empty($this->dblink))
            {      
                  $this->connect();
            }
        $this->queryid = @mysql_query($sql, $this->dblink);
            if(!$this->queryid)
            {
                  $this->return_error("Unable to perform the query <b>'$sql'</b>.");
            }
            return $this->queryid;
    }


      function fetchRow()
    {
            if(isset($this->queryid))
            {
              return $this->record = @mysql_fetch_array($this->queryid);
            }
            else
            {
                  $this->return_error("No query specified.");
            }
    }


      function fetchLastInsertId()
      {
            $this->last_insert_id = @mysql_insert_id($this->dblink);
            if(!$this->last_insert_id)
            {
                  $this->return_error("Unable to get the last inserted id from MySQL.");
            }
            return $this->last_insert_id;
      }


      function resultCount()
    {
        $this->totalrecords = @mysql_num_rows($this->queryid);
            if(!$this->totalrecords)
            {
                  $this->return_error("Unable to count the number of rows returned");
            }
            return $this->totalrecords;
    }


      function resultExist()
    {
            if(isset($this->queryid) && ($this->resultCount() > 0))
            {
                  return true;
            }
            return false;
    }


      function clear($result = 0)
    {
            if($result != 0)
            {
                  $t = @mysql_free_result($result);
                  if(!$t)
                  {
                        $this->return_error("Unable to free the results from memory");
                  }
            }
            else
            {
                  if(isset($this->queryid))
                  {
                        $t = @mysql_free_result($this->queryid);
                        if(!$t)
                        {
                              $this->return_error("Unable to free the results from memory (internal).");
                        }
                  }
                  else
                  {
                      $this->return_error("No SELECT query performed, so nothing to clear.");
                  }
            }
      }

}

?>
0
 
LVL 7

Expert Comment

by:petoskey-001
ID: 9841619
Modify your class as follows....

class DB {
......... lots of functions cut ..............

   function DB($dblogin, $dbpass, $dbname)
    {
          $this->set_dblogin($dblogin);
          $this->set_dbpass($dbpass);
          $this->set_dbname($dbname);

          // requires you to change the function def as follows  
          //      function DB($dblogin, $dbpass, $dbname, $hostname)
          if ($_SERVER["SERVER_NAME"] <> $hostname) {
             die('Invalid Domain Name');
          }          
         // or the slightly less portable, harder to detect outside the class
          if ($_SERVER["SERVER_NAME"] <> "www.example.com") {
             die('Invalid Domain Name');
          }          

          // check "other things like that"
          if (not something else that must be ) {
             die('Something else is missing');
          }
    }
.......... lots more cut ................
}

That should do it.
0
 
LVL 14

Accepted Solution

by:
ThG earned 2000 total points
ID: 9842200
No I disagree.

OBCT, I think your file is being used someway like "include yourfile.php" from the third parties scripts, and your object's instance is created in the earlier steps of execution.
So I think it would go like this:

ob_start();
function check_sig() {
  if (!strstr(ob_get_contents(), "http://your_host/credits.htm")) {
     ob_clean();
     print "Error: you must give credits to my beautiful work!";
  }
}
register_shutdown_function("check_sig");

class DB {
...
}
0
 
LVL 7

Expert Comment

by:petoskey-001
ID: 9844114
Ah I see - I was thinking you didn't want the script taken from your site.  To check for the existence of a link in the output, you will need to scan the output buffer as ThG pointed out.  His code should work fine.  
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question