Файл: files/db.php
Строк: 35
<?
defined('PROTECTOR') or die('Error: restricted access');
session_start();
$db_host = "localhost";
$db_user = "root";
$db_table = "sidonia";
$db_pass = "";
$connect = @ mysql_pconnect($db_host, $db_user, $db_pass) or die('cannot connect to server');
@ mysql_select_db($db_table) or die('cannot connect to db');
@ mysql_query("SET NAMES 'utf8'", $connect);
##################### Класс борьбы с SQL атаками ################
include('files/path.php');
##################### Класс борьбы с SQL атаками ################
////Класс защиты
foreach($_GET as $rttt){
if(is_numeric($rttt)){
$rttt = abs(intval($rttt));
}
if(preg_match('/include|asc|--|select|union|update|from|where|eval|glob|include|require|script|shell|BENCHMARK|CONCAT|INSERTb/i', $rttt)){
$source = 'USER: '.$_SERVER['REMOTE_ADDR'].' | FILE: '.htmlspecialchars($_SERVER["REQUEST_URI"]).'
';
$file = htmlspecialchars($_SERVER['DOCUMENT_ROOT']).'/files/log_antihack.txt';
$Saved_File = fopen($file, 'a+');
fwrite($Saved_File, $source);
fclose($Saved_File);
header("Refresh: 2;url=/".SID);
exit('Antihack!');
}
$rttt = htmlspecialchars(mysql_real_escape_string($rttt));
}
foreach($_POST as $rttt){
if(is_numeric($rttt)){
$rttt = abs(intval($rttt));
}else{
$rttt = htmlspecialchars(mysql_real_escape_string($rttt));
}
}
foreach($_SESSION as $rttt){
$rttt = htmlspecialchars(mysql_real_escape_string($rttt));
}
foreach($_COOKIE as $rttt){
$rttt = htmlspecialchars(mysql_real_escape_string($rttt));
}
$id = isset($_GET['id'])?abs(intval($_GET['id'])):NULL;
?>