ANTI.PHP<?php// ANTI SQLiif(isset($_GET['id']) && is_numeric($_GET['id']

1. ANTI.PHP
2.  
3. <?php
4. // ANTI SQLi
5. if(isset($_GET['id']) && is_numeric($_GET['id']))
6. {
7. $id = $_GET['id'];
8. }
9. elseif(!is_numeric($_GET['id']))
10. {
11. mysql_query("INSERT INTO ban(ip) values('".$_SERVER['REMOTE_ADDR']."')") or die("Pokusaj hakerskog napada!");
12. die("Banovani ste zbog pokusaja hakerskog napada.");
13. }
14. // END - ANTI SQLi
15.  
16.  
17. // ANTI XSS
18. function anti_xss($text)
19. {
20. $filter = array (
21. "&" => "&",
22. "<" => "<",
23. ">" => ">",
24. "'" => "&#039;",
25. );
26. return str_replace(array_keys($filter), array_values($filter), $text);
27. }
28. // END - ANTI XSS
29. ?>
30.  
31. FAJL.PHP
32.  
33.  
34. <?php
35. echo"Conf";
36. ?>
37.  
38. <?php
39. // ZASTITA NE DIRATI
40.  
41. // ANTI SQLi
42. if(isset($_GET["id"]) && is_numeric($_GET["id"]))
43. {
44. $id = $_GET["id"];
45. }
46. elseif(!is_numeric($_GET["id"]))
47. {
48. mysql_query("INSERT INTO ban(ip) values('".$_SERVER['REMOTE_ADDR']."')") or die("Pokusaj hakerskog napada!");
49. die("Banovani ste zbog pokusaja hakerskog napada.");
50. }
51. // END - ANTI SQLi
52.  
53.  
54. // ANTI XSS
55. function anti_xss($text)
56. {
57. $filter = array (
58. "&" => "&",
59. "<" => "<",
60. ">" => ">",
61. "'" => "&#039;",
62. );
63. return str_replace(array_keys($filter), array_values($filter), $text);
64. }
65. // END - ANTI XSS
66. ?>
67.  
68. INSTALL.PHP
69.  
70. <?php
71. $host = 'localhost';
72. $db = 'film';
73. $user = 'root';
74. $pass = '';
75. $file = 'fajl.php';
76.  
77. if($file == '') {
78. die("Molimo unesite ime fajla.");
79. }
80.  
81. $conn = mysql_connect($host, $user, $pass) or die('Pogresan username/password ili host mySQL baze.');
82. mysql_select_db($db, $conn) or die('Baza ne postoji.');
83.  
84. mysql_query("CREATE TABLE IF NOT EXISTS `ban` (
85. `id` int(10) NOT NULL AUTO_INCREMENT,
86. `ip` varchar(30) NOT NULL,
87. PRIMARY KEY (`id`)
88. ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;") or die("Korak 1: Greska: Table nisu uspesno instalirane.");
89.  
90. echo"Korak 1: Teble su uspesno unete!<br>";
91.  
92. $fincl = fopen($file, "a");
93. fwrite($fincl, "\r\n");
94. fwrite($fincl, "\r\n");
95. fwrite($fincl, "<?php\r\n");
96. fwrite($fincl, "// ZASTITA NE DIRATI \r\n");
97. fwrite($fincl, "\r\n");
98. fwrite($fincl, "// ANTI SQLi\r\n");
99. fwrite($fincl, "if(isset(\$_GET[\"id\"]) && is_numeric(\$_GET[\"id\"]))\r\n");
100. fwrite($fincl, " {\r\n");
101. fwrite($fincl, " \$id = \$_GET[\"id\"];\r\n");
102. fwrite($fincl, " }\r\n");
103. fwrite($fincl, "elseif(!is_numeric(\$_GET[\"id\"]))\r\n");
104. fwrite($fincl, " {\r\n");
105. fwrite($fincl, " mysql_query(\"INSERT INTO ban(ip) values('\".\$_SERVER['REMOTE_ADDR'].\"')\") or die(\"Pokusaj hakerskog napada!\");\r\n");
106. fwrite($fincl, " die(\"Banovani ste zbog pokusaja hakerskog napada.\");\r\n");
107. fwrite($fincl, " }\r\n");
108. fwrite($fincl, "// END - ANTI SQLi\r\n");
109. fwrite($fincl, "\r\n");
110. fwrite($fincl, "\r\n");
111. fwrite($fincl, "// ANTI XSS\r\n");
112. fwrite($fincl, "function anti_xss(\$text)\r\n");
113. fwrite($fincl, "{\r\n");
114. fwrite($fincl, "\$filter = array (\r\n");
115. fwrite($fincl, " \"&\" => \"&\",\r\n");
116. fwrite($fincl, " \"<\" => \"<\",\r\n");
117. fwrite($fincl, " \">\" => \">\",\r\n");
118. fwrite($fincl, " \"'\" => \"&#039;\",\r\n");
119. fwrite($fincl, " );\r\n");
120. fwrite($fincl, "return str_replace(array_keys(\$filter), array_values(\$filter), \$text);\r\n");
121. fwrite($fincl, "}\r\n");
122. fwrite($fincl, "// END - ANTI XSS\r\n");
123. fwrite($fincl, "?>\r\n");
124. fclose($fincl) or die("Instalacija nije uspela.");
125.  
126. echo"Korak 2: Include fajla je dovrsen.<br>";
127. echo"INSTALACIJA JE DOVRSENA!";
128. ?>