PHP Security::log方法代码示例

 /**
  * If a file is posted beyond php's posting limits, it will drop the
  * POST without an error message. checkOverPost sends the user to an
  * overpost error page.
  */
 public static function checkOverPost()
 {
     if (!isset($_GET['check_overpost'])) {
         return true;
     } elseif (empty($_POST) && isset($_SERVER['CONTENT_LENGTH'])) {
         Security::log(_('User tried to post a file beyond server limits.'));
         PHPWS_Core::errorPage('overpost');
     }
     return true;
 }

 public static function disallow($message = null)
 {
     if (!isset($message)) {
         $message = dgettext('users', 'Improper permission level for action requested.');
     }
     Security::log($message);
     PHPWS_Core::errorPage('403');
 }

/* Security against those with register globals = on */
if (ini_get('register_globals')) {
    ini_set('register_globals', FALSE);
    foreach ($_REQUEST as $requestVarName => $nullIT) {
        unset($requestVarName);
    }
    unset($nullIT);
}
/* Attempts to turn off use_trans_sid if enabled */
if (ini_get('session.use_trans_sid')) {
    ini_set('session.use_trans_sid', FALSE);
    ini_set('url_rewriter.tags', '');
}
// Attempt to clean out the xss tags
if (!PHPWS_Core::allowScriptTags() && (!checkUserInput($_SERVER['REQUEST_URI']) || !checkUserInput($_REQUEST))) {
    Security::log(_('Attempted cross-site scripting attack.'));
    PHPWS_Core::errorPage('400');
}
/**
 * Checks for <script> embedding and any double-URL-encoded data
 * 
 * @return bool
 */
function checkUserInput($input)
{
    $scripting = '/(%3C|<|&lt;|&#60;)\\s*(script|\\?)/iU';
    $asciiChars = '/%(0|1)(\\d|[a-f])/i';
    // Call recursively if input is an array
    if (is_array($input)) {
        foreach ($input as $input_val) {
            if (!checkUserInput($input_val)) {

 public function postForgot(&$content)
 {
     if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) {
         $content = dgettext('users', 'You must enter either a username or email address.');
         return false;
     }
     if (!empty($_POST['fg_username'])) {
         $username = $_POST['fg_username'];
         if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) {
             $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
             return false;
         }
         $db = new PHPWS_DB('users');
         $db->addWhere('username', strtolower($username));
         $db->addColumn('email');
         $db->addColumn('id');
         $db->addColumn('deity');
         $db->addColumn('authorize');
         $user_search = $db->select('row');
         if (PHPWS_Error::logIfError($user_search)) {
             $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
             return false;
         } elseif (empty($user_search)) {
             $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
             return false;
         } else {
             if ($user_search['deity'] && !ALLOW_DEITY_FORGET) {
                 Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.'));
                 $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
                 return false;
             }
             if ($user_search['authorize'] != 1) {
                 $content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact'));
                 return false;
             }
             if (PHPWS_Core::isPosted()) {
                 $content = dgettext('users', 'Please check your email for a response.');
                 return true;
             }
             if (empty($user_search['email'])) {
                 $content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.');
                 PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot');
                 return true;
             }
             if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) {
                 $content = dgettext('users', 'We have sent you an email to reset your password.');
                 return true;
             } else {
                 $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
                 return true;
             }
         }
     } elseif (!empty($_POST['fg_email'])) {
         $email = $_POST['fg_email'];
         if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) {
             $content = dgettext('users', 'Email address not found. Please try again.');
             return false;
         }
         if (!PHPWS_Text::isValidInput($email, 'email')) {
             $content = dgettext('users', 'Email address not found. Please try again.');
             return false;
         }
         $db = new PHPWS_DB('users');
         $db->addWhere('email', $email);
         $db->addColumn('username');
         $user_search = $db->select('row');
         if (PHPWS_Error::logIfError($user_search)) {
             $content = dgettext('users', 'Email address not found. Please try again.');
             return false;
         } elseif (empty($user_search)) {
             $content = dgettext('users', 'Email address not found. Please try again.');
             return false;
         } else {
             if (PHPWS_Core::isPosted()) {
                 $content = dgettext('users', 'Please check your email for a response.');
                 return true;
             }
             if (User_Action::emailUsernameReminder($user_search['username'], $email)) {
                 $content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.');
                 return true;
             } else {
                 $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
                 return true;
             }
         }
     }
 }

 public static function rememberLogin()
 {
     if (!isset($_SESSION['User'])) {
         return false;
     }
     $remember = PHPWS_Cookie::read('remember_me');
     if (!$remember) {
         return false;
     }
     $rArray = @unserialize($remember);
     if (!is_array($rArray)) {
         return false;
     }
     if (!isset($rArray['username']) || !isset($rArray['password'])) {
         return false;
     }
     if (preg_match('/\\W/', $rArray['password'])) {
         return false;
     }
     $username = strtolower($rArray['username']);
     if (preg_match('/\'|"/', html_entity_decode($username, ENT_QUOTES))) {
         Security::log(dgettext('users', 'User tried to login using Remember Me with a malformed cookie.'));
         return false;
     }
     $db = new PHPWS_DB('user_authorization');
     $db->addWhere('username', $username);
     $db->addWhere('password', $rArray['password']);
     $result = $db->select('row');
     if (!$result) {
         return false;
     } elseif (PHPWS_Error::isError($result)) {
         PHPWS_Error::log($result);
         return false;
     }
     $db2 = new PHPWS_DB('users');
     $db2->addWhere('username', $username);
     $db2->addWhere('approved', 1);
     $db2->addWhere('active', 1);
     if (!ALLOW_DEITY_REMEMBER_ME) {
         $db2->addWhere('deity', 0);
     }
     $result = $db2->loadObject($_SESSION['User']);
     if (!$result) {
         return false;
     } elseif (PHPWS_Error::isError($result)) {
         PHPWS_Error::log($result);
         return false;
     }
     $_SESSION['User']->login();
     return true;
 }