67 lines
2.1 KiB
PHP
67 lines
2.1 KiB
PHP
<?php
|
||
define("IN_XSS_PLATFORM",true);
|
||
ignore_user_abort(true);
|
||
error_reporting(0);
|
||
|
||
//sometimes we only need "referfer".
|
||
/*
|
||
if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0)
|
||
exit();
|
||
*/
|
||
header("Access-Control-Allow-Origin:*");
|
||
require_once("functions.php");
|
||
require_once("dio.php");
|
||
require_once("config.php");
|
||
|
||
$info = array();
|
||
|
||
$user_IP = isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:"unknown";
|
||
$user_port = isset($_SERVER['REMOTE_PORT'])?$_SERVER['REMOTE_PORT']:"unknown";
|
||
$protocol = isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:"unknown";
|
||
$request_method = isset($_SERVER['REQUEST_METHOD'])?$_SERVER['REQUEST_METHOD']:"unknown";
|
||
$request_URI = isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:"unknown";
|
||
$request_time = isset($_SERVER['REQUEST_TIME'])?$_SERVER['REQUEST_TIME']:time();
|
||
|
||
$headers_data =getallheaders();
|
||
|
||
//如果提交的数据有base64编码的就解码
|
||
$get_data=$_GET;
|
||
$decoded_get_data=tryBase64Decode($_GET);
|
||
$post_data=$_POST;
|
||
$decoded_post_data=tryBase64Decode($_POST);
|
||
$cookie_data=$_COOKIE;
|
||
$decoded_cookie_data=tryBase64Decode($_COOKIE);
|
||
|
||
//防xss过滤,对array要同时处理key与value
|
||
$info['user_IP'] = stripStr($user_IP);
|
||
$info['user_port'] = stripStr($user_port);
|
||
$info['protocol'] = stripStr($protocol);
|
||
$info['request_method'] = stripStr($request_method);
|
||
$info['request_URI'] = stripStr($request_URI);
|
||
$info['request_time'] = stripStr($request_time);
|
||
$info['headers_data'] = stripArr($headers_data);
|
||
|
||
$info['get_data'] = stripArr($get_data);
|
||
if($decoded_get_data)
|
||
$info['decoded_get_data'] = stripArr($decoded_get_data);
|
||
|
||
$info['post_data'] = stripArr($post_data);
|
||
if($decoded_post_data)
|
||
$info['decoded_post_data'] = stripArr($decoded_post_data);
|
||
|
||
$info['cookie_data'] = stripArr($cookie_data);
|
||
if($decoded_cookie_data)
|
||
$info['decoded_cookie_data'] = stripArr($decoded_cookie_data);
|
||
|
||
//判断是否keepsession(判断标准:get或者post或者cookie包含keepsession=1)
|
||
$info['keepsession']=isKeepSession($info)?true:false;
|
||
|
||
save_xss_record(json_encode($info),$request_time);
|
||
|
||
//发送邮件通知
|
||
if(MAIL_ENABLE) {
|
||
require_once("mail.php");
|
||
send_mail($info);
|
||
}
|
||
|
||
?>
|