WEB开发笔记 www.chhua.com 每日练习 PHP数据提交类

在之前,我写过一个关于PHP的数据提交类,只是那个类,有一点问题,只简单的接受一下数据还可以,没有判断数据来源的合法性,前几天,有人在PHP群(63417682)里说,通过PHP程序进行数据的反复提交,然后占用SERVER资源,从而达到SERVER瘫痪的目的,当时只是感觉好笑,那方法着实太天真。
好了,废话不多说了,下面是我写的一个数据提交的类:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
<span style="color: #000000;font-weight: bold"><?php</span>
<span style="color: #000000;font-weight: bold">class</span> request <span style="color: #009900">{</span><span style="color: #666666;font-style: italic">//基本数据提交类</span>
	<span style="color: #000000;font-weight: bold">private</span> <span style="color: #000088">$request</span><span style="color: #339933">=</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/array" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">array</span></a><span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #339933">;</span>
 
	<span style="color: #000000;font-weight: bold">public</span> <span style="color: #000000;font-weight: bold">function</span> __construct<span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #009900">{</span>
		<span style="color: #000088">$this</span><span style="color: #339933">-></span><span style="color: #004000">request</span><span style="color: #339933">=</span><span style="color: #000088">$this</span><span style="color: #339933">-></span><span style="color: #004000">initFromHttp</span><span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #339933">;</span>
	<span style="color: #009900">}</span>
 
	<span style="color: #000000;font-weight: bold">private</span> <span style="color: #000000;font-weight: bold">function</span> initFromHttp<span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #009900">{</span>
		<span style="color: #b1b100">if</span> <span style="color: #009900">(</span><span style="color: #009900">(</span><span style="color: #339933">!</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/empty" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">empty</span></a><span style="color: #009900">(</span><span style="color: #000088">$_POST</span><span style="color: #009900">)</span><span style="color: #009900">)</span>or<span style="color: #009900">(</span><span style="color: #339933">!</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/empty" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">empty</span></a><span style="color: #009900">(</span><span style="color: #000088">$_GET</span><span style="color: #009900">)</span><span style="color: #009900">)</span><span style="color: #009900">)</span> <span style="color: #000088">$this</span><span style="color: #339933">-></span><span style="color: #004000">checkRequest</span><span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #339933">;</span>
		<span style="color: #b1b100">if</span> <span style="color: #009900">(</span><span style="color: #339933">!</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/empty" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">empty</span></a><span style="color: #009900">(</span><span style="color: #000088">$_POST</span><span style="color: #009900">)</span><span style="color: #009900">)</span> <span style="color: #b1b100">return</span> <span style="color: #000088">$_POST</span><span style="color: #339933">;</span>
		<span style="color: #b1b100">if</span> <span style="color: #009900">(</span><span style="color: #339933">!</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/empty" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">empty</span></a><span style="color: #009900">(</span><span style="color: #000088">$_GET</span><span style="color: #009900">)</span><span style="color: #009900">)</span> <span style="color: #b1b100">return</span> <span style="color: #000088">$_GET</span><span style="color: #339933">;</span>
		<span style="color: #b1b100">return</span> <a rel="noopener noreferrer nofollow" href="http://www.php.net/array" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">array</span></a><span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #339933">;</span>
	<span style="color: #009900">}</span>
 
	<span style="color: #000000;font-weight: bold">public</span> <span style="color: #000000;font-weight: bold">function</span> getRequest<span style="color: #009900">(</span><span style="color: #000088">$key</span><span style="color: #009900">)</span><span style="color: #009900">{</span>
		<span style="color: #b1b100">if</span> <span style="color: #009900">(</span><span style="color: #339933">!</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/array_key_exists" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">array_key_exists</span></a><span style="color: #009900">(</span><span style="color: #000088">$key</span><span style="color: #339933">,</span><span style="color: #000088">$this</span><span style="color: #339933">-></span><span style="color: #004000">request</span><span style="color: #009900">)</span><span style="color: #009900">)</span> <span style="color: #b1b100">return</span> <span style="color: #0000ff">""</span><span style="color: #339933">;</span>
		<span style="color: #b1b100">return</span> <span style="color: #000088">$this</span><span style="color: #339933">-></span><span style="color: #004000">request</span><span style="color: #009900">[</span><span style="color: #000088">$key</span><span style="color: #009900">]</span><span style="color: #339933">;</span>
	<span style="color: #009900">}</span>
 
	<span style="color: #000000;font-weight: bold">private</span> <span style="color: #000000;font-weight: bold">function</span> checkRequest<span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #009900">{</span><span style="color: #666666;font-style: italic">//判断数据来源</span>
		 <span style="color: #000088">$requestURL</span><span style="color: #339933">=</span><span style="color: #000088">$_SERVER</span><span style="color: #009900">[</span><span style="color: #0000ff">"HTTP_REFERER"</span><span style="color: #009900">]</span><span style="color: #339933">;</span> 
		 <span style="color: #000088">$requestURL</span><span style="color: #339933">=</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/substr" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">substr</span></a><span style="color: #009900">(</span><span style="color: #000088">$requestURL</span><span style="color: #339933">,</span><span style="color: #cc66cc">0</span><span style="color: #339933">,</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/strrpos" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">strrpos</span></a><span style="color: #009900">(</span><span style="color: #000088">$requestURL</span><span style="color: #339933">,</span><span style="color: #0000ff">"/"</span><span style="color: #009900">)</span><span style="color: #339933">+</span><span style="color: #cc66cc">1</span><span style="color: #009900">)</span><span style="color: #339933">;</span><span style="color: #666666;font-style: italic">//请示路径的目录</span>
		 <span style="color: #666666;font-style: italic">//exit();</span>
		  <span style="color: #666666;font-style: italic">//echo $requestURL;       //请求的URL 地址</span>
	     <span style="color: #000088">$serName</span><span style="color: #339933">=</span><span style="color: #000088">$_SERVER</span><span style="color: #009900">[</span><span style="color: #0000ff">'SERVER_NAME'</span><span style="color: #009900">]</span><span style="color: #339933">;</span>            <span style="color: #666666;font-style: italic">//主机名</span>
	     <span style="color: #000088">$path</span><span style="color: #339933">=</span><span style="color: #000088">$_SERVER</span><span style="color: #009900">[</span><span style="color: #0000ff">'PHP_SELF'</span><span style="color: #009900">]</span><span style="color: #339933">;</span>                  <span style="color: #666666;font-style: italic">//当前脚本在服务器中的路径	</span>
	     <span style="color: #000088">$serAddress</span><span style="color: #339933">=</span><span style="color: #0000ff">"http://"</span><span style="color: #339933">.</span><span style="color: #000088">$serName</span><span style="color: #339933">.</span><span style="color: #000088">$path</span><span style="color: #339933">;</span> 
	     <span style="color: #000088">$serAddress</span><span style="color: #339933">=</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/substr" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">substr</span></a><span style="color: #009900">(</span><span style="color: #000088">$serAddress</span><span style="color: #339933">,</span><span style="color: #cc66cc">0</span><span style="color: #339933">,</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/strrpos" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">strrpos</span></a><span style="color: #009900">(</span><span style="color: #000088">$serAddress</span><span style="color: #339933">,</span><span style="color: #0000ff">"/"</span><span style="color: #009900">)</span><span style="color: #339933">+</span><span style="color: #cc66cc">1</span><span style="color: #009900">)</span><span style="color: #339933">;</span> <span style="color: #666666;font-style: italic">//当前脚本在服务器中的目录</span>
	    <span style="color: #666666;font-style: italic">// echo $serAddress;</span>
	     <span style="color: #666666;font-style: italic">//exit();</span>
	     <span style="color: #b1b100">if</span> <span style="color: #009900">(</span><a rel="noopener noreferrer nofollow" href="http://www.php.net/strcmp" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">strcmp</span></a><span style="color: #009900">(</span><span style="color: #000088">$requestURL</span><span style="color: #339933">,</span><span style="color: #000088">$serAddress</span><span style="color: #009900">)</span><span style="color: #339933"><></span><span style="color: #cc66cc">0</span><span style="color: #009900">)</span> <span style="color: #009900">{</span>    <span style="color: #666666;font-style: italic">//比较是否一致</span>
	       <span style="color: #b1b100">echo</span> <span style="color: #0000ff">"<script>alert('请求非法!');history.href='http://www.chhua.com';</script>"</span><span style="color: #339933">;</span>
	       <a rel="noopener noreferrer nofollow" href="http://www.php.net/exit" rel="noopener noreferrer nofollow" target="_blank"><span style="color: #990000">exit</span></a><span style="color: #009900">(</span><span style="color: #009900">)</span><span style="color: #339933">;</span>
	     <span style="color: #009900">}</span>
 
	<span style="color: #009900">}</span>
<span style="color: #009900">}</span>
 
<span style="color: #000000;font-weight: bold">?></span>

呵呵,类写的匆忙,也没有来得及测试,大家可以测试一下,如果有BUG,可以通过留言回复我。