Protect your PHP script with PHP Firewall

PHP Firewall is a small free PHP script, but secure all websites
writen in PHP.
Last version 1.0.3 - 12/04/2010
PHP Firewall required PHP 5.
PHP Firewall doesn't use any database, but flatfile system.
It's very small, very simple, really easy to install and fastest.
PHP Firewall have is own logs system and email alert.
No .htaccess file required for betters performances.....

Security listing

* XSS protection
* UNION SQL Injection
protection
* Bads bots protection
* Bads requests methods protection
* Small DOS protection
* Inclusion files protection
* Santy and others worms protection
* Server Protection
* URL Query protection
* Cookies sanitize
* Post vars sanitize
* Get vars sanitize
* IPs range reserved denied
* IPs range spam denied
* IPs protected
* Unset globals PHP var

Installation

* Upload the folder php-firewall/
* put the php-firewall/logs.txt
in writable chmod (777)
* Open the main file ( index.php for example ) and add these
lines just after the < ?php

Code

define('PHP_FIREWALL_REQUEST_
URI', strip_tags( $_SERVER
['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @<a href=slash_JOHNCMS"/users/dirnameslash_JOHNCMS">dirname</a>(__FILE__).'/
php-firewall/firewall.php' ) )
include_once( @
dirname(__FILE__).'/php-firewall/firewall.php' );

define('PHP_FIREWALL_REQUEST_ URI', strip_tags( $_SERVER ['REQUEST_URI'] ) ); define('PHP_FIREWALL_ACTIVATION', true ); if ( is_file( @<a href=slash_JOHNCMS"/users/dirnameslash_JOHNCMS">dirname</a>(__FILE__).'/ php-firewall/firewall.php' ) ) include_once( @ dirname(__FILE__).'/php-firewall/firewall.php' );

PHP_FireWall_By_Gerardcole.zip (12.3KB) [744 views]

Kiyoo

Date: Feb 17, 2013

Tanx o..buh wnt it affect the .htaccess?

sylvar02

Date: Feb 22, 2013

Good job

Gerardcole

Date: Feb 23, 2013

Tanx o..buh wnt it affect the .htaccess?

Kiyoo

No it wouldn't.

Kiyoo

Date: Feb 24, 2013

No it wouldn't.

Gerardcole

thanx....bro | u t00 much

Miracle

Date: Feb 25, 2013

But its 4 johcms? Or pbnl

Kiyoo

Date: Feb 28, 2013

But its 4 johcms? Or pbnl

Miracle

pbnl {u cn use it alternatively}

Cybreed

Date: Jun 15, 2013

Miracle abeg clarify,its for pbnl? And hope it won't distort my design?

trustworthy

Date: Jun 21, 2013

PHP Code


<?php 
There is this little tin with pbnl after u create a topic it redirects u too index.php.. So here is the fix if u want u created topic to redirect to d topic gangan
look 4 dix in ur topics.php $action=$_GEt["action"]; clear everytin starting from daht above code to anywhere u see echo" wat i mean is daht start deleting from $action=$_get["action"]; and stop At } just before echo"... So just wat u deleted with dix [php]$action=$_GET["action"];
if($action=="add")
{
$id=$_GET["id"];
if($_POST["submit"])
{
$title=$_POST["title"];
$message=$_POST["message"];
//clean
$title=cleanvalues($title);
$message=cleanvalues($message);
$errors=array();
if(empty($title)|| strlen($title)<4)
{
$errors[]="Your title is too short";
}
if(empty($message)||strlen($message)<4)
{
$errors[]="Your content is too short";
}
if(count($errors)==0)
{
$date=time();
$query=mysql_query("INSERT INTO b_topics SET poster='$user', lastpostdate='$date', lastposter='$user', subject='$title', message='$message', date='$date', forumid=$id");
if(!$query)
{
$msg="An error occured";
}
else
{
$msg="Topic was successfully created";
$id=$_GET["id"];
$lastquery = mysql_query("SELECT `id` FROM `b_topics` WHERE `poster` = '$user' ORDER BY `id` DESC LIMIT 1 ");
$lastpost = mysql_fetch_assoc($lastquery);
$lastpostid = $lastpost["id"];
}
header("location: showtopic.php?id=$lastpostid&amsg=$msg");
}
else
{
foreach($errors as $error)
{
$string.="$error
";
}
}
}
if($string!==" "){
echo"<div class='msg'>$string</div>";
}
?>

<?php There is this little tin with pbnl after u create a topic it redirects u too index.php.. So here is the fix if u want u created topic to redirect to d topic gangan look 4 dix in ur topics.php $action=$_GEt["action"]; clear everytin starting from daht above code to anywhere u see echo" wat i mean is daht start deleting from $action=$_get["action"]; and stop At } just before echo"... So just wat u deleted with dix [php]$action=$_GET["action"]; if($action=="add") { $id=$_GET["id"]; if($_POST["submit"]) { $title=$_POST["title"]; $message=$_POST["message"]; //clean $title=cleanvalues($title); $message=cleanvalues($message); $errors=array(); if(empty($title)|| strlen($title)<4) { $errors[]="Your title is too short"; } if(empty($message)||strlen($message)<4) { $errors[]="Your content is too short"; } if(count($errors)==0) { $date=time(); $query=mysql_query("INSERT INTO b_topics SET poster='$user', lastpostdate='$date', lastposter='$user', subject='$title', message='$message', date='$date', forumid=$id"); if(!$query) { $msg="An error occured"; } else { $msg="Topic was successfully created"; $id=$_GET["id"]; $lastquery = mysql_query("SELECT `id` FROM `b_topics` WHERE `poster` = '$user' ORDER BY `id` DESC LIMIT 1 "); $lastpost = mysql_fetch_assoc($lastquery); $lastpostid = $lastpost["id"]; } header("location: showtopic.php?id=$lastpostid&amsg=$msg"); } else { foreach($errors as $error) { $string.="$error "; } } } if($string!==" "){ echo"<div class='msg'>$string</div>"; } ?>

. Daht all if u hav done it upload ur topics.php here 4 others[/php]

Goddygee

Date: Jul 25, 2013

K, plz shuld we chnge JHONCMS written 2 Pbnl?

Xplorer

Date: Jul 27, 2013

@GERALDCOLE should we unzip the file to public_html folder ?

Cybreed

Date: Aug 07, 2013

Php Firewall

Gerardcole

after installation,it banned my ip,pls what can I do?

chiboyhack

Date: Aug 21, 2013

@GERALDCOLE should we unzip the file to public_html folder ?

Xplorer

Xplorer

Date: Aug 29, 2013

Okay guys i worked on the script and i modded the firewall for johncms users only. Johncms users should unzip this to public_html and enter ''php-firewall'' and chmod logs.txt to 777 then ur site is secured. I will share that of pbnl later

johcms-php-firewall.zip (11.7KB) [68 views]