Archive for July, 2013

Purify Function to Prevent XSS

Saturday, July 13th, 2013

This is a purify function to ensure user-inputed string is sanitized and prevent XSS kind of attacks. 

function purify($input){
	$result = "";
	if (isset($input) && !empty($input)) {
		$result = rawurldecode($input);
		$result = strip_tags($result);
		$result = stripcslashes($result);
		$result = htmlspecialchars($result, ENT_QUOTES); 
		$result = iconv('utf-8','utf-8//IGNORE',$result);
	}
	return $result;
}

Posted in PHP | No Comments »

Get Client IP Address

Saturday, July 13th, 2013

The following PHP code snippet will return client IP address.

function get_client_ip() {
	$ipaddress = '';
	if (getenv('HTTP_CLIENT_IP'))
		$ipaddress = getenv('HTTP_CLIENT_IP');
	else if(getenv('HTTP_X_FORWARDED_FOR'))
		$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
	else if(getenv('HTTP_X_FORWARDED'))
		$ipaddress = getenv('HTTP_X_FORWARDED');
	else if(getenv('HTTP_FORWARDED_FOR'))
		$ipaddress = getenv('HTTP_FORWARDED_FOR');
	else if(getenv('HTTP_FORWARDED'))
	   $ipaddress = getenv('HTTP_FORWARDED');
	else if(getenv('REMOTE_ADDR'))
		$ipaddress = getenv('REMOTE_ADDR');
	else
		$ipaddress = 'UNKNOWN';

	return $ipaddress;
}

Posted in PHP | No Comments »