X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Fdatabase.inc;h=16a527c81c4ec7d1e761ac4f62c6d50b7ee5f418;hb=eb27b2a093b4b67a892a32b4cc51c7219333e8f7;hp=e20b5fac2766133640550d4e8ebbf82baf0a92dd;hpb=a3be90c67dddac260c8267cf61ccd0a6b758cb35;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/database.inc b/wwwroot/inc/database.inc
index e20b5fa..16a527c 100644
--- a/wwwroot/inc/database.inc
+++ b/wwwroot/inc/database.inc
@@ -63,25 +63,44 @@ function closeMysql() {
 
 function query($sql) {
 
-		$this->_linkId = false;
-		$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
-		$this->Master = true;
-
-		$this->_queryId = mysql_query($sql,$this->_linkId);
+	$this->_linkId = false;
+	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+	$this->Master = true;
+
+	// Simple IDS, against automats
+	// When possible attack is detected, 
+	// query & session information is stored into log
+	// Looking for following string in SQL query:
+	// - "user()" (get cur. user)
+	// - "@@version" (get mysql version)
+	// - "AND 1=1" (blind sqli) (too many false positives?)
+	// - "information_schema" (for listing of tables, columns...)
+
+	// - "/*" (comment) (too many false positives?)
+	// - "--" (comment) (too many false positives?)
+
+	if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
+	|| preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
+	) {
+		logger::log('SQL ALARM',$sql);
+		
+	}
 
-		if (isset($_SESSION['debugging'])) {
-			echo $sql;
-			global $timer_start;
-			echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
-		}
+	$this->_queryId = mysql_query($sql,$this->_linkId);
 
-		if ($this->_queryId == false) {
-	      		$this->exception("query failed ::$sql::");
-		}
+	if ($_SESSION['debugging']) {
+		echo $sql;
+		global $timer_start;
+		echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
+	}
 
-		return new result($this->_queryId, $sql);
+	if ($this->_queryId == false) {
+      		$this->exception("query failed ::$sql::");
 	}
 
+	return new result($this->_queryId, $sql);
+}
+
 
 function executequery($sql) {
 	return($this->query($sql));