In the event a hacker manages to break out of a function and attempts to begin executing "program execution functions", this script will stop him dead in his tracks!


<?php
$illegal_uri = array("insert", "delete", "where", "update", "base64_encode", "base64_decode", "escapeshellarg", "exec", "passthru", "proc_closes", "proc_get_status", "proc_nice", "proc_open", "proc_terminate", "shell_exec", "system");
$browser_uri = strtolower($_SERVER['REQUEST_URI']);
$total_illegal_uri = count($illegal_uri);
for($i = 0; $i <= $total_illegal_uri; $i++){
if(strpos($browser_uri, $illegal_uri[$i]) !== FALSE)
die("HACKING ATTEMPT!");
}
?>


This also covers most sql injection methods too!

It breaks if your site happens to be http://www.windowsupdate.com/ (to pick a fairly suitable and well-known example at random)

It also misses eval.

And preg_replace.


Basically, it's an attempt to anticipate every possible attack; a generally unsuccessful approach to security.

TimTimTimma given the number of replies in your other thread regarding this code snippet I suggest you remove this one ;)

...and the term is cracker, or script kiddie, not hacker.

Closing thread -- reply to this thread here (http://www.phpbuilder.com/board/showthread.php?t=10304741)