<?php
/* Forms protected from XSS attacks (FOPAXSS) by Roberto Aleman, Enjoy it, test it and improve it! */
//calls to scripts
require_once("fopaxss.php");
$val = new fopaxss();
//captch submit
if(isset($_POST['submit']))
{
$val-> val_txt_field_or_numbers($_POST['txt']);
$val-> val_date($_POST['date']);
$val-> val_hexadecimal($_POST['hexadecimal']);
$val-> val_email($_POST['email']);
$val-> val_password($_POST['password']);
}
//show results
$val-> enginecontactform($_POST['txt'],$_POST['date'],$_POST['hexadecimal'],$_POST['email'],$_POST['password']); //add type fields in orden
?>
fopaxss.php
<?php
/* Forms protected from XSS attacks (FOPAXSS) by Roberto Aleman Enjoy it, test it and improve it! */
class fopaxss
{
function val_txt_field_or_numbers($txt)
{
$validation = htmlentities($txt);//clear of bad input
if($validation != NULL)
{
if (!preg_match("(\S[^\t\n\r][A-Za-z0-9])",$validation)) //Letters & numbers uppercase or undercase
{
echo "Text Incorrect or vulnerable!, sorry a valid input is Letters & numbers uppercase or undercase<br/><br/>";
}
else
{
echo "input Text correct and no vulnerable!<br/>your input:".$validation."<br/><br/>";
function val_date($date)
{
$validation = htmlentities($date);//clear of bad input
if($validation != NULL)
{
if (!preg_match("(\d{1,2}\/\d{1,2}\/\d{4})",$validation)) //valid date (e.g. 17/12/2009)
{
echo "input Date Incorrect or vulnerable! sorry valid date (e.g. 17/12/2009)<br/>";
}
else
{
echo "input Date correct and no vulnerable!<br/>your input:".$validation."<br/><br/>";
}
}
else
{
echo "your input is NULL<br/>";
}
return;
}
function val_hexadecimal($hexadecimal)
{
$validation = htmlentities($hexadecimal); //clear of bad input
if($validation != NULL)
{
if (!preg_match("(#?([A-Fa-f0-9]){3}(([A-Fa-f0-9]){3})?)",$validation)) // Valid hexadecimal colour code
{
echo "input hexadecimal Incorrect or vulnerable! remenber hexadecimal good value is #000000 (black) by example<br/>";
}
else
{
echo "input hexadecimal correct and no vulnerable!<br/>your input:".$validation."<br/><br/>";
}
}
else
{
echo "your input is NULL<br/>";
}
return;
}
function val_email($email)
{
$validation = htmlentities($email);//clear of bad input
if($validation != NULL)
{
if (!preg_match("(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})",$validation)) //valid email structure
{
echo "input email Incorrect or vulnerable!<br/>";
}
else
{
echo "input email correct and no vulnerable!<br/>your input:".$validation."<br/><br/>";
}
}
else
{
echo "your input is NULL<br/>";
}
return;
}
function val_password($password)
{
$validation = htmlentities($password);//clear of bad input
if($validation != NULL)
{
if (!preg_match("((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,15})",$validation)) //8 to 15 character string with at least one,upper case letter, one lower case letter,and one digit (useful for passwords).
{
echo "input password structure Incorrect or vulnerable!, this is good structure 8 to 15 character string with at least one,upper case letter, one lower case letter,and one digit<br/>";
}
else
{
echo "input passwoord correct and no vulnerable!<br/>your input:".$validation."<br/><br/>";
}
}
else
{
echo "your input is NULL<br/>";
}
return;
}
/* here more validation structures see the partner */
function enginecontactform()
{
// this a form of example but can expand easily
echo "<div class='contact'>
<a name='contact' id='contact'></a>
<form action='index.php' method='post' >
<p>Your text input:<br/><input name='txt' type='text' size='20' maxlength='20' /></p>
<p>Your date input:<br/><input name='date' type='text' size='20' maxlength='20' /></p>
<p>Your hexadecimal input:<br/><input name='hexadecimal' type='text' size='20' maxlength='20' /></p>
<p>Your email input:<br/><input name='email' type='text' size='20' maxlength='20' /></p>
<p>Your password input:<br/><input name='password' type='password' size='20' maxlength='20' /></p>
<input name='submit' type='submit' />
</form>
</div>"; /// see action tag , and change for your custom url
return;
}
}
?>
