Delete and re-create variables in the same scope of different functions

0

I am creating logs for anytime my system has unexpected behavior, where it will not necessarily crash my system, for example an improper access using an unknown token or an attempt to brute force, my intention is to use a function similar:

function create_log( $filename, $log ) {
    file_put_contents( 
        $filename.'.log', '[START]'.
        json_encode($_REQUEST).PHP_EOL.
        json_encode($_SESSION).PHP_EOL.
        "Log ".$log.PHP_EOL.'[END]'.PHP_EOL
    , FILE_APPEND );
}

That is, unless information that came in the body of the request, whatever the method, and information from the current session, it happens that there is some data that you would not like to save in this log, such as credit card information clients, login password on the system and so on ... so I'm thinking of a function that removes this information before calling the create_log function and one that recreates this information so as not to stop the flow of my code if this information is still needed .

In an older version I used something similar:

function create_log( $filename, $log ) {
    unset_fields();
    file_put_contents(...);
    reset_fields();
}

function unset_fields(){
    $_SESSION["senha"] = $_REQUEST["senha"];
    unset($_REQUEST["senha"]);
}

function reset_fields(){
    $_REQUEST["senha"] = $_SESSION["senha"];
}

In other words, I used session variables as auxiliary variables, but now I also need to log in information from the client session that is accessing the system, and in order to improve the code, I'm trying something like: p>

$_REQUEST["remover"] = 5;
$_REQUEST["não remover"] = 5;
// variável request antes de remover os campos sensíveis
var_dump($_REQUEST); 
$arr = array("não existe", "remover");
unset_fields($arr);
// aqui viria o file_put_contents
var_dump($_REQUEST);
reset_fields($arr);
// aqui eu necessitava da global $_REQUEST no seu estado inicial
var_dump($_REQUEST);

function unset_fields(array $array){
    foreach($array as $val) {
        if(isset($_REQUEST[$val])){
            ${$val} = $_REQUEST[$val];
            unset($_REQUEST[$val]);
        }
    }
}
function reset_fields(array $array){
    foreach($array as $val) {
        if(isset(${$val})){
            $_REQUEST[$val] = ${$val} ;
        }
    }
}

The above code prints:

array(2) {
  ["remover"]=>
  int(5)
  ["não remover"]=>
  int(5)
}
array(1) {
  ["não remover"]=>
  int(5)
}
array(1) {
  ["não remover"]=>
  int(5)
}

That is, my problem is in the scope of the variable created as an auxiliary, it only exists inside the unset_fields function and even if I make it "global" or set to constant, I run the risk of the variable conflict with some other that already exists.

    
asked by anonymous 18.08.2017 / 00:47

2 answers

1

As commented in the question - and if I understood the problem correctly - you do not need to change the super global variables to generate a log file. Honestly, this does not even seem to make much sense, precisely because it can hurt other parts of the application, just like you want to avoid. The most practical thing to do would be to copy your values to local variables and manipulate only those locations. Something like:

function create_log($filename, $log)
{
    // Copia as superglobais para variáveis locais:
    $request = $_REQUEST;
    $session = $_SESSION;

    // Define quais são as informações sensíveis:
    $filter = ["password", "credit_card"];

    // Filtra as informações sensíveis:
    $request = array_filter($request, function ($key) use ($filter) {
        return !in_array($key, $filter);
    }, ARRAY_FILTER_USE_KEY);

    $session = array_filter($session, function ($key) use ($filter) {
        return !in_array($key, $filter);
    }, ARRAY_FILTER_USE_KEY);

    // Gera a mensagem de log:
    file_put_contents( 
        $filename.'.log', '[START]'.
        json_encode($request).PHP_EOL.
        json_encode($session).PHP_EOL.
        "Log ".$log.PHP_EOL.'[END]'.PHP_EOL
    , FILE_APPEND );
}
  

See working at Ideone .

Given an entry like:

$_REQUEST = [
    "username" => "admin",
    "password" => "pass",
    "credit_card" => "000000"
];

$_SESSION = [
    "id" => 1
];

When generating the log, the values of password and credit_card will be filtered because they are in the list of sensitive information.

    
18.08.2017 / 01:31
0

You can do these functions within a class and create the variable of the class itself $this->XXX or you can also transform into a constant defined in this way define("NOME_DA_CONSTANTE", "VALOR_DESTA_CONSTANTE");

    
18.08.2017 / 00:52