Security class

The following sections explain each method of the class.


public static mixed control ( mixed $variable, string $convert = null)

Verifies the contents of Passed $variable and are cleaned this back. From v2.0.0 also harmful MySQL code can be removed.

Parameter list

The variable to be checked for malicious code. Here, the following PHP types are allowed:

  • string
  • boolean
  • float, decimal
  • integer


Converts the given variable to the correct PHP types format. The following options are available:

  • ip Validated and controlled it as IP (4) Address
  • email Validated and controlled's e-mail address
  • decimal Validated, Converts and controlled it as decimal
  • int Validated, Converts and controlled it as an integer.
  • bool Validated, Converts and controlled it as a Boolean.
  • string Validated, Converts and controlled it as a string. Here also harmful XSS is code removed.


public static mixed url ( string $variable, string $input = null, string $convert = null)

Loads the content of a system variable and Validates Controls and Converts this.

Parameter list

The key of the Systemvariabel. For example, you want the user name from a $_POST[,username'] Systemvariabel pick. You gotta go into the parameter $variable enter the following:security::url(,username', ,POST', ,string');


Which system variable of the content is to be retrieved. The following are available:

  • post - for $_POST
  • get - for $_GET
  • session - for $_SESSION
  • cookie - for $_COOKIE
  • server - for $_SERVER
  • env - for $_ENV
  • request - for $_REQUEST


In what the contents of the system variable to be converted. There following types are available:

  • ip Validate the IP address. It's an IP address, this is a false back.
  • email Validates the email address. Is it not a valid e-mail address, is a false return.
  • decimal Validates the decimal. Is it not a decimal is a false return.
  • int Validates the Integer. Is it not an integer is a false returned.
  • bool Validates the Boolean. Is it not a boolean is a null returned.
  • string It validates the string. If the validation fails, or if any other error, is a false returned.

create_csrf_token (from v2.6.0)

public static string|bool create_csrf_token(string $token_name, $token_duration = 0)

Created a CSRF verification token for example, an HTML form.

Parameter list

The name should reflect the token. This name can then query the token again.


The lifetime of a token. If no value is set, the value is automatically set to 24 hours.

exists_csrf_token (from v2.6.0)

public static bool exists_csrf_token(string $token_name)

Controls whether a token with the given $token_name exist!

Parameter list

The name of the token to be inspected.

get_csrf_token (from v2.6.0)

public static string|bool get_csrf_token(string $token_name, bool $remove_token_after = false)

Returns the contents of the token whose name was given. Then, the token can be deleted automatically.

Parameter list

The name of the token is to be given its contents back!


Can be specified if the token is to be removed by this query! By default to false

remove_csrf_token (from v2.6.0)

public static bool remove_csrf_token(string $token_name)

Removes a specified token.

Parameter list

The name of the token to be removed.


public static bool|mixed get_mime_type ( string $path)

Returns the MIME type of the absolute path. This will info_open and info_file function is required. In PHP is not installed, an exception is generated error.

Parameter list

The absolute path to the file whose MIME type is to be returned.


public static mixed get_file_type ( string $path)

Returns the file extension of a file.

Parameter list

The absolute path to the file, the file extension to be returned.


public static string sha_sec ( string $string)

Encrypts a string to 512 bytes with the SECURITY_KEY constant as the key.

Parameter list

The encrypted string to be.


public static string remove_invisible_characters ( string $str, bool $url_encoded = true)

Removes all spaces or invisible elements from a string. Here also invisible URL coded mark may be removed.

Parameter list

The string to be checked and cleaned on invisible characters.


Whether invisible URL Encoded characters are to be removed.


public static array is_bot ( )

Controls whether the current user is a robot (bot) or a real person. Here especially searchenginecrawler can be identified. Here an array is returned that the current version of the bots are back with.


public static mixed get_ip_address ( )

Returns the current IP address of the user. In this internal IP addresses will not be considered. At the same time the program also checks whether there is a proxy IP address or not. If no IP address is found, is a false returned.