Jump to content

If a user post a link how can I check it?


Mancent

Recommended Posts

I have a form that a user can post a website link.
I want to do a search for safe sites like youtube or google or facebook or twitter.

 

so they submit something like this

https://www.youtube.com/watch?v=qRuJ7zeyPLg

 

I want to do a if statement that says if in post string has youtube.com it is safe
else check some other safe site code until it knows its not tested or verified as being safe yet.

 

I was thinking something like this but I am not sure if that would be correct or not or If I was on the wrong track

if(preg_match("/youtube.com/",strtolower($_POST['req-domain']])))
{
do something.
}


 

 

 

Edited by Mancent
Link to comment
Share on other sites

Is a few ways to go about it, this is my preferred method.

 

Can make an array of allowed sites, then using in_array() to allow, or can even do an additional not in array and blocking too

 

First you can parse the url with parse_url()

 

 

Should add a check for protocols like http,https,etc or parse_url fails

 

 

<?php
function checkUrl($url)
{
    $allowed = FALSE;
   
    if (trim($url) != '') {
        $good_domains = array(
            "youtube.com",
            "google.com",
            "facebook.com",
            "twitter.com"
        );
        $bad_domains  = array(
            "bad-site.com",
            "real-bad.com"
        );
       
        $parsedUrl = @parse_url(trim(strtolower($url)));
       
        $domain = trim($parsedUrl['host'] ? $parsedUrl['host'] : array_shift(explode('/', $parsedUrl['path'], 2)));
       
        $domain = ltrim($domain, "www.");
       
        if (in_array($domain, $good_domains) && !in_array($domain, $bad_domains)) {
            $allowed = TRUE;
        }
       
    }
   
    return $allowed;
}
//end checkUrl function

//simple usage example
$url = "http://google.com";
//$url = "http://bad-site.com";
if (checkUrl($url) === TRUE) {
    echo "allowed";
} else {
    echo "not allowed";
}
?>
Link to comment
Share on other sites

Try this version using preg_match, I did a little testing and seemed to work ok, although may be even better looking with parsed urls as well

 

 

<?php
function checkUrl($url)
{
    $allowed = FALSE;
   
    if (trim($url) != '') {
        $good_domains = array(
            "youtube.com",
            "google.com",
            "facebook.com",
            "twitter.com"
        );
        $bad_domains  = array(
            "bad-site.com",
            "real-bad.com"
        );
       
        $urlreg = '/^(((?:http|https|ftp)):\/\/)?(www?[0-9]*?\.)?(([a-zA-Z0-9][[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]]?)\.)?([a-zA-Z0-9][[[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]]?\.]*[a-zA-Z]{2,6})(\/.*)?$/';
       
        preg_match($urlreg, $url, $matches);
       
        if ($matches) {
            foreach ($matches as $match) {
                if (in_array($match, $good_domains) && !in_array($match, $bad_domains)) {
                    $allowed = TRUE;
                }
            }
           
           
        }
    }
    return $allowed;
}
//end checkUrl function

//simple usage example
$url = "http://google.com";
//$url = "http://site.google.com";
//$url = "https://maps.google.com";
//$url = "http://bad-site.com";
if (checkUrl($url) === TRUE) {
    echo "allowed";
} else {
    echo "not allowed";
}
 

?>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.