nunu78
-
Posts
25 -
Joined
-
Last visited
Never
Posts posted by nunu78
-
-
the first two choices should be removed. The main idea is that spam messages would be removed. All legitimate (known) users know that html and links are forbidden and I am just looking for a way to automatically stop spam messages that include links of any kind.
-
[url=http://pomogli3.nm.ru/giorgio-gori-giornalista-morto.ht ml]giorgio gori giornalista morto[/url]
this is one way of getting the link pass strip_tags. And the output that I want is for the script to recognise this as an link and stop it from going to the actual guestbook (opens up a spampage or gives the error 404 page).
Is there something similar to strip_tags (and if tags are stripped, message is blocked) that would prevent the use of [ ] tags?
-
bump...
-
I'd like some help with this, as I am still new to php...
What I want the code do is:
1) get rid of messages if they contain tags of any kind (thanks to genericnumber1 this works)
2) if the message did not contain tags, but masked URLS using [ ] and < find those (or the always present href, as I've tried myself) and get rid of the message if they do appear in the message
All help is appreciated.
$strippedInput = strip_tags($message); if($message != $strippedInput) { header('location:trap.php'); // something to redirect back, maybe with an error die(); } if (!preg_match("/href/i", $message)) { header('location:trap.php'); // something to redirect back, maybe with an error die(); }all the code here:
<?php // You can customize the date and time format using PHP. As they are set now, // the date will appear in the form "Sunday, January 11, 2004" and the time in // the form "1:04 pm". Another common date format would be 01.11.04; to change // it to this, replace 'l, F j, Y' with 'm.d.y'. More info can be found at // http://us2.php.net/manual/en/function.date.php. $dateFormat = 'd.m.Y'; $timeFormat = 'H:i'; if (empty($_POST['message'])) { header('Location: '.$_POST['bookurl'].'?contents=blank'); } else { $entryFile = 'entries.txt'; $formatFile = 'format.php'; $message = stripslashes($_POST['message']); $allowedTags = '<a><em><strong><b><i><img>'; $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|style|class|id'; function removeEvilTags($source) { global $allowedTags; $source = strip_tags($source, $allowedTags); return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); } function removeEvilAttributes($tagSource) { global $stripAttrib; return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource)); } function word_wrap($message) { $maxLength = 60; $cut = ' '; $result = ''; $wordlength = 0; $length = strlen($message); $tag = FALSE; for ($i = 0; $i < $length; $i++) { $char = substr($message, $i, 1); if ($char == '<') { $tag = TRUE; } elseif ($char == '>') { $tag = FALSE; } elseif (!$tag && $char == ' ') { $wordlength = 0; } elseif (!$tag) { $wordlength++; } if (!$tag && !($wordlength%$maxLength)) { $char .= $cut; } $result .= $char; } return $result; } $strippedInput = strip_tags($message); if($message != $strippedInput) { header('location:trap.php'); // something to redirect back, maybe with an error die(); } if (!preg_match("/href/i", $message)) { header('location:trap.php'); // something to redirect back, maybe with an error die(); } $message = word_wrap(removeEvilTags($message)); $message = str_replace(array('&', "\r\n\r\n"), array('&', '</p><p>'), $message); $message = str_replace(array('>', '<', "\r\n"), array('>', '<', '<br />'), $message); $signername = strip_tags(stripslashes($_POST['signername'])); $email = urlencode(strip_tags(stripslashes($_POST['email']))); $url = urlencode(strip_tags(stripslashes($_POST['url']))); $url = str_replace(array('%2F', '%3A'), array('/', ':'), $url); $formatted = file_get_contents($formatFile); $variables = array("\n", '%%signername%%', '%%email%%', '%%url%%', '%%message%%', '%%date%%', '%%time%%'); $inputs = array('', $signername, $email, $url, $message, date($dateFormat), date($timeFormat)); $formatted = str_replace($variables, $inputs, $formatted); $oldEntries = fopen($entryFile, 'r'); $content = fread($oldEntries, filesize($entryFile)); fclose($oldEntries); $newContent = $formatted."\n".$content; $allEntries = fopen($entryFile, 'w'); fwrite($allEntries, $newContent); fclose($allEntries); header('Location: '.$_POST['bookurl']); } ?> -
Or would it just be easiest to look for specific words or phrases in the message and block it based on that?
For example block all messages that has the "http://www" in it? *goes to try to find how to do that*
-
function cleanForMarkup($string, $doLineBreaks = true) { $string = trim($string); $string = htmlentities($string, ENT_QUOTES); if ($doLineBreaks) $string = nl2br($string); return $string; }Might this be useful for me?
-
Well, it's parts from here and there and so far my coding in php is so beginners level, that I can't do a thing about it. But if it keeps the spam away, I can always write a note next to the send button in the form, asking not to use line change/enter.
I just want to keep the spam away!
-
nope, both solutions cause the message to disappear...
and I have to keep those as people who post to my guestbook keep hitting enter when they have longer messages and want to start new paragraphs and separate different matters in the message...
-
I think it might be some kind of a bug... When I added the
$source = htmlentities($source);
part to the code (in the right place of course) it refused also messages where when testing I wrote
test
test
using ENTER-key to change the line between words. And before adding that piece of code it worked just fine. And I am sure it's not the code that does that, but a bug. But is the bug somewhere in my files or is it somewhere on the server or where, that I don't know as of now.
Thanks for helping with the spamfight though! Much appreciated!
-
I will try that one as well. Thank you! This at least keeps the spam away for a while, I hope.
I am having issues with my textarea in the form, it refuses messages that have been paragarphed. I guess that's another topic if I can't do anything to it myself.
-
THANK you for answering... and another question right away:
I assume that this decodes <br> and <p> as well. How would I go about if I would want to allow those two?
-
I seem to be the only one writing to this topic but anyway...
I just found out why the strip_tags part is not working. The spammers are using < instead of < and the result is obvious. Any way to stop messages with < ?
-
Okay, since yesterday evening the blocking of html-code hasn't been working as well as it did for a month, there seems to be a way to bypass this strip_tag code...
ANY help is appreciated!
-
Anyone?
-
Another guestbook spam question. I've received great tips from this board to help fight spam on my guestbook. Now I would like to ask what might prevent part of this code from working, am trying to block messages with html (that part works PERFECTLY) but now would like to add either code to block a message that includes www,http, https etc word so that ALL messages with links of ANY kind (also with [ ] tags) would be blocked.
Kind thank you in advance!
<?php $dateFormat = 'd.m.Y'; $timeFormat = 'H:i'; if (empty($_POST['message'])) { header('Location: '.$_POST['bookurl'].'?contents=blank'); } else { $entryFile = 'entries.txt'; $formatFile = 'format.php'; $message = stripslashes($_POST['message']); $allowedTags = '<a><em><strong><b><i><img>'; $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|style|class|id'; function removeEvilTags($source) { global $allowedTags; $source = strip_tags($source, $allowedTags); return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); } function removeEvilAttributes($tagSource) { global $stripAttrib; return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource)); } function word_wrap($message) { $maxLength = 60; $cut = ' '; $result = ''; $wordlength = 0; $length = strlen($message); $tag = FALSE; for ($i = 0; $i < $length; $i++) { $char = substr($message, $i, 1); if ($char == '<') { $tag = TRUE; } elseif ($char == '>') { $tag = FALSE; } elseif (!$tag && $char == ' ') { $wordlength = 0; } elseif (!$tag) { $wordlength++; } if (!$tag && !($wordlength%$maxLength)) { $char .= $cut; } $result .= $char; } return $result; } $message = word_wrap(removeEvilTags($message)); $message = str_replace(array('&', "\r\n\r\n"), array('&', '</p><p>'), $message); $message = str_replace(array('>', '<', "\r\n"), array('>', '<', '<br />'), $message); $strippedInput = strip_tags($message); if($message != $strippedInput) { header('location:trap.php'); die(); } $url_match = "^(((http|ftp|https)://)|(www\.))+(([a-zA-Z0-9\._-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(/[a-zA-Z0-9\&%_\./-~-]*)?^"; if (preg_match($url_match, $message)) { echo "A url was found in your post, Not allowed - mission aborted."; die (); } $signername = strip_tags(stripslashes($_POST['signername'])); $email = urlencode(strip_tags(stripslashes($_POST['email']))); $url = urlencode(strip_tags(stripslashes($_POST['url']))); $url = str_replace(array('%2F', '%3A'), array('/', ':'), $url); $formatted = file_get_contents($formatFile); $variables = array("\n", '%%signername%%', '%%email%%', '%%url%%', '%%message%%', '%%date%%', '%%time%%'); $inputs = array('', $signername, $email, $url, $message, date($dateFormat), date($timeFormat)); $formatted = str_replace($variables, $inputs, $formatted); $oldEntries = fopen($entryFile, 'r'); $content = fread($oldEntries, filesize($entryFile)); fclose($oldEntries); $newContent = $formatted."\n".$content; $allEntries = fopen($entryFile, 'w'); fwrite($allEntries, $newContent); fclose($allEntries); header('Location: '.$_POST['bookurl']); } ?> -
What's wrong with this coding? I would like the form to work so that the form would not be sent unless all the requested fields were filled.
Please help! (And please ignore the funny scandinavian language in between....
)<?php $lastname=$_REQUEST['lastname']; $firstnames=$_REQUEST['firstnames']; $birthday=$_REQUEST['birthday']; $streetaddress=$_REQUEST['streetaddress']; $postalcode=$_REQUEST['postalcode']; $email=$_REQUEST['email']; $phone=$_REQUEST['phone']; $headers = "From: $email"; $to = "my@email.com"; $subject = 'Haluan liittyä jäseneksi'; $mailcontent = 'sukunimi: '.$lastname. "\n" .'etunimet: '.$firstnames. "\n" .'syntymäaika: '.$birthday. "\n" .'katuosoite: '.$streetaddress. "\n" .'postiosoite: '.$postalcode. "\n" .'sähköposti: '.$email. "\n" .'puhelinnumero: '.$phone. "\n" ; $sent = mail($to, $subject, $mailcontent, $headers) ; if($sent) {print "Liittymislomake on vastaanotettu. Jäsensihteeri on yhteydessä sinuun lähiaikoina."; } else {print "Virhe viestiä lähettäessä. Tarkista täytitkö kaikki kentät."; } ?> -
Thank you, got it to work after reloading the file a few times to the server!
-
I tried both but still not working. How would you write the code exactly?
-
yes that seems to be what I am looking for, but since I have (I believe) this bit:
[code]$strippedInput = strip_tags($message);
if($message != $strippedInput) {
header('location:trap.php'); // something to redirect back, maybe with an error
die();
[/code]
it won't show the message even if there's the new function added. And I don't want to get rid of the die-part of the function, just want to allow linebreaks in the form textarea and show those linebreaks. -
actually, it doesn't matter how it's done, all I need is that when you leave an empty line in between paragraphs, that would show in the message field too.
thanks again... -
Another question about the code that has been blocking spam almost 95% certain. (what a RELIEF that is, no more deleting spam every day...)
As it's used in a guestbook, I'd like to know if there's a chance of allowing [br] and [p] codes in the message so that they would separate the message parts?
Thanks in advance! -
Yes, I noticed that too, right after you'd pointed it out! :D
THANK YOU ever so much [color=blue]genericnumber1[/color], I was getting desperate already! Let's see how long it takes spam to find it's way to the guestbook now... would think that there's no use anymore now, since all links are blocked, but spam is spam, it's amount is definetly not getting smaller any time in the near future...
-nunu- -
Yes, I really want the whole message not to get through, since the only messages with html in the message itself are spam.
So I tried changing the code a bit, since I wanted it to work only on the message part input, not the others and changed it to this:
[code]
$strippedInput = strip_tags($message);
if($input != $strippedInput) {
header('location:trap.php'); // something to redirect back, maybe with an error
die();
}
[/code]
But now when I test it, it directs all messages to that other file, not just the ones containing links?
*see, a newbie!* -
I am just a hopeless newbie with php and I am wondering if it's even possible to do the following:
I have a guestbook that's written with php. It's a flat file based and now it's starting to flood with spam. I am just wondering if you can disable a message before it's posted if there's html in the message textarea? So that the first sight of <a> would not only disable the link but would not submit the whole comment?
[code]
<?php
$dateFormat = 'd.m.Y';
$timeFormat = 'H:i';
if (empty($_POST['message'])) {
header('Location: '.$_POST['bookurl'].'?contents=blank');
}
else {
$entryFile = 'entries.txt';
$formatFile = 'format.php';
$message = stripslashes($_POST['message']);
$allowedTags = '<a><em><strong><b><i><img>';
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|style|class|id';
function removeEvilTags($source)
{
global $allowedTags;
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}
function removeEvilAttributes($tagSource)
{
global $stripAttrib;
return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}
function word_wrap($message)
{
$maxLength = 60;
$cut = ' ';
$result = '';
$wordlength = 0;
$length = strlen($message);
$tag = FALSE;
for ($i = 0; $i < $length; $i++)
{
$char = substr($message, $i, 1);
if ($char == '<') { $tag = TRUE; }
elseif ($char == '>') { $tag = FALSE; }
elseif (!$tag && $char == ' ') { $wordlength = 0; }
elseif (!$tag) { $wordlength++; }
if (!$tag && !($wordlength%$maxLength)) { $char .= $cut; }
$result .= $char;
}
return $result;
}
$message = word_wrap(removeEvilTags($message));
$message = str_replace(array('&', "\r\n\r\n"), array('&', '</p><p>'), $message);
$message = str_replace(array('&gt;', '&lt;', "\r\n"), array('>', '<', '<br />'), $message);
$signername = strip_tags(stripslashes($_POST['signername']));
$email = urlencode(strip_tags(stripslashes($_POST['email'])));
$url = urlencode(strip_tags(stripslashes($_POST['url'])));
$url = str_replace(array('%2F', '%3A'), array('/', ':'), $url);
$formatted = file_get_contents($formatFile);
$variables = array("\n", '%%signername%%', '%%email%%', '%%url%%', '%%message%%', '%%date%%', '%%time%%');
$inputs = array('', $signername, $email, $url, $message, date($dateFormat), date($timeFormat));
$formatted = str_replace($variables, $inputs, $formatted);
$oldEntries = fopen($entryFile, 'r');
$content = fread($oldEntries, filesize($entryFile));
fclose($oldEntries);
$newContent = $formatted."\n".$content;
$allEntries = fopen($entryFile, 'w');
fwrite($allEntries, $newContent);
fclose($allEntries);
header('Location: '.$_POST['bookurl']);
}
?>[/code]
[SOLVED] preg_match problem
in Regex Help
Posted
THANK YOU!
That was very helpful. I used the preg_match to create similar function as the strip_tags is and so far testing has proved it works. YAY!
;D 