Lamez Posted October 12, 2008 Share Posted October 12, 2008 Okay, When a user puts a url in the input box, and the script is suppose to take it down to the base url, it strips off the querys, and protocol. Then it check the database to see if it is blacklisted, then it checks the string for www., if it does not it adds it, then it checks the database, then it adds http:// (protocol), and checks the database, then it adds both, and check the database one more time, if no matches then it finishes the rest of the script. Well if it does match, then it redirects to an error message saying it has been blacklisted. Well the script works if I use the first URL in the database, but when I use the second URL it allows the script to continue. Do you guys know why? Here is the check code: <?php //begin checking for blacklisted... $par = parse_url($n_url); $n_url = $par['host'];//grab base url $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); } $www_url = $n_url; $www_url = addwww($www_url);//add www $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$www_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); } $pro_url = $n_url; $pro_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$pro_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); } $n_url = addwww($n_url);//add www $n_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); } //end check, everything cleared... ?> Here are the custom functions: <?php function addPro($str){ if(!strstr(strtolower($str), "http://")){ $str = "http://".$str; } return $str; } function addwww($str){ $h = parse_url(strtolower($str)); $pro = strtolower($h['scheme']); if(!strstr(strtolower($str), "www.")){ $str = $pro."www.".$str; } $str = strtolower($str); return $str; } ?> Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 you might eant to be sure your headers are exiting or else it will continue to loop the script. just add exit; after the header line Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 well I added exit; after every header redirect, and it sill allows the second site. I am really baffled. Would posting the whole code make a difference? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 possibly Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 whole code: <?php ob_start(); session_start(); $connection = mysql_connect("****", "****", "****"); mysql_select_db("****", $connection); $results = mysql_query("SELECT * FROM `site`")or die(mysql_error()); $row = mysql_fetch_array($results)or die(mysql_error()); $title = $row['name']; $back_address = 'http://www.krazypicks.com'; function addPro($str){ if(!strstr(strtolower($str), "http://")){ $str = "http://".$str; } return $str; } function addwww($str){ $h = parse_url(strtolower($str)); $pro = strtolower($h['scheme']); if(!strstr(strtolower($str), "www.")){ $str = $pro."www.".$str; } $str = strtolower($str); return $str; } $url = $_GET['url']; $url = stripslashes($url); $url = htmlspecialchars($url); $n_url = $url; $links = "<a href=\"http://www.krazypicks.com\">".$title."</a> or <a href=\"?\">Enter URL</a>"; $switch = "00"; $black = md5("this has been black listed :D :D ////*****/////*****////****"); if($url == ($switch)){ echo $links; }else if($url == ($black)){ echo "<font color=\"red\"><b>WARNING:</b></font> This website has been blacklisted by KrazyPicks<br>"; echo "<b>Reason:</b> ".$r['level']."<br><br>"; echo $links; }else if(empty($url)){ print'Enter URL<br> <form id="form1" name="form1" method="get" action="?"> <label> <input name="url" type="text" id="url" size="50" maxlength="100" /> </label> <input type="submit" name="'.md5("go_s").'" id="'.md5("go_s").'" value="Go!" /> </form><br> <a href="http://www.krazypicks.com">'.$title.'</a> :: <a href="http://www.servage.net/?coupon=cust33591">Hosted by Servage</a>'; }else{ $url = addPro($url); //adds http:// $churl = @fopen($url,'r'); if (!$churl && !empty($url)){ echo "<br><center>The URL does not exist, or the server is down.<br>".$links."</center>"; }else{ //begin checking for blacklisted... $par = parse_url($n_url); $n_url = $par['host'];//grab base url $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $www_url = $n_url; $www_url = addwww($www_url);//add www $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$www_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $pro_url = $n_url; $pro_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$pro_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $n_url = addwww($n_url);//add www $n_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } //end check, everything cleared... //check for a youtube video... $link = parse_url($url); $youtube = $link['host'].$link['path']; $watch = "www.youtube.com/watch"; $watch_2 = "youtube.com/watch"; $watch_3 = "http://www.youtube.com/watch"; $watch_4 = "http://youtube.com/watch"; $qu = $link['query']; $qu = str_replace("v=", "", $qu); if ($youtube == $watch || $youtube == $watch_2 || $youtube == $watch_3 || $youtube == $watch_4) { print'<object width="425" height="349"><param name="movie" value="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="349"></embed></object>'; } //end check for youtube video... //check for mp3 file... $string = $link['path']; $keyword = ".mp3"; $keyword_1 = ".MP3"; if (strpos($string, $keyword) > 0 || strpos($string, $keyword_1) > 0 ) { print'<object data="'.$url.'" type="application/x-mplayer2" width="200" height="50"> <param name="src" value="'.$url.'"> <param name="autoplay" value="false"> <param name="autoStart" value="0"> </object>'; } //end check for mp3 file... print 'You are about to leave '.$title.', do you want to continue?'; print '<br> <center> <form id="con_form_url" name="con_form_url" method="post" action=""> Yes <label> <input type="radio" name="con_tin" id="radio" value="yes" /> </label> No <label> <input type="radio" name="con_tin" id="radio2" value="no" /> </label> <label> <input type="submit" name="button" id="button" value="Continue" /> </label> </form> </center>'; if (isset($_POST['con_tin'])){ if ($_POST['con_tin'] == ("yes")){ header("Location: ".$url); }else{ //header("Location: ".$back_address); header("Location: ?url=".$switch); } } }//pinged webpage, closing bracket. }//url is not empty, closing bracket. ?> Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 <?php ob_start(); session_start(); $connection = mysql_connect("****", "****", "****"); mysql_select_db("****", $connection); $results = mysql_query("SELECT * FROM `site`")or die(mysql_error()); $row = mysql_fetch_array($results)or die(mysql_error()); $title = $row['name']; $back_address = 'http://www.krazypicks.com'; function addPro($str){ if(!strstr(strtolower($str), "http://")){ $str = "http://".$str; } return $str; } function addwww($str){ $h = parse_url(strtolower($str)); $pro = strtolower($h['scheme']); if(!strstr(strtolower($str), "www.")){ $str = $pro."www.".$str; } $str = strtolower($str); return $str; } $url = $_GET['url']; $url = stripslashes($url); $url = htmlspecialchars($url); $n_url = $url; $links = "<a href=\"http://www.krazypicks.com\">".$title."</a> or <a href=\"?\">Enter URL</a>"; $switch = "00"; $black = md5("this has been black listed :D :D ////*****/////*****////****"); if($url == ($switch)){ echo $links; }else if($url == ($black)){ echo "<font color=\"red\"><b>WARNING:</b></font> This website has been blacklisted by KrazyPicks<br>"; echo "<b>Reason:</b> ".$r['level']."<br><br>"; echo $links; }else if(empty($url)){ print'Enter URL<br> <form id="form1" name="form1" method="get" action="?"> <label> <input name="url" type="text" id="url" size="50" maxlength="100" /> </label> <input type="submit" name="'.md5("go_s").'" id="'.md5("go_s").'" value="Go!" /> </form><br> <a href="http://www.krazypicks.com">'.$title.'</a> :: <a href="http://www.servage.net/?coupon=cust33591">Hosted by Servage</a>'; }else{ $url = addPro($url); //adds http:// $churl = @fopen($url,'r'); if (!$churl && !empty($url)){ echo "<br><center>The URL does not exist, or the server is down.<br>".$links."</center>"; }else{ //begin checking for blacklisted... $par = parse_url($n_url); $n_url = $par['host'];//grab base url $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $www_url = $n_url; $www_url = addwww($www_url);//add www $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$www_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $pro_url = $n_url; $pro_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$pro_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } $n_url = addwww($n_url);//add www $n_url = addPro($n_url);//add http:// $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$n_url."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ //$_SESSION['o_url'] = $r['url'];** header("Location: ?url=".$black); exit; } //end check, everything cleared... //check for a youtube video... $link = parse_url($url); $youtube = $link['host'].$link['path']; $watch = "www.youtube.com/watch"; $watch_2 = "youtube.com/watch"; $watch_3 = "http://www.youtube.com/watch"; $watch_4 = "http://youtube.com/watch"; $qu = $link['query']; $qu = str_replace("v=", "", $qu); if ($youtube == $watch || $youtube == $watch_2 || $youtube == $watch_3 || $youtube == $watch_4) { print'<object width="425" height="349"><param name="movie" value="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="349"></embed></object>'; } //end check for youtube video... //check for mp3 file... $string = $link['path']; $keyword = ".mp3"; $keyword_1 = ".MP3"; if (strpos($string, $keyword) > 0 || strpos($string, $keyword_1) > 0 ) { print'<object data="'.$url.'" type="application/x-mplayer2" width="200" height="50"> <param name="src" value="'.$url.'"> <param name="autoplay" value="false"> <param name="autoStart" value="0"> </object>'; } //end check for mp3 file... print 'You are about to leave '.$title.', do you want to continue?'; print '<br> <center> <form id="con_form_url" name="con_form_url" method="post" action=""> Yes <label> <input type="radio" name="con_tin" id="radio" value="yes" /> </label> No <label> <input type="radio" name="con_tin" id="radio2" value="no" /> </label> <label> <input type="submit" name="button" id="button" value="Continue" /> </label> </form> </center>'; if (isset($_POST['con_tin']) && $_POST['con_tin']=="yes"){ header("Location: ".$url); exit; }else{ //header("Location: ".$back_address); header("Location: ?url=".$switch); exit; } } }//pinged webpage, closing bracket. }//url is not empty, closing bracket. ?> Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 lol, what did you do? Did you just add the exit's at the bottom? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 that and simplified your nested if statement why? Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 well I get an error when I use the re-posted code. It says there is an extra closing bracket, but I am not too sure how to fix it since I did not make the modification. http://links.krazypicks.com/file.php Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 fixed the error. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 does it work now? Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 no sir, the second site is google, when you put in www.google.com or google.com it does not work, however http://www.google.com works. The first site is yahoo Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 im lost if i enter www.google.com i get taken to google? if i enter google.com i get taken to google. Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 Right, lets say I do not want my users to use google, so I will black list, and it will add it to the DB. Then when a user posts a link on the main website, it will check the url using this script, but you can get by the filter using www.google.com or google.com, but if you use http://www.google.com, it gives you the error, like it should. http://links.krazypicks.com/file.php?url=http://www.google.com That is the error I want no matter if the string is google.com or www.google.com or any of the other possibilitys. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 you could add a function to check the database url possibilities <?php //example function function check_ban_url() { if(preg_match("www.",$bannedurls)) { echo "this site is blacklisted by crazypicks";} if($bannedurls){echo "this site is blacklisted by crazypicks";} } ?> Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 I am not too sure I understand how your function works, could your break it down? Thanks for all the help and suggestions! Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 <?php //example function function check_ban_url() { if(preg_match("www.",$bannedurls)) { echo "this site is blacklisted by crazypicks";} // matching www. if returned blacklists if($bannedurls){echo "this site is blacklisted by crazypicks";} // searches for bannedurl returns blacklisted like google.com } ?> Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 what about something like this: <?php function chBan($str){ $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$str."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ $out = true; }else{ $out = false; } return $out; } ?> and then have a if statement. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 yeah if that selects blacklist. then all you gotta do is add the ifs Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 yeah if that selects blacklist. then all you gotta do is add the ifs I am not sure what you mean by that, selecting blacklist. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 the mysql statement selects the blacklist field from te DB and matches it the string. which currently only works with http:// now you gotta add the ifs above i did for you to match www. ang google.com Quote Link to comment Share on other sites More sharing options...
Lamez Posted October 12, 2008 Author Share Posted October 12, 2008 I FIXED IT! After days and days of problems, I do believe I have made it 100% secure, and 100% fixed. http://links.krazypicks.com/ <?php ob_start(); session_start(); //DB Connection $results = mysql_query("SELECT * FROM `site`")or die(mysql_error()); $row = mysql_fetch_array($results)or die(mysql_error()); $title = $row['name']; $back_address = 'http://www.krazypicks.com'; function addPro($str){ if(!strstr(strtolower($str), "http://")){ $str = "http://".$str; } return $str; } function addwww($str){ $h = parse_url(strtolower($str)); $pro = strtolower($h['scheme']); if(!strstr(strtolower($str), "www.")){ $str = $pro."www.".$str; } $str = strtolower($str); return $str; } function CkUrl($str, $url){ $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$str."'"); if (mysql_num_rows($sql) >= 1){ header("Location: ?url=".$url); exit; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="http://www.krazypicks.com/main/style/img/favicon.ico" /> <title>External Link Checker</title> </head> <body bgcolor="#336699"> <table width="100%" border="0"> <tr> <td width="28%"> </td> <td width="46%" align="center" valign="middle"><font face="Tahoma" color="#FFFFFF" size="30pt"><?php echo $title; ?></font></td> <td width="26%"> </td> </tr> <tr> <td> </td> <td rowspan="9" align="center" valign="middle" bgcolor="#FFFFFF"> <font face="Arial, Helvetica, sans-serif"> <?php $url = $_GET['url']; $url = stripslashes($url); $url = htmlspecialchars($url); $_SESSION['n_url'] = $url; $links = "<a href=\"http://www.krazypicks.com\">".$title."</a> or <a href=\"?\">Enter URL</a>"; $switch = "00"; $black = md5("this has been black listed :D :D ////*****/////*****////****"); if($url == ($switch)){ echo $links; }else if($url == ($black)){ echo "<font color=\"red\"><b> This website has been blacklisted by ".$title."!</b></font><br>"; echo "<br><br>"; echo $links; }else if(empty($url)){ print'Enter URL<br> <form id="form1" name="form1" method="get" action="?"> <label> <input name="url" type="text" id="url" size="50" maxlength="100" /> </label> <input type="submit" name="'.md5("go_s").'" id="'.md5("go_s").'" value="Go!" /> </form><br> <a href="http://www.krazypicks.com">'.$title.'</a> :: <a href="http://www.servage.net/?coupon=cust33591">Hosted by Servage</a>'; }else{ $url = addPro($url); //adds http:// $churl = @fopen($url,'r'); if (!$churl && !empty($url)){ echo "<br><center>The URL does not exist, or the server is down.<br>".$links."</center>"; }else{ //begin checking for blacklisted... $n_url = $_SESSION['n_url']; $par = parse_url($n_url); $b_url = $par['host'];//grab base url if($b_url == ""){ $b_url = $par['path']; $b_url = preg_replace('~/(.+)$~', '', $b_url); } CkUrl($n_url, $black);//Check CkUrl($b_url, $black);//Check $www = addwww($b_url); CkUrl($www, $black);//Check $pro = addPro($b_url); CkUrl($pro, $black);//Check $both = addwww($b_url); $both = addPro($both); CkUrl($both, $black);//Check //end check, everything cleared... //check for a youtube video... $link = parse_url($url); $youtube = $link['host'].$link['path']; $watch = "www.youtube.com/watch"; $watch_2 = "youtube.com/watch"; $watch_3 = "http://www.youtube.com/watch"; $watch_4 = "http://youtube.com/watch"; $qu = $link['query']; $qu = str_replace("v=", "", $qu); if ($youtube == $watch || $youtube == $watch_2 || $youtube == $watch_3 || $youtube == $watch_4) { print'<object width="425" height="349"><param name="movie" value="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="349"></embed></object><br><br>'; } //end check for youtube video... //check for mp3 file... $string = $link['path']; $keyword = ".mp3"; $keyword_1 = ".MP3"; if (strpos($string, $keyword) > 0 || strpos($string, $keyword_1) > 0 ) { print'<object data="'.$url.'" type="application/x-mplayer2" width="200" height="50"> <param name="src" value="'.$url.'"> <param name="autoplay" value="false"> <param name="autoStart" value="0"> </object><br><br>'; } //end check for mp3 file... print 'You are about to leave '.$title.', do you want to continue?<br><b>Website</b>: '.$url; print '<br> <center> <form id="con_form_url" name="con_form_url" method="post" action=""> Yes <label> <input type="radio" name="con_tin" id="radio" value="yes" /> </label> No <label> <input type="radio" name="con_tin" id="radio2" value="no" /> </label> <label> <input type="submit" name="button" id="button" value="Continue" /> </label> </form> </center>'; if (isset($_POST['con_tin'])){ if ($_POST['con_tin'] == ("yes")){ header("Location: ".$url); exit; }else{ //header("Location: ".$back_address); header("Location: ?url=".$switch); exit; } } }//pinged webpage, closing bracket. }//url is not empty, closing bracket. ?> </font> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> </tr> </table> </body> </html> <?php //session_destroy(); ?> blocked urls: yahoo.com, and google.com, you can also put in the query's that contain a search like: http://www.google.com/search?hl=en&q=link&btnG=Google+Search&aq=f&oq= and it still blocks it. -Thank you for your time, you have been very helpful. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.