DEVILofDARKNESS Posted April 13, 2009 Share Posted April 13, 2009 Hi, I want to use BBcodes on my forum, do I need Pear for this? I found this link where they say it is needed. http://www.sitepoint.com/article/bb-code-php-application/ If I have to, I want to know first what are differences or add-ons you get with php Pear? Do I have to change all my standard php code or can I let it like it is? Thanks! Quote Link to comment Share on other sites More sharing options...
Ashoar Posted April 13, 2009 Share Posted April 13, 2009 From what i am aware you can add UBBC without the use of PEAR. It is a simple matter of using regular expressions and arrays. e.g: search an array '\[img\](.*?)\[\/img\]\', $replace = array( '<img src="\\1">', Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 13, 2009 Author Share Posted April 13, 2009 Is it better to use BBcode instead of ordinary html? Because I'm not known with regex,... Quote Link to comment Share on other sites More sharing options...
Axeia Posted April 13, 2009 Share Posted April 13, 2009 It's safer as you decide what's allowed instead of you having to limit an already exisiting set of tags. And more people are familiar with it. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 13, 2009 Author Share Posted April 13, 2009 Ok, Should I use htmlspecialchars() or htmlentities()? Ow, and I can google it, but how could you add allowed tags again? Quote Link to comment Share on other sites More sharing options...
laffin Posted April 13, 2009 Share Posted April 13, 2009 U use both. BBcodes is there so that yer users dun enter any mailicous html/javascript and so forth. it gives the user a way to add decoration to their posts. so u would have to strip/replace html/javascripting character codes. this is a good site for bbcode help and some basics bbcode.org Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 Ok, but if I don't want to use bbcode but only html with a limited ammount of tags. should I use $text = htmlentities($text, ENT_QUOTES); $text = strip_tags($text, <b><u><i>); ? Quote Link to comment Share on other sites More sharing options...
trq Posted April 14, 2009 Share Posted April 14, 2009 You need to learn how to read the manual first. string strip_tags ( string $str [, string $allowable_tags ] ) That clearly states that the second argument is optional, and is expected to be a string. $text = strip_tags($text, '<b><u><i>'); Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 Yeah, but if I want to only allow some html tags, instead of making BBcode, I Do have to do it that way? Or am I wrong, is it still insecure if I do it that way? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 And, btw: If you read the php.net document about strip_tags= They give an example as: <?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> You don't have to use a string, Wow, Thorpe was wrong for the first time I gues Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 Whats wrong whit this:? $text = $_POST['reply']; $text = nl2br($text); $text = htmlentities($text, ENT_QUOTES); $text = strip_tags($text,'<b><u><i><br />'); None of those tags <b>,... has escpaed the htmlentities? Because the php.net manual says you can declare htmlentities, that way, I can't see what I've done wrong Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted April 14, 2009 Share Posted April 14, 2009 And, btw: If you read the php.net document about strip_tags= They give an example as: <?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> You don't have to use a string, Wow, Thorpe was wrong for the first time I gues Thorpe was right, the way you used the function you didn't put quotes around the second argument ' ' just to let you know DEVILofDARKNESS, BBcode can/is inserted into the database, and then when displayed converted back to HTML. All you really need is a function to convert it from 1 to the other and back again and you can use that anywhere, anytime. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 Sorry Thorphe, I'm always theone who is wrong ,back to the topic: So it is actually better that I use BBCode, instead of doing it with strip_tags,? I found a BBCode Parser, but I dunno, it is a good/secure one, and how I have to implement it. The 'Parser': <?php /* ------------------------------------ ** bbcode.php ** string, clean BBcode parser for PHP ** ------------------------------------ ** emotes.txt ** is in the form ** smileyCode altSmileyCode ... ** imageFilename ** example emotes.txt biggrin.gif 0.o o.0 o_0 0_o blink.gif B) cool.gif rolleyes.gif mellow.gif */ function parseBB($text) { // CONVERT ALL HTML SPECIAL CHARS TO THERE ENTITIES $text = htmlentities($text, ENT_QUOTES); // CHANGE NL TO BR $text = str_replace(array("\r\n", "\r", "\n"), "<br />", $text); // PARSE BB CODE $text = preg_replace('|\[b\](.*?)\[\/b\]|i', '<strong>$1</strong>', $text); $text = preg_replace('|\[i\](.*?)\[\/i\]|i', '<em>$1</em>', $text); $text = preg_replace('|\[u\](.*?)\[\/u\]|i', '<u>$1</u>', $text); $text = preg_replace('|\[img\](.*?)\[\/img\]|i', '<img src="$1" border="0" />', $text); $text = preg_replace('|\[url=(.*?)\](.*?)\[\/url\]|i', '<a href="$1" target="_blank">$2</a>', $text); $text = preg_replace('|\[color=(.*?[^;])\](.*?)\[\/color\]|i', '<span style="color:$1;">$2</span>', $text); $text = preg_replace('|\[size=(.*[^;])\](.*?)\[\/size\]|i', '<span style="font-size:$1;">$2</span>', $text); $text = preg_replace('|\[left\](.*?)\[\/left\]|i', '<span style="text-align: left;">$1</span>', $text); $text = preg_replace('|\[right\](.*?)\[\/right\]|i', '<span style="text-align: right;">$1</span>', $text); $text = preg_replace('|\[center\](.*?)\[\/center\]|i', '<center>$1</center>', $text); // CHECK EMOTES.TXT EXISTS if (file_exists("emotes.txt")) { // PARSE EMOTES $line = file("emotes.txt"); for ($i = 0; $i < count($line); $i += 2 ) { // TRIM NEW LINES FROM THE END $line[$i] = rtrim($line[$i]); $line[$i + 1] = rtrim($line[$i + 1]); // SET VARIABLES if (substr_count($line[$i], " " ) == 0 ) { $emote = $line[$i]; $alt = $emote; } else { $emote = explode(" ", $line[$i]); $alt = $emote[0]; } $file = $line[$i + 1]; // REPLACE EMOTE CODE WITH IMG global $home_dir; $text = str_replace($emote, "<img src='$file' alt='$alt' title='$alt' style='vertical-align:middle' />", $text); } } // REINSERT NL TO KEEP WITH W3C STANDARDS $text = str_replace("<br />", "<br />\n", $text); // RETURN HTML RESULT return $text; } echo parseBB( " [center][i]I [color=pink][size=50]love[/size][/color] my [/i][b][u][color=blue]BB[/color][color=red]code[/color][/b][/u] [img=http://icanhascheezburger.files.wordpress.com/2007/05/lol-i-r-jawz.jpg][/center] "); ?> Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted April 14, 2009 Share Posted April 14, 2009 yeah that is a better way to do it. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted April 14, 2009 Author Share Posted April 14, 2009 Ok, and how should I implement it in this: (The parser is in the included functions.php) <?php session_start(); require_once './functions.php'; require_once '../login-check.php'; /*DATABASE SETTINGS */ $topicid = $_GET['id']; $query = "UPDATE topics SET views = views + 1 WHERE topic_id = '$topicid'"; $result = mysql_query($query); $username = $_SESSION['username']; if($_POST) { $text = $_POST['reply']; $query = "SELECT COUNT(message_id) FROM messages"; $result = mysql_query($query); list($id) = mysql_fetch_row($result); $id = $id + 1; $query = "INSERT INTO messages(message_id,topic_id,poster,message_text) VALUES ('$id','$topicid','$username','$text')"; $result = mysql_query($query); } $query = "SELECT * FROM topics WHERE topics.topic_id ='$topicid'"; $result = mysql_query($query); while($topics = mysql_fetch_array($result)) { ?> <html> <head> <title>Topic</title> </head> <body> <table border="1" width="100%"> <tr> <td colspan = "2" height="50px"><center><?php echo $topics['title']; ?></center></td> </tr> <tr> <td height="75px" width="100px"><?php echo "Starter: <br>" . $topics['starter']; ?></td> <td height="75px" width="990px"><?php echo "Message: <br>" . $topics['message']; }?></td> </tr> <?php $query = "SELECT * FROM messages WHERE topic_id = '$topicid' ORDER BY message_id ASC"; $result = mysql_query($query); while($messages = mysql_fetch_array($result)) { echo "<tr><td height='75px' width='100px'>Starter: <br>" . $messages['poster'] . "</td><td height='75px' width='990px'>Message: <br>" . $messages['message_text'] . "</td></tr>"; } ?> <tr><td height="75px" width="75px">Reply:</td><td height="75px" width='990px'><form action='' method='post'><textarea name="reply" cols="30" rows="10"></textarea><br><input type='submit' name='replys' value='reply'></form></td> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted April 14, 2009 Share Posted April 14, 2009 hey I'm not here to write scripts for you lol. Do alittle reading of the php.net manual and have a shot at before posting here. you'll never learn otherwise Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.