Regex only allowing specific url's

[Minklet]

I'm sorry if this has been asked before, however the search terms I could think of are a little ambiguous and the majority of results asked for the regex is to take parts of a url.

 

 

I would like users to be able to add their accounts to particular websites in specific text inputs. i.e. you can only put http://www.facebook.com/yourprofile into the Facebook field. So basically I want a regex that only allows http://www.domain.com[whatever else is needed] .I'm sure this is easy to do, but I'm a real novice at regex (I'm trying!). I currently have this, which allows urls of any domain, but I don't want to give users that privilege:

 

if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', ($_POST['website']))) {

$website = escape_data($_POST['website']);

$mw = "'$website'";

} else if (empty($_POST['website'])) {

$mw = 'NULL';

} else {

$mw = FALSE;

echo '<p><font color="red" size="+1">Please enter a valid website URL, or clear the entry</font></p>';

}

 

 

Any help would be massively appreciated. Thankyou

[cags]

If it is a Facebook field, you really shouldn't be allowing/expecting the user to type in the http://www.facebook.com/ part, they should only be typing in their profile name, which can be matched with a very simple pattern. I'm not sure on the exact requirements, but it's probably al-num with dash.

[Minklet]

If it is a Facebook field, you really shouldn't be allowing/expecting the user to type in the http://www.facebook.com/ part, they should only be typing in their profile name, which can be matched with a very simple pattern. I'm not sure on the exact requirements, but it's probably al-num with dash.

 

 

Because I am letting them input account url's from various domains(soundcloud, mixcloud, divshare) etc, I think it would be easier for the user to just cut and paste the whole lot. Seems a bit more idiot proof than asking them to only copy from after .com

 

Why is this a bad idea?

[Minklet]

In case anyone else has a similiar question, a friend forwarded me this:

 

http://pastebin.com/EGxeMf8N

[cags]

Then it clearly isn't a 'Facebook' field as you indicated it as.

[Minklet]

Then it clearly isn't a 'Facebook' field as you indicated it as.

 

 

Well, it depends on the field in question doesn't it? If it's the facebook field, then yes it is. Sorry if you didnt understand what I meant.

 

There is a problem with this regex. It won't validate if the url comes from a form field, even if you use the exact string that I entered into the form.

 

i.e this works:

$allowed = 'http://soundcloud.com';
$url = 'http://soundcloud.com/theshiverman/summer-beats-july-2010';

echo $_POST['mixdownloadlink'];

function isrighturl($allowed, $url){
        $allowed = preg_quote($allowed, '/:.');
        $regex = "/".$allowed.'\/[0-9a-zA-Z_\/\-]{1,99}'."/";

        $keywords = preg_match_all($regex, $url, $matches);
        $matches = count($matches[0]);

        if($matches == 1){
                return true;
        }
        else{
                return false;
        }
}

if(isrighturl($allowed, $url) == 1){
        echo "URL is OK";
}
else{
        echo "URL isnt right";
}

 

Whereas entering the same url (http://soundcloud.com/theshiverman/summer-beats-july-2010) into the mixdownloadlink field on the form and using this:

$allowed = 'http://soundcloud.com';
$url = $_POST['mixdownloadlink'];


function isrighturl($allowed, $url){
        $allowed = preg_quote($allowed, '/:.');
        $regex = "/".$allowed.'\/[0-9a-zA-Z_\/\-]{1,99}'."/";

        $keywords = preg_match_all($regex, $url, $matches);
        $matches = count($matches[0]);

        if($matches == 1){
                return true;
        }
        else{
                return false;
        }
}

if(isrighturl($allowed, $url) == 1){
        echo "URL is OK";
}
else{
        echo "URL isnt right";
}

 

Doesnt work.

 

 

Is this just me bring tired? I can't see what the problem is.

[Minklet]

Similarly, this regex to allow an embed code for youtube also will not work when it comes from a form field.

 

This doesnt work:

$embed = $_POST['mixembedlink'];

if (preg_match('/<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$embed,$preg_out)) {;
$width = $preg_out[1];
$height = $preg_out[2];
$url = $preg_out[3];


echo 'WORKING';


} else {
echo 'NOT WORKING!';
}

 

This however does work:

$embed = '<object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/1mt3vZHDiM8?fs=1&hl=en_US"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/1mt3vZHDiM8?fs=1&hl=en_US" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object>';

if (preg_match('/<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$embed,$preg_out)) {;
$width = $preg_out[1];
$height = $preg_out[2];
$url = $preg_out[3];


echo 'WORKING';


} else {
echo 'NOT WORKING!';
}

 

 

Can anyone shed some light on why this is? The form names are exactly right. I think i've checked and renamed them about 10 times each.

 

[cags]

If you try...

 

echo '<pre>';
echo $_POST['mixembedlink'];
echo '</pre>';

 

...does the output look exactly the same as what you are pasting in the input? I'm guessing you've got something like magic_quotes enabled and it's inserting backslashes into the string, thus causing it to not match the pattern.