Textarea validation...Is this a good way?

[quasiman]

Hey guys,

 

I'm working on a form to submit Google+ game help requests to a list in my site, and I think I've worked out a good way to manage it.  Can you take a look, and let me know if I'm missing anything?

 

The idea here is that people need help from their game friends to complete a certain part of the game.  So here's an example of the HTML post:

<div class="MF h-q-o-ca"><a class="h-q-o-ca" title="Play now" href="https://plus.google.com/games/865772480172/params/%22%7B%5C%22encPrms%5C%22%3A%5C%22eyJoYW5kbGUiOiJzdHJlYW1zIiwiYWN0aW9uIjoiY2xpY2siLCJwYXJhbSI6eyJlbnRyeSI6InN0cmVhbSIsInRva2VuIjoiTlRFeU1URTVNekF5TXpjMk9UWTNNemM2ZW1Wd1kyMXBhSEoxZFhsMU9qRTRPakl3TVRJd05qQTVPbUZ5WldGZmFXUXNNakF3TkRweVlXbGtYMkp2YzNOZmFXUXNOQT09In19%5C%22%7D%22/source/3"><img src="https://images-oz-opensocial.googleusercontent.com/gadgets/proxy?url=https://ct-google.crimecitygame.com/ct-google/static/images/streams/raidboss_Mob.png?cb%3D14&container=oz&gadget=//images-oz-opensocial.googleusercontent.com/gadgets/proxy?url%3Dhttps://ct-google.crimecitygame.com/ct-google/static/images/streams/raidboss_Mob.png?cb%253D14%26container%3Doz%26gadget%3D//images-oz-opensocial.googleusercontent.com/gadgets/proxy?url%253Dhttps%25253A%25252F%25252Fct-google.crimecitygame.com%25252Fct-google%25252Fstatic%25252Fimages%25252Fstreams%25252Fraidboss_Mob.png%25253Fcb%25253D14%2526container%253Doz%2526gadget%253Da%2526rewriteMime%253Dimage%25252F*%2526resize_h%253D84%2526resize_w%253D70%2526no_expand%253D1%26rewriteMime%3Dimage/*%26resize_h%3D80%26resize_w%3D80%26no_expand%3D1&rewriteMime=image/*&resize_h=80&resize_w=80&no_expand=1" alt="" /></a></div>
<div class="LF">
<div class="NF"><span class="IF">Crime City</span> - <span class="KF">Join raw xtream's mob against Madame Payne!</span></div>
<div class="HF">raw xtream is assembling a mob to beatdown Madame Payne! A full mob will instantly do a ton of damage! Click for FREE RESPECT!</div>
<div><a class="h-q-o-ca" href="https://plus.google.com/games/865772480172/params/%22%7B%5C%22encPrms%5C%22%3A%5C%22eyJoYW5kbGUiOiJzdHJlYW1zIiwiYWN0aW9uIjoiY2xpY2siLCJwYXJhbSI6eyJlbnRyeSI6InN0cmVhbSIsInRva2VuIjoiTlRFeU1URTVNekF5TXpjMk9UWTNNemM2ZW1Wd1kyMXBhSEoxZFhsMU9qRTRPakl3TVRJd05qQTVPbUZ5WldGZmFXUXNNakF3TkRweVlXbGtYMkp2YzNOZmFXUXNOQT09In19%5C%22%7D%22/source/3">Play now</a></div>
</div>

 

Now, I really don't want people to post random hack urls, but I can't validate the all the game servers independently.  So I'm kind of stuck (I think) with removing the image URL and leaving only the game URL and plain text.

 

So here's my code, with a simple form post to see what I'm doing.  Please let me know if there's a better way, or if I missed a major problem....obviously I'm not posting this to the database yet, so mysql_real_escape_string will come later.

 

<form method="post">
<textarea id="elm1" name="textarea" rows="15" cols="80" style="width: 80%"></textarea>
<input type="submit" value="submit" name="submit" />
</form>
<?php
echo "<br>\n";

if(isset($_POST['textarea'])) {
$post = $_POST['textarea'];
$post = preg_replace("/<img[^>]+\>/i", "", $post);
	 if(valHelpPost($post)) {
	 echo $post;
	 echo "<hr>\n";
	 echo $_POST['textarea'];
	 echo "<hr>";
	}
	else {
	echo "failed";
	}
}
function valHelpPost($post) {
$errors = array();
$regex = '@((http|https|ftp)://?([-\w]+\.[-\w\.]+)+\w(:\d+)?(/([-\w/_\.]*(\?\S+)?)?)*)@';
if(preg_match_all($regex, $post, $urls)) {
	foreach($urls[0] as $url) {
		$scheme = parse_url($url, PHP_URL_SCHEME);
		$host   = parse_url($url, PHP_URL_HOST);
		$pieces = explode("/",parse_url($url, PHP_URL_PATH));
		if(
				$scheme === 'https' && 
				$host   === 'plus.google.com' && 
				in_array('games',$pieces) &&
				in_array('params',$pieces)
		   ) {
			$errors[] = TRUE;
		}
		else {
			$errors[] = FALSE;
		}
	}
	if(in_array(FALSE,$errors)) {
		return FALSE;
	} else {
		return TRUE;
	}
}
}