Mancent Posted April 25, 2014 Share Posted April 25, 2014 (edited) I have a form that a user can post a website link.I want to do a search for safe sites like youtube or google or facebook or twitter. so they submit something like this https://www.youtube.com/watch?v=qRuJ7zeyPLg I want to do a if statement that says if in post string has youtube.com it is safeelse check some other safe site code until it knows its not tested or verified as being safe yet. I was thinking something like this but I am not sure if that would be correct or not or If I was on the wrong track if(preg_match("/youtube.com/",strtolower($_POST['req-domain']]))) { do something. } Edited April 25, 2014 by Mancent Quote Link to comment https://forums.phpfreaks.com/topic/288001-if-a-user-post-a-link-how-can-i-check-it/ Share on other sites More sharing options...
QuickOldCar Posted April 25, 2014 Share Posted April 25, 2014 Is a few ways to go about it, this is my preferred method. Can make an array of allowed sites, then using in_array() to allow, or can even do an additional not in array and blocking too First you can parse the url with parse_url() Should add a check for protocols like http,https,etc or parse_url fails <?php function checkUrl($url) { $allowed = FALSE; if (trim($url) != '') { $good_domains = array( "youtube.com", "google.com", "facebook.com", "twitter.com" ); $bad_domains = array( "bad-site.com", "real-bad.com" ); $parsedUrl = @parse_url(trim(strtolower($url))); $domain = trim($parsedUrl['host'] ? $parsedUrl['host'] : array_shift(explode('/', $parsedUrl['path'], 2))); $domain = ltrim($domain, "www."); if (in_array($domain, $good_domains) && !in_array($domain, $bad_domains)) { $allowed = TRUE; } } return $allowed; } //end checkUrl function //simple usage example $url = "http://google.com"; //$url = "http://bad-site.com"; if (checkUrl($url) === TRUE) { echo "allowed"; } else { echo "not allowed"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/288001-if-a-user-post-a-link-how-can-i-check-it/#findComment-1477227 Share on other sites More sharing options...
QuickOldCar Posted April 25, 2014 Share Posted April 25, 2014 Because is domains and subdomains it makes this difficult unless parsing the actual main hosts from the url I did this a very complicated function, the code provided will do for exact domains and subdomains. Quote Link to comment https://forums.phpfreaks.com/topic/288001-if-a-user-post-a-link-how-can-i-check-it/#findComment-1477229 Share on other sites More sharing options...
QuickOldCar Posted April 25, 2014 Share Posted April 25, 2014 Try this version using preg_match, I did a little testing and seemed to work ok, although may be even better looking with parsed urls as well <?php function checkUrl($url) { $allowed = FALSE; if (trim($url) != '') { $good_domains = array( "youtube.com", "google.com", "facebook.com", "twitter.com" ); $bad_domains = array( "bad-site.com", "real-bad.com" ); $urlreg = '/^(((?:http|https|ftp)):\/\/)?(www?[0-9]*?\.)?(([a-zA-Z0-9][[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]]?)\.)?([a-zA-Z0-9][[[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]]?\.]*[a-zA-Z]{2,6})(\/.*)?$/'; preg_match($urlreg, $url, $matches); if ($matches) { foreach ($matches as $match) { if (in_array($match, $good_domains) && !in_array($match, $bad_domains)) { $allowed = TRUE; } } } } return $allowed; } //end checkUrl function //simple usage example $url = "http://google.com"; //$url = "http://site.google.com"; //$url = "https://maps.google.com"; //$url = "http://bad-site.com"; if (checkUrl($url) === TRUE) { echo "allowed"; } else { echo "not allowed"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/288001-if-a-user-post-a-link-how-can-i-check-it/#findComment-1477237 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.