[SOLVED] preg_match problem

[nunu78]

I'd like some help with this, as I am still new to php...

What I want the code do is:

1) get rid of messages if they contain tags of any kind (thanks to genericnumber1 this works)

2) if the message did not contain tags, but masked URLS using [ ] and < find those (or the always present href, as I've tried myself) and get rid of the message if they do appear in the message

 

All help is appreciated.

 

 

$strippedInput = strip_tags($message);
if($message != $strippedInput) {
     header('location:trap.php'); // something to redirect back, maybe with an error
     die();
 }

if (!preg_match("/href/i", $message)) {
  header('location:trap.php'); // something to redirect back, maybe with an error
     die();
}

 

all the code here:

<?php

// You can customize the date and time format using PHP.  As they are set now,
// the date will appear in the form "Sunday, January 11, 2004" and the time in
// the form "1:04 pm".  Another common date format would be 01.11.04; to change
// it to this, replace 'l, F j, Y' with 'm.d.y'.  More info can be found at
// http://us2.php.net/manual/en/function.date.php.

$dateFormat = 'd.m.Y';
$timeFormat = 'H:i';


if (empty($_POST['message'])) {
  header('Location: '.$_POST['bookurl'].'?contents=blank');
}

else {
  $entryFile = 'entries.txt';
  $formatFile = 'format.php';

  $message = stripslashes($_POST['message']);

  $allowedTags = '<a><em><strong><b><i><img>';

  $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|style|class|id';

  function removeEvilTags($source)
  {
     global $allowedTags;
     $source = strip_tags($source, $allowedTags);
     return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
  }
  function removeEvilAttributes($tagSource)
  {
    global $stripAttrib;
    return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
  }

  function word_wrap($message)
  {
    $maxLength = 60;
    $cut = ' ';
    $result = '';
    $wordlength = 0;

    $length = strlen($message);

    $tag = FALSE;
    for ($i = 0; $i < $length; $i++)
    {
      $char = substr($message, $i, 1);
      if ($char == '<') { $tag = TRUE; }
      elseif ($char == '>') { $tag = FALSE; }
      elseif (!$tag && $char == ' ') { $wordlength = 0; }
      elseif (!$tag) { $wordlength++; }
      if (!$tag && !($wordlength%$maxLength)) { $char .= $cut; }
      $result .= $char;
    }
  return $result;
  }
  
$strippedInput = strip_tags($message);
if($message != $strippedInput) {
     header('location:trap.php'); // something to redirect back, maybe with an error
     die();
 }

if (!preg_match("/href/i", $message)) {
  header('location:trap.php'); // something to redirect back, maybe with an error
     die();
}



  $message = word_wrap(removeEvilTags($message));
  $message = str_replace(array('&', "\r\n\r\n"), array('&', '</p><p>'), $message);
  $message = str_replace(array('&gt;', '&lt;', "\r\n"), array('>', '<', '<br />'), $message);

  $signername = strip_tags(stripslashes($_POST['signername']));
  $email = urlencode(strip_tags(stripslashes($_POST['email'])));
  $url = urlencode(strip_tags(stripslashes($_POST['url'])));
  $url = str_replace(array('%2F', '%3A'), array('/', ':'), $url);

  $formatted = file_get_contents($formatFile);
  $variables = array("\n", '%%signername%%', '%%email%%', '%%url%%', '%%message%%', '%%date%%', '%%time%%');
  $inputs = array('', $signername, $email, $url, $message, date($dateFormat), date($timeFormat));

  $formatted = str_replace($variables, $inputs, $formatted);

  $oldEntries = fopen($entryFile, 'r');
  $content = fread($oldEntries, filesize($entryFile));
  fclose($oldEntries);

  $newContent = $formatted."\n".$content;

  $allEntries = fopen($entryFile, 'w');
  fwrite($allEntries, $newContent);
  fclose($allEntries);

  header('Location: '.$_POST['bookurl']);

}

?>

[nunu78]

bump...

[per1os]

Maybe posting this in the Regex forum will get you more replies?

[effigy]

Can you provide some examples of masked URLs, or examples of input and the desired output?

[nunu78]

[url=http://pomogli3.nm.ru/giorgio-gori-giornalista-morto.ht ml]giorgio gori giornalista morto[/url]

 

this is one way of getting the link pass strip_tags. And the output that I want is for the script to recognise this as an link and stop it from going to the actual guestbook (opens up a spampage or gives the error 404 page).

 

Is there something similar to strip_tags (and if tags are stripped, message is blocked) that would prevent the use of [ ] tags?

 

[effigy]

You could create something. Do you want to remove all URLs, or does there have to be a tagging scheme involved? What if a user enters "http://www.google.com", "www.google.com", "google.com", or even "google dot com"?

[nunu78]

the first two choices  should be removed. The main idea is that spam messages would be removed. All legitimate (known) users know that html and links are forbidden and I am just looking for a way to automatically stop spam messages that include links of any kind.

 

[effigy]

preg_match('#https?://[-a-z0-9+.%]+#i', $string);

[nunu78]

THANK YOU!

 

That was very helpful. I used the preg_match to create similar function as the strip_tags is and so far testing has proved it works. YAY!  ;D