[SOLVED] Prevent certain strings being posted

[RickyF]

Hi, how could i prevent certain strings being posted on a shoutbox?

 

e.g. if the message contained *www.* in any part of the post, im pretty sure this involves using eregi, but i am not sure how to do this.

 

else if (ereg('------', $message)) {
   die ("No spam please");
}

 

Thanks to anyone who helps! 

[per1os]

<?php
if (eregi('www.', $message)) { // the period may have to be escaped "\."
    echo 'Please no spam.';
}
?>

 

Does that not work?

[cooldude832]

try this, but becareful because if it finds a match of anything in string it will return spam

<?php
$spamlist = array("spam1","spam2","spam3");
if(stristr($string,$spamlist)
{
//spam
}
else
{
//nospam
}
?>

[cooldude832]

don't use regular expressions except where needed, they are overpowering especially if you have a lengthy array of banned phrases

[RickyF]

How would implement this code, here is what i currently have

 

<body link="#FF66FF" vlink="#FF66FF" alink="#FF66FF" text="#FF66FF" bgcolor="#000000">
<style type="text/css">
<!--
#contentbox {
  background: #000000;
  border:dotted;
  border-color:#FF66FF;
  padding: 5px;
  width: 400px;
  height: 250px;
  overflow: auto; }
ul#shoutboxmessage { 
  margin: 0;
  padding: 0;
  list-style-type: none;
  color: #FF66FF;
  font: normal 12px verdana,tahoma,arial; }
.style2 {font-family: Tahoma; font-size: 12px; }
-->
</style>
<?php

  require_once("config.php"); 
  $spamlist = array("www.","http://","https://");
  $name = $_POST['name'];
  $message = $_POST['message'];
  $ip = $_POST['ip'];
  $mlen = strlen($message);
  $maxlength = 300;
  $date = date("M jS Y");

  if ($_POST['submit'])  {
    if ($name == "") { 
      die ("<div id=\"contentbox\"><br><br><center><font face='verdana' size='2'>Error: Please enter your name.<br /><br><a href='javascript:history.go(-1)'>Go back</a></font></center></div>");
    }
    else if(ereg('[^A-Za-z]', $name)) {
      die ("<div id=\"contentbox\"><br><br><center><font face='verdana' size='2'>Error: Your name may not contain numbers.<br /><br><a href='javascript:history.go(-1)'>Go back</a></font></center></div>");
    }
    else if ($message == "") { 
      die ("<div id=\"contentbox\"><br><br><center><font face='verdana' size='2'>Error: Please enter your message.<br /><br><a href='javascript:history.go(-1)'>Go back</a></font></center></div>");
    }
    else if ($mlen > $maxlength) { 
      die ("<div id=\"contentbox\"><br><br><center><font face='verdana' size='2'>Error: Please make your message shorter.<br /><br><a href='javascript:history.go(-1)'>Go back</a></font></center></div>");
    }

  else {
      $db = mysql_connect($dbhost,$dbuser,$dbpass); 
      mysql_select_db($dbname) or die(mysql_error());
      mysql_query("INSERT INTO shoutbox(name,message,date,ip) VALUES('$name','$message','$date','$ip')"); 
    }
}

  $db = mysql_connect($dbhost,$dbuser,$dbpass);
  mysql_select_db($dbname) or die(mysql_error());
  $query = "SELECT * FROM shoutbox ORDER BY id DESC LIMIT 20"; 
  $result = mysql_query($query);

  echo "<div id=\"contentbox\">\n";
  echo "<ul id=\"shoutboxmessage\">\n";
  while($r = mysql_fetch_array($result)) {
    $name = $r['name'];
    $name = strip_tags($name);
    $message = $r['message'];
    $message = strip_tags($message);
    echo "<li><strong>$name</strong>: $message</li>\n";
  }
  echo "</ul>\n";
  echo "</div>\n";

  mysql_close($db);

?>

 

Thanks

[cooldude832]

try modifying:

  if ($_POST['submit'])  {

with:

  if ($_POST['submit'] && stristr($string,$spamlist))  {

[per1os]

Edit to the above, when using strstr or stristr always use !== FALSE

 

  if ($_POST['submit'] && (stristr($string,$spamlist) !== FALSE))  {

 

As it can return 0, which is taken as false, when really the word is there.

 

 

[RickyF]

Hi,

 

thanks for the suggestions, but both of theses stoped the script from displaying at all. (its a shoutbox)

 

if ($_POST['submit'] && (stristr($string,$spamlist) !== FALSE))  {

 

if ($_POST['submit'] && stristr($string,$spamlist))  {

 

Any other ideas?

[cooldude832]

well cause $string does not exsist you need to change it to $message

[RickyF]

Oh right i see haha

 

    if ($_POST['submit'] && (stristr($message,$spamlist) !== FALSE))  {

 

That seems to stop the script from working

 

    if ($_POST['submit'] && (stristr($message,$spamlist) !== TRUE))  {

 

That allowed the script to run, but the spam protection wasnt working

 

I think it may need to be done a different way.  :-\

[RickyF]

I've figured it out!

   else if (eregi('www.', $message)) {

This works a treat, its only a small website, so i doubt it will have problems, just wanted a few basic bits of protection on the shoutbox, just incase a spam bot comes across it.

 

Thanks for your help

[per1os]

I've figured it out!

   else if (eregi('www.', $message)) {

This works a treat, its only a small website, so i doubt it will have problems, just wanted a few basic bits of protection on the shoutbox, just incase a spam bot comes across it.

 

Thanks for your help

 

To be honest you wouldn't see much of a difference unless there are about 1,000+ entries to run it against. I use eregi for my checking works great for me, never had a speed issue.