richardjh Posted January 6, 2008 Share Posted January 6, 2008 I have a form which includes a one line form input box for letting users add a link to another website. The website URL ALWAYS begins the same (e.g. http://www.theexternalwebsite.com/..) but it then contains a long string (to the relevant pages). I want to validate the form so that the user can only add this domain name and if he tries to add any other domain name he blows up.. erm I mean gets a rejected message. So: http://www.theexternalwebsite.com/6373737nnvv/44?-22-d-f&.. will be accepted but http://www.notannicesite/6373737nnvv/44?-22-d-f&.. would be refused. I've been trying to do this using preg_match and eregi functions like: if (!eregi("^[http://thesite.com/]+[a-z.]$",$url)) { echo 'wrong URL'; } else { allow this url into the database } thank you for your help R Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/ Share on other sites More sharing options...
Ken2k7 Posted January 6, 2008 Share Posted January 6, 2008 You can just use $SERVER['HTTP_HOST'] I think. Then check that. Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432225 Share on other sites More sharing options...
teng84 Posted January 6, 2008 Share Posted January 6, 2008 or maybe this $path = "http://www.theexternalwebsite.com/6373737nnvv/44?-22-d-f&.."; echo dirname($path); Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432228 Share on other sites More sharing options...
richardjh Posted January 7, 2008 Author Share Posted January 7, 2008 Well, you see each link will be different but the domain will be the same. Hence i want any link that starts with the given domain (e.g. http://www.myspace.com...) to be allowed but no other domain name. Then when a user adds say their own link to their myspace page (example only I'm not actually linking to myspace) the link will be recognised as being a good link but if they try adding a link to any other domain name (say a link to their facebook page) it will be deemed no good. thanks Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432232 Share on other sites More sharing options...
teng84 Posted January 7, 2008 Share Posted January 7, 2008 have you tried my post? Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432234 Share on other sites More sharing options...
PC Nerd Posted January 7, 2008 Share Posted January 7, 2008 not sure about teng84's suggestion - and i dont know that function - however you coudl always search for a ? and / - which usually finds the end of teh domain name and begining of directories or GET info - all you would have o do is split the string at that point - and compare the first section to your own domain name. you may als owant to addin different features - so that a person can add: domain.com/..... AND www.domain.com/... AND http://www.domain.com/... - then validate those different inputs - using roughyl the same method good luck Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432243 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 <?php $url="http://www.msn.co.uk"; if(eregi("^(http://www.)[a-z]{0,100}\.+(com|net|co.uk)$",$url)) { echo 'correct url'; } else { echo"wrong url"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432248 Share on other sites More sharing options...
richardjh Posted January 7, 2008 Author Share Posted January 7, 2008 or maybe this $path = "http://www.theexternalwebsite.com/6373737nnvv/44?-22-d-f&.."; echo dirname($path); teng, your code outputs more than just the domain, I tried it and it echos the domain plus the directory of the link. For instance This: http://www.theexternalwebsite.com/dp/0593058003/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1199739941&sr=8-1 outputs as: http://www.theexternalwebsite.com/dp/0593058003/ whereas I want just http://www.theexternalwebsite.com Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432969 Share on other sites More sharing options...
Ken2k7 Posted January 7, 2008 Share Posted January 7, 2008 What about mine? $_SERVER['HTTP_HOST'] Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432978 Share on other sites More sharing options...
richardjh Posted January 7, 2008 Author Share Posted January 7, 2008 Ken I'm not sure how to work that in to a code to do the checking. would it be better/easier to attempt to validate the string by checking the first say 30 characters to see if they match the first 30 characters of the url? Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-432988 Share on other sites More sharing options...
richardjh Posted January 8, 2008 Author Share Posted January 8, 2008 righto, after much scratching of head, I now have this bit of code which i've added to form validate and *seems* to work: if (!preg_match ("/http:\/\/www\.myspace(.*)\.(.*)/i", $url)) { die ('Sorry, this isn\'t an acceptable link'); } Could anyone see any problems/bugs with using this code? it stops ANY URL from getting through unless it matches http://www.myspace.com/whatever?whatever..etc << using myspace as an example here. thanks for advice Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433139 Share on other sites More sharing options...
teng84 Posted January 8, 2008 Share Posted January 8, 2008 if you only need to match if the path is form your desired root maybe you dont need that regex simply use strchr(string,search) maybe not that accurate but easier and faster Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433146 Share on other sites More sharing options...
richardjh Posted January 8, 2008 Author Share Posted January 8, 2008 I'll have a go teng, Thanks for info. Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433150 Share on other sites More sharing options...
toplay Posted January 8, 2008 Share Posted January 8, 2008 righto, after much scratching of head, I now have this bit of code which i've added to form validate and *seems* to work: if (!preg_match ("/http:\/\/www\.myspace(.*)\.(.*)/i", $url)) { die ('Sorry, this isn\'t an acceptable link'); } Could anyone see any problems/bugs with using this code? it stops ANY URL from getting through unless it matches http://www.myspace.com/whatever?whatever..etc << using myspace as an example here. thanks for advice Expressions is the way to go, but your expression will allow http://www.myspace.net (not .com) and http://www.myspacesomethingelse.com (different domain name altogether). I recommend anyone working with expressions to buy: http://www.regexbuddy.com Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433157 Share on other sites More sharing options...
richardjh Posted January 8, 2008 Author Share Posted January 8, 2008 toplay, can you give me a pointer as to how to construct the expression to rectify this please? Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433167 Share on other sites More sharing options...
toplay Posted January 8, 2008 Share Posted January 8, 2008 Well, I don't know how tight you want to make the checking, that's why I recommend that you try it out yourself by using programs such as regexbuddy. Anyway, the following expression is a basic one where it asserts that at the beginning of the string it must have http://www.myspace.com or https://www.myspace.com. It doesn't care what might be after the .com. It just depends how thorough you want to validate things. '/^https?:\/\/www\.myspace\.com/i' Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433175 Share on other sites More sharing options...
Daukan Posted January 8, 2008 Share Posted January 8, 2008 Would parse_url do the trick? Quote Link to comment https://forums.phpfreaks.com/topic/84793-safe-user-form-imput-method/#findComment-433199 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.