SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Enthusiast espmartin's Avatar
    Join Date
    Aug 2004
    Location
    Central Valley, California, USA
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to check for, and kill, a link upon submit

    Hello All,

    I have this PHP script that checks for empty form fields, but I don't know how
    to incorporate a check in the "msg" field for a URL. I've been getting tons of
    link spam in these forms, and so upon submission, I'd like to echo a msg to the
    user that their post will be dead upon arrival. My failed attempt is commented out below.

    Can you GREAT people "fill in" this script snip with the actual PHP code that will
    work?
    PHP Code:
    <?php # now to check for valid input...
        
    $ipi $_REQUEST['ip'];
        
    $firstname $_REQUEST['first-name'];
        
    $lastname $_REQUEST['last-name'];
        
    $emailaddress $_REQUEST['email-address'];
        
    $urllist $_REQUEST['urls'];
        
    $msg $_REQUEST['msg'];

            
    /* begin what I've tried... */
        
        
    if ($msg == "http:") {
            
    alert("You Crazy spammer! Your message will be rejected, and your IP will be denied.");
            }
            
    /* end what I've tried... */

        
    if (!isset($_REQUEST['ip']) || !isset($_REQUEST['first-name']) || !isset($_REQUEST['last-name']) || !isset($_REQUEST['email-address']) || !isset($_REQUEST['urls']) || !isset($_REQUEST['msg'])){
          
    header"Location: http://my-domain.com/page.html#form-container" );
        }
        elseif (empty(
    $ipi) || empty($firstname) || empty($lastname) || empty($emailaddress) || empty($urllist) || empty($msg)) {
          
    header"Location: http://my-domain.com/sub-folder/contact-error.php" );
        }
        else {
            
    $ToAddress "seo-contact-form@my domain dot com";
            
    $message  "Martin, you have a message from the AWD SEO Contact form\n";
            
    $message .= "--------------------------------------------\n";
            foreach (
    $_POST as $key => $value){$message .= "$key$value\n";}
            
    $message .= "--------------------------------------------\n";
            
    mail("<$ToAddress>","Message from the AWD SEO Contact form"$message,"From: $ToAddress");
        }
    ?>

  2. #2
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,095
    Mentioned
    28 Post(s)
    Tagged
    1 Thread(s)
    Hi,

    If you just want to check if msg contains the string 'http://' then you can use
    if (strrpos("http://", $msg)) { // You're a phony! }

    http://au2.php.net/strrpos

    Hope it helps

  3. #3
    SitePoint Enthusiast espmartin's Avatar
    Join Date
    Aug 2004
    Location
    Central Valley, California, USA
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What am I doing wrong? It does nothing. I've added it as a last elseif below:

    PHP Code:
        if (!isset($_REQUEST['ip']) || !isset($_REQUEST['first-name']) || !isset($_REQUEST['last-name']) || !isset($_REQUEST['email-address']) || !isset($_REQUEST['urls']) || !isset($_REQUEST['msg'])){
          
    header"Location: http://my-domain.com/index.php#form-container" );
        }
        elseif (empty(
    $ipi) || empty($firstname) || empty($lastname) || empty($emailaddress) || empty($urllist) || empty($msg)) {
          
    header"Location: http://my-domain.com/includes/contact-error.php" );
        }
        elseif (
    strrpos("http://"$msg)) { 
          
    header"Location: http://somehere-else-you-phony.com" );
         } 

  4. #4
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,095
    Mentioned
    28 Post(s)
    Tagged
    1 Thread(s)
    $msg needs to have a value..

    $msg = $_GET['msg'];

  5. #5
    SitePoint Evangelist praetor's Avatar
    Join Date
    Aug 2005
    Posts
    479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code PHP:
    // Use strpos() here instead of 
    if ($msg == "http:")  { }

  6. #6
    SitePoint Enthusiast espmartin's Avatar
    Join Date
    Aug 2004
    Location
    Central Valley, California, USA
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks all so far!

    When I tweak the code to look like this, it half works:
    PHP Code:
        elseif (strrpos("http://"$msg $_GET['msg'])) { 
          
    header"Location: http://mydomain.com/contact-error.php" ); 
    If I fill out the form for testing, and ad a URL to the msg field, I do get the desired
    logic. But when I DON'T ad a url (http://xxx...) I STILL get that error page...

    Any thoughts?

  7. #7
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,095
    Mentioned
    28 Post(s)
    Tagged
    1 Thread(s)
    Code:
    elseif (strrpos("http://", $_GET['msg'])) { 
          header( "Location: http://mydomain.com/contact-error.php" ); 
    }
    OR

    Code:
    $msg = $_GET['msg']; // Somewhere at top of page
    ...
    elseif (strrpos("http://", $msg)) { 
          header( "Location: http://mydomain.com/contact-error.php" ); 
    }

  8. #8
    SitePoint Enthusiast espmartin's Avatar
    Join Date
    Aug 2004
    Location
    Central Valley, California, USA
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do have this at the top of the page:
    PHP Code:
        $msg $_REQUEST['msg']; 
    And this to check for an empty field
    PHP Code:
    elseif (empty($ipi) || empty($firstname) || empty($lastname) || empty($emailaddress) || empty($urllist) || empty($msg)) { 
    It's that last one...

    So how does that change things?

  9. #9
    padawan silver trophybronze trophy markbrown4's Avatar
    Join Date
    Jul 2006
    Location
    Victoria, Australia
    Posts
    4,095
    Mentioned
    28 Post(s)
    Tagged
    1 Thread(s)
    If you set:
    Code:
    $msg = $_REQUEST['msg']
    at the top of the page then you don't need to use $_REQUEST to get that variable again. You have a copy in the variable $msg;

    So you should be able to just use
    Code:
    elseif (strrpos("http://", $msg) != false) { 
          header( "Location: http://mydomain.com/contact-error.php" ); 
    }


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •