This question already has answers here:
Checking if string contains "HTTP://"
(7 answers)
Closed 7 years ago.
recently I started getting bots from one website that keeps posting their website links in my "Customer Feedback" form. I want to make my form deny any text that contains "http://" or any other words/phrases I will add (they will surely find a way to bypass the "http://"), but the thing is I don't know how to do so. Here is the code (the forms that need to be checked for "http://" are $name and $comment):
if(isset($_POST['add'])){
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$ip = $_SERVER['REMOTE_ADDR'];
$datetime = date('Y-m-d H:i');
$checkIp = mysql_query("SELECT ip from comments WHERE ip = '$ip'");
if (mysql_num_rows($checkIp) > 0) {
echo "Only 1 feedback per IP allowed!";
$IP = mysql_fetch_array($checkIp);
print_r($IP);
}
if($name){
if($email){
if($comment){
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
mysql_query("INSERT INTO comments (id, name, email, comment, ip, datetime) VALUES ('','$name','$email','$comment','$ip','$datetime')");
}
else
echo "The email address is invalid!<br><br>";
}
else
echo "You haven't entered any comment!<br><br>";
}
else
echo "You haven't entered an email address!<br><br>";
}
else
echo "You haven't entered your name!<br><br>";
}
Thank you!
You need to check and see if a substring is contained in the $name or $comment variables like so:
if (strpos($comment,'http://') === false and strpos($name, 'http://') === false) {
echo 'continue executing your code here';
}else{
echo 'Its a bot!';
}
Related
This question already has answers here:
How to match all email addresses at a specific domain using regex?
(5 answers)
Closed 4 years ago.
I am new to regular expressions and need some help. I need to use a regular expression to validate an email so it has a specific email so only emails ending in #School.edu work, as of right now i have
$username = $_REQUEST["username"];
$password = $_REQUEST["pass"];
$repeatP = $_REQUEST["repeat"];
//Username is Acceptable, Passwords Match and Appropirate Size
if(preg_match("/^[a-zA-Z0-9]+\oneonta.edu$/i", $username)) {
$userCheck = true;
?> <p>Username is Acceptable</p>
<?
}
else {
?><p>Error: Username is Unacceptable, Please go back and try again</p>
<?
}
I'm using School.edu as an example for my schools edu, I just don't get how to it only allow School.edu emails
one option:
$mystring = '#oneonta.edu';
$pos = strpos($mystring, $_REQUEST["username"]);
if ($pos !== false) {
echo "<p>Username is Acceptable</p>";
} else {
echo "<p>Error: Username is Unacceptable, Please go back and try again</p> ";
}
another
if(substr($_REQUEST["username"], -12)=='#oneonta.edu'){
echo "<p>Username is Acceptable</p>";
}else{
echo "<p>Error: Username is Unacceptable, Please go back and try again</p> ";
}
more ?
$pieces = explode("#", $_REQUEST["username"]);
if($pieces[1]=='oneonta.edu'){
echo "<p>Username is Acceptable</p>";
}else{
echo "<p>Error: Username is Unacceptable, Please go back and try again</p> ";
}
Hi everyone and thanks for your time!
Although it's the first time that I try PHP, I've been making a PHP Form and so far I've been able to make it validate the fields, and also that the form doesn't send anything if the fields are empty.
Now... The fields "Name" and "Email" have validation filters...
"Name" doesn't allow more than "letters and white spaces" and "Email" doesn't allow an "invalid Email format".
Example:
Name: Rob3rt... it has a number
Email: anything... isn't an Email address
Subject and Message have no validation filters...
The problem is, that if I fill up all fields, the form sends the Email, even if the information written on "Name" and "Email" doesn't agree with their validation filters...
Q: How can I hold the form from sending an Email, until all fields have the correct information inside?
Here's the code:
// This is the validation code //
<?php
// define variables and set to empty values
$nameErr = $emailErr = $commentErr = $subjectErr = "";
$name = $email = $comment = $subject = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "<h5>Name is required</h5>";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "<h5>Only letters and white space allowed</h5>";
}
}
if (empty($_POST["email"])) {
$emailErr = "<h5>Email is required</h5>";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "<h5>Invalid email format</h5>";
}
}
if (empty($_POST["comment"])) {
$commentErr = "<h5>Message is required</h5>";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["subject"])) {
$subjectErr = "<h5>Subject is required</h5>";
} else {
$subject = test_input($_POST["subject"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form>
Form comes here
</form>
// This is the sending code... I think the problem is here... //
<?php
if($_POST['name']!="" && $_POST['email']!="" && $_POST['comment']!="" && $_POST['subject']!="") {
$to = "myemail#whatever.com";
$email = "From: " . $email . "\r\n";
$subject = "" . $subject . "\r\n";
$comment = "" . $comment . "\r\n";
mail($to,$subject,$comment,$email);
echo "good";
}
else {
"bad";
}
?>
It is not working, because you never check if an error occurred, you are only checking if the fields are not empty before you send the mail.
The simplest way to fix it is replacing
if($_POST['name']!="" && $_POST['email']!="" && $_POST['comment']!="" && $_POST['subject']!="") {
with
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $nameErr === '' && $emailErr === '' && $commentErr === '' && $subjectErr === '') {
There is no no need to check for empty fields again, you have already done it before, so you just need to check if you are POSTing the form and if all errors are empty.
Some advice on how to generally improve your code:
1) Do not handle the HTTP POST in two positions (once above the form and once below). Merge it together in one PHP code block.
2) At least make sure that the user can't re-submit a successful form by reloading the site. After a successful submit, redirect the page. Something like this:
mail($to,$subject,$comment,$email);
header('Location:' . $_SERVER['REQUEST_URI'] . '?status=ok');
exit();
3) separate your HTML from your PHP or you will end up with a huge file which gets hard to maintain. Put your HTML form in a separate file and include it.
Although imho the nicest solution for a form is to sanitize in in JavaScript, submit it via AJAX (with angular, react, jQuery, whatever), handle it (and sanitize the data again) in PHP, send a 4xx HTTP header on error and return the error messages as a JSON object, which you then use in JavaScript.
For the life of me I cant get this to work (default example from WP Codex). I created a php file with this code and dropped it in my theme folder, when I access the file on the web I get a blank page, nada -- am I missing something, do i have to put this someplace else? any help is greatly appreciated.
<?php
$email = 'myemail#example.com';
$exists = email_exists($email);
if ( $exists )
echo "That E-mail is registered to user number " . $exists;
else
echo "That E-mail doesn't belong to any registered users on this site";
?>
simple answer,
If that is the template page, than use this:
<?php
$email = 'myemail#example.com';
$exists = email_exists($email);
if ( $exists )
echo "That E-mail is registered to user number ";
else
echo "That E-mail doesn't belong to any registered users on this site";
?>
and ensure you have correct opening and closing php tags.
But if are from other than tempalte page then use this:
<?php
require_once("../../../../wp-load.php"); //ADD THIS
$email = 'myemail#example.com';
$exists = email_exists($email);
if ( $exists )
echo "That E-mail is registered to user number ";
else
echo "That E-mail doesn't belong to any registered users on this site";
?>
Add or Remove ../ in the require_once("../../../../wp-load.php") as per the page location.
This will surely help you.
Try to add wp-load.php in your file with right path.
<?php
require_once("../../../wp-load.php"); //ADD THIS
$email = 'myemail#example.com';
$exists = email_exists($email);
if ( $exists )
echo "That E-mail is registered to user number " . $exists;
else
echo "That E-mail doesn't belong to any registered users on this site";
?>
This question already has answers here:
How to validate an Email in PHP?
(7 answers)
Closed 9 years ago.
i want to validate the email address domain using pregmatch. also the valid edu domain i inserted in email list array so when user enter the email address that entry first check in email list array. if it is available then it is validate. i am doing validation part on server side.. any help is appericiated. thanks in advanced...
<?php
$email = $_POST['email']; // get the email value
$email_exp = explode("#",$email); // split email
$email_name = $email_exp[1]; // get the domain of email address
$email_list = array("berkely.edu","ucfs.edu","udef.edu","ucms.edu","ucef.edu"); // valid edu domain
for($i=0;$i<sizeof($email_list);$i++)
{
if(in_array($email_name,$email_list))
{
if (preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $email_name))
{
// validate email
}
}
}
Use filter_var, and replace the preg_match call with it.
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == TRUE) {
// email is valid
}
So, the updated code will be:
<?php
$email = $_POST['email']; // get the email value
$email_exp = explode("#",$email); // split email
$email_name = $email_exp[1]; // get the domain of email address
$email_list = array("berkely.edu","ucfs.edu","udef.edu","ucms.edu","ucef.edu");
$email_is_valid = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == TRUE;
if($email_is_valid && in_array($email_name,$email_list) ) {
// email is valid for your purposes
}
This question already has answers here:
How can I convert ereg expressions to preg in PHP?
(4 answers)
Closed 9 years ago.
Hi ı know that we do not eregi but preg_match but when ı change only eregi code it doesnt work, how can ı change the code below please just a little help, ı am a newbie
function verify_valid_email($emailtocheck)
{
$eregicheck = "^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+#([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,4}\$";
return eregi($eregicheck, $emailtocheck);
}
function verify_email_unique($emailtocheck)
{
global $config,$conn;
$query = "select count(*) as total from members where email='".mysql_real_escape_string($emailtocheck)."' limit 1";
$executequery = $conn->execute($query);
$totalemails = $executequery->fields[total];
if ($totalemails >= 1)
{
return false;
}
else
{
return true;
}
}
If you need to validate e-mail addresses, you can look at this page which provides a working example using only filter_var() :
if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_a) email address is considered valid.";
};
So in your code, you should just drop all the regex/eregi stuff and use this instead :
return filter_var($emailtocheck, FILTER_VALIDATE_EMAIL);
If you want to do it this way, you can base yourself on the following methods:
<?php
$email = \"abc123#somewhere\"; // Invalid email address
//$email = \"somebody#somesite.com\"; // Valid email address
// Set up regular expression strings to evaluate the value of email variable against
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
// Run the preg_match() function on regex against the email address
if (preg_match($regex, $email)) {
echo $email . \" is a valid email. We can accept it.\";
} else {
echo $email . \" is an invalid email. Please try again.\";
}
?>
or:
$string = "$emailtocheck";
if (preg_match(
'/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\#[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/',
$string)) {
echo "Successful.";
}
or:
<?php
$email = "abc123#sdsd.com";
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if (preg_match($regex, $email)) {
echo $email . " is a valid email. We can accept it.";
} else {
echo $email . " is an invalid email. Please try again.";
}
?>
Source: https://stackoverflow.com/a/13719991/1415724
or:
<?php
// check e-mail address
// display success or failure message
if (!preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*#([a-zA-Z0-9_-
])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $_POST['e-mail'])) {
die("Invalid e-mail address");
}
echo "Valid e-mail address, processing...";
?>
Source: http://www.techrepublic.com/article/regular-expression-engine-simplifies-e-mail-validation-in-php/
Plus, you can try what André Daniel wrote as an answer as well. You have many choices.