My Email Preg_match filter not working - any ideas why?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

My Email Preg_match filter not working - any ideas why?

Post by simonmlewis »

This sometimes works, sometimes doesn't.

It's stopped emails like adsfsdf*asdsdf.com from being posted through, and if I just put in <a href='... into the communications field, it blocks it.

But if I put this - and this is NOT spam, just a demo of what's getting through - do not click or try any links in the text quote as they may be harmful:

[text]china cheap nba jerseys wholesale china cheap nba jerseys wholesale
fghfxhghfxghxfgh@gmail.com
china cheap nba jerseys wholesale
china cheap nba jerseys wholesale
<a href=http://www.mirdef.com/preview/louis-vui ... l><b>louis vuitton outlet store hot sale with free shipping</b></a> <a href=http://www.runkino.com><b>replica louis vuitton shoes</b></a> <a href=http://www.csraemployeewellness.com/who ... tml</b></a> <a href=http://writingthislife.com/louis-vuitto ... /><b>louis vuitton replica watches</b></a> <a href=http://www.allmygoodintentions.com><b>replica louis vuitton</b></a> <a href=http://idahostwocenttips.com><b>louis vuitton speedy 40 cheap</b></a> <a href=http://www.richersoninteriors.com/patie ... <b>replica louis vuitton handbags</b></a> <a href=http://www.johnjeffriesphotography.com/ ... >authentic louis vuitton outlet</b></a> <a href=http://www.thehillofcontent.com.au/cms/ ... <b>replica louis vuitton michael backpack</b></a> <a href=http://www.animalisticart.com/css/cheap ... p><b>cheap louis vuitton sunglasses</b></a> <a href=http://www.ecoatours.com/detalles/louis ... x><b>louis vuitton shoes outlet</b></a> <a href=http://www.nikostours.com/images/louis- ... l><b>louis vuitton online sale</b></a> <a href=http://www.excelfirepro.com><b>replica louis vuitton belts</b></a> <a href=http://www.richersoninteriors.com/patie ... asp><b>buy replica louis vuitton men shoes</b></a> <a href=http://www.richersoninteriors.com/patie ... asp</b></a> <a href=http://www.avanara.com/about-avanara/ch ... l><b>louis vuitton cheap shoes for men</b></a> <a href=http://www.calcopolychem.com><b>replica louis vuitton</b></a> <a href=http://www.photorenditionsbybob.com/lou ... m><b>louis vuitton replica wallet</b></a> <a href=http://www.realdutchbikes.com><b>cheap louis vuitton</b></a> <a href=http://www.csraemployeewellness.com/who ... l><b>louis vuitton men leather shoes wholesale</b></a>

china cheap nba jerseys wholesale http://elenakyrgos.com/images/cheap-who ... erseys.php[/text]
It does get through. what do I need to do to stop these - they are passing thru my script without a problem.

Code: Select all

$firstname = isset($_POST['firstname']) ? $_POST['firstname'] : null;
$firstname = str_replace("'", "", "$firstname");

$lastname = isset($_POST['lastname']) ? $_POST['lastname'] : null;
$lastname = str_replace("'", "", "$lastname");

$email = isset($_POST['email']) ? $_POST['email'] : null;
$phone = isset($_POST['phone']) ? $_POST['phone'] : null;
$reason = isset($_POST['reason']) ? $_POST['reason'] : null;
$reason = str_replace("'", "", "$reason");

$communication = isset($_POST['communication']) ? $_POST['communication'] : null;
$communication = str_replace("'", "", "$communication");

if (isset($firstname) && isset($lastname) && isset($communication) && !isset($c))
{
$communication = isset($_POST['communication']) ? $_POST['communication'] : null;
if (preg_match("/href/i", "$communication"))  {
echo "<script>
  window.location.replace('/contacttx&c=yy')
  </script>";
}


$email = isset($_POST['email']) ? $_POST['email'] : null;
if (preg_match("/\*/i", "$email"))  {
echo "<script>
  window.location.replace('/successno')
  </script>";
}

else {

$to = "info@site.co.uk";
$subject =  "$reason";
$headers = "From: $email\n";
$body = "
$firstname $lastname
$email
$phone
$reason
$communication
        
";

mail ($to, $subject, $body, $headers);
echo "<script>
  window.location.replace('/success')
  </script>";
}}
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: My Email Preg_match filter not working - any ideas why?

Post by requinix »

Your first one looks for href and will detect it just fine, but your code keeps executing after it outputs the <script>. The only thing that will actually block the email is the presence of an asterisk in the message (which, by the way, is better checked with strpos and not regular expressions).
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: My Email Preg_match filter not working - any ideas why?

Post by simonmlewis »

why is that one better?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: My Email Preg_match filter not working - any ideas why?

Post by requinix »

Performance. Regular expressions are expensive: they run (relatively) slowly and consume more CPU and memory to execute. If all you need to do is check for a string inside another string, strpos() is much faster and much less strenuous on the machine.
Post Reply