Page 1 of 1

My Email Preg_match filter not working - any ideas why?

Posted: Mon Mar 17, 2014 7:11 am
by simonmlewis
This sometimes works, sometimes doesn't.

It's stopped emails like adsfsdf*asdsdf.com from being posted through, and if I just put in <a href='... into the communications field, it blocks it.

But if I put this - and this is NOT spam, just a demo of what's getting through - do not click or try any links in the text quote as they may be harmful:

[text]china cheap nba jerseys wholesale china cheap nba jerseys wholesale
fghfxhghfxghxfgh@gmail.com
china cheap nba jerseys wholesale
china cheap nba jerseys wholesale
<a href=http://www.mirdef.com/preview/louis-vui ... l><b>louis vuitton outlet store hot sale with free shipping</b></a> <a href=http://www.runkino.com><b>replica louis vuitton shoes</b></a> <a href=http://www.csraemployeewellness.com/who ... tml</b></a> <a href=http://writingthislife.com/louis-vuitto ... /><b>louis vuitton replica watches</b></a> <a href=http://www.allmygoodintentions.com><b>replica louis vuitton</b></a> <a href=http://idahostwocenttips.com><b>louis vuitton speedy 40 cheap</b></a> <a href=http://www.richersoninteriors.com/patie ... <b>replica louis vuitton handbags</b></a> <a href=http://www.johnjeffriesphotography.com/ ... >authentic louis vuitton outlet</b></a> <a href=http://www.thehillofcontent.com.au/cms/ ... <b>replica louis vuitton michael backpack</b></a> <a href=http://www.animalisticart.com/css/cheap ... p><b>cheap louis vuitton sunglasses</b></a> <a href=http://www.ecoatours.com/detalles/louis ... x><b>louis vuitton shoes outlet</b></a> <a href=http://www.nikostours.com/images/louis- ... l><b>louis vuitton online sale</b></a> <a href=http://www.excelfirepro.com><b>replica louis vuitton belts</b></a> <a href=http://www.richersoninteriors.com/patie ... asp><b>buy replica louis vuitton men shoes</b></a> <a href=http://www.richersoninteriors.com/patie ... asp</b></a> <a href=http://www.avanara.com/about-avanara/ch ... l><b>louis vuitton cheap shoes for men</b></a> <a href=http://www.calcopolychem.com><b>replica louis vuitton</b></a> <a href=http://www.photorenditionsbybob.com/lou ... m><b>louis vuitton replica wallet</b></a> <a href=http://www.realdutchbikes.com><b>cheap louis vuitton</b></a> <a href=http://www.csraemployeewellness.com/who ... l><b>louis vuitton men leather shoes wholesale</b></a>

china cheap nba jerseys wholesale http://elenakyrgos.com/images/cheap-who ... erseys.php[/text]
It does get through. what do I need to do to stop these - they are passing thru my script without a problem.

Code: Select all

$firstname = isset($_POST['firstname']) ? $_POST['firstname'] : null;
$firstname = str_replace("'", "", "$firstname");

$lastname = isset($_POST['lastname']) ? $_POST['lastname'] : null;
$lastname = str_replace("'", "", "$lastname");

$email = isset($_POST['email']) ? $_POST['email'] : null;
$phone = isset($_POST['phone']) ? $_POST['phone'] : null;
$reason = isset($_POST['reason']) ? $_POST['reason'] : null;
$reason = str_replace("'", "", "$reason");

$communication = isset($_POST['communication']) ? $_POST['communication'] : null;
$communication = str_replace("'", "", "$communication");

if (isset($firstname) && isset($lastname) && isset($communication) && !isset($c))
{
$communication = isset($_POST['communication']) ? $_POST['communication'] : null;
if (preg_match("/href/i", "$communication"))  {
echo "<script>
  window.location.replace('/contacttx&c=yy')
  </script>";
}


$email = isset($_POST['email']) ? $_POST['email'] : null;
if (preg_match("/\*/i", "$email"))  {
echo "<script>
  window.location.replace('/successno')
  </script>";
}

else {

$to = "info@site.co.uk";
$subject =  "$reason";
$headers = "From: $email\n";
$body = "
$firstname $lastname
$email
$phone
$reason
$communication
        
";

mail ($to, $subject, $body, $headers);
echo "<script>
  window.location.replace('/success')
  </script>";
}}

Re: My Email Preg_match filter not working - any ideas why?

Posted: Mon Mar 17, 2014 12:22 pm
by requinix
Your first one looks for href and will detect it just fine, but your code keeps executing after it outputs the <script>. The only thing that will actually block the email is the presence of an asterisk in the message (which, by the way, is better checked with strpos and not regular expressions).

Re: My Email Preg_match filter not working - any ideas why?

Posted: Mon Mar 17, 2014 12:28 pm
by simonmlewis
why is that one better?

Re: My Email Preg_match filter not working - any ideas why?

Posted: Mon Mar 17, 2014 4:18 pm
by requinix
Performance. Regular expressions are expensive: they run (relatively) slowly and consume more CPU and memory to execute. If all you need to do is check for a string inside another string, strpos() is much faster and much less strenuous on the machine.