make sure post data is valid phone number

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

make sure post data is valid phone number

Post by MinDFreeZ »

I've been trying to figure out how to make sure posted "number" is a phone number... not sure entirely on specifics of phone numbers, but I'd like to basically make sure it is 10 characters.. but if it is 11 and it starts with the number 1 to remove that, and make that $phNumber. it also must be numeric which i guess strlen and is_numeric() could be used for these.... but the rest I'm not sure of.. anyone know of a good way to validate this?
(also I could use maxlength on the input, so i know it wont be more than 11..)

Code: Select all

$num = $_POST['number'];
if($num) {
        if(is_numeric($num) == TRUE) {
                $phNumber = $num;
                }
        }
elseif($num) {
       if(is_numeric($num) == FALSE) {
               die("You did not enter a valid phone number");
               }
}
my code doesn't even work... but you can basically see what I'm trying to do here... if it is numeric and has at least 10 numbers or if it has 11 it must start with a 1, then remove that 1..... if it is 11 and does not start with a 1 also echo a message saying invalid phone number.. $phNumber is going to be further used in the script.. otherwise, echo an error...

I'm also having 1 other problem... but its more about the mail function... and a checkbox.. if someone wants me to post the full script so they can help with that, I'm more than willing to :)
thanks
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

since there are so many forms and formats for numbers, I'd strip all non-numeric characters out of the string. Then do your length checks.
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

Post by MinDFreeZ »

sounds good, but I have no idea how to do that.... that's why I was looking for something to check if it is only composed of numbers.. thats when I found is_numeric ...

im having all kinds of problems with the script, and the order I'm putting things in.. :oops:

let me just post the whole thing.... the mail problem was that im using like 7 mail functions at once, and it doesnt work......

Code: Select all

<?php

echo "
<style type='text/css'>
div.row {
  clear: both;
  padding-top: 5px;
  }

div.row span.label {
  float: left;
  width: 120px;
  text-align: right;
  }

div.row span.formw {
  float: right;
  width: 235px;
  text-align: left;
  }
</style>
";

if (!$submit) {
        echo "
<div style='width: 380px; padding: 5px; margin: 0px auto;'>
  <form method='post' action=''>
    <div class='row'>
      <span class='label'>Name:</span><span
class='formw'><input type='text' name='name' size='25' /></span>
    </div>
    <div class='row'>
      <span class='label'>Phone Number:</span><span
class='formw'><input type='text' name='number' size='25' /></span>
    </div>
    <div class='row'>
      <span class='label'>Provider:</span><span
class='formw'>
<select name='chProvider'>
  <option value=''>::Providers::</option>
  <option value='at'>:Alltel:</option>
  <option value='nx'>:Nextel:</option>
  <option value='sp'>:Sprint:</option>
  <option value='vz'>:Verizon:</option>
  <option value='ci'>:Cingular:</option>
  <option value='tm'>:T-Mobile:</option>
  <option value='vm'>:Virgin Mobile:</option>
</select>
</span>
    </div>
    <div class='row'>
      <span class='label'>Provider Unknown:</span><span
class='formw'><input type='checkbox' value='nsp' name='provider' /></span>
    </div>
    <div class='row'>
      <span class='label'>Message:</span><span
class='formw'>
        <textarea name='message' cols='25' rows='8'>
Go ahead - write something...
        </textarea>
      </span>
    </div>
    <div class='row'>
<span class='formw'><input type='submit' name='submit' value='Send Message' /></span>
    </div>
  <div class='spacer'>
  &nbsp;
  </div>
 </form>
</div>
";
}

$phNumber = $_POST['number'];
/* This is all commented out because it does not work..
$num = $_POST['number'];
if($num) {
        if(is_numeric($num) == TRUE) {
                $phNumber = $num;
                }
        }
elseif($num) {
       if(is_numeric($num) == FALSE) {
               die("You did not enter a valid phone number");
               }
}
*/

$pv = $_POST['chProvider'];
$upv = $_POST['provider'];

$subject = $_POST['subject'];
// If you put anything in "quotes" it will not show up \"quotes\"
$message = stripslashes($_POST['message']);
$headers = "From: {$_POST['name']}";

// Provider list
$alltel = "@messaging.alltel.com";
$nextel = "@messaging.nextel.com";
$sprint = "@messaging.sprintpcs.com";
$verizon = "@vtext.com";
$cingular = "@cingularme.com";
$tmobile = "@tmomail.net";
$virginmobile = "@vmobl.com";

if($submit) {
        if($pv == "at") { $chMail = $phNumber . $alltel; }
        elseif($pv == "nx") { $chMail = $phNumber . $nextel; }
        elseif($pv == "sp") { $chMail = $phNumber . $sprint; }
        elseif($pv == "vz") { $chMail = $phNumber . $verizon; }
        elseif($pv == "ci") { $chMail = $phNumber . $cingular; }
        elseif($pv == "tm") { $chMail = $phNumber . $tmobile; }
        elseif($pv == "vm") { $chMail = $phNumber . $verginmobile; }
        elseif($upv == "nsp") { $chMail = NULL; $pv = NULL; }
        elseif($pv !== "sp" or $pv !== "vz" or $pv !== "ci" or $pv !== "tm" or $pv !== "vm" or $pv == "") {
        $chMail = NULL;
        echo "Please choose one of the provided networks.<br/>";
        }
                else {
                $chMail = NULL;
                echo "Please choose one of the provided networks.<br />";
                }

if($pv == "nsp") {
        mail($phNumber . $alltel, $subject, $message, $headers);
        mail($phNumber . $nextel, $subject, $message, $headers);
        mail($phNumber . $sprint, $subject, $message, $headers);
        mail($phNumber . $verizon, $subject, $message, $headers);
        mail($phNumber . $cingular, $subject, $message, $headers);
        mail($phNumber . $tmobile, $subject, $message, $headers);
        mail($phNumber . $verginmobile, $subject, $message, $headers);
        }
        else {
                 $to = $chMail;
                 mail($to, $subject, $message, $headers);
                 }

     if ($message == "") { echo "You must enter a message!"; }
     else echo "<h1>Text message sent!</h1>";

}

?>
pennythetuff
Forum Newbie
Posts: 22
Joined: Sun Feb 19, 2006 6:05 pm
Location: Kokomo, Indiana

Post by pennythetuff »

You could use regular expressions (regex) to make sure the phone number is in a valid format. These forums have a couple awesome regex guides.

viewforum.php?f=38

If you wanted your phone number in format 555-555-5555 a regex would look something like this.

Code: Select all

if(!preg_match("/^\d{3}-\d{3}-\d{4}/s", $phone_number)) {
     echo "This is not a valid phone number.";
}
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

Post by MinDFreeZ »

sweet, I will use exactly that and make 3 input fields...

Code: Select all

echo "
<input type='text' name='num1' size='3' maxlength='3' /> <input type='text' name='num2' size='3' maxlength='3' /> <input type='text' name='num3' size='4' maxlength='4' />
";

//(then put those together with PHP I guess...)

$phone_number = $_POST['num1'] . "-" . $_POST['num2'] . "-" . $_POST['num3'];

if(!preg_match("/^\d{3}-\d{3}-\d{4}/s", $phone_number)) {
     echo "This is not a valid phone number.";
}
that should work....
thanks
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

Post by MinDFreeZ »

alright, thanks.. problem solved... I finished what I was doing... it was a text-messager.. here's the source and link to it if anyone cares :P

thanks for the help.

http://enhancedworks.com/sendText2.phps

http://enhancedworks.com/sendText2.php
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Code: Select all

$headers = "From: {$_POST['name']}";
Your (now public) form is vulnerable to email injection. See http://securephp.damonkohler.com/index. ... _Injection and the threads on this forum about it. You should make sure to filter the input that ends in the header of the mail() function.
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

Post by MinDFreeZ »

Thanks, is it better to just remove header info all together?

Code: Select all

$realMessage = stripslashes($_POST['message']);
$message = "From:" . $name . " | " . $realMessage;
I don't mind using something like that.. because for this, it's a text message.. there shouldn't be a reply email anyway.

Unless you can tell me how to secure my current code... so I use headers to test with the phones.... I read the link at the bottom of the page.. I don't get the eregi solution.. I dont know what that code says.. I'm new! :P
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Yes, your idea of just placing the from field in the message itself is a simple and safe solution (as far as I know and as far as email injection is concerned).

You can read some more threads about email injection here and here.

If you do want to use the header of the mail function, you'll have to make sure to filter the input (something you should always do in fact, just to be sure).

In case of $_POST['name'] you probably want to make sure the name only contains alphabetic characters. That's possible with the ctype_alpha function (returns TRUE if all characters found in string are letters, either uppercase or lowercase)

Code: Select all

<?php
$name = '';
if (ctype_alpha($_POST['name'])) {
   $name = $_POST['name'];
}
?>
After that, you can do an extra check for any newlines and carriage returns with

Code: Select all

<?php
$cleanname = '';
if (ctype_print($name) )
{
  $cleanname = $name;
}
?>
(see the threads for some more discussion about this.
MinDFreeZ
Forum Commoner
Posts: 58
Joined: Tue Feb 14, 2006 12:28 pm
Location: Lake Mary, FL

Post by MinDFreeZ »

thank you :D
Post Reply