Page 1 of 1

Help BadWord file :cry:

Posted: Thu May 24, 2007 6:35 am
by luik
Hi

I have a good script called linkman, its very small(you cant compare it to eSyndiCat), any way the main thing it lacks is a way to check if that site title being submitted has erotic content etc.

I have below the part of the script and the bits im adding in highlighted in green if all goes well

Linkman admin.php (Not the whole admin script, first 110 lines)

Code: Select all

<?php
#############################

error_reporting(E_ALL ^ E_NOTICE);
session_start();

require_once 'settings.php';
$action=pj_input($_REQUEST['action']) or $action='';

if ($action == 'login')
	{
    $pass=pj_input($_REQUEST['pass'],'Please enter your admin password');
    $pass=crypt($pass,$settings['filter_sum']);
	checkpassword($pass);
    $_SESSION['loggedin']=$pass;
    mainpage('welcome');
	}
elseif ($action == 'remove')
	{
	$pass=pj_input($_SESSION['loggedin'],'You are not autorized to view this page');
    checkpassword($pass);
    $id=pj_isNumber($_REQUEST['id'],'Please enter a valid ID number (digits 0-9 only)!');
    removelink($id);
	}
elseif ($action == 'check')
	{
	$pass=pj_input($_SESSION['loggedin'],'You are not autorized to view this page');
    checkpassword($pass);
    check();
	}
elseif ($action == 'add')
	{
	$pass=pj_input($_SESSION['loggedin'],'You are not autorized to view this page');
    checkpassword($pass);
    addlink();
	}
elseif ($action == 'main')
	{
	$pass=pj_input($_SESSION['loggedin'],'You are not autorized to view this page');
    checkpassword($pass);
    mainpage();
	}
else {login();}
exit();

// START addlink()
function addlink() {
global $settings;


$name=pj_input($_POST['name'],'Please enter owner\'s name!');
$email=pj_input($_POST['email'],'Please enter owner\'s e-mail address!');
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
	problem('Please enter a valid e-mail address!');
}
$title=pj_input($_POST['title'],'Please enter the title (name) of the website!');
$url=pj_input($_POST['url'],'Please enter the URL of the website!');
if (!(preg_match("/(http:\/\/+[\w\-]+\.[\w\-]+)/i",$url))) {
	problem('Please enter valid URL of the website!');
}
$recurl=pj_input($_POST['recurl'],'Please enter the url where a reciprocal link to your site is placed!');
if ($recurl != 'http://nolink7' && !(preg_match("/(http:\/\/+[\w\-]+\.[\w\-]+)/i",$recurl))) {
	problem('Please enter valid URL of the page where the reciprocal link to your site is placed!');
}
$badwords=array();

if (preg_match("/$badwords/i",$title)) {
problem('Your site contains bad content, please do not submit Sites like: Erotic, Gamble, Pills, ect.!');
}

Code: Select all

if ($recurl != 'http://nolink') {
	$html = @file_get_contents($recurl) or problem('Can\'t open remote URL!');
	$html = strtolower($html);
	$site_url =strtolower($settings['site_url']);
	if (!strstr($html,$site_url)) {
	    problem('Your URL (<a href="'.$settings['site_url'].'">'.$settings['site_url'].
	            '</a>) wasn\'t found on the reciprocal links page (<a href="'.$recurl.
	            '">'.$recurl.'</a>)!<br><br>If you don\'t require a reciprocal link
                from this website please set reciprocal URL to <b>http://nolink</b>'
	            );
	}
}

$url=str_replace('&','&',$url);
$recurl=str_replace('&','&',$recurl);

$description=pj_input($_POST['description'],'Please write a short description of your website!');
if (strlen($description)>200) {
	problem('Description is too long! Description of your website is limited to 200 chars!');
}

$lines=@file($settings['linkfile']);
if (count($lines)>$settings['max_links']) {
	problem('You have reached your maximum links limit!');
}

$replacement = "$name$settings[delimiter]$email$settings[delimiter]$title$settings[delimiter]$url$settings[delimiter]$recurl$settings[delimiter]$description\n";

if ($settings['add_to'] == 0) {
	$replacement .= implode('',$lines);
    $fp = fopen($settings['linkfile'],'wb') or problem('Couldn\'t open links file for writing! Please CHMOD all txt files to 666 (rw-rw-rw)!');
	fputs($fp,$replacement);
	fclose($fp);
	}
else {
    $fp = fopen($settings['linkfile'],'ab') or problem('Couldn\'t open links file for appending! Please CHMOD all txt files to 666 (rw-rw-rw)!');
	fputs($fp,$replacement);
	fclose($fp);
    }

done('<font color="#008000"><b>The URL '.$url.' was successfully added to your links page</b></font>');
} // END addlink()
........................



config file called settings.php

Code: Select all

<?php
// SETUP YOUR LINK MANAGER
// Detailed information found in the readme.htm file
// File last modified: April 21 2006 (LinkMan v. 1.03)

// Password for admin area
$settings['apass']='somepasshere';

// Your website URL
$settings['site_url']= "http://www." . $_SERVER['SERVER_NAME'];

/* Prevent automated submissions (recommended YES)? 1 = YES, 0 = NO */
$settings['autosubmit']=1;

/* Checksum - just type some digits and chars. Used to help prevent SPAM */
$settings['filter_sum']='dk3v9sae2gd';

// Send you an e-mail everytime someone adds a link? 1=YES, 0=NO
$settings['notify']=1;

// Admin e-mail
$settings['admin_email']="webmaster@" . $_SERVER['SERVER_NAME'];

// Maximum number of links
$settings['max_links']=150;

// Use "clean" URLs or redirects? 1=clean, 0=redirects
$settings['clean']=1;

// Where to add new links? 0 = top of list, 1 = end of list
$settings['add_to']=1;

// Name of the file where link URLs and other info is stored
$settings['linkfile']='linkinfo.txt';
// Badwords filter
$settings['badwords']='badfile.txt';

Code: Select all

$settings['verzija']='1.03';
$settings['delimiter']="\t";

function pj_input($in,$error=0) {
	$in = trim($in);
    if (strlen($in))
    {
        $in = htmlspecialchars($in);
    }
    elseif ($error)
    {
    	problem($error);
    }
    return stripslashes($in);
}

function pj_isNumber($in,$error=0) {
	$in = trim($in);
	if (preg_match("/\D/",$in) || $in=='')
    {
    	if ($error)
        {
        	problem($error);
        }
        else
        {
        	return '0';
        }
    }
    return $in;
}
?>



my bad word list file called badfile.txt (im only running one word til i figure out whats wrong

Code: Select all

mybadword

But i have not been able to figure out why its not working, all code in green(outside of code area) is what i have added in, taken out would give the orig script

If any kind sole be kind enough to help would really be appreaciated



Posted: Thu May 24, 2007 12:46 pm
by califdon
Your 'problem' may be the problem. You repeatedly call a function named problem(). Where is it defined? I don't know of any built-in function by that name.

Then you define an array called $badwords, but I don't see where you fill the array with anything.

There are gaping holes in the logic, unless there's more than you've shown here.

Posted: Thu May 24, 2007 4:08 pm
by smudge
$badwords=array();

if (preg_match("/$badwords/i",$title)) {
problem('Your site contains bad content, please do not submit Sites like: Erotic, Gamble, Pills, ect.!');
}
if you want to match against all bad words, you're telling it to look for the string representation of the (EMPTY!!) array, whatever it is.
Try this:

Code: Select all

$badwords=file("badwords.txt");
foreach($badwords as $word){
  if(preg_match("/".trim($word)."/i",$title)){
    problem("Bad words!");
  }
}
That is, assuming problem() even exists. file() just reads a file into an array w/ each line a new element.

Posted: Thu May 24, 2007 5:43 pm
by luik
Thank you very much smudge :D

problem is not a problem :)

Code: Select all

// START problem()
function problem($myproblem) {
global $settings;
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
<link rel="STYLESHEET" type="text/css" href="style.css">
<title>PHP Link manager admin panel</title>
</head>
<body>
<div align="center"><center>
<table border="0" width="700">
<tr>
<td align="center" class="glava"><font class="header">PHP Link manager <?php echo($settings['verzija']); ?><br>-- Admin panel --</font></td>
</tr>
<tr>
<td class="vmes"><p>&nbsp;</p>
<div align="center"><center>
<table width="400"> <tr>
<td align="center" class="head">ERROR</td>
</tr>
<tr>
<td align="center" class="dol">
<form>
<p>&nbsp;</p>
<p><b>An error occured:</b></p>
<p><?php echo($myproblem); ?></p>
<p>&nbsp;</p>
<p><a href="javascript:history.go(-1)">Back to the previous page</a></p>
<p>&nbsp;</p>
</form>
</td>
</tr> </table>
</div></center>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</td>
</tr>
<tr>
<!--
Changing the "Powered by" credit sentence without purchasing a licence is illegal!
Please visit http://www.phpjunkyard.com/copyright-removal.php for more information.
-->
<td align="center" class="copyright">Powered by PHP Link manager <?php echo($settings['verzija']); ?><br>
(c) Copyright 2004-2006 PHPjunkyard - Free PHP scripts</td>
</tr>
</table>
</div></center>
</body>
</html>
<?php
exit();
}
// END problem()