i need little modification to my script when the command ctype_alnum is in use it does not let me to use characters like . or / and etc
this is not my script and when i delete the command line the script does not work propelry
i read somewhere that i can add the characters as an exceptions to this command so they will be usable but i do not know what codes to use and where i put them in the script
hope someone modify the necassery line and give me hand
its on line fifty though iam not good at php and i do not know is it going to be simple
even an idea about that if it is possible to do simply or not is much appreciated
thanks
Code: Select all
# Initialize app
require 'includes/init.php';
# Store submitted data in case of failure
$_SESSION['data'] = $_POST;
$return = ( empty($_POST['id']) || !intval($_POST['id']) ) ? 'index.php' : 'edit.php';
# Ensure authorised
if ( $return == 'edit.php' ) {
if ( empty($_SESSION['verified']) && empty($_SESSION['admin']) ) {
localRedirect('login.php');
}
}
# Connect to database
$conn = connect($CONFIG);
# Process submission
// Check destination
if ( empty($_POST) || empty($_POST['destination']) || $_POST['destination'] == 'http://' ) {
$_SESSION['msg'] = 'Error: You must enter a destination URL!';
localRedirect($return);
}
if ( ! $destination = clean($_POST['destination']) ) {
$_SESSION['msg'] = 'Error: You must enter a destination URL!';
localRedirect($return);
}
if ( strpos($destination,'http') !== 0 )
$destination = 'http://'.$destination;
// Check or determine new URL (if not an edit)
if ( $return == 'index.php' ) {
if ( empty($_POST['key']) ) {
$custom=0;
// Find last URL
$result = mysql_query('SELECT id FROM shrt_urls WHERE custom=0 ORDER BY id DESC') or error('Query failed. '.mysql_error());
// Get its ID
if ( mysql_num_rows($result) ) {
$id = mysql_result($result,0,0)+1;
} else
$id = 1;
// Loop through till we find a free ID (needs improving to reduce potential number of queries)
while ( mysql_num_rows(mysql_query('SELECT 1 FROM shrt_urls WHERE id='.$id.' LIMIT 1')) )
$id++;
$key = id2key($id);
} else {
$custom = 1;
$key = clean($_POST['key']);
// Check for forbidden characters
[color=#BF0000]if ( ! ctype_alnum($key) ) {[/color]
$_SESSION['msg'] = 'Error: The new URL can only contain alphanumeric characters (a-z,0-9).';
localRedirect($return);
}
// Check chosen key is available
$id = key2id($key);
if ( mysql_num_rows(mysql_query('SELECT 1 FROM shrt_urls WHERE id='.$id.' LIMIT 1')) ) {
$_SESSION['msg'] = 'Error: Sorry, the new URL you chose is already in use.';
localRedirect($return);