Page 1 of 1

add exception to ctype_alnum

Posted: Mon Feb 16, 2009 12:28 pm
by dimebag
hi
i need little modification to my script when the command ctype_alnum is in use it does not let me to use characters like . or / and etc
this is not my script and when i delete the command line the script does not work propelry
i read somewhere that i can add the characters as an exceptions to this command so they will be usable but i do not know what codes to use and where i put them in the script
hope someone modify the necassery line and give me hand
its on line fifty though iam not good at php and i do not know is it going to be simple
even an idea about that if it is possible to do simply or not is much appreciated
thanks

Code: Select all

# Initialize app
require 'includes/init.php';
 
# Store submitted data in case of failure
$_SESSION['data'] = $_POST;
$return = ( empty($_POST['id']) || !intval($_POST['id']) ) ? 'index.php' : 'edit.php';
 
# Ensure authorised
if ( $return == 'edit.php' ) {
    if ( empty($_SESSION['verified']) && empty($_SESSION['admin']) ) {
        localRedirect('login.php');
    }
}
 
# Connect to database
$conn = connect($CONFIG);
 
# Process submission
// Check destination
if ( empty($_POST) || empty($_POST['destination']) || $_POST['destination'] == 'http://' ) {
    $_SESSION['msg'] = 'Error: You must enter a destination URL!';
    localRedirect($return);
}
if ( ! $destination = clean($_POST['destination']) ) {
    $_SESSION['msg'] = 'Error: You must enter a destination URL!';
    localRedirect($return);
}
if ( strpos($destination,'http') !== 0 )
    $destination = 'http://'.$destination;
 
// Check or determine new URL (if not an edit)
if ( $return == 'index.php' ) {
    if ( empty($_POST['key']) ) {
        $custom=0;
        // Find last URL
        $result = mysql_query('SELECT id FROM shrt_urls WHERE custom=0 ORDER BY id DESC') or error('Query failed. '.mysql_error());
        // Get its ID
        if ( mysql_num_rows($result) ) {
            $id = mysql_result($result,0,0)+1;
        } else
            $id = 1;
        // Loop through till we find a free ID (needs improving to reduce potential number of queries)
        while ( mysql_num_rows(mysql_query('SELECT 1 FROM shrt_urls WHERE id='.$id.' LIMIT 1')) )
                $id++;
        $key = id2key($id);
    } else {
        $custom = 1;
        $key = clean($_POST['key']);
        // Check for forbidden characters
        [color=#BF0000]if ( ! ctype_alnum($key) ) {[/color]
            $_SESSION['msg'] = 'Error: The new URL can only contain alphanumeric characters (a-z,0-9).';
            localRedirect($return);
        }
        // Check chosen key is available
        $id = key2id($key);
        if ( mysql_num_rows(mysql_query('SELECT 1 FROM shrt_urls WHERE id='.$id.' LIMIT 1')) ) {
            $_SESSION['msg'] = 'Error: Sorry, the new URL you chose is already in use.';
            localRedirect($return);

Re: add exception to ctype_alnum

Posted: Mon Feb 16, 2009 1:02 pm
by Christopher
You may want to switch to preg_match() like this:

Code: Select all

        if ( ! preg_match('/[0-9a-zA-Z\.\/]/', $key) ) {

Re: add exception to ctype_alnum

Posted: Mon Feb 16, 2009 2:14 pm
by dimebag
thanks man for your reply
but i do not know whats wrong with this script everything works okay even when i use numeral and alphabetical tags it works okay with your statment but again when i use / or . this time it gives me some undefined error the same error as the time i deleted that line totally
it says :
We could not complete your request. The following error was returned.
Could not find the requested URL.
idont know whats wrong is it possible that this varaiable has been defined somewhere else in the script too ?
can you guess whats the reason ?
thank you so much