-1

This question has been asked before about strings, however *none of the questions I've reviewed (not mods do not remove or tell us this is a duplicate please) actually answer my question.

I have a landing page with a simple signup via email box. Recently people have been abusing it by entering foreign characters such as *, #, $, % and also using profanity on purpose (you can always tell). I have an array of banned characters and words I'm using as follows

$banned = array("f**k", "f******", "blah", "*", "#", "$", "%");

I can tell for sure someone has been purposely trying again and again to get through it because I've missed out some characters and suddenly a bunch of addresses have been entered making no sense at all. I need to know how to use a For loop to go through and find if the following contains any of the banned words in the array

$email = $_POST['email'];

I have tried using

$arrlen = count($banned);
for($i=0; $i < $arrlen; $i++) {
    if(stripos($email, $banned[$i] !== false) {
        echo 'Banned word or character!';
    }
    else {
        echo 'Email signed up!';
    }
}

This did not work at all! I tried an old function is_str_contain but the error of function does not exist came back.

I tried the normal strpos as well, still no joy.

Daryl Gill
  • 5,464
  • 9
  • 36
  • 69
GeordieDave1980
  • 589
  • 4
  • 11
  • 25
  • 1
    What does: *This did not work at all* mean ? Did you got: `PHP warning: Did not work at all at line 4` ? Also add error reporting (`ini_set("display_errors", 1); error_reporting(E_ALL);`) to the top of your file(s) and check for errors + Give us a real example – Rizier123 Sep 11 '15 at 11:22
  • Sidenote: if this is intended to go in a db and/or as a subscription, you should ideally use a confirmation method. If the email doesn't get confirmed, don't let it in. That's how you keep the riff-raff out ;-) – Funk Forty Niner Sep 11 '15 at 11:35
  • 2
    Just to add this in the comments, you are missing a bracket `)` in your if statement – Rizier123 Sep 11 '15 at 11:37
  • Sorry I know I only just noticed that, my bad, but that's just in typing it out here, having the missing bracket in place made no difference. Also Rizier123, by not working I mean it still displayed the message 'Email signed up!' so that pretty much says it didn't work, I used several bad words and banned characters. Still allowed it through. – GeordieDave1980 Sep 11 '15 at 11:47
  • 1
    A quick 10 second search on this very site returns several threads already giving correct answers to exactly this question http://stackoverflow.com/questions/8467036/match-array-words-against-string http://stackoverflow.com/questions/13795789/check-if-string-contains-word-in-array http://stackoverflow.com/questions/20930558/php-search-string-for-a-specific-word-array-and-match-with-an-optional-or I would suggest you practice your search-foo to find your answer. – Dave Sep 11 '15 at 12:28
  • 1
    @GeordieDave1980 I'm not kicking for points here, but I posted a working method almost a 1/2 hour prior to this comment; unsure if you saw it or not. Plus, mine, is NOT an edit "after the fact". – Funk Forty Niner Sep 11 '15 at 12:48

5 Answers5

1

I've been tinkering at the idea since I didn't have a ready-made piece of code to help out.

The following works:

$banned = array("badword1", "badword2", "blah", "*", "#", "$", "%");
$_POST['email'] = "emailbadword1@example.com";
$email = $_POST['email'];

    foreach ($banned as $ban) {
        if (stripos($email, $ban) !== FALSE) {
            echo "Match found."; 
            return true;
        }
    }
    echo "No match found.";
    return false;

Plus, as I mentioned in comments; you should be using a confirmation method sent via email if you're not already doing so. If that person does not confirm their email address, then "stop the presses".

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

try like this

$banned = array("****", "*******", "blah", "*", "#", "$", "%");

$email = $_POST['email'];
foreach ($email as $em) {
    //if (strstr($em, $banned)) { // mine version
    if (strpos($em, $banned) !== FALSE) { // Yoshi version
        echo "Match found"; 
        return true;
    }
}
echo "Not found!";
return false;
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Ravinder Kumar
  • 902
  • 10
  • 29
0

You will need to iterate through each banned word and look if your email contains any of the banned word/character. 

$banned = array("****", "*******", "blah", "*", "#", "$", "%");
$email = $_POST['email'];
$banned = false;
for($i=0; $i < count($banned); $i++) {
    if(strrpos($email, $banned[$i]) != FALSE ) {
       $banned = true;
       break;
    }
}
echo $banned ? 'Banned word or character!' : 'Email signed up!'
Imab Asghar
  • 316
  • 1
  • 7
  • Why should the OP try this? A good answer will always have an explanation of what was done and why it was done that way, not only for the OP but for future visitors to SO. – Jay Blanchard Sep 11 '15 at 12:33
0

You can use stripos as

foreach ($banned as $v) {
    if (stripos($email,$v) > -1){
        echo 'Banned word or character!';
    }else{
        echo 'Email signed up!';
    }
}
Narendrasingh Sisodia
  • 21,247
  • 6
  • 47
  • 54
  • This only worked for the first word in the array, everything else after that when entered allowed it through and display 'Email signed up!'. I can't seem to find anything that works at all. – GeordieDave1980 Sep 11 '15 at 11:49
  • Then remove that `break` from the loop. I've added break in order to check that if any of these word match then no need to check for the further values – Narendrasingh Sisodia Sep 11 '15 at 11:50
  • Unfortunately that didn't work. Still only caught on the first word in the array. Seriously do not understand why nothing is working. – GeordieDave1980 Sep 11 '15 at 11:55
  • It should be `if (stripos($email,$v) !== false){...}` because if the banned word is on the beginning stripos returns 0 (as the position) which would be interpreted as false. – TobiasJ Sep 11 '15 at 12:54
  • 1
    If you are going to copy @Fred-ii- then at least copy all of it correctly or better still dont copy – RiggsFolly Sep 11 '15 at 12:55
  • I didn't copied any `@Fred-ii-` answer @RiggsFolly. The reason I've changed my answer is because it'll throw `warning` while checking for value `*` within `preg_match` that's why else I've no reason to replace my answer – Narendrasingh Sisodia Sep 11 '15 at 13:01
  • @RiggsFolly Did you downvoted my answer. If it seems to be copied code then I'll delete my post – Narendrasingh Sisodia Sep 11 '15 at 13:10
  • @Ushia the comment was written when your code wasn't edited. Stop blaming ppl for things they wrote before you edited your answer. – TobiasJ Sep 11 '15 at 13:10
  • @TobiasJ I'm not blaming anyone over here if it looks harsh then I'll take my words back and sorry for that behavior – Narendrasingh Sisodia Sep 11 '15 at 13:12
0

Using regular expressions ? 

if( !preg_match( '/(\b' . implode( '\b|\b', $banned ) . '\b)/i',
 $_POST['email'] )) {
     echo "Match found"; 
}
brute_force
  • 1,141
  • 7
  • 12