NationGamer Posted September 5, 2012 Share Posted September 5, 2012 (edited) ok just to explain ive made an array of white listed websites and ive listed them without http:// or a TLD at the end just the name i have tried preg match to try this but cant get my head around it the thing i want to do is add a wildcard kind of statement that lets the url be accepted if it includes something in the array so here is what i have so far ive shortened the code alot as it is a list $whitelist = array( 'facebook', 'google'); $url = sanitize($_GET['iurl']); $url = $url; if (in_array($url, $whitelist)): ?> Please wait while you are redirected to <?php echo $url ?> <?php else: ?> Url has been blocked <? phpendif; ?> i just need someway for like a wildcard to check the array and if something matches with the array that is passed then it lets the url be accepted just to explain more if you didnt understand i want to accept any url that matches with the array so it recognizes all TLD's after the array so for example if the user inputs google.com it will take it out the array and match the google part of it and accept it is in the white list and also will accept any subdomains owned by the domain in the array Edited September 5, 2012 by NationGamer Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted September 5, 2012 Share Posted September 5, 2012 Doable but could be dangerous. What if I create an url like mynastysite.com/google.com/ ? would that work as well? If yes then your security check is as good as useless. Quote Link to comment Share on other sites More sharing options...
NationGamer Posted September 5, 2012 Author Share Posted September 5, 2012 (edited) I only want this for Bbcode to stop advertising im building a white list instead of a black list much easier it is just for a redirection script so when user clicks link posted by other user in forum etc they are redirected to the other site but first going though this check dont use any db it a standalone and yes maybe a user could do what you say but it wont effect my site just an extra barrier for advertisers to get past and most of them are stupid so wont be that smart lol Edited September 5, 2012 by NationGamer Quote Link to comment Share on other sites More sharing options...
Guest Posted September 5, 2012 Share Posted September 5, 2012 I only want this for Bbcode to stop advertising im building a white list instead of a black list much easier it is just for a redirection script so when user clicks link posted by other user in forum etc they are redirected to the other site but first going though this check dont use any db it a standalone and yes maybe a user could do what you say but it wont effect my site just an extra barrier for advertisers to get past and most of them are stupid so wont be that smart lol Not really a barrier, if you do what a_b said and they do that URL then its the same barrier as letting the user through a whitelisted site as your going through the same redirect part? You want a strict whitelist. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted September 5, 2012 Share Posted September 5, 2012 Check if http:// www. .com .net .co.uk .org and so on exist but even then it could be easily circumvented. Easiest way I have found to combat this kind of thing is player moderators who keep an eye on forums and mail in game and delete as required. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted September 5, 2012 Share Posted September 5, 2012 Anyhow if you want to go though your idea, you can either use strpos and see if it returns a position or not, or you could create regular expressions and checks on each row of your array if it match or not, and only for those matched it would work. Quote Link to comment Share on other sites More sharing options...
NationGamer Posted September 5, 2012 Author Share Posted September 5, 2012 (edited) Check if http:// www. .com .net .co.uk .org and so on exist but even then it could be easily circumvented. Easiest way I have found to combat this kind of thing is player moderators who keep an eye on forums and mail in game and delete as required. yh but what happens if all moderators are offline its gonna be a free for all so a backup system will help with that as i have 8 staff altogether all from different timezones but still dont guarantee one of them will be on so posts could be sitting there for a couple of hours thats why i want an extra barrier and ive figured it out now works good and also thanks a_bertrand that helped Edited September 5, 2012 by NationGamer Quote Link to comment Share on other sites More sharing options...
NationGamer Posted September 5, 2012 Author Share Posted September 5, 2012 sorry forgot to explain how i did it and in my opinion pretty good as ive checked for the domain host first then stripped it back to barebones to match the whitelist there for combating a_bertrand issuse so should be pretty secure in that way Quote Link to comment Share on other sites More sharing options...
Octarine Posted September 5, 2012 Share Posted September 5, 2012 (edited) parse_url() would seem handy; Something akin to this perhaps ? [Edit] My bad; didn't read the OP correctly; still - may prove useful elsewhere Edited September 5, 2012 by Octarine Quote Link to comment Share on other sites More sharing options...
NationGamer Posted September 5, 2012 Author Share Posted September 5, 2012 thanks Octarine but already solved the way i did it Detect the url host strip the tld from it then match it to the whitelist i used a quick function to do all that then it just an if statement to see if it matches if it does keep the original posted url and redirect to it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.