filter web addresses

[JohnB352]

First, I am not a PHP coder. I found this email form example on the web.
I have been using this on my website for a few years now, but more and more I am getting spam emails.
The form does do some type of checking for spammers, but I have an issue that it does not cover.

One of the fields on my form is address, as in street address.

My question is, how can I check that field for a web address, and if it contains a web address, redirect the user to a page saying they've been blocked, or something to that effect?

This is my existing code:

<?php

// Grab the form vars
$name = (isset($_POST['name'])) ? $_POST['name'] : '' ;
$email = (isset($_POST['email'])) ? $_POST['email'] : '' ;
$address = (isset($_POST['address'])) ? $_POST['address'] : '' ;
$city = (isset($_POST['city'])) ? $_POST['city'] : '' ;
$state = (isset($_POST['state'])) ? $_POST['state'] : '' ;
$zip = (isset($_POST['zip'])) ? $_POST['zip'] : '' ;
$phone = (isset($_POST['phone'])) ? $_POST['phone'] : '' ;
$message = (isset($_POST['message'])) ? $_POST['message'] : '' ;

// POSTing check
if(!$_SERVER['REQUEST_METHOD'] == "POST"){
die("Something is wrong as you have not posted to this page");
exit;
}

// Check for email injection
if (has_emailheaders($email)) {
die("Possible email injection occuring");
}

// prepare email body text
$Body .= "";
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "Address: ";
$Body .= $address;
$Body .= "\n";
$Body .= "City: ";
$Body .= $city;
$Body .= "\n";
$Body .= "State: ";
$Body .= $state;
$Body .= "\n";
$Body .= "Zip: ";
$Body .= $zip;
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $phone;
$Body .= "\n";
$Body .= "Message: ";
$Body .= "\n";
$Body .= $message;
// mail(to,subject,message,headers,parameters)
$success = mail("myAddress@domain.com","From CompuTech.com website",$Body, "From: $email");

// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.htm\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}

function has_emailheaders($text) {
return preg_match("/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i", $text);
}

[egami]

Don't most addresses start with a Number?

like.. 49 E. CarryMeAway Lane?

So, it would be easy in those regards..

but, it would be better to look for this..

if (preg_match('/http[s]{0,1}:\/\/',$_POST['address'])) {
header("Location: you_suck.php");
}

[JohnB352]

but, it would be better to look for this..

if (preg_match('/http[s]{0,1}:\/\/',$_POST['address'])) {
header("Location: you_suck.php");
}

I'm not sure how to read all of that; is it checking for http or https?

Ok, if I use that, where would I put it in my code? Right above the existing IF that is similar to that?

[egami]

First, create the you_suck.php page and in it do this..

you_suck.php

Code: Select all

echo "
<div>
  <h1>I'm sorry, but you suck, your robot sucks, and your scripting skills suck. Don't come back.</h1>
  <h2>IP: ".$_SERVER['REMOTE_ADDR']." (logged)</h2>
  <h3>Now go away.</h3>
</div>
";
 

If you really want to log it, take a look at php.net/fput, or throw down some dead presidents.
if you really want to block it, take a look at php.net/fget, php.net/array, php.net/foreach



Next,
Add that code I wrote earlier directly above the $address = (isset($_POST....... stuff)

Then try to add an http address in your address line, and see what it does.

[egami]

Oh yes, before I forget..
If you do want to log it, and block it, make sure you set a timer or figure out how to block bigger blocks of addresses: Otherwise the little script kiddies could flood your server.

Although I doubt little johnny in Mommy's basement has access to 5000 plus robots.. You just never know who does.