Anyone good with PHP know how to do this??

lch_hosting

Hi guys!
I need code that checks the domain field on my order form to make sure the domain is in a vaild format. I need to to check the following:

that the domain is in the format of domain.blah or domain.blah.blah (so a domain name such as userdomain.com is accepted and a domain such as userdomain.com.uk is accepted).
that the domain doesn't start with www.
that the field contains letters numbers and -'s only.

Anyone have any idea how to do that? Any help would be veryyy much appreciated thanks guys!

cahva

<?php
$domain='www.phpbuilder.com';


// Check that the domain contains atleast one dot in the name
if (!strchr($domain,'.'))
die("Domain does not contain any dots");

// Check that domain does not start with 'www.'
if (strstr(substr($domain,0,4),'www.'))
die('Domain must not start with "www."');

// Check for illegal letters
$letters="abcdefghijklmnopqrstuvwxyz1234567890-.";
for ($i=0; $i < strlen($domain); $i++)
{
    $pos=strrpos($letters,strtolower($domain{$i}));
    if ($pos===false)
    die ("illegal letters!");
}

?>

I think the code explains itself...

lch_hosting

Thanks, that code is close... However if I type ".domain" it accepts it or if I type something like "domain." it also accepts that. So all I need is something I can add to that so that it checks that it is in the format of <sometext>.<some extension> or <sometext>.<some extension>.<some other exension>

Any idea how to check for that, thanks!

lch_hosting

Please anyone know???

cahva

Sorry, I havent read this forum for a while. Anyway heres a workaround for you:

<?php
// this is illegal address
$domain='.phpbuilder.com';

// Check that the domain contains atleast one dot in the name
if (!strchr($domain,'.'))
die("Domain does not contain any dots");

// Check if theres value in exploded array or is there a dot at all..
$exp=explode(".",$domain);
$count=sizeof($exp);

if ($count>0)
{
for ($i=0; $i<$count; $i++)
if (!$exp[$i])
die('illegal address');
}

// Check that domain does not start with 'www.'
if (strstr(substr($domain,0,4),'www.'))
die('Domain must not start with "www."');

// Check for illegal letters
$letters="abcdefghijklmnopqrstuvwxyz1234567890-.";
for ($i=0; $i < strlen($domain); $i++)
{
    $pos=strrpos($letters,strtolower($domain{$i}));
    if ($pos===false)
    die ("illegal letters!");
}

?>

planetsim

Im not good at regex probably because i dont use it at all. Like once.

Id recommend that you use Regex
except for maybe the last bit.. eg. .com .be .de etc

you may wanna use an if else or even better switch statement for that.

lch_hosting

Thanks for all your help so far. However a domain such as domain.com.uk is not accepted. Do you know how to allow a domain such as that? So it should check for <text or numbers>. <text>.<text>

Cagez

<?php

// Assuming there is a form that is POSTing the data to the script
$domain = $_POST['domain'];

if(!eregi("^[^(www\\.)]+[a-zA-Z0-9]+[a-zA-Z0-9\\-]*\\.[a-zA-Z0-9\\-\\.]+[\\.\\-]$", $domain))    {
    die("Incorrect domain.");
}
?>

I'm not to good at regualr expressions, but I think that'll work...

<edit>
Editted it a bit.

lch_hosting

hi,
Thanks I tried using that but I kept getting invaild domain no matter what I entered. Any other ideas? Or anyone else know - thanks!!

echion

<?php

$domain = "www.phpbuilder.org";

function is_valid($domain) {
  $elements = split("\.", $domain);
  $parts = count($elements);

  if ($parts < 2) {
    return 0;
  }

  for ($i = 0; $i < $parts - 1; $i++) {
    if (strlen($elements[$i]) < 1) {
      return 0;
    }
    if (!ereg("([a-zA-Z0-9-]{1,255})", $elements[$i], $regs)) {
      return 0;
    }
  }
  return 1;
}

/* warning, this can be exploited */
function lookup_in_dns($domain) {
  $result = `nslookup -sil $domain | sed -n '5p'`;

  /* length of result = 1 if empty */

  if (empty($result) || strlen($result) < 2) {
    return 0;
  }
  return 1;
}

$back  = is_valid($domain);
$back2 = lookup_in_dns($domain);

echo "Back: $back & $back2<br>";

?>

Just some dirty code...
I think that it works...

lookup_in_dns is a bit ugly and could very well be exploited right now by entering a domainname like "www; rm -rf /" but using nslookup or another tool is the only way I can come up with that makes sure that the domainname is valid and isn't just syntax correct.

Good luck.

ryza_

quik fix for that exploit.

$bad_chars=Array("&", ";", "|", "*");
foreach($bad_chars as $char){
$domain = str_replace("$char","",$domain);
}

RabPHP

Is there anyway to make this server specific? Check one DNS server and if it doesn't exist there, make it return a 0.

RabPHP