Bad words array. I am trying to use a POST variable "msg" and compare it to a list of strings spammers typically use on my site. I am getting bombarded. If the spammer does indeed use one of the 'bad words' then the process will be terminated and he be sent to function send_403() which prints a forbidden page. right now it will not work against those strings. I can't get it to deny me
here is my code:
<?
require("bandfunc.php");
if ($_POST[e_mail] == "") {
ini_set("display_errors", "1");
error_reporting(E_ALL);
// No FORM must have been submited so moving on...
// I want to display guestbook entries also a FORM so they can add an entry
//log the user IP, name of page, User Agent
$page_title = "Band Room";
dbconnect();
pagecount($page_title);
//$guest = Works displays fine all the entrys in the guestbook
band($connection);
//need these variable defined for the form
$date = date("Y-m-d");
$address = getenv("REMOTE_ADDR");
//start the form that post to this itself
$form_block = "
<table align=\"center\" cellspacing=\"0\" cellpadding=\"20\" class=\"form\">
<tr>
<td>
<br/><br/><span class=\"lineup\">
<form method=\"post\" action=\"$_SERVER[PHP_SELF]\">
<input type=\"hidden\" name=\"date\" value=\"$date\" />
<input type=\"hidden\" name=\"ip\" value=\"$address\" /><br/>
<label>Band Name</label><br />
<input type=\"text\" name=\"band\" size=\"30\" /><br />
<label>Favorite Web Site</label><br />
<input type=\"text\" name=\"web_site\" size=\"30\" value=\"http://www.eriescene.com\" /><br />
<label>E-mail Address</label><br />
<input type=\"text\" name=\"e_mail\" size=\"30\" /><br />
<label>Your Message, this can include shows</label><br />
<textarea name=\"msg\" rows=\"6\" cols=\"40\"></textarea><br /><br />
<input type=\"hidden\" name=\"op\" value=\"ds\" />
<div align=\"center\">
<input name=\"submit\" type=\"submit\" value=\"Submit Post\" />
<input name=\"reset\" type=\"reset\" value=\"Reset\" />
</div>
</form>
</span>
</td>
</tr>
</table>";
} else {
////////////////////////////////////////////
//FORM WAS SUBMITTED FILTER WORDS HERE /////
ini_set("display_errors", "1");
error_reporting(E_ALL);
dbconnect();
$spammer_strings = array('astromarv.com', '****', 'carmen-electra', 'angelina-jolie', 'justin-timberlake', 'dish-network', 'missy-elliott', 'byondart.com', 'getmydata.cn', '*******.com', 'krasaonline.cz', 'mut.cz', 'inetmag.cz', 'kavglob.cz', 'casino poker black jack', 'Nice design, good work !', 'reality-inzert.cz', 'spkk.cz', 'hotelcecere.it', 'autoscuolevalenza.it', 'eversene.com', 'gerhardt-wein.de', 'evonshireavenue.org.uk', 'billedprojektkonsulenten.dk', 'dbh.dk', 'amctheatres.com', 'newsdirectory.com', 'morecambebayfs.co.uk', 'maxsms.pl', 'marmota.ro', 'premierestudios.ro', 'spportal.co.uk', 'sunscreenmultimedia.de', 'qbix.pl', 'imperialrugby.co.uk', 'mansfield-notts.co.uk', 'imr.org.pl', 'popag.co.uk', 'oliverbrunotte.de', 'katerpage.de', 'svenkorzer.de', 'taywoodphotographic.co.uk', 'vbsh.dk', 'divshop.com', 'alti-staal.dk', 'dixis.dk', '9er.dk', 'ein.dk', 'poker-fix.com', 'forfattervaerkstedet.dk', 'it-radiologi.dk', 'luftmadrassen.dk', 'metallbau-net.de', 'ostsee-ferienwohnung-eckernfoerde.de', 'kloster-sion.de', 'prommiweb.de', 'spowa-oebisfelde.de'
);
foreach($spammer_strings as $baddie)
{
if(strpos($_POST[msg], $baddie) !== FALSE)
{
send_403();
}
}
//the form was submited properly because the all the fields are filled in
//log the user IP, name of page, User Agent
$page_title = "Band Room";
pagecount($page_title);
function sanitize($input)
{
if(get_magic_quotes_gpc())
{
$input = stripslashes($input);
}
return(mysql_real_escape_string($input));
}
//Start INSERT the Results of the Form
//Run Sanitize Function
$band = sanitize($_POST['band']);
$date = ($_POST['date']);
$e_mail = sanitize($_POST['e_mail']);
$msg = sanitize($_POST['msg']);
$web_site = sanitize($_POST['web_site']);
//start, build, and issue the QUERY statment
$table_name = "bands";
$sql = "
INSERT INTO $table_name VALUES ( '', '$band', '$date', '$e_mail', '$msg', '$ip', '$web_site')";
$result = mysql_query($sql,$connection)
or die ('I cannot connect to the database because: ' . mysql_error());
//Connect again to view the database after the new values have been inserted
band($connection);
$form_block = "<div align=\"center\"><span style=\"color:green;font-size:12px;\">Thanks for Posting!!</span></div>";
//Remeber no form!
}
//close the db connection.}
mysql_close($connection);
function send_403()
{
header('HTTP/1.1 403 Forbidden');
print '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'."\n".
'<html><head>'."\n".
'<title>403 Forbidden</title>'."\n".
'</head><body>'."\n".
'<h1>Forbidden</h1>'."\n".
'<p>You don\'t have permission to access '.
str_replace(strstr($_SERVER['REQUEST_URI'], '?'), '', $_SERVER['REQUEST_URI']).
' on this server.</p>'."\n".
'</body></html>'."\n";
exit;
}
?>
Please help I am gettin beat down with spam.
