CSS Codes
CSS Layouts
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Filter Text from the form using php

  1. 10-19-2007, 12:49 AM #11
    djr33's Avatar
    djr33
    djr33 is offline Global Moderator
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Yes, Twey, just like you'd say to a 3 year old. Quite convincing for people to not do that repeatedly.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
    Reply With Quote Reply With Quote
  2. 09-28-2009, 06:51 PM #12
    thehotspotguide
    thehotspotguide is offline New Comer (less than 5 posts)
    Join Date
    Sep 2009
    Location
    Charlotte
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I am having a very difficult time with this. I am trying to filter out curse words and other words in my mail form, but I tried the $string replace I'm not sure if I'm putting it in the right place or what. Any suggestions? This is what my php code looks like:

    Code:
    <?php                                                                                                              


$area = "login";
include("./_include/core/main_start.php");
class CCompose extends CHtmlBlock
{
	var $m_on_page = 20;
	var $message = "";
	var $id;
	var $subject;
	var $text;
	var $type = 'plain';
	var $Turing;
	

	function action()

	{
		global $g_user;
		global $g;

		$cmd = get_param("cmd", "");

		if ($cmd == "reply")
		{
			$msg = (int) get_param("msg", "");
			$sql = "
				SELECT u.user_id AS user_from, u2.user_id AS user_to,
				m.id, m.subject, m.text, m.type AS mtype
				FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from)
				LEFT JOIN user AS u2 ON u2.user_id=m.user_to)
				WHERE m.id=" . $msg . "
			";
			DB::query($sql);
			if ($row = DB::fetch_row())
			{
				$this->id = $row['user_from'] != $g_user['user_id'] ? $row['user_from'] : $row['user_to'];
				$this->subject = "Re: " . $row['subject'];
				if ($row['mtype'] == 'plain') $this->text = "> " . str_replace("\n", "\n > ", $row['text']);
				else $this->text = "";

			}
		}
		if ($cmd == "forward")
		{
			$msg = (int) get_param("msg", "");
			$sql = "
				SELECT u.user_id AS user_from, u2.user_id AS user_to,
				m.id, m.subject, m.text, m.type AS mtype
				FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from)
				LEFT JOIN user AS u2 ON u2.user_id=m.user_to)
				WHERE m.id=" . $msg . "
			";

			DB::query($sql);
			if ($row = DB::fetch_row())
			{
				$this->subject = "Fw: " . $row['subject'];
				if ($row['mtype'] == 'plain') {
					$this->text = "> " . str_replace("\n", "\n > ", $row['text']);
				} else {
					$this->text = urlencode($row['text']);
					$this->type = 'postcard';
				}
			}
		}

		if ($cmd == "sent")
		{
			$name = get_param("name", "");
			$subject = to_sql(get_param("subject", ""), "Text");
			$text = to_sql(urldecode(get_param("text", "")), "Text");
			
			if ($name != "" and $subject != "" and $text != "")
			{
				$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . "");
				$block = DB::result("SELECT id FROM users_block WHERE user_from=" . $id . " AND user_to=" . $g_user['user_id'] . "");

				if ($id != 0 and $block == 0)
				{
					DB::execute("
					INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, type)
						VALUES(
						" . to_sql($id, "Number") . ",
						" . $g_user['user_id'] . ",
						" . to_sql($id, "Number") . ",
						" . 1 . ",
						" . $subject . ",
						" . $text . ",
						" . time() . ",
						" . to_sql(get_param('type')) . ")
					");
					DB::execute("UPDATE user SET new_mails=new_mails+1 WHERE user_id=" . to_sql($id, "Number") . "");

					if (get_param("save", "") == "1")
					{
						DB::execute("
							INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, new, type)
							VALUES(
							" . $g_user['user_id'] . ",
							" . $g_user['user_id'] . ",
							" . to_sql($id, "Number") . ",
							" . 3 . ",
							" . $subject . ",
							" . $text . ",
							" . time() . ",
							'N',
							" . to_sql(get_param('type')) . ")
						");



					}

					DB::query("SELECT name, orientation, mail, set_email_mail FROM user WHERE user_id='" . $id . "'");
					if ($row = DB::fetch_row())
					{
						if ($row['set_email_mail'] != "2")
						{
							$subject = DB::result("SELECT subject FROM email_auto WHERE note='mail_message'");
							$subject = str_replace("{name}", $g_user['name'], $subject);

							
$subject = str_replace("{title}", $g['main']['title'], $subject);

							$text = DB::result("SELECT text FROM email_auto WHERE note='mail_message'");
							$text = str_replace("{name}", $g_user['name'], $text);
							$text = str_replace("{title}", $g['main']['title'], $text);


							send_mail(
								$row['mail'],
								$g['main']['info_mail'],
								$subject,
								$text
							);






	





						}
					}

					redirect(get_param("page_from", ""));









				}
				elseif ($block > 0)
				{
					$this->message = "You in Block List.<br>";
				}
				else
				{
					$this->message = "Incorrect Username.<br>";
				}
			}
			else
			{
				$this->message = "Incorrect Username, subject or message.<br>";
			}
		}
	}
	function parseBlock(&$html)
	{
		global $g_user;

		$html->setvar("message", $this->message);

		$html->setvar("subject", $this->subject);
		$html->setvar("text", $this->text);

		if (DB::query("SELECT u.name FROM users_favorite AS f LEFT JOIN user AS u ON u.user_id=f.user_to WHERE f.user_from=" . $g_user['user_id'] . ""))
		{
			$i = 0;
			$num_columns = 3;
			$total_checks = DB::num_rows();
			$in_column = ceil(($total_checks) / $num_columns);

			while ($row = DB::fetch_row())
			{
				$i++;

				$html->setvar("fname", $row['name']);

				if ($i % $in_column == 0 and $i != 0 and $num_columns != 1)
				{
					$html->parse("favorite_column", false);
				}
				else
				{
					$html->setblockvar("favorite_column", "");
				}

				$html->parse("favorite", true);
			}
			DB::free_result();
		}

		if (isset($this->id))
		{
			$id = $this->id;
		}
		else
		{
			$ids = get_param_array("id");
			$id = isset($ids[0]) ? $ids[0] : 0;
		}

		DB::query("SELECT user_id, name FROM user WHERE user_id=" . to_sql($id, "Number") . " ");

		if ($row = DB::fetch_row())
		{
			$html->setvar("name", $row['name']);
			$html->parse("add_id", true);
		}
		else
		{
			$html->parse("add_name", true);
		}

		$to = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "mail.php";
		$html->setvar("page_from", get_param("page_from", $to));

		if ($this->type == 'plain')  $html->parse("plain", true);
		else  $html->parse("postcard", true);
		
		parent::parseBlock($html);



	}
}



$page = new CCompose("", $g['tmpl']['dir_tmpl_main'] . "mail_compose.html");
$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.html");
$page->add($header);
$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");
$page->add($footer);

$folders = new CFolders("folders", $g['tmpl']['dir_tmpl_main'] . "_folders.html");
$page->add($folders);

$users_ims = new CIms("ims", $g['tmpl']['dir_tmpl_main'] . "_ims.html");
$page->add($users_ims);




include("./_include/core/main_close.php");

?>
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules