I need php text filter help
I am having a very difficult time with this. I am trying to filter out curse words and other words in my mail form, but I tried the $string replace I'm not sure if I'm putting it in the right place or what. Any suggestions? This is what my php code looks like:
Code:<?php $area = "login"; include("./_include/core/main_start.php"); class CCompose extends CHtmlBlock { var $m_on_page = 20; var $message = ""; var $id; var $subject; var $text; var $type = 'plain'; var $Turing; function action() { global $g_user; global $g; $cmd = get_param("cmd", ""); if ($cmd == "reply") { $msg = (int) get_param("msg", ""); $sql = " SELECT u.user_id AS user_from, u2.user_id AS user_to, m.id, m.subject, m.text, m.type AS mtype FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from) LEFT JOIN user AS u2 ON u2.user_id=m.user_to) WHERE m.id=" . $msg . " "; DB::query($sql); if ($row = DB::fetch_row()) { $this->id = $row['user_from'] != $g_user['user_id'] ? $row['user_from'] : $row['user_to']; $this->subject = "Re: " . $row['subject']; if ($row['mtype'] == 'plain') $this->text = "> " . str_replace("\n", "\n > ", $row['text']); else $this->text = ""; } } if ($cmd == "forward") { $msg = (int) get_param("msg", ""); $sql = " SELECT u.user_id AS user_from, u2.user_id AS user_to, m.id, m.subject, m.text, m.type AS mtype FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from) LEFT JOIN user AS u2 ON u2.user_id=m.user_to) WHERE m.id=" . $msg . " "; DB::query($sql); if ($row = DB::fetch_row()) { $this->subject = "Fw: " . $row['subject']; if ($row['mtype'] == 'plain') { $this->text = "> " . str_replace("\n", "\n > ", $row['text']); } else { $this->text = urlencode($row['text']); $this->type = 'postcard'; } } } if ($cmd == "sent") { $name = get_param("name", ""); $subject = to_sql(get_param("subject", ""), "Text"); $text = to_sql(urldecode(get_param("text", "")), "Text"); if ($name != "" and $subject != "" and $text != "") { $id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . ""); $block = DB::result("SELECT id FROM users_block WHERE user_from=" . $id . " AND user_to=" . $g_user['user_id'] . ""); if ($id != 0 and $block == 0) { DB::execute(" INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, type) VALUES( " . to_sql($id, "Number") . ", " . $g_user['user_id'] . ", " . to_sql($id, "Number") . ", " . 1 . ", " . $subject . ", " . $text . ", " . time() . ", " . to_sql(get_param('type')) . ") "); DB::execute("UPDATE user SET new_mails=new_mails+1 WHERE user_id=" . to_sql($id, "Number") . ""); if (get_param("save", "") == "1") { DB::execute(" INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, new, type) VALUES( " . $g_user['user_id'] . ", " . $g_user['user_id'] . ", " . to_sql($id, "Number") . ", " . 3 . ", " . $subject . ", " . $text . ", " . time() . ", 'N', " . to_sql(get_param('type')) . ") "); } DB::query("SELECT name, orientation, mail, set_email_mail FROM user WHERE user_id='" . $id . "'"); if ($row = DB::fetch_row()) { if ($row['set_email_mail'] != "2") { $subject = DB::result("SELECT subject FROM email_auto WHERE note='mail_message'"); $subject = str_replace("{name}", $g_user['name'], $subject); $subject = str_replace("{title}", $g['main']['title'], $subject); $text = DB::result("SELECT text FROM email_auto WHERE note='mail_message'"); $text = str_replace("{name}", $g_user['name'], $text); $text = str_replace("{title}", $g['main']['title'], $text); send_mail( $row['mail'], $g['main']['info_mail'], $subject, $text ); } } redirect(get_param("page_from", "")); } elseif ($block > 0) { $this->message = "You in Block List.<br>"; } else { $this->message = "Incorrect Username.<br>"; } } else { $this->message = "Incorrect Username, subject or message.<br>"; } } } function parseBlock(&$html) { global $g_user; $html->setvar("message", $this->message); $html->setvar("subject", $this->subject); $html->setvar("text", $this->text); if (DB::query("SELECT u.name FROM users_favorite AS f LEFT JOIN user AS u ON u.user_id=f.user_to WHERE f.user_from=" . $g_user['user_id'] . "")) { $i = 0; $num_columns = 3; $total_checks = DB::num_rows(); $in_column = ceil(($total_checks) / $num_columns); while ($row = DB::fetch_row()) { $i++; $html->setvar("fname", $row['name']); if ($i % $in_column == 0 and $i != 0 and $num_columns != 1) { $html->parse("favorite_column", false); } else { $html->setblockvar("favorite_column", ""); } $html->parse("favorite", true); } DB::free_result(); } if (isset($this->id)) { $id = $this->id; } else { $ids = get_param_array("id"); $id = isset($ids[0]) ? $ids[0] : 0; } DB::query("SELECT user_id, name FROM user WHERE user_id=" . to_sql($id, "Number") . " "); if ($row = DB::fetch_row()) { $html->setvar("name", $row['name']); $html->parse("add_id", true); } else { $html->parse("add_name", true); } $to = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "mail.php"; $html->setvar("page_from", get_param("page_from", $to)); if ($this->type == 'plain') $html->parse("plain", true); else $html->parse("postcard", true); parent::parseBlock($html); } } $page = new CCompose("", $g['tmpl']['dir_tmpl_main'] . "mail_compose.html"); $header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.html"); $page->add($header); $footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html"); $page->add($footer); $folders = new CFolders("folders", $g['tmpl']['dir_tmpl_main'] . "_folders.html"); $page->add($folders); $users_ims = new CIms("ims", $g['tmpl']['dir_tmpl_main'] . "_ims.html"); $page->add($users_ims); include("./_include/core/main_close.php"); ?>
CSS Codes
Reply With Quote
Bookmarks