0

Am not sure if the strpos() is the right function to use for this task.

PROBLEM:

if the user input hate or another string in my spam variable it return the spam filter message which is correct, but if the user input a spam variable mixed with any string not in the various it passes for processing.

I want the input to to check from the first string to the last string and that t doesn't contains any of the spam variable string then return process, here is my code

<?php
    //messgae
    error_reporting(E_ALL ^ E_NOTICE);
    $msg = array(); 
    $spam = "hate partisan party kill maim murder violence love sex fight beat assasinate thug steal sell bribe protest baricade bullets militia fear ";
    $spam_array = explode(" ",$spam);

    $check = strpos($spam, $_POST['message']);

         if ($check == true) {
        //do nothing
        $msg['invalid'] =  'Spam filter test didnt allow your message';

       } else {

        $msg['valid'] = 'process';   
       }


    if(isset($_POST['send'])){

      $message= $_POST['message']; 
    }

     ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Strpos</title>
    </head>

    <body>
    <?php 
    if (isset($msg)) {
    echo '<ul>';
    foreach ($msg as $alert) {
    echo "<li class='warning'>$alert</li>\n";
    }
    echo '</ul>';
    }?>
    <form action="" method="post">
    <input name="message" type="text" />
    <input name="send" type="submit" value="Submit" id="send" />
    </form>
    </body>
    </html>
Ethaan
  • 11,291
  • 5
  • 35
  • 45
pmcs management
  • 45
  • 1
  • 6
  • check `strpos` against `!== false` instead – Kevin Apr 06 '15 at 15:49
  • You're using strpos() incorrectly. it can return an integer 0, which `== false`, but that just means it found your search string at the START of the 'haystack' string. Plus, this kind of filter is basically useless: http://en.wikipedia.org/wiki/Scunthorpe_problem – Marc B Apr 06 '15 at 15:49
  • possible duplicate of [Check if string contains one of several words](http://stackoverflow.com/questions/19178295/check-if-string-contains-one-of-several-words) – rjdown Apr 06 '15 at 15:50
  • Are you sure you have enough *skill* or luck from a *clover* to implement this correctly? – tadman Apr 06 '15 at 16:35
  • "Google sells Motorola" is Spam? I think your concept of avoiding Spam is not useful at all. If you block "sex" a Spammer will write"s.e.x". Look at spam Mails. The only mechanism that works is to verify the Sender and block him if he does not respect the rules. – mgutt Apr 06 '15 at 17:00

2 Answers2

1

You started something there, with the $spam_array. They you check it know, you check if the exact string of bad words are found in your message.

Also stripos instead of strpos so that it will be case insensitive.

$spam = "hate partisan party kill maim murder violence love sex fight beat assasinate thug steal sell bribe protest baricade bullets militia fear ";
$spam_array = explode(" ",$spam);
$isSpam = isSpam($_POST['message'], $spam_array);


function isSpam($content, $spamList)
{
    foreach($spamList as $badWord) {
        if(stripos($content, $badWord) !== false) {
            return true;
        }
    }

    return false;
}
Anti
  • 458
  • 3
  • 8
0

You need to improve your check with word boundaries or you would have false positives for words like "gloves" (love) and "Essex" (sex). You should also make it case-insensitive.

The following approach (check function) uses a preg_match with word boundary metacharacters when looking for each "spam word" within the message. The i modifier also makes it case-insensitive:

function check($msg, $spam_array) {
    foreach ($spam_array as $spam_word) {
        if (preg_match("/\b" . $spam_word ."\b/i", $msg)) {
            return false;
        }
    }
    return true;
}

function test($msg, $spam_array) {
    echo "$msg => ", check($msg, $spam_array) ? 'OK' : 'not OK', PHP_EOL;
}

$spam = "hate partisan party kill maim murder violence love sex fight beat "
    . "assasinate thug steal sell bribe protest baricade bullets militia fear";
$spam_array = explode(" ", $spam);

test("I'm known for my cookie munching skills.", $spam_array);
test("I could kill for some cookies right now!", $spam_array);

Output:

I'm known for my cookie munching skills. => OK
I could kill for some cookies right now! => not OK
mhall
  • 3,671
  • 3
  • 23
  • 35