C h a p t e r 6 : F o r m s a n d U s e r I n p u t 131 C h a p t e r 6 : F o r m s a n d U s e r I n p u t 131 How It Works This is another of those extremely short and sweet, yet exceedingly powerful plug-ins. What it does is take the text you supply it with, along with the array of keywords, and then calls plug-in 5, PIPHP_WordSelector(), with a blank replace string. This has the effect of removing every matching word from the string. It’s then a simple matter to subtract the length of the new string from the original one and return the difference. The larger this difference, the more words were removed from the string and so the more keywords have matched, and therefore the more likely it is that the string contained spam. If there is no difference, then no words matched and the string is considered spam-free. How to Use It To use this plug-in well, you need to first create your array of trigger keywords. You should base this on words unique to user spam that you have already received, with code like the following to filter user posts: $words = array('rolex', 'replica', 'loan', 'mortgage', 'viagra', 'cialis', 'acai', 'free', 'stock', 'guaranteed', 'refinancing', 'cartier', 'manhood', 'drugs'); if (PIPHP_SpamCatch($text, $words) < 15) echo "Probably not spam"; else echo "Probably spam"; Of course, this is a very small set of keywords and you will very likely need to come up with your own much larger list. This you will probably compile over time, and will include large numbers of keywords unsuitable for publication in this book. You may also wish to experiment with the spam score of 15 used earlier to distinguish between spam and non-spam. Set it lower if too much is getting through, or higher if too many non-spams are being rejected. The Plug-in function PIPHP_SpamCatch($text, $words) { return strlen($text) - strlen(PIPHP_WordSelector($text, $words, '')); } Send E-mail Often, after receiving user input you need to send an e-mail, perhaps to yourself, to a colleague, or maybe to the e-mail submitter, thanking them for their input. Sending an e-mail from your server isn’t too hard using PHP’s built-in mail() function. But if you want to send CCs or BCCs, you have to start assembling headers, which starts getting complicated. Using this plug-in, all that’s handled for you. You just supply the message, subject lines, and the e-mail addresses of all recipients and it gets on with sending the e-mail for you. You can even specify a different Reply-To address if needed. Figure 6-8 shows the plug-in in use. 38 132 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s 132 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s About the Plug-in This plug-in accepts a string containing the text of an e-mail to send, along with another for a subject line, and various other arguments specifying the e-mail addresses of people to whom it should also be sent. It takes these arguments: • $message The text of the e-mail • $subject The e-mail’s subject • $priority The message’s priority: 1 (high) – 5 (low), or leave it blank for none • $from The e-mail address of the sender • $replyto The e-mail address to which replies should be addressed • $to The e-mail address of the recipient • $cc An array of e-mail addresses for CC copies • $bcc An array of e-mail addresses for Blind CC copies (no recipient will see any BCC e-mail addresses in the message they receive) • $type If set to “HTML,” the e-mail will be sent in HTML format; otherwise, it will be sent as text. Variables, Arrays, and Functions $headers String containing additional headers to be sent How It Works A lot of the work is handled by the mail() function built into PHP, but it needs help constructing additional headers because it only supports arguments of recipient, subject, message, and headers. Therefore, this plug-in starts by assigning to the variable $headers the string value “From:”, followed by the value in $from and a \r\n carriage return\linefeed pair. If this were not done, the e-mail might be sent as if the sender were the web server itself. Next, if the value of $type is set to “HTML,” then the correct headers to send the e-mail using HTML are appended to $headers. FIGURE 6-8 Sending an e-mail with this plug-in is a single-line function call. C h a p t e r 6 : F o r m s a n d U s e r I n p u t 133 C h a p t e r 6 : F o r m s a n d U s e r I n p u t 133 After that, if $priority has a value greater than 0, then an X-Priority: header is appended to $headers. Also, if the $replyto variable has a value, then the correct Reply-To: header is appended to $headers. Then, the CC and BCC headers are created by iterating through the arrays of e-mail addresses in $cc and $bcc (if any), appending each to the relevant header line. Finally, the mail() function is called with the values in $to, $subject, and $message, but now with a properly formatted sequence of headers in $headers to handle the other parameters. How to Use It Sending an e-mail with this plug-in is as easy as the following example, in which me@myserver.com is the sender’s e-mail address, and rick@otherserver.net is the recipient’s: if (PIPHP_SendEmail($message, $subject, '', 'me@myserver.com', '', 'rick@otherserver.net', NULL, NULL, '')) echo "Mail successful"; Or, to add a CC line this might change to the following, noting that the CC and BCC arguments must be passed as arrays of e-mail addresses: if (PIPHP_SendEmail($message, $subject, '', 'me@myserver.com', '', 'rick@otherserver.net', array('bill@test12.com'), NULL, '')) echo "Mail successful"; TIP If, when you use this plug-in, you get an error such as Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25… then you don’t have your server properly configured for e-mail. In fact, if you are using Zend Server CE and/or a web development server, you may not actually want to run a mail server on that machine anyway, and should probably test this code on a server already configured for mail. The Plug-in function PIPHP_SendEmail($message, $subject, $priority, $from, $replyto, $to, $cc, $bcc, $type) { $headers = "From: $from\r\n"; if (strtolower($type) == "html") { $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; } if ($priority > 0) $headers .= "X-Priority: $priority\r\n"; if ($replyto != "") $headers .= "Reply-To: $replyto\r\n"; if (count($cc)) 134 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s 134 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s { $headers .= "Cc: "; for ($j = 0 ; $j < count($cc) ; ++$j) $headers .= $cc[$j] . ","; $headers = substr($headers, 0, -1) . "\r\n"; } if (count($bcc)) { $headers .= "Bcc: "; for ($j = 0 ; $j < count($bcc) ; ++$j) $headers .= $bcc[$j] . ","; $headers = substr($headers, 0, -1) . "\r\n"; } return mail($to, $subject, $message, $headers); } BB Code Because of the risks involved with allowing users to enter HTML via a web form, alternatives had to be invented that would offer freedom of textual formatting without the risk of server hacking. One of the first and most popular of these systems was BB Code, which stands for Bulletin Board Code. Because it is used on web forums all over the Internet, your users will be very familiar with BB Code, and using this plug-in you can now fully support it on your web site—including making URLs clickable, as you can see in Figure 6-9. About the Plug-in This plug-in accepts a string containing BB Code and returns it translated into safe HTML. It takes this argument: • $string The string to translate. FIGURE 6-9 BB Code is a great way to allow users the ability to control their HTML layout without worrying about getting hacked. 39 C h a p t e r 6 : F o r m s a n d U s e r I n p u t 135 C h a p t e r 6 : F o r m s a n d U s e r I n p u t 135 Variables, Arrays, and Functions $from Array containing the supported BB Codes $to Array containing the HTML equivalents to BB Code How It Works This plug-in starts by replacing all occurrences found in the string $string from the array $from with those in the array $to, using the str_replace() function. It then uses the preg_replace() function four times to perform slightly more complex translations: • Converts any [size=??] codes to CSS font-size:??px tags • Converts any [color=??] codes to <font color='??'> HTML tags • Converts any [url]??[/url] codes to <a href=’??>??</a> HTML tags • Converts any [url=??] codes to <a href='??'> HTML tags With all translations completed, the modified string is returned. If no modifications were made, then the original string is returned. How to Use It To use this plug-in, just pass the function PIPHP_BBCode() some text to be translated and it will be returned to the calling code. If there is BB Code in the text, it will be replaced with matching HTML and/or CSS tags, otherwise it will be returned unchanged. The following example populates $text with some text, including BB Code, and then calls the plug-in to display it: $text = <<<_END This is a test of BB Code [size=12]Size 12[/size] [size=20]Size 20[/size] [size=32]Size 32[/size] [i]italic[/i] [color=red][b]bold red[/b][/color] [u]underline[/u] [s]strikethrough[/s] [url]http://google.com[/url] [url=http://yahoo.com]A titled hyperlink[/url] [quote]Block quoted text[/quote] _END; echo PIPHP_BBCode($text); The list of BB Codes supported by this plug-in and the actions they perform are shown in Table 6-1. I should mention that I believe BB Code’s support for images and URLs repr esents a potential security risk and I would recommend using Pound Code (the next plug-in) instead. Or, on a site that makes use of GET requests, if you must support BB Code, you should consider removing or commenting out the sections supporting images and URLs. I have more to say on this matter in the “How to Use It” section of the Pound Code plug-in, following. . your web site—including making URLs clickable, as you can see in Figure 6-9. About the Plug- in This plug- in accepts a string containing BB Code and returns it translated into safe HTML. It. Functions $from Array containing the supported BB Codes $to Array containing the HTML equivalents to BB Code How It Works This plug- in starts by replacing all occurrences found in the string $string from the. i o n s About the Plug- in This plug- in accepts a string containing the text of an e-mail to send, along with another for a subject line, and various other arguments specifying the e-mail addresses