Bei einem Formular bestimmte Wörter verbieten

RageNo1

RageNo1

Erfahrenes Mitglied
Hallo ich habe derzeit das Problem, das auf meiner Seite gespamt wird.
Dabei wird die Kommentarfunktion meiner Seite mißbraucht.
Nun möchte ich gerne folgendes realisieren:
Ich möchte gerne, das die Eingabe auf bestimmte vorgegebene Wörter
überprüft wird. Falls nun eines der verbotenen Wörter dort auftaucht soll eine
Fehlermeldung ausgegeben werden wie z.B. Kommentar enhält ein Verbotenes Wort.

Ich hoffe Jemand kann mir bei der realisieren helfen, da ich nicht so viel Ahnung von
PHP habe. Hier nun noch das Script, welches für die Kommentare verantwortlich ist.

Ich poste das ganze Script, da ich nicht weiss welcher Bereich dabei entscheident ist.

PHP: 
<?php
// Hier werden die Kommentare gespeichert

    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;
               
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));
                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}

// Hier werden die Kommentare ausgegeben

    if (!function_exists("showComments")) {
    function showComments() {

        global $extension,
               $news_id,
               $options,
               $failure,
               $success,
               $styledata;
               
        require("config.inc".$extension);

        print "<span id=main><b>kommentare:</b></span><br />\r\n";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC");
        $close = $dbconn->close();
        $comm1_tpl = $styledata['tpl_comm1'];
        if ($commentdata != "") {
            foreach ($commentdata as $key=>$elem) {
                if (($options['show_comm_email']) && ($elem['email'] != "")) {
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>";
                } else {
        	    $author = $elem['author'];
        	}
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment);
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                $rows = $dbconn->countRows("SELECT * FROM $smilietable");
                if ($options['comment_smilies'] > 0) {
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) {
                        $correctdata = 0;
                        while($correctdata < 1) {
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id");
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; }
                        }
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />";
                        $comment = str_replace($data['code'], $comment_repl, $comment);
                    }
                }
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl;
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template);
                $comm1_template = str_replace("{author}", $author, $comm1_template);
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{comment}", $comment, $comm1_template);
                if ($options['php_allowed']) {
                    $comm1_template = str_replace('"', '\"', $comm1_template);
                    $comm1_template = str_replace('?>', 'print "', $comm1_template);
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template);
                    $comm1_template = 'print "'.$comm1_template.'";';
                    $comm1_template = eval($comm1_template);
                }
                print $comm1_template;
            }
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; }
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; }
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; }
    }}

// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }
        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
    
// Helper für "showPostComment", der die Smilies erzeugt

    if (!function_exists("commentSmilies")) {
    function commentSmilies() {

        global $extension,
               $options,
               $styledata;
                
        require("config.inc".$extension);
        $num_smilies = $options['comment_smilies'];
        $form_smilies = "";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) {
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id");
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]");
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n";
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n";
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n";
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n";
            $form_smilies = $form_smilies."    </td>\r\n";
            if ($smilie_id == ($num_smilies / 2)) {
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n";
            }	
        }
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>";
        return $form_smilies;
    }}
?>
 
Ja hatte ich auch schon gesehen, nur bei dem Spam werden nur Internet Adressen
immer wieder hintereinander angezeigt von so sch.... Online-Casinos.
Wenn ich die Wörter nur ersetzen lasse hätte ich nur noch **** oder sonst was?
Hier mal ein Spambeitrag dieser Art.

Gibt es nicht eine andere Möglichkeit? Am Besten wäre wenn der Beitrag dann nicht gespeichert wird und eine Fehlermeldung ausgegeben wird.
 
Zuletzt bearbeitet:
Hallo ich habe mir das Script nochmal genauer angesehen.
Demnach müsste $author und $comment überprüft werden.

Das mit ereg_replace habe ich versucht und es hat auch geklappt,
nur möchte ich lieber, das der Beitrag dann gar nicht erst gespeichert wird.

Hier der Code der dafür zuständig ist,
und wo dieser Schutz eingebaut werden muss.

PHP: 
// Hier werden die Kommentare gespeichert

    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;
               
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));
                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}
 
Hallo,

du könntest es auch so machen, dass der Text nach bestimmten Wörtern durchsucht wird, wenn ein solches Wort gefuden wird, wird der Eintrag nicht gespeichert, sonst schon.

z.B.
PHP: 
<?
$fehler = "";
$str = "werbung kaufe das und das";
$fehler = substr_count($str, "werbung");
$fehler = substr_count($str, "kaufe");
if ($fehler == ""){
echo "Eintragen";
} else {
echo "Spam";
}
?>

mfg
forsterm
 
ich würde statt substr_count() die Funktion
stristr() empfehlen, da sie das Vorkommen des Strings nicht zählt, sondern beim ersten Finden des gesuchten "Strings" einen Wert zurückgibt. D.h. bei längeren Kommentaren wo eventuell häufiger Verbotene Inhalte enthalten sind muss nicht jedesmal der gesamte Kommentar durchgearbeitet werden.
http://de3.php.net/manual/de/function.stristr.php
 
Danke für die Tips aber das Thema ist schon erledigt.
Ich habe nun eine Art Spamfilter drin, welcher den Text
nach bestimmten Wörtern überprüft und dann
entsprechend weiterarbeitet.

Hier Das Script nochmal mit Spamfilter:

PHP: 
<?php

function badwords($text, $badwords, $replace = "*****") {
   if(!is_array($badwords)) $badwords = array($badwords);
   if(count($badwords) <= 0) return false;

   $global_matches = array();

   foreach($badwords as $badword) {
      $filter = array();
      for($i = 0; $i < strlen($badword); $i++) {
         $filter[] = $badword[$i];
      }

      $pattern = "/(\b".implode("[ \.\*\+\~\-\_\:]*", $filter)."\b)/is";

      if(preg_match_all($pattern, $text, $matches, PREG_PATTERN_ORDER)) {
         $global_matches = array_merge($global_matches, $matches[0]);
         $text = preg_replace($pattern, $replace, $text);
      }
   }

   if(count($global_matches) > 0) return array("matches" => $global_matches, "text" => $text);
   else return false;
}

// Hier werden die Kommentare gespeichert

    if (!function_exists("postComment")) {
    function postComment() {

        global $extension,
               $news_id,
               $options,
               $success,
               $failure,
               $REMOTE_ADDR;

        // hier definiere die zu blockenden wörter
        $badwords = array("boese", "woerter");

           
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);
        require("corebb".$extension);
        
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id");
        if ($result['id'] != "") {
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC");
            if (($ipcheck['time'] + $options['flood_control']) <= time()) {
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) {
                    $author = str_replace("'", "\"", htmlspecialchars($author));
                    $email = str_replace("'", "\"", htmlspecialchars($email));
                    $title = str_replace("'", "\"", htmlspecialchars($title));

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden
                    if($x = badwords($comment, $badwords)) {
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />";
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>";
                        return false;
                    }

                    switch ($options['html_bb_allow']) {
                        case 0: $comment2 = htmlspecialchars($comment);                  break;
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break;
                        case 2: $comment2 = $comment;                                    break;
                        case 3: $comment2 = corebb($comment, "toHTM");                   break;
                    }
                    $comment2 = str_replace("\r\n", "<br />", $comment2);
                    $comment2 = stripslashes($comment2);
                    $comment2 = str_replace("'", "\"", $comment2);
                    $time = time();
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')");
                    if ($query) {
                        $success = "<span id=main>kommentar eingetragen!</span>";
                    } else {
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>";
                    }    
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>";
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!";
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!";
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>";
                }
            } else {
                if ($options['flood_control'] <= 60) {
                    $wait = $options['flood_control']." sekunden";
                } else {
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten";
                }
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>";
            }    
        $close = $dbconn->close();
        }
    }}

// Hier werden die Kommentare ausgegeben

    if (!function_exists("showComments")) {
    function showComments() {

        global $extension,
               $news_id,
               $options,
               $failure,
               $success,
               $styledata;
               
        require("config.inc".$extension);

        print "<span id=main><b>kommentare:</b></span><br />\r\n";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC");
        $close = $dbconn->close();
        $comm1_tpl = $styledata['tpl_comm1'];
        if ($commentdata != "") {
            foreach ($commentdata as $key=>$elem) {
                if (($options['show_comm_email']) && ($elem['email'] != "")) {
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>";
                } else {
        	    $author = $elem['author'];
        	}
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment);
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
                $rows = $dbconn->countRows("SELECT * FROM $smilietable");
                if ($options['comment_smilies'] > 0) {
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) {
                        $correctdata = 0;
                        while($correctdata < 1) {
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id");
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; }
                        }
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />";
                        $comment = str_replace($data['code'], $comment_repl, $comment);
                    }
                }
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl;
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template);
                $comm1_template = str_replace("{author}", $author, $comm1_template);
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template);
                $comm1_template = str_replace("{comment}", $comment, $comm1_template);
                if ($options['php_allowed']) {
                    $comm1_template = str_replace('"', '\"', $comm1_template);
                    $comm1_template = str_replace('?>', 'print "', $comm1_template);
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template);
                    $comm1_template = 'print "'.$comm1_template.'";';
                    $comm1_template = eval($comm1_template);
                }
                print $comm1_template;
            }
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; }
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; }
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; }
    }}

// Hier wird das Kommentar schreiben Feld erstellt

    if (!function_exists("showPostComment")) {
    function showPostComment() {

        global $extension,
               $options,
               $styledata,
               $news_id,
               $QUERY_STRING,
               $PHP_SELF;
                
        $getvars = array();
        $postvars = array('author' ,'email' ,'title' ,'comment');
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } }
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } }

        require("config.inc".$extension);

        $comm2_template = $styledata['tpl_comm2'];
        $formheight = ""; $formwidth = "";
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />";
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />";
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />";
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />";
        if (!$options['force_email']) {+
            $force_mail = " (freiwillig)";
        } else {
            $force_mail = "";
        }
        print "<a name=\"newcomment\"></a>\r\n";
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template);
        $comm2_template = str_replace("{author}", $form_author, $comm2_template);
        $comm2_template = str_replace("{email}", $form_email, $comm2_template);
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template);
        $comm2_template = str_replace("{title}", $form_title, $comm2_template);
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template);
        if ($options['comment_smilies'] > 0) {
            $form_smilies = commentSmilies();
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template);
        } else {
            $comm2_template = str_replace("{smilies}", "", $comm2_template);
        }
        if ($options['php_allowed']) {
            $comm2_template = str_replace('"', '\"', $comm2_template);
            $comm2_template = str_replace('?>', 'print "', $comm2_template);
            $comm2_template = str_replace('<?php', '"; ', $comm2_template);
            $comm2_template = 'print "'.$comm2_template.'";';
            $comm2_template = eval($comm2_template);
        }
        print $comm2_template;
        print "</form>\r\n";   
    }}
    
// Helper für "showPostComment", der die Smilies erzeugt

    if (!function_exists("commentSmilies")) {
    function commentSmilies() {

        global $extension,
               $options,
               $styledata;
                
        require("config.inc".$extension);
        $num_smilies = $options['comment_smilies'];
        $form_smilies = "";
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password);
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) {
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id");
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]");
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n";
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n";
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n";
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n";
            $form_smilies = $form_smilies."    </td>\r\n";
            if ($smilie_id == ($num_smilies / 2)) {
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n";
            }	
        }
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>";
        return $form_smilies;
    }}
?>
 
Hallo,
ich habe noch eine kurze Frage zu dem Script hier:
PHP: 
<?php 

function badwords($text, $badwords, $replace = "*****") { 
   if(!is_array($badwords)) $badwords = array($badwords); 
   if(count($badwords) <= 0) return false; 

   $global_matches = array(); 

   foreach($badwords as $badword) { 
      $filter = array(); 
      for($i = 0; $i < strlen($badword); $i++) { 
         $filter[] = $badword[$i]; 
      } 

      $pattern = "/(\b".implode("[ \.\*\+\~\-\_\:]*", $filter)."\b)/is"; 

      if(preg_match_all($pattern, $text, $matches, PREG_PATTERN_ORDER)) { 
         $global_matches = array_merge($global_matches, $matches[0]); 
         $text = preg_replace($pattern, $replace, $text); 
      } 
   } 

   if(count($global_matches) > 0) return array("matches" => $global_matches, "text" => $text); 
   else return false; 
} 

// Hier werden die Kommentare gespeichert 

    if (!function_exists("postComment")) { 
    function postComment() { 

        global $extension, 
               $news_id, 
               $options, 
               $success, 
               $failure, 
               $REMOTE_ADDR; 

        // hier definiere die zu blockenden wörter 
        $badwords = array("boese", "woerter"); 

            
        $getvars = array(); 
        $postvars = array('author' ,'email' ,'title' ,'comment'); 
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } } 
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } } 

        require("config.inc".$extension); 
        require("corebb".$extension); 
         
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        $result = $dbconn->fetchArray("SELECT * FROM $newstable WHERE id = $news_id"); 
        if ($result['id'] != "") { 
            $ipcheck = $dbconn->fetchArray("SELECT * FROM $commentstable WHERE ip = '$REMOTE_ADDR' ORDER BY time DESC"); 
            if (($ipcheck['time'] + $options['flood_control']) <= time()) { 
                if (($author != "") && (($options['force_email'] == 0 || ($email != "") && ($options['force_email'] == 1))) && ($comment != "")) { 
                    $author = str_replace("'", "\"", htmlspecialchars($author)); 
                    $email = str_replace("'", "\"", htmlspecialchars($email)); 
                    $title = str_replace("'", "\"", htmlspecialchars($title)); 

// methode 1: nur checken ob verbotenes wort enthalten, wenn ja => nicht speichern und beenden 
                    if($x = badwords($comment, $badwords)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />"; 
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>"; 
                        return false; 
                    } 

                    switch ($options['html_bb_allow']) { 
                        case 0: $comment2 = htmlspecialchars($comment);                  break; 
                        case 1: $comment2 = corebb(htmlspecialchars($comment), "toHTM"); break; 
                        case 2: $comment2 = $comment;                                    break; 
                        case 3: $comment2 = corebb($comment, "toHTM");                   break; 
                    } 
                    $comment2 = str_replace("\r\n", "<br />", $comment2); 
                    $comment2 = stripslashes($comment2); 
                    $comment2 = str_replace("'", "\"", $comment2); 
                    $time = time(); 
                    $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
                    $query = $dbconn->execQuery("INSERT INTO $commentstable (news_id, author, email, title, comment, time, ip) VALUES ($news_id, '$author', '$email', '$title', '$comment2', '$time', '$REMOTE_ADDR')"); 
                    if ($query) { 
                        $success = "<span id=main>kommentar eingetragen!</span>"; 
                    } else { 
                        $failure = "<span id=main>kommentar konnte nicht eingetragen werden!</span>"; 
                    }     
                } elseif ((isset($author)) && ($author == "")) { $failure = "<span id=main>kein name eingegeben!</span>"; 
                } elseif ((isset($email)) && ($email == "") && ($options['force_email'] == 1)) { $failure = "Bitte gib deine E-Mail ein!"; 
                } elseif ((isset($title)) && ($title == "")) { $failure = "Bitte gib einen Titel für den Kommentar ein!"; 
                } elseif ((isset($comment)) && ($comment == "")) { $failure = "<span id=main>kein kommentar eingegeben!</span>"; 
                } 
            } else { 
                if ($options['flood_control'] <= 60) { 
                    $wait = $options['flood_control']." sekunden"; 
                } else { 
                    $wait = (($options['flood_control'] - ($options['flood_control'] % 60)) / 60)." Minuten"; 
                } 
                $failure = "<span id=main>du musst $wait warten, bis du einen neuen kommentar posten kannst!</span>"; 
            }     
        $close = $dbconn->close(); 
        } 
    }} 

// Hier werden die Kommentare ausgegeben 

    if (!function_exists("showComments")) { 
    function showComments() { 

        global $extension, 
               $news_id, 
               $options, 
               $failure, 
               $success, 
               $styledata; 
                
        require("config.inc".$extension); 

        print "<span id=main><b>kommentare:</b></span><br />\r\n"; 
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        $commentdata = $dbconn->fetchMultiple("SELECT * FROM $commentstable WHERE news_id = $news_id ORDER BY id ASC"); 
        $close = $dbconn->close(); 
        $comm1_tpl = $styledata['tpl_comm1']; 
        if ($commentdata != "") { 
            foreach ($commentdata as $key=>$elem) { 
                if (($options['show_comm_email']) && ($elem['email'] != "")) { 
                    $author = "<a class=\"comments\" href=\"mailto:$elem[email]\"><b>$elem[author]</b></a>"; 
                } else { 
                $author = $elem['author']; 
            } 
                $comment = $elem['comment']; 
                $comment = str_replace("<a ", "<a class=\"comments\" ", $comment); 
                $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
                $rows = $dbconn->countRows("SELECT * FROM $smilietable"); 
                if ($options['comment_smilies'] > 0) { 
                    for($smilie_id = 1; $smilie_id <= $rows; $smilie_id ++) { 
                        $correctdata = 0; 
                        while($correctdata < 1) { 
                            $data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_id"); 
                            if ($data['id'] == "") { $smilie_id ++; $rows ++; } else { $correctdata = 1; } 
                        } 
                        $comment_repl = "<img src=\"$options[smilie_dir]$data[name]\" border=\"0\" alt=\"$data[title]\" />"; 
                        $comment = str_replace($data['code'], $comment_repl, $comment); 
                    } 
                } 
                $close = $dbconn->close(); 
                $comm1_template = $comm1_tpl; 
                $comm1_template = str_replace("{title}", $elem['title'], $comm1_template); 
                $comm1_template = str_replace("{author}", $author, $comm1_template); 
                $comm1_template = str_replace("{time}", date("G:i", $elem['time']), $comm1_template); 
                $comm1_template = str_replace("{date}", date("j. n. Y", $elem['time']), $comm1_template); 
                $comm1_template = str_replace("{comment}", $comment, $comm1_template); 
                if ($options['php_allowed']) { 
                    $comm1_template = str_replace('"', '\"', $comm1_template); 
                    $comm1_template = str_replace('?>', 'print "', $comm1_template); 
                    $comm1_template = str_replace('<?php', '"; ', $comm1_template); 
                    $comm1_template = 'print "'.$comm1_template.'";'; 
                    $comm1_template = eval($comm1_template); 
                } 
                print $comm1_template; 
            } 
        } else { print "<span id=main>noch keine kommentare vorhanden!<br />\r\n"; } 
        if(isset($failure)) { print "<span id=main><b>fehler: $failure</b></span><br />\r\n"; } 
        if(isset($success)) { print "<span id=main><b>$success</b></span><br />\r\n"; } 
    }} 

// Hier wird das Kommentar schreiben Feld erstellt 

    if (!function_exists("showPostComment")) { 
    function showPostComment() { 

        global $extension, 
               $options, 
               $styledata, 
               $news_id, 
               $QUERY_STRING, 
               $PHP_SELF; 
                 
        $getvars = array(); 
        $postvars = array('author' ,'email' ,'title' ,'comment'); 
        foreach ($getvars as $key=>$elem) { if(isset($_GET[$elem])) { $$elem = $_GET[$elem]; } else { $$elem = ""; } } 
        foreach ($postvars as $key=>$elem) { if(isset($_POST[$elem])) { $$elem = $_POST[$elem]; } if(!isset($$elem)) { $$elem = ""; } } 

        require("config.inc".$extension); 

        $comm2_template = $styledata['tpl_comm2']; 
        $formheight = ""; $formwidth = ""; 
        $form_author ="<input type=\"text\" name=\"author\" maxlength=\"255\" value=\"$author\" />"; 
        $form_email ="<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"$email\" />"; 
        $form_title ="<input type=\"text\" name=\"title\" maxlength=\"255\" value=\"$title\" />"; 
        $form_submit ="<input type=\"submit\" class=\"submit\" value=\"Abschicken\" />\r\n<input type=\"hidden\" name=\"postinit\" value=\"OK\" />"; 
        if (!$options['force_email']) {+ 
            $force_mail = " (freiwillig)"; 
        } else { 
            $force_mail = ""; 
        } 
        print "<a name=\"newcomment\"></a>\r\n"; 
        print "<form action=\"".$PHP_SELF.$QUERY_STRING."&amp;comments=$news_id#newcomment\" method=\"post\" name=\"newcomment\">\r\n"; 
        $comm2_template = preg_replace("/{comment=(\d+),(\d+)}/s", "<textarea name=\"comment\" cols=\"$1\" rows=\"$2\">$comment</textarea>", $comm2_template); 
        $comm2_template = str_replace("{author}", $form_author, $comm2_template); 
        $comm2_template = str_replace("{email}", $form_email, $comm2_template); 
        $comm2_template = str_replace("{force_mail}", $force_mail, $comm2_template); 
        $comm2_template = str_replace("{title}", $form_title, $comm2_template); 
        $comm2_template = str_replace("{submit}", $form_submit, $comm2_template); 
        if ($options['comment_smilies'] > 0) { 
            $form_smilies = commentSmilies(); 
            $comm2_template = str_replace("{smilies}", $form_smilies, $comm2_template); 
        } else { 
            $comm2_template = str_replace("{smilies}", "", $comm2_template); 
        } 
        if ($options['php_allowed']) { 
            $comm2_template = str_replace('"', '\"', $comm2_template); 
            $comm2_template = str_replace('?>', 'print "', $comm2_template); 
            $comm2_template = str_replace('<?php', '"; ', $comm2_template); 
            $comm2_template = 'print "'.$comm2_template.'";'; 
            $comm2_template = eval($comm2_template); 
        } 
        print $comm2_template; 
        print "</form>\r\n";    
    }} 
     
// Helper für "showPostComment", der die Smilies erzeugt 

    if (!function_exists("commentSmilies")) { 
    function commentSmilies() { 

        global $extension, 
               $options, 
               $styledata; 
                 
        require("config.inc".$extension); 
        $num_smilies = $options['comment_smilies']; 
        $form_smilies = ""; 
        $dbconn = new Coresql($db_server, $db_database, $db_account, $db_password); 
        for($smilie_id = 1; $smilie_id <= $num_smilies; $smilie_id ++) { 
            $smilie_desc = $dbconn->fetchArray("SELECT * FROM $csmilietable WHERE id = $smilie_id"); 
            $smilie_data = $dbconn->fetchArray("SELECT * FROM $smilietable WHERE id = $smilie_desc[smilie_id]"); 
            $form_smilies = $form_smilies."    <td class=\"cncomments\">\r\n"; 
            $form_smilies = $form_smilies."      <a href=\"javascript:document.newcomment.comment.value = document.newcomment.comment.value + ' $smilie_data[ code ]'; document.newcomment.comment.focus();\"\r\n"; 
            $form_smilies = $form_smilies."\t  onmouseover=\"status='$smilie_data[title]';return true;\"  onmouseout=\"status='';return true;\">\r\n"; 
            $form_smilies = $form_smilies."    <img src=\"$options[smilie_dir]$smilie_data[name]\" border=\"0\" alt=\"$smilie_data[title]\" /></a>\r\n"; 
            $form_smilies = $form_smilies."    </td>\r\n"; 
            if ($smilie_id == ($num_smilies / 2)) { 
                $form_smilies = $form_smilies."  </tr>\r\n  <tr>\r\n"; 
            }     
        } 
        $close = $dbconn->close(); 
        $form_smilies = "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\">\r\n  <tr>\r\n$form_smilies  </tr>\r\n</table>"; 
        return $form_smilies; 
    }} 
?>

Unter "Methode 1" wird überprüft, ob und welche Wörter im $comment sind
welche gesperrt wird. Es funktioniert auch sehr gut. Wie kann ich nun auch $author
überprüfen lassen. Ich hatte es schon so probiert und $author mit rein
gesetzt aber es funktioniert nicht:
if($x = badwords($author, $comment, $badwords)) {

Mfg Ragey
 
RageNo1 hat gesagt.:
if($x = badwords($author, $comment, $badwords)) {
Zum Vergrößern anklicken....
Dieser Funktionsaufruf kann nicht stimmen. Diese wird immer ein true zurückgeben.

nimm das:
PHP: 
$x = badwords($comment, $badwords);
$y = badwords($author, $badwords)
if(isset($x) OR isset($y)) {
 
Habe es nun so gemacht:
PHP: 
			$x = badwords($comment, $badwords); 
			$y = badwords($author, $badwords); 
			if(isset($x) OR isset($y)) { 
                        echo "<span id=main><b>der spamfilter hat deinen kommentar geblockt! <br>folgende wörter sind auf der schwarzen liste:</b><br />";
                        foreach($x["matches"] as $word) echo "$word "; 
                        echo "<br><br></span>";
                        return false;

Dabei kommt dann folgender Fehler:
Invalid argument supplied for foreach()
in dieser Zeile:
foreach($x["matches"] as $word) echo "$word ";

Mfg Ragey
 
Um antworten zu können musst du eingeloggt sein.

Neue Beiträge

Zurück