I have a guest book , and I want to make sure that those people who sign the
guest book can't impersonate a member of the web site. the code below
checks the input string, which is the guestbook signer's name, against a
list of defined web site members. Is there any way to circumvent the code
as I've written it?
function validateGuestbookSigner($valToEval,&$errorArray){
echo "Value: $valToEval<BR>";
$valToEval=preg_replace("/[^A-Za-z0-9]/","",$valToEval);
echo "Value after stripping all nonessential debris: $valToEval<BR>";
//obtain the list of names to test against
$names=getGuestBookNames();
//iterate through each person in the list
foreach($names as $name){
//explode to get first and last name
$namePieces=explode(",",$name);
//look for the last name,case insensitive
if(preg_match("/" . $namePieces[0] . "/i", $valToEval)){
$errorArray[]="The last name that it matched is: $namePieces[0]";
$errorArray[]="Please consult the Guestbook Rules for a list of
names of those people in the band or are affilliated with the web site
";
$errorArray[]="Part of the guestbook signer's name matches a last
name that cannot be used";
return false;
}
//look for the first name,case insensitive
//(the name might just be Webmaster, so make sure
// to check if first name exists at all)
if(count($namePieces)>1){
if(preg_match("/" . $namePieces[1] . "/i", $valToEval)){
$errorArray[]="The first name that it matched is:
$namePieces[1]";
$errorArray[]="Please consult the Guestbook rules for a list of
names of those people in the band or are affilliated with the web s
ite";
$errorArray[]="Part of the guestbook signer's name matches a last
name that cannot be used";
return false;
}
}
}
return true;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
