C h a p t e r 6 : F o r m s a n d U s e r I n p u t
131
C h a p t e r 6 : F o r m s a n d U s e r I n p u t
131
How It Works
This is another of those extremely short and sweet, yet exceedingly powerful plug-ins. What
it does is take the text you supply it with, along with the array of keywords, and then calls
plug-in 5, PIPHP_WordSelector(), with a blank replace string. This has the effect of
removing every matching word from the string.
It’s then a simple matter to subtract the length of the new string from the original one
and return the difference. The larger this difference, the more words were removed from
the string and so the more keywords have matched, and therefore the more likely it is that
the string contained spam. If there is no difference, then no words matched and the string
is considered spam-free.
How to Use It
To use this plug-in well, you need to first create your array of trigger keywords. You should
base this on words unique to user spam that you have already received, with code like the
following to filter user posts:
$words = array('rolex', 'replica', 'loan', 'mortgage', 'viagra',
'cialis', 'acai', 'free', 'stock', 'guaranteed',
'refinancing', 'cartier', 'manhood', 'drugs');
if (PIPHP_SpamCatch($text, $words) < 15) echo "Probably not spam";
else echo "Probably spam";
Of course, this is a very small set of keywords and you will very likely need to come up
with your own much larger list. This you will probably compile over time, and will include
large numbers of keywords unsuitable for publication in this book.
You may also wish to experiment with the spam score of 15 used earlier to distinguish
between spam and non-spam. Set it lower if too much is getting through, or higher if too
many non-spams are being rejected.
The Plug-in
function PIPHP_SpamCatch($text, $words)

{
return strlen($text) -
strlen(PIPHP_WordSelector($text, $words, ''));
}
Send E-mail
Often, after receiving user input you need to send an e-mail, perhaps to yourself, to a colleague,
or maybe to the e-mail submitter, thanking them for their input.
Sending an e-mail from your server isn’t too hard using PHP’s built-in mail() function.
But if you want to send CCs or BCCs, you have to start assembling headers, which starts
getting complicated. Using this plug-in, all that’s handled for you. You just supply the
message, subject lines, and the e-mail addresses of all recipients and it gets on with
sending the e-mail for you. You can even specify a different Reply-To address if needed.
Figure 6-8 shows the plug-in in use.

38

132
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s

132
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
About the Plug-in
This plug-in accepts a string containing the text of an e-mail to send, along with another for
a subject line, and various other arguments specifying the e-mail addresses of people to
whom it should also be sent. It takes these arguments:
• $message The text of the e-mail
• $subject The e-mail’s subject
• $priority The message’s priority: 1 (high) – 5 (low), or leave it blank for none
• $from The e-mail address of the sender
• $replyto The e-mail address to which replies should be addressed

• $to The e-mail address of the recipient
• $cc An array of e-mail addresses for CC copies
• $bcc An array of e-mail addresses for Blind CC copies (no recipient will see any
BCC e-mail addresses in the message they receive)
• $type If set to “HTML,” the e-mail will be sent in HTML format; otherwise, it will
be sent as text.
Variables, Arrays, and Functions
$headers
String containing additional headers to be sent
How It Works
A lot of the work is handled by the mail() function built into PHP, but it needs help
constructing additional headers because it only supports arguments of recipient, subject,
message, and headers.
Therefore, this plug-in starts by assigning to the variable $headers the string value
“From:”, followed by the value in $from and a \r\n carriage return\linefeed pair. If this
were not done, the e-mail might be sent as if the sender were the web server itself. Next, if
the value of $type is set to “HTML,” then the correct headers to send the e-mail using
HTML are appended to $headers.
FIGURE 6-8 Sending an e-mail with this plug-in is a single-line function call.
C h a p t e r 6 : F o r m s a n d U s e r I n p u t
133
C h a p t e r 6 : F o r m s a n d U s e r I n p u t
133
After that, if $priority has a value greater than 0, then an X-Priority: header is
appended to $headers. Also, if the $replyto variable has a value, then the correct Reply-To:
header is appended to $headers.
Then, the CC and BCC headers are created by iterating through the arrays of e-mail
addresses in $cc and $bcc (if any), appending each to the relevant header line.
Finally, the mail() function is called with the values in $to, $subject, and $message,
but now with a properly formatted sequence of headers in $headers to handle the other

parameters.
How to Use It
Sending an e-mail with this plug-in is as easy as the following example, in which
is the sender’s e-mail address, and is the recipient’s:
if (PIPHP_SendEmail($message, $subject, '', '', '',
'', NULL, NULL, ''))
echo "Mail successful";
Or, to add a CC line this might change to the following, noting that the CC and BCC
arguments must be passed as arrays of e-mail addresses:
if (PIPHP_SendEmail($message, $subject, '', '', '',
'', array(''), NULL, ''))
echo "Mail successful";
TIP If, when you use this plug-in, you get an error such as Warning: mail() [function.mail]:
Failed to connect to mailserver at "localhost" port 25… then you don’t have your server
properly configured for e-mail. In fact, if you are using Zend Server CE and/or a web
development server, you may not actually want to run a mail server on that machine anyway,
and should probably test this code on a server already configured for mail.
The Plug-in
function PIPHP_SendEmail($message, $subject, $priority, $from,
$replyto, $to, $cc, $bcc, $type)
{
$headers = "From: $from\r\n";

if (strtolower($type) == "html")
{
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
}

if ($priority > 0) $headers .= "X-Priority: $priority\r\n";

if ($replyto != "") $headers .= "Reply-To: $replyto\r\n";

if (count($cc))

134
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s

134
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
{
$headers .= "Cc: ";
for ($j = 0 ; $j < count($cc) ; ++$j)
$headers .= $cc[$j] . ",";
$headers = substr($headers, 0, -1) . "\r\n";
}

if (count($bcc))
{
$headers .= "Bcc: ";
for ($j = 0 ; $j < count($bcc) ; ++$j)
$headers .= $bcc[$j] . ",";
$headers = substr($headers, 0, -1) . "\r\n";
}

return mail($to, $subject, $message, $headers);
}
BB Code
Because of the risks involved with allowing users to enter HTML via a web form, alternatives
had to be invented that would offer freedom of textual formatting without the risk of server
hacking. One of the first and most popular of these systems was BB Code, which stands for

Bulletin Board Code.
Because it is used on web forums all over the Internet, your users will be very familiar with
BB Code, and using this plug-in you can now fully support it on your web site—including
making URLs clickable, as you can see in Figure 6-9.
About the Plug-in
This plug-in accepts a string containing BB Code and returns it translated into safe HTML.
It takes this argument:
• $string The string to translate.
FIGURE 6-9 BB Code is a great way to allow users the ability to control their HTML layout without worrying
about getting hacked.

39
C h a p t e r 6 : F o r m s a n d U s e r I n p u t
135
C h a p t e r 6 : F o r m s a n d U s e r I n p u t
135
Variables, Arrays, and Functions
$from
Array containing the supported BB Codes
$to
Array containing the HTML equivalents to BB Code
How It Works
This plug-in starts by replacing all occurrences found in the string $string from the array
$from with those in the array $to, using the str_replace() function. It then uses the
preg_replace() function four times to perform slightly more complex translations:
• Converts any [size=??] codes to CSS font-size:??px tags
• Converts any [color=??] codes to <font color='??'> HTML tags
• Converts any [url]??[/url] codes to <a href=’??>??</a> HTML tags
• Converts any [url=??] codes to <a href='??'> HTML tags
With all translations completed, the modified string is returned. If no modifications

were made, then the original string is returned.
How to Use It
To use this plug-in, just pass the function PIPHP_BBCode() some text to be translated and it
will be returned to the calling code. If there is BB Code in the text, it will be replaced with
matching HTML and/or CSS tags, otherwise it will be returned unchanged. The following
example populates $text with some text, including BB Code, and then calls the plug-in to
display it:
$text = <<<_END
This is a test of BB Code
[size=12]Size 12[/size]
[size=20]Size 20[/size]
[size=32]Size 32[/size]
[i]italic[/i]
[color=red][b]bold red[/b][/color]
[u]underline[/u]
[s]strikethrough[/s]
[url][/url]
[url=]A titled hyperlink[/url]
[quote]Block quoted text[/quote]
_END;

echo PIPHP_BBCode($text);
The list of BB Codes supported by this plug-in and the actions they perform are shown
in Table 6-1.
I should mention that I believe BB Code’s support for images and URLs repr
esents a
potential security risk and I would recommend using Pound Code (the next plug-in) instead.
Or, on a site that makes use of GET requests, if you must support BB Code, you should consider
removing or commenting out the sections supporting images and URLs. I have more to say on
this matter in the “How to Use It” section of the Pound Code plug-in, following.