编辑：

Question

我在我的网站上聊天，但它没有帐号，所以诅咒很猖獗。我使用PHP将我的所有数据写入user.txt。在php中是否有一个简单的过滤器用于盲目诅咒？因为我使用的js似乎效果不好：

＆＃13;

$(function() {
  $("input:submit[name='submit']").on("click",function() {
    var name = $("input:text[name='name']").val();
    var message = $("input:text[name='field2']").val();
    var badwords = ["dingbat", "poopy"];

    /* do this */ 

    if($.inArray(name, badwords) !==-1 || $.inArray(message, badwords) !==-1) {
      alert("Your Message Contains Bad Words, Please Remove Them Before Proceeding");
      return false;
    }
  });
});

＆＃13;

以下是我的完整代码（减去txt.php，只显示user.txt）

＆＃13;

@import url(https://fonts.googleapis.com/css?family=Lato:400,100,300);
 #blu {
 background: #F0FAFF;
 padding: 3;
width: 310;
        }
		b, i, p {
 -webkit-transition: all 0.5s ease;
    font-size: 16px;
    font-size: 1rem;
    line-height: 23px;
    line-height: 1.4375rem;
    font-weight: 400;
    font-style: normal;
    font-family:"Lato";
}
iframe{border: 3px solid white;}

button,input, #rcp_submit, #rcp_update_card {
    display: inline-block;
    font-family: "Lato", sans-serif;
    font-weight: 500;
    outline: 0;
    border-radius: 0;
    color: black;
    background: #FFFFFF;
    white-space: nowrap;
    padding: 9px 16px !important;
    line-height: 1.4;
    border: 0;
	color:black;
    position: relative;
    -webkit-transition: 0.1s;
    transition: 0.1s;
}

＆＃13;

,!--this file is called c5.php-->
<?php
if(isset($_POST['field1']) && isset($_POST['field2'])) {
    $data = $_POST['field1'] . '-' . $_POST['field2'] . "<br>";
    $ret = file_put_contents('user.txt', $data, FILE_APPEND | LOCK_EX);
    if($ret === false) {
        die('There was an error writing this file');
    }
    else {
	echo "$ret bytes written to file<a href ='javascript:history.go(-1)'>go back</a>";
    }
}
else {
   die('no post data to process');
}
?>
<html>
<body onload="reloadIFrame();">
<script>
window.setInterval("reloadIFrame();", 3000);
function reloadIFrame() {
 document.getElementById("myIframe").src="txt.php";
}
</script>
<div id ="blu">
<table>
<p>Chat about your code</p>
<td>
<iframe src ="txt.php" id ="myIframe"></iframe><br/>
<button onclick="reloadIFrame();">Refresh feed</button>
<form action="c5.php" method="POST">
<p>Name:</p>
    <input name="field1" type="text" />
	<h3>&nbsp;</h3>
<p>Question:<p>
    <input name="field2" type="text" />
    <input type="submit" name="submit" value="Submit">
</form>
<a href="user.txt" download="chatlogs">download chat logs</a>
</td>
</table>
</div>

＆＃13;

Answer 1

让我们来看看为什么你的js不能正常工作

您正在匹配一个单词的整个句子。 以下是var name为BADWORD SOMEONE_BADWORD的示例你在搜索数组是否包含该值（BADWORD SOMEONE_BADWORD）

所以你要做的就是把句子分成它的基本成分单词

name.split(/[(\s|_)]/) // split the name by white space or underscore

现在你将有一个

数组

["BADWORD", "SOMEONE", "BADWORD"]

，代码变为：

$(function() {
  function containBadWord(words , banlist){
    var bad = false;
    $.each(words , function(k , v){
        if($.inArray(v, banlist) !==-1){
           bad = true;
           return false;
        }
    });
    return bad;
  }
  $("input:submit[name='submit']").on("click",function() {
    var name = $("input:text[name='']").val(); 
    var name_split = name.split(/[(\s|_)]/); 
    var message = $("input:text[name='field2']").val();
    var message_split = message .split(/[(\s|_)]/); 
    var badwords = ["dingbat", "poopy"];

    /* do this */ 
    if(containBadWord(name_split , badwords )){
     alert("your name has bad words")
    }

    if(containBadWord(message_split , badwords )){
     alert("your messagehas bad words")
    }
  });
});

编辑：

上面的代码无效，因为你的jquery选择器也都错了。

`input:text[name='']` will select an input with an empty attribute of `name`

这是工作代码

https://jsfiddle.net/tq7odeLg/

Answer 2

我尝试了这个，它有效：

<?php

$find=array('bad','word','words');

$replace=array('...','...','...');

if(isset($_POST['user_input'])&&!empty($_POST['user_input']))
	    $data = $_POST['name'] . '-' . $_POST['user_input'] . "<br>";
$ret = file_put_contents('user.txt', $data, FILE_APPEND | LOCK_EX);
    if($ret === false) {
        die('There was an error writing this file');
    }
    else {
    }
{

$user_input=$_POST['user_input'];

$user_input_new=str_ireplace($find,$replace,$user_input);

}
?>

<p>    <?php 
        $text = file_get_contents('user.txt');
        echo $text;
    ?>
</p>
<style>
@import url(https://fonts.googleapis.com/css?family=Lato:400,100,300);
b, i, p {
 -webkit-transition: all 0.5s ease;
    font-size: 16px;
    font-size: 1rem;
    line-height: 23px;
    line-height: 1.4375rem;
    font-weight: 400;
    font-style: normal;
    font-family:"lato";
}
</style>

<hr>

<form action="ws.php" method="POST">
<p>name:</p><input name ="name" type ="text"></input><br/>
<p>comment:</p><br/><textarea name="user_input" rows="6" col="30">
</textarea><br/>
<input type="Submit" value="Submit">

</form>
</form>

PHP聊天审查

2 个答案:

编辑：