Savride’s Weblog

Another simple function of my library (extended at 09-09-2008).

Use it when You need to cut some text/string to given length in chars or specified word count and wish to add some suffix at the end like » read more or …

From:

$_str = “Here’s a sampling of features that might make you want to use WordPress.com. (Besides it being run by some swell folks!) We’re not fancy-pants marketers“

$_str = _str_cut( $_str, 30, “ » read more”);

 To:

Here’s a sampling of features » read more 

/**
 * (C)2008 savride.wordpress.com
 * @return String cut to needed length and with suffix if need one
 * for example "..." as default or "<a href=" or what you just enter
 * @param $_str Object given string
 * @param $_len Object new length to set
 * @param $_more Object[optional] suffix string instead of "..." fe. <a href="http://set_some.link.com">Link name set</a>
  * @param $_cnt_words - cut to given words NUM - UPDATE
 */

function _str_cut( $_str, $_len, $_more = " ...", $_cnt_words = false, $_separator = " ")
{
  $_str = strip_tags( $_str );

  // return by WORD COUNT - update
  if( $_cnt_words )
  {
  $_new_str = "";

  if( $_cnt_words == 1)
    return strtok( $_str, $_separator );

    $_new_str .= $_separator.strtok( $_str, $_separator );

    while( $_cnt_words > 0 )
     {
     $_new_str .= $_separator.strtok( $_separator );
     $_cnt_words--;
     }
   return trim($_new_str, $_separator);
  }
  // return by WORD COUNT - update

  $_start_len = strlen( $_str);
  $_new_len   = $_len - strlen( strip_tags($_more)); 
 
  if ( $_start_len >= $_new_len)
    {
    $_str = substr( $_str, 0, $_new_len);
    $_str = preg_replace( '/\s+[^\s]+?$/', "", $_str);
    $_str .= " ".$_more;
    }
 
  return( $_str);
}

Feel free to use it.

Space Buddy

Quick design sketch for
another computer game
- unreleased though – (near 1993)

NOC
Typo Skull 

& typical experimental typography exercise (near 1995)
Some computer game title case study

Some Lady

woman head – an exercise

Now i’m not addicted ]-}

If You’re tired of maintaining endless $_POST, $_GET or other multiple variables passed to Your PHP scripts,  want to gain more control over them or just try to secure things from abusive users, bots etc. it’s conveniently to use some shortcut.

How to group them at one place? It’s easy, and it’s a time saver to simplify complicated.

Try this wrapper function. It’s especially not optimized fe. to switch or shortened in any way, both for tutorial purposes and that it comes straight out of my PHP project. The project is always ‘work in progress’ so some code has to stay unoptimized for further evaluation.

Some people use such code for so called front controller and other:

page = $_GET['page'];
swith($page) {
case 'home':
include_once('index.php');
break;
case: {...}

Try to avoid it.
You can have multiple places in your script where some variable has to be used and checked. Why do always the same and worst – insecure.  

Do it better way:

/**
 * Savride's environment variables filtering ($_GET, $_POST, etc.) (c) 2008
 * wrapper function
 *
 * @return > a filtered value or redirect if filtered out as abuse  
 * @param $_option Object > get variable by index, example: 'pagename' (useful when var does'nt exist)
 * @param $_old_option Object > use this as default if no value is set
 * @param $_filter Object[optional] regexp for advanced filtering or simple /string/ to deny
 */
function _sopt( $_option, $_old_option = false, $_filter = false)
  {
  $_value = false;
  if( isset( $_GET[$_option] )) {
    $_get_t = $_GET[$_option];
  
    if( $_get_t !== false)
      $_value = $_get_t;
    }

  if( isset( $_POST[$_option] )) {
    $_post_t = $_POST[$_option];
   
    if( $_post_t !== false)
      $_value = $_post_t;
    }

  if( $_filter) {
    if ((( strpos($_filter, "#") !== false) && ( strpos($_filter, "#") == 0))
      ||
      (( strpos($_filter, "/") !== false) && ( strpos($_filter, "/") == 0))) {
        if ( !preg_match( $_filter, $_value)) {
          $_value = false;
              //echo "Error _sopt - unwanted chars";
          }
      }
      else
       if( strpos( $_value, $_filter) !== false) {
             //echo "$_value  | $_filter";
         Header( "HTTP/1.1 403 Forbidden" );
         exit;
         }
    }

  if( !$_value ) 
    {
    if ( isset( $_old_option) && ( $_old_option != "") )
      $_value = $_old_option;
      else
      $_value = false;   
      }

      //echo $_value;
  return( $_value );
  }

Example usage:

// simplest (no multiple conditionals at this place in code)
$_var = _sopt('page');

// check for abusive http URLs injections

if(( _sopt( 'page', "", "http://" ) == false ) || ( _sopt(  'page', "", "http%3A%2F%2F" ) == false ))
(...)

if( _sopt( 'PHPSESSID', "", "http://" )
  ||
  _sopt( 'PHPSESSID', "", "http%3A%2F%2F" ))
  {...};

// check some sent FORM / LINK variable 

if( _sopt( 'fbt_message_send', "") )
(...)

// variable check filtered with regexp

if( _sopt( 'subpage', "", "/^[a-zA-Z0-9]+$/" ))
(...)

And so on. Use this idea freely. I hope it’ll work for You.

This piece of code can be extended with a wider variable scope, not just $_GET… etc. also can be used with any variable check operation/validation. 
Depends of functionality/speed overhead You can afford in Your project.
Caching for current script page variables can be added (eliminates $_GLOBALS access), also an additional parameter escaping functions.

The thing is: use single wrapper function, do not let variables spread all over your scripts.

Don’t let it be Yours one and only security line, as i said, it’s just a part of an environment validation but very useful and important.
Don’t put it in heavy for/while etc. loops.