yanknudtskov
6/16/2014 - 8:18 PM

domain-whitelist-check.php

<?php 
$domains = array( 'http://mydomain.com', 'http://www.mydomain.com', 'http://mydomain.com.evilsite.com', 'http://mydomain.com.mydomain.net', 'http://evilsitemydomain.com' );

foreach( $domains as $domain ) {
	echo $domain . "\n";
	var_dump( is_valid_time_domain( $domain ) );
}
<?php
function my_is_valid_domain( $url ) {
	$whitelisted_domains = array( 'mydomain.com', 'mydomain.net' );
	$domain = parse_url( $url, PHP_URL_HOST );

	// Check if we match the domain exactly
	if ( in_array( $domain, $whitelisted_domains ) )
		return true;

	$valid = false;

	foreach( $whitelisted_domains as $whitelisted_domain ) {
		$whitelisted_domain = '.' . $whitelisted_domain; // Prevent things like 'evilsitetime.com'
		if( strpos( $domain, $whitelisted_domain ) === ( strlen( $domain ) - strlen( $whitelisted_domain ) ) ) {
			$valid = true;
			break;
		}
	}
	return $valid;
}