English
English
When processing log files, we often encounter situations where sensitive information needs to be desensitized, such as the user's IP address, authentication token, etc. This information is stored or output directly without processing, which may cause privacy and security issues.
PHP provides a variety of string processing functions, and mb_eregi_replace is a multi-byte-safe function that supports regular expression replacement and supports Unicode character sets, which are especially suitable for content processing containing multi-byte characters such as Chinese.
This article will explain how to use mb_eregi_replace to find and replace IP addresses and token strings in log content.
Suppose we have the following log snippet:
[2025-05-27 10:00:00] User login from 192.168.1.100 with token abc123xyz
[2025-05-27 10:05:00] Failed login from 10.0.0.5 with token 9f8d7e6c5b
We want to replace the IP address and token in it with [REDACTED_IP] and [REDACTED_TOKEN] .
The mb_eregi_replace function of PHP is used as follows:
string mb_eregi_replace ( string $pattern , string $replace , string $string [, string $option = "msr" ] )
Here is a complete example script for processing log content:
<?php
// Simulate reading log content
$log = <<<LOG
[2025-05-27 10:00:00] User login from 192.168.1.100 with token abc123xyz
[2025-05-27 10:05:00] Failed login from 10.0.0.5 with token 9f8d7e6c5b
LOG;
// Regular Match IPv4 address
$pattern_ip = '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b';
// Regular Match token(Assume that the length consists of letters and numbers 8 arrive 32)
$pattern_token = '\b[a-zA-Z0-9]{8,32}\b';
// replace IP address
$log = mb_eregi_replace($pattern_ip, '[REDACTED_IP]', $log);
// replace token,Be careful to avoid accidentally injuring the numbers in the timestamp
$log = mb_eregi_replace('with token ' . $pattern_token, 'with token [REDACTED_TOKEN]', $log);
// Output result
echo nl2br(htmlspecialchars($log));
?>
The output will look like this:
[2025-05-27 10:00:00] User login from [REDACTED_IP] with token [REDACTED_TOKEN]
[2025-05-27 10:05:00] Failed login from [REDACTED_IP] with token [REDACTED_TOKEN]
In actual projects, we usually do not operate on the original log file directly, but process the content through the log reading and dumping process. For example, you can encapsulate the above logic into a function and then use it for the log display page:
function sanitize_log($logContent) {
$pattern_ip = '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b';
$pattern_token = '\b[a-zA-Z0-9]{8,32}\b';
$logContent = mb_eregi_replace($pattern_ip, '[REDACTED_IP]', $logContent);
$logContent = mb_eregi_replace('with token ' . $pattern_token, 'with token [REDACTED_TOKEN]', $logContent);
return $logContent;
}
// Example call
$rawLog = file_get_contents("https://m66.net/logs/example.log");
echo nl2br(htmlspecialchars(sanitize_log($rawLog)));
mb_eregi_replace provides a concise and efficient way to process log content containing sensitive information. Through reasonable regular expression matching, you can flexibly replace key data such as IP and tokens to protect user privacy and ensure that logs are still useful for development and operation and maintenance.
Pay attention to when using:
Ensure that the replacement mode will not incorrectly damage other legal data.
Note that mb_ereg_replace is case-insensitive. If you want to be case sensitive, you can use mb_ereg_replace .
After PHP 8.0, this function may no longer be recommended. It is recommended to use the PCRE series functions with preg_replace , but it is still convenient and practical in simple scripts.
