Hi there guys,
I've gotten rid of a large portion of my spammers by simply blocking certain TLD's on registration, however I'm still having a problem with those using common TLD's when registering.
Luckily for me, their point in registering is to place info concerning viagra in their bio, location, etc.
What I'm trying to do is to use the illegal username data as a check against all of the other variables., like bio, location, etc.
I tried doing this, but I failed. Here's the last version of what I tried:
function userCheck($uname, $email, $agreetoterms, $bio)
{
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$stop = '';
// check for valid email
$res = pnVarValidate($email, 'email');
if ($res == false) {
$stop = _ERRORINVEMAIL;
}
// check for valid uname
$res2 = pnVarValidate($uname, 'uname');
if ($res2 == false) {
$stop = _NICK2LONG;
}
// check for some e-mail domains.
list [20]($foo, $maildomain) = split [21](\@\, $email);
$maildomain = strtolower [22]($maildomain);
// get the list of banned domains
$domains = pnConfigGetVar('reg_Illegaldomains');
// fix any text formatting and convert to an array
$domains = str_replace [23](', ', ',', $domains);
$checkdomains = explode [24](',', $domains);
// check if our main domain is amonsgt the banned list
if (in_array [25]($maildomain, $checkdomains)) {
$stop = _EMAILINVALIDDOMAIN;
}
// check for some e-mail TLDs that we do not like.
$tld = "cn, ru, ua, by, biz, in, info, lv, tv, ws, pl";
list [26]($foo, $maildomain) = split [27](\@\, $email);
$maildomain = strtolower [28]($maildomain);
// get the list of banned domains
$domains = $tld;
$domains = str_replace [29](', ', ',', $domains);
##
## Make an array of all the domain checks, separated by commas
$checkdomains = explode [30](',', $domains);
##
## Construct the regular expression:
$regex = "/\.(?:" . implode [31]('|', $checkdomains) . ")+$/i";
##
## We use preg_match to test the regular expression against the domain
## If it's found (returns "1") then it's invalid and we can break the loop
if ( preg_match [32]($regex, $maildomain) != false) {
//$stop = "stopped at two";
$stop = _EMAILINVALIDDOMAIN;
}
// check for forbidden data in Biography
$reg_illegalusername = trim [33](pnConfigGetVar('reg_Illegalusername'));
if (!empty [34]($reg_illegalusername)) {
$usernames = explode [35](" ", $reg_illegalusername);
$count = count [36]($usernames);
$pregcondition = "/((";
for ($i = 0;$i < $count;$i++) {
if ($i != $count-1) {
$pregcondition .= $usernames[$i] . ")|(";
} else {
$pregcondition .= $usernames[$i] . "))/iAD";
}
}
if (preg_match [37]($pregcondition, $bio)) {
$stop = "Your submission has failed due to content included in your application.";
}
}
// Check for legal module
if (pnModAvailable('legal')) {
// If legal var agreetoterms checkbox not checked, value is 0 and results in error
if ($agreetoterms == 0) {
$stop = _ERRORMUSTAGREE;
}
}
I had it checking to see if the extra info was activated on registration, but I'm cutting it down until I find my screw up.
In my admin section, I added the word "viagra" to the list of illegal usernames, then tested it with placing the word in all available boxes on registration. It allows it to register.
Could someone tell me what I'm doing wrong?
thanks,
json
--
If at first you don't succeed, then skydiving's not for you.
[17]
[38]
