- Moderated by:
- Support Team
need help modifying user data check on new user registration
-
- rank:
-
Softmore
- registered:
- December 1969
- Status:
- offline
- last visit:
- 17.10.08
- Posts:
- 97
Hi there guys,
I've gotten rid of a large portion of my spammers by simply blocking certain TLD's on registration, however I'm still having a problem with those using common TLD's when registering.
Luckily for me, their point in registering is to place info concerning viagra in their bio, location, etc.
What I'm trying to do is to use the illegal username data as a check against all of the other variables., like bio, location, etc.
I tried doing this, but I failed. Here's the last version of what I tried:
Code
function userCheck($uname, $email, $agreetoterms, $bio)
{
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$stop = '';
// check for valid email
$res = pnVarValidate($email, 'email');
if ($res == false) {
$stop = _ERRORINVEMAIL;
}
// check for valid uname
$res2 = pnVarValidate($uname, 'uname');
if ($res2 == false) {
$stop = _NICK2LONG;
}
// check for some e-mail domains.
list($foo, $maildomain) = split(\@\, $email);
$maildomain = strtolower($maildomain);
// get the list of banned domains
$domains = pnConfigGetVar('reg_Illegaldomains');
// fix any text formatting and convert to an array
$domains = str_replace(', ', ',', $domains);
$checkdomains = explode(',', $domains);
// check if our main domain is amonsgt the banned list
if (in_array($maildomain, $checkdomains)) {
$stop = _EMAILINVALIDDOMAIN;
}
// check for some e-mail TLDs that we do not like.
$tld = "cn, ru, ua, by, biz, in, info, lv, tv, ws, pl";
list($foo, $maildomain) = split(\@\, $email);
$maildomain = strtolower($maildomain);
// get the list of banned domains
$domains = $tld;
$domains = str_replace(', ', ',', $domains);
##
## Make an array of all the domain checks, separated by commas
$checkdomains = explode(',', $domains);
##
## Construct the regular expression:
$regex = "/\.(?:" . implode('|', $checkdomains) . ")+$/i";
##
## We use preg_match to test the regular expression against the domain
## If it's found (returns "1") then it's invalid and we can break the loop
if ( preg_match($regex, $maildomain) != false) {
//$stop = "stopped at two";
$stop = _EMAILINVALIDDOMAIN;
}
// check for forbidden data in Biography
$reg_illegalusername = trim(pnConfigGetVar('reg_Illegalusername'));
if (!empty($reg_illegalusername)) {
$usernames = explode(" ", $reg_illegalusername);
$count = count($usernames);
$pregcondition = "/((";
for ($i = 0;$i < $count;$i++) {
if ($i != $count-1) {
$pregcondition .= $usernames[$i] . ")|(";
} else {
$pregcondition .= $usernames[$i] . "))/iAD";
}
}
if (preg_match($pregcondition, $bio)) {
$stop = "Your submission has failed due to content included in your application.";
}
}
// Check for legal module
if (pnModAvailable('legal')) {
// If legal var agreetoterms checkbox not checked, value is 0 and results in error
if ($agreetoterms == 0) {
$stop = _ERRORMUSTAGREE;
}
}
I had it checking to see if the extra info was activated on registration, but I'm cutting it down until I find my screw up.
In my admin section, I added the word "viagra" to the list of illegal usernames, then tested it with placing the word in all available boxes on registration. It allows it to register.
Could someone tell me what I'm doing wrong?
thanks,
json
--
If at first you don't succeed, then skydiving's not for you.
-
- rank:
-
Software Foundation
- registered:
- December 1969
- Status:
- offline
- last visit:
- 15.11.08
- Posts:
- 4481
what about simply adding an individual question/answer combination during registration? additionally blocking 'lwp' and 'libwww' might help against a lot of automated registration attempts.
--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
-
- rank:
-
Softmore
- registered:
- December 1969
- Status:
- offline
- last visit:
- 17.10.08
- Posts:
- 97
Hi there larsneo,
I'm trying that tactic as well, but I was hoping to do this in addition for the manual entries, however many there may be.
Do you think the code will work, but it's just the fact that the values are not being carried forward, or do you think my code is the problem(or maybe both)?
thanks,
json
--
If at first you don't succeed, then skydiving's not for you.
-
- rank:
-
Softmore
- registered:
- December 1969
- Status:
- offline
- last visit:
- 17.10.08
- Posts:
- 97
Hi there,
Also, forgot to ask:
When you stated to block libwww and LWP, those are the same thing, aren't they?
I use
Code
SetEnvIfNoCase User-Agent "^libwww-perl*" BadBot
to block it. will that suffice?
thanks,
json
--
If at first you don't succeed, then skydiving's not for you.
-
- rank:
-
Softmore
- registered:
- December 1969
- Status:
- offline
- last visit:
- 17.10.08
- Posts:
- 97
Last time I bother you until you get back, I promise:
Concerning a simple q&a: I'm trying to pass a value through the registration form, but I can't seem to do so.
In the registration section, I've added the following:
Code
<input type='text' name='verify' length='20'>
and on the next page where it prints the success message for registration, below it, I placed the following:
Code
but when I run the registration process, it echoes the following:
Quote
Verify value is:
although I entered a value in the text box. Is there something special I need to do to get PostNuke to allow the value to make it through the pageload?
thanks,
json
--
If at first you don't succeed, then skydiving's not for you.
-
- rank:
-
Softmore
- registered:
- December 1969
- Status:
- offline
- last visit:
- 17.10.08
- Posts:
- 97
I've also tried:
[EDIT]Got it. It needed to be inside the form :)
I would appreciate any suggestions you might have for my original dilemma, that being the attempt to check the other values being passed, like bio, website, etc..
thanks,
json
edited by: schwim, Aug 07, 2007 - 10:53 AM
--
If at first you don't succeed, then skydiving's not for you.
|
