help Form- adding extra words into validation

@SiddanSep 21.2006

Hello

I have a guestbook where I get spams, The image code verification has no effect, not even if I disable so that you enter a valid code it returns an error. The spams seem to go directly to the .dat file where all the messages are.

anyways by changing the name of the folder I got rid of them and I can see on my previously named folder copy I still get spams.

So I felt like experimenting a little on the sitting duck guestbook while my real guestbook is free from spams.

I have two fields that has to be filled, and the homepage field and email field is checking for character validation. So far so good.
But I would like to add some words that will not pass the validation if matched.

In the email field I do not want any mails containing ~~[b]~~@mail.com[/b] to be valid and in the homepage field I do not want anything containing ~~[b]~~xoomer[/b] to be valid.
And I would like to be able to add more words if neccessary

Here is the current code:

[code=php] if ($vemail != “” && !preg_match(“/([w.-]+)(@[w.-]+)(.[a-z]{2,4})+/i”, $vemail)) { input_err(“Unvalid email address.”); }

if ($vurl != “” && strtolower($vurl) != “http://”) { if (!preg_match (“#^http://[_a-z0-9-]+\.[_a-z0-9-]+#i”, $vurl)) { input_err(“Unvalid URL format.”); } }

[/code]

to post a comment

PHP

11 Comments(s) _↴

@ronverdonkSep 21.2006 — #You could setup a function with an array with 'bad words'. If the function returns false those bad words are not in the string. Here's an example:

[code=php]
 /**
 * Check presence of 'bad strings'.
 */
 function contains_badwords($string) {
 $bad_words = array(
 "content-type:" ,
 "mime-version:" ,
 "multipart/mixed",
 "Content-Transfer-Encoding:",
 "bcc:",
 "cc:",
 "to:",
 "@mail.com" 
 );
 foreach($bad_words as $bad_word) {
 if(eregi($bad_word, strtolower($string))) {
 return true;
 }
 }
 return false;
 }
 [/code]

Ronald ?

@SiddanauthorSep 21.2006 — #ok that sounds great

hehe but how do I connect that to the form, or to the named inputs... ?

@ronverdonkSep 21.2006 — #Well, you could add it at the end of your existing checking code (I assume that your input_error() routine issues a message and reload the form or dies).

[code=php]if (contains_badwords($vemail) || contains_bad_words($vurl) )
 input_err("Input contains invalid data.");[/code]

Ronald ?

@SiddanauthorSep 21.2006 — #super great!

I was confused without that last code to connect it to the form ?

Now I will see if the spammers even enter the forms at all or if they go straight to the data file

btw:

Have all these words below a purpose or are they just made up...?

"content-type:" ,

"mime-version:" ,

"multipart/mixed",

"Content-Transfer-Encoding:",

"bcc:",

"cc:",

"to:",

@ronverdonkSep 22.2006 — #These words are part of HTTP headers that could be hidden in the input

fields.

Ronald ?

@SiddanauthorSep 22.2006 — #yes ok, alltho it is just a guestbook but it does send me a mail whenever someone has signed. But this could be useful on my mailform in otherhands .

And sorry to bother you again but... what is its function when the script is already assigned to one or two named input fields... ¿

@bokehSep 22.2006 — #What is the problem with the captcha? Is it working? What does the spam look like? Is it always the same? Does it contain keywords?

@SiddanauthorSep 23.2006 — #Hey bokeh

Your captcha is very fine but I have no idea how the spams get through. I sure cannot add any entry without entering the correct code.

I was trying once to delete a row in the captcha script so that nothing validates, not even the correct code. And still the spams got through.

The guestbook I have is one single index.php page with a .dat file where it keeps all the entries.

Otherwise with the word verification it blocked the same spammers effeciently

@ronverdonkSep 23.2006 — #yes ok, alltho it is just a guestbook but it does send me a mail whenever someone has signed. But this could be useful on my mailform in otherhands .

And sorry to bother you again but... what is its function when the script is already assigned to one or two named input fields... ¿[/QUOTE]
The bad word blocker has nothing to do with usage in a specific kind of script.

Hackers could use that in any form they want to interrupt, not just emails!

So keep those words in.

Ronald ?

@bokehSep 23.2006 — #And still the spams got through.[/QUOTE]How? There must be a big hole.

@SiddanauthorSep 24.2006 — #The bad word blocker has nothing to do with usage in a specific kind of script.

Hackers could use that in any form they want to interrupt, not just emails!

So keep those words in.

QUOTE]

Alright, that is good to know, thanks again ?

How? There must be a big hole.[/QUOTE]

Yea well it is something alright. I can give you the link to the original script so you can investigate it sometime when you are bored, hehe

Alltho I am not on my work computer so I cannot check it from here so I´ll do it tomorrow

Also in #PHP _↴

trouble populating form with mysql data Getting Connection and Authentication errors while sending mail using PHPMailer Problem of Undefined offset: 29.

Success!

Help @Siddan spread the word by sharing this article on Twitter...

Tweet This

help Form- adding extra words into validation

11 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

help Form- adding extra words into validation

11 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

11 Comments(s) _↴

Also in #PHP _↴