need help modifying user data check on new user registration :: Zikula Community

Start

latest posts

RSS

Print topic

Start :: PostNuke 0.7 Support :: Core Modules & Blocks :: need help modifying user data check on new user registration

Moderated by: Support Team

need help modifying user data check on new user registration

Posted: 05.08.2007, 09:13

rank:: Softmore
registered:: November 2001
Status:: offline
last visit:: 04.09.08
Posts:: 93

Hi there guys,
I've gotten rid of a large portion of my spammers by simply blocking certain TLD's on registration, however I'm still having a problem with those using common TLD's when registering.
Luckily for me, their point in registering is to place info concerning viagra in their bio, location, etc.
What I'm trying to do is to use the illegal username data as a check against all of the other variables., like bio, location, etc.
I tried doing this, but I failed. Here's the last version of what I tried:

Code

function userCheck($uname, $email, $agreetoterms, $bio)
{
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();

    $stop = '';

    // check for valid email
    $res = pnVarValidate($email, 'email');
    if ($res == false) {
        $stop = _ERRORINVEMAIL;
    }

    // check for valid uname
    $res2 = pnVarValidate($uname, 'uname');
    if ($res2 == false) {
        $stop = _NICK2LONG;
    }

    // check for some e-mail domains.
    list($foo, $maildomain) = split(\@\, $email);
    $maildomain = strtolower($maildomain);
    // get the list of banned domains
    $domains = pnConfigGetVar('reg_Illegaldomains');
    // fix any text formatting and convert to an array
    $domains = str_replace(', ', ',', $domains);
    $checkdomains = explode(',', $domains);
    // check if our main domain is amonsgt the banned list
    if (in_array($maildomain, $checkdomains)) {
       $stop = _EMAILINVALIDDOMAIN;
    }



// check for some e-mail TLDs that we do not like.
    $tld = "cn, ru, ua, by, biz, in, info, lv, tv, ws, pl";
    list($foo, $maildomain) = split(\@\, $email);
    $maildomain = strtolower($maildomain);
    // get the list of banned domains
    $domains = $tld;
    $domains = str_replace(', ', ',', $domains);

##
## Make an array of all the domain checks, separated by commas
    $checkdomains = explode(',', $domains);

##
## Construct the regular expression:
    $regex = "/\.(?:" . implode('|', $checkdomains) . ")+$/i";

##
## We use preg_match to test the regular expression against the domain
## If it's found (returns "1&quot   then it's invalid and we can break the loop
    if ( preg_match($regex, $maildomain) != false) {
        //$stop = "stopped at two";
        $stop = _EMAILINVALIDDOMAIN;

    }

// check for forbidden data in Biography
        $reg_illegalusername = trim(pnConfigGetVar('reg_Illegalusername'));
        if (!empty($reg_illegalusername)) {
            $usernames = explode(" ", $reg_illegalusername);
            $count = count($usernames);
            $pregcondition = "/((";
            for ($i = 0;$i < $count;$i++) {
                if ($i != $count-1) {
                    $pregcondition .= $usernames[$i] . ")|(";
                } else {
                    $pregcondition .= $usernames[$i] . "))/iAD";
                }
            }
            if (preg_match($pregcondition, $bio)) {
                $stop = "Your submission has failed due to content included in your application.";
            }
    }




    // Check for legal module
    if (pnModAvailable('legal')) {
        // If legal var agreetoterms checkbox not checked, value is 0 and results in error
        if ($agreetoterms == 0) {
            $stop = _ERRORMUSTAGREE;
        }
    }

I had it checking to see if the extra info was activated on registration, but I'm cutting it down until I find my screw up.
In my admin section, I added the word "viagra" to the list of illegal usernames, then tested it with placing the word in all available boxes on registration. It allows it to register.
Could someone tell me what I'm doing wrong?
thanks,
json
-----
If at first you don't succeed, then skydiving's not for you.

notify mod

Posted: 05.08.2007, 23:33

rank:

Software Foundation

registered:

Status:

offline

last visit:

31.08.08

Posts:

4474

what about simply adding an individual question/answer combination during registration? additionally blocking 'lwp' and 'libwww' might help against a lot of automated registration attempts.

-----
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..

notify mod
Posted: 06.08.2007, 04:51

rank:

Softmore

registered:

November 2001

Status:

offline

last visit:

04.09.08

Posts:

93

Hi there larsneo,

I'm trying that tactic as well, but I was hoping to do this in addition for the manual entries, however many there may be.

Do you think the code will work, but it's just the fact that the values are not being carried forward, or do you think my code is the problem(or maybe both)?

thanks,
json

-----
If at first you don't succeed, then skydiving's not for you.

notify mod
Posted: 06.08.2007, 08:10
rank:

Softmore

registered:

November 2001

Status:

offline

last visit:

04.09.08

Posts:

93
Hi there,
Also, forgot to ask:
When you stated to block libwww and LWP, those are the same thing, aren't they?
I use
Code
SetEnvIfNoCase User-Agent "^libwww-perl*" BadBot
to block it. will that suffice?
thanks,
json
-----
If at first you don't succeed, then skydiving's not for you.
notify mod
Posted: 06.08.2007, 10:19
rank:

Softmore

registered:

November 2001

Status:

offline

last visit:

04.09.08

Posts:

93
Last time I bother you until you get back, I promise:
Concerning a simple q&a: I'm trying to pass a value through the registration form, but I can't seem to do so.
In the registration section, I've added the following:
Code
<input type='text' name='verify' length='20'>
and on the next page where it prints the success message for registration, below it, I placed the following:
Code
$verify = $_POST['verify'];
echo("Verify value is: ".$verify);
but when I run the registration process, it echoes the following:

Quote
Verify value is:

although I entered a value in the text box. Is there something special I need to do to get PostNuke to allow the value to make it through the pageload?
thanks,
json
-----
If at first you don't succeed, then skydiving's not for you.
notify mod
Posted: 07.08.2007, 20:43

rank:

Softmore

registered:

November 2001

Status:

offline

last visit:

04.09.08

Posts:

93

I've also tried:

[EDIT]Got it. It needed to be inside the form

I would appreciate any suggestions you might have for my original dilemma, that being the attempt to check the other values being passed, like bio, website, etc..

thanks,
json

edited by: schwim, Aug 07, 2007 - 10:53 AM

-----
If at first you don't succeed, then skydiving's not for you.

notify mod

Start :: PostNuke 0.7 Support :: Core Modules & Blocks :: need help modifying user data check on new user registration

Support Forum

Main Menu

Extensions Database

Documentation

Development

Login

Donate to Zikula