Tuesday, October 9, 2007

phpBB anti-spam code

This is an extra anti-spam code to keep protecting your forum from bots that learned the user_name feature as detailed on the previous phpBB anti-spam post:


Open
/includes/usercp_register.php

search for this code:
$sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, 0, 1, ";


and after that line create a new line and paste this code:
if($HTTP_POST_VARS['user_aim'] == $HTTP_POST_VARS['user_yim']){ if($HTTP_POST_VARS['user_aim'] != ""){$sql = "";}}
if($HTTP_POST_VARS['user_aim'] == $HTTP_POST_VARS['user_msnm']){if($HTTP_POST_VARS['user_msnm'] != ""){$sql = "";}}
if($HTTP_POST_VARS['user_msnm'] == $HTTP_POST_VARS['user_yim']){if($HTTP_POST_VARS['user_yim'] != ""){$sql = "";}}
if(substr($HTTP_POST_VARS['user_email'],-2) == "ru"){ $sql = "";}



And that's it, you are done. Your forum now is a little more secure.

Ricardo Guimaraes
Avatar Interactive
http://www.avatarinteractive.com
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)