Anti-Spam override for all submitted data

Are you getting a lot of spam, or junk messages sent via your Joomla site?

I know certain components of Joomla let you put banned words but I know of even more that don't.  If you find all your forms need extra plugins and captchas (such as JezRecaptcha), then the website security isn't amazing.  I used to have Captcha on my K2 by Joomlaworks but if you did the sound version, it didn't work properly.  I found that sometimes the captcha wouldn't even match what you typed and what it displayed!!!

I have written this article to be another one of those programmer's tweaks.  This is quite a simple fix and I will hopefully be able to keep it simple for non-programmers.  The tweak below will stop any of your pages submitting content containing your banned words.

We're going to modify a file containing 2 lines of code by default.  The file is index2.php in your Joomla root folder.  Make a copy of it, back it up or do whatever you usually do when you modify a server-side file... ahem...

The code by to look for (joomla default) should be as follows:

copyraw
$_REQUEST['tmpl'] = 'component';
include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  include('index.php')

There is some more text but it's in /* lines */ which means these are comments.

 

The quick solution is:

copyraw
$_REQUEST['tmpl'] = 'component';
$offensive_words=array("viagra","cialis","[url=","porn","pfizer");
if (is_array($_GET)) $GotVars.=implode(",", $_GET).",";
if (is_array($_POST)) $GotVars.=implode(",", $_POST).",";
for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true; } 
if (!$offense) include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  $offensive_words=array("viagra","cialis","[url=","porn","pfizer")
  3.  if (is_array($_GET)) $GotVars.=implode(",", $_GET).","; 
  4.  if (is_array($_POST)) $GotVars.=implode(",", $_POST).","; 
  5.  for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true} 
  6.  if (!$offense) include('index.php')

The reporting solution (which tells your visitor what word caused an offense) is:

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$errors="";
 
# CONVERT THE SUBMITTED DATA INTO STRING(S)
$GotVars="";
if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",");
if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",");
 
# NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING
for ($i=0; $i<count($offensive_words); $i++) {
	$offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":"";
}
# IF THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE
$errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":"";
 
# IF THE ERRORS STRING IS EMPTY PROCEED AS NORMAL, IF NOT THEN DISPLAY MESSAGE
if (trim($offensive_string)=="") {
	include('index.php');
} else {
	echo $errors;
}
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $errors=""; 
  7.   
  8.  # CONVERT THE SUBMITTED DATA INTO STRING(S) 
  9.  $GotVars=""; 
  10.  if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",")
  11.  if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",")
  12.   
  13.  # NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING 
  14.  for ($i=0$i<count($offensive_words)$i++) { 
  15.      $offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":""; 
  16.  } 
  17.  # IF THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE 
  18.  $errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":""; 
  19.   
  20.  # IF THE ERRORS STRING IS EMPTY PROCEED AS NORMAL, IF NOT THEN DISPLAY MESSAGE 
  21.  if (trim($offensive_string)=="") { 
  22.      include('index.php')
  23.  } else { 
  24.      echo $errors
  25.  } 

My comments in the code above are prefixed with #. As you can see I actually tell the user what word they've used that's been banned. You could easily not do this by replacing echo $errors="" with the word Return in the second to last line.

To sum up: my code does the following:

  1. Add words to the "offensive_words" array
  2. Joins any submitted data into 1 long string
  3. Tries to find each "offensive word" (case-insensitive) in the submitted data
  4. Creates a message if there was a banned word found
  5. If no message created, it proceeds as per usual; if not, it does not submit the form

To add more banned words, simply keep adding lines using the following syntax

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$offensive_words[]="porn";
$offensive_words[]="a banned phrase";
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $offensive_words[]="porn"; 
  7.  $offensive_words[]="a banned phrase"; 
  8.  #... 

or

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array("viagra","cialis","[url=","porn","a banned phrase");
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array("viagra","cialis","[url=","porn","a banned phrase")
  3.  #... 

Additional Information: The Open Web Application Security Project (OWASP)

Category: Joomla :: Article: 237

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Joes Word Cloud

joomla   should   even   pfizer   override   default   make   folder   messages   post   whatever   lines   implode   know   index2   words   captcha   simple   component   look   copy   tmpl   gotvars   site   containing   [url   text   back   ahem   file   server   code   array   spam   cialis   root   sent   comments   submitted   solution   porn   banned   usually   request[   follows   modify   offensive   data   means   viagra   JoelLipman.Com

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin bc1qf6elrdxc968h0k673l2djc9wrpazhqtxw8qqp4

Ethereum:
Donate to Joel Lipman with Ethereum 0xb038962F3809b425D661EF5D22294Cf45E02FebF
© 2024 Joel Lipman .com. All Rights Reserved.