Anti-Spam override for all submitted data

Are you getting a lot of spam, or junk messages sent via your Joomla site?

I know certain components of Joomla let you put banned words but I know of even more that don't.  If you find all your forms need extra plugins and captchas (such as JezRecaptcha), then the website security isn't amazing.  I used to have Captcha on my K2 by Joomlaworks but if you did the sound version, it didn't work properly.  I found that sometimes the captcha wouldn't even match what you typed and what it displayed!!!

I have written this article to be another one of those programmer's tweaks.  This is quite a simple fix and I will hopefully be able to keep it simple for non-programmers.  The tweak below will stop any of your pages submitting content containing your banned words.

We're going to modify a file containing 2 lines of code by default.  The file is index2.php in your Joomla root folder.  Make a copy of it, back it up or do whatever you usually do when you modify a server-side file... ahem...

The code by to look for (joomla default) should be as follows:

copyraw
$_REQUEST['tmpl'] = 'component';
include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  include('index.php')

There is some more text but it's in /* lines */ which means these are comments.

 

The quick solution is:

copyraw
$_REQUEST['tmpl'] = 'component';
$offensive_words=array("viagra","cialis","[url=","porn","pfizer");
if (is_array($_GET)) $GotVars.=implode(",", $_GET).",";
if (is_array($_POST)) $GotVars.=implode(",", $_POST).",";
for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true; } 
if (!$offense) include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  $offensive_words=array("viagra","cialis","[url=","porn","pfizer")
  3.  if (is_array($_GET)) $GotVars.=implode(",", $_GET).","; 
  4.  if (is_array($_POST)) $GotVars.=implode(",", $_POST).","; 
  5.  for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true} 
  6.  if (!$offense) include('index.php')

The reporting solution (which tells your visitor what word caused an offense) is:

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$errors="";
 
# CONVERT THE SUBMITTED DATA INTO STRING(S)
$GotVars="";
if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",");
if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",");
 
# NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING
for ($i=0; $i<count($offensive_words); $i++) {
	$offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":"";
}
# IF THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE
$errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":"";
 
# IF THE ERRORS STRING IS EMPTY PROCEED AS NORMAL, IF NOT THEN DISPLAY MESSAGE
if (trim($offensive_string)=="") {
	include('index.php');
} else {
	echo $errors;
}
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $errors=""; 
  7.   
  8.  # CONVERT THE SUBMITTED DATA INTO STRING(S) 
  9.  $GotVars=""; 
  10.  if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",")
  11.  if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",")
  12.   
  13.  # NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING 
  14.  for ($i=0$i<count($offensive_words)$i++) { 
  15.      $offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":""; 
  16.  } 
  17.  # IF THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE 
  18.  $errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":""; 
  19.   
  20.  # IF THE ERRORS STRING IS EMPTY PROCEED AS NORMAL, IF NOT THEN DISPLAY MESSAGE 
  21.  if (trim($offensive_string)=="") { 
  22.      include('index.php')
  23.  } else { 
  24.      echo $errors
  25.  } 

My comments in the code above are prefixed with #. As you can see I actually tell the user what word they've used that's been banned. You could easily not do this by replacing echo $errors="" with the word Return in the second to last line.

To sum up: my code does the following:

  1. Add words to the "offensive_words" array
  2. Joins any submitted data into 1 long string
  3. Tries to find each "offensive word" (case-insensitive) in the submitted data
  4. Creates a message if there was a banned word found
  5. If no message created, it proceeds as per usual; if not, it does not submit the form

To add more banned words, simply keep adding lines using the following syntax

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$offensive_words[]="porn";
$offensive_words[]="a banned phrase";
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $offensive_words[]="porn"; 
  7.  $offensive_words[]="a banned phrase"; 
  8.  #... 

or

copyraw
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array("viagra","cialis","[url=","porn","a banned phrase");
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array("viagra","cialis","[url=","porn","a banned phrase")
  3.  #... 

Additional Information: The Open Web Application Security Project (OWASP)

Category: Joomla :: Article: 237

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: The information on this website is provided without warranty and any content is merely the opinion of the author. Please try to test in development environments prior to adapting them to your production environments. The articles are written in good faith and, at the time of print, are working examples used in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Joes Word Cloud

containing   gotvars   lines   modify   back   sent   array   post   words   copy   component   should   pfizer   text   site   data   override   usually   simple   solution   folder   porn   server   ahem   tmpl   banned   viagra   joomla   comments   cialis   follows   messages   implode   means   make   root   even   spam   code   [url   request[   submitted   know   captcha   file   whatever   look   offensive   default   index2   JoelLipman.Com

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin - Valid till 8 May 2022 3QnhmaBX7LQSRsC9hh6Je9rGQKEGNQNfPb
© 2021 Joel Lipman .com. All Rights Reserved.