Jump to content

how do i check a word, even if its in caps?


AshlynnJ

Recommended Posts

i am trying to setup the register form to check banned words, to help block spammers or fake accounts.

but it only sees lower caps, but will see the cap word if i had it to the list, admin, Admin.

 

not sure how to add it so it will check the word for lower and caps, without adding 2 of every word.

here is what i have, sorry if its messy im still learning.

 

//ignore this, was trying to load it from a file not like below :/
$bannedtext = file_get_contents("../files/bannedwords.txt");

$bannedwords = array("/admin/", "/Admin/", "/administrator/", "/moderator/", "/Administrator/", "/Moderator/", "/creditcard/", "/Creditcard/", "/employment/", "/Employment/", "/support/", "/Support/", "/clearance/", "/Clearance/", "/investment/", "/Investment/", "/gift/", "/Gift/", "/certificate/", "/Certificate/", "/nigerian /", "/Nigerian /", "/prince/", "/Prince/", "/congratulations/", "/Congratulations/", "/sales/", "/Sales/", "/director/", "/Director/", "/owner/", "/Owner/");
if($_POST['userid'] == preg_replace($bannedwords, "", $userid)) {
   $idok = 1;
} else { 
   //smarty reject
   $is_error = 1;
   $error_message = "username contains a banned word!";
}

it works fine, but it will skip cap word Admin, if it's not listed as a cap... not sure how to optimize it, any help would be great!

 

thanx in advance to all ya  :geek: , jk  :tease-03:

Edited by AshlynnJ
Link to comment
Share on other sites

First the usual disclaimer: Blacklists are naive and unlikely to stop actual attackers. If you think you've covered every possible term, they'll come up with a new trick. For example, "ADMlN" with a small "L" instead of the "I" looks like an uppercase "admin", but it will pass your filter. In case you allow Unicode names, things are even worse, because there are countless letter variations all looking alike.

 

A much better approach is to solve the underlying problem. For example, if you're worried that other users may get deceived by somebody with the name "admin", then make sure regular users and actual administrators are easy to distinguish visually. On this forum, admins have red badges, so the risk of confusion is rather low.

 

If you don't care about effectiveness and absolutely want your blacklist, then it doesn't make much sense to fire up the regex engine for a few substring checks. PHP itself can do that just fine: stripos() performs a case-insensitive substring search.

Link to comment
Share on other sites

 

I just tried it but it did not work, did i place it wrong?

Or am i missing a symbol, i did a google search for the phrase.

if($_POST['userid'] == preg_replace($bannedwords, "#i", $userid)) {

First the usual disclaimer: Blacklists are naive and unlikely to stop actual attackers. If you think you've covered every possible term, they'll come up with a new trick. For example, "ADMlN" with a small "L" instead of the "I" looks like an uppercase "admin", but it will pass your filter. In case you allow Unicode names, things are even worse, because there are countless letter variations all looking alike.

 

A much better approach is to solve the underlying problem. For example, if you're worried that other users may get deceived by somebody with the name "admin", then make sure regular users and actual administrators are easy to distinguish visually. On this forum, admins have red badges, so the risk of confusion is rather low.

 

If you don't care about effectiveness and absolutely want your blacklist, then it doesn't make much sense to fire up the regex engine for a few substring checks. PHP itself can do that just fine: stripos() performs a case-insensitive substring search.

 

yes i already have it setup in the profile, mail, chat, comments/replys, so that users show (normal user TAG), and admin/mods show (Golden Border) around their avatars + the (Special User TAG) i just want to make it harder for somebody to cheat the system and try to scam my users.

 

my friend tried using her paintshopx14 to mimic it, but it always looked fake, came out "smaller fake border around it" and still normal user tag under the cheat avatar. so i think its the best i can offer my users for now. i also just added [Report Fake User] option under the avatars for extra prevention.

 

i also made like 40 pages of help docs talking about how to tell, but ya know ppl. reading? ptff as if lol.

Edited by AshlynnJ
Link to comment
Share on other sites

could not edit post.. i hate that, but i found if i modify the actual words, it will match upper and lower.

weird i thought it had to be in the post check, im still learning, but is this ok to do? and the best way?

$bannedwords = array("/admin/i", "/administrator/i", "/moderator/i", "/creditcard/i" 

and so on. it seems to work fine, but wanted to ask if its ok, and the best to do it like that.

 

and to Jacques1, thanx for the heads up.

i also added, new phrases.

"/admin/i", "/admln/i", "/admîn/i", "/admïn/i", "/admìn/i" 

so on. so now even admìn_ shows as banned word.

Edited by AshlynnJ
Link to comment
Share on other sites

No. Re-read the part about how it's nonsensical to use full-blown regular expressions for trivial substring checks.

 

Agree with Jacques1 (especially his first post). But, if you are adamant on doing this - do not use regular expression. You can use stripos() as Jacques suggested. But, you have to also consider whether a "banned" word could exist within a word that is not banned. E.g., what if a user wanted the User ID "MadMinute" (a firearm term)?

Link to comment
Share on other sites

Agree with Jacques1 (especially his first post). But, if you are adamant on doing this - do not use regular expression. You can use stripos() as Jacques suggested. But, you have to also consider whether a "banned" word could exist within a word that is not banned. E.g., what if a user wanted the User ID "MadMinute" (a firearm term)?

 

i will look into stripos(), i am waiting for several books from amazon to arrive.

but i have not posted it with it in there "live", but i still want to block the main account words.

 

​so i create 6 inactive accounts, to not block a new username that might have it in there.

it checks the users to see if it exists on signup,  so at least they cannot use those exact names again.

 

But not “admín” or “admi̊n”. And if you add those, I'll come up with something else.

 

Do you understand now what I mean when I say that blacklists are stupid?

 

i dont think trying to protect ppl is stupid, i am just trying to figure out the best way to go about it.

to have a better user exp, but maybe a new different way is better.

but i will figure something out thanx, at least i got it to show normal user and special users.

it was confusing before, myself and mods all had normal usernames, i like hiding in the comments XD.

 

it may prevent some of these parasites from taking advantage of ppl... showing them as a normal user no matter what their username is.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.