Bad Word Filter....wanting to have it more secure.

[pocobueno1388]

Well, I have a bad word filter which passes a string through a function and replaces the bad words I have listed with "[Censor Word]".

It works fine catching the words and replacing them, but I want to get rid of a loop hole.

lets say the word "bad" was a swear word. If they just typed "bad" it would catch it and replace it, but if they typed "b.ad" it wouldn't catch it. Is there anyway I can figure out when they are trying to cheat the function and catch those as well?

Here is the function code:

[code]

<?php

function filterbadwords($str){

// words to filter

$badwords=array( "badword", "badword2", "badword3");

// replace filtered words with

$replacements=array( "[Censored Word]");

for($i=0;$i < sizeof($badwords);$i++){
  srand((double)microtime()*1000000);
  $rand_key = (rand()%sizeof($replacements));
  $str=eregi_replace($badwords[$i], $replacements[$rand_key], $str);
}
return $str;
}


?>

[/code]

[ShogunWarrior]

Well it's very hard. You could split up each of the bad words by letter and allow another letter in between.
E.G:
Instead of checking for [b]heck[/b] you would check for [b]/h[^a-zA-Z]{0,1}e[^a-zA-Z]{0,1}c[^a-zA-Z]{0,1}k[^a-zA-Z]{0,1}/i[/b]

And anyway SMF doesn't stop my doing this:
Go F_uck yourself!

[Orio]

You can continue to fight this problem, but you will never win this battle. So the next time the user will use leet (1337) or other methods to cheat the filter. You cant filter everything...
But if you still want to "improve" your filter, check out this thread:
http://www.phpfreaks.com/forums/index.php/topic,112126.0.html

Use the search function if you want to look for more info that was already posted.

Orio.

[pocobueno1388]

Thanks guys. I had a feeling this was going to be one of those impossible to fix all things, hah. Thats okay though, I have a banning system...so that should work fine for anyone who decides to cheat the system.