PDA

View Full Version : Resolving a spamming issue caused by spambots



John
May 4, 2012, 07:52 AM
Hi everyone!

Due to multiple spam reports that we have been receiving recently from our Customers we found a loophole in our software and here is a solution that will help you prevent bots from spamming on your site:

1. open and edit the following file: /includes/classes/rlAccount.class.php
2. find a string below (line ~980):

if ( $security_code != $_SESSION['ses_security_code'] )
3. replace it with a line below:

if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
4. save the changes
5. open and edit the following file: /includes/controllers/registration.php
6. find a string below (line ~143):

$rlHook -> load('beforeRegister');
7. and post the following code below the line above

/* check security image code */
if ( $config['security_img_registration'] )
{
if ( $_POST['security_code'] != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
{
$errors[] = $lang['security_code_incorrect'];
$error_fields[] = 'security_code';
}
}

/* check email */
$email = $_POST['profile']['mail'];
if ( !$rlValid -> isEmail( $email ) )
{
$errors[] = $lang['notice_bad_email'];
$error_fields[] = 'profile[mail]';
}

if ( $rlDb -> getOne('ID', "`Mail` = '{$email}'", 'accounts') )
{
$errors[] = str_replace('{email}', $email, $lang['notice_account_email_exist']);
$error_fields[] .= 'profile[mail]';
}
8. save the changes

Feel free to ask your questions in the thread.

John

Chukwudi Moses
May 5, 2012, 06:31 AM
Hello John,

I was unenable to find this line of code: if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) ) in the file: /includes/classes/rlAccount.class.php.

Also what is the different between this line of code: if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) ) and this: if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) ).

Unless if im getting it wrong. Sorry im no coder or programmer.

Thanks

John
May 5, 2012, 07:26 AM
Hello Chukwudi,
Yep you are right, the first and the second conditions are the same, it was my bad.
I have updated the first line, now you can find it in the file.

John

Petrache Nicolae
May 16, 2012, 07:35 PM
you mean this file - registration.inc.php- i assume