Welcome, Guest!!
follow us on... rss

Author Topic: Set up help needed. Not blocking known spammers. Here's my code.  (Read 7823 times)

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
I run a "4images" image gallery with a typical registration page. I downloaded botscout, got an api key, changed it to "custom" and changed the Custom elseif to user_name and user_email like is on my form page.

Code: [Select]
<?php 
/////////////////////////////////////////////////////
// "Universal" API code for use with the BotScout.com API
// version 1.40 Code by MrMike / LDM 2-2009 

/* 
/////////////////
2-5-2008: added conditional test to force the use 
of the file_get_contents() function unless the version of 
PHP used doesn't have it. 
/////////////////
2-15-2009: renamed '$data' var to '$returned_data' to avoid 
a conflict with phpBB code. 
2-15-2009: Sanity check now only prints if diagnostic 
output is enabled.
Thanks to "Boris" for the changes above.
/////////////////
2-19-2009: Changed default test type to 'MULTI' for speed 
and efficiency. 
/////////////////
*/


/////////////////////////////////////////////////////

////////////////////////
// init vars
$diag='';
$bs_data='';
$botdata='';
$apptype='';
$send_alerts='';
$toText='';
$fromText='';
$subjectText='';
$msgText='';
////////////////////////

/////////////////////////////////////////////////////
// CONFIGURATION START

// use diagnostic output? ('1' to use, '0' to suppress)
// NORMALLY set to '0'
$diag '0';

// send email notices when a bot is stopped?
// use '1' to send, '0' to skip. 
$send_alerts '1';

// if sending alerts, send them to what email address?
$toText "terry@comicartcommissions.com";

////////////////////////
// Use BotScout with what application?
// message board or application type...
// uncomment ONE (and ONLY ONE) of these!

// for SimpleMachines Forum
//$apptype='SMF'; 

// for VBulletin
//$apptype='VBULLETIN';

// for phpBB
//$apptype='PHPBB';

// for PunBB
//$apptype='PUNBB';

// for Invision power Board
//$apptype='INVIS';

// for FUDForum
//$apptype='FUDF';

// for Ikonboard
//$apptype='IKON';

// for Phorum
//$apptype='PHRM';

// for Snitz
//$apptype='SNITZ';

// for W-Agora
//$apptype='AGORA';


// for custom settings or unlisted board type
// see documentation for setting the 'CUSTOM' fields
 
$apptype='CUSTOM';
////////////////////////


// your optional API key (if you don't have one 
// you can get one here: http://botscout.com/)
$APIKEY 'myAPIkey'; <--- this really has my API Key



// CONFIGURATION END
/////////////////////////////////////////////////////
// get the IP address
$XIP $_SERVER['REMOTE_ADDR']; 

if(
$apptype=='SMF'){

global $apptype$XUSER$XMAIL;

// SMF specific values for reg form
$XUSER $_POST['user'];
$XMAIL $_POST['email'];

}elseif(
$apptype=='VBULLETIN'){

$XUSER $_POST['username'];
$XMAIL $_POST['email'];

}elseif(
$apptype=='PHPBB'){

$XUSER $data['username'];
$XMAIL $data['email'];

}elseif(
$apptype=='PUNBB'){

$XUSER $_POST['req_username'];
$XMAIL $_POST['req_email1'];

}elseif(
$apptype=='INVIS'){

$XUSER $_POST['UserName'];
$XMAIL $_POST['EmailAddress'];

}elseif(
$apptype=='FUDF'){

$XMAIL $this->email;
$XNAME $this->login;

}elseif(
$apptype=='IKON'){

$XUSER $_POST['UserName'];
$XMAIL $_POST['EmailAddress'];

}elseif(
$apptype=='PHRM'){

$XUSER $_POST['username'];
$XMAIL $_POST['email'];

}elseif(
$apptype=='SNITZ'){

$XUSER $_POST['username'];
$XMAIL $_POST['Name'];

}elseif(
$apptype=='AGORA'){

$XUSER $userid;
$XMAIL $useraddress;

}elseif(
$apptype=='CUSTOM'){

// create your own custom form fields here 
// see documentation for more information
$XUSER $_POST['user_name'];
$XMAIL $_POST['user_email'];

}else{
// no '$apptype' set!
print 'Please set the Application Type in the Configuration section.';
}

////////////////////////

// make the url compliant with urlencode()
$XMAIL =urlencode($XMAIL);


// run the API query...the default is to check the email address. It's usually the most 
// reliable indicator or bot 'signature' field, but you can change this to use the Ip or 
// the username if you like. You could check all three if you wanted, but usually the 
// email address alone is sufficient. 


// testing for an email address and IP
$apiquery "http://botscout.com/test/?multi&mail=$XMAIL&ip=$XIP";


////////////////////////
if($APIKEY != ''){$apiquery "$apiquery&key=$APIKEY";}


if(
$diag=='1'){print "Test String: $apiquery <br>";}


////////////////////////
// Use cURL or file_get_contents()?
// Use file_get_contents() unless not available

if(function_exists('file_get_contents')){
// Use file_get_contents
$returned_data file_get_contents($apiquery);
}else{
$ch curl_init($apiquery);
curl_setopt($chCURLOPT_HEADER0);
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$returned_data curl_exec($ch);
curl_close($ch);
}

// diagnostic output 
if($diag=='1'){print "RETURNED DATA: $returned_data <p>";}

// sanity check 
if($diag=='1'){
if($returned_data==''){
print 'Error: No return data from API query.';
exit;
}else{
print "API Data: $returned_data <br>";
}
}

// take the returned value and parse it (standard API, not XML)
$botdata explode('|'$returned_data); 

// sample 'MULTI' return string (standard API, not XML)
// Y|MULTI|IP|4|MAIL|26|NAME|30

// $botdata[0] - 'Y' if found in database, 'N' if not found, '!' if an error occurred 
// $botdata[1] - type of test (will be 'MAIL', 'IP', 'NAME', or 'MULTI') 
// $botdata[2] - descriptor field for item (IP)
// $botdata[3] - how many times the IP was found in the database 
// $botdata[4] - descriptor field for item (MAIL)
// $botdata[5] - how many times the EMAIL was found in the database 
// $botdata[6] - descriptor field for item (NAME)
// $botdata[7] - how many times the NAME was found in the database 


if(substr($returned_data0,1) == '!'){
// if the first character is an exclamation mark, an error has occurred  
print "Error: $returned_data";
exit;
}


// this example tests the email address and IP to see if either of them appear 
// in the database at all. Either one is a fairly good indicator of bot identity. 
if($botdata[3] > || $botdata[5] > 0){ 
print $data

if($diag=='1'){ 
print "Bot signature found."
print "Type of test was: $botdata[1]"
print "The {$botdata[2]} was found {$botdata[3]} times, the {$botdata[4]} was found {$botdata[5]} times"


if($send_alerts=='1'){
// send an email about the bot?
$fromText "BotBuster System";
$subjectText "Bot Attempt Stopped";
$msgText "A bot tried to register, but was stopped from doing so.\n\nBot Name: $XUSER\nBot Email: $XMAIL\nIP Address: $XIP";
mail($toText$subjectText$msgText"To: $toText <$toText>\n" "From: $fromText <$fromText>\n X-Mailer: PHP 4.x");
}


// your 'rejection' code would go here.... 
// for example, print a fake error message and exit the process. 
$errnum round(rand(110025000));
print "Confabulation Error #$errnum, Halting.";
exit;

}
////////////////////////


?>


I then added it to my registration page.
Code: [Select]
   if (!empty($additional_user_fields)) {
      foreach ($additional_user_fields as $key => $val) {
        if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
          $error = 1;
          $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
          $msg .= (($msg != "") ? "<br />" : "").$field_error;
        }
  ////////////////////////////////////////////////////
// BotScout.com "BotBuster" check
include(ROOT_PATH.'BotScout.php');
////////////////////////////////////////////////////
      }
    }
  } // end if

But it doesn't seem to be working. I still get registrations that show up in a Search here at Botscout.
Can you tell me what I'm doing wrong?

Here is the registration page:
http://comicartcommunity.com/gallery/register.php

Thanks for offering this!
Terry

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #1 on: January 21, 2017, 08:18:59 AM »
Terry,

I'm not familiar with the 4images code, but are you certain that the variables are accessible at the point where you've added the call to the BotScout.php file?

It's possible that in or after this section:

Code: [Select]
if (!empty($additional_user_fields)) {
      foreach ($additional_user_fields as $key => $val) {
        if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
          $error = 1;
          $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
          $msg .= (($msg != "") ? "<br />" : "").$field_error;
        }

....you may need to explicitly extract the user_name and user_email vars from the $HTTP_POST_VARS array so they can be 'seen'.

As a test you could add something like this to the reg page just before the call to the BotScout.php file and then do a test registration to see if the variables are printed out:

Code: [Select]
print "username: $user_name, usermail: $user_email; exit;"
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #2 on: January 21, 2017, 09:45:59 AM »

Code: [Select]
print "username: $user_name, usermail: $user_email; exit;"


Thanks Mike - you're right, I'm really not sure if I put the code in the right place. I tried adding that code above but it broke my page.

Would you mind taking a look at this registration page to see if you can tell where I should put the code?
Code: [Select]
<?php


$main_template 
'register';

define('GET_CACHES'1);
define('ROOT_PATH''./');
 
define('MAIN_SCRIPT'__FILE__);
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/page_header.php');

if (
$action == "") {
  
$action "signup";
}

if (
$user_info['user_level'] != GUEST && $action != "activate") {
  
show_error_page($lang['already_registered']);
}
$content "";

//-----------------------------------------------------
//--- Signup ------------------------------------------
//-----------------------------------------------------
if ($action == "signup") {
  
$site_template->register_vars(array(
    
"lang_agreement" => $lang['agreement'],
    
"lang_agreement_terms" => $lang['agreement_terms'],
    
"lang_agree" => $lang['agree'],
    
"lang_agree_not" => $lang['agree_not']
  ));
  
$content $site_template->parse_template("register_signup");
}

//-----------------------------------------------------
//--- Add New User ------------------------------------
//-----------------------------------------------------
if ($action == "register") {
  if (!isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$config['activation_time'] != 0) {
      
$expiry time() - 60 60 24 $config['activation_time'];
      
$sql "DELETE FROM ".USERS_TABLE."
              WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
      
$site_db->query($sql);
    }
  }
  
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  
$user_name preg_replace("/( ){2,}/"" "$user_name);
  
$user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  
$user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  
$user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  
$user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  
$user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  
$user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";

  
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";

  
$error 0;
  if (isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$user_name != "") {
      
$sql "SELECT ".get_user_table_field("""user_name")."
              FROM "
.USERS_TABLE."
              WHERE "
.get_user_table_field("""user_name")." = '".strtolower($user_name)."'";
      if (
$site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['user_name']), $lang['field_required']);
      
$error 1;
    }
if (
isaspammer($user_email)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format']; // or add anything else, bots doesn't understand nothing :)
      
$error 1;
    }
    if (
$user_password == "") {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['password']), $lang['field_required']);
      
$error 1;
    }

    if (
$user_email != "") {
      if (
check_email($user_email)) {
        
$sql "SELECT ".get_user_table_field("""user_email")."
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_email")." = '".strtolower($user_email)."'";
        if (
$site_db->not_empty($sql)) {
          
$msg .= (($msg != "") ? "<br />" "").$lang['email_exists'];
          
$error 1;
        }
      }
      else {
        
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['email']), $lang['field_required']);
      
$error 1;
    }

    if (
$captcha_enable_registration && !captcha_validate($captcha)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['captcha_required'];
      
$error 1;
    }


    if (!empty(
$additional_user_fields)) {
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && intval($val[2]) == && trim($HTTP_POST_VARS[$key]) == "") {
          
$error 1;
          
$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$val[0]), $lang['field_required']);
          
$msg .= (($msg != "") ? "<br />" "").$field_error;
        }
      }
    }  
  } 
// end if

  else {
    
$error 1;
  }

  if (!
$error) {
    
$additional_field_sql "";
    
$additional_value_sql "";
    if (!empty(
$additional_user_fields)) {
      
$table_fields $site_db->get_table_fields(USERS_TABLE);
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
          
$additional_field_sql .= ", $key";
          
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
        }
      }
    }
    
$activationkey get_random_key(USERS_TABLEget_user_table_field(""$user_table_fields['user_activationkey']));
    
$user_id $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);

    
$current_time time();
    
$user_level = ($config['account_activation'] == 0) ? USER USER_AWAITING;
    
$user_password_hashed salted_hash($user_password);
    
$sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
$result $site_db->query($sql);

    if (
$result) {
      
$activation_url $script_url."/register.php?action=activate&activationkey=".$activationkey;

      include(
ROOT_PATH.'includes/email.php');
      
$site_email = new Email();
      
$site_email->set_to($user_email);
      
$site_email->set_subject($lang['register_success_emailsubject']);
      
$site_email->register_vars(array(
        
"activation_url" => $activation_url,
        
"user_name" => $user_name,
        
"user_password" => $user_password,
        
"site_name" => $config['site_name']
      ));

      switch(
$config['account_activation']) {
      case 
2:
        
$email_template "register_activation_admin";
        
$msg $lang['register_success_admin'];
        break;
      case 
1:
        if (
$config['language_dir_default'] != $config['language_dir']) {
          
$activation_url .= "&l=".$config['language_dir'];
        }
        
$email_template "register_activation";
        
$msg $lang['register_success'];
        break;
      case 
0:
      default:
        
$email_template "register_activation_none";
        
$msg $lang['register_success_none'];
        break;
      }

      
$site_email->set_body($email_template$config['language_dir']);
      
$site_email->send_email();
      if (
$config['account_activation'] == 2) {
        
$site_email->reset();
        
$site_email->set_to($config['site_email']);
        
$site_email->set_subject($lang['admin_activation_emailsubject']);
        
$user_details_url $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_id."&activation=1");
        
$site_email->register_vars("user_details_url"$user_details_url);
        
$site_email->set_body("admin_activation"$config['language_dir_default']);
        
$site_email->send_email();
      }
    }
    else {
      
$msg $lang['general_error'];
    }
  }

  if (
$error) {
    if (
$user_showemail == 1) {
      
$user_showemail_yes " checked=\"checked\"";
      
$user_showemail_no "";
    }
    else {
      
$user_showemail_yes "";
      
$user_showemail_no " checked=\"checked\"";
    }
    if (
$user_allowemails == 1) {
      
$user_allowemails_yes " checked=\"checked\"";
      
$user_allowemails_no "";
    }
    else {
      
$user_allowemails_yes "";
      
$user_allowemails_no " checked=\"checked\"";
    }
    if (
$user_invisible == 1) {
      
$user_invisible_yes " checked=\"checked\"";
      
$user_invisible_no "";
    }
    else {
      
$user_invisible_yes "";
      
$user_invisible_no " checked=\"checked\"";
    }
    
$site_template->register_vars(array(
      
"user_name" => format_text(stripslashes($user_name), 2),
      
"user_email" => format_text(stripslashes($user_email), 2),
      
"user_homepage" => format_text(stripslashes($user_homepage), 2),
      
"user_icq" => $user_icq,
      
"user_showemail_yes" => $user_showemail_yes,
      
"user_showemail_no" => $user_showemail_no,
      
"user_allowemails_yes" => $user_allowemails_yes,
      
"user_allowemails_no" => $user_allowemails_no,
      
"user_invisible_yes" => $user_invisible_yes,
      
"user_invisible_no" => $user_invisible_no,
      
"lang_user_name" => $lang['user_name'],
      
"lang_password" => $lang['password'],
      
"lang_email" => $lang['email'],
      
"lang_register_msg" => $lang['register_msg'],
      
"lang_submit" => $lang['submit'],
      
"lang_reset" => $lang['reset'],
      
"lang_email" => $lang['email'],
      
"lang_show_email" => $lang['show_email'],
      
"lang_allow_emails" => $lang['allow_emails'],
      
"lang_invisible" => $lang['invisible'],
      
"lang_optional_infos" => $lang['optional_infos'],
      
"lang_homepage" => $lang['homepage'],
      
"lang_icq" => $lang['icq'],
      
"lang_yes" => $lang['yes'],
      
"lang_no" => $lang['no'],
      
"lang_captcha" => $lang['captcha'],
      
"lang_captcha_desc" => $lang['captcha_desc'],
      
"captcha_registration" => (bool)$captcha_enable_registration
    
));

    if (!empty(
$additional_user_fields)) {
      
$additional_field_array = array();
      foreach (
$additional_user_fields as $key => $val) {
        if (
$val[1] == "radio") {
          
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
          if (
$value == 1) {
            
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
            
$additional_field_array[$key.'_no'] = "";
          }
          else {
            
$additional_field_array[$key.'_yes'] = "";
            
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
          }
        }
        else {
          
$value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";
        }
        
$additional_field_array[$key] = $value;
        
$additional_field_array['lang_'.$key] = $val[0];
      }
      if (!empty(
$additional_field_array)) {
        
$site_template->register_vars($additional_field_array);
      }
    }

    
$content $site_template->parse_template("register_form");
  }
}

if (
$action == "activate") {
  if (
$config['activation_time'] != 0) {
    
$expiry time() - 60 60 24 $config['activation_time'];
    
$sql "DELETE FROM ".USERS_TABLE."
            WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
    
$site_db->query($sql);
  }
  if (!isset(
$HTTP_GET_VARS['activationkey'])){
    
$msg $lang['missing_activationkey'];
  }
  else {
    if (
$config['account_activation'] == && $user_info['user_level'] != ADMIN) {
      
show_error_page($lang['no_permission']);
      exit;
    }
    
$activationkey trim($HTTP_GET_VARS['activationkey']);
    
$sql "SELECT ".get_user_table_field("""user_name").get_user_table_field(", ""user_email").get_user_table_field(", ""user_activationkey")."
            FROM "
.USERS_TABLE."
            WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
    
$row $site_db->query_firstrow($sql);
    if (!
$row) {
      
$msg $lang['invalid_activationkey'];
    }
    else {
      
$sql "UPDATE ".USERS_TABLE."
              SET "
.get_user_table_field("""user_level")." = ".USER."
              WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
      
$site_db->query($sql);
      
$msg $lang['activation_success'];

      if (
$config['account_activation'] == 2) {
        include(
ROOT_PATH.'includes/email.php');
        
$site_email = new Email();
        
$site_email->set_to($row[$user_table_fields['user_email']]);
        
$site_email->set_subject($lang['activation_success_emailsubject']);
        
$site_email->register_vars(array(
          
"user_name" => $row[$user_table_fields['user_name']],
          
"site_name" => $config['site_name']
        ));
        
$site_email->set_body("activation_success"$config['language_dir']);
        
$site_email->send_email();
      }
    }
  }
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['register']."</span>";
$page_title $lang['register'].$config['category_separator']; // MOD: Dynamic page title

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_register" => $lang['register']
));
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #3 on: January 21, 2017, 12:01:05 PM »
Typos, typos....try this instead:

Code: [Select]
print "username: $user_name, usermail: $user_email"; exit;
Also, I'm not sure about this, but this might be the place to put the call to the botscout.php file:
Code: [Select]
  $user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  $user_name = preg_replace("/( ){2,}/", " ", $user_name);
  $user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";

////////////////////////////////////////////////
// BotScout.com "BotBuster" check
include(ROOT_PATH.'BotScout.php');
////////////////////////////////////////////////

  $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
« Last Edit: January 21, 2017, 12:03:43 PM by Mike »
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #4 on: January 21, 2017, 11:11:40 PM »
It didn't work there. If you want to see my latest version of where the include is and where it *didn't work* (commented out) see here:
Code: [Select]
<?php


$main_template 
'register';

define('GET_CACHES'1);
define('ROOT_PATH''./');
 
define('MAIN_SCRIPT'__FILE__);
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/page_header.php');

if (
$action == "") {
  
$action "signup";
}

if (
$user_info['user_level'] != GUEST && $action != "activate") {
  
show_error_page($lang['already_registered']);
}
$content "";

//-----------------------------------------------------
//--- Signup ------------------------------------------
//-----------------------------------------------------
if ($action == "signup") {
  
$site_template->register_vars(array(
    
"lang_agreement" => $lang['agreement'],
    
"lang_agreement_terms" => $lang['agreement_terms'],
    
"lang_agree" => $lang['agree'],
    
"lang_agree_not" => $lang['agree_not']
  ));
  
$content $site_template->parse_template("register_signup");
}

//-----------------------------------------------------
//--- Add New User ------------------------------------
//-----------------------------------------------------
if ($action == "register") {
  if (!isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$config['activation_time'] != 0) {
      
$expiry time() - 60 60 24 $config['activation_time'];
      
$sql "DELETE FROM ".USERS_TABLE."
              WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
      
$site_db->query($sql);
    }
  }
  
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  
$user_name preg_replace("/( ){2,}/"" "$user_name);
  
$user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  
$user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  
$user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  
$user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  
$user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  
$user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";


////////////////////////////////////////////////////
// BotScout.com "BotBuster" check
include(ROOT_PATH.'BotScout.php');
////////////////////////////////////////////////////

  
$error 0;
  if (isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$user_name != "") {
      
$sql "SELECT ".get_user_table_field("""user_name")."
              FROM "
.USERS_TABLE."
              WHERE "
.get_user_table_field("""user_name")." = '".strtolower($user_name)."'";
      if (
$site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['user_name']), $lang['field_required']);
      
$error 1;
    }
if (
isaspammer($user_email)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format']; // or add anything else, bots doesn't understand nothing :)
      
$error 1;
    }
    if (
$user_password == "") {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['password']), $lang['field_required']);
      
$error 1;
    }

    if (
$user_email != "") {
      if (
check_email($user_email)) {
        
$sql "SELECT ".get_user_table_field("""user_email")."
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_email")." = '".strtolower($user_email)."'";
        if (
$site_db->not_empty($sql)) {
          
$msg .= (($msg != "") ? "<br />" "").$lang['email_exists'];
          
$error 1;
        }
      }
      else {
        
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['email']), $lang['field_required']);
      
$error 1;
    }

    if (
$captcha_enable_registration && !captcha_validate($captcha)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['captcha_required'];
      
$error 1;
    }


    if (!empty(
$additional_user_fields)) {
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && intval($val[2]) == && trim($HTTP_POST_VARS[$key]) == "") {
          
$error 1;
          
$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$val[0]), $lang['field_required']);
          
$msg .= (($msg != "") ? "<br />" "").$field_error;
        }
  
    
///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////
  
      }

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////

    

  
  

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////
  
  } 
// end if

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////



  else {
    
$error 1;
  }

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////



  if (!
$error) {
    
$additional_field_sql "";
    
$additional_value_sql "";
    if (!empty(
$additional_user_fields)) {
      
$table_fields $site_db->get_table_fields(USERS_TABLE);
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
          
$additional_field_sql .= ", $key";
          
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
        }
      }
    }
    
$activationkey get_random_key(USERS_TABLEget_user_table_field(""$user_table_fields['user_activationkey']));
    
$user_id $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);

    
$current_time time();
    
$user_level = ($config['account_activation'] == 0) ? USER USER_AWAITING;
    
$user_password_hashed salted_hash($user_password);
    
$sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
$result $site_db->query($sql);

    if (
$result) {
      
$activation_url $script_url."/register.php?action=activate&activationkey=".$activationkey;

      include(
ROOT_PATH.'includes/email.php');
      
$site_email = new Email();
      
$site_email->set_to($user_email);
      
$site_email->set_subject($lang['register_success_emailsubject']);
      
$site_email->register_vars(array(
        
"activation_url" => $activation_url,
        
"user_name" => $user_name,
        
"user_password" => $user_password,
        
"site_name" => $config['site_name']
      ));

      switch(
$config['account_activation']) {
      case 
2:
        
$email_template "register_activation_admin";
        
$msg $lang['register_success_admin'];
        break;
      case 
1:
        if (
$config['language_dir_default'] != $config['language_dir']) {
          
$activation_url .= "&l=".$config['language_dir'];
        }
        
$email_template "register_activation";
        
$msg $lang['register_success'];
        break;
      case 
0:
      default:
        
$email_template "register_activation_none";
        
$msg $lang['register_success_none'];
        break;
      }

      
$site_email->set_body($email_template$config['language_dir']);
      
$site_email->send_email();
      if (
$config['account_activation'] == 2) {
        
$site_email->reset();
        
$site_email->set_to($config['site_email']);
        
$site_email->set_subject($lang['admin_activation_emailsubject']);
        
$user_details_url $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_id."&activation=1");
        
$site_email->register_vars("user_details_url"$user_details_url);
        
$site_email->set_body("admin_activation"$config['language_dir_default']);
        
$site_email->send_email();
      }
    }
    else {
      
$msg $lang['general_error'];
    }
  }

  if (
$error) {
    if (
$user_showemail == 1) {
      
$user_showemail_yes " checked=\"checked\"";
      
$user_showemail_no "";
    }
    else {
      
$user_showemail_yes "";
      
$user_showemail_no " checked=\"checked\"";
    }
    if (
$user_allowemails == 1) {
      
$user_allowemails_yes " checked=\"checked\"";
      
$user_allowemails_no "";
    }
    else {
      
$user_allowemails_yes "";
      
$user_allowemails_no " checked=\"checked\"";
    }
    if (
$user_invisible == 1) {
      
$user_invisible_yes " checked=\"checked\"";
      
$user_invisible_no "";
    }
    else {
      
$user_invisible_yes "";
      
$user_invisible_no " checked=\"checked\"";
    }
    
$site_template->register_vars(array(
      
"user_name" => format_text(stripslashes($user_name), 2),
      
"user_email" => format_text(stripslashes($user_email), 2),
      
"user_homepage" => format_text(stripslashes($user_homepage), 2),
      
"user_icq" => $user_icq,
      
"user_showemail_yes" => $user_showemail_yes,
      
"user_showemail_no" => $user_showemail_no,
      
"user_allowemails_yes" => $user_allowemails_yes,
      
"user_allowemails_no" => $user_allowemails_no,
      
"user_invisible_yes" => $user_invisible_yes,
      
"user_invisible_no" => $user_invisible_no,
      
"lang_user_name" => $lang['user_name'],
      
"lang_password" => $lang['password'],
      
"lang_email" => $lang['email'],
      
"lang_register_msg" => $lang['register_msg'],
      
"lang_submit" => $lang['submit'],
      
"lang_reset" => $lang['reset'],
      
"lang_email" => $lang['email'],
      
"lang_show_email" => $lang['show_email'],
      
"lang_allow_emails" => $lang['allow_emails'],
      
"lang_invisible" => $lang['invisible'],
      
"lang_optional_infos" => $lang['optional_infos'],
      
"lang_homepage" => $lang['homepage'],
      
"lang_icq" => $lang['icq'],
      
"lang_yes" => $lang['yes'],
      
"lang_no" => $lang['no'],
      
"lang_captcha" => $lang['captcha'],
      
"lang_captcha_desc" => $lang['captcha_desc'],
      
"captcha_registration" => (bool)$captcha_enable_registration
    
));

    if (!empty(
$additional_user_fields)) {
      
$additional_field_array = array();
      foreach (
$additional_user_fields as $key => $val) {
        if (
$val[1] == "radio") {
          
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
          if (
$value == 1) {
            
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
            
$additional_field_array[$key.'_no'] = "";
          }
          else {
            
$additional_field_array[$key.'_yes'] = "";
            
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
          }
        }
        else {
          
$value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";
        }
        
$additional_field_array[$key] = $value;
        
$additional_field_array['lang_'.$key] = $val[0];
      }
      if (!empty(
$additional_field_array)) {
        
$site_template->register_vars($additional_field_array);
      }
    }

    
$content $site_template->parse_template("register_form");
  }
}

if (
$action == "activate") {
  if (
$config['activation_time'] != 0) {
    
$expiry time() - 60 60 24 $config['activation_time'];
    
$sql "DELETE FROM ".USERS_TABLE."
            WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
    
$site_db->query($sql);
  }
  if (!isset(
$HTTP_GET_VARS['activationkey'])){
    
$msg $lang['missing_activationkey'];
  }
  else {
    if (
$config['account_activation'] == && $user_info['user_level'] != ADMIN) {
      
show_error_page($lang['no_permission']);
      exit;
    }
    
$activationkey trim($HTTP_GET_VARS['activationkey']);
    
$sql "SELECT ".get_user_table_field("""user_name").get_user_table_field(", ""user_email").get_user_table_field(", ""user_activationkey")."
            FROM "
.USERS_TABLE."
            WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
    
$row $site_db->query_firstrow($sql);
    if (!
$row) {
      
$msg $lang['invalid_activationkey'];
    }
    else {
      
$sql "UPDATE ".USERS_TABLE."
              SET "
.get_user_table_field("""user_level")." = ".USER."
              WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
      
$site_db->query($sql);
      
$msg $lang['activation_success'];

      if (
$config['account_activation'] == 2) {
        include(
ROOT_PATH.'includes/email.php');
        
$site_email = new Email();
        
$site_email->set_to($row[$user_table_fields['user_email']]);
        
$site_email->set_subject($lang['activation_success_emailsubject']);
        
$site_email->register_vars(array(
          
"user_name" => $row[$user_table_fields['user_name']],
          
"site_name" => $config['site_name']
        ));
        
$site_email->set_body("activation_success"$config['language_dir']);
        
$site_email->send_email();
      }
    }
  }
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['register']."</span>";
$page_title $lang['register'].$config['category_separator']; // MOD: Dynamic page title

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_register" => $lang['register']
));
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #5 on: January 22, 2017, 09:31:18 AM »
If you add the diagnostic line right after the last extracted variable (as shown below) and then try to register, do you see the user name and email printed out?
Code: [Select]
  $user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  $user_name = preg_replace("/( ){2,}/", " ", $user_name);
  $user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";

print "username: $user_name, usermail: $user_email"; exit;

The code should halt at this point, printing out something like: username: (somevalue), usermail: (somevalue)

Does it halt and/or print anything out when you add that code and then try to register?
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #6 on: January 22, 2017, 10:03:10 AM »

The code should halt at this point, printing out something like: username: (somevalue), usermail: (somevalue)

Does it halt and/or print anything out when you add that code and then try to register?

When inserted at this point it prints out username: and useremail - with no values. User has not put in those values yet. The regististration page is here:
http://comicartcommunity.com/gallery/register.php
When the code is inserted into the spot you pointed out, if you go to the page and click Agree it prints out username: and useremail - with no values.

I have used your print code to ensure values were getting passed later in the form though and it seemed to work. Here's my updated file of all the places I've tried the code so far. :) I'm marking them "not here" if I have uploaded it and subsequently received known bot registrations.

Code: [Select]
<?php


$main_template 
'register';

define('GET_CACHES'1);
define('ROOT_PATH''./');
 
define('MAIN_SCRIPT'__FILE__);
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/page_header.php');

if (
$action == "") {
  
$action "signup";
}

if (
$user_info['user_level'] != GUEST && $action != "activate") {
  
show_error_page($lang['already_registered']);
}
$content "";

//-----------------------------------------------------
//--- Signup ------------------------------------------
//-----------------------------------------------------
if ($action == "signup") {
  
$site_template->register_vars(array(
    
"lang_agreement" => $lang['agreement'],
    
"lang_agreement_terms" => $lang['agreement_terms'],
    
"lang_agree" => $lang['agree'],
    
"lang_agree_not" => $lang['agree_not']
  ));
  
$content $site_template->parse_template("register_signup");
}

//-----------------------------------------------------
//--- Add New User ------------------------------------
//-----------------------------------------------------
if ($action == "register") {
  if (!isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$config['activation_time'] != 0) {
      
$expiry time() - 60 60 24 $config['activation_time'];
      
$sql "DELETE FROM ".USERS_TABLE."
              WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
      
$site_db->query($sql);
    }
  }
  
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  
$user_name preg_replace("/( ){2,}/"" "$user_name);
  
$user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  
$user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  
$user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  
$user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  
$user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  
$user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";


///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  
$error 0;

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  if (isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$user_name != "") {
      
$sql "SELECT ".get_user_table_field("""user_name")."
              FROM "
.USERS_TABLE."
              WHERE "
.get_user_table_field("""user_name")." = '".strtolower($user_name)."'";
      if (
$site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['user_name']), $lang['field_required']);
      
$error 1;
    }
if (
isaspammer($user_email)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format']; // or add anything else, bots doesn't understand nothing :)
      
$error 1;
    }
    if (
$user_password == "") {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['password']), $lang['field_required']);
      
$error 1;
    }

    if (
$user_email != "") {
      if (
check_email($user_email)) {
        
$sql "SELECT ".get_user_table_field("""user_email")."
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_email")." = '".strtolower($user_email)."'";
        if (
$site_db->not_empty($sql)) {
          
$msg .= (($msg != "") ? "<br />" "").$lang['email_exists'];
          
$error 1;
        }
      }
      else {
        
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['email']), $lang['field_required']);
      
$error 1;
    }

    if (
$captcha_enable_registration && !captcha_validate($captcha)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['captcha_required'];
      
$error 1;
    }


    if (!empty(
$additional_user_fields)) {
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && intval($val[2]) == && trim($HTTP_POST_VARS[$key]) == "") {
          
$error 1;
          
$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$val[0]), $lang['field_required']);
          
$msg .= (($msg != "") ? "<br />" "").$field_error;
        }
  
    
///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////
  
      }

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////

    
}  

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////
  
  } 
// end if

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  else {
    
$error 1;
  }

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  if (!
$error) {
    
$additional_field_sql "";
    
$additional_value_sql "";
    if (!empty(
$additional_user_fields)) {
      
$table_fields $site_db->get_table_fields(USERS_TABLE);
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
          
$additional_field_sql .= ", $key";
          
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
        }
      }
    }
    
$activationkey get_random_key(USERS_TABLEget_user_table_field(""$user_table_fields['user_activationkey']));
    
$user_id $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);

    
$current_time time();
    
$user_level = ($config['account_activation'] == 0) ? USER USER_AWAITING;
    
$user_password_hashed salted_hash($user_password);
    
$sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
$result $site_db->query($sql);

    if (
$result) {
      
$activation_url $script_url."/register.php?action=activate&activationkey=".$activationkey;

      include(
ROOT_PATH.'includes/email.php');
      
$site_email = new Email();
      
$site_email->set_to($user_email);
      
$site_email->set_subject($lang['register_success_emailsubject']);
      
$site_email->register_vars(array(
        
"activation_url" => $activation_url,
        
"user_name" => $user_name,
        
"user_password" => $user_password,
        
"site_name" => $config['site_name']
      ));

      switch(
$config['account_activation']) {
      case 
2:
        
$email_template "register_activation_admin";
        
$msg $lang['register_success_admin'];
        break;
      case 
1:
        if (
$config['language_dir_default'] != $config['language_dir']) {
          
$activation_url .= "&l=".$config['language_dir'];
        }
        
$email_template "register_activation";
        
$msg $lang['register_success'];
        break;
      case 
0:
      default:
        
$email_template "register_activation_none";
        
$msg $lang['register_success_none'];
        break;
      }

      
$site_email->set_body($email_template$config['language_dir']);
      
$site_email->send_email();
      if (
$config['account_activation'] == 2) {
        
$site_email->reset();
        
$site_email->set_to($config['site_email']);
        
$site_email->set_subject($lang['admin_activation_emailsubject']);
        
$user_details_url $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_id."&activation=1");
        
$site_email->register_vars("user_details_url"$user_details_url);
        
$site_email->set_body("admin_activation"$config['language_dir_default']);
        
$site_email->send_email();
      }
    }
    else {
      
$msg $lang['general_error'];
    }
  }

  if (
$error) {
    if (
$user_showemail == 1) {
      
$user_showemail_yes " checked=\"checked\"";
      
$user_showemail_no "";
    }
    else {
      
$user_showemail_yes "";
      
$user_showemail_no " checked=\"checked\"";
    }
    if (
$user_allowemails == 1) {
      
$user_allowemails_yes " checked=\"checked\"";
      
$user_allowemails_no "";
    }
    else {
      
$user_allowemails_yes "";
      
$user_allowemails_no " checked=\"checked\"";
    }
    if (
$user_invisible == 1) {
      
$user_invisible_yes " checked=\"checked\"";
      
$user_invisible_no "";
    }
    else {
      
$user_invisible_yes "";
      
$user_invisible_no " checked=\"checked\"";
    }
    
$site_template->register_vars(array(
      
"user_name" => format_text(stripslashes($user_name), 2),
      
"user_email" => format_text(stripslashes($user_email), 2),
      
"user_homepage" => format_text(stripslashes($user_homepage), 2),
      
"user_icq" => $user_icq,
      
"user_showemail_yes" => $user_showemail_yes,
      
"user_showemail_no" => $user_showemail_no,
      
"user_allowemails_yes" => $user_allowemails_yes,
      
"user_allowemails_no" => $user_allowemails_no,
      
"user_invisible_yes" => $user_invisible_yes,
      
"user_invisible_no" => $user_invisible_no,
      
"lang_user_name" => $lang['user_name'],
      
"lang_password" => $lang['password'],
      
"lang_email" => $lang['email'],
      
"lang_register_msg" => $lang['register_msg'],
      
"lang_submit" => $lang['submit'],
      
"lang_reset" => $lang['reset'],
      
"lang_email" => $lang['email'],
      
"lang_show_email" => $lang['show_email'],
      
"lang_allow_emails" => $lang['allow_emails'],
      
"lang_invisible" => $lang['invisible'],
      
"lang_optional_infos" => $lang['optional_infos'],
      
"lang_homepage" => $lang['homepage'],
      
"lang_icq" => $lang['icq'],
      
"lang_yes" => $lang['yes'],
      
"lang_no" => $lang['no'],
      
"lang_captcha" => $lang['captcha'],
      
"lang_captcha_desc" => $lang['captcha_desc'],
      
"captcha_registration" => (bool)$captcha_enable_registration
    
));

    if (!empty(
$additional_user_fields)) {
      
$additional_field_array = array();
      foreach (
$additional_user_fields as $key => $val) {
        if (
$val[1] == "radio") {
          
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
          if (
$value == 1) {
            
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
            
$additional_field_array[$key.'_no'] = "";
          }
          else {
            
$additional_field_array[$key.'_yes'] = "";
            
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
          }
        }
        else {
          
$value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";
        }
        
$additional_field_array[$key] = $value;
        
$additional_field_array['lang_'.$key] = $val[0];
      }
      if (!empty(
$additional_field_array)) {
        
$site_template->register_vars($additional_field_array);
      }
    }

    
$content $site_template->parse_template("register_form");
  }
}

if (
$action == "activate") {
  if (
$config['activation_time'] != 0) {
    
$expiry time() - 60 60 24 $config['activation_time'];
    
$sql "DELETE FROM ".USERS_TABLE."
            WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
    
$site_db->query($sql);
  }
  if (!isset(
$HTTP_GET_VARS['activationkey'])){
    
$msg $lang['missing_activationkey'];
  }
  else {
    if (
$config['account_activation'] == && $user_info['user_level'] != ADMIN) {
      
show_error_page($lang['no_permission']);
      exit;
    }
    
$activationkey trim($HTTP_GET_VARS['activationkey']);
    
$sql "SELECT ".get_user_table_field("""user_name").get_user_table_field(", ""user_email").get_user_table_field(", ""user_activationkey")."
            FROM "
.USERS_TABLE."
            WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
    
$row $site_db->query_firstrow($sql);
    if (!
$row) {
      
$msg $lang['invalid_activationkey'];
    }
    else {
      
$sql "UPDATE ".USERS_TABLE."
              SET "
.get_user_table_field("""user_level")." = ".USER."
              WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
      
$site_db->query($sql);
      
$msg $lang['activation_success'];

      if (
$config['account_activation'] == 2) {
        include(
ROOT_PATH.'includes/email.php');
        
$site_email = new Email();
        
$site_email->set_to($row[$user_table_fields['user_email']]);
        
$site_email->set_subject($lang['activation_success_emailsubject']);
        
$site_email->register_vars(array(
          
"user_name" => $row[$user_table_fields['user_name']],
          
"site_name" => $config['site_name']
        ));
        
$site_email->set_body("activation_success"$config['language_dir']);
        
$site_email->send_email();
      }
    }
  }
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['register']."</span>";
$page_title $lang['register'].$config['category_separator']; // MOD: Dynamic page title

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_register" => $lang['register']
));
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>



Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #7 on: January 22, 2017, 11:16:30 AM »
Okay here's what I think comes next:

1) Find a place in the submitted portion of the form code where the username and useremail values do print out whatever was entered into the form. This will ensure that the variables are available to the botscout code. 

2) Place the call to the botscout.php file immediately after that (or as close after it as feasible).

3) Also, instead of include(ROOT_PATH.'BotScout.php');, try using a require statement:

     require(ROOT_PATH.'BotScout.php');

Using require will force the code to halt if for some reason it's not actually finding the BotScout.php file, whereas include will not.

Finally, add a print/exit statement to the botscout.php code to verify it's actually being called and is running.
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #8 on: January 22, 2017, 04:29:33 PM »
Awesome tips - thanks.
I changed the code to "require" and moved it back to where I got the print statement to work before - tested and it worked again.
Then I changed the BotScout file to display the diagnostic information and it printed:

Code: [Select]
Test String: http://botscout.com/test/?multi&mail=MYEMAIL&ip=MY IP&key=MY KEY
RETURNED DATA:
Error: No return data from API query.

I changed the email, ip and key in the sample above - but they were correctly displayed.

Now I'm going to sit back and wait for a spammer to try it. I have notifications turned on. - Thanks for all of your help on this. *crossing fingers*

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #9 on: January 22, 2017, 08:02:49 PM »
Code: [Select]
Test String: http://botscout.com/test/?multi&mail=MYEMAIL&ip=MY IP&key=MY KEY
RETURNED DATA:
Error: No return data from API query.


I'd have to review the code- I'm not sure if the "ERROR" indication means that something went wrong or not. It may just mean nothing way found, but according to the API docs it should always return something...hmmm.

Let us know what happens. You may also want to do a test registration just to make sure it's not blocking registrations for some reason.
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #10 on: January 22, 2017, 10:33:33 PM »
I have moved the code around a few times with the diagnostic turned on and keep getting the same error. I'll keep trying different spots in the code tomorrow. Usually, I'm not easily beaten by a script I need, so I refuse to give up.

I've been creating new accounts every time I change the code to test how it functions.

This registration page submits to itself - would that make a difference? For example, when you go to the registration page you are on register.php.
When you click "Agree" you are still on register.php.
When you submit your info you are still on register.php

Either way - thanks for the help. If it can't be done with this script - I'll have to accept that. :)

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #11 on: January 23, 2017, 08:34:13 AM »
This registration page submits to itself - would that make a difference? For example, when you go to the registration page you are on register.php.
When you click "Agree" you are still on register.php.
When you submit your info you are still on register.php

Submitting to the same page is very common and shouldn't be a problem.

The key things are 1) that the user name and email variables be populated and 2) that the BotScout.php file is called as soon as they're available (populated). And, of course, that this be done just before the submitted form fields are processed by the registration code.

Form fields filled out --> Form Submitted --> Botscout intercepts fields --> (accept or reject) --> Form fields processed



Either way - thanks for the help. If it can't be done with this script - I'll have to accept that. :)

We've never found a form that BotScout couldn't be made to work on. From SMF to Wordpress to Joomla to VBulletin and so on, it can be made to work on any form.

Contact forms and registration forms basically work the same way (taking in some fields and submitting them for processing) so I'm sure there's a way to make it work with your form as well.

Would it be possible to send me the whole registration PHP code file?
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #12 on: January 23, 2017, 12:36:00 PM »
Would it be possible to send me the whole registration PHP code file?

Here it is. It shows you the different places I've tried to make it work and failed.

The current position of the BotScout include is about to be moved because it doesn't work in that spot either...
Code: [Select]
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: register.php                                         *
 *        Copyright: (C) 2002-2009 Jan Sorgalla                           *
 *            Email: jan@4homepages.de                                    * 
 *              Web: http://www.4homepages.de                             * 
 *    Scriptversion: 1.7.7                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/

$main_template 'register';

define('GET_CACHES'1);
define('ROOT_PATH''./');
 
define('MAIN_SCRIPT'__FILE__);
include(
ROOT_PATH.'global.php');
require(
ROOT_PATH.'includes/sessions.php');
$user_access get_permission();
include(
ROOT_PATH.'includes/page_header.php');

if (
$action == "") {
  
$action "signup";
}

if (
$user_info['user_level'] != GUEST && $action != "activate") {
  
show_error_page($lang['already_registered']);
}
$content "";

//-----------------------------------------------------
//--- Signup ------------------------------------------
//-----------------------------------------------------
if ($action == "signup") {
  
$site_template->register_vars(array(
    
"lang_agreement" => $lang['agreement'],
    
"lang_agreement_terms" => $lang['agreement_terms'],
    
"lang_agree" => $lang['agree'],
    
"lang_agree_not" => $lang['agree_not']
  ));
  
$content $site_template->parse_template("register_signup");
}

//-----------------------------------------------------
//--- Add New User ------------------------------------
//-----------------------------------------------------
if ($action == "register") {
  if (!isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$config['activation_time'] != 0) {
      
$expiry time() - 60 60 24 $config['activation_time'];
      
$sql "DELETE FROM ".USERS_TABLE."
              WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
      
$site_db->query($sql);
    }
  }
  
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  
$user_name preg_replace("/( ){2,}/"" "$user_name);
  
$user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  
$user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  
$user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  
$user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  
$user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  
$user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";


///////////////////////////////////////////////////
// NOT HERE - prints empty values
////////////////////////////////////////////////////


  
$captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  
$error 0;

///////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  if (isset(
$HTTP_POST_VARS['user_name'])) {
    if (
$user_name != "") {
      
$sql "SELECT ".get_user_table_field("""user_name")."
              FROM "
.USERS_TABLE."
              WHERE "
.get_user_table_field("""user_name")." = '".strtolower($user_name)."'";
      if (
$site_db->not_empty($sql)) {
        
$msg .= (($msg != "") ? "<br />" "").$lang['username_exists'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['user_name']), $lang['field_required']);
      
$error 1;
    }
if (
isaspammer($user_email)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format']; // or add anything else, bots doesn't understand nothing :)
      
$error 1;
    }
  
    if (
$user_password == "") {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['password']), $lang['field_required']);
      
$error 1;
    }

    if (
$user_email != "") {
      if (
check_email($user_email)) {
        
$sql "SELECT ".get_user_table_field("""user_email")."
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_email")." = '".strtolower($user_email)."'";
        if (
$site_db->not_empty($sql)) {
          
$msg .= (($msg != "") ? "<br />" "").$lang['email_exists'];
          
$error 1;
        }
      }
      else {
        
$msg .= (($msg != "") ? "<br />" "").$lang['invalid_email_format'];
        
$error 1;
      }
    }
    else {
      
$msg .= (($msg != "") ? "<br />" "").$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$lang['email']), $lang['field_required']);
      
$error 1;
    }

    if (
$captcha_enable_registration && !captcha_validate($captcha)) {
      
$msg .= (($msg != "") ? "<br />" "").$lang['captcha_required'];
      
$error 1;
    }


    if (!empty(
$additional_user_fields)) {
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && intval($val[2]) == && trim($HTTP_POST_VARS[$key]) == "") {
          
$error 1;
          
$field_error preg_replace("/".$site_template->start."field_name".$site_template->end."/siU"str_replace(":"""$val[0]), $lang['field_required']);
          
$msg .= (($msg != "") ? "<br />" "").$field_error;
        }
  
  
    
///////////////////////////////////////////////////
// NOT HERE - twice tested with require - No return data from API query.
////////////////////////////////////////////////////
  
      }

///////////////////////////////////////////////////
// NOT HERE - twice tested with require
////////////////////////////////////////////////////


    }    
  

////////////////////////////////////////////////////
// NOT HERE - twice tested with require
////////////////////////////////////////////////////
  
  } 
// end if


////////////////////////////////////////////////////
// NOT HERE - twice tested with require - throws page error too
////////////////////////////////////////////////////


  else {
    
$error 1;
  }

////////////////////////////////////////////////////
// NOT HERE
////////////////////////////////////////////////////


  if (!
$error) {
    
$additional_field_sql "";
    
$additional_value_sql "";
    if (!empty(
$additional_user_fields)) {
      
$table_fields $site_db->get_table_fields(USERS_TABLE);
      foreach (
$additional_user_fields as $key => $val) {
        if (isset(
$HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
          
$additional_field_sql .= ", $key";
          
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
        }
      }
    }
  
////////////////////////////////////////////////////
// BotScout.com "BotBuster" check
require(ROOT_PATH.'BotScout.php');
////////////////////////////////////////////////////
  
////////////////////////////////////////////////////
// NOT HERE - No return data from API query.
////////////////////////////////////////////////////
  

  
    
$activationkey get_random_key(USERS_TABLEget_user_table_field(""$user_table_fields['user_activationkey']));
    
$user_id $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);

    
$current_time time();
    
$user_level = ($config['account_activation'] == 0) ? USER USER_AWAITING;
    
$user_password_hashed salted_hash($user_password);
    
$sql "INSERT INTO ".USERS_TABLE."
            ("
.get_user_table_field("""user_id").get_user_table_field(", ""user_level").get_user_table_field(", ""user_name").get_user_table_field(", ""user_password").get_user_table_field(", ""user_email").get_user_table_field(", ""user_showemail").get_user_table_field(", ""user_allowemails").get_user_table_field(", ""user_invisible").get_user_table_field(", ""user_joindate").get_user_table_field(", ""user_activationkey").get_user_table_field(", ""user_lastaction").get_user_table_field(", ""user_lastvisit").get_user_table_field(", ""user_comments").get_user_table_field(", ""user_homepage").get_user_table_field(", ""user_icq").$additional_field_sql.")
            VALUES
            (
$user_id$user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail$user_allowemails$user_invisible$current_time, '$activationkey', $current_time$current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
$result $site_db->query($sql);
  
  

    if (
$result) {
      
$activation_url $script_url."/register.php?action=activate&activationkey=".$activationkey;

      include(
ROOT_PATH.'includes/email.php');
      
$site_email = new Email();
      
$site_email->set_to($user_email);
      
$site_email->set_subject($lang['register_success_emailsubject']);
      
$site_email->register_vars(array(
        
"activation_url" => $activation_url,
        
"user_name" => $user_name,
        
"user_password" => $user_password,
        
"site_name" => $config['site_name']
      ));

      switch(
$config['account_activation']) {
      case 
2:
        
$email_template "register_activation_admin";
        
$msg $lang['register_success_admin'];
        break;
      case 
1:
        if (
$config['language_dir_default'] != $config['language_dir']) {
          
$activation_url .= "&l=".$config['language_dir'];
        }
        
$email_template "register_activation";
        
$msg $lang['register_success'];
        break;
      case 
0:
      default:
        
$email_template "register_activation_none";
        
$msg $lang['register_success_none'];
        break;
      }

      
$site_email->set_body($email_template$config['language_dir']);
      
$site_email->send_email();
      if (
$config['account_activation'] == 2) {
        
$site_email->reset();
        
$site_email->set_to($config['site_email']);
        
$site_email->set_subject($lang['admin_activation_emailsubject']);
        
$user_details_url $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_id."&activation=1");
        
$site_email->register_vars("user_details_url"$user_details_url);
        
$site_email->set_body("admin_activation"$config['language_dir_default']);
        
$site_email->send_email();
      }
    }
    else {
      
$msg $lang['general_error'];
    }
  }

  if (
$error) {
    if (
$user_showemail == 1) {
      
$user_showemail_yes " checked=\"checked\"";
      
$user_showemail_no "";
    }
    else {
      
$user_showemail_yes "";
      
$user_showemail_no " checked=\"checked\"";
    }
    if (
$user_allowemails == 1) {
      
$user_allowemails_yes " checked=\"checked\"";
      
$user_allowemails_no "";
    }
    else {
      
$user_allowemails_yes "";
      
$user_allowemails_no " checked=\"checked\"";
    }
    if (
$user_invisible == 1) {
      
$user_invisible_yes " checked=\"checked\"";
      
$user_invisible_no "";
    }
    else {
      
$user_invisible_yes "";
      
$user_invisible_no " checked=\"checked\"";
    }
    
$site_template->register_vars(array(
      
"user_name" => format_text(stripslashes($user_name), 2),
      
"user_email" => format_text(stripslashes($user_email), 2),
      
"user_homepage" => format_text(stripslashes($user_homepage), 2),
      
"user_icq" => $user_icq,
      
"user_showemail_yes" => $user_showemail_yes,
      
"user_showemail_no" => $user_showemail_no,
      
"user_allowemails_yes" => $user_allowemails_yes,
      
"user_allowemails_no" => $user_allowemails_no,
      
"user_invisible_yes" => $user_invisible_yes,
      
"user_invisible_no" => $user_invisible_no,
      
"lang_user_name" => $lang['user_name'],
      
"lang_password" => $lang['password'],
      
"lang_email" => $lang['email'],
      
"lang_register_msg" => $lang['register_msg'],
      
"lang_submit" => $lang['submit'],
      
"lang_reset" => $lang['reset'],
      
"lang_email" => $lang['email'],
      
"lang_show_email" => $lang['show_email'],
      
"lang_allow_emails" => $lang['allow_emails'],
      
"lang_invisible" => $lang['invisible'],
      
"lang_optional_infos" => $lang['optional_infos'],
      
"lang_homepage" => $lang['homepage'],
      
"lang_icq" => $lang['icq'],
      
"lang_yes" => $lang['yes'],
      
"lang_no" => $lang['no'],
      
"lang_captcha" => $lang['captcha'],
      
"lang_captcha_desc" => $lang['captcha_desc'],
      
"captcha_registration" => (bool)$captcha_enable_registration
    
));

    if (!empty(
$additional_user_fields)) {
      
$additional_field_array = array();
      foreach (
$additional_user_fields as $key => $val) {
        if (
$val[1] == "radio") {
          
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
          if (
$value == 1) {
            
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
            
$additional_field_array[$key.'_no'] = "";
          }
          else {
            
$additional_field_array[$key.'_yes'] = "";
            
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
          }
        }
        else {
          
$value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";
        }
        
$additional_field_array[$key] = $value;
        
$additional_field_array['lang_'.$key] = $val[0];
      }
      if (!empty(
$additional_field_array)) {
        
$site_template->register_vars($additional_field_array);
      }
    }

    
$content $site_template->parse_template("register_form");
  }
}

if (
$action == "activate") {
  if (
$config['activation_time'] != 0) {
    
$expiry time() - 60 60 24 $config['activation_time'];
    
$sql "DELETE FROM ".USERS_TABLE."
            WHERE ("
.get_user_table_field("""user_lastaction")." < $expiry) AND ".get_user_table_field("""user_level")." = ".USER_AWAITING;
    
$site_db->query($sql);
  }
  if (!isset(
$HTTP_GET_VARS['activationkey'])){
    
$msg $lang['missing_activationkey'];
  }
  else {
    if (
$config['account_activation'] == && $user_info['user_level'] != ADMIN) {
      
show_error_page($lang['no_permission']);
      exit;
    }
    
$activationkey trim($HTTP_GET_VARS['activationkey']);
    
$sql "SELECT ".get_user_table_field("""user_name").get_user_table_field(", ""user_email").get_user_table_field(", ""user_activationkey")."
            FROM "
.USERS_TABLE."
            WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
    
$row $site_db->query_firstrow($sql);
    if (!
$row) {
      
$msg $lang['invalid_activationkey'];
    }
    else {
      
$sql "UPDATE ".USERS_TABLE."
              SET "
.get_user_table_field("""user_level")." = ".USER."
              WHERE "
.get_user_table_field("""user_activationkey")." = '$activationkey'";
      
$site_db->query($sql);
      
$msg $lang['activation_success'];

      if (
$config['account_activation'] == 2) {
        include(
ROOT_PATH.'includes/email.php');
        
$site_email = new Email();
        
$site_email->set_to($row[$user_table_fields['user_email']]);
        
$site_email->set_subject($lang['activation_success_emailsubject']);
        
$site_email->register_vars(array(
          
"user_name" => $row[$user_table_fields['user_name']],
          
"site_name" => $config['site_name']
        ));
        
$site_email->set_body("activation_success"$config['language_dir']);
        
$site_email->send_email();
      }
    }
  }
}

//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
$clickstream "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['register']."</span>";
$page_title $lang['register'].$config['category_separator']; // MOD: Dynamic page title

//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
  
"content" => $content,
  
"msg" => $msg,
  
"clickstream" => $clickstream,
  
"page_title" => $page_title// MOD: Dynamic page title
  
"lang_register" => $lang['register']
));
$site_template->print_template($site_template->parse_template($main_template));
include(
ROOT_PATH.'includes/page_footer.php');
?>


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #13 on: January 23, 2017, 04:33:34 PM »
Okay, try this...

1) First, change these lines in your BotScout.php file:

BEFORE:
Code: [Select]
   // create your own custom form fields here
   // see documentation for more information
   $XUSER = $_POST['user_name'];
   $XMAIL = $_POST['user_email'];


AFTER:
Code: [Select]
   // create your own custom form fields here
   // see documentation for more information
   $XUSER = $user_name;
   $XMAIL = $user_email;




2) Then, find this section  in the registration.php file and make it look like this:

Code: [Select]
if (!$error) {
    $additional_field_sql = "";
    $additional_value_sql = "";
    if (!empty($additional_user_fields)) {
      $table_fields = $site_db->get_table_fields(USERS_TABLE);
      foreach ($additional_user_fields as $key => $val) {
        if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
          $additional_field_sql .= ", $key";
          $additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
        }
      }
    }
     
   // add this line
   print "FORM VAUES: UserID: $user_id<br>UserLevel: $user_level<br>UserName: $user_name<br>UserEmail: $user_email <br>";


   // call the botscout file...
   ////////////////////////////////////////////////////
   // BotScout.com "BotBuster" check
   require(ROOT_PATH.'BotScout.php');
   ////////////////////////////////////////////////////


// quit here so we don't pollute the user table
exit;

    // (marker, these don't get changed)
    $activationkey = get_random_key(USERS_TABLE, get_user_table_field("", $user_table_fields['user_activationkey']));
    $user_id = $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);



3) Turn on diagnostic output in the BotScout file, use the standard query to us (not XML), and try to register. Use a known bad name and email when you register:

name: krasnhello
email: krasnhello@mail.ru

...and let's see what gets printed out. :)


A return message of "Error: No return data from API query" means you're not getting any data sent back from us, and that's a problem. You should get something sent back that starts off, "API Data: (returned data)".

The only reasons I can think of for that happening is that maybe curl isn't configured correctly on the server or maybe it has some outgoing restriction on it. (??)
« Last Edit: January 23, 2017, 04:48:01 PM by Mike »
Please don't PM me for assistance- post your questions in the forum where others can see them.

comicart

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Set up help needed. Not blocking known spammers. Here's my code.
« Reply #14 on: January 23, 2017, 09:28:49 PM »
How do I use the "standard query" not XML?

I did everything but that step and submitted and got this:

Code: [Select]
FORM VAUES: UserID:
UserLevel:
UserName: krasnhello
UserEmail: krasnhello@mail.ru
Test String: http://botscout.com/test/?multi&mail=krasnhello%40mail.ru&ip=71.204.83.202&key=XXXXXXXXXXXXXX
RETURNED DATA:
Error: No return data from API query.
« Last Edit: January 23, 2017, 09:51:32 PM by Mike »