Light spam protection of NewCostumer authentication - via AuthController override

[Assramm (cz)]

Hi all,

please can you help me finish this idea of checking NewAccount form (firstname and lastname labels) SPAM words..?

My idea was create override for authentication of new costummer to /override/controllers/front.

I found AuthController.php and I need to check here "text" filled into firstname and lastname labels and stop it if here will be "www, .ru, .com, or just ." characters!!! Nothing more.

(I know that GeoLocation, or reCaptcha, or doekias sollution is better , but I have l some sord of stores, where those solutions are not possible use).

I have this code bellow in my own AuthController.php in /override/controllers/front/ dorectory, but code which I have did not working..  ..probably because Im PHP lama:(

Please, help me:)

INFO: This solution use Nemo in his spam protection for CostumerService form (video here: https://www.youtube.com/watch?v=D3_gvr0Raww)

 

<?php

class AuthController extends AuthControllerCore
{
    public function postProcess()
    {
        if(Tools::isSubmit('submitAccount'))   {
         
         $costumer = Tools::getValue('costumer');
         $from = Tools::getValue('from');
         
         $firstnameAddress = ['.ru', 'www', '.com', '.'];
         $lastnameAddress = ['.ru', 'www', '.com', '.'];

         foreach ($firstnameAddress as $string) {
            if(strstr($from, $string))
                $this->errors[] = Tools::displayError('This name is not allowed');
                }
         foreach ($lastnameAddress as $string) {
            if(strstr($from, $string))
                $this->errors[] = Tools::displayError('This surname is not allowed');
                } 
        }
        parent::postProcess();
    }    
}

 

 

[NemoPS]

That looks like it could work, is it not?

[doekia]

Why playing with security matters?

 

 

 

[ksaan]

On 4/30/2019 at 11:37 AM, Assramm (cz) said:

(I know that GeoLocation, or reCaptcha, or doekias sollution is better , but I have l some sord of stores, where those solutions are not possible use).

 

@doekia he said he cant use these solutions

[ksaan]

On 4/30/2019 at 11:37 AM, Assramm (cz) said:

 

<?php

class AuthController extends AuthControllerCore
{
    public function postProcess()
    {
        if(Tools::isSubmit('submitAccount')) {
         
	         $costumer = Tools::getValue('costumer');
	         $from = Tools::getValue('from');
	         
	         $firstnameAddress = ['.ru', 'www', '.com', '.'];
	         $lastnameAddress = ['.ru', 'www', '.com', '.'];

	         foreach ($firstnameAddress as $string) {
	            if(strstr($from, $string)) {
	                $this->errors[] = Tools::displayError('This name is not allowed');
	            }
	         }
	         foreach ($lastnameAddress as $string) {
	            if(strstr($from, $string)) {
	                $this->errors[] = Tools::displayError('This surname is not allowed');
	            }
	         }
	    }
        parent::postProcess();
    }    
}

You need to open one { after "if(strstr($from, $string))"

You need to close the foreach.

Fixed it for you  but consider hiring a professional as you're playing with fire here !

 

Edited May 1, 2019 by ksaan (see edit history)

[doekia]

Better explain what does not fits with those solutions. Specially since this is actually push to the core project and will then be rolled-out on next release.

If the case is legitimate, it may affect others and needs to be escalated before we ruin shops having the same use case

 

 

Edited May 1, 2019 by doekia (see edit history)

[Assramm (cz)]

Hello ALL, and thank you for your help here!

I thaught, that this solution can only prevent Firstname and Lastnname fileds for fill here characters (or string) which one are not necessary ..

Im not PHP programer, so if you thing, or tell me, that this can make some collision for store, I will stop that and I will use doekias solution. (I thaught that Overrides like this one can do some +functions which programer or developer need and there is not effect for CORE files, which one can be upgraded by actualizations).. 

 

Problem was, that I have several stores, where I need do registration and order form simplest as possible (reCaptcha is not good for older costumer - one shop are costumers avarage 40-50+, and else..).

So this is not good idea do it like that? 

I tryed find some lightway and simple way or solution - just protect Firstname and Lastname labels:(

Thank you very much all of you, for your help and your time!

Best regards, Jiri.

 

[doekia]

The patch solely AFAIK prevent first name or last name that does not exists.

Basically all special chars are refused. It should not collide with real user name, hence not indispose them. But if exception exists let us know. 

Any char in the regex are refused. Sole exceptions the . not at the end or not followed by a space. 

Tell us any use case that could be an issue for you

Edited May 2, 2019 by doekia (see edit history)