Bad Word Filtering - website contact forms

6 posts by 3 authors in: Forums > CMS Builder
Last Post: September 3, 2013   (RSS)

By Djulia - September 2, 2013

Hi Zick,

Here is a first approach:

$preventAlerts = '';

// Stop Words Check
$stopWords[] = 'sex';
$stopWords[] = 'money';
        
foreach (@$_REQUEST as $fieldName => $fieldValue) {
    foreach ($stopWords as $wordKey => $wordValue) {
        $pattern = '/.*' . preg_quote($wordValue, '/') . '.*/i';
        if (is_array($fieldValue)) { $fieldValue = implode(",", $fieldValue); }
        if (get_magic_quotes_gpc()) { $fieldValue = stripslashes($fieldValue); }
        if (preg_match($pattern, $fieldValue)) {
            $preventAlerts .= "Bad word : (".htmlspecialchars($wordValue).") !<br/>\n";
        }
    }
}

if (!$preventAlerts) {
    // Process form
}

Good luck!

Djulia

Hi Zick,

Assuming your bad word list file contains a new word on each line like this:

these
are
bad
words

Then you could use the following method to filter the words:


  //Our word string
  $words = "These are some words";
  $words_array = explode(" ", $words);

  //Get our bad word lists contents from the file and store in in a string
  $badWordList  = file_get_contents( dirname(__FILE__) . '/bad_word_list.txt' );
  //Make an array of bad words
  $badWordArray = explode("\r\n", $badWordList);

  //Cycle through all the words in our message
  foreach($words_array as $word){
    //Search the array of bad words for our word, if it's in there don't process the form
    if(in_array($word, $badWordArray)){
      redirectBrowserToUrl("thanks.php");
    } 
  }
  //If we've made it to this point, our string doesn't contain any obvious bad words

  /*
  * Process form
  */

So $words would be the message or string that you want to search, then you explode this message into an array of words.  The get_file_contents function is used to turn the contents of the file into a string, and then it's turned into an array of words using the explode function.

Finally a foreach loop is used to cycle through the messages words and check if they appear in the bad word array.

Let me know if you have any questions.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By Mikey - September 2, 2013

Thanks for the help Greg.

So, ultimately what I'd like to do is have a menu type:single record within CMS Builder (bad_word_list.php), where I could add new bad words as needed - without the need to open the .txt file. So I created a menu type: single record  (bad_word_list.php) and change the "content" to a textbox and checked the following code (Disable auto-formatting (don't add break tags to content)) but this put the words all on one line with a space between each and didn't work.

So I then unchecked the following code (Disable auto-formatting (don't add break tags to content)), and this makes each word on a new line, but adds a <br /> before the previous word. Such as:

This<br />
are<br />
bad<br />
words

... and the actual view source page code looks like this for the  (bad_word_list.php) file, so I suspect this wont work any now.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head>  
<title>Bad Words List</title>  
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />

 </head>
<body>

This<br />
are<br />
bad<br />
words
</body>
</html>

But with all that said is it possible to use a menu type:single record within CMS Builder (bad_word_list.php), where I could add new bad words as needed - without the need to open the .txt file?

Here's a few attempts I made with no success.

//Our word string
  $words = "These are some words";
  $words = str_replace(array("<br />"), " ", $words);  
  $words_array = explode(" ", $words);
  //$words_array = explode("<br/>", $words);
  //$words_array = str_replace("<br />"," ",explode(" ", $words));

  //Get our bad word lists contents from the file and store in in a string
  //$badWordList  = file_get_contents( dirname(__FILE__) . '/bad_word_list.txt' );
  $badWordList  = file_get_contents( dirname(__FILE__) . '/bad_words_list.php' );

  //Make an array of bad words
  $badWordArray = explode("\r\n", $badWordList);

  //Cycle through all the words in our message
  foreach($words_array as $word){
    //Search the array of bad words for our word, if it's in there don't process the form
    if(in_array($word, $badWordArray)){
      redirectBrowserToUrl("thanks.php");
    } 
  }

  //If we've made it to this point, our string doesn't contain any obvious bad words

  /*
  * Process form
  */

Thanks for your help!

Zick

Hi Zick,

I think your close to getting the solution. I've modified it so that the system doesn't need to get the words from another PHP file, and gets the list directly from the section:

  //Our word string
  $words = "These are some words";
  $words_array = explode(" ", $words);

  //Get our bad word lists contents from the bad_words section
  $badWordSection  = mysql_get('bad_words', 1);
  $badWordList     = $badWordSection['words'];

  //Make an array of bad words
  $badWordArray = explode("\n", $badWordList);

  //Cycle through all the words in our message
  foreach($words_array as $word){
    //Search the array of bad words for our word, if it's in there don't process the form
    if(in_array($word, $badWordArray)){
      redirectBrowserToUrl("thanks.php");
    } 
  }
  //If we've made it to this point, our string doesn't contain any obvious bad words

  /*
  * Process form
  */

So the section I created also used a text box which didn't have auto-formatting selected, the section was called bad_words, and the text box field was called words.

The mysql_get function returns the first (and only record) from the section called bad_words, and assigns it to the variable badWordSection, then the contents of the field words is assigned to the variable badWordList. 

The other change is changing the explode delimiter from \r\n to just \n, as the new line break that is used in the database is different to the one used in a text file.

After this point the system is the same as before.

Thanks!

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By Mikey - September 3, 2013 - edited: September 3, 2013

Thanks for the guidance and help Greg.... everything seems to be working great so far!