Phone number format

Discussion in 'General Support' started by thehippyelf, Feb 6, 2016.

  1. thehippyelf

    thehippyelf Member

    Joined:
    Aug 25, 2015
    Messages:
    239
    Likes Received:
    10
    Hi, i'm receiving countless 'bot' attacks creating endless accounts on my website. Is there a way of limiting new users to enter their phone number in the following format;

    00000-000000

    as apposed to no limitation? At the moment, all the bot registered accounts have phone numbers in the format 000-0000000

    Please help :(
     
  2.  
  3. hhavatar

    hhavatar Donor Donor

    Joined:
    Jul 28, 2014
    Messages:
    747
    Likes Received:
    74
    what you're going to have to do is go into register.php and add another condition.
    it'd be a preg_match on the input.
    Something like
    Code:
    elseif (!preg_match('/^[0-9]{3}$/D'*-['/^[0-9]{7}$/D'+$/i', $_POST['TPL_phone'])
    
    this is a rough put together. The {3} and the {7} define the digits and the *- defines the split between them. I've not tested it and dont think the brackets are right but this is the path you'll need to go down.
     
  4. thehippyelf

    thehippyelf Member

    Joined:
    Aug 25, 2015
    Messages:
    239
    Likes Received:
    10
    Ok thank you, i'll give it a go and let you know :)
     
  5. thehippyelf

    thehippyelf Member

    Joined:
    Aug 25, 2015
    Messages:
    239
    Likes Received:
    10
    This is going to sound stupid but where abouts would I add your code? Been looking through register.php and cannot for the life of me work out where :-/
     
  6. renlok

    renlok Administrator Staff Member

    Joined:
    Oct 20, 2008
    Messages:
    2,858
    Likes Received:
    329
    can make the regex much simpler than @hhavatar example you just need /[0-9]{3}-[0-9]{7}/

    after
    PHP:
    elseif (!empty($birth_month) && !empty($birth_day) && !empty($birth_year) && !checkdate($birth_month$birth_day$birth_year))
            {
                
    $ERR $ERR_117;
            }
    add
    PHP:
    elseif (!preg_match('/[0-9]{5}-[0-9]{6}/'$_POST['TPL_phone'])
            {
                
    $ERR 'phone number not valid';
            }
     
    david62311 and hhavatar like this.
  7. thehippyelf

    thehippyelf Member

    Joined:
    Aug 25, 2015
    Messages:
    239
    Likes Received:
    10
    That works perfectly thanks renlok :)
    Just one extra closing bracket on the top line needed to make it work correctly;

    elseif (!preg_match('/[0-9]{5}-[0-9]{6}/', $_POST['TPL_phone']))
    {$ERR = 'phone number not valid';
    }

    Could I just ask if there was a way of making the separator (-) appear when the user is registering and entering their phone number. i.e. when they enter the first 5 digits (let's say 01234) the separator appears and they can carry on entering the remaining 6 digits...?
     
    david62311 likes this.
  8. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,098
    Likes Received:
    235
    I'm trying the code out and when I try to register on my Webid 1.2 script it gives me an internal 500 error.
    is currently unable to handle this request.

    500

    Why would it do that? Is there another code adjustment on the register.php page for this that might have a conflict with it? Can you help please? I would like to add this feature or get it added to Github if we can...........actually never mind thehippyelf pointed out it was missing a parenthesis.

    @thehippyelf Thanks for pointing that out. I see the closing parenthesis now on the same line the 'TPL_phone' is on. It should be:
    PHP:
    elseif (!preg_match('/[0-9]{5}-[0-9]{6}/'$_POST['TPL_phone']))
            {
                
    $ERR 'phone number not valid';
            }
    Update: Okay, I tested this out and my register is not mandatory for the phone number. I typed in 000-00000 and got the alert message at the top. This works! Nice teamwork! Good job!

    @renlok can you add this to Webid github site please?

    Actually futher testing this is not working for my own real phone number which I've used a lot of time. In the U.S. our amount of numbers is like this. 555-555-5555 Now, I entered my number like I did a lot of time without the the hyphens and it gave me an error. Maybe that code I found yesterday will work here. I will have find it again. I will be back.
     
    Last edited: Jul 6, 2016
  9. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,098
    Likes Received:
    235
    An example as I mentioned above for the U.S. Phone numbers is 555-555-5555.

    The code could look like this but, would need an example shown so people follow it otherwise they may enter their phone number like 5555555555 and not know why there is an error alert popping up and would probably be stuck on the register page and give up trying after a couple of times. Showing an example would be a wise decision.
    PHP:
    elseif (!preg_match('/[0-9]{3}-[0-9]{3}-[0-9]{4}/'$_POST['TPL_phone']))
            {
                
    $ERR 'phone number not valid';
            }
    We should try to make it so there is more than just one way to type in the phone number.
     
  10. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,098
    Likes Received:
    235
    This is what I had put in the post before for the register.php file. I guess I added the text message 'phone number not valid' there. It's not part of the script.

    I had wiped swapped to using a new database so, I wouldn't lose my old database. I installed a fresh copy of Webid and when I did, all of my security went kaput. I wasn't paying attention to my site and I ended up with 30 bots that registered on my site just in a couple of days, using the old image captcha which is the worst captcha to use. The Google Recaptcha is not bot proof either but, it does a decent job. The bots used these phone numbers:

    You see what they all have in common right? Adjusting your pregmatch code to the way you want it will most likely prevent a bot from joining. Updating this feature alone can make it secure even without using a captcha. You see how I did 3 3 4 there right? You can make it whatever you want. Be sure to put the hyphen where you want it.
     
  11. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,098
    Likes Received:
    235
    I may have confused everybody with my last couple of posts. This is not as easy as just popping it in there. Let me try to clear up what I really should be saying. Find this on the register.php page around line 202:

    PHP:
    $ERR $ERR_117;
    Below that code add this:

    PHP:
            } elseif (!preg_match('/[0-9]{10}/'$_POST['TPL_phone'])) {
                
    $ERR 'phone number not valid';
    Make the amount of numbers that you want. I put a 10 there because United States numbers are 10 digits usually. This code is set not to have hyphens. You can add to the $ERR message whatever you like.

    In order for it to work against bots, go where I am showing in the picture and make the Telephone Field Required.

    capture-20181123-231545.png

    I don't know why the bots like to fill this out with a bogus number like I showed examples in post #9 like with 9999999 or 10000000 but, they do. They always use hyphens too. The way the code I have here doesn't use hyphens. You could make that 10 an 11 and if there is a hyphen added, they won't get in.

    If you want hyphens then this is similar to post #8 how it should be set up. This would be the way the United States number would be but, these days hyphens are usually not added when someone adds a number on a first attempt.
    PHP:
            } elseif (!preg_match('/[0-9]{3}-[0-9]{3}-[0-9]{4}/'$_POST['TPL_phone'])) {
                
    $ERR 'phone number not valid';
    If you got any questions then feel free to ask. I don't mind helping with this.
     

Share This Page