sander marechal wrote: Hehe, I just found an even easier way in another thread on this forum. Open up your profile_add_body.tpl and add the following on line 3 (just below the <form> command):Next, open up includes/usercp_register.php and find this bit around line 255:Code: Select all
<input type="hidden" name="mysecretvar" value="1">
Just below that, add these lines:Code: Select all
$passwd_sql = ''; if ( $mode == 'editprofile' ) { if ( $user_id != $userdata['user_id'] ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile']; } } else if ( $mode == 'register' ) {
You can replace 'mysecretvar' for another variable name if you want to.Code: Select all
//First, weed out any remote register scripts. Easily identifyable since they have no mysecretvar set if( !isset($_POST['mysecretvar']) ) { message_die(GENERAL_ERROR, 'Die, you spammer >:( '); }
tk-123 wrote: (I'm running phpBB 2.0.3, by the way)
firlefanz wrote: ... I installed your solution posted here three days ago, since then no spam bot in view!
Could not obtain user information
DEBUG MODE
SQL Error : 1054 Unknown column 'user_newpasswd' in 'field list'
SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM phpbb_users WHERE user_id = 15
Line : 35
File : /www/htdocs/v094823/phpBB2/includes/usercp_activate.php
sander marechal wrote: The modification I made is easy to understand. I added an extra variable to the registration form. If that variable is not there when you process a new registration then it must be a spambot (because spambots work with the default registation form without the extra variable).
I also checked the link you posted and it's similar to what I did. They just check the website given by the new member instead of an extra variable. There's an upside and a downside to either method:So you see, just pick whatever suits you best.
- My scripts still allows genuine people to register with a website. Their method disallows that (inconvenient), but you can still change the website when editing your profile later on.
- Their method will also deter real people signing up to just to get their URL in the memberlist. My method only stops the bots from registering.
tk-123 wrote: I'm running phpBB 2.0.3, by the way