Please help modifying an override

[selwynorren]

I have teh recaptcha module installed and it seems to be working very well.

However, every now and then I still get spam emails coming through, so I have to assume it's someone manually filling out the form, however it seems most unlikely. I have no idea at all how they are still getting through.

I saw a post from nemoPS that prevents certain emails and message contents from being used, however as the recaptcha already has an override, I have no idea how to join these successfully. I am about 90% there, I can either get it that is gives the relevant error message, however then a legitimate form does not go through, or I still get the warning, however it still sends the email.

Can someone please review the code and help fixing the stupid blunders I am making. OOP PHP simply just escapes me.

<?php
/**
 * Copyright (C) 2017-2018 thirty bees
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Academic Free License (AFL 3.0)
 * that is bundled with this package in the file LICENSE.md.
 * It is also available through the world-wide-web at this URL:
 * http://opensource.org/licenses/afl-3.0.php
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to [email protected] so we can send you a copy immediately.
 *
 * @author    thirty bees <[email protected]>
 * @copyright 2017-2018 thirty bees
 * @license   Academic Free License (AFL 3.0)
 */
class ContactController extends ContactControllerCore
{
    /*
    * module: nocaptcharecaptcha
    * date: 2022-12-15 09:48:15
    * version: 1.1.2
    */
    public function postProcess()
    {
        if (!Module::isEnabled('nocaptcharecaptcha')
            || !@filemtime(_PS_MODULE_DIR_.'nocaptcharecaptcha/nocaptcharecaptcha.php')
        ) {
            return parent::postProcess();
        }
        require_once _PS_MODULE_DIR_.'nocaptcharecaptcha/nocaptcharecaptcha.php';
        $recaptcha = new NoCaptchaRecaptcha();
        if (Tools::isSubmit('submitMessage') && $recaptcha->needsCaptcha('contact', trim(Tools::getValue('from')))) {
            $recaptchalib = new NoCaptchaRecaptchaModule\RecaptchaLib(Configuration::get('NCRC_PRIVATE_KEY'));
            $resp = $recaptchalib->verifyResponse(Tools::getRemoteAddr(), Tools::getValue('g-recaptcha-response'));
            if ($resp == null || !($resp->success)) {
                if ($resp->error_codes[0] === 'invalid-input-secret') {
                    $this->errors[] = Tools::displayError(
                        Translate::getModuleTranslation(
                            'nocaptcharecaptcha',
                            'The reCAPTCHA secret key is invalid. Please contact the site administrator.',
                            'configure'
                        )
                    );
                } elseif ($resp->error_codes[0] === 'google-no-contact') {
                    if (!Configuration::get('NCRC_GOOGLEIGNORE')) {
                        $this->errors[] = Tools::displayError(
                            Translate::getModuleTranslation(
                                'nocaptcharecaptcha',
                                'Unable to connect to Google in order to verify the captcha. Please check your server settings or contact your hosting provider.',
                                'configure'
                            )
                        );
                    }
                } else {
                    $this->errors[] = Tools::displayError(
                        Translate::getModuleTranslation(
                            'nocaptcharecaptcha',
                            'Your captcha was wrong. Please try again.',
                            'configure'
                        )
                    );
                }
                $this->context->smarty->assign('authentification_error', $this->errors);
                return;
            }
        }
        // return parent::postProcess();

        if(Tools::isSubmit('submitMessage')) {
 
            $message = Tools::getValue('message');
            $from = Tools::getValue('from');
 
            $banned_in_email = ['.ru', '[email protected]', '.vn'];
            $banned_content = ['email marketing', 'AIWriter'];
 
            foreach ($banned_in_email as $string) {
                if(strstr($from, $string))
                    $this->errors[] = Tools::displayError('This email address is not allowed');
                return;
            }
 
            foreach ($banned_content as $string) {
                if(strstr($message, $string))
                    $this->errors[] = Tools::displayError('Invalid Content');
                return;
            }
        }
        parent::postProcess();
    }
}

I would really appreciate any help or advice

[datakick]

11 hours ago, selwynorren said:

            foreach ($banned_in_email as $string) {
                if(strstr($from, $string))
                    $this->errors[] = Tools::displayError('This email address is not allowed');
                return;
            }

This is wrong. You always exit from foreach with a return, during the first iteration.

You want to return only when error is encountered. Add {...} to your if statements, like this:

foreach ($banned_in_email as $string) {
    if (strstr($from, $string)) {
        $this->errors[] = Tools::displayError('This email address is not allowed');
        return;
    }
}

 

[nickz]

Does the Spam come thru the form or is that particular email you use also used in other occassions?

[selwynorren]

You guys are awesome, datakick, on point as always, that worked perfectly thanks so much

nickz the spam only comes in via the form, nowhere else