add registration timeout to prevent bot attacks

2025-03-13 05:51:46 +00:00 · 2021-12-30 08:23:24 +02:00 · 2021-12-30 08:23:24 +02:00 · b37353ff30
commit b37353ff30
parent 17edfc4418
4 changed files with 49 additions and 1 deletions
--- a/src/application/controller/register.php
+++ b/src/application/controller/register.php
@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) {
    exit;
 }

+// Prevent bot attacks by new registrations timeout
+if (APPLICATION_USER_REGISTRATION_TIMEOUT) {
+
+  if ($lastUser = $_modelUser->getLastUser()) {
+
+    if ($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT > time()) {
+
+        $nextUserRegistrationTime = Format::time($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT, false);
+
+        require(PROJECT_DIR . '/application/view/register_timeout.phtml');
+        exit;
+    }
+  }
+}
+
 // Process form request
 if (isset($_POST) && $_POST) {

--- a/src/application/model/user.php
+++ b/src/application/model/user.php
@ -17,6 +17,24 @@ class ModelUser extends Model {
    }
  }

+  public function getLastUser() {
+
+    try {
+
+      $query = $this->_db->query("SELECT * FROM `user`
+                                           JOIN `block` ON (`user`.`blockId` = `block`.`blockId`)
+                                           ORDER BY `userId` DESC
+                                           LIMIT 1");
+
+      return $query->rowCount() ? $query->fetch() : [];
+
+    } catch (PDOException $e) {
+
+      trigger_error($e->getMessage());
+      return false;
+    }
+  }
+
  public function userNameExists(string $userName) {

    try {
--- a/src/application/view/register_timeout.phtml
+++ b/src/application/view/register_timeout.phtml
@ -0,0 +1,13 @@
+<?php include(PROJECT_DIR . '/application/controller/common/header/guest.php') ?>
+<div class="mw-1024 mx-auto of-hidden">
+  <div class="mw-360 mx-auto my-100 bg-c-4 b-r-3 py-28 px-24">
+    <h1 class="f-size-20 f-normal mb-20"><?php echo _('Register') ?></h1>
+    <div class="mb-22">
+      <?php echo sprintf(_('New user can be registered %s.'), $nextUserRegistrationTime) ?>
+    </div>
+    <div class="mt-4">
+      <a class="btn btn-1 d-inline-block" href="login"><?php echo _('Login') ?></a>
+    </div>
+  </div>
+</div>
+<?php include(PROJECT_DIR . '/application/controller/common/footer/guest.php') ?>
--- a/src/config-default.php
+++ b/src/config-default.php
@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true);
 define('APPLICATION_FOLLOW_ON_REGISTRATION', []);

 define('APPLICATION_MAX_POST_SPLIT', 5);
-define('APPLICATION_MAX_POST_FEED', 50);
+define('APPLICATION_MAX_POST_FEED', 50);
+
+define('APPLICATION_USER_REGISTRATION_TIMEOUT', 86400);