twisterarmy
/
cloud-server
mirror of https://github.com/twisterarmy/cloud-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add registration timeout to prevent bot attacks

main
ghost 3 years ago
parent
17edfc4418
commit
b37353ff30
4 changed files with 49 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      src/application/controller/register.php
  2. 18
      src/application/model/user.php
  3. 13
      src/application/view/register_timeout.phtml
  4. 4
      src/config-default.php

15
src/application/controller/register.php
Unescape View File

@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) { @@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) {
exit;
}
// Prevent bot attacks by new registrations timeout
if (APPLICATION_USER_REGISTRATION_TIMEOUT) {
if ($lastUser = $_modelUser->getLastUser()) {
if ($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT > time()) {
$nextUserRegistrationTime = Format::time($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT, false);
require(PROJECT_DIR . '/application/view/register_timeout.phtml');
exit;
}
}
}
// Process form request
if (isset($_POST) && $_POST) {

18
src/application/model/user.php
Unescape View File

@ -17,6 +17,24 @@ class ModelUser extends Model { @@ -17,6 +17,24 @@ class ModelUser extends Model {
}
}
public function getLastUser() {
try {
$query = $this->_db->query("SELECT * FROM `user`
JOIN `block` ON (`user`.`blockId` = `block`.`blockId`)
ORDER BY `userId` DESC
LIMIT 1");
return $query->rowCount() ? $query->fetch() : [];
} catch (PDOException $e) {
trigger_error($e->getMessage());
return false;
}
}
public function userNameExists(string $userName) {
try {

13
src/application/view/register_timeout.phtml
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
<?php include(PROJECT_DIR . '/application/controller/common/header/guest.php') ?>
<div class="mw-1024 mx-auto of-hidden">
<div class="mw-360 mx-auto my-100 bg-c-4 b-r-3 py-28 px-24">
<h1 class="f-size-20 f-normal mb-20"><?php echo _('Register') ?></h1>
<div class="mb-22">
<?php echo sprintf(_('New user can be registered %s.'), $nextUserRegistrationTime) ?>
</div>
<div class="mt-4">
<a class="btn btn-1 d-inline-block" href="login"><?php echo _('Login') ?></a>
</div>
</div>
</div>
<?php include(PROJECT_DIR . '/application/controller/common/footer/guest.php') ?>

4
src/config-default.php
Unescape View File

@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true); @@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true);
define('APPLICATION_FOLLOW_ON_REGISTRATION', []);
define('APPLICATION_MAX_POST_SPLIT', 5);
define('APPLICATION_MAX_POST_FEED', 50);
define('APPLICATION_MAX_POST_FEED', 50);
define('APPLICATION_USER_REGISTRATION_TIMEOUT', 86400);
Write Preview
Loading…
Cancel
Save