From b37353ff303c070541aeaf9be14a5be8a88402dc Mon Sep 17 00:00:00 2001
From: ghost <noreply@localhost>
Date: Thu, 30 Dec 2021 08:23:24 +0200
Subject: [PATCH] add registration timeout to prevent bot attacks

---
 src/application/controller/register.php     | 15 +++++++++++++++
 src/application/model/user.php              | 18 ++++++++++++++++++
 src/application/view/register_timeout.phtml | 13 +++++++++++++
 src/config-default.php                      |  4 +++-
 4 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 src/application/view/register_timeout.phtml

diff --git a/src/application/controller/register.php b/src/application/controller/register.php
index 07e95c7..b625d18 100644
--- a/src/application/controller/register.php
+++ b/src/application/controller/register.php
@@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) {
     exit;
 }
 
+// Prevent bot attacks by new registrations timeout
+if (APPLICATION_USER_REGISTRATION_TIMEOUT) {
+
+  if ($lastUser = $_modelUser->getLastUser()) {
+
+    if ($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT > time()) {
+
+        $nextUserRegistrationTime = Format::time($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT, false);
+
+        require(PROJECT_DIR . '/application/view/register_timeout.phtml');
+        exit;
+    }
+  }
+}
+
 // Process form request
 if (isset($_POST) && $_POST) {
 
diff --git a/src/application/model/user.php b/src/application/model/user.php
index eeb8cda..74f2467 100644
--- a/src/application/model/user.php
+++ b/src/application/model/user.php
@@ -17,6 +17,24 @@ class ModelUser extends Model {
     }
   }
 
+  public function getLastUser() {
+
+    try {
+
+      $query = $this->_db->query("SELECT * FROM `user`
+                                           JOIN `block` ON (`user`.`blockId` = `block`.`blockId`)
+                                           ORDER BY `userId` DESC
+                                           LIMIT 1");
+
+      return $query->rowCount() ? $query->fetch() : [];
+
+    } catch (PDOException $e) {
+
+      trigger_error($e->getMessage());
+      return false;
+    }
+  }
+
   public function userNameExists(string $userName) {
 
     try {
diff --git a/src/application/view/register_timeout.phtml b/src/application/view/register_timeout.phtml
new file mode 100644
index 0000000..3df3820
--- /dev/null
+++ b/src/application/view/register_timeout.phtml
@@ -0,0 +1,13 @@
+<?php include(PROJECT_DIR . '/application/controller/common/header/guest.php') ?>
+<div class="mw-1024 mx-auto of-hidden">
+  <div class="mw-360 mx-auto my-100 bg-c-4 b-r-3 py-28 px-24">
+    <h1 class="f-size-20 f-normal mb-20"><?php echo _('Register') ?></h1>
+    <div class="mb-22">
+      <?php echo sprintf(_('New user can be registered %s.'), $nextUserRegistrationTime) ?>
+    </div>
+    <div class="mt-4">
+      <a class="btn btn-1 d-inline-block" href="login"><?php echo _('Login') ?></a>
+    </div>
+  </div>
+</div>
+<?php include(PROJECT_DIR . '/application/controller/common/footer/guest.php') ?>
\ No newline at end of file
diff --git a/src/config-default.php b/src/config-default.php
index 32515e9..96af268 100644
--- a/src/config-default.php
+++ b/src/config-default.php
@@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true);
 define('APPLICATION_FOLLOW_ON_REGISTRATION', []);
 
 define('APPLICATION_MAX_POST_SPLIT', 5);
-define('APPLICATION_MAX_POST_FEED', 50);
\ No newline at end of file
+define('APPLICATION_MAX_POST_FEED', 50);
+
+define('APPLICATION_USER_REGISTRATION_TIMEOUT', 86400);
\ No newline at end of file