Browse Source

add registration timeout to prevent bot attacks

main
ghost 3 years ago
parent
commit
b37353ff30
  1. 15
      src/application/controller/register.php
  2. 18
      src/application/model/user.php
  3. 13
      src/application/view/register_timeout.phtml
  4. 4
      src/config-default.php

15
src/application/controller/register.php

@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) {
exit; exit;
} }
// Prevent bot attacks by new registrations timeout
if (APPLICATION_USER_REGISTRATION_TIMEOUT) {
if ($lastUser = $_modelUser->getLastUser()) {
if ($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT > time()) {
$nextUserRegistrationTime = Format::time($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT, false);
require(PROJECT_DIR . '/application/view/register_timeout.phtml');
exit;
}
}
}
// Process form request // Process form request
if (isset($_POST) && $_POST) { if (isset($_POST) && $_POST) {

18
src/application/model/user.php

@ -17,6 +17,24 @@ class ModelUser extends Model {
} }
} }
public function getLastUser() {
try {
$query = $this->_db->query("SELECT * FROM `user`
JOIN `block` ON (`user`.`blockId` = `block`.`blockId`)
ORDER BY `userId` DESC
LIMIT 1");
return $query->rowCount() ? $query->fetch() : [];
} catch (PDOException $e) {
trigger_error($e->getMessage());
return false;
}
}
public function userNameExists(string $userName) { public function userNameExists(string $userName) {
try { try {

13
src/application/view/register_timeout.phtml

@ -0,0 +1,13 @@
<?php include(PROJECT_DIR . '/application/controller/common/header/guest.php') ?>
<div class="mw-1024 mx-auto of-hidden">
<div class="mw-360 mx-auto my-100 bg-c-4 b-r-3 py-28 px-24">
<h1 class="f-size-20 f-normal mb-20"><?php echo _('Register') ?></h1>
<div class="mb-22">
<?php echo sprintf(_('New user can be registered %s.'), $nextUserRegistrationTime) ?>
</div>
<div class="mt-4">
<a class="btn btn-1 d-inline-block" href="login"><?php echo _('Login') ?></a>
</div>
</div>
</div>
<?php include(PROJECT_DIR . '/application/controller/common/footer/guest.php') ?>

4
src/config-default.php

@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true);
define('APPLICATION_FOLLOW_ON_REGISTRATION', []); define('APPLICATION_FOLLOW_ON_REGISTRATION', []);
define('APPLICATION_MAX_POST_SPLIT', 5); define('APPLICATION_MAX_POST_SPLIT', 5);
define('APPLICATION_MAX_POST_FEED', 50); define('APPLICATION_MAX_POST_FEED', 50);
define('APPLICATION_USER_REGISTRATION_TIMEOUT', 86400);
Loading…
Cancel
Save