summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2013-03-19 20:17:59 -0400
committerLukas Fleischer <archlinux@cryptocrack.de>2013-03-24 22:12:17 +0100
commitcb91942595e796c6a10299d6547767954b923fb5 (patch)
tree4f510f4e1c5abf1bdc0f3c38abcb2930eac93827
parentde2392fed016f80d4c0e10328c204f1e94ef54dd (diff)
downloadaurweb-cb91942595e796c6a10299d6547767954b923fb5.tar.xz
Implement IP banning for user registration and user login
Adds a new is_ipbanned() function to determine whether the user attempting to login or register for an account has their IP address listed in the "Bans" table. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/lib/acctfuncs.inc.php35
1 files changed, 34 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 21cc6c2..aa4c70b 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -93,6 +93,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# error check and process request for a new/modified account
global $SUPPORTED_LANGS, $AUR_LOCATION;
+ $error = '';
+
+ if (is_ipbanned()) {
+ $error = __('Account registration has been disabled ' .
+ 'for your IP address, probably due ' .
+ 'to sustained spam attacks. Sorry for the ' .
+ 'inconvenience.');
+ }
+
$dbh = DB::connect();
if(isset($_COOKIE['AURSID'])) {
@@ -102,7 +111,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$editor_user = null;
}
- $error = "";
if (empty($E) || empty($U)) {
$error = __("Missing a required field.");
}
@@ -400,6 +408,13 @@ function try_login() {
$userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
+ if (is_ipbanned()) {
+ $login_error = __('The login form is currently disabled ' .
+ 'for your IP address, probably due ' .
+ 'to sustained spam attacks. Sorry for the ' .
+ 'inconvenience.');
+ return array('SID' => '', 'error' => $login_error);
+ }
$dbh = DB::connect();
$userID = valid_user($_REQUEST['user']);
@@ -480,6 +495,24 @@ function try_login() {
}
/**
+ * Determine if the user is using a banned IP address
+ *
+ * @return bool True if IP address is banned, otherwise false
+ */
+function is_ipbanned() {
+ $dbh = DB::connect();
+
+ $q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR']));
+ $result = $dbh->query($q);
+
+ if ($result->fetchColumn()) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+/**
* Validate a username against a collection of rules
*
* The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter