diff options
| author | canyonknight <canyonknight@gmail.com> | 2013-03-19 20:17:59 -0400 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-03-24 22:12:17 +0100 |
| commit | cb91942595e796c6a10299d6547767954b923fb5 (patch) | |
| tree | 4f510f4e1c5abf1bdc0f3c38abcb2930eac93827 /web/lib/acctfuncs.inc.php | |
| parent | de2392fed016f80d4c0e10328c204f1e94ef54dd (diff) | |
| download | aurweb-cb91942595e796c6a10299d6547767954b923fb5.tar.xz | |
Implement IP banning for user registration and user login
Adds a new is_ipbanned() function to determine whether the user
attempting to login or register for an account has their IP
address listed in the "Bans" table.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
| -rw-r--r-- | web/lib/acctfuncs.inc.php | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 21cc6c2..aa4c70b 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -93,6 +93,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # error check and process request for a new/modified account global $SUPPORTED_LANGS, $AUR_LOCATION; + $error = ''; + + if (is_ipbanned()) { + $error = __('Account registration has been disabled ' . + 'for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience.'); + } + $dbh = DB::connect(); if(isset($_COOKIE['AURSID'])) { @@ -102,7 +111,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $editor_user = null; } - $error = ""; if (empty($E) || empty($U)) { $error = __("Missing a required field."); } @@ -400,6 +408,13 @@ function try_login() { $userID = null; if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { + if (is_ipbanned()) { + $login_error = __('The login form is currently disabled ' . + 'for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience.'); + return array('SID' => '', 'error' => $login_error); + } $dbh = DB::connect(); $userID = valid_user($_REQUEST['user']); @@ -480,6 +495,24 @@ function try_login() { } /** + * Determine if the user is using a banned IP address + * + * @return bool True if IP address is banned, otherwise false + */ +function is_ipbanned() { + $dbh = DB::connect(); + + $q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])); + $result = $dbh->query($q); + + if ($result->fetchColumn()) { + return true; + } else { + return false; + } +} + +/** * Validate a username against a collection of rules * * The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter |