From cb91942595e796c6a10299d6547767954b923fb5 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 19 Mar 2013 20:17:59 -0400 Subject: Implement IP banning for user registration and user login Adds a new is_ipbanned() function to determine whether the user attempting to login or register for an account has their IP address listed in the "Bans" table. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 21cc6c2..aa4c70b 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -93,6 +93,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # error check and process request for a new/modified account global $SUPPORTED_LANGS, $AUR_LOCATION; + $error = ''; + + if (is_ipbanned()) { + $error = __('Account registration has been disabled ' . + 'for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience.'); + } + $dbh = DB::connect(); if(isset($_COOKIE['AURSID'])) { @@ -102,7 +111,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $editor_user = null; } - $error = ""; if (empty($E) || empty($U)) { $error = __("Missing a required field."); } @@ -400,6 +408,13 @@ function try_login() { $userID = null; if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { + if (is_ipbanned()) { + $login_error = __('The login form is currently disabled ' . + 'for your IP address, probably due ' . + 'to sustained spam attacks. Sorry for the ' . + 'inconvenience.'); + return array('SID' => '', 'error' => $login_error); + } $dbh = DB::connect(); $userID = valid_user($_REQUEST['user']); @@ -479,6 +494,24 @@ function try_login() { return array('SID' => $new_sid, 'error' => $login_error); } +/** + * Determine if the user is using a banned IP address + * + * @return bool True if IP address is banned, otherwise false + */ +function is_ipbanned() { + $dbh = DB::connect(); + + $q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])); + $result = $dbh->query($q); + + if ($result->fetchColumn()) { + return true; + } else { + return false; + } +} + /** * Validate a username against a collection of rules * -- cgit v1.2.3-70-g09d2