external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implement IP banning for user registration and user login

Browse source 
Adds a new is_ipbanned() function to determine whether the user
attempting to login or register for an account has their IP
address listed in the "Bans" table.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2013-03-19 20:17:59 -04:00 committed by Lukas Fleischer
parent de2392fed0
commit cb91942595
1 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
web/lib/acctfuncs.inc.php
View file

@ -93,6 +93,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# error check and process request for a new/modified account # error check and process request for a new/modified account
global $SUPPORTED_LANGS, $AUR_LOCATION; global $SUPPORTED_LANGS, $AUR_LOCATION;
$error = '';
if (is_ipbanned()) {
$error = __('Account registration has been disabled ' .
'for your IP address, probably due ' .
'to sustained spam attacks. Sorry for the ' .
'inconvenience.');
}
$dbh = DB::connect(); $dbh = DB::connect();
if(isset($_COOKIE['AURSID'])) { if(isset($_COOKIE['AURSID'])) {
@ -102,7 +111,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$editor_user = null; $editor_user = null;
} }
$error = "";
if (empty($E) || empty($U)) { if (empty($E) || empty($U)) {
$error = __("Missing a required field."); $error = __("Missing a required field.");
} }
@ -400,6 +408,13 @@ function try_login() {
$userID = null; $userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
if (is_ipbanned()) {
$login_error = __('The login form is currently disabled ' .
'for your IP address, probably due ' .
'to sustained spam attacks. Sorry for the ' .
'inconvenience.');
return array('SID' => '', 'error' => $login_error);
}
$dbh = DB::connect(); $dbh = DB::connect();
$userID = valid_user($_REQUEST['user']); $userID = valid_user($_REQUEST['user']);
@ -479,6 +494,24 @@ function try_login() {
return array('SID' => $new_sid, 'error' => $login_error); return array('SID' => $new_sid, 'error' => $login_error);
} }
/**
* Determine if the user is using a banned IP address
*
* @return bool True if IP address is banned, otherwise false
*/
function is_ipbanned() {
$dbh = DB::connect();
$q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR']));
$result = $dbh->query($q);
if ($result->fetchColumn()) {
return true;
} else {
return false;
}
}
/** /**
* Validate a username against a collection of rules * Validate a username against a collection of rules
* *