This allows for specifying a list of IP addresses that will no longer be
able to register new accounts and login. The list of banned IP addresses
can be configured in "web/lib/config.inc.php".
Signed-off-by: Lukas Fleischer <archli...@cryptocrack.de>
---
web/lib/acctfuncs.inc.php | 24 +++++++++++++++++++++---
web/lib/config.inc.php.proto | 3 +++
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index aabb096..c202f47 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -91,7 +91,17 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# error check and process request for a new/modified account
- global $SUPPORTED_LANGS, $AUR_LOCATION;
+ global $SUPPORTED_LANGS, $AUR_LOCATION, $BANNED_IPS;
+
+ $error = "";
+
+ if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) {
+ $error = __('The login form is currently ' .
+ 'disabled for your IP address, probably due ' .
+ 'to sustained spam attacks. Sorry for the ' .
+ 'inconvenience -- we hope to be back up ' .
+ 'soon.');
+ }
$dbh = DB::connect();
@@ -102,7 +112,6 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$editor_user = null;
}
- $error = "";
if (empty($E) || empty($U)) {
$error = __("Missing a required field.");
}
@@ -393,13 +402,22 @@ function
search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
* @return array Session ID for user, error message if applicable
*/
function try_login() {
- global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT;
+ global $MAX_SESSIONS_PER_USER, $PERSISTENT_COOKIE_TIMEOUT, $BANNED_IPS;
$login_error = "";
$new_sid = "";
$userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
+ if (in_array($_SERVER['REMOTE_ADDR'], $BANNED_IPS)) {
+ $login_error = __('The login form is currently ' .
+ 'disabled for your IP address, probably due ' .
+ 'to sustained spam attacks. Sorry for the ' .
+ 'inconvenience -- we hope to be back up ' .
+ 'soon.');
+ return array('SID' => '', 'error' => $login_error);
+ }
+
$dbh = DB::connect();
$userID = valid_user($_REQUEST['user']);
diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
index 1fe7dbc..0422ac5 100644
--- a/web/lib/config.inc.php.proto
+++ b/web/lib/config.inc.php.proto
@@ -59,3 +59,6 @@ $USE_VIRTUAL_URLS = true;
# Maximum number of package results to return through an RPC connection.
# Avoid setting this too high and having a PHP too much memory error.
$MAX_RPC_RESULTS = 5000;
+
+# Prevent a list of remote addresses from logging in and creating new accounts.
+$BANNED_IPS = array();
--
1.8.2.480.g556678c
