[aur-dev] [PATCH 2/2] Implement IP banning for user registration and user login

Tue, 19 Mar 2013 17:18:41 -0700 

Adds a new is_ipbanned() function to determine whether the user
attempting to login or register for an account has their IP
address listed in the "Bans" table.

Signed-off-by: canyonknight <[email protected]>
---
 web/lib/acctfuncs.inc.php | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 21cc6c2..aa4c70b 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -93,6 +93,15 @@ function 
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
        # error check and process request for a new/modified account
        global $SUPPORTED_LANGS, $AUR_LOCATION;
 
+       $error = '';
+
+       if (is_ipbanned()) {
+               $error = __('Account registration has been disabled ' .
+                                       'for your IP address, probably due ' .
+                                       'to sustained spam attacks. Sorry for 
the ' .
+                                       'inconvenience.');
+       }
+
        $dbh = DB::connect();
 
        if(isset($_COOKIE['AURSID'])) {
@@ -102,7 +111,6 @@ function 
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
                $editor_user = null;
        }
 
-       $error = "";
        if (empty($E) || empty($U)) {
                $error = __("Missing a required field.");
        }
@@ -400,6 +408,13 @@ function try_login() {
        $userID = null;
 
        if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) {
+               if (is_ipbanned()) {
+                       $login_error = __('The login form is currently disabled 
' .
+                                                       'for your IP address, 
probably due ' .
+                                                       'to sustained spam 
attacks. Sorry for the ' .
+                                                       'inconvenience.');
+                       return array('SID' => '', 'error' => $login_error);
+               }
                $dbh = DB::connect();
                $userID = valid_user($_REQUEST['user']);
 
@@ -480,6 +495,24 @@ function try_login() {
 }
 
 /**
+ * Determine if the user is using a banned IP address
+ *
+ * @return bool True if IP address is banned, otherwise false
+ */
+function is_ipbanned() {
+       $dbh = DB::connect();
+
+       $q = "SELECT * FROM Bans WHERE IPAddress = " . 
$dbh->quote(ip2long($_SERVER['REMOTE_ADDR']));
+       $result = $dbh->query($q);
+
+       if ($result->fetchColumn()) {
+               return true;
+       } else {
+               return false;
+       }
+}
+
+/**
  * Validate a username against a collection of rules
  *
  * The username must be longer or equal to USERNAME_MIN_LEN. It must be shorter
-- 
1.8.2

Reply via email to