add form security to invite page and set maximum per user invites

This commit is contained in:
friendica 2013-01-25 13:48:57 -08:00
parent f542653230
commit 04b48688b6
5 changed files with 118 additions and 93 deletions

View file

@ -12,7 +12,7 @@ require_once('library/Mobile_Detect/Mobile_Detect.php');
require_once('include/features.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '3.1.1597' );
define ( 'FRIENDICA_VERSION', '3.1.1599' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1158 );

View file

@ -16,6 +16,18 @@ function invite_post(&$a) {
return;
}
check_form_security_token_redirectOnErr('/', 'send_invite');
$max_invites = intval(get_config('system','max_invites'));
if(! $max_invites)
$max_invites = 50;
$current_invites = intval(get_pconfig(local_user(),'system','sent_invites'));
if($current_invites > $max_invites) {
notice( t('Total invitation limit exceeded.') . EOL);
return;
};
$recips = ((x($_POST,'recipients')) ? explode("\n",$_POST['recipients']) : array());
$message = ((x($_POST,'message')) ? notags(trim($_POST['message'])) : '');
@ -66,6 +78,12 @@ function invite_post(&$a) {
if($res) {
$total ++;
$current_invites ++;
set_pconfig(local_user(),'system','sent_invites',$current_invites);
if($current_invites > $max_invites) {
notice( t('Invitation limit exceeded. Please contact your site administrator.') . EOL);
return;
}
}
else {
notice( sprintf( t('%s : Message delivery failed.'), $recip) . EOL);
@ -110,6 +128,7 @@ function invite_content(&$a) {
}
$o = replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("send_invite"),
'$invite' => t('Send invitations'),
'$addr_text' => t('Enter email addresses, one per line:'),
'$msg_text' => t('Your message:'),

View file

@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: 3.1.1597\n"
"Project-Id-Version: 3.1.1599\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2013-01-23 10:00-0800\n"
"POT-Creation-Date: 2013-01-25 10:00-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -368,7 +368,7 @@ msgstr ""
#: ../../mod/dfrn_request.php:848 ../../mod/settings.php:561
#: ../../mod/settings.php:587 ../../mod/fbrowser.php:81
#: ../../mod/fbrowser.php:116 ../../addon/js_upload/js_upload.php:45
#: ../../include/conversation.php:1040
#: ../../include/conversation.php:1042
#: ../../addon.old/js_upload/js_upload.php:45
msgid "Cancel"
msgstr ""
@ -642,7 +642,7 @@ msgstr ""
msgid "I don't like this (toggle)"
msgstr ""
#: ../../mod/photos.php:1422 ../../include/conversation.php:1000
#: ../../mod/photos.php:1422 ../../include/conversation.php:1002
msgid "Share"
msgstr ""
@ -650,7 +650,7 @@ msgstr ""
#: ../../mod/content.php:499 ../../mod/content.php:883
#: ../../mod/wallmessage.php:152 ../../mod/message.php:300
#: ../../mod/message.php:528 ../../include/conversation.php:645
#: ../../include/conversation.php:1019 ../../object/Item.php:293
#: ../../include/conversation.php:1021 ../../object/Item.php:293
msgid "Please wait"
msgstr ""
@ -668,7 +668,7 @@ msgstr ""
#: ../../mod/photos.php:1443 ../../mod/photos.php:1487
#: ../../mod/photos.php:1570 ../../mod/editpost.php:142
#: ../../mod/content.php:719 ../../include/conversation.php:1037
#: ../../mod/content.php:719 ../../include/conversation.php:1039
#: ../../object/Item.php:613
msgid "Preview"
msgstr ""
@ -742,7 +742,7 @@ msgstr ""
msgid "Edit post"
msgstr ""
#: ../../mod/editpost.php:91 ../../include/conversation.php:986
#: ../../mod/editpost.php:91 ../../include/conversation.php:988
msgid "Post to Email"
msgstr ""
@ -753,85 +753,85 @@ msgstr ""
#: ../../mod/editpost.php:107 ../../mod/wallmessage.php:150
#: ../../mod/message.php:298 ../../mod/message.php:525
#: ../../include/conversation.php:1001
#: ../../include/conversation.php:1003
msgid "Upload photo"
msgstr ""
#: ../../mod/editpost.php:108 ../../include/conversation.php:1002
#: ../../mod/editpost.php:108 ../../include/conversation.php:1004
msgid "upload photo"
msgstr ""
#: ../../mod/editpost.php:109 ../../include/conversation.php:1003
#: ../../mod/editpost.php:109 ../../include/conversation.php:1005
msgid "Attach file"
msgstr ""
#: ../../mod/editpost.php:110 ../../include/conversation.php:1004
#: ../../mod/editpost.php:110 ../../include/conversation.php:1006
msgid "attach file"
msgstr ""
#: ../../mod/editpost.php:111 ../../mod/wallmessage.php:151
#: ../../mod/message.php:299 ../../mod/message.php:526
#: ../../include/conversation.php:1005
#: ../../include/conversation.php:1007
msgid "Insert web link"
msgstr ""
#: ../../mod/editpost.php:112 ../../include/conversation.php:1006
#: ../../mod/editpost.php:112 ../../include/conversation.php:1008
msgid "web link"
msgstr ""
#: ../../mod/editpost.php:113 ../../include/conversation.php:1007
#: ../../mod/editpost.php:113 ../../include/conversation.php:1009
msgid "Insert video link"
msgstr ""
#: ../../mod/editpost.php:114 ../../include/conversation.php:1008
#: ../../mod/editpost.php:114 ../../include/conversation.php:1010
msgid "video link"
msgstr ""
#: ../../mod/editpost.php:115 ../../include/conversation.php:1009
#: ../../mod/editpost.php:115 ../../include/conversation.php:1011
msgid "Insert audio link"
msgstr ""
#: ../../mod/editpost.php:116 ../../include/conversation.php:1010
#: ../../mod/editpost.php:116 ../../include/conversation.php:1012
msgid "audio link"
msgstr ""
#: ../../mod/editpost.php:117 ../../include/conversation.php:1011
#: ../../mod/editpost.php:117 ../../include/conversation.php:1013
msgid "Set your location"
msgstr ""
#: ../../mod/editpost.php:118 ../../include/conversation.php:1012
#: ../../mod/editpost.php:118 ../../include/conversation.php:1014
msgid "set location"
msgstr ""
#: ../../mod/editpost.php:119 ../../include/conversation.php:1013
#: ../../mod/editpost.php:119 ../../include/conversation.php:1015
msgid "Clear browser location"
msgstr ""
#: ../../mod/editpost.php:120 ../../include/conversation.php:1014
#: ../../mod/editpost.php:120 ../../include/conversation.php:1016
msgid "clear location"
msgstr ""
#: ../../mod/editpost.php:122 ../../include/conversation.php:1020
#: ../../mod/editpost.php:122 ../../include/conversation.php:1022
msgid "Permission settings"
msgstr ""
#: ../../mod/editpost.php:130 ../../include/conversation.php:1029
#: ../../mod/editpost.php:130 ../../include/conversation.php:1031
msgid "CC: email addresses"
msgstr ""
#: ../../mod/editpost.php:131 ../../include/conversation.php:1030
#: ../../mod/editpost.php:131 ../../include/conversation.php:1032
msgid "Public post"
msgstr ""
#: ../../mod/editpost.php:134 ../../include/conversation.php:1016
#: ../../mod/editpost.php:134 ../../include/conversation.php:1018
msgid "Set title"
msgstr ""
#: ../../mod/editpost.php:136 ../../include/conversation.php:1018
#: ../../mod/editpost.php:136 ../../include/conversation.php:1020
msgid "Categories (comma-separated list)"
msgstr ""
#: ../../mod/editpost.php:137 ../../include/conversation.php:1032
#: ../../mod/editpost.php:137 ../../include/conversation.php:1034
msgid "Example: bob@example.com, mary@example.com"
msgstr ""
@ -2877,7 +2877,7 @@ msgstr ""
#: ../../mod/wallmessage.php:123 ../../mod/wallmessage.php:131
#: ../../mod/message.php:249 ../../mod/message.php:257
#: ../../mod/message.php:429 ../../mod/message.php:437
#: ../../include/conversation.php:936 ../../include/conversation.php:954
#: ../../include/conversation.php:938 ../../include/conversation.php:956
msgid "Please enter a link URL:"
msgstr ""
@ -4686,8 +4686,8 @@ msgstr ""
msgid "Edit visibility"
msgstr ""
#: ../../mod/filer.php:30 ../../include/conversation.php:940
#: ../../include/conversation.php:958
#: ../../mod/filer.php:30 ../../include/conversation.php:942
#: ../../include/conversation.php:960
msgid "Save to Folder:"
msgstr ""
@ -9200,145 +9200,145 @@ msgstr ""
msgid "Please visit %s to view and/or reply to your private messages."
msgstr ""
#: ../../include/enotify.php:89
#: ../../include/enotify.php:90
#, php-format
msgid "%1$s commented on [url=%2$s]a %3$s[/url]"
msgstr ""
#: ../../include/enotify.php:96
#: ../../include/enotify.php:97
#, php-format
msgid "%1$s commented on [url=%2$s]%3$s's %4$s[/url]"
msgstr ""
#: ../../include/enotify.php:104
#: ../../include/enotify.php:105
#, php-format
msgid "%1$s commented on [url=%2$s]your %3$s[/url]"
msgstr ""
#: ../../include/enotify.php:114
#: ../../include/enotify.php:115
#, php-format
msgid "[Friendica:Notify] Comment to conversation #%1$d by %2$s"
msgstr ""
#: ../../include/enotify.php:115
#: ../../include/enotify.php:116
#, php-format
msgid "%s commented on an item/conversation you have been following."
msgstr ""
#: ../../include/enotify.php:118 ../../include/enotify.php:133
#: ../../include/enotify.php:146 ../../include/enotify.php:164
#: ../../include/enotify.php:177
#: ../../include/enotify.php:119 ../../include/enotify.php:134
#: ../../include/enotify.php:147 ../../include/enotify.php:165
#: ../../include/enotify.php:178
#, php-format
msgid "Please visit %s to view and/or reply to the conversation."
msgstr ""
#: ../../include/enotify.php:125
#: ../../include/enotify.php:126
#, php-format
msgid "[Friendica:Notify] %s posted to your profile wall"
msgstr ""
#: ../../include/enotify.php:127
#: ../../include/enotify.php:128
#, php-format
msgid "%1$s posted to your profile wall at %2$s"
msgstr ""
#: ../../include/enotify.php:129
#: ../../include/enotify.php:130
#, php-format
msgid "%1$s posted to [url=%2$s]your wall[/url]"
msgstr ""
#: ../../include/enotify.php:140
#: ../../include/enotify.php:141
#, php-format
msgid "[Friendica:Notify] %s tagged you"
msgstr ""
#: ../../include/enotify.php:141
#: ../../include/enotify.php:142
#, php-format
msgid "%1$s tagged you at %2$s"
msgstr ""
#: ../../include/enotify.php:142
#: ../../include/enotify.php:143
#, php-format
msgid "%1$s [url=%2$s]tagged you[/url]."
msgstr ""
#: ../../include/enotify.php:154
#: ../../include/enotify.php:155
#, php-format
msgid "[Friendica:Notify] %1$s poked you"
msgstr ""
#: ../../include/enotify.php:155
#: ../../include/enotify.php:156
#, php-format
msgid "%1$s poked you at %2$s"
msgstr ""
#: ../../include/enotify.php:156
#: ../../include/enotify.php:157
#, php-format
msgid "%1$s [url=%2$s]poked you[/url]."
msgstr ""
#: ../../include/enotify.php:171
#: ../../include/enotify.php:172
#, php-format
msgid "[Friendica:Notify] %s tagged your post"
msgstr ""
#: ../../include/enotify.php:172
#: ../../include/enotify.php:173
#, php-format
msgid "%1$s tagged your post at %2$s"
msgstr ""
#: ../../include/enotify.php:173
#: ../../include/enotify.php:174
#, php-format
msgid "%1$s tagged [url=%2$s]your post[/url]"
msgstr ""
#: ../../include/enotify.php:184
msgid "[Friendica:Notify] Introduction received"
msgstr ""
#: ../../include/enotify.php:185
#, php-format
msgid "You've received an introduction from '%1$s' at %2$s"
msgid "[Friendica:Notify] Introduction received"
msgstr ""
#: ../../include/enotify.php:186
#, php-format
msgid "You've received an introduction from '%1$s' at %2$s"
msgstr ""
#: ../../include/enotify.php:187
#, php-format
msgid "You've received [url=%1$s]an introduction[/url] from %2$s."
msgstr ""
#: ../../include/enotify.php:189 ../../include/enotify.php:207
#: ../../include/enotify.php:190 ../../include/enotify.php:208
#, php-format
msgid "You may visit their profile at %s"
msgstr ""
#: ../../include/enotify.php:191
#: ../../include/enotify.php:192
#, php-format
msgid "Please visit %s to approve or reject the introduction."
msgstr ""
#: ../../include/enotify.php:198
msgid "[Friendica:Notify] Friend suggestion received"
msgstr ""
#: ../../include/enotify.php:199
#, php-format
msgid "You've received a friend suggestion from '%1$s' at %2$s"
msgid "[Friendica:Notify] Friend suggestion received"
msgstr ""
#: ../../include/enotify.php:200
#, php-format
msgid "You've received a friend suggestion from '%1$s' at %2$s"
msgstr ""
#: ../../include/enotify.php:201
#, php-format
msgid "You've received [url=%1$s]a friend suggestion[/url] for %2$s from %3$s."
msgstr ""
#: ../../include/enotify.php:205
#: ../../include/enotify.php:206
msgid "Name:"
msgstr ""
#: ../../include/enotify.php:206
#: ../../include/enotify.php:207
msgid "Photo:"
msgstr ""
#: ../../include/enotify.php:209
#: ../../include/enotify.php:210
#, php-format
msgid "Please visit %s to approve or reject the suggestion."
msgstr ""
@ -9500,34 +9500,34 @@ msgstr ""
msgid "stopped following"
msgstr ""
#: ../../include/Contact.php:225 ../../include/conversation.php:816
#: ../../include/Contact.php:225 ../../include/conversation.php:818
msgid "Poke"
msgstr ""
#: ../../include/Contact.php:226 ../../include/conversation.php:810
#: ../../include/Contact.php:226 ../../include/conversation.php:812
msgid "View Status"
msgstr ""
#: ../../include/Contact.php:227 ../../include/conversation.php:811
#: ../../include/Contact.php:227 ../../include/conversation.php:813
msgid "View Profile"
msgstr ""
#: ../../include/Contact.php:228 ../../include/conversation.php:812
#: ../../include/Contact.php:228 ../../include/conversation.php:814
msgid "View Photos"
msgstr ""
#: ../../include/Contact.php:229 ../../include/Contact.php:242
#: ../../include/conversation.php:813
#: ../../include/conversation.php:815
msgid "Network Posts"
msgstr ""
#: ../../include/Contact.php:230 ../../include/Contact.php:242
#: ../../include/conversation.php:814
#: ../../include/conversation.php:816
msgid "Edit Contact"
msgstr ""
#: ../../include/Contact.php:231 ../../include/Contact.php:242
#: ../../include/conversation.php:815
#: ../../include/conversation.php:817
msgid "Send PM"
msgstr ""
@ -9553,82 +9553,82 @@ msgstr ""
msgid "Filed under:"
msgstr ""
#: ../../include/conversation.php:706
#: ../../include/conversation.php:708
msgid "remove"
msgstr ""
#: ../../include/conversation.php:710
#: ../../include/conversation.php:712
msgid "Delete Selected Items"
msgstr ""
#: ../../include/conversation.php:809
#: ../../include/conversation.php:811
msgid "Follow Thread"
msgstr ""
#: ../../include/conversation.php:878
#: ../../include/conversation.php:880
#, php-format
msgid "%s likes this."
msgstr ""
#: ../../include/conversation.php:878
#: ../../include/conversation.php:880
#, php-format
msgid "%s doesn't like this."
msgstr ""
#: ../../include/conversation.php:883
#: ../../include/conversation.php:885
#, php-format
msgid "<span %1$s>%2$d people</span> like this"
msgstr ""
#: ../../include/conversation.php:886
#: ../../include/conversation.php:888
#, php-format
msgid "<span %1$s>%2$d people</span> don't like this"
msgstr ""
#: ../../include/conversation.php:900
#: ../../include/conversation.php:902
msgid "and"
msgstr ""
#: ../../include/conversation.php:906
#: ../../include/conversation.php:908
#, php-format
msgid ", and %d other people"
msgstr ""
#: ../../include/conversation.php:908
#: ../../include/conversation.php:910
#, php-format
msgid "%s like this."
msgstr ""
#: ../../include/conversation.php:908
#: ../../include/conversation.php:910
#, php-format
msgid "%s don't like this."
msgstr ""
#: ../../include/conversation.php:935 ../../include/conversation.php:953
#: ../../include/conversation.php:937 ../../include/conversation.php:955
msgid "Visible to <strong>everybody</strong>"
msgstr ""
#: ../../include/conversation.php:937 ../../include/conversation.php:955
#: ../../include/conversation.php:939 ../../include/conversation.php:957
msgid "Please enter a video link/URL:"
msgstr ""
#: ../../include/conversation.php:938 ../../include/conversation.php:956
#: ../../include/conversation.php:940 ../../include/conversation.php:958
msgid "Please enter an audio link/URL:"
msgstr ""
#: ../../include/conversation.php:939 ../../include/conversation.php:957
#: ../../include/conversation.php:941 ../../include/conversation.php:959
msgid "Tag term:"
msgstr ""
#: ../../include/conversation.php:941 ../../include/conversation.php:959
#: ../../include/conversation.php:943 ../../include/conversation.php:961
msgid "Where are you right now?"
msgstr ""
#: ../../include/conversation.php:942
#: ../../include/conversation.php:944
msgid "Delete item(s)?"
msgstr ""
#: ../../include/conversation.php:1021
#: ../../include/conversation.php:1023
msgid "permissions"
msgstr ""

View file

@ -1,4 +1,7 @@
<form action="invite" method="post" id="invite-form" >
<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="invite-wrapper">
<h3>$invite</h3>

View file

@ -4,6 +4,9 @@
*
*}}
<form action="invite" method="post" id="invite-form" >
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
<div id="invite-wrapper">
<h3>{{$invite}}</h3>