From 878067101f09b20014fab4c7f1265656528575d8 Mon Sep 17 00:00:00 2001 From: Friendika Date: Mon, 20 Dec 2010 00:27:00 -0800 Subject: [PATCH] block connection/friend request spam --- boot.php | 2 +- database.sql | 1 + mod/dfrn_request.php | 29 +++++++++++++++++++++++------ mod/settings.php | 6 +++++- update.php | 4 ++++ view/en/settings.tpl | 12 ++++++++++++ view/theme/default/style.css | 8 +++++++- 7 files changed, 53 insertions(+), 9 deletions(-) diff --git a/boot.php b/boot.php index 329165ef8..9f6f88d68 100644 --- a/boot.php +++ b/boot.php @@ -2,7 +2,7 @@ set_time_limit(0); -define ( 'BUILD_ID', 1025 ); +define ( 'BUILD_ID', 1026 ); define ( 'DFRN_PROTOCOL_VERSION', '2.0' ); define ( 'EOL', "
\r\n" ); diff --git a/database.sql b/database.sql index 30edf4189..10bb417ac 100644 --- a/database.sql +++ b/database.sql @@ -372,6 +372,7 @@ CREATE TABLE IF NOT EXISTS `user` ( `notify-flags` int(11) unsigned NOT NULL DEFAULT '65535', `page-flags` int(11) unsigned NOT NULL DEFAULT '0', `pwdreset` char(255) NOT NULL, + `maxreq` int(11) NOT NULL DEFAULT '10', `allow_cid` mediumtext NOT NULL, `allow_gid` mediumtext NOT NULL, `deny_cid` mediumtext NOT NULL, diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 9c8064db5..6cefdd28e 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -217,17 +217,34 @@ function dfrn_request_post(&$a) { return; } - $nickname = $a->profile['nickname']; - $notify_flags = $a->profile['notify-flags']; - $uid = $a->profile['uid']; - + $nickname = $a->profile['nickname']; + $notify_flags = $a->profile['notify-flags']; + $uid = $a->profile['uid']; + $maxreq = intval($a->profile['maxreq']); $contact_record = null; - $failed = false; - $parms = null; + $failed = false; + $parms = null; if( x($_POST,'dfrn_url')) { + /** + * Block friend request spam + */ + + if($maxreq) { + $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d", + dbesc(datetime_convert('UTC','UTC','now - 24 hours')), + intval($uid) + ); + if(count($r) > $maxreq) { + notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL); + notice( t('Spam protection measures have been invoked.') . EOL); + notice( t('Friends are advised to please try again in 24 hours.') . EOL); + return; + } + } + $url = trim($_POST['dfrn_url']); if(! strlen($url)) { notice( t("Invalid locator") . EOL ); diff --git a/mod/settings.php b/mod/settings.php index a8e02ea40..b86ff4c1c 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -53,6 +53,7 @@ function settings_post(&$a) { $timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : ''); $defloc = ((x($_POST,'defloc')) ? notags(trim($_POST['defloc'])) : ''); $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); + $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $allow_location = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0); $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); @@ -105,7 +106,7 @@ function settings_post(&$a) { $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), @@ -119,6 +120,7 @@ function settings_post(&$a) { dbesc($defloc), intval($allow_location), dbesc($theme), + intval($maxreq), intval(local_user()) ); if($r) @@ -179,6 +181,7 @@ function settings_content(&$a) { $notify = $a->user['notify-flags']; $defloc = $a->user['default-location']; $openid = $a->user['openid']; + $maxreq = $a->user['maxreq']; if(! strlen($a->user['timezone'])) $timezone = date_default_timezone_get(); @@ -290,6 +293,7 @@ function settings_content(&$a) { '$sel_notify3' => (($notify & NOTIFY_WALL) ? ' checked="checked" ' : ''), '$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''), '$sel_notify5' => (($notify & NOTIFY_MAIL) ? ' checked="checked" ' : ''), + '$maxreq' => $maxreq, '$theme' => $theme_selector, '$pagetype' => $pagetype )); diff --git a/update.php b/update.php index 382c83e5a..5b4d99603 100644 --- a/update.php +++ b/update.php @@ -247,3 +247,7 @@ function update_1024() { q("ALTER TABLE `profile` ADD `keywords` TEXT NOT NULL AFTER `religion` "); } +function update_1025() { + q("ALTER TABLE `user` ADD `maxreq` int(11) NOT NULL DEFAULT '10' AFTER `pwdreset` "); +} + diff --git a/view/en/settings.tpl b/view/en/settings.tpl index 095dd70a4..a02e8ec08 100644 --- a/view/en/settings.tpl +++ b/view/en/settings.tpl @@ -59,10 +59,22 @@ $theme +
+ + +
(to prevent spam abuse)
+
+
+ + + + $profile_in_dir $profile_in_net_dir + +
diff --git a/view/theme/default/style.css b/view/theme/default/style.css index 627915e64..8ad6ee593 100644 --- a/view/theme/default/style.css +++ b/view/theme/default/style.css @@ -496,6 +496,7 @@ input#dfrn-url { #settings-password-end, #settings-confirm-end, #settings-openid-end, +#settings-maxreq-end, #notify1-end, #notify2-end, #notify3-end, @@ -515,6 +516,7 @@ input#dfrn-url { #settings-password-label, #settings-confirm-label, #settings-openid-label, +#settings-maxreq-label, #settings-label-notify1, #settings-label-notify2, #settings-label-notify3, @@ -533,6 +535,7 @@ input#dfrn-url { #theme-select, #settings-password, #settings-confirm, +#settings-maxreq, #notify1, #notify2, #notify3, @@ -548,7 +551,10 @@ input#dfrn-url { width: 127px; } - +#settings-maxreq-desc { + float: left; + margin-left: 20px; +} #settings-theme-label, #settings-defloc-label {