// | https://www.anuko.com/time_tracker/credits.htm
// +----------------------------------------------------------------------+
+import('ttUserHelper');
+import('ttRoleHelper');
+
// ttRegistrator class is used to register a user in Time Tracker.
class ttRegistrator {
var $user_name = null; // User name.
$this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
if (!ttValidEmail($this->email, true))
$this->err->add($i18n->get('error.field'), $i18n->get('label.email'));
+ if (!ttUserHelper::canAdd())
+ $this->err->add($i18n->get('error.user_count'));
}
// The register function registers a user in Time Tracker.
return false;
}
- import('ttRoleHelper');
if (!ttRoleHelper::createPredefinedRoles($this->group_id, $this->lang)) {
$err->add($i18n->get('error.db'));
return false;
$this->user_id = $this->createUser();
if (!$this->user_id) {
- $err->add($i18n->get('error.db'));
+ $this->err->add($i18n->get('error.db'));
return false;
}
function createGroup() {
$mdb2 = getConnection();
+ $group_key = $mdb2->quote(ttRandomString());
$name = $mdb2->quote($this->group_name);
$currency = $mdb2->quote($this->currency);
$lang = $mdb2->quote($this->lang);
+ $plugins = $mdb2->quote(defined('DEFAULT_PLUGINS') ? DEFAULT_PLUGINS : null);
$created = 'now()';
$created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']);
- $sql = "insert into tt_groups (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)";
+ $sql = "insert into tt_groups (group_key, name, currency, lang, plugins, created, created_ip)".
+ " values($group_key, $name, $currency, $lang, $plugins, $created, $created_ip)";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
return true;
}
- // registeredRecently determines if we already have a successful recent registration from user IP.
- // "recent" means "within the last minute" and is set in a query by the following condition:
- // "and created > now() - interval 1 minute". Change if necessary.
+ // registeredRecently determines if we already have successful recent registration(s) from user IP.
+ // "recent" means the following:
+ // - 2 or more registrations during last 10 minutes, or
+ // - 1 registration during last minute.
+ //
+ // This offers some level of protection from bot registrations.
function registeredRecently() {
$mdb2 = getConnection();
$ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']);
+ $sql = 'select count(*) as cnt from tt_groups where '.$ip_part.' and created > now() - interval 10 minute';
+ $res = $mdb2->query($sql);
+ if (is_a($res, 'PEAR_Error'))
+ return false;
+ $val = $res->fetchRow();
+ if ($val['cnt'] == 0)
+ return false; // No registrations in last 10 minutes.
+ if ($val['cnt'] >= 2)
+ return true; // 2 or more registrations in last 10 mintes.
+
+ // If we are here, there was exactly one registration during last 10 minutes.
+ // Determine if it occurred within the last minute in a separate query.
$sql = 'select created from tt_groups where '.$ip_part.' and created > now() - interval 1 minute';
$res = $mdb2->query($sql);
if (is_a($res, 'PEAR_Error'))
projects / timetracker.git / blobdiff