X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2FttRegistrator.class.php;h=6a2142b565fa713c83b12de7e58b6e9dc1fea6eb;hb=167e70e68597a70269edea5c5af9b186c489d57f;hp=7082e6bc2412cec3623873f6d57a0d3b2622bfdd;hpb=75b65e92b21d45e2b09fb12daef169fb214a7acd;p=timetracker.git diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php index 7082e6bc..6a2142b5 100644 --- a/WEB-INF/lib/ttRegistrator.class.php +++ b/WEB-INF/lib/ttRegistrator.class.php @@ -62,7 +62,7 @@ class ttRegistrator { global $i18n; if (!ttValidString($this->group_name, true)) - $this->err->add($i18n->get('error.field'), $i18n->get('label.team_name')); + $this->err->add($i18n->get('error.field'), $i18n->get('label.group_name')); if (!ttValidString($this->currency, true)) $this->err->add($i18n->get('error.field'), $i18n->get('label.currency')); if (!ttValidString($this->user_name)) @@ -85,6 +85,12 @@ class ttRegistrator { global $i18n; + // Protection fom too many recent bot registrations from user IP. + if ($this->registeredRecently()) { + $this->err->add($i18n->get('error.access_denied')); + return false; + } + import('ttUserHelper'); if (ttUserHelper::getUserByLogin($this->login)) { // User login already exists. @@ -129,11 +135,11 @@ class ttRegistrator { $created = 'now()'; $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); - $sql = "insert into tt_teams (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)"; + $sql = "insert into tt_groups (name, currency, lang, created, created_ip) values($name, $currency, $lang, $created, $created_ip)"; $affected = $mdb2->exec($sql); if (!is_a($affected, 'PEAR_Error')) { - $group_id = $mdb2->lastInsertID('tt_teams', 'id'); + $group_id = $mdb2->lastInsertID('tt_groups', 'id'); return $group_id; } return false; @@ -151,7 +157,7 @@ class ttRegistrator { $created_ip = $mdb2->quote($_SERVER['REMOTE_ADDR']); $values = "values($login, $password, $name, $this->group_id, $this->role_id, $email, $created, $created_ip)"; - $sql = 'insert into tt_users (login, password, name, team_id, role_id, email, created, created_ip) '.$values; + $sql = 'insert into tt_users (login, password, name, group_id, role_id, email, created, created_ip) '.$values; $affected = $mdb2->exec($sql); if (!is_a($affected, 'PEAR_Error')) { $user_id = $mdb2->lastInsertID('tt_users', 'id'); @@ -168,7 +174,7 @@ class ttRegistrator { $mdb2 = getConnection(); // Update group. - $sql = "update tt_teams set created_by = $user_id where id = $this->group_id"; + $sql = "update tt_groups set created_by = $user_id where id = $this->group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) { $this->err->add($i18n->get('error.db')); @@ -176,7 +182,7 @@ class ttRegistrator { } // Update top manager. - $sql = "update tt_users set created_by = $user_id where id = $user_id and team_id = $this->group_id"; + $sql = "update tt_users set created_by = $user_id where id = $user_id and group_id = $this->group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) { $this->err->add($i18n->get('error.db')); @@ -185,4 +191,22 @@ class ttRegistrator { return true; } + + // registeredRecently determines if we already have a successful recent registration from user IP. + // "recent" means "within the last minute" and is set in a query by the following condition: + // "and created > now() - interval 1 minute". Change if necessary. + function registeredRecently() { + $mdb2 = getConnection(); + + $ip_part = ' created_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']); + $sql = 'select created from tt_groups where '.$ip_part.' and created > now() - interval 1 minute'; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) + return false; + $val = $res->fetchRow(); + if ($val) + return true; + + return false; + } }