aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2010-12-20 00:27:00 -0800
committerFriendika <info@friendika.com>2010-12-20 00:27:00 -0800
commit878067101f09b20014fab4c7f1265656528575d8 (patch)
tree4362be3bf61a16acbf76b6a98c65520fd2ef9c09
parent2632c2313069ff418737ecf0f8f6885f02d3e5b1 (diff)
downloadvolse-hubzilla-878067101f09b20014fab4c7f1265656528575d8.tar.gz
volse-hubzilla-878067101f09b20014fab4c7f1265656528575d8.tar.bz2
volse-hubzilla-878067101f09b20014fab4c7f1265656528575d8.zip
block connection/friend request spam
-rw-r--r--boot.php2
-rw-r--r--database.sql1
-rw-r--r--mod/dfrn_request.php29
-rw-r--r--mod/settings.php6
-rw-r--r--update.php4
-rw-r--r--view/en/settings.tpl12
-rw-r--r--view/theme/default/style.css8
7 files changed, 53 insertions, 9 deletions
diff --git a/boot.php b/boot.php
index 329165ef8..9f6f88d68 100644
--- a/boot.php
+++ b/boot.php
@@ -2,7 +2,7 @@
set_time_limit(0);
-define ( 'BUILD_ID', 1025 );
+define ( 'BUILD_ID', 1026 );
define ( 'DFRN_PROTOCOL_VERSION', '2.0' );
define ( 'EOL', "<br />\r\n" );
diff --git a/database.sql b/database.sql
index 30edf4189..10bb417ac 100644
--- a/database.sql
+++ b/database.sql
@@ -372,6 +372,7 @@ CREATE TABLE IF NOT EXISTS `user` (
`notify-flags` int(11) unsigned NOT NULL DEFAULT '65535',
`page-flags` int(11) unsigned NOT NULL DEFAULT '0',
`pwdreset` char(255) NOT NULL,
+ `maxreq` int(11) NOT NULL DEFAULT '10',
`allow_cid` mediumtext NOT NULL,
`allow_gid` mediumtext NOT NULL,
`deny_cid` mediumtext NOT NULL,
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 9c8064db5..6cefdd28e 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -217,17 +217,34 @@ function dfrn_request_post(&$a) {
return;
}
- $nickname = $a->profile['nickname'];
- $notify_flags = $a->profile['notify-flags'];
- $uid = $a->profile['uid'];
-
+ $nickname = $a->profile['nickname'];
+ $notify_flags = $a->profile['notify-flags'];
+ $uid = $a->profile['uid'];
+ $maxreq = intval($a->profile['maxreq']);
$contact_record = null;
- $failed = false;
- $parms = null;
+ $failed = false;
+ $parms = null;
if( x($_POST,'dfrn_url')) {
+ /**
+ * Block friend request spam
+ */
+
+ if($maxreq) {
+ $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
+ dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
+ intval($uid)
+ );
+ if(count($r) > $maxreq) {
+ notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL);
+ notice( t('Spam protection measures have been invoked.') . EOL);
+ notice( t('Friends are advised to please try again in 24 hours.') . EOL);
+ return;
+ }
+ }
+
$url = trim($_POST['dfrn_url']);
if(! strlen($url)) {
notice( t("Invalid locator") . EOL );
diff --git a/mod/settings.php b/mod/settings.php
index a8e02ea40..b86ff4c1c 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -53,6 +53,7 @@ function settings_post(&$a) {
$timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : '');
$defloc = ((x($_POST,'defloc')) ? notags(trim($_POST['defloc'])) : '');
$openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
+ $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0);
$allow_location = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
$publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
@@ -105,7 +106,7 @@ function settings_post(&$a) {
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
- $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s' WHERE `uid` = %d LIMIT 1",
+ $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d WHERE `uid` = %d LIMIT 1",
dbesc($username),
dbesc($email),
dbesc($openid),
@@ -119,6 +120,7 @@ function settings_post(&$a) {
dbesc($defloc),
intval($allow_location),
dbesc($theme),
+ intval($maxreq),
intval(local_user())
);
if($r)
@@ -179,6 +181,7 @@ function settings_content(&$a) {
$notify = $a->user['notify-flags'];
$defloc = $a->user['default-location'];
$openid = $a->user['openid'];
+ $maxreq = $a->user['maxreq'];
if(! strlen($a->user['timezone']))
$timezone = date_default_timezone_get();
@@ -290,6 +293,7 @@ function settings_content(&$a) {
'$sel_notify3' => (($notify & NOTIFY_WALL) ? ' checked="checked" ' : ''),
'$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''),
'$sel_notify5' => (($notify & NOTIFY_MAIL) ? ' checked="checked" ' : ''),
+ '$maxreq' => $maxreq,
'$theme' => $theme_selector,
'$pagetype' => $pagetype
));
diff --git a/update.php b/update.php
index 382c83e5a..5b4d99603 100644
--- a/update.php
+++ b/update.php
@@ -247,3 +247,7 @@ function update_1024() {
q("ALTER TABLE `profile` ADD `keywords` TEXT NOT NULL AFTER `religion` ");
}
+function update_1025() {
+ q("ALTER TABLE `user` ADD `maxreq` int(11) NOT NULL DEFAULT '10' AFTER `pwdreset` ");
+}
+
diff --git a/view/en/settings.tpl b/view/en/settings.tpl
index 095dd70a4..a02e8ec08 100644
--- a/view/en/settings.tpl
+++ b/view/en/settings.tpl
@@ -59,10 +59,22 @@ $theme
<input type="hidden" name="visibility" value="$visibility" />
+<div id="settings-maxreq-wrapper">
+<label id="settings-maxreq-label" for="settings-maxreq" >Maximum Friend Requests/Day</label>
+<input id="settings-maxreq" name="maxreq" value="$maxreq" />
+<div id="settings-maxreq-desc">(to prevent spam abuse)</div>
+</div>
+<div id="settings-maxreq-end"></div>
+
+
+
+
$profile_in_dir
$profile_in_net_dir
+
+
<div id="settings-default-perms" class="settings-default-perms" >
<div id="settings-default-perms-menu" class="fakelink" onClick="openClose('settings-default-perms-select');" >$permissions</div>
<div id="settings-default-perms-menu-end"></div>
diff --git a/view/theme/default/style.css b/view/theme/default/style.css
index 627915e64..8ad6ee593 100644
--- a/view/theme/default/style.css
+++ b/view/theme/default/style.css
@@ -496,6 +496,7 @@ input#dfrn-url {
#settings-password-end,
#settings-confirm-end,
#settings-openid-end,
+#settings-maxreq-end,
#notify1-end,
#notify2-end,
#notify3-end,
@@ -515,6 +516,7 @@ input#dfrn-url {
#settings-password-label,
#settings-confirm-label,
#settings-openid-label,
+#settings-maxreq-label,
#settings-label-notify1,
#settings-label-notify2,
#settings-label-notify3,
@@ -533,6 +535,7 @@ input#dfrn-url {
#theme-select,
#settings-password,
#settings-confirm,
+#settings-maxreq,
#notify1,
#notify2,
#notify3,
@@ -548,7 +551,10 @@ input#dfrn-url {
width: 127px;
}
-
+#settings-maxreq-desc {
+ float: left;
+ margin-left: 20px;
+}
#settings-theme-label,
#settings-defloc-label {