block connection/friend request spam

1 files changed, 23 insertions, 6 deletions

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 9c8064db5..6cefdd28e 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -217,17 +217,34 @@ function dfrn_request_post(&$a) {
 		return;
 	}
 
-	$nickname = $a->profile['nickname'];
-	$notify_flags = $a->profile['notify-flags'];
-	$uid = $a->profile['uid'];
-
+	$nickname       = $a->profile['nickname'];
+	$notify_flags   = $a->profile['notify-flags'];
+	$uid            = $a->profile['uid'];
+	$maxreq         = intval($a->profile['maxreq']);
 	$contact_record = null;
-	$failed = false;
-	$parms = null;
+	$failed         = false;
+	$parms          = null;
 
 
 	if( x($_POST,'dfrn_url')) {
 
+		/**
+		 * Block friend request spam
+		 */
+
+		if($maxreq) {
+			$r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
+				dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
+				intval($uid)
+			);
+			if(count($r) > $maxreq) {
+				notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL);
+				notice( t('Spam protection measures have been invoked.') . EOL);
+				notice( t('Friends are advised to please try again in 24 hours.') . EOL);
+				return;
+			} 
+		}
+
 		$url = trim($_POST['dfrn_url']);
 		if(! strlen($url)) {
 			notice( t("Invalid locator") . EOL );