block connection/friend request spam

2 files changed, 28 insertions, 7 deletions

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 9c8064db5..6cefdd28e 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -217,17 +217,34 @@ function dfrn_request_post(&$a) {
 		return;
 	}
 
-	$nickname = $a->profile['nickname'];
-	$notify_flags = $a->profile['notify-flags'];
-	$uid = $a->profile['uid'];
-
+	$nickname       = $a->profile['nickname'];
+	$notify_flags   = $a->profile['notify-flags'];
+	$uid            = $a->profile['uid'];
+	$maxreq         = intval($a->profile['maxreq']);
 	$contact_record = null;
-	$failed = false;
-	$parms = null;
+	$failed         = false;
+	$parms          = null;
 
 
 	if( x($_POST,'dfrn_url')) {
 
+		/**
+		 * Block friend request spam
+		 */
+
+		if($maxreq) {
+			$r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
+				dbesc(datetime_convert('UTC','UTC','now - 24 hours')),
+				intval($uid)
+			);
+			if(count($r) > $maxreq) {
+				notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL);
+				notice( t('Spam protection measures have been invoked.') . EOL);
+				notice( t('Friends are advised to please try again in 24 hours.') . EOL);
+				return;
+			} 
+		}
+
 		$url = trim($_POST['dfrn_url']);
 		if(! strlen($url)) {
 			notice( t("Invalid locator") . EOL );
diff --git a/mod/settings.php b/mod/settings.php
index a8e02ea40..b86ff4c1c 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -53,6 +53,7 @@ function settings_post(&$a) {
 	$timezone         = ((x($_POST,'timezone'))   ? notags(trim($_POST['timezone']))     : '');
 	$defloc           = ((x($_POST,'defloc'))     ? notags(trim($_POST['defloc']))       : '');
 	$openid           = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url']))   : '');
+	$maxreq           = ((x($_POST,'maxreq'))     ? intval($_POST['maxreq'])             : 0);
 
 	$allow_location   = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
 	$publish          = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0);
@@ -105,7 +106,7 @@ function settings_post(&$a) {
 	$str_group_deny    = perms2str($_POST['group_deny']);
 	$str_contact_deny  = perms2str($_POST['contact_deny']);
 
-	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s'  WHERE `uid` = %d LIMIT 1",
+	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d  WHERE `uid` = %d LIMIT 1",
 			dbesc($username),
 			dbesc($email),
 			dbesc($openid),
@@ -119,6 +120,7 @@ function settings_post(&$a) {
 			dbesc($defloc),
 			intval($allow_location),
 			dbesc($theme),
+			intval($maxreq),
 			intval(local_user())
 	);
 	if($r)
@@ -179,6 +181,7 @@ function settings_content(&$a) {
 	$notify   = $a->user['notify-flags'];
 	$defloc   = $a->user['default-location'];
 	$openid   = $a->user['openid'];
+	$maxreq   = $a->user['maxreq'];
 
 	if(! strlen($a->user['timezone']))
 		$timezone = date_default_timezone_get();
@@ -290,6 +293,7 @@ function settings_content(&$a) {
 		'$sel_notify3' => (($notify & NOTIFY_WALL)    ? ' checked="checked" ' : ''),
 		'$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''),
 		'$sel_notify5' => (($notify & NOTIFY_MAIL)    ? ' checked="checked" ' : ''),
+		'$maxreq' => $maxreq,
 		'$theme' => $theme_selector,
 		'$pagetype' => $pagetype
 	));