diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/dfrn_request.php | 29 | ||||
-rw-r--r-- | mod/settings.php | 6 |
2 files changed, 28 insertions, 7 deletions
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 9c8064db5..6cefdd28e 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -217,17 +217,34 @@ function dfrn_request_post(&$a) { return; } - $nickname = $a->profile['nickname']; - $notify_flags = $a->profile['notify-flags']; - $uid = $a->profile['uid']; - + $nickname = $a->profile['nickname']; + $notify_flags = $a->profile['notify-flags']; + $uid = $a->profile['uid']; + $maxreq = intval($a->profile['maxreq']); $contact_record = null; - $failed = false; - $parms = null; + $failed = false; + $parms = null; if( x($_POST,'dfrn_url')) { + /** + * Block friend request spam + */ + + if($maxreq) { + $r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d", + dbesc(datetime_convert('UTC','UTC','now - 24 hours')), + intval($uid) + ); + if(count($r) > $maxreq) { + notice( $a->profile['name'] . t(' has received too many connection requests today.') . EOL); + notice( t('Spam protection measures have been invoked.') . EOL); + notice( t('Friends are advised to please try again in 24 hours.') . EOL); + return; + } + } + $url = trim($_POST['dfrn_url']); if(! strlen($url)) { notice( t("Invalid locator") . EOL ); diff --git a/mod/settings.php b/mod/settings.php index a8e02ea40..b86ff4c1c 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -53,6 +53,7 @@ function settings_post(&$a) { $timezone = ((x($_POST,'timezone')) ? notags(trim($_POST['timezone'])) : ''); $defloc = ((x($_POST,'defloc')) ? notags(trim($_POST['defloc'])) : ''); $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); + $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $allow_location = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0); $publish = (((x($_POST,'profile_in_directory')) && (intval($_POST['profile_in_directory']) == 1)) ? 1: 0); @@ -105,7 +106,7 @@ function settings_post(&$a) { $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s' WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), @@ -119,6 +120,7 @@ function settings_post(&$a) { dbesc($defloc), intval($allow_location), dbesc($theme), + intval($maxreq), intval(local_user()) ); if($r) @@ -179,6 +181,7 @@ function settings_content(&$a) { $notify = $a->user['notify-flags']; $defloc = $a->user['default-location']; $openid = $a->user['openid']; + $maxreq = $a->user['maxreq']; if(! strlen($a->user['timezone'])) $timezone = date_default_timezone_get(); @@ -290,6 +293,7 @@ function settings_content(&$a) { '$sel_notify3' => (($notify & NOTIFY_WALL) ? ' checked="checked" ' : ''), '$sel_notify4' => (($notify & NOTIFY_COMMENT) ? ' checked="checked" ' : ''), '$sel_notify5' => (($notify & NOTIFY_MAIL) ? ' checked="checked" ' : ''), + '$maxreq' => $maxreq, '$theme' => $theme_selector, '$pagetype' => $pagetype )); |